-
Notifications
You must be signed in to change notification settings - Fork 2
/
.gitlab-ci.yml
289 lines (259 loc) · 7.45 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
# vim:set sw=2 ts=2 et:
# This is a sample .gitlab-ci.yml created by wagtail-kit. You should review
# it for any necessary changes.
# Stages are groups that jobs can be groupped into.
# Jobs within each stage run in parallel and if one of them fails, the next
# stage won't be run.
# This will set up the following:
#
# - Build stage: build of static assets.
# - Test stage: code style, migration, basic configuration checks and unit
# tests.
# - Deploy stage: deploy to Heroku.
stages:
- build
- test
- deploy_site
- pages
- copy
.cache_static:
cache:
key:
files:
- package-lock.json
- bc/static_src
paths:
- ./node_modules
- ./bc/static_compiled
policy: pull
.node:
image: node:12.22.12-alpine
extends: .cache_static
needs:
- static
# Test if static assets can be built succesfully.
static:
extends: .node
needs: []
stage: build
before_script:
- apk add --no-cache rsync
script:
- npm ci --no-optional --no-audit --progress=false
- npm run build:prod
cache:
# Here only we want to write to the cache.
policy: pull-push
poetry:
# If you update the python image version here, make sure you update all jobs that depend on this
# and the version in the Dockerfile and provision scripts as well
image: python:3.11-bullseye
stage: build
variables:
POETRY_VERSION: 1.8.4
script:
- pip install poetry==$POETRY_VERSION
- python -m venv venv
- source venv/bin/activate
- pip install -U pip setuptools wheel
- poetry install
artifacts:
name: 'poetry-$CI_JOB_ID'
paths:
- ./venv/
expire_in: 30 mins
# Check python code style.
flake8:
image: python:3.11-bullseye
stage: test
dependencies:
- poetry
before_script:
- source venv/bin/activate
script:
- flake8 bc
# Check imports sort order, i.e. check whether they are in an alphabetical
# order and grouped properly.
isort:
image: python:3.11-bullseye
stage: test
dependencies:
- poetry
before_script:
- source venv/bin/activate
script:
- isort --check-only --diff --recursive bc
lint_js:
extends: .node
stage: test
script:
- npm run lint:js
lint_css:
extends: .node
stage: test
script:
- npm run lint:css
lint_format:
extends: .node
stage: test
script:
- npm run lint:format
# Run black and check for changes
black:
image: python:3.11-bullseye
stage: test
dependencies:
- poetry
before_script:
- source venv/bin/activate
script:
- black --check ./
# Check settings, migrations and run tests.
test_python:
# Make sure this Python version matches the version in your Dockerfile.
image: python:3.11-bullseye
extends: .cache_static
stage: test
needs:
- static
- poetry
services:
# Make sure this matches the Postgres version you run on your servers.
- postgres:16
variables:
# Run tests with the production settings.
DJANGO_SETTINGS_MODULE: bc.settings.test
# SECRET_KEY is required by Django to start.
SECRET_KEY: fake_secret_key_to_run_tests
# Silence RECAPTCHA
RECAPTCHA_PUBLIC_KEY: 'dummy-key-value'
RECAPTCHA_PRIVATE_KEY: 'dummy-key-value'
# Some settings are used in constants
RESPOND_COMPLAINTS_WEBSERVICE: 'TestCreateComplaints'
RESPOND_FOI_WEBSERVICE: 'TestCreateFOI'
RESPOND_SAR_WEBSERVICE: 'TestCreateSAR'
RESPOND_COMMENTS_WEBSERVICE: 'TestCreateComments'
RESPOND_COMPLIMENTS_WEBSERVICE: 'TestCreateCompliments'
RESPOND_DISCLOSURES_WEBSERVICE: 'TestCreateDisclosures'
