From 8a0f7ffaab17f032a196e72e93b91c26eb8e6e07 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Tue, 14 Sep 2021 12:11:08 +0200 Subject: [PATCH] chore(gitlab-ci): nix based build, nodeDependencies for now --- .gitlab-ci.yml | 480 +------------------------------------------- .gitlab-ci/nix.conf | 1 + 2 files changed, 8 insertions(+), 473 deletions(-) create mode 100644 .gitlab-ci/nix.conf diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 176f7d6ed..60c723369 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -6,488 +6,22 @@ workflow: default: image: - name: fpco/stack-build:lts-17.15 - -variables: - STACK_ROOT: "${CI_PROJECT_DIR}/.stack" - CHROME_BIN: "/usr/bin/chromium-browser" - POSTGRES_DB: uniworx_test - POSTGRES_USER: uniworx - POSTGRES_PASSWORD: uniworx - MINIO_ACCESS_KEY: gOel7KvadwNKgjjy - MINIO_SECRET_KEY: ugO5pkEla7F0JW9MdPwLi4MWLT5ZbqAL - UPLOAD_S3_HOST: localhost - UPLOAD_S3_PORT: 9000 - UPLOAD_S3_KEY_ID: gOel7KvadwNKgjjy - UPLOAD_S3_KEY: ugO5pkEla7F0JW9MdPwLi4MWLT5ZbqAL - N_PREFIX: "${HOME}/.n" - PACKAGE_REGISTRY_URL: "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/uni2work" + name: nixos/nix:2.3.12 stages: - setup - - frontend:build - - yesod:build - - lint - - test - - prepare release - - upload packages - - release -# - deploy - -npm install: - cache: - - &npm-cache - key: default-npm - paths: - - .npm - - node_modules +node dependencies: stage: setup script: - - ./.npmrc.gup - - npm ci --cache .npm --prefer-offline - before_script: &npm - - rm -rvf /etc/apt/sources.list /etc/apt/sources.list.d - - install -v -T -m 0644 ${APT_SOURCES_LIST} /etc/apt/sources.list - - apt-get update -y - - npm install -g n - - n 14.8.0 - - export PATH="${N_PREFIX}/bin:$PATH" - - npm install -g npm - - hash -r - - apt-get -y install openssh-client exiftool - - install -v -m 0700 -d ~/.ssh - - install -v -T -m 0644 ${SSH_KNOWN_HOSTS} ~/.ssh/known_hosts - - install -v -T -m 0400 ${SSH_DEPLOY_KEY} ~/.ssh/deploy && echo "IdentityFile ~/.ssh/deploy" >> ~/.ssh/config; - artifacts: - paths: - - node_modules/ - name: "${CI_JOB_NAME}-${CI_COMMIT_SHORT_SHA}" - expire_in: "1 day" - retry: 2 - interruptible: true - -frontend:build: - cache: - - &frontend-cache - key: default-frontend - paths: - - .well-known-cache - - stage: frontend:build - script: - - npm run frontend:build - before_script: *npm - needs: - - job: npm install - artifacts: true - artifacts: - paths: - - static - - well-known - - config/webpack.yml - name: "${CI_JOB_NAME}-${CI_COMMIT_SHORT_SHA}" - expire_in: "1 day" - retry: 2 - interruptible: true - -frontend:lint: - stage: lint - script: - - npm run frontend:lint - before_script: *npm - needs: - - job: npm install - artifacts: true - retry: 2 - interruptible: true - -yesod:build:dev: - cache: - - &stack-dev-cache - key: default-stack-dev - paths: - - .stack - - .stack-work - - stage: yesod:build - script: - - stack build --test --copy-bins --local-bin-path $(pwd)/bin --fast --flag uniworx:-library-only --flag uniworx:dev --flag uniworx:pedantic --no-strip --no-run-tests - - cp $(stack path --dist-dir)/build/hlint/hlint bin/test-hlint - - cp $(stack path --dist-dir)/build/yesod/yesod bin/test-yesod - needs: - - job: npm install # transitive - artifacts: false - - job: frontend:build - artifacts: true - before_script: &haskell - - rm -rvf /etc/apt/sources.list /etc/apt/sources.list.d - - install -v -T -m 0644 ${APT_SOURCES_LIST} /etc/apt/sources.list - - apt-get update -y - - apt-get install -y --no-install-recommends locales-all openssh-client git-restore-mtime - - wget http://newmirror.rz.ifi.lmu.de/ubuntu/archive/pool/main/libs/libsodium/libsodium-dev_1.0.18-1_amd64.deb http://newmirror.rz.ifi.lmu.de/ubuntu/archive/pool/main/libs/libsodium/libsodium23_1.0.18-1_amd64.deb - - apt install ./libsodium23_1.0.18-1_amd64.deb ./libsodium-dev_1.0.18-1_amd64.deb - - rm -v libsodium23_1.0.18-1_amd64.deb libsodium-dev_1.0.18-1_amd64.deb - - install -v -m 0700 -d ~/.ssh - - install -v -T -m 0644 ${SSH_KNOWN_HOSTS} ~/.ssh/known_hosts - - install -v -T -m 0400 ${SSH_DEPLOY_KEY} ~/.ssh/deploy && echo "IdentityFile ~/.ssh/deploy" >> ~/.ssh/config; - - stack install happy - - export PATH="${HOME}/.local/bin:$PATH" - - hash -r - - git restore-mtime - artifacts: - paths: - - bin/ - name: "${CI_JOB_NAME}-${CI_COMMIT_SHORT_SHA}" - expire_in: "1 day" - - rules: - - if: $CI_COMMIT_REF_NAME =~ /(^v[0-9].*)|((^|\/)profile($|\/))/ - when: manual - allow_failure: true - - when: on_success - - retry: 2 - interruptible: true - -yesod:build: - cache: - - &stack-cache - key: default-stack - paths: - - .stack - - .stack-work - - stage: yesod:build - script: - - stack build --test --copy-bins --local-bin-path $(pwd)/bin --flag uniworx:-library-only --flag uniworx:-dev --flag uniworx:pedantic --no-strip --no-run-tests - - cp $(stack path --dist-dir)/build/hlint/hlint bin/test-hlint - - cp $(stack path --dist-dir)/build/yesod/yesod bin/test-yesod - needs: - - job: npm install # transitive - artifacts: false - - job: frontend:build - artifacts: true - before_script: *haskell - artifacts: - paths: - - bin/ - name: "${CI_JOB_NAME}-${CI_COMMIT_SHORT_SHA}" - expire_in: "1 day" - - rules: - - if: $CI_COMMIT_REF_NAME =~ /^v[0-9].*/ - when: on_success - - when: manual - allow_failure: true - - retry: 2 - interruptible: true - resource_group: ram - -yesod:build:profile: - cache: - - &stack-profile-cache - key: default-stack-profile - paths: - - .stack - - .stack-work - - stage: yesod:build - script: - - stack build --profile --copy-bins --local-bin-path $(pwd)/bin --flag uniworx:-library-only --flag uniworx:-dev --flag uniworx:pedantic --no-strip - needs: - - job: npm install # transitive - artifacts: false - - job: frontend:build - artifacts: true - before_script: *haskell - artifacts: - paths: - - bin/ - name: "${CI_JOB_NAME}-${CI_COMMIT_SHORT_SHA}" - expire_in: "1 day" - - rules: - - if: $CI_COMMIT_REF_NAME =~ /(^|\/)profile($|\/)/ - when: on_success - - when: manual - allow_failure: true - - retry: 2 - interruptible: true - resource_group: ram - -yesod:test:yesod: - stage: test - - services: &test-services - - name: postgres:10.10 - alias: postgres - - name: minio/minio:RELEASE.2020-08-27T05-16-20Z - alias: minio - command: ["minio", "server", "/data"] - - needs: - - job: npm install # transitive - artifacts: false - - job: frontend:build #transitive - artifacts: false - - job: yesod:build - artifacts: true - - rules: - - if: $CI_COMMIT_REF_NAME =~ /^v[0-9].*/ - when: on_success - - script: - - bin/test-yesod - - retry: 2 - interruptible: true - -yesod:test:yesod:dev: - stage: test - - services: *test-services - - needs: - - job: npm install # transitive - artifacts: false - - job: frontend:build #transitive - artifacts: false - - job: yesod:build:dev - artifacts: true - - rules: - - if: $CI_COMMIT_REF_NAME =~ /(^v[0-9].