paul/gilde-ci-cd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'Templates2.0' into 'master'

Browse Source 
Templates2.0

See merge request gilden/ci/gitlab-ci-templates!72
This commit is contained in:
Marcel Feix 2022-07-08 08:27:52 +00:00
commit 4583c40b91
122 changed files with 1982 additions and 1307 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
.gitlab-ci.yml
View File

@ -1,23 +1,52 @@
stages:
- test
- generate-docs
- verify
- docs
- release
include:
- local: 'release-template.gitlab-ci.yml'
- local: 'tool-documentation.gitlab-ci.yml'
- local: 'templates/releasing/release.gitlab-ci.yml'
- local: 'templates/releasing/release-gitlab.gitlab-ci.yml'
- local: 'templates/documentations/documentation.gitlab-ci.yml'
Test-Java-Backend:
stage: test
stage: verify
rules:
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
when: always
- when: never
- when: manual
trigger:
project: gilden/ci/java-backend-template
branch: "Templates2.0"
strategy: depend
Test-Docker-compose:
stage: verify
rules:
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
when: always
- if: $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH
when: always
- when: manual
trigger:
strategy: depend
include:
- local: "test/docker/test-docker-compose.gitlab-ci.yml"
Test-Dind:
stage: verify
rules:
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
when: always
- if: $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH
when: always
- when: manual
trigger:
strategy: depend
include:
- local: "test/docker/test-dind.gitlab-ci.yml"
check_confluence_validity:
extends: .documentation-check-confluence-validity
variables:
DOCUMENT_ROOT: "documentation"
INPUT_FILE: "document.adoc"
@ -28,48 +57,41 @@ check_confluence_validity:
TEXT_GENERATED_HINT: '<ac:structured-macro ac:name="warning"><ac:parameter ac:name="title" /><ac:rich-text-body>This is a generated page, do not edit! All changes must happen in the <a href="${CI_PROJECT_URL}">Repository</a>
.</ac:rich-text-body></ac:structured-macro>'
FILE_INPUT: "index.html,107524048,CI Templates"
extends: .check_confluence_validity-template
pages:
extends: .documentation-publish
variables:
DOCUMENT_ROOT: "documentation"
INPUT_FILE: "document.adoc"
IMAGES_DIR: images
CREATE_SUB_PAGES: "false"
PAGE_PREFIX: "[CI/CD] - "
PAGE_PREFIX: "[CI/CD] - [2.0] - "
CONFLUENCE_SPACE: RANDI
TEXT_GENERATED_HINT: '<ac:structured-macro ac:name="warning"><ac:parameter ac:name="title" /><ac:rich-text-body>This is a generated page, do not edit! All changes must happen in the <a href="${CI_PROJECT_URL}">Repository</a>
.</ac:rich-text-body></ac:structured-macro>'
FILE_INPUT: "index.html,107524048,CI Templates"
extends: .pages-template
FILE_INPUT: "index.html,107524048,CI Templates 2.0"
rules:
- if: $CI_COMMIT_REF_NAME == 'Templates2.0'
when: always
.release-template:
trigger:
include: pipelines/update-version-pipeline.gitlab-ci.yml
strategy: depend
a.major-release:
extends: .release-template
extends:
- .release-default
variables:
BUMP_VERSION: "major"
b.minor-release:
extends: .release-template
extends:
- .release-default
variables:
BUMP_VERSION: "minor"
c.patch-release:
extends: .release-template
extends:
- .release-default
variables:
BUMP_VERSION: "patch"
d.prerelease-release:
extends: .release-template
variables:
BUMP_VERSION: "prerelease"
e.build-release:
extends: .release-template
variables:
BUMP_VERSION: "build"
create-gitlab-release:
extends: .release-create-gitlab

3
.idea/misc.xml
View File

@ -3,4 +3,7 @@
<component name="ProjectRootManager">
<output url="file://$PROJECT_DIR$/out" />
</component>
<component name="ProjectType">
<option name="id" value="jpab" />
</component>
</project>

