--- kind: pipeline type: docker name: pre-commit steps: - name: pre-commit image: rg.fr-par.scw.cloud/crocmagnon/pre-commit:latest commands: - pre-commit run --all-files --color always --show-diff-on-failure --- kind: pipeline type: docker name: build test images environment: POETRY_OPTIONS: "" steps: - name: build deps image image: plugins/docker settings: registry: rg.fr-par.scw.cloud/crocmagnon username: { from_secret: registry_username } password: { from_secret: registry_password } cache_from: - rg.fr-par.scw.cloud/crocmagnon/blog:tests-deps repo: rg.fr-par.scw.cloud/crocmagnon/blog tags: tests-deps target: venv build_args_from_env: - POETRY_OPTIONS pull_image: true purge: false storage_driver: overlay2 - name: build tests image image: plugins/docker settings: registry: rg.fr-par.scw.cloud/crocmagnon username: { from_secret: registry_username } password: { from_secret: registry_password } cache_from: - rg.fr-par.scw.cloud/crocmagnon/blog:tests-latest - rg.fr-par.scw.cloud/crocmagnon/blog:tests-deps repo: rg.fr-par.scw.cloud/crocmagnon/blog tags: tests-latest build_args_from_env: - POETRY_OPTIONS pull_image: true purge: false storage_driver: overlay2 --- kind: pipeline type: docker name: build prod images environment: POETRY_OPTIONS: "--no-dev" steps: - name: build deps image image: plugins/docker settings: registry: rg.fr-par.scw.cloud/crocmagnon username: { from_secret: registry_username } password: { from_secret: registry_password } cache_from: - rg.fr-par.scw.cloud/crocmagnon/blog:deps repo: rg.fr-par.scw.cloud/crocmagnon/blog tags: deps build_args_from_env: - POETRY_OPTIONS target: venv pull_image: true purge: false storage_driver: overlay2 when: branch: - master - name: build temp prod image image: plugins/docker settings: registry: rg.fr-par.scw.cloud/crocmagnon username: { from_secret: registry_username } password: { from_secret: registry_password } cache_from: - rg.fr-par.scw.cloud/crocmagnon/blog:latest-temp - rg.fr-par.scw.cloud/crocmagnon/blog:deps repo: rg.fr-par.scw.cloud/crocmagnon/blog tags: latest-temp build_args_from_env: - POETRY_OPTIONS pull_image: true purge: false storage_driver: overlay2 when: branch: - master --- kind: pipeline type: docker name: unit tests depends_on: - build test images steps: - name: unit tests image: rg.fr-par.scw.cloud/crocmagnon/blog:tests-latest commands: - cd /app - python -m pytest --- kind: pipeline type: docker name: missing migration depends_on: - build test images steps: - name: missing migration image: rg.fr-par.scw.cloud/crocmagnon/blog:tests-latest commands: - cd /app - python manage.py makemigrations --check --- kind: pipeline type: docker name: publish prod image depends_on: - missing migration - unit tests - pre-commit - build prod images steps: - name: retag prod image image: nicolaka/netshoot environment: REGISTRY: rg.fr-par.scw.cloud REGISTRY_USERNAME: { from_secret: registry_username } REGISTRY_PASSWORD: { from_secret: registry_password } CRANE_VERSION: 0.4.0 commands: - wget "https://github.com/google/go-containerregistry/releases/download/v$CRANE_VERSION/go-containerregistry_Linux_x86_64.tar.gz" - tar xzf go-containerregistry_Linux_x86_64.tar.gz - ./crane auth login -u $REGISTRY_USERNAME -p $REGISTRY_PASSWORD $REGISTRY - ./crane tag $REGISTRY/crocmagnon/blog:latest-temp latest when: branch: - master --- kind: pipeline type: docker name: deploy depends_on: - publish prod image steps: - name: deploy image: ubuntu commands: - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y --no-install-recommends )' - eval $(ssh-agent -s) - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - - mkdir -p ~/.ssh - chmod 700 ~/.ssh - echo "$SSH_CONFIG" > ~/.ssh/config - chmod 644 ~/.ssh/config - echo "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts - chmod 644 ~/.ssh/known_hosts - ssh blog "/home/gaugendre/blog/update" environment: SSH_PRIVATE_KEY: from_secret: ssh_private_key SSH_CONFIG: from_secret: ssh_config SSH_KNOWN_HOSTS: from_secret: ssh_known_hosts when: branch: - master