blog/.gitlab-ci.yml

104 lines
2.9 KiB
YAML

image: node:alpine # Use latest version of Node.js on Alpine
cache:
paths:
- node_modules/
variables:
NODE_ENV: "production"
# Rename to 'pages' for gitlab pages
build:
stage: build
before_script:
- apk update && apk add git
- npm install --include=optional --force
script:
# Generate site
- npm run build
rules:
# Only trigger through push & "Run pipeline" events only in the master branch; Skip in renovate job; Merge request where master branch is the target
- if: '$RENOVATE != "true" && (($CI_COMMIT_REF_NAME == "master" && ($CI_PIPELINE_SOURCE == "push" || $CI_PIPELINE_SOURCE == "web" || $CI_PIPELINE_SOURCE == "pipeline")) || ($CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "master"))'
when: always
artifacts:
paths:
- public/
expire_in: 30 days
test:
stage: test
script:
# Homepage should exist and non-empty
- sh check-homepage.sh
rules:
- if: '$RENOVATE != "true" && (($CI_COMMIT_REF_NAME == "master" && ($CI_PIPELINE_SOURCE == "push" || $CI_PIPELINE_SOURCE == "web" || $CI_PIPELINE_SOURCE == "pipeline")) || ($CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "master"))'
when: always
artifacts:
paths:
- public/
expire_in: 30 days
deploy:
stage: deploy
before_script:
- apk update && apk add openssh-client rsync
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- echo "$SSH_KEY_1" > ~/.ssh/id_host_1
- chmod 600 ~/.ssh/id_host_1
- echo "$SSH_KEY_2" > ~/.ssh/id_host_2
- chmod 600 ~/.ssh/id_host_2
- echo "$SSH_CONFIG" > ~/.ssh/config
- chmod 600 ~/.ssh/config
script:
- rsync -azvh --delete public/ host-1:/var/www/
- rsync -azvh --delete public/ host-2:/var/www/
- npm run deploy-cf-images
rules:
- if: '$RENOVATE != "true" && $CI_COMMIT_REF_NAME == "master" && ($CI_PIPELINE_SOURCE == "push" || $CI_PIPELINE_SOURCE == "web" || $CI_PIPELINE_SOURCE == "pipeline")'
when: always
deploy_pages:
stage: deploy
trigger:
project: curben/curben.gitlab.io
branch: master
strategy: depend
rules:
- if: '$RENOVATE != "true" && $CI_COMMIT_REF_NAME == "master" && ($CI_PIPELINE_SOURCE == "push" || $CI_PIPELINE_SOURCE == "web" || $CI_PIPELINE_SOURCE == "pipeline")'
when: always
# Check dependency update
renovate:
before_script:
- apk update && apk add git
- npm install
script:
- npm install snyk @snyk/protect && npm run snyk
- npm install renovate && npm run renovate
# No artifact
dependencies: []
rules:
- if: '$RENOVATE == "true" && $CI_COMMIT_REF_NAME == "master" && ($CI_PIPELINE_SOURCE == "schedule" || $CI_PIPELINE_SOURCE == "web")'
when: always
include:
- template: Security/Secret-Detection.gitlab-ci.yml