51
STD-variablen-Template.gitlab-ci.yml
View File

@ -1,51 +0,0 @@
stages:
- dependencies
- build
- test
- set-version
- publish
- post-process
- package
cache:
key: "$CI_JOB_NAME"
paths:
# Cache Maven
- .m2/repository
# Cache NPM
- $FRONTEND_DIR/dist
# Cache Gradle
- .gradle
- build
variables:
CI_REGISTRY: gitlab.exxcellent.de:4567
##NPM / Node Settings
NODE_IMAGE: node:16-alpine3.15
##Global Variables we use in our CI scripts when using maven
MAVEN_IMAGE: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-java-maven-base-image:java11-maven3.8.3_latest
MAVEN_OPTS: >
-Dhttps.protocols=TLSv1.2
-Dmaven.repo.local=$CI_PROJECT_DIR/.m2/repository
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN
-Dorg.slf4j.simpleLogger.showDateTime=true
-Djava.awt.headless=true
MAVEN_CLI_OPTS: >
--batch-mode
--errors
--fail-at-end
--show-version
-DinstallAtEnd=true
-DdeployAtEnd=true
##Global Variables we use in our CI scripts when using Gradle
GRADLE_OPTS: "-Dorg.gradle.daemon=false"
GRADLE_IMAGE: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-java-maven-base-image:java11-maven3.8.3_latest
# Currently we use the Maven image and use the Gradle Wrapper. This is slower but saver at the moment
##Set default directories for frontend and backend templates
FRONTEND_DIR: $CI_PROJECT_DIR
BACKEND_DIR: $CI_PROJECT_DIR

30
container-publish-snapshot.gitlab-ci.yml
View File

@ -1,30 +0,0 @@
include:
- local: 'container-publish.gitlab-ci.yml'
.container-publish-snapshot-rules: &container-publish-snapshot-rules
stage: snapshot
rules:
- if: "$CI_PIPELINE_SOURCE == 'merge_request_event'"
when: never
- if: '$CI_COMMIT_REF_NAME =~ /^feature/'
variables:
IMAGE_TAG: $CI_COMMIT_REF_SLUG
- if: '$CI_COMMIT_REF_NAME =~ /^refactor/'
variables:
IMAGE_TAG: $CI_COMMIT_REF_SLUG
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
variables:
IMAGE_TAG: "latest"
- when: never
.publish-image-jib-maven-snapshot:
<<: *container-publish-snapshot-rules
extends: .publish-image-jib-maven
.publish-image-jib-gradle-snapshot:
<<: *container-publish-snapshot-rules
extends: .publish-image-jib-gradle
.publish-image-kaniko-snapshot:
<<: *container-publish-snapshot-rules
extends: .publish-image-kaniko

68
container-publish.gitlab-ci.yml
View File

@ -1,68 +0,0 @@
.container-publish-common-variables: &container-publish-common-variables
DOCKER_REGISTRY: $CI_REGISTRY_IMAGE
DOCKER_REGISTRY_USER: $CI_REGISTRY_USER
DOCKER_REGISTRY_PASSWORD: $CI_REGISTRY_PASSWORD
EXTRA_ARGS: ""
USE_VERSIONFILE: "false"
ARTIFACT: "version"
.container-publish-common: &container-publish-common
before_script:
- if [ "$USE_VERSIONFILE" == "true" ]; then IMAGE_TAG=$(cat ./"$ARTIFACT"); fi
- export PARSED_VERSION=$(echo $IMAGE_TAG | sed -r 's/\+/_/g') # Replace + sign since this is not valid in a docker tag
- echo $PARSED_VERSION
stage: package
rules:
- if: $CI_COMMIT_TAG
variables:
IMAGE_TAG: $CI_COMMIT_TAG
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
variables:
USE_VERSIONFILE: "true"
- when: never
.publish-image-jib-maven:
image: $MAVEN_IMAGE
<<: *container-publish-common
variables:
<<: *container-publish-common-variables
MVN_VERSION: "true"
script:
- >
if [ "${MVN_VERSION}" == "true" ]; then
mvn versions:set -DnewVersion=$PARSED_VERSION -DgenerateBackupPoms=false
fi
- mvn $MAVEN_CLI_OPTS compile jib:build $EXTRA_ARGS
"-DskipTests"
"-Djib.to.image=$DOCKER_REGISTRY:$PARSED_VERSION"
"-Djib.to.auth.username=$DOCKER_REGISTRY_USER"
"-Djib.to.auth.password=$DOCKER_REGISTRY_PASSWORD"
.publish-image-jib-gradle:
image: $GRADLE_IMAGE
<<: *container-publish-common
variables:
<<: *container-publish-common-variables
EXTRA_ARGS: $GRADLE_EXTRA_ARGS
script:
- echo $PARSED_VERSION
- ./gradlew assemble jib $GRADLE_CLI_OPTS $EXTRA_ARGS
"-DskipTests"
"-Djib.to.image=$DOCKER_REGISTRY:$PARSED_VERSION""
"-Djib.to.auth.username=$DOCKER_REGISTRY_USER"
"-Djib.to.auth.password=$DOCKER_REGISTRY_PASSWORD"
.publish-image-kaniko:
image:
name: gcr.io/kaniko-project/executor:v1.6.0-debug
entrypoint: [ "" ]
<<: *container-publish-common
variables:
<<: *container-publish-common-variables
PROJECT_DIR: $CI_PROJECT_DIR
DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile
CONTEXT_LOCATION: $CI_PROJECT_DIR
script:
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"$DOCKER_REGISTRY\":{\"username\":\"$DOCKER_REGISTRY_USER\",\"password\":\"$DOCKER_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
- /kaniko/executor --context $CONTEXT_LOCATION --dockerfile $DOCKERFILE_LOCATION --destination $CI_REGISTRY_IMAGE:$PARSED_VERSION $EXTRA_ARGS --registry-mirror nexus.corp.exxcellent.de:18000 --skip-tls-verify-registry nexus.corp.exxcellent.de:18000 --skip-tls-verify

