Appearance
Overview
Contributions are currently only possible by curasystems GmbH.
Build process
The build process is handled via @microsoft/rush:
Once all dependencies are linked and the environment matches the following command does the build:
node common/scripts/install-run-rush.js build
During development the following command is more helpful:
node common/scripts/install-run-rush.js build:incremental
and if npm i -g @microsoft/rush was installed before you can shorten that to:
rush build:incremental
Dependencies
The .gitlab-ci.yml file shows all the other steps that need to be done initially too.
yaml
default:
image:
name: registry.dev.curasystems.com/aeppic/aeppic-full/ci:1.3.0
entrypoint: [""]
variables:
# The shallow clone depth must be deep enough to fetch the merge-base of the current branch and master
# we should not have branches with more than 100 commits between the current branch and master
GIT_DEPTH: "100"
DOCKER_HOST: unix:///var/run/docker.sock
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
CI_REGISTRY: registry.dev.curasystems.com
CI_REGISTRY_IMAGE: $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME
SERVER_REGISTRY_IMAGE: $CI_REGISTRY_IMAGE/server
SERVER_CONTAINER_TAG_BRANCH: $SERVER_REGISTRY_IMAGE:$CI_COMMIT_BRANCH
SERVER_CONTAINER_TAG_LATEST: $SERVER_REGISTRY_IMAGE:latest
SERVER_CONTAINER_TAG: $SERVER_CONTAINER_TAG_BRANCH
DOCS_REGISTRY_IMAGE: $CI_REGISTRY_IMAGE/docs
DOCS_CONTAINER_TAG_BRANCH: $DOCS_REGISTRY_IMAGE:$CI_COMMIT_BRANCH
DOCS_CONTAINER_TAG_LATEST: $DOCS_REGISTRY_IMAGE:latest
# Default to tag based on branch name
DOCS_CONTAINER_TAG: $DOCS_CONTAINER_TAG_BRANCH
# These folders are cached between builds
# http://docs.gitlab.com/ce/ci/yaml/README.html#cache
cache: &global_cache
untracked: true
key: "SHARED_CACHE-$CI_REGISTRY-$CI_PROJECT_NAMESPACE-$CI_PROJECT_NAME"
policy: pull-push
paths:
- "common/temp"
- "*/*/node_modules"
- "docs/node_modules"
- "/opt/aeppic/test/data/releases"
before_script:
## Prune .git checkout to ensure we have a clean shallow git state
## (this is only necessary if the gitlab runner was once checked out without
## --depth. In that case use this once.)
# - rm -rf .git
# - git init
# - git remote add origin "$CI_REPOSITORY_URL"
# - git fetch --depth=10 origin "$CI_COMMIT_REF_NAME"
# - git checkout -b "$CI_COMMIT_REF_NAME" FETCH_HEAD
# Set git user name and email.
- git config --global user.email "dev-ci@curasystems.de"
- git config --global user.name "Curasystems Dev-CI"
- if [ "$CI_COMMIT_BRANCH" == "master" ] || [ "$CI_COMMIT_BRANCH" == "main" ]; then git remote set-url origin "https://continuous-deployment:${CI_GIT_TOKEN}@${CI_SERVER_HOST}/${CI_PROJECT_PATH}.git" && echo "Allow push using token to ${CI_COMMIT_BRANCH}"; fi
- '[ ! -z "$PUBLISH_NPMRC" ] && cp "$PUBLISH_NPMRC" ~/.npmrc'
# Exceptions
#
# - Do not run when tags are sets
# - Do not run when commits done by rush (version/bumps)
# This is triggered by builds is done on the build server)
.exceptions: &default_except
refs:
- tags
variables:
- $CI_COMMIT_MESSAGE =~ /.*\[skip ci\].*/
.tags: &default_tags
- docker
stages:
- check
- build
# - documentation
- test
- deploy
# - publish
change_check:
stage: check
tags: *default_tags
cache:
<<: *global_cache
key: "$CI_JOB_TOKEN-change"
script:
- node common/scripts/install-run-rush.js change -b origin/master -v ||( echo "Changes not documented or an error finding merge-base with `git --no-optional-locks merge-base HEAD origin/master --` " && false)
build:
stage: build
tags: *default_tags
services:
- docker:dind
cache:
<<: *global_cache
policy: push
# except: *default_except
variables:
NODE_ENV: development
script:
- "echo Playwright installed at $PLAYWRIGHT_BROWSERS_PATH"
- "echo Installed browsers are: $(ls $PLAYWRIGHT_BROWSERS_PATH)"
- bash build/prepare.sh
