96 lines
2.7 KiB
YAML
96 lines
2.7 KiB
YAML
stages:
|
|
- build
|
|
- security
|
|
- ops
|
|
- deploy
|
|
|
|
before_script:
|
|
- set -e
|
|
- set -u
|
|
- set -o pipefail
|
|
|
|
build:
|
|
stage: build
|
|
image: mcr.microsoft.com/dotnet/core/sdk:2.2
|
|
artifacts:
|
|
expire_in: 1h
|
|
paths:
|
|
- Geekbot.net/Binaries/
|
|
script:
|
|
- dotnet restore -s https://api.nuget.org/v3/index.json -s https://www.myget.org/F/discord-net/api/v3/index.json
|
|
- dotnet test Tests
|
|
- dotnet publish --version-suffix ${CI_COMMIT_SHA:0:8} --configuration Release -o Binaries ./
|
|
|
|
sast:
|
|
stage: security
|
|
image: docker:stable
|
|
variables:
|
|
DOCKER_DRIVER: overlay2
|
|
allow_failure: true
|
|
services:
|
|
- docker:stable-dind
|
|
script:
|
|
- export SAST_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')}
|
|
- |
|
|
docker run \
|
|
--env SAST_ANALYZER_IMAGES \
|
|
--env SAST_ANALYZER_IMAGE_PREFIX \
|
|
--env SAST_ANALYZER_IMAGE_TAG \
|
|
--env SAST_DEFAULT_ANALYZERS \
|
|
--env SAST_BRAKEMAN_LEVEL \
|
|
--env SAST_GOSEC_LEVEL \
|
|
--env SAST_FLAWFINDER_LEVEL \
|
|
--env SAST_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \
|
|
--env SAST_PULL_ANALYZER_IMAGE_TIMEOUT \
|
|
--env SAST_RUN_ANALYZER_TIMEOUT \
|
|
--volume "$PWD:/code" \
|
|
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
"registry.gitlab.com/gitlab-org/security-products/sast:$SAST_VERSION" /app/bin/run /code
|
|
dependencies: []
|
|
artifacts:
|
|
reports:
|
|
sast: gl-sast-report.json
|
|
|
|
sentry:
|
|
stage: ops
|
|
image: getsentry/sentry-cli
|
|
only:
|
|
- master
|
|
dependencies:
|
|
- build
|
|
script:
|
|
- sentry-cli releases new -p geekbot 4.1.0-${CI_COMMIT_SHA:0:8}
|
|
- sentry-cli releases set-commits --auto 4.1.0-${CI_COMMIT_SHA:0:8}
|
|
- sentry-cli releases deploys 4.1.0-${CI_COMMIT_SHA:0:8} new -e Production
|
|
|
|
deploy:
|
|
stage: deploy
|
|
image: runebaas/rsync-ssh-git
|
|
only:
|
|
- master
|
|
dependencies:
|
|
- build
|
|
- sentry
|
|
environment:
|
|
name: Production
|
|
url: https://discordapp.com/oauth2/authorize?client_id=171249478546882561&scope=bot&permissions=1416834054
|
|
before_script:
|
|
- eval $(ssh-agent -s)
|
|
- mkdir -p ~/.ssh
|
|
- '[[ -f /.dockerenv ]] && echo -e "Host *\n StrictHostKeyChecking no" > ~/.ssh/config'
|
|
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
|
|
- chmod 700 ~/.ssh
|
|
script:
|
|
- rsync -rav -e "ssh -p 65432" ./Geekbot.net/Binaries/* geekbot@$DEPIP:$DEPPATH
|
|
- ssh -p 65432 geekbot@$DEPIP "sudo systemctl restart geekbot.service"
|
|
|
|
mirror:
|
|
stage: deploy
|
|
image: runebaas/rsync-ssh-git
|
|
only:
|
|
- master
|
|
dependencies:
|
|
- build
|
|
- sentry
|
|
script:
|
|
- git push https://runebaas:$TOKEN@github.com/pizzaandcoffee/Geekbot.net.git origin/master:master -f
|