# SPDX-FileCopyrightText: 2022-2023 Sarah Vaupel , Gregor Kleen # # SPDX-License-Identifier: AGPL-3.0-or-later # workflow: # rules: # - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH # - if: $CI_MERGE_REQUEST_ID # - if: $CI_COMMIT_TAG =~ /^v/ # - if: $CI_COMMIT_TAG =~ /^t/ default: image: name: registry.uniworx.de/uniworx/containers/nix-attic:latest variables: NIX_PATH: "nixpkgs=http://nixos.org/channels/nixos-21.05/nixexprs.tar.xz" AWS_SHARED_CREDENTIALS_FILE: "/etc/aws/credentials" TRANSFER_METER_FREQUENCY: "2s" NIX_CONFIG: |- extra-substituters = https://cache.iog.io extra-trusted-public-keys = hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= stages: - frontend:build - backend:build - test - container:build - prepare release - release node dependencies: stage: frontend:build script: - nix -L build -o result ".#uniworxNodeDependencies" - nix-store --export $(nix-store -qR result) | xz -T0 -2 > node-dependencies.nar.xz before_script: &nix-before - git config --global init.defaultBranch master - install -v -m 0700 -d ~/.ssh - install -v -T -m 0644 "${SSH_KNOWN_HOSTS}" ~/.ssh/known_hosts - install -v -T -m 0400 "${SSH_DEPLOY_KEY}" ~/.ssh/deploy && echo "IdentityFile ~/.ssh/deploy" >> ~/.ssh/config; - install -v -T -m 0644 "${FONTAWESOME_NPM_AUTH_FILE}" /etc/fontawesome-token - install -v -T -m 0644 "${NIX_NETRC}" /etc/nix/netrc artifacts: paths: - node-dependencies.nar.xz name: "${CI_JOB_NAME}-${CI_COMMIT_SHORT_SHA}" expire_in: "1 day" retry: 2 interruptible: true well known: stage: frontend:build script: - xzcat node-dependencies.nar.xz | nix-store --import - nix -L build -o result ".#uniworxWellKnown" - nix-store --export $(nix-store -qR result) | xz -T0 -2 > well-known.nar.xz before_script: *nix-before needs: - job: node dependencies artifacts: true artifacts: paths: - well-known.nar.xz name: "${CI_JOB_NAME}-${CI_COMMIT_SHORT_SHA}" expire_in: "1 day" retry: 2 interruptible: true frontend: stage: frontend:build script: - xzcat node-dependencies.nar.xz | nix-store --import - xzcat well-known.nar.xz | nix-store --import - nix -L build -o result ".#uniworxFrontend" - nix-store --export $(nix-store -qR result) | xz -T0 -2 > frontend.nar.xz before_script: *nix-before needs: - job: node dependencies artifacts: true - job: well known artifacts: true artifacts: paths: - frontend.nar.xz name: "${CI_JOB_NAME}-${CI_COMMIT_SHORT_SHA}" expire_in: "1 day" retry: 2 interruptible: true uniworx:lib:uniworx: stage: backend:build script: - xzcat frontend.nar.xz | nix-store --import - nix -L build -o result ".#uniworx:lib:uniworx" - nix-store --export $(nix-store -qR result) | xz -T0 -2 > uniworx:lib:uniworx.nar.xz before_script: *nix-before needs: - job: node dependencies # transitive artifacts: false - job: well known # transitive artifacts: false - job: frontend artifacts: true artifacts: paths: - uniworx:lib:uniworx.nar.xz name: "${CI_JOB_NAME}-${CI_COMMIT_SHORT_SHA}" expire_in: "1 day" retry: 2 interruptible: true uniworx:exe:uniworx: stage: backend:build script: - xzcat uniworx:lib:uniworx.nar.xz | nix-store --import - nix -L build -o result ".#uniworx:exe:uniworx" - nix-store --export $(nix-store -qR result) | xz -T0 -2 > uniworx:exe:uniworx.nar.xz before_script: *nix-before needs: - job: node dependencies # transitive artifacts: false - job: well known # transitive artifacts: false - job: frontend # tranitive artifacts: false - job: uniworx:lib:uniworx artifacts: true artifacts: paths: - uniworx:exe:uniworx.nar.xz name: "${CI_JOB_NAME}-${CI_COMMIT_SHORT_SHA}" expire_in: "1 day" retry: 2 interruptible: true uniworx:exe:uniworxdb: stage: backend:build script: - xzcat uniworx:lib:uniworx.nar.xz | nix-store --import - nix -L build -o result ".