- echo Install and link all project dependencies
- node common/scripts/install-run-rush.js install --bypass-policy
- source build/set-version.sh
# - export VERSION=$(bash build/get-version.sh)
- if [ "$CI_COMMIT_BRANCH" == "master" ] || [ "$CI_COMMIT_BRANCH" == "main" ]; then echo "Version $VERSION"; fi
# - node common/scripts/install-run-rush.js audit -j 2> packages-audit.json
# - node common/scripts/install-run-rush.js audit 2>&1 > packages-audit.txt
- node common/scripts/install-run-rush.js check-licenses 2>&1 > licenses.txt
- echo Build project
# - node common/scripts/install-run-rush.js rebuild --verbose
- node common/scripts/install-run-rush.js build --verbose
- echo Add content in /docs/src in case the build added or updated files
- git add docs/src
- git commit -m "Add content in /docs/src [skip ci]" || true
- echo Test project
# Add a sleep if something with testing goes wrong, we can then sudo `docker exec -it <container> /usr/bin/bash` into the container
# - sleep infinity
- DEBUG=pw:api node common/scripts/install-run-rush.js test:ci --verbose
# Need to login to docker registry to push images
# `docker build buildx` multiarch requires `--push` and pushes
# the multiarch build
- echo Prepare to login to Docker $CI_REGISTRY_USER
- echo $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
- echo Preparing image tag name
- if [ "$CI_COMMIT_BRANCH" == "master" ] || [ "$CI_COMMIT_BRANCH" == "main" ]; then export SERVER_CONTAINER_TAG="$SERVER_CONTAINER_TAG_LATEST"; fi
- if [ "$CI_COMMIT_BRANCH" == "master" ] || [ "$CI_COMMIT_BRANCH" == "main" ]; then export DOCS_CONTAINER_TAG="$DOCS_CONTAINER_TAG_LATEST"; fi
- echo Checking for multiplatform_builder
- if ! docker buildx ls | grep -q multiplatform_builder; then docker buildx create --name multiplatform_builder --driver docker-container || true; fi
- "echo 'Building server: $SERVER_CONTAINER_TAG'"
- cd server/server
- npm run image:build --docker-tag=$SERVER_CONTAINER_TAG
- cd ../..
- "echo 'Building documentation: $DOCS_CONTAINER_TAG'"
- cd docs
- npm run image:build --docker-tag=$DOCS_CONTAINER_TAG
- cd ..
- build/push-versioned-images.sh $VERSION
- echo Releasing packages and tag versions
- bash build/release-packages.sh
- echo Push all changes made during this build if on master or main
- if [ "$CI_COMMIT_BRANCH" == "master" ] || [ "$CI_COMMIT_BRANCH" == "main" ]; then git push -o ci.skip --tags https://continuous-deployment:${CI_GIT_TOKEN}@${CI_SERVER_HOST}/${CI_PROJECT_PATH}.git HEAD:$CI_COMMIT_BRANCH; fi
- build/upload-server.sh
- echo "Building rust workspace"
- cargo build --release
- build/upload-tools.sh
artifacts:
when: always
expire_in: 1 year
paths:
# - packages-audit.json
# - packages-audit.txt
- licenses.txt
- "*/*/dist"
- "*/*/release"
- "*/*/coverage"
- "*/*/test-results"
- "target/release"
reports:
junit: "*/*/test-results/**/*.xml"
sast: "**/gl-sast-report.json"
test:
stage: test
# cache:
# <<: *global_cache
# key: "$CI_JOB_TOKEN-test"
script:
- echo "Testing is included in previous build for cache read/write performance reasons."
- echo "We only need this stage for the security checks (see below)."
# deploy_staging:
# stage: deploy
# cache:
# <<: *global_cache
# only:
# - master
# - main
# script:
# - build/upload-server.sh
# environment:
# name: staging
# url: https://bizpin-master.exapris.de
include:
# - template: Security/SAST.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.ymlEnvironment
In order to have repeatable builds in the CI environment we use a docker image which is declared in
/ci/Dockerfile
and built with build.sh next to it. The build.sh requires a correct version number inside it and the .gitlab-ci.yml file also needs to reference it. It can only be referenced if it has also been pushed to the build server before of course.