image: node:alpine # Use latest version of Node.js on Alpine cache: # add cache to 'node_modules' for speeding up builds paths: - node_modules/ # Node modules and dependencies variables: NODE_ENV: "production" ## Rename to 'pages' for gitlab pages build: stage: build before_script: - apk update && apk add git - npm install script: - npm run build # Generate site rules: # Only trigger through push & "Run pipeline" events in master branch; Skip in renovate job - if: '$RENOVATE != "true" && $CI_COMMIT_REF_NAME == "master" && ($CI_PIPELINE_SOURCE == "push" || $CI_PIPELINE_SOURCE == "web")' when: always artifacts: paths: - public/ expire_in: 30 days test: stage: test script: - sh check-homepage.sh # Homepage should exists and non-empty rules: - if: '$RENOVATE != "true" && $CI_COMMIT_REF_NAME == "master" && ($CI_PIPELINE_SOURCE == "push" || $CI_PIPELINE_SOURCE == "web")' when: always artifacts: paths: - public/ expire_in: 30 days deploy: stage: deploy before_script: - apk update && apk add openssh-client rsync - mkdir -p ~/.ssh - chmod 700 ~/.ssh - echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts - chmod 644 ~/.ssh/known_hosts - echo "$SSH_KEY_1" > ~/.ssh/id_host_1 - chmod 600 ~/.ssh/id_host_1 - echo "$SSH_KEY_2" > ~/.ssh/id_host_2 - chmod 600 ~/.ssh/id_host_2 - echo "$SSH_CONFIG" > ~/.ssh/config - chmod 600 ~/.ssh/config script: - rsync -azvh --delete public/ host-1:/var/www/ - rsync -azvh --delete public/ host-2:/var/www/ rules: - if: '$RENOVATE != "true" && $CI_COMMIT_REF_NAME == "master" && ($CI_PIPELINE_SOURCE == "push" || $CI_PIPELINE_SOURCE == "web")' when: always deploy_pages: stage: deploy trigger: project: curben/curben.gitlab.io branch: master strategy: depend rules: - if: '$RENOVATE != "true" && $CI_COMMIT_REF_NAME == "master" && ($CI_PIPELINE_SOURCE == "push" || $CI_PIPELINE_SOURCE == "web")' when: always renovate: # Check dependency update before_script: - apk update && apk add git - npm install script: - npm install snyk @snyk/protect && npm run snyk - npm install renovate && npm run renovate # No artifact dependencies: [] rules: - if: '$RENOVATE == "true" && $CI_COMMIT_REF_NAME == "master" && ($CI_PIPELINE_SOURCE == "schedule" || $CI_PIPELINE_SOURCE == "web")' when: always include: - template: Security/Secret-Detection.gitlab-ci.yml