Newer
Older
- remote: https://open.greenhost.net/stackspin/stackspin/raw/main/.gitlab/ci_templates/kaniko.yml
# TODO: Re-enable after fixing #82
# - lint
#login_test:
# image: python:3.8
# stage: unittest
# needs: []
# variables:
# HYDRA_ADMIN_URL: http://localhost/ignored
# KRATOS_PUBLIC_URL: http://localhost/ignored
# PUBLIC_URL: http://localhost/ignored
# cache:
# paths:
# - "$CI_PROJECT_DIR/pip-cache"
# key: "$CI_PROJECT_ID"
# before_script:
# - cd login
# - python -V
# - pip install -r requirements.txt
# script:
# - pytest -v --cov=login --cov-report=term --cov-report=xml tests
# artifacts:
# reports:
# cobertura: login/coverage.xml
# coverage: '/^TOTAL.+?(\d+\%)$/'
- ls -l ${CI_PROJECT_DIR}/${KANIKO_CONTEXT:-.}/Dockerfile
# A Fake SSO app to test the behaviour
stage: build-test-images
variables:
KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
extends: .kaniko_build
only:
changes:
stage: build-test-images
variables:
KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
extends: .kaniko_build
only:
changes:
#pylint:
# stage: build-test-images
# variables:
# KANIKO_CONTEXT: "test/lint/pylint"
# KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
# extends: .kaniko_build
# only:
# changes:
# - test/lint/pylint/Dockerfile
# - test/lint/pylint/requirements.txt
# - .gitlab-ci.yml
postgres:
stage: build
needs: []
variables:
KANIKO_CONTEXT: "postgres"
KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
extends: .kaniko_build
kratos:
stage: build
needs: []
variables:
KANIKO_CONTEXT: "kratos"
KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
extends: .kaniko_build
hydra:
stage: build
needs: []
variables:
KANIKO_CONTEXT: "hydra"
KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
extends: .kaniko_build
behave-integration:
stage: integration-test
services:
- name: ${CI_REGISTRY_IMAGE}/postgres:${CI_COMMIT_REF_NAME}
- name: ${CI_REGISTRY_IMAGE}/kratos:${CI_COMMIT_REF_NAME}
command:
- migrate
- sql
- -e
- -y
- name: ${CI_REGISTRY_IMAGE}/kratos:${CI_COMMIT_REF_NAME}
command:
- serve
- --config
- /etc/config/kratos.yaml
- name: ${CI_REGISTRY_IMAGE}/hydra:${CI_COMMIT_REF_NAME}
- name: ${CI_REGISTRY_IMAGE}/hydra:${CI_COMMIT_REF_NAME}
alias: hydra
command:
- all
- --dangerous-force-http
- --dangerous-allow-insecure-redirect-urls
- http://oidc:5000/login
- name: ${CI_REGISTRY_IMAGE}/login:${CI_COMMIT_REF_NAME}
- name: ${CI_REGISTRY_IMAGE}/sso_testapp:${CI_COMMIT_REF_NAME}
# Feature Flag FF_NETWORK_PER_BUILD Enables creation of a docker network per build
# with the docker executor of the gitlab-runner. This is required for service
# interconnection. Requires gitlab-runner v12.9.0
GIT_SUBMODULE_STRATEGY: "recursive"
OAUTHLIB_INSECURE_TRANSPORT: "true"
# For login panel
FLASK_RUN_HOST: "0.0.0.0"
FLASK_RUN_PORT: "5000"
HYDRA_ADMIN_URL: "http://hydra:4445"
KRATOS_PUBLIC_URL: "http://kratos:4433"
KRATOS_ADMIN_URL: "http://kratos:4434"
PUBLIC_URL: "http://localhost:5000/"
DATABASE_URL: "postgres://postgres:postgres@postgres/postgres"
# For hydra & kratos
# For hydra
URLS_SELF_ISSUER: http://localhost/
URLS_CONSENT: http://oidc:5000/login
URLS_LOGIN: http://oidc:5000/consent
# For postgres image
POSTGRES_PASSWORD: postgres
POSTGRES_USER: postgres
POSTGRES_DB: postgres
# General flask
DEBUG: "true"
FLASK_ENV: "development"
# Others and old
ACCESS_TOKEN_URL: "http://hydra:4444/oauth2/token"
AUTHORIZE_URL: "http://hydra:4444/oauth2/auth"
USERINFO_URL: "http://hydra:4444/userinfo"
# General
image: ${CI_REGISTRY_IMAGE}/behave:${CI_COMMIT_REF_NAME}
- curl http://hydra:4445/health/alive
- curl http://kratos:4433/health/alive
# Steps to do:
# - create user & access roles & grant access
# - add client applition ID + key for testing
# - test login etc
# TODO: Fix https://open.greenhost.net/stackspin/single-sign-on/-/issues/82
#
# pylint-lint:
# stage: lint
# variables:
# GIT_AUTHOR_NAME: "RUNNER"
# GIT_AUTHOR_EMAIL: "runner@greenhost.net"
# PYLINT_PLUGINS: "pylint_flask pylint_flask_sqlalchemy"
# image: ${CI_REGISTRY_IMAGE}/pylint:${CI_COMMIT_REF_NAME}
# script:
# - echo "Reverting back to main to squash commits"
# - git reset --soft main