Skip to content
Snippets Groups Projects
Select Git revision
  • b1b45ede07d9cb480ff0ebc2dcf7de6e15e62307
  • main default
  • 139-remove-part-of-the-helm-chart-that-is-moved-to-the-dashboard-helmchart
  • 122-admin-logins-should-gain-admin-privileges
  • 116-allow-password-change-without-ssl-public-endpoint-in-startup-job
  • 114-create-development-scripts-for-reverse-proxy-solution
  • 110-enable-hydra-maester
  • 82-pylint-job-broken-2
  • 93-0.2.11
  • master protected
  • update-hydra
  • spike-use-kratos-as-identity-manager
  • merge_master_into_0.2
  • 56-fix-link-in-the-readme
  • 0.2
  • 40-replace-flask-oauth-with-oauthlib-in-test-login_logout
  • 45-update-user-panel-to-fix-jobs
  • 41-make-oauth2-client-data-persistent
  • force-https
  • 42-ldap-support
  • 33-wordpress-sso-admin-login-doesn-t-work
  • 0.8.0
  • 0.7.7
  • 0.7.6
  • 0.7.4
  • 0.7.1
  • 0.5.2
  • 0.5.0
  • 0.4.3
  • 0.4.2
  • 0.4.1
  • 0.4.0
  • 0.2.11
  • 0.2.10
  • 0.2.9
  • 0.2.8
  • 0.2.7
  • 0.2.6
  • 0.2.5
  • 0.2.4
  • 0.2.3
41 results

.gitlab-ci.yml

Blame
    • .gitlab-ci.yml 6.52 KiB 
    include:
  - remote: https://open.greenhost.net/stackspin/stackspin/raw/main/.gitlab/ci_templates/kaniko.yml

stages:
  - build
  # TODO: Re-enable after fixing #82
  - lint
  # TODO: Re-enable after fixing #73
  # - application-test
  - integration-test

#login_test:
#  image: python:3.8
#  stage: unittest
#  needs: []
#  variables:
#    HYDRA_ADMIN_URL: http://localhost/ignored
#    KRATOS_PUBLIC_URL: http://localhost/ignored
#    PUBLIC_URL: http://localhost/ignored
#  cache:
#    paths:
#      - "$CI_PROJECT_DIR/pip-cache"
#    key: "$CI_PROJECT_ID"
#    before_script:
#      - cd login
#      - python -V
#      - pip install -r requirements.txt
#    script:
#      - pytest -v --cov=login --cov-report=term --cov-report=xml tests
#    artifacts:
#      reports:
#        cobertura: login/coverage.xml
#    coverage: '/^TOTAL.+?(\d+\%)$/'



# Stackspin login panel
login:
  stage: build
  needs: []
  extends: .kaniko_build
  variables:
    KANIKO_CONTEXT: "login"
    KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
  before_script:
    - ls -l ${CI_PROJECT_DIR}/${KANIKO_CONTEXT:-.}/Dockerfile 
  only:
    changes:
      - login/**/*


# For full integration testing we need to build the full stack in CI/CD
#
# - postgres    : Backend database, the Dockerfile is based on the upstream
#                 with a small addition to create inital databases
# - kratos      : Identity manager, based on the upstream. We set the DSN
#                 in the Dockerimage, as its different from hydra's DSN, 
#                 however, gitlab-ci will apply the same enviroment for all
#                 services.
# - hydra       : See above, the identiy provider
# - login       : Our login panel
# - sso_testapp : A test app which implements OIDC for testing
# - behave      : Image to do behave testing

# Build our own postgres image, which is based on upstream
postgres:
  stage: build
  needs: []
  variables:
    KANIKO_CONTEXT: ".gitlab/ci/postgres"
        KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
  extends: .kaniko_build
  only:
    changes:
      - .gitlab/ci/postgres/**/*


# Build our own kratos image, which is based on upstream
kratos:
  stage: build
  needs: []
  variables:
    KANIKO_CONTEXT: ".gitlab/ci/kratos"
    KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
  extends: .kaniko_build
  only:
    changes:
      - .gitlab/ci/kratos/**/*

# Build our own hydra image, which is based on upstream
hydra:
  stage: build
  needs: []
  variables:
    KANIKO_CONTEXT: ".gitlab/ci/hydra"
    KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
  extends: .kaniko_build
  only:
    changes:
      - .gitlab/ci/hydra/**/*

# A Fake SSO app to test the behaviour
sso_testapp:
  stage: build
  variables:
    KANIKO_CONTEXT: "test/sso_testapp/"
    KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
  extends: .kaniko_build
  only:
    changes:
      - test/sso_testapp/**/*

