From ce57d046b96d970bfb459164787669dc12bfc6b8 Mon Sep 17 00:00:00 2001 From: Moritz Date: Mon, 1 Jun 2026 21:46:50 +0200 Subject: [PATCH] ci(drone): run full test suite on main, tags and promote --- .drone.jsonnet | 169 ++++++++++++++++++++++++++++ .drone.yml | 298 ------------------------------------------------- 2 files changed, 169 insertions(+), 298 deletions(-) create mode 100644 .drone.jsonnet delete mode 100644 .drone.yml diff --git a/.drone.jsonnet b/.drone.jsonnet new file mode 100644 index 0000000..ba8bacd --- /dev/null +++ b/.drone.jsonnet @@ -0,0 +1,169 @@ +local elixir = 'docker.io/library/elixir:1.18.3-otp-27'; +local postgres_image = 'docker.io/library/postgres:18.3'; + +local pg_service = { + name: 'postgres', + image: postgres_image, + environment: { + POSTGRES_USER: 'postgres', + POSTGRES_PASSWORD: 'postgres', + }, +}; + +local cache_volume = { name: 'cache', host: { path: '/tmp/drone_cache' } }; +local cache_mount = [{ name: 'cache', path: '/cache' }]; + +local step_compute_cache = { + name: 'compute cache key', + image: elixir, + commands: [ + "mix_lock_hash=$(sha256sum mix.lock | cut -d ' ' -f 1)", + 'echo "$DRONE_REPO_OWNER/$DRONE_REPO_NAME/$mix_lock_hash" >> .cache_key', + // Print cache key for debugging + 'cat .cache_key', + ], +}; + +local step_restore_cache = { + name: 'restore-cache', + image: 'drillster/drone-volume-cache', + settings: { restore: true, mount: ['./deps', './_build'], ttl: 30 }, + volumes: cache_mount, +}; + +local step_lint = { + name: 'lint', + image: elixir, + commands: [ + 'mix local.hex --force', // Install hex package manager + 'mix deps.get', // Fetch dependencies + 'mix compile --warnings-as-errors', // Check for compilation errors & warnings + 'mix format --check-formatted', // Check formatting + 'mix sobelow --config', // Security checks + 'mix deps.audit --ignore-file .deps_audit_ignore', // Known vulnerabilities + 'mix hex.audit', // Unmaintained dependencies + 'mix credo --strict', // Code quality hints + 'mix gettext.extract --check-up-to-date', // Translations up to date + ], +}; + +local step_wait_postgres = { + name: 'wait_for_postgres', + image: postgres_image, + commands: [ + ||| + for i in {1..20}; do + if pg_isready -h postgres -U postgres; then + exit 0 + else + true + fi + sleep 2 + done + echo "Postgres did not become available, aborting." + exit 1 + |||, + ], +}; + +local step_rebuild_cache = { + name: 'rebuild-cache', + image: 'drillster/drone-volume-cache', + settings: { rebuild: true, mount: ['./deps', './_build'] }, + volumes: cache_mount, +}; + +// test_cmd is the only thing that differs between the fast and full suites. +local test_step(name, test_cmd) = { + name: name, + image: elixir, + environment: { + MIX_ENV: 'test', + TEST_POSTGRES_HOST: 'postgres', + TEST_POSTGRES_PORT: '5432', + }, + commands: ['mix local.hex --force', 'mix deps.get', test_cmd], +}; + +local test_fast = test_step('test-fast', 'mix test --exclude slow --exclude ui --max-cases 2'); +local test_all = test_step('test-all', 'mix test'); + +// A full check pipeline: identical steps, only name + trigger + test step vary. +local check_pipeline(name, trigger, test) = { + kind: 'pipeline', + type: 'docker', + name: name, + services: [pg_service], + trigger: trigger, + steps: [ + step_compute_cache, + step_restore_cache, + step_lint, + step_wait_postgres, + test, + step_rebuild_cache, + ], + volumes: [cache_volume], +}; + +local docker_publish(name, extra_settings, trigger_event, deps) = { + kind: 'pipeline', + type: 'docker', + name: name, + trigger: trigger_event, + steps: [{ + name: 'build-and-publish-container' + (if name == 'build-and-publish' then '-branch' else ''), + image: 'plugins/docker', + settings: { + registry: 'git.local-it.org', + repo: 'git.local-it.org/local-it/mitgliederverwaltung', + username: { from_secret: 'DRONE_REGISTRY_USERNAME' }, + password: { from_secret: 'DRONE_REGISTRY_TOKEN' }, + } + extra_settings, + when: trigger_event, + }], + depends_on: deps, +}; + +[ + check_pipeline('check-fast', { branch: { exclude: ['main'] }, event: ['push'] }, test_fast), + check_pipeline('check-full', { branch: ['main'], event: ['push'] }, test_all), + check_pipeline('check-full-promote', { event: ['promote'], target: ['production'] }, test_all), + check_pipeline('check-full-tag', { event: ['tag'] }, test_all), + + docker_publish( + 'build-and-publish', + { tags: ['latest', '${DRONE_COMMIT_SHA:0:8}'] }, + { branch: ['main'], event: ['push'] }, + ['check-full'], + ), + docker_publish( + 'build-and-release', + { auto_tag: true }, + { event: ['tag'] }, + ['check-full-tag'], + ), + + { + kind: 'pipeline', + type: 'docker', + name: 'renovate', + trigger: { event: ['cron', 'custom'], branch: ['main'] }, + environment: { LOG_LEVEL: 'debug' }, + steps: [{ + name: 'renovate', + image: 'renovate/renovate:43.165', + environment: { + RENOVATE_CONFIG_FILE: 'renovate_backend_config.js', + RENOVATE_TOKEN: { from_secret: 'RENOVATE_TOKEN' }, + GITHUB_COM_TOKEN: { from_secret: 'GITHUB_COM_TOKEN' }, + }, + commands: [ + // https://github.com/renovatebot/renovate/discussions/15049 + 'unset GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL', + 'renovate-config-validator', + 'renovate', + ], + }], + }, +] diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index b0e1d3d..0000000 --- a/.drone.yml +++ /dev/null @@ -1,298 +0,0 @@ -kind: pipeline -type: docker -name: check-fast - -services: - - name: postgres - image: docker.io/library/postgres:18.3 - environment: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: postgres - -trigger: - event: - - push - -steps: - - name: compute cache key - image: docker.io/library/elixir:1.18.3-otp-27 - commands: - - mix_lock_hash=$(sha256sum mix.lock | cut -d ' ' -f 1) - - echo "$DRONE_REPO_OWNER/$DRONE_REPO_NAME/$mix_lock_hash" >> .cache_key - # Print cache key for debugging - - cat .cache_key - - - name: restore-cache - image: drillster/drone-volume-cache - settings: - restore: true - mount: - - ./deps - - ./_build - ttl: 30 - volumes: - - name: cache - path: /cache - - - name: lint - image: docker.io/library/elixir:1.18.3-otp-27 - commands: - # Install hex package manager - - mix local.hex --force - # Fetch dependencies - - mix deps.get - # Check for compilation errors & warnings - - mix compile --warnings-as-errors - # Check formatting - - mix format --check-formatted - # Security checks - - mix sobelow --config - # Check dependencies for known vulnerabilities - - mix deps.audit --ignore-file .deps_audit_ignore - # Check for dependencies that are not maintained anymore - - mix hex.audit - # Provide hints for improving code quality - - mix credo --strict - # Check that translations are up to date - - mix gettext.extract --check-up-to-date - - - name: wait_for_postgres - image: docker.io/library/postgres:18.3 - commands: - # Wait for postgres to become available - - | - for i in {1..20}; do - if pg_isready -h postgres -U postgres; then - exit 0 - else - true - fi - sleep 2 - done - echo "Postgres did not become available, aborting." - exit 1 - - - name: test-fast - image: docker.io/library/elixir:1.18.3-otp-27 - environment: - MIX_ENV: test - TEST_POSTGRES_HOST: postgres - TEST_POSTGRES_PORT: 5432 - commands: - # Install hex package manager - - mix local.hex --force - # Fetch dependencies - - mix deps.get - # Run fast tests (excludes slow/performance and UI tests) - - mix test --exclude slow --exclude ui --max-cases 2 - - - name: rebuild-cache - image: drillster/drone-volume-cache - settings: - rebuild: true - mount: - - ./deps - - ./_build - volumes: - - name: cache - path: /cache - -volumes: - - name: cache - host: - path: /tmp/drone_cache - ---- -kind: pipeline -type: docker -name: check-full - -services: - - name: postgres - image: docker.io/library/postgres:18.3 - environment: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: postgres - -trigger: - event: - - promote - target: - - production - -steps: - - name: compute cache key - image: docker.io/library/elixir:1.18.3-otp-27 - commands: - - mix_lock_hash=$(sha256sum mix.lock | cut -d ' ' -f 1) - - echo "$DRONE_REPO_OWNER/$DRONE_REPO_NAME/$mix_lock_hash" >> .cache_key - # Print cache key for debugging - - cat .cache_key - - - name: restore-cache - image: drillster/drone-volume-cache - settings: - restore: true - mount: - - ./deps - - ./_build - ttl: 30 - volumes: - - name: cache - path: /cache - - - name: lint - image: docker.io/library/elixir:1.18.3-otp-27 - commands: - # Install hex package manager - - mix local.hex --force - # Fetch dependencies - - mix deps.get - # Check for compilation errors & warnings - - mix compile --warnings-as-errors - # Check formatting - - mix format --check-formatted - # Security checks - - mix sobelow --config - # Check dependencies for known vulnerabilities - - mix deps.audit --ignore-file .deps_audit_ignore - # Check for dependencies that are not maintained anymore - - mix hex.audit - # Provide hints for improving code quality - - mix credo --strict - # Check that translations are up to date - - mix gettext.extract --check-up-to-date - - - name: wait_for_postgres - image: docker.io/library/postgres:18.3 - commands: - # Wait for postgres to become available - - | - for i in {1..20}; do - if pg_isready -h postgres -U postgres; then - exit 0 - else - true - fi - sleep 2 - done - echo "Postgres did not become available, aborting." - exit 1 - - - name: test-all - image: docker.io/library/elixir:1.18.3-otp-27 - environment: - MIX_ENV: test - TEST_POSTGRES_HOST: postgres - TEST_POSTGRES_PORT: 5432 - commands: - # Install hex package manager - - mix local.hex --force - # Fetch dependencies - - mix deps.get - # Run all tests (including slow/performance and UI tests) - - mix test - - - name: rebuild-cache - image: drillster/drone-volume-cache - settings: - rebuild: true - mount: - - ./deps - - ./_build - volumes: - - name: cache - path: /cache - -volumes: - - name: cache - host: - path: /tmp/drone_cache - ---- -kind: pipeline -type: docker -name: build-and-publish - -trigger: - branch: - - main - event: - - push - -steps: - - name: build-and-publish-container-branch - image: plugins/docker - settings: - registry: git.local-it.org - repo: git.local-it.org/local-it/mitgliederverwaltung - username: - from_secret: DRONE_REGISTRY_USERNAME - password: - from_secret: DRONE_REGISTRY_TOKEN - tags: - - latest - - ${DRONE_COMMIT_SHA:0:8} - when: - event: - - push - -depends_on: - - check-fast - ---- -kind: pipeline -type: docker -name: build-and-release - -trigger: - event: - - tag - -steps: - - name: build-and-publish-container - image: plugins/docker - settings: - registry: git.local-it.org - repo: git.local-it.org/local-it/mitgliederverwaltung - username: - from_secret: DRONE_REGISTRY_USERNAME - password: - from_secret: DRONE_REGISTRY_TOKEN - auto_tag: true - when: - event: - - tag - -depends_on: - - check-fast - ---- -kind: pipeline -type: docker -name: renovate - -trigger: - event: - - cron - - custom - branch: - - main - -environment: - LOG_LEVEL: debug - -steps: - - name: renovate - image: renovate/renovate:43.165 - environment: - RENOVATE_CONFIG_FILE: "renovate_backend_config.js" - RENOVATE_TOKEN: - from_secret: RENOVATE_TOKEN - GITHUB_COM_TOKEN: - from_secret: GITHUB_COM_TOKEN - commands: - # https://github.com/renovatebot/renovate/discussions/15049 - - unset GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL - - renovate-config-validator - - renovate