Appearance
Overview
Contributions are currently only possible by curasystems GmbH and all code inside the aeppic monorepo is fully owned by curasystems GmbH. Any contributions when accepted will thus be fully owned by curasystems GmbH.
Build process
The build process is handled via @microsoft/rush:
Once all dependencies are linked and the environment matches the following command does the build:
node common/scripts/install-run-rush.js build
During development the following command is more helpful:
node common/scripts/install-run-rush.js build:incremental
and if npm i -g @microsoft/rush was installed before you can shorten that to:
rush build:incremental
Dependencies
The .gitlab-ci.yml file shows all the other steps that need to be done initially too.
yaml
default:
image:
name: registry.dev.curasystems.com/aeppic/aeppic-full/ci:1.3.0
entrypoint: [""]
variables:
# The shallow clone depth must be deep enough to fetch the merge-base of the current branch and master
# we should not have branches with more than 100 commits between the current branch and master
GIT_DEPTH: "100"
DOCKER_HOST: unix:///var/run/docker.sock
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
CI_REGISTRY: registry.dev.curasystems.com
CI_REGISTRY_IMAGE: $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME
SERVER_REGISTRY_IMAGE: $CI_REGISTRY_IMAGE/server
SERVER_CONTAINER_TAG_BRANCH: $SERVER_REGISTRY_IMAGE:$CI_COMMIT_BRANCH
SERVER_CONTAINER_TAG_LATEST: $SERVER_REGISTRY_IMAGE:latest
SERVER_CONTAINER_TAG: $SERVER_CONTAINER_TAG_BRANCH
DOCS_REGISTRY_IMAGE: $CI_REGISTRY_IMAGE/docs
DOCS_CONTAINER_TAG_BRANCH: $DOCS_REGISTRY_IMAGE:$CI_COMMIT_BRANCH
DOCS_CONTAINER_TAG_LATEST: $DOCS_REGISTRY_IMAGE:latest
# Default to tag based on branch name
DOCS_CONTAINER_TAG: $DOCS_CONTAINER_TAG_BRANCH
# These folders are cached between builds
# http://docs.gitlab.com/ce/ci/yaml/README.html#cache
cache: &global_cache
untracked: true
key: "SHARED_CACHE-$CI_REGISTRY-$CI_PROJECT_NAMESPACE-$CI_PROJECT_NAME"
policy: pull-push
paths:
- "common/temp"
- "*/*/node_modules"
- "docs/node_modules"
- "/opt/aeppic/test/data/releases"
before_script:
## Prune .git checkout to ensure we have a clean shallow git state
## (this is only necessary if the gitlab runner was once checked out without
## --depth. In that case use this once.)
# - rm -rf .git
# - git init
# - git remote add origin "$CI_REPOSITORY_URL"
# - git fetch --depth=10 origin "$CI_COMMIT_REF_NAME"
# - git checkout -b "$CI_COMMIT_REF_NAME" FETCH_HEAD
# Set git user name and email.
- git config --global user.email "dev-ci@curasystems.de"
- git config --global user.name "Curasystems Dev-CI"
- if [ "$CI_COMMIT_BRANCH" == "master" ] || [ "$CI_COMMIT_BRANCH" == "main" ]; then git remote set-url origin "https://continuous-deployment:${CI_GIT_TOKEN}@${CI_SERVER_HOST}/${CI_PROJECT_PATH}.git" && echo "Allow push using token to ${CI_COMMIT_BRANCH}"; fi
- '[ ! -z "$PUBLISH_NPMRC" ] && cp "$PUBLISH_NPMRC" ~/.npmrc'
# Exceptions
#
# - Do not run when tags are sets
# - Do not run when commits done by rush (version/bumps)
# This is triggered by builds is done on the build server)
.exceptions: &default_except
refs:
- tags
variables:
- $CI_COMMIT_MESSAGE =~ /.*\[skip ci\].*/
.tags: &default_tags
- docker
stages:
- check
- build
# - documentation
- test
- deploy
# - publish
change_check:
stage: check
tags: *default_tags
cache:
<<: *global_cache
key: "$CI_JOB_TOKEN-change"
script:
- node common/scripts/install-run-rush.js change -b origin/master -v ||( echo "Changes not documented or an error finding merge-base with `git --no-optional-locks merge-base HEAD origin/master --` " && false)
build:
stage: build
tags: *default_tags
services:
- docker:dind
cache:
<<: *global_cache
policy: push
# except: *default_except
variables:
NODE_ENV: development
script:
- "echo Playwright installed at $PLAYWRIGHT_BROWSERS_PATH"
- "echo Installed browsers are: $(ls $PLAYWRIGHT_BROWSERS_PATH)"
- bash build/prepare.sh
- echo Install and link all project dependencies
- node common/scripts/install-run-rush.js install --bypass-policy
- source build/set-version.sh
# - export VERSION=$(bash build/get-version.sh)
- if [ "$CI_COMMIT_BRANCH" == "master" ] || [ "$CI_COMMIT_BRANCH" == "main" ]; then echo "Version $VERSION"; fi