69
container-scan.gitlab-ci.yml
View File

@ -1,69 +0,0 @@
.scan-container-jib:
image: $MAVEN_IMAGE
stage: test
variables:
TRIVY_VERSION: 0.25.1
EXITCODE: 1
TRIVY_EXTRA_ARGS: "--no-progress --ignore-unfixed"
before_script:
- curl -L "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" --output trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
- tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
script:
- mvn $MAVEN_CLI_OPTS compile jib:buildTar -DskipTests
- ./trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code 0 --severity HIGH,CRITICAL --format template --template "@contrib/junit.tpl" -o junit-report.xml --input target/jib-image.tar
- ./trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code $EXITCODE --severity HIGH,CRITICAL --input target/jib-image.tar
cache:
paths:
- .trivycache/
artifacts:
reports:
junit: junit-report.xml
.scan-container-jib-gradle:
image: $GRADLE_IMAGE
stage: test
variables:
TRIVY_VERSION: 0.25.1
EXITCODE: 1
PROJECT_DIR: $CI_PROJECT_DIR/build
TRIVY_EXTRA_ARGS: "--no-progress --ignore-unfixed"
before_script:
- export GRADLE_USER_HOME=`pwd`/.gradle
- curl -L "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" --output trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
- tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
script:
- ./gradlew $GRADLE_CLI_OPTS jibBuildTar -DskipTests
- ./trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code 0 --severity HIGH,CRITICAL --format template --template "@contrib/junit.tpl" -o junit-report.xml --input $PROJECT_DIR/jib-image.tar
- ./trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code $EXITCODE --severity HIGH,CRITICAL --input $PROJECT_DIR/jib-image.tar
cache:
paths:
- .trivycache/
artifacts:
reports:
junit: junit-report.xml
.scan-container-kaniko:
stage: test
image:
name: gcr.io/kaniko-project/executor:v1.6.0-debug
entrypoint: [ "" ]
variables:
TRIVY_VERSION: 0.25.1
PROJECT_DIR: $CI_PROJECT_DIR
DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile
CONTEXT_LOCATION: $CI_PROJECT_DIR
EXITCODE: 1
TRIVY_EXTRA_ARGS: "--no-progress --ignore-unfixed"
before_script:
- wget "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz"
- tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
script:
- /kaniko/executor --context $CONTEXT_LOCATION --dockerfile $DOCKERFILE_LOCATION $KANIKO_EXTRA_ARGS --cache-dir cache/image --tarPath image.tar --no-push --destination image --registry-mirror nexus.corp.exxcellent.de:18000 --skip-tls-verify-registry nexus.corp.exxcellent.de:18000 --skip-tls-verify
- ./trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code 0 --severity HIGH,CRITICAL --format template --template "@contrib/junit.tpl" -o junit-report.xml --input image.tar
- ./trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code $EXITCODE --severity HIGH,CRITICAL --input image.tar
cache:
paths:
- .trivycache/
artifacts:
reports:
junit: junit-report.xml