# Postgres credentials
POSTGRES_USER: db_user
POSTGRES_PASSWORD: db_pass # pragma: allowlist secret
# This is the URL used by databases on our CI.
DATABASE_URL: postgres://db_user:db_pass@postgres/postgres # pragma: allowlist secret
# Don't redirect to HTTPS in tests.
SECURE_SSL_REDIRECT: 'false'
# Don't run birdbath in tests.
BIRDBATH_REQUIRED: 'false'
before_script:
- source venv/bin/activate
script:
# We need to run the collectstatic command, because we use ManifestStaticFilesStorage.
# Otherwise the check command will fail
- python manage.py collectstatic --verbosity 0 --noinput --clear
# Run system checks
- python manage.py check
# Check for missing migrations
- python manage.py makemigrations --check --noinput
# Create cache table.
- python manage.py createcachetable
# Run back-end tests
- python manage.py test
test_js:
extends: .node
stage: test
script:
# Run front-end tests
- npm run test:coverage
.heroku_deployment_template: &heroku_deployment_template
image: curlimages/curl:latest
stage: deploy_site
script:
- 'echo "Deploying to Heroku. To see progress, go to: https://dashboard.heroku.com/apps/$HEROKU_APP/activity"'
- curl --fail-with-body -s -X POST -m 900 https://heroku-deploy.torchbox.com/$HEROKU_APP/$CI_COMMIT_SHA?key=$DEPLOYMENT_KEY
# Deploy to the staging server.
deploy_staging:
# We use Debian image because Heroku has a lot of dependencies and is well
# supported on Debian based distributions.
image: debian:bullseye
stage: deploy_site
variables:
# Your app's name.
# $ heroku apps - t torchbox
HEROKU_APP: buckinghamshire-staging
only:
- staging
<<: *heroku_deployment_template
# Deploy to the production site.
deploy_production:
# We use Debian image because Heroku has a lot of dependencies and is well
# supported on Debian based distributions.
image: debian:bullseye
stage: deploy_site
variables:
# Your app's name.
# $ heroku apps - t torchbox
HEROKU_APP: buckinghamshire-production
only:
- master
when: manual
<<: *heroku_deployment_template
# Deploy to the content prep site.
deploy_content_prep:
# We use Debian image because Heroku has a lot of dependencies and is well
# supported on Debian based distributions.
image: debian:bullseye
stage: deploy_site
variables:
# Your app's name.
# $ heroku apps - t torchbox
HEROKU_APP: buckinghamshire-content-prep
only:
- master
when: manual
<<: *heroku_deployment_template
pages:
image: python:3.11
stage: pages
only:
- master
dependencies:
- poetry
before_script:
- source venv/bin/activate
script:
# Include CHANGELOG in the docs
- cp CHANGELOG.md docs/changelog.md
- mkdocs build
# Clear out the public/ folder before moving the built docs site there.
# We're also using public/ for WHITENOISE_ROOT, so this this prevents us
# inadvertently deploying robots.txt etc. to Gitlab Pages.
- rm -rf public/*
- mv site/* public
artifacts:
paths:
- public
# Sync data and media from production to staging
# requires FLIGHTPATH_* keys below to be added to repository secrets
# https://git.torchbox.com/sysadmin/flightpath#app-copy
copy_prod_to_staging:
stage: copy
when: manual
only:
- staging
variables:
SOURCE_APP: buckinghamshire-production
DESTINATION_APP: buckinghamshire-staging
SOURCE_KEY: $FLIGHTPATH_SOURCE_KEY
DESTINATION_KEY: $FLIGHTPATH_DESTINATION_KEY
AUTH_KEY: $FLIGHTPATH_AUTH_KEY
before_script:
- apt-get update -y
- apt-get install -y curl jq
script:
- >
export JOB_STATUS=$(curl -f -X POST -m 900
-H "Authorization: Token $AUTH_KEY" -d "source_key=$SOURCE_KEY&destination_key=$DESTINATION_KEY©_media=1&from_backup=1"
"https://flightpath.torchbox.com/copy/$SOURCE_APP/$DESTINATION_APP/")
- echo $JOB_STATUS
- export JOB_ID=$(echo $JOB_STATUS | jq -r '.job_id')
- echo $JOB_ID