-
Notifications
You must be signed in to change notification settings - Fork 1
/
.gitlab-ci.yml
148 lines (139 loc) · 6.19 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
image: docker:20
variables:
# Prevent normal checkout for semantic-release
GIT_STRATEGY: none
# using "docker" as the host is only possible if you alias the service below
DOCKER_HOST: tcp://docker:2375
# could be wrong here but although Docker defaults to overlay2,
# Docker-in-Docker (DIND) does not according to the following GitLab doc:
# https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-the-overlayfs-driver
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
REG_SHA256: ade837fc5224acd8c34732bf54a94f579b47851cc6a7fd5899a98386b782e228
REG_VERSION: 0.16.1
GL_TOKEN: $GL_TOKEN
GH_TOKEN: $GH_TOKEN
SSH_PRIVATE_KEY: $SSH_PRIVATE_KEY
services:
- name: docker:20-dind
alias: docker
# in our experience although you'd assume this would be sufficient, this did
# nothing to prevent connection errors without `DOCKER_TLS_CERTDIR` being set
# to an empty string, and I would call that beyond mildly infuriating.
command: ["--tls=false", "--mtu=1450"]
before_script:
# system dependencies to build external package that are required by wheel
- apk add --no-cache make gcc gfortran build-base wget freetype-dev libpng-dev openblas-dev
# install and setup git
- apk add --no-cache bash git
# clone the repo to make sure new commits are part of the history to push to github
- git clone "$CI_REPOSITORY_URL" .
- git checkout $CI_COMMIT_REF_NAME
# install Node.js/npm and semantic release packages
- apk add --no-cache nodejs npm
- npm i [email protected] [email protected] @semantic-release/[email protected] @google/[email protected] @semantic-release/[email protected] @semantic-release/[email protected] -D
# install python environment with wheel and twine
- apk add --no-cache python3 python3-dev py3-pip
- pip install --upgrade pip
- pip install wheel twine
# install pre-built numpy and pandas packages, otherwise they take ages to build
- echo "@testing http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories
- apk add --update --no-cache py3-numpy py3-pandas@testing
# install script to delete container from gitlab container registry
# from https://docs.gitlab.com/ee/user/packages/container_registry/delete_container_registry_images.html#use-gitlab-cicd
- apk add --no-cache curl
- curl --fail --show-error --location "https://github.com/genuinetools/reg/releases/download/v$REG_VERSION/reg-linux-amd64" --output ./reg
- echo "$REG_SHA256 ./reg" | sha256sum -c -
- chmod a+x ./reg
# install additional dependencies required by codecov uploader
- apk add --no-cache gnupg coreutils
# login the gitlab container registry
- echo $CI_REGISTRY_PASSWORD | docker login $CI_REGISTRY -u $CI_REGISTRY_USER --password-stdin
# install ssh-agent if not already installed, it is required by Docker
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
# run ssh-agent (inside the build environment)
- eval $(ssh-agent -s)
# create the SSH directory and give it the right permissions
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
# give the right permissions, otherwise ssh-add will refuse to add files
- echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_gitlab_rsa
- chmod 400 ~/.ssh/id_gitlab_rsa
# add the SSH key stored in SSH_PRIVATE_KEY file type CI/CD variable to the agent store
- ssh-add ~/.ssh/id_gitlab_rsa
# add github to the list of known host
- ssh-keyscan -H github.com >> ~/.ssh/known_hosts
stages:
- test-python-install
- build
- test
- clean
- semantic-release
- deploy-release
test:
stage: test
needs: ["build"]
script:
# Run tests
- make test TAG=$(python get_version.py)-dev.${CI_COMMIT_REF_NAME}
# Download codecov uploader with integrity check
# - curl https://keybase.io/codecovsecurity/pgp_keys.asc | gpg --no-default-keyring --keyring trustedkeys.gpg --import
- curl -Os https://uploader.codecov.io/latest/alpine/codecov
# - curl -Os https://uploader.codecov.io/latest/alpine/codecov.SHA256SUM
# - curl -Os https://uploader.codecov.io/latest/alpine/codecov.SHA256SUM.sig
# - gpgv codecov.SHA256SUM.sig codecov.SHA256SUM
- chmod +x codecov
# Upload the coverage report to codecov
- ./codecov -t ${CODECOV_TOKEN} --file test/report/cov.xml
# artifacts:
# reports:
# coverage_report:
# coverage_format: cobertura
# path: test/report/cov.xml
test-python-install:
stage: test-python-install
script:
- make test-python-install
interruptible: true
build:
stage: build
needs: ["test-python-install"]
script:
- make build-docker TAG=$(python get_version.py)-dev.${CI_COMMIT_REF_NAME}
- make push-docker-ci TAG=$(python get_version.py)-dev.${CI_COMMIT_REF_NAME}
clean:
stage: clean
needs: ["test"]
script:
- make rm-docker-ci TAG=$(python get_version.py)-dev.${CI_COMMIT_REF_NAME}
semantic-release:
stage: semantic-release
needs: ["test"]
rules:
# Only run on commits not generated by semantic-release and with no tag on the master and dev branches
- if: '$CI_COMMIT_REF_NAME == "master"'
- if: '$CI_COMMIT_REF_NAME == "dev"'
script:
# from https://stackoverflow.com/questions/66047044/deleted-tags-are-present-in-gitlab-ci
# - git tag --delete $(git tag) # delete all local tags
# - git fetch --tags origin
- GL_TOKEN=$GL_TOKEN npx semantic-release
deploy-release:
stage: deploy-release
needs: ["semantic-release"]
rules:
# Only run by commits with prerelease and release tags generated by semantic-release
- if: '$CI_COMMIT_REF_NAME == "master"'
- if: '$CI_COMMIT_REF_NAME == "dev"'
script:
# Add our Github remote repository with ssh
- git remote add github_origin [email protected]:HIP-infrastructure/datahipy.git
# Push commits created by semantic-release for version change and changelog
- git fetch origin $CI_COMMIT_REF_NAME
- git checkout $CI_COMMIT_REF_NAME
- git push github_origin $CI_COMMIT_REF_NAME
# Push the new tag created by semantic-release
- git push --tags github_origin $CI_COMMIT_REF_NAME
# Build the Docker image with prerelease/release version tag
- make build-docker TAG=$(python get_version.py)
- make push-docker-ci TAG=$(python get_version.py)