# - node common/scripts/install-run-rush.js audit -j 2> packages-audit.json
# - node common/scripts/install-run-rush.js audit 2>&1 > packages-audit.txt
- node common/scripts/install-run-rush.js check-licenses 2>&1 > licenses.txt
- echo Build project
# - node common/scripts/install-run-rush.js rebuild --verbose
- node common/scripts/install-run-rush.js build --verbose
- echo Add content in /docs/src in case the build added or updated files
- git add docs/src
- git commit -m "Add content in /docs/src [skip ci]" || true
- echo Test project
# Add a sleep if something with testing goes wrong, we can then sudo `docker exec -it <container> /usr/bin/bash` into the container
# - sleep infinity
- DEBUG=pw:api node common/scripts/install-run-rush.js test:ci --verbose
# Need to login to docker registry to push images
# `docker build buildx` multiarch requires `--push` and pushes
# the multiarch build
- echo Prepare to login to Docker $CI_REGISTRY_USER
- echo $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
- echo Preparing image tag name
- if [ "$CI_COMMIT_BRANCH" == "master" ] || [ "$CI_COMMIT_BRANCH" == "main" ]; then export SERVER_CONTAINER_TAG="$SERVER_CONTAINER_TAG_LATEST"; fi
- if [ "$CI_COMMIT_BRANCH" == "master" ] || [ "$CI_COMMIT_BRANCH" == "main" ]; then export DOCS_CONTAINER_TAG="$DOCS_CONTAINER_TAG_LATEST"; fi
- echo Checking for multiplatform_builder
- if ! docker buildx ls | grep -q multiplatform_builder; then docker buildx create --name multiplatform_builder --driver docker-container || true; fi
- "echo 'Building server: $SERVER_CONTAINER_TAG'"
- cd server/server
- npm run image:build --docker-tag=$SERVER_CONTAINER_TAG
- cd ../..
- "echo 'Building documentation: $DOCS_CONTAINER_TAG'"
- cd docs
- npm run image:build --docker-tag=$DOCS_CONTAINER_TAG
- cd ..
- build/push-versioned-images.sh $VERSION
- echo Releasing packages and tag versions
- bash build/release-packages.sh
- echo Push all changes made during this build if on master or main
- if [ "$CI_COMMIT_BRANCH" == "master" ] || [ "$CI_COMMIT_BRANCH" == "main" ]; then git push -o ci.skip --tags https://continuous-deployment:${CI_GIT_TOKEN}@${CI_SERVER_HOST}/${CI_PROJECT_PATH}.git HEAD:$CI_COMMIT_BRANCH; fi
- build/upload-server.sh
- echo "Building rust workspace"
- cargo build --release
- build/upload-tools.sh
artifacts:
when: always
expire_in: 1 year
paths:
# - packages-audit.json
# - packages-audit.txt
- licenses.txt
- "*/*/dist"
- "*/*/release"
- "*/*/coverage"
- "*/*/test-results"
- "target/release"
reports:
junit: "*/*/test-results/**/*.xml"
sast: "**/gl-sast-report.json"
test:
stage: test
# cache:
# <<: *global_cache
# key: "$CI_JOB_TOKEN-test"
script:
- echo "Testing is included in previous build for cache read/write performance reasons."
- echo "We only need this stage for the security checks (see below)."
# deploy_staging:
# stage: deploy
# cache:
# <<: *global_cache
# only:
# - master
# - main
# script:
# - build/upload-server.sh
# environment:
# name: staging
# url: https://bizpin-master.exapris.de
include:
# - template: Security/SAST.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.ymlEnvironment
In order to have repeatable builds in the CI environment we use a docker image which is declared in
/ci/Dockerfile
and built with build.sh next to it. The build.sh requires a correct version number inside it and the .gitlab-ci.yml file also needs to reference it. It can only be referenced if it has also been pushed to the build server before of course.
GitLab CI
The .gitlab-ci.yml file is the main entry point for the CI pipeline. It is used to define the stages and jobs that are run in the CI pipeline. The pipeline is triggered on every push to the repository and on every merge request. Each successful build will also create an image in the Gitlab repository based on the branch name.
When it is triggered on the main/master branch it will also create a new release. All releases have a docker image pushed to the gitlab registry and a fully built downloadable tgz for use with @aeppic/install-server.
The default location for releases from the CI pipeline is https://get.aeppic.com where they get automatically tagged as latest. Releases from that location are used by the aeppic ansible infrastructure to deploy it to the customer servers.