Moritz
ce57d046b9
Some checks reported errors
continuous-integration/drone/push Build encountered an error
169 lines
4.8 KiB
Jsonnet
169 lines
4.8 KiB
Jsonnet
local elixir = 'docker.io/library/elixir:1.18.3-otp-27';
|
|
local postgres_image = 'docker.io/library/postgres:18.3';
|
|
|
|
local pg_service = {
|
|
name: 'postgres',
|
|
image: postgres_image,
|
|
environment: {
|
|
POSTGRES_USER: 'postgres',
|
|
POSTGRES_PASSWORD: 'postgres',
|
|
},
|
|
};
|
|
|
|
local cache_volume = { name: 'cache', host: { path: '/tmp/drone_cache' } };
|
|
local cache_mount = [{ name: 'cache', path: '/cache' }];
|
|
|
|
local step_compute_cache = {
|
|
name: 'compute cache key',
|
|
image: elixir,
|
|
commands: [
|
|
"mix_lock_hash=$(sha256sum mix.lock | cut -d ' ' -f 1)",
|
|
'echo "$DRONE_REPO_OWNER/$DRONE_REPO_NAME/$mix_lock_hash" >> .cache_key',
|
|
// Print cache key for debugging
|
|
'cat .cache_key',
|
|
],
|
|
};
|
|
|
|
local step_restore_cache = {
|
|
name: 'restore-cache',
|
|
image: 'drillster/drone-volume-cache',
|
|
settings: { restore: true, mount: ['./deps', './_build'], ttl: 30 },
|
|
volumes: cache_mount,
|
|
};
|
|
|
|
local step_lint = {
|
|
name: 'lint',
|
|
image: elixir,
|
|
commands: [
|
|
'mix local.hex --force', // Install hex package manager
|
|
'mix deps.get', // Fetch dependencies
|
|
'mix compile --warnings-as-errors', // Check for compilation errors & warnings
|
|
'mix format --check-formatted', // Check formatting
|
|
'mix sobelow --config', // Security checks
|
|
'mix deps.audit --ignore-file .deps_audit_ignore', // Known vulnerabilities
|
|
'mix hex.audit', // Unmaintained dependencies
|
|
'mix credo --strict', // Code quality hints
|
|
'mix gettext.extract --check-up-to-date', // Translations up to date
|
|
],
|
|
};
|
|
|
|
local step_wait_postgres = {
|
|
name: 'wait_for_postgres',
|
|
image: postgres_image,
|
|
commands: [
|
|
|||
|
|
for i in {1..20}; do
|
|
if pg_isready -h postgres -U postgres; then
|
|
exit 0
|
|
else
|
|
true
|
|
fi
|
|
sleep 2
|
|
done
|
|
echo "Postgres did not become available, aborting."
|
|
exit 1
|
|
|||,
|
|
],
|
|
};
|
|
|
|
local step_rebuild_cache = {
|
|
name: 'rebuild-cache',
|
|
image: 'drillster/drone-volume-cache',
|
|
settings: { rebuild: true, mount: ['./deps', './_build'] },
|
|
volumes: cache_mount,
|
|
};
|
|
|
|
// test_cmd is the only thing that differs between the fast and full suites.
|
|
local test_step(name, test_cmd) = {
|
|
name: name,
|
|
image: elixir,
|
|
environment: {
|
|
MIX_ENV: 'test',
|
|
TEST_POSTGRES_HOST: 'postgres',
|
|
TEST_POSTGRES_PORT: '5432',
|
|
},
|
|
commands: ['mix local.hex --force', 'mix deps.get', test_cmd],
|
|
};
|
|
|
|
local test_fast = test_step('test-fast', 'mix test --exclude slow --exclude ui --max-cases 2');
|
|
local test_all = test_step('test-all', 'mix test');
|
|
|
|
// A full check pipeline: identical steps, only name + trigger + test step vary.
|
|
local check_pipeline(name, trigger, test) = {
|
|
kind: 'pipeline',
|
|
type: 'docker',
|
|
name: name,
|
|
services: [pg_service],
|
|
trigger: trigger,
|
|
steps: [
|
|
step_compute_cache,
|
|
step_restore_cache,
|
|
step_lint,
|
|
step_wait_postgres,
|
|
test,
|
|
step_rebuild_cache,
|
|
],
|
|
volumes: [cache_volume],
|
|
};
|
|
|
|
local docker_publish(name, extra_settings, trigger_event, deps) = {
|
|
kind: 'pipeline',
|
|
type: 'docker',
|
|
name: name,
|
|
trigger: trigger_event,
|
|
steps: [{
|
|
name: 'build-and-publish-container' + (if name == 'build-and-publish' then '-branch' else ''),
|
|
image: 'plugins/docker',
|
|
settings: {
|
|
registry: 'git.local-it.org',
|
|
repo: 'git.local-it.org/local-it/mitgliederverwaltung',
|
|
username: { from_secret: 'DRONE_REGISTRY_USERNAME' },
|
|
password: { from_secret: 'DRONE_REGISTRY_TOKEN' },
|
|
} + extra_settings,
|
|
when: trigger_event,
|
|
}],
|
|
depends_on: deps,
|
|
};
|
|
|
|
[
|
|
check_pipeline('check-fast', { branch: { exclude: ['main'] }, event: ['push'] }, test_fast),
|
|
check_pipeline('check-full', { branch: ['main'], event: ['push'] }, test_all),
|
|
check_pipeline('check-full-promote', { event: ['promote'], target: ['production'] }, test_all),
|
|
check_pipeline('check-full-tag', { event: ['tag'] }, test_all),
|
|
|
|
docker_publish(
|
|
'build-and-publish',
|
|
{ tags: ['latest', '${DRONE_COMMIT_SHA:0:8}'] },
|
|
{ branch: ['main'], event: ['push'] },
|
|
['check-full'],
|
|
),
|
|
docker_publish(
|
|
'build-and-release',
|
|
{ auto_tag: true },
|
|
{ event: ['tag'] },
|
|
['check-full-tag'],
|
|
),
|
|
|
|
{
|
|
kind: 'pipeline',
|
|
type: 'docker',
|
|
name: 'renovate',
|
|
trigger: { event: ['cron', 'custom'], branch: ['main'] },
|
|
environment: { LOG_LEVEL: 'debug' },
|
|
steps: [{
|
|
name: 'renovate',
|
|
image: 'renovate/renovate:43.165',
|
|
environment: {
|
|
RENOVATE_CONFIG_FILE: 'renovate_backend_config.js',
|
|
RENOVATE_TOKEN: { from_secret: 'RENOVATE_TOKEN' },
|
|
GITHUB_COM_TOKEN: { from_secret: 'GITHUB_COM_TOKEN' },
|
|
},
|
|
commands: [
|
|
// https://github.com/renovatebot/renovate/discussions/15049
|
|
'unset GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL',
|
|
'renovate-config-validator',
|
|
'renovate',
|
|
],
|
|
}],
|
|
},
|
|
]
|