*)|((^|\/)profile($|\/))/ - when: manual - allow_failure: true - - when: on_success - - script: - - bin/test-yesod - - retry: 2 - interruptible: true - -yesod:test:hlint: - stage: lint - cache: &hlint_cache - key: hlint - paths: - - .stack - - .stack-work - - needs: - - job: npm install # transitive - artifacts: false - - job: frontend:build #transitive - artifacts: false - - job: yesod:build - artifacts: false - - rules: - - if: $CI_COMMIT_REF_NAME =~ /^v[0-9].*/ - when: on_success - - before_script: *haskell - script: - - stack install hlint - - stack exec -- hlint --cc src > gl-code-quality-report.json || jq . gl-code-quality-report.json - - artifacts: - paths: - - gl-code-quality-report.json - name: "${CI_JOB_NAME}-${CI_COMMIT_SHORT_SHA}" - expire_in: "1 day" - - reports: - codequality: gl-code-quality-report.json - - retry: 2 - interruptible: true - -yesod:test:hlint:dev: - stage: lint - cache: *hlint_cache - - needs: - - job: npm install # transitive - artifacts: false - - job: frontend:build #transitive - artifacts: false - - job: yesod:build:dev - artifacts: false - - rules: - - if: $CI_COMMIT_REF_NAME =~ /(^v[0-9].*)|((^|\/)profile($|\/))/ - when: manual - allow_failure: true - - when: on_success - - before_script: *haskell - script: - - stack install hlint - - stack exec -- hlint --cc src > gl-code-quality-report.json || jq . gl-code-quality-report.json - - artifacts: - paths: - - gl-code-quality-report.json - name: "${CI_JOB_NAME}-${CI_COMMIT_SHORT_SHA}" - expire_in: "1 day" - - reports: - codequality: gl-code-quality-report.json - - retry: 2 - interruptible: true - -frontend:test: - stage: test - script: - - npm run frontend:test - needs: - - job: npm install - artifacts: true + - nix build -o node-dependencies uniworxNodeDependencies before_script: - - rm -rvf /etc/apt/sources.list /etc/apt/sources.list.d - - install -v -T -m 0644 ${APT_SOURCES_LIST} /etc/apt/sources.list - - apt-get update -y - - npm install -g n - - n 14.8.0 - - export PATH="${N_PREFIX}/bin:$PATH" - - npm install -g npm - - hash -r - - apt-get install -y --no-install-recommends chromium-browser - retry: 2 - interruptible: true - -parse-changelog: - stage: prepare release - needs: - - job: npm install - artifacts: true - rules: - - if: $CI_COMMIT_REF_NAME =~ /^v[0-9].*/ - when: on_success - before_script: - - rm -rvf /etc/apt/sources.list /etc/apt/sources.list.d - - install -v -T -m 0644 ${APT_SOURCES_LIST} /etc/apt/sources.list - - apt-get update -y - - apt-get install -y --no-install-recommends jq - script: - - npm run parse-changelog - - | - jq -r '.versions[0].version' changelog.json > .current-version - - | - jq -r '.versions[0].body' changelog.json > .current-changelog.md + - nix-env -iA envsubst + - envsubst -i .gitlab-ci/nix.conf -o /etc/nix/nix.conf artifacts: paths: - - .current-version - - .current-changelog.md - name: "changelog-${CI_COMMIT_SHORT_SHA}" + - node-dependencies + name: "${CI_JOB_NAME}-${CI_COMMIT_SHORT_SHA}" expire_in: "1 day" retry: 2 interruptible: true - -upload: - variables: - GIT_STRATEGY: none - stage: upload packages - image: curlimages/curl:latest - needs: - - job: npm install # transitive - artifacts: false - - job: frontend:build # transitive - artifacts: false - - job: yesod:build - artifacts: true - - job: parse-changelog - artifacts: true - - job: frontend:lint # validation - artifacts: false - - job: frontend:test # validation - artifacts: false - - job: yesod:test:hlint # validation - artifacts: false - - job: yesod:test:yesod # validation - artifacts: false - rules: - - if: $CI_COMMIT_REF_NAME =~ /^v[0-9].