blog/.gitlab-ci.yml

82 lines
2.6 KiB
YAML

image: node:alpine # Use latest version of Node.js on Alpine
cache: # add cache to 'node_modules' for speeding up builds
paths:
- node_modules/ # Node modules and dependencies
test:
before_script:
- 'which ssh-agent || (apk update && apk add openssh-client git)'
- npm install --only=prod
script:
- npm install --only=prod snyk && npm run snyk # Refer to "scripts" in package.json
- npm run hexo
# Update github mirror
after_script:
# Import SSH key
- eval $(ssh-agent -s)
- echo "$GH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
# (workaround) force exit code 0
- ssh -T git@github.com || ":"
- git remote add mirror git@github.com:curbengh/blog.git
# Discard changes before checking out branch
- git reset HEAD --hard
- git checkout master && git push mirror master
- git checkout site && git push mirror site
rules:
# Skip in renovate job
- if: '$RENOVATE == "true"'
when: never
# Only trigger through push event in master branch
- if: '$CI_COMMIT_REF_NAME == "master" && $CI_PIPELINE_SOURCE == "push"'
when: always
# Only trigger through "Run pipeline" in master branch
- if: '$CI_COMMIT_REF_NAME == "master" && $CI_PIPELINE_SOURCE == "web"'
when: always
renovate: # Check dependency update
before_script:
- npm install --only=prod
script:
- npm install --only=prod renovate
- npm run renovate
rules:
# Only trigger when environment variable matches and through schedule in master branch
- if: '$RENOVATE == "true" && $CI_COMMIT_REF_NAME == "master" && $CI_PIPELINE_SOURCE == "schedule"'
when: always
# Only trigger when environment variable matches and through "Run pipeline" in master branch
- if: '$RENOVATE == "true" && $CI_COMMIT_REF_NAME == "master" && $CI_PIPELINE_SOURCE == "web"'
when: always
# # Uncomment below (and comment/remove above) lines for gitlab pages
# image: node:latest # Use latest version of Node.js
# pages:
# cache: # add cache to 'node_modules' for speeding up builds
# paths:
# - node_modules/ # Node modules and dependencies
# script:
# - npm install -g snyk hexo-cli
# - npm install # install node modules
# - snyk auth $SNYK_TOKEN
# - snyk protect # Apply patches to node modules
# - snyk test # Check node modules for vulnerability
# - hexo deploy # deploy the site.
# artifacts:
# paths:
# - public # deploy to the 'public' folder.
# only:
# - master # this job will affect only the 'master' branch