#uniworx:exe:uniworxdb" - nix-store --export $(nix-store -qR result) | xz -T0 -2 > uniworx:exe:uniworxdb.nar.xz before_script: *nix-before needs: - job: node dependencies # transitive artifacts: false - job: well known # transitive artifacts: false - job: frontend # tranitive artifacts: false - job: uniworx:lib:uniworx artifacts: true artifacts: paths: - uniworx:exe:uniworxdb.nar.xz name: "${CI_JOB_NAME}-${CI_COMMIT_SHORT_SHA}" expire_in: "1 day" retry: 2 interruptible: true uniworx:exe:uniworxload: stage: backend:build script: - xzcat uniworx:lib:uniworx.nar.xz | nix-store --import - nix -L build -o result ".#uniworx:exe:uniworxload" - nix-store --export $(nix-store -qR result) | xz -T0 -2 > uniworx:exe:uniworxload.nar.xz before_script: *nix-before needs: - job: node dependencies # transitive artifacts: false - job: well known # transitive artifacts: false - job: frontend # tranitive artifacts: false - job: uniworx:lib:uniworx artifacts: true artifacts: paths: - uniworx:exe:uniworxload.nar.xz name: "${CI_JOB_NAME}-${CI_COMMIT_SHORT_SHA}" expire_in: "1 day" retry: 2 interruptible: true check: stage: test script: - xzcat frontend.nar.xz | nix-store --import - xzcat uniworx:lib:uniworx.nar.xz | nix-store --import - nix -L flake check . before_script: *nix-before needs: - job: node dependencies # transitive artifacts: false - job: well known # transitive artifacts: false - job: frontend artifacts: true - job: uniworx:lib:uniworx artifacts: true retry: 2 interruptible: true container: stage: container:build script: - xzcat uniworx:exe:uniworx.nar.xz | nix-store --import - cp -pr --reflink=auto -L $(nix build --print-out-paths ".#uniworxDocker") uniworx.tar.gz before_script: *nix-before needs: - job: node dependencies # transitive artifacts: false - job: well known # transitive artifacts: false - job: frontend # tranitive artifacts: false - job: uniworx:lib:uniworx # transitive artifacts: false - job: uniworx:exe:uniworx artifacts: true - job: check # sanity artifacts: false artifacts: paths: - uniworx.tar.gz name: "${CI_JOB_NAME}-${CI_COMMIT_SHORT_SHA}" expire_in: "1 day" retry: 2 interruptible: true rules: &release-rules - if: $CI_COMMIT_TAG =~ /^v/ test container: stage: container:build script: - xzcat uniworx:exe:uniworx.nar.xz | nix-store --import - cp -pr --reflink=auto -L $(nix build --print-out-paths ".#uniworxTestDocker") uniworx.tar.gz before_script: *nix-before needs: - job: node dependencies # transitive artifacts: false - job: well known # transitive artifacts: false - job: frontend # tranitive artifacts: false - job: uniworx:lib:uniworx # transitive artifacts: false - job: uniworx:exe:uniworx artifacts: true - job: check # sanity artifacts: false artifacts: paths: - uniworx.tar.gz name: "${CI_JOB_NAME}-${CI_COMMIT_SHORT_SHA}" expire_in: "1 day" retry: 2 interruptible: true rules: &test-release-rules - if: $CI_COMMIT_TAG =~ /^t/ parse changelog: stage: prepare release needs: - job: node dependencies artifacts: true rules: *release-rules before_script: *nix-before script: - xzcat node-dependencies.nar.xz | nix-store --import - nix -L run ".#jqChangelogJson" -- -r '.versions[0].version' > .current-version - nix -L run ".