*/ - when: on_success - before_script: - - export VERSION="$(cat .current-version)" - script: - - | - curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file bin/uniworx ${PACKAGE_REGISTRY_URL}/${VERSION}/uniworx - - | - curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file bin/uniworxdb ${PACKAGE_REGISTRY_URL}/${VERSION}/uniworxdb - - | - curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file bin/uniworxload ${PACKAGE_REGISTRY_URL}/${VERSION}/uniworxload - - | - curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file bin/uniworx-wflint ${PACKAGE_REGISTRY_URL}/${VERSION}/uniworx-wflint - -release: - variables: - GIT_STRATEGY: none - stage: release - image: registry.gitlab.com/gitlab-org/release-cli:latest - needs: - - job: upload - artifacts: false - - job: npm install # transitive - artifacts: false - - job: frontend:build # transitive - artifacts: false - - job: yesod:build # transitive - artifacts: false - - job: parse-changelog - artifacts: true - - job: frontend:lint # validation - artifacts: false - - job: frontend:test # validation - artifacts: false - - job: yesod:test:hlint # validation - artifacts: false - - job: yesod:test:yesod # validation - artifacts: false - rules: - - if: $CI_COMMIT_REF_NAME =~ /^v[0-9].*/ - when: on_success - before_script: - - export VERSION="$(cat .current-version)" - script: - - | - release-cli create --name "${VERSION}" --tag-name $CI_COMMIT_TAG --description .current-changelog.md \ - --assets-link "{\"name\":\"uniworx\",\"url\":\"${PACKAGE_REGISTRY_URL}/${VERSION}/uniworx\",\"filepath\":\"/uniworx\"}" \ - --assets-link "{\"name\":\"uniworxdb\",\"url\":\"${PACKAGE_REGISTRY_URL}/${VERSION}/uniworxdb\",\"filepath\":\"/uniworxdb\"}" \ - --assets-link "{\"name\":\"uniworxload\",\"url\":\"${PACKAGE_REGISTRY_URL}/${VERSION}/uniworxload\",\"filepath\":\"/uniworxload\"}" \ - --assets-link "{\"name\":\"uniworx-wflint\",\"url\":\"${PACKAGE_REGISTRY_URL}/${VERSION}/uniworx-wflint\",\"filepath\":\"/uniworx-wflint\"}" - - -# deploy:uniworx3: -# cache: {} -# stage: deploy -# variables: -# GIT_STRATEGY: none -# script: -# - zip -qj - bin/uniworx bin/uniworxdb | ssh root@uniworx3.ifi.lmu.de /root/bin/accept_uni2work -# needs: -# - yesod:build -# - frontend:test # For sanity -# before_script: -# - rm -rvf /etc/apt/sources.list /etc/apt/sources.list.d -# - install -v -T -m 0644 ${APT_SOURCES_LIST} /etc/apt/sources.list -# - apt-get update -y -# - apt-get install -y --no-install-recommends openssh-client -# - install -v -m 0700 -d ~/.ssh -# - install -v -T -m 0644 ${SSH_KNOWN_HOSTS} ~/.ssh/known_hosts -# - install -v -T -m 0400 ${SSH_PRIVATE_KEY_UNIWORX3} ~/.ssh/uniworx3; echo "IdentityFile ~/.ssh/uniworx3" >> ~/.ssh/config; -# dependencies: -# - yesod:build - -# only: -# variables: -# - $CI_COMMIT_REF_NAME =~ /^v[0-9].*/ -# resource_group: uniworx3 diff --git a/.gitlab-ci/nix.conf b/.gitlab-ci/nix.conf new file mode 100644 index 000000000..06af3c2d5 --- /dev/null +++ b/.gitlab-ci/nix.conf @@ -0,0 +1 @@ +sandbox = true \ No newline at end of file