include:
- remote: https://open.greenhost.net/stackspin/stackspin/raw/main/.gitlab/ci_templates/kaniko.yml
stages:
- build
- lint
- application-test
- integration-test
consent_provider:
stage: build
variables:
KANIKO_CONTEXT: "consent_provider"
KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
extends: .kaniko_build
only:
changes:
- consent_provider/**/*
- .gitlab-ci.yml
logout_provider:
stage: build
variables:
KANIKO_CONTEXT: "logout_provider"
KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
extends: .kaniko_build
only:
changes:
- logout_provider/**/*
- .gitlab-ci.yml
login_provider:
stage: build
variables:
KANIKO_CONTEXT: "login_provider"
KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
extends: .kaniko_build
only:
changes:
- login_provider/**/*
- .gitlab-ci.yml
integration_test_app:
stage: build
variables:
KANIKO_CONTEXT: "test/integration_tests"
KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
extends: .kaniko_build
only:
changes:
- test/integration_tests/**/*
- .gitlab-ci.yml
integration_test:
stage: build
variables:
KANIKO_CONTEXT: "test/integration_tests/test"
KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
extends: .kaniko_build
only:
changes:
- test/integration_tests/test/**/*
- test/integration_tests/test/Dockerfile
- .gitlab-ci.yml
pylint:
stage: build
variables:
KANIKO_CONTEXT: "test/lint/pylint"
KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
extends: .kaniko_build
only:
changes:
- test/lint/pylint/Dockerfile
- test/lint/pylint/requirements.txt
- .gitlab-ci.yml
behave-integration:
stage: integration-test
services:
- name: postgres:latest
alias: postgres
- name: ${CI_REGISTRY_IMAGE}/login_provider:${CI_COMMIT_REF_NAME}
alias: login
- name: ${CI_REGISTRY_IMAGE}/consent_provider:${CI_COMMIT_REF_NAME}
alias: consent
- name: ${CI_REGISTRY_IMAGE}/logout_provider:${CI_COMMIT_REF_NAME}
alias: logout
- name: docker.io/oryd/hydra:v1.8
alias: hydra
command:
- serve
- all
- --dangerous-force-http
- --dangerous-allow-insecure-redirect-urls
- "http://oidc:5000/callback"
- name: open.greenhost.net:4567/stackspin/user-panel/backend:main
alias: backend
- name: ${CI_REGISTRY_IMAGE}/integration_test_app:${CI_COMMIT_REF_NAME}
alias: oidc
variables:
# Feature Flag FF_NETWORK_PER_BUILD Enables creation of a docker network per build
# with the docker executor of the gitlab-runner. This is required for service
# interconnection. Requires gitlab-runner v12.9.0
FF_NETWORK_PER_BUILD: 1
DATABASE_HOST: "postgres"
URLS_LOGIN: "http://login:5000/login"
URLS_LOGOUT: "http://logout:5002/logout"
URLS_CONSENT: "http://consent:5001/consent"
URLS_SELF_ISSUER: "http://hydra:4444/"
BASE_URL: "http://hydra:4444/"
HYDRA_ADMIN_URL: "http://hydra:4445"
ACCESS_TOKEN_URL: "http://hydra:4444/oauth2/token"
AUTHORIZE_URL: "http://hydra:4444/oauth2/auth"
USERINFO_URL: "http://hydra:4444/userinfo"
GRAPHQL_URL: "http://backend:5000/graphql"
GIT_SUBMODULE_STRATEGY: "recursive"
TESTUSER_USERNAME: "testuser"
TESTUSER_USERNAME2: "testuser2"
TESTUSER_PASSWORD: "password"
TESTUSER_EMAIL: "testuser@example.net"
TESTUSER_EMAIL2: "testuser2@example.net"
ROLE: "admin"
DSN: "memory"
SECRETS_SYSTEM: "youReallyNeedToChangeThis"
DATABASE_USER: postgres
DATABASE_PASSWORD: secret
DATABASE_NAME: postgres
POSTGRES_PASSWORD: secret
POSTGRES_USER: postgres
POSTGRES_DB: postgres
OAUTHLIB_INSECURE_TRANSPORT: "true"
KEY: "testapp"
SECRET: "secret"
DEBUG: "true"
FLASK_ENV: "development"
image: ${CI_REGISTRY_IMAGE}/integration_test:${CI_COMMIT_REF_NAME}
script:
# Create user and application objects
- /bin/bash user-panel/backend/utils/create-user.bash ${TESTUSER_USERNAME} ${TESTUSER_PASSWORD} ${TESTUSER_EMAIL} backend:5000
- /bin/bash user-panel/backend/utils/create-user.bash ${TESTUSER_USERNAME2} ${TESTUSER_PASSWORD} ${TESTUSER_EMAIL2} backend:5000
- /bin/bash user-panel/backend/utils/create-application.bash ${KEY} "Application used for testing" backend:5000
- /bin/bash user-panel/backend/utils/create-role.bash ${ROLE} backend:5000
- /bin/bash user-panel/backend/utils/grant-access.bash ${TESTUSER_USERNAME} ${KEY} backend:5000
- /bin/bash user-panel/backend/utils/assign-role.bash ${TESTUSER_USERNAME} ${ROLE} backend:5000
# Wait for 60s for hydra to become available. Then create the oauth2 client object
- while [[ $HYDRAADMINSTATUS -ne "200" && 60 -ge $TIMER ]]; do HYDRAADMINSTATUS=`curl http://hydra:4445/health/ready -o /dev/null -w "%{http_code}"` || TIMER=$TIMER+5 && sleep 5 ; done
- /bin/bash test/create-hydra-client.bash ${KEY} ${SECRET} http://hydra:4445 http://oidc:5000/callback http://oidc:5000/ http://oidc:5000/logout
- cd test/integration_tests/test/behave/
- TIMER=0
- while [[ $HYDRASTATUS -ne "200" && 60 -ge $TIMER ]]; do HYDRASTATUS=`curl http://hydra:4444/health/ready -o /dev/null -w "%{http_code}"` || TIMER=$TIMER+5 && sleep 5 ; done
- >
python3 -m behave
-D headless=True
-D url=http://oidc:5000
-D username=${TESTUSER_USERNAME}
-D username2=${TESTUSER_USERNAME2}
-D password=${TESTUSER_PASSWORD}
-D email=${TESTUSER_EMAIL}
-D role=${ROLE}
artifacts:
paths:
- test/integration_tests/test/behave/screenshots/
expire_in: 1 month
when: on_failure
pylint-lint:
stage: lint
variables:
GIT_STRATEGY: clone
GIT_DEPTH: 0
PYLINT_PLUGINS: "pylint_flask pylint_flask_sqlalchemy"
image: ${CI_REGISTRY_IMAGE}/pylint:${CI_COMMIT_REF_NAME}
script:
- git branch -a
- darker -L pylint --diff --revision remotes/origin/main .