#jqChangelogJson" -- -r '.versions[0].body' > .current-changelog.md - echo "VERSION=$(cat .current-version)" >> build.env artifacts: reports: dotenv: build.env paths: - .current-version - .current-changelog.md name: "changelog-${CI_COMMIT_SHORT_SHA}" expire_in: "1 day" retry: 2 interruptible: true parse test changelog: stage: prepare release needs: - job: node dependencies artifacts: true rules: *test-release-rules before_script: *nix-before script: - xzcat node-dependencies.nar.xz | nix-store --import - nix -L run ".#jqChangelogJson" -- -r '.versions[0].version' > .current-version - nix -L run ".#jqChangelogJson" -- -r '.versions[0].body' > .current-changelog.md - echo "VERSION=$(cat .current-version)" >> build.env artifacts: reports: dotenv: build.env paths: - .current-version - .current-changelog.md name: "changelog-${CI_COMMIT_SHORT_SHA}" expire_in: "1 day" retry: 2 interruptible: true upload container: variables: GIT_STRATEGY: none stage: release image: quay.io/skopeo/stable:latest script: - skopeo --insecure-policy copy --dest-creds "${CI_REGISTRY_USER}:${CI_JOB_TOKEN}" docker-archive://$(pwd)/uniworx.tar.gz docker://${CI_REGISTRY_IMAGE}:${VERSION} - skopeo --insecure-policy copy --src-creds "${CI_REGISTRY_USER}:${CI_JOB_TOKEN}" --dest-creds "${CI_REGISTRY_USER}:${CI_JOB_TOKEN}" docker://${CI_REGISTRY_IMAGE}:${VERSION} docker://${CI_REGISTRY_IMAGE}:latest needs: - job: node dependencies # transitive artifacts: false - job: well known # transitive artifacts: false - job: frontend # tranitive artifacts: false - job: uniworx:lib:uniworx # transitive artifacts: false - job: uniworx:exe:uniworx # transitive artifacts: false - job: container artifacts: true - job: parse changelog artifacts: true - job: check # sanity artifacts: false rules: *release-rules retry: 2 upload test container: variables: GIT_STRATEGY: none stage: release image: quay.io/skopeo/stable:latest script: - skopeo --insecure-policy copy --dest-creds "${CI_REGISTRY_USER}:${CI_JOB_TOKEN}" docker-archive://$(pwd)/uniworx.tar.gz docker://${CI_REGISTRY}/fradrive/fradrive/test:${CI_COMMIT_REF_NAME} - skopeo --insecure-policy copy --src-creds "${CI_REGISTRY_USER}:${CI_JOB_TOKEN}" --dest-creds "${CI_REGISTRY_USER}:${CI_JOB_TOKEN}" docker://${CI_REGISTRY}/fradrive/fradrive/test:${CI_COMMIT_REF_NAME} docker://${CI_REGISTRY}/fradrive/fradrive/test:latest needs: - job: node dependencies # transitive artifacts: false - job: well known # transitive artifacts: false - job: frontend # tranitive artifacts: false - job: uniworx:lib:uniworx # transitive artifacts: false - job: uniworx:exe:uniworx # transitive artifacts: false - job: test container artifacts: true - job: parse test changelog artifacts: true - job: check # sanity artifacts: false rules: *test-release-rules retry: 2 release: variables: GIT_STRATEGY: none stage: release image: registry.gitlab.com/gitlab-org/release-cli:latest rules: *release-rules script: - echo "Will create release ${VERSION}..." release: name: '$VERSION' tag_name: '$CI_COMMIT_TAG' description: .current-changelog.md needs: - job: check # sanity artifacts: false - job: parse changelog artifacts: true test release: variables: GIT_STRATEGY: none stage: release image: registry.gitlab.com/gitlab-org/release-cli:latest rules: *test-release-rules script: - echo "Will create test release ${VERSION}-test..." release: name: "${VERSION}-test" tag_name: '$CI_COMMIT_TAG' description: .current-changelog.md needs: - job: check # sanity artifacts: false - job: parse test changelog artifacts: true