python-blog/.gitlab-ci.yml

stages:
  - build
  - test
  - publish
  - deploy

variables:
  # Can't compose variables with user-defined ones, so we repeat ourselves :'(
  # See https://gitlab.com/gitlab-org/gitlab-runner/-/issues/1809
  IMAGE_REGISTRY: rg.fr-par.scw.cloud/crocmagnon
  IMAGE_TESTS: $CI_REGISTRY_IMAGE:tests-latest
  IMAGE_DEPS_TESTS: $CI_REGISTRY_IMAGE:tests-deps
  IMAGE_LATEST: $CI_REGISTRY_IMAGE:latest
  IMAGE_DEPS_LATEST: $CI_REGISTRY_IMAGE:deps
  IMAGE_LATEST_PUBLIC: rg.fr-par.scw.cloud/crocmagnon/blog:latest

  PRE_COMMIT_IMAGE: rg.fr-par.scw.cloud/crocmagnon/pre-commit:latest

.build: &build
  image: docker:20.10.1
  services:
    - docker:20.10.1-dind
  script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    - docker login -u $REGISTRY_USER -p $REGISTRY_PASSWORD $IMAGE_REGISTRY
    - docker pull $IMAGE || true
    - docker pull $DEPS || true
    # Build this first stage separately so that we can cache it
    - docker build --pull --build-arg POETRY_OPTIONS --target venv --cache-from $DEPS -t $DEPS .
    # Build the final image. The "cache from" deps is necessary to take advantage of the intermediate image cache.
    # See https://stackoverflow.com/a/52649913/2758732 and https://github.com/moby/moby/issues/34715
    - docker build --pull --build-arg POETRY_OPTIONS --cache-from $IMAGE --cache-from $DEPS -t $IMAGE .
    - docker push $IMAGE
    - docker push $DEPS

build for tests:
  <<: *build
  stage: build
  variables:
    POETRY_OPTIONS: ""
  before_script:
    - export IMAGE=$IMAGE_TESTS
    - export DEPS=$IMAGE_DEPS_TESTS

build latest:
  <<: *build
  stage: build
  variables:
    POETRY_OPTIONS: "--no-dev"
  before_script:
    - export IMAGE=$IMAGE_LATEST
    - export DEPS=$IMAGE_DEPS_LATEST
  only:
    - master

.tests: &tests
  stage: test
  image: $IMAGE_TESTS
  needs:
    - build for tests

unit tests:
  <<: *tests
  script:
    - cd /app
    - python -m pytest

pre-commit:
  stage: test
  image: $PRE_COMMIT_IMAGE
  script:
    - pre-commit run --all-files --color always --show-diff-on-failure
  needs: []

missing migrations:
  <<: *tests
  script:
    - cd /app
    - python manage.py makemigrations --check

publish latest:
  stage: publish
  image: docker:20.10.1
  services:
    - docker:20.10.1-dind
  before_script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    - docker login -u $REGISTRY_USER -p $REGISTRY_PASSWORD $IMAGE_REGISTRY
  script:
    - docker pull $IMAGE_LATEST
    - docker tag $IMAGE_LATEST $IMAGE_LATEST_PUBLIC
    - docker push $IMAGE_LATEST_PUBLIC
  only:
    - master

deploy:
  stage: deploy
  image: ubuntu
  before_script:
    - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y --no-install-recommends )'
    - eval $(ssh-agent -s)
    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - echo "$SSH_CONFIG" > ~/.ssh/config
    - chmod 644 ~/.ssh/config
    - echo "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
    - chmod 644 ~/.ssh/known_hosts
  script:
    - ssh blog "/home/gaugendre/blog/update"
  only:
    - master