28
docker-compose-deploy.gitlab-ci.yml
View File

@ -1,28 +0,0 @@
.docker-compose-deploy:
image: docker/compose:alpine-1.29.1
stage: deploy
variables:
SCP_DESTINATION: ""
SCP_SOURCE: $CI_PROJECT_DIR
COMPOSE_EXTRA_ARGS: ""
SSH_URL: ""
SSH_USER: ""
DOCKER_REGISTRY: "$CI_REGISTRY"
ENV_SETUP_FILE: "setup_env.sh"
SSH_PRIVATE_KEY_DEPLOY: $SSH_PRIVATE_KEY
rules:
- when: manual
# https://docs.gitlab.com/ee/ci/ssh_keys/
before_script:
- if [ -f "$ENV_SETUP_FILE" ]; then chmod +x ./$ENV_SETUP_FILE; ./$ENV_SETUP_FILE; fi
- 'command -v ssh-agent >/dev/null || ( apk --update add openssh-client )'
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY_DEPLOY" | tr -d '\r' | ssh-add -
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
# Add keys to known hosts for Docker Compose
- ssh-keyscan $SSH_URL >> ~/.ssh/known_hosts
- if [[ -n "$DOCKER_REGISTRY" ]]; then echo "$DOCKER_REGISTRY_PASS" | docker login $DOCKER_REGISTRY --username $DOCKER_REGISTRY_USER --password-stdin; fi
script:
- if [[ -n "$SCP_SOURCE" && -n "$SCP_DESTINATION" ]]; then scp -rp $SCP_SOURCE $SSH_USER@$SSH_URL:$SCP_DESTINATION; fi
- DOCKER_HOST=ssh://$SSH_USER@$SSH_URL docker-compose $COMPOSE_EXTRA_ARGS up -d --remove-orphans

5
docker-compose-validate.gitlab-ci.yml
View File

@ -1,5 +0,0 @@
.docker-compose-validate:
image: docker/compose:alpine-1.29.1
stage: test
script:
- docker-compose $COMPOSE_EXTRA_ARGS config

71
documentation/chapters/generalInformation.adoc
View File

@ -1,71 +0,0 @@
:sourcedir: ../../
= General Information
== Templates und Pipelines
In dieser Repository sind Templates und Pipeline-Templates zu finden.
Templates sind vorgefertigte Jobs die jeweils einen Use-Case abbilden sollen und direkt importiert werde können.
Da eine CI jedoch aus Pipelines besteht und Gitlab die Möglichkeit Multiprojekt- und child-Pipelines zu benutzen werden hier auch vorgefertigte bereit gestellt.
Diese Pipeline-Templates bilden komplexere Use-Cases ab.
Pipelines sind in dem dafür vorgesehenen Pipeline Ordner zu finden.
== Wie können Templates benutzt werden
Um die Templates in deinem Projekt zu benutzten musst du folgendes machen:
1. `Include` das Template file in deinem `.gitlab-ci.yaml` File.
2. Jetzt kannst du `extend` benutzen, um das Template zu integrieren.
Es ist möglich weitere Veränderungen vorzunehmen.
[source,yaml]
----
stages:
- test-image
include:
- project: 'gilden/ci/gitlab-ci-templates'
ref: '1.0.0'
file:
- 'maven-build-template.gitlab-ci.yml'
- 'maven-dependencies-template.gitlab-ci.yml'
- 'maven-verify-template.gitlab-ci.yml'
- 'npm-build-template.gitlab-ci.yml'
- 'npm-dependencies-template.gitlab-ci.yml'
- 'npm-lint-template.gitlab-ci.yml'
- 'npm-test-template.gitlab-ci.yml'
- 'container-publish.gitlab-ci.yml'
- 'container-scan.gitlab-ci.yml'
- 'set-version-template.gitlab-ci.yml'
- 'push-tag-and-version-template.gitlab-ci.yml'
test-image:
stage: test-image
extends: .build-image
when: manual
except:
- master
- tags
before_script:
- cd ImportantPath
----
[[Generel-Variablen]]
== Generelle Variablen
Bitte folgende Variablen in `.gitlab-ci.yaml` setzen
|===
|Name |Description
|CI_REGISTRY| Registry der CI
|MAVE_IMAGE| Das Image das benutzt werden soll für Jobs die Maven benötigen.
|NODE_IMAGE| Das Image das benutzt werden soll für Jobs die NPM benötigen
|MAVEN_OPTS| Generelle optionen um Maven zu verändern
|MAVEN_CLI_OPTS| Optionen um Maven beim Bauen zu verbessern.
|FRONTEND_DIR| Wenn das Projekt ein Frontend besitzt, muss der Pfad definiert werden, wo die note module gespeichert werden.
|===
----
include::{sourcedir}/STD-variablen-Template.gitlab-ci.yml[]
----

129
documentation/chapters/pipelines/eXXcellent-release.adoc Normal file
View File

@ -0,0 +1,129 @@
:sourcedir: ../../../pipelines
ifndef::imagesdir[]
:imagesdir: ../../images
endif::[]
[#_pipeline_release]
= Release Version Pipeline
This pipeline is a drop-in pipeline meant to make releases of your software as easy as possible.
The pipeline is split into a main and a child pipeline.
You also can use the pipelines independently.
The main-pipeline provides infrastructure to create Gitlab-releases and the triggers for the child pipeline.
The child pipeline is meant to create a new git tag with an increased Version.
When executed on it also creates a new Release Branch.
You can easily extend the child pipeline to publish Artefacts.
Although this is possible we recommend using tagged pipelines to publish Artefacts.
Tagged pipelines have the benefit that your pipelines are linked to a tag.
This makes publishing out of order or hotfixes simpler.
Since you do not relly on prior CI artefacts.
== Overview diagram
The following diagram shows how the pipelines works.
The imported Main pipeline triggers a child-pipeline.
This child pipeline is defined by a yaml file within your repository named release.gitlab-ci.yml Within this file you can define your skripts like in the normal .gitlab-ci.yml file.
We suggest importing the child pipeline.
[mermaid]
....
graph TB
main-project[.gitlab-ci.yml] -- Imports --> main
release[release.gitlab-ci.yml] -- Imports --> child
main -. Triggers Child Pipeline .-> release
subgraph project [Your project]
main-project
release
end
subgraph Gitlab-CI-templates [Gitlab-CI templates]
main[pipelines/release/eXXcellent-release-Main.gitlab-ci.yml]
child[pipelines/release/eXXcellent-release-Child.gitlab-ci.yml]
end
....
== Deep dive
=== Main
The main mainly imports jobs from the release.gitlab-ci.yml file.
On your default branch (Main/Master) it provides a job to increase the Major version.
On all branches that have RELEASE in their name it will provide jobs for all other versions.
This will Trigger your release.gitlab-ci.yml file.
Please read the documentation on <<_release_template>> if you need more information.
It also contains a job to create a Gitlab-Release.
It is only executed within tagged pipelines, since we want to create releases from these Tags.
For More Information about this please read <<_release_gitlab_template>>.
.pipelines/release/eXXcellent-release-Main.gitlab-ci.yml
[source,yaml]
----
include::../../../pipelines/release/eXXcellent-release-Main.gitlab-ci.yml[]
----
=== Child
The child pipeline manly imports the set-version Template.
it consists of two Jobs. The increase-version Job and the Push Tag and Branch Job.
The increase version job searches the latest tag on the branch that is checked out and increases the version according to the passed version type (Major,Minor,usw...).
On release-branches the tag will be pushed from this job. Since we do not need to do more.
On the default branch the push-tag-and-branch will push the tag.
It will also push a RELEASE branch.
When pushing a tag a new tagged pipeline is created.
The release will then be created from this pipeline.
In this pipeline the $CI_COMMIT_TAG variable will be set with the content of the tag.
You can do additional work and publishing here.
.pipelines/release/eXXcellent-release-Child.gitlab-ci.yml
[source,yaml]
----
include::../../../pipelines/release/eXXcellent-release-Child.gitlab-ci.yml[]
----
== Setup
1. to get started you have to prepair the repository so we can push Tags and Branches.
please read this documentation https://www.exxcellent.de/confluence/pages/viewpage.action?pageId=111183261[Getting Started - Version Tool]
2. Then Import the main pipeline into your .gitlab-ci.yml file:
.gitlab-ci.yml
[source,yaml]
----
stages:
- release #Should be the last stage within you pipeline.
include:
- project: 'gilden/ci/gitlab-ci-templates'
ref: '2.0'
file:
- 'pipelines/release/eXXcellent-release-Main.gitlab-ci.yml'
----
3. Create a child-pipeline file called `release.gitlab-ci.yml` and include the following:
.release.gitlab-ci.yml
[source,yaml]
----
include:
- project: 'gilden/ci/gitlab-ci-templates'
ref: '2.0'
file:
- 'pipelines/release/eXXcellent-release-Child.gitlab-ci.yml'
#add more jobs here if needed.
----

230
documentation/chapters/pipelines/update-version-pipeline.adoc
View File

@ -1,230 +0,0 @@
:sourcedir: ../../../pipelines
ifndef::imagesdir[]
:imagesdir: ../../images
endif::[]
= update-version-pipeline
This pipeline provides the jobs to increase the version, create a new tag and updates the changed files (version) the repository.
It can be extended to push a docker image to a docker registry.
== Overview diagram
[mermaid]
....
graph TB
.gitlab-ci.yml-->release-template.gitlab-ci.yml
release-template.gitlab-ci.yml-- release-->release.gitlab-ci.yml
release.gitlab-ci.yml-->pipelines/update-version-pipeline.gitlab-ci.yml
release.gitlab-ci.yml-->container-publish.gitlab-ci.yml
.gitlab-ci.yml--test-->container-scan.gitlab-ci.yml
subgraph project
.gitlab-ci.yml-->release.gitlab-ci.yml
end
subgraph Gitlab-CI-templates
release-template.gitlab-ci.yml
pipelines/update-version-pipeline.gitlab-ci.yml-->push-tag-and-version-template.gitlab-ci.yml
pipelines/update-version-pipeline.gitlab-ci.yml-->set-version-template.gitlab-ci.yml
set-version-template.gitlab-ci.yml-->exxcellent-increase-version-tool/increase-version
container-publish.gitlab-ci.yml-->.publish-image-kaniko
container-scan.gitlab-ci.yml
end
....
== Setup
This pipeline should be included as a child-pipeline in your gitlab-ci pipeline.
You then can add an individual release job for each kind of version bump.
NOTE: You only need the variable `PARENT_PIPELINE_ID` , if you use an https://docs.gitlab.com/ee/ci/yaml/README.html#artifact-downloads-to-child-pipelines[artifact of you parent-pipeline in your child pipeline]
In your gitlab-ci.yml include the following
.gitlab-ci.yml
[source, yaml]
----
stages:
- release
include:
- project: 'gilden/ci/gitlab-ci-templates'
ref: 'master'
file:
- 'release-template.gitlab-ci.yml'
a.major-release:
extends: .release-template
variables:
BUMP_VERSION: "major"
b.minor-release:
extends: .release-template
variables:
BUMP_VERSION: "minor"
c.patch-release:
extends: .release-template
variables:
BUMP_VERSION: "patch"
d.prerelease-release:
extends: .release-template
variables:
BUMP_VERSION: "prerelease"
e.build-release:
extends: .release-template
variables:
BUMP_VERSION: "build"
----
Create a child-pipeline file called `release.gitlab-ci.yml` and include the following:
.release.gitlab-ci.yml
[source, yaml]
----
stages:
- set-version
- push-tag-and-version
- release
include:
- project: 'gilden/ci/gitlab-ci-templates'
ref: 'master'
file:
- 'pipelines/update-version-pipeline.gitlab-ci.yml'
- 'push-image.yml'
# This is optional
push-docker-image:
extends: .publish-image-kaniko
stage: release
# You only need NEED if you use a artifact from your parent pipeline to build the image
needs:
- pipeline: $PARENT_PIPELINE_ID
job: Build
- job: increase-version
- job: push-tag-and-version
rules:
- when: always
before_script:
- "[ -f ./version ] && export LATEST_VERSION=$(cat ./version)"
- export PARSED_VERSION=$(echo $LATEST_VERSION | sed -r 's/\+/_/g') # Replace + sign since this is not valid in a docker tag
- export IMAGE_NAME=$CI_REGISTRY_IMAGE:$PARSED_VERSION
----
You pipeline then looks like the following:
.Release Pipeline
image::Release-Docker-Image-Pipeline.png[]
== Pipeline
.update-version-pipeline
[source, yaml]
----
include::{sourcedir}/update-version-pipeline.gitlab-ci.yml[]
----
== Usage with release branches
The `update version template` can be used to create a pipeline which supports releasing of artifacts from a release branch instead of the master branch. The https://gitlab.exxcellent.de/gilden/ci/exxcellent-increase-version-tool[exxcellent-versioning-tool] takes care of creating the next reasonable version numbers.
If you want to realise this topic you can use the template the following way:
.gitlab-ci.yml
[source, yaml]
----
stages:
- release
include:
- project: 'gilden/ci/gitlab-ci-templates'
ref: 'master'
file:
- 'release-template.gitlab-ci.yml'
# Creates next major prerelease on master (e.g.: 2.0.0-rc.1 --> 3.0.0-rc.1)
a.major-prerelease:
extends: .release-template
variables:
BUMP_VERSION: "major prerelease"
MODE: "bump"
# Creates next minor prerelease on master (e.g.: 2.0.0-rc.1 --> 2.1.0-rc.1)
b.minor-prerelease:
extends: .release-template
variables:
BUMP_VERSION: "minor prerelease"
MODE: "bump"
# Creates release on release branch (e.g.: 2.0.0-rc.1 --> 2.0.0)
a.create-release:
extends: .release-template
variables:
BUMP_VERSION: "patch"
MODE: "next_version"
rules:
- if: $CI_COMMIT_REF_NAME =~ /^release/
when: manual
- when: never
# Creates next prerelease on release branch (e.g.: 2.0.0 --> 2.0.1-rc.1 or 2.0.0-rc.1 --> 2.0.1-rc.2)
b.create-prerelease:
extends: .release-template
variables:
BUMP_VERSION: "prerelease"
MODE: "next_version"
rules:
- if: $CI_COMMIT_REF_NAME =~ /^release/
when: manual
- when: never
----
.release.gitlab-ci.yml
[source, yaml]
----
stages:
- set-version
- push-tag-and-version
- release
include:
- project: 'gilden/ci/gitlab-ci-templates'
ref: 'master'
file:
- 'pipelines/update-version-pipeline.gitlab-ci.yml'
- 'push-image.yml'
# This is optional
push-docker-image:
extends: .publish-image-kaniko
stage: release
# You only need NEED if you use a artifact from your parent pipeline to build the image
needs:
- pipeline: $PARENT_PIPELINE_ID
job: Build
- job: increase-version
- job: push-tag-and-version
rules:
- when: always
before_script:
- "[ -f ./version ] && export LATEST_VERSION=$(cat ./version)"
- export PARSED_VERSION=$(echo $LATEST_VERSION | sed -r 's/\+/_/g') # Replace + sign since this is not valid in a docker tag
- export IMAGE_NAME=$CI_REGISTRY_IMAGE:$PARSED_VERSION
----
More information on this topic and a more detailed instructions can be found in our https://gitlab.exxcellent.de/gilden/ci/exxcellent-branching-template[exxcellent-branching-template].