# Image to test behaviour (web)
behave:
  stage: build
  variables:
    KANIKO_CONTEXT: "test/behave"
    KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
  extends: .kaniko_build
  only:
    changes:
      - test/behave/**/*



behave-integration:
  stage: integration-test
  services:
    - name: ${CI_REGISTRY_IMAGE}/postgres:${CI_COMMIT_REF_NAME}
      alias: postgres
    - name: ${CI_REGISTRY_IMAGE}/kratos:${CI_COMMIT_REF_NAME}
      alias: kratosmigrate
      command:
        - migrate
        - sql
        - -e
        - -y
    - name: ${CI_REGISTRY_IMAGE}/kratos:${CI_COMMIT_REF_NAME}
      alias: kratos
      command:
            - serve
        - --config
        - /etc/config/kratos.yaml
    - name: ${CI_REGISTRY_IMAGE}/hydra:${CI_COMMIT_REF_NAME}
      alias: hydramigrate
      command:
        - migrate
        - sql
        - -e
        - -y
    - name: ${CI_REGISTRY_IMAGE}/hydra:${CI_COMMIT_REF_NAME}
      alias: hydra
      command:
        - serve
        - all
        - --dangerous-force-http
        - --dangerous-allow-insecure-redirect-urls
        - http://oidc:5000/login
    - name: ${CI_REGISTRY_IMAGE}/login:${CI_COMMIT_REF_NAME}
      alias: oidc
    - name: ${CI_REGISTRY_IMAGE}/sso_testapp:${CI_COMMIT_REF_NAME}
      alias: ssoapp
  variables:
    # Feature Flag FF_NETWORK_PER_BUILD Enables creation of a docker network per build
    # with the docker executor of the gitlab-runner. This is required for service
    # interconnection. Requires gitlab-runner v12.9.0
    FF_NETWORK_PER_BUILD: 1
    OAUTHLIB_INSECURE_TRANSPORT: "true"
    # For hydra
    URLS_SELF_ISSUER: http://hydra:4445/
    URLS_CONSENT: http://oidc:5000/login
    URLS_LOGIN: http://oidc:5000/consent
    SECRETS_SYSTEM: RandomSecretForTesting
    # For postgres image
    POSTGRES_PASSWORD: postgres
    POSTGRES_USER: postgres
    POSTGRES_DB: postgres
    # For Login image
    FLASK_RUN_HOST: "0.0.0.0"
    FLASK_RUN_PORT: "5000"
    PUBLIC_URL: "http://localhost:5000/"
    HYDRA_ADMIN_URL: "http://hydra:4445"
    KRATOS_PUBLIC_URL: "http://kratos:4433"
    KRATOS_ADMIN_URL: "http://kratos:4434"
    DATABASE_URL: "postgresql://stackspin:stackspin@localhost/stackspin"
    APP_SETTINGS: "config.DevelopmentConfig"
    # General flask
    DEBUG: "true"
    FLASK_ENV: "development"
    # For sso test app
    BASE_URL: "http://hydra:4444/"
    KEY: "testapp"
    SECRET: "secret"
  image: ${CI_REGISTRY_IMAGE}/behave:${CI_COMMIT_REF_NAME}
  script:
    - curl -s http://hydra:4445/health/alive
    - curl -s http://kratos:4433/health/alive
    - curl -s http://oidc:5000/status
    # Steps to do:
    # - create user & access roles & grant access
    # - add client applition ID + key for testing
    # - test login etc

  artifacts:
    paths:
      - test/integration_tests/test/behave/screenshots/
    expire_in: 1 month
    when: on_failure


    # TODO: Fix https://open.greenhost.net/stackspin/single-sign-on/-/issues/82
#
pylint:
  stage: build
  variables:
    KANIKO_CONTEXT: "test/lint/pylint"
    KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
  extends: .kaniko_build
  only:
    changes:
      - test/lint/pylint/Dockerfile
      - test/lint/pylint/requirements.txt
      - .gitlab-ci.yml
#
# pylint-lint:
#   stage: lint
#   variables:
#     GIT_AUTHOR_NAME: "RUNNER"
#     GIT_AUTHOR_EMAIL: "runner@greenhost.net"
#     PYLINT_PLUGINS: "pylint_flask pylint_flask_sqlalchemy"
#   image: ${CI_REGISTRY_IMAGE}/pylint:${CI_COMMIT_REF_NAME}
#   script:
#     - echo "Reverting back to main to squash commits"
#     - git reset --soft main
#     - git lint

pylint-lint:
  stage: lint
  variables:
    GIT_STRATEGY: clone
    GIT_DEPTH: 0
    PYLINT_PLUGINS: "pylint_flask pylint_flask_sqlalchemy"
  image: ${CI_REGISTRY_IMAGE}/pylint:${CI_COMMIT_REF_NAME}
  script:
    - darker --check -i -L pylint --diff --revision remotes/origin/main .