variables: POSTGRES_DB: thalia POSTGRES_USER: postgres POSTGRES_PASSWORD: "" # https://hub.docker.com/r/thalia/python-thalia/ # https://github.com/thaliawww/python-thalia # Should get auto-updated with the official 'python' repository # Installs: # - pip: coverage, poetry # - apt: ghostscript PY37_IMAGE: thalia/python-thalia:3.7 PY38_IMAGE: thalia/python-thalia:3.8 PIP_CACHE_DIR: "${CI_PROJECT_DIR}/pip-cache" stages: - test - deploy codestyle: stage: test image: $PY37_IMAGE before_script: - poetry install --no-interaction script: - black --check . # Check for obsolete translations in .po files (starting with `#~`). - cd website - grep --include="*.po" --files-with-matches --recursive "^#~" && exit 1 || echo "No obsolete translations found." # Check for untranslated strings in .po files - empty_strings=$(sed '$a\\' **/locale/nl/LC_MESSAGES/django.po | tac | sed '/^$/N;/\nmsgstr ""$/,/^msgid/!d' | tac) - empty_strings+=$(sed '$a\\' locale/nl/LC_MESSAGES/django.po | tac | sed '/^$/N;/\nmsgstr ""$/,/^msgid/!d' | tac) - if [[ $empty_strings ]]; then echo $empty_strings && exit 1; else echo "No untranslated strings found."; fi # Check for fuzzy translations in .po files - grep --include="*.po" --files-with-matches --recursive "#, fuzzy" && exit 1 || echo "No fuzzy translations found." .djangotest: &djangotest stage: test services: - postgres:latest before_script: - git log -1 - poetry install --no-interaction script: - cd website - poetry run python manage.py check - poetry run python manage.py templatecheck --project-only - poetry run python manage.py makemigrations --no-input --check --dry-run - poetry run python -Wall -mcoverage run manage.py test - coverage report --fail-under=100 --omit registrations/urls.py registrations/**.py - coverage report --fail-under=100 --omit payments/urls.py payments/**.py - coverage report python37-django22: <<: *djangotest image: $PY37_IMAGE after_script: - cd website - coverage html --directory=covhtml --title="${CI_COMMIT_REF_SLUG} Coverage Report" artifacts: paths: - website/covhtml/ python38-django22: <<: *djangotest image: $PY38_IMAGE allow_failure: true .sshsetup: &sshsetup before_script: - mkdir -p ~/.ssh - echo "$IVO_KNOWN_HOST" > ~/.ssh/known_hosts - echo "$COVERAGE_DEPLOY_SSH_KEY" > ~/.ssh/id_coverage - echo "$DOCS_DEPLOY_SSH_KEY" > ~/.ssh/id_docs - chmod 0600 ~/.ssh/id_* - apt-get update - apt-get install -y openssh-client coverage deploy: stage: deploy image: debian:stretch dependencies: - python37-django22 environment: name: coverage/${CI_COMMIT_REF_NAME} url: https://coverage.technicie.nl/${CI_COMMIT_REF_SLUG}/ on_stop: coverage remove <<: *sshsetup script: - | sftp -i ~/.ssh/id_coverage coveragewww@ivo.thalia.nu -b <- instanceids=$( aws --region eu-west-1 ec2 describe-instances --filters "Name=tag:Name,Values=concrexit-review-${CI_COMMIT_REF_SLUG}" | jq --raw-output '.Reservations|map(.Instances[0].InstanceId)|join(" ")' ) - aws --region eu-west-1 ec2 terminate-instances --instance-ids ${instanceids} || true review: stage: deploy environment: name: review/${CI_COMMIT_REF_NAME} url: https://${CI_COMMIT_REF_SLUG}.review.technicie.nl/ on_stop: review remove extends: .reviewsetup script: - username=$(head /dev/urandom | tr -dc 'a-z' | head -c 10) - password=$(head /dev/urandom | tr -dc 'a-zA-Z' | head -c 32) - echo -e "When the deployment is done, you can login with:\n$username\n$password" - >- sed -i -e "s/@version@/$CI_COMMIT_SHA/g" -e "s/@username@/$username/g" -e "s/@password@/$password/g" ./resources/ec2-bootstrap.sh - >- instanceid=$( aws --region eu-west-1 ec2 run-instances --count 1 --instance-type t2.micro --tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=concrexit-review-${CI_COMMIT_REF_SLUG}}]" --launch-template LaunchTemplateId=lt-03762fc23450c2471,Version=1 --user-data file://resources/ec2-bootstrap.sh | jq --raw-output '.Instances[0].InstanceId' ) - aws --region eu-west-1 ec2 wait instance-running --instance-ids ${instanceid} - ipaddress=$(aws --region eu-west-1 ec2 describe-instances --instance-ids ${instanceid} | jq --raw-output '.Reservations[0].Instances[0].PublicIpAddress') - | cat > add-record.json < change-record.json <- changeinfoid=$( ( aws --region eu-west-1 route53 change-resource-record-sets --hosted-zone-id Z072013523EW763CDQ8K4 --change-batch file://add-record.json || aws --region eu-west-1 route53 change-resource-record-sets --hosted-zone-id Z072013523EW763CDQ8K4 --change-batch file://change-record.json ) | jq --raw-output '.ChangeInfo.Id' ) - aws --region eu-west-1 route53 wait resource-record-sets-changed --id ${changeinfoid} review remove: stage: deploy environment: name: review/${CI_COMMIT_REF_NAME} action: stop variables: GIT_STRATEGY: none extends: .reviewsetup script: - >- aws --region eu-west-1 route53 list-resource-record-sets --hosted-zone-id Z072013523EW763CDQ8K4 --query "ResourceRecordSets[?Name == '${CI_COMMIT_REF_SLUG}.review.technicie.nl.']" | jq '{"Comment": "DELETE review deployment record", "Changes": map({"Action": "DELETE", "ResourceRecordSet": .})}' > remove-record.json - aws --region eu-west-1 route53 change-resource-record-sets --hosted-zone-id Z072013523EW763CDQ8K4 --change-batch file://remove-record.json || true build production docker image: extends: build docker image only: - tags except: - master after_script: - docker tag $DOCKER_TAG $DOCKER_TAG_PRODUCTION - docker tag $DOCKER_TAG $DOCKER_LATEST - docker push $DOCKER_TAG_PRODUCTION - docker push $DOCKER_LATEST variables: DOCKER_TAG_PRODUCTION: registry.hub.docker.com/thalia/concrexit:$CI_COMMIT_TAG DEV_REQUIREMENTS: 0 cache: key: "$CI_JOB_NAME" paths: - "${PIP_CACHE_DIR}" # vim: set sw=2 ts=2 et :