image: node:alpine # Use latest version of Node.js on Alpine cache: paths: - node_modules/ variables: NODE_ENV: "production" # Rename to 'pages' for gitlab pages build: stage: build before_script: - apk update && apk add git - npm install --include=optional --force script: # Generate site - npm run build - npm run deploy-cf-images rules: # Only trigger through push & "Run pipeline" events not in "site" branch; Skip in renovate job - if: '$RENOVATE != "true" && $CI_COMMIT_REF_NAME != "site" && ($CI_PIPELINE_SOURCE == "push" || $CI_PIPELINE_SOURCE == "web")' when: always artifacts: paths: - public/ expire_in: 30 days test: stage: test script: # Homepage should exist and non-empty - sh check-homepage.sh rules: - if: '$RENOVATE != "true" && $CI_COMMIT_REF_NAME == "master" && ($CI_PIPELINE_SOURCE == "push" || $CI_PIPELINE_SOURCE == "web")' when: always artifacts: paths: - public/ expire_in: 30 days deploy: stage: deploy before_script: - apk update && apk add openssh-client rsync - mkdir -p ~/.ssh - chmod 700 ~/.ssh - echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts - chmod 644 ~/.ssh/known_hosts - echo "$SSH_KEY_1" > ~/.ssh/id_host_1 - chmod 600 ~/.ssh/id_host_1 - echo "$SSH_KEY_2" > ~/.ssh/id_host_2 - chmod 600 ~/.ssh/id_host_2 - echo "$SSH_CONFIG" > ~/.ssh/config - chmod 600 ~/.ssh/config script: - rsync -azvh --delete --exclude-from "rsync-exclude.txt" public/ host-1:/var/www/ - rsync -azvh --delete --exclude-from "rsync-exclude.txt" public/ host-2:/var/www/ rules: - if: '$RENOVATE != "true" && $CI_COMMIT_REF_NAME == "master" && ($CI_PIPELINE_SOURCE == "push" || $CI_PIPELINE_SOURCE == "web")' when: always deploy_pages: stage: deploy trigger: project: curben/curben.gitlab.io branch: master strategy: depend rules: - if: '$RENOVATE != "true" && $CI_COMMIT_REF_NAME == "master" && ($CI_PIPELINE_SOURCE == "push" || $CI_PIPELINE_SOURCE == "web")' when: always # Check dependency update renovate: before_script: - apk update && apk add git - npm install script: - npm install snyk @snyk/protect && npm run snyk - npm install renovate && npm run renovate # No artifact dependencies: [] rules: - if: '$RENOVATE == "true" && $CI_COMMIT_REF_NAME == "master" && ($CI_PIPELINE_SOURCE == "schedule" || $CI_PIPELINE_SOURCE == "web")' when: always include: - template: Security/Secret-Detection.gitlab-ci.yml