31
documentation/chapters/templates/IaC/ansible.adoc Normal file
View File

@ -0,0 +1,31 @@
= Ansible Template
A Template Collection to simplify the deployment automation with Ansible.
All Templates need a $SSH_PRIVATE_KEY variable to be set in den Gitlab CI Variablen.
.Provided Templates:
|===
|Name |Description
|
.ansible_lint | Calls the Ansible Linter for static analysis.
Output will be shown in CI output and can be used to optimize the Ansible manifests.
|.ansible_playbook_validate | Executes the Ansible-check, provides inside if the execution of Ansible is possible and syntactically correct.
|.ansible_playbook_run | Executes a defined Ansible playbooks.
|===
.Variables
|===
|Name |Description | Default Value
|SSH_PRIVATE_KEY | The SSH key that will be used to access the remote maschine.
!!
DO NOT set this variable in your Repository.
Use the Gitlab CI variables so not everyone has access to this Secret. Only Maintainer will have access to those Settings
| NOT SET. Has to be set in the gitlab CI variables settings UI.
|PLAYBOOK_PATH | Path to the playbook that should be executed | "playbook.yml"
|INVENTORY_PATH | Path to the inventory that should be executed | "inventory.yml"
|EXTRA_ARGS | Additional Arguments that will be used from Ansible | ""
|===
:template: IaC/ansible.gitlab-ci.yml
include::../../../template-printer.adoc[]

102
documentation/chapters/templates/IaC/docker-compose.adoc Normal file
View File

@ -0,0 +1,102 @@
= Docker-Compose Template
.Provided Templates:
|===
|Name |Description
|.docker-compose-deploy | Executes Docker Compose against a remote maschine.
|.docker-compose-validate | Validates the syntactic correctness of your compose files. Still can have execution Problems.
|===
Copy files with scp onto from your Repo to the Remote system.
Then executes Docker-compose over a SSH connection.
For this SSH connection you have to Provide a SSH Key under a CI-CD-Variable with the name $SSH_PRIVATE_KEY.
If you already have a different $SSH_PRIVATE_KEY you can overwrite the Variable SSH_PRIVATE_KEY_DEPLOY.
To Parametrise the Docker-Compose File you can use a .env File.
The .env File should not contain any Secrets.
For this reason you can create a .env file dynamically.
To generate a .env file you can provide a script under the path ENV_SETUP_FILE.
.Beispiel für ein setup_env.sh
----
#!/bin/sh
#Prints all Enviroments into the .env File.
printenv >> .env
#to set a diffrent Project Prefix use this ENV
echo COMPOSE_PROJECT_NAME=project-prefix >>.env
#Secrets
#Some Secret is a Variable within the gitlab CI Variable
echo SOME_PASSWORD="$SOME_PASSWORD" >>.env
----
== SSH Problem workaround
Sometimes there is a problem with some SSH servers and Docker.
We have a workaround for this, please override your script with the following:
----
script:
- !reference [.broken-ssh-connection-workaround, script]
----
.Variables
|===
|Name |Description | Default Value
| SSH_PRIVATE_KEY_DEPLOY
| Private key to access remote system.
| $SSH_PRIVATE_KEY (In den CI-CD variablen)
| SSH_URL
| URL of the remote server.
| -
| SSH_PORT
| SSH port of the remote server.
| 22
| SSH_USER
| The user that is used to login into the remote maschine.
| -
| DOCKER_REGISTRY
| The Container Registry that will be used to pull images.
| "$CI_REGISTRY"
| DOCKER_REGISTRY_PASS
| The passwort to the docker registry that should be used.
| "$CI_REGISTRY_PASSWORD"
| DOCKER_REGISTRY_USER
| The user to the docker registry that should be used.
| "$CI_REGISTRY_USER"
| ENV_SETUP_FILE
| If you want to use a .env file, this skript can be used to create one.
Secrets should not be stored within your repository. Use the CI-CD Variables in the setting page.
| "setup_env.sh"
| SCP_DESTINATION
| Target path for scp to push files to.
| -
| SCP_SOURCE
| Path you want to copy to the remote System.
| $CI_PROJECT_DIR
| COMPOSE_EXTRA_ARGS
| Additional arguments you want to send to Docker Compose.
For example multiple `-f compose.file.extra` definitions.
| -
| COMPOSE_UP_EXTRA_ARGS
| Additional arguments you want to send to Docker Compose up.
For example multiple `--no-deps --no-build` definitions.
| -
|===
:template: IaC/docker-compose.gitlab-ci.yml
include::../../../template-printer.adoc[]

9
documentation/chapters/templates/ssh-transfer-data-template.adoc → documentation/chapters/templates/IaC/ssh-transfer-data.adoc
View File

@ -1,5 +1,3 @@
:sourcedir: ../../../
= ssh-transfer-data-template
This template provides a service to transfer data from a pipeline to a remote server.
@ -13,8 +11,5 @@ For more details: https://gitlab.exxcellent.de/gilden/ci/exxcellent-ssh-tool#use
|SSH_HOST | the name of the remote host |-
|===
.ssh-transfer-data-template
[source, yaml]
----
include::{sourcedir}/ssh-transfer-data-template.gitlab-ci.yml[]
----
:template: IaC/ssh-transfer-data.gitlab-ci.yml
include::../../../template-printer.adoc[]

33
documentation/chapters/templates/ansible.adