forked from univention/univention-corporate-server
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
191 lines (179 loc) · 4.82 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
stages:
- prepare
- build
workflow:
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event" && $CI_OPEN_MERGE_REQUESTS
- if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_PROTECTED == "true"
- if: $CI_PIPELINE_SOURCE == "web"
- if: $CI_PIPELINE_SOURCE == "webide"
include:
- project: univention/dist/docker-services
file: kaniko.yml
- local: '/.gitlab-ci/base.yml'
- project: univention/dist/docker-services
file: pre-commit.yml
variables:
pipeline:
value: ""
description: "Skip or force jobs: '(skip|force)-(doc|ucslint|build)'"
BUILD: docker-registry.knut.univention.de/knut/deb-builder
pre-commit:
stage: prepare
extends: .pre-commit
generate-config:
stage: prepare
image:
name: $BUILD
entrypoint: [""]
script:
- .gitlab-ci/build-ci
- >
deb-builder
--yaml .gitlab-ci/base.yml
--yaml .gitlab-ci/base-deb.yml
--out generated-config-deb.yml
--skip src:python-notifier
*/*/debian/control
artifacts:
paths:
- generated-config-doc.yml
- generated-config-deb.yml
prepare aptly:
stage: prepare
interruptible: false
image:
name: $BUILD
entrypoint: [""]
script:
- "$CI_PROJECT_DIR/.gitlab-ci/aptly-create || :"
- $CI_PROJECT_DIR/.gitlab-ci/aptly-publish
environment:
name: $CI_COMMIT_REF_NAME
url: $APT/$CI_COMMIT_REF_SLUG/
on_stop: drop aptly
auto_stop_in: 6 month
drop aptly:
stage: prepare
interruptible: false
variables:
GIT_STRATEGY: none
image: ${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/curlimages/curl
script:
- "curl --silent --show-error -X DELETE $APTLY/publish/$CI_COMMIT_REF_SLUG/git || :"
- "curl --silent --show-error -X DELETE $APTLY/repos/$CI_COMMIT_REF_SLUG || :"
rules:
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
when: never
- if: $CI_COMMIT_REF_PROTECTED
when: never
environment:
name: $CI_COMMIT_REF_NAME
action: stop
build ucslint:
stage: prepare
extends: .kaniko
variables:
KANIKO_BUILD_CONTEXT: packaging/ucslint
KANIKO_ARGS: --build-arg ucs=$ucs --cache=true
rules:
- changes:
- packaging/ucslint/**/*
select ucslint:
stage: prepare
needs:
- job: build ucslint
optional: true
script:
- echo "UCSLINT=${IMAGE_TAG:-$CI_REGISTRY_IMAGE:latest}" | tee .env
artifacts:
reports:
dotenv: .env
doc-pipeline:
stage: build
rules:
- if: "$CI_COMMIT_MESSAGE =~ /skip-doc/ || $pipeline =~ /skip-doc/"
when: never
- if: "$CI_COMMIT_MESSAGE =~ /force-doc/ || $pipeline =~ /force-doc/"
- changes:
- "doc/[^e]*/**/*"
- "doc/e[^r]*/**/*"
- "doc/er[^r]*/**/*"
- "doc/err[^a]*/**/*"
- "doc/erra[^t]*/**/*"
- "doc/errat[^a]*/**/*"
- "doc/errata?*/**/*"
needs:
- job: generate-config
trigger:
include:
- artifact: generated-config-doc.yml
job: generate-config
strategy: depend
forward:
pipeline_variables: true
deb-pipeline:
stage: build
rules:
- if: "$CI_COMMIT_MESSAGE =~ /skip-build/ || $pipeline =~ /skip-build/"
when: never
- if: "$CI_COMMIT_MESSAGE =~ /force-ucslint/ || $pipeline =~ /force-ucslint/"
- if: "$CI_COMMIT_MESSAGE =~ /force-build/ || $pipeline =~ /force-build/"
- changes:
- "[^dt.]*/*/**/*"
- "d[^o]*/*/**/*"
- "do[^c]*/*/**/*"
- "doc?*/*/**/*"
- "t[^e]*/*/**/*"
- "te[^s]*/*/**/*"
- "tes[^t]*/*/**/*"
- "test?*/*/**/*"
- "test/generate-appliance/**/*"
- "test/ucs-test/**/*"
- "test/ucs-test-tools/**/*"
- "test/univention-demo-configuration/**/*"
needs:
- job: generate-config
- job: prepare aptly
- job: select ucslint
variables:
UCSLINT: $UCSLINT
trigger:
include:
- artifact: generated-config-deb.yml
job: generate-config
strategy: depend
forward:
pipeline_variables: true
errata validation:
stage: prepare
tags:
- omar
resource_group: omar
rules:
- changes:
- doc/errata/staging/*.yaml
needs: []
variables:
VAULT_AUTH_ROLE: ucs-production
secrets:
BUGZILLA_CFG:
vault:
engine:
name: kv-v2
path: secret
path: dist/repo-ng/production/bugzilla
field: cfg
script:
- set -- doc/errata/staging/[!0]*.yaml && [ $# -ge 1 ] && [ -f "$1" ] || exit 0
- check_errata_for_release --html=errata.html --mail=errata.txt "$@" || [ $? -eq 10 ]
- for y in "$@"; do /usr/sbin/announce_errata --validate-xml="$(basename "$y" .yaml).xml" $("${CI_COMMIT_REF_PROTECTED:-false}" && echo -BB || echo -B --ignore-validate changes --ignore-validate fix --ignore-validate bug) -V "$y" || true; done
artifacts:
paths:
- errata.html
- errata.txt
expire_in: 1 week
expose_as: 'Errata Validation'
name: 'errata-validation'
reports:
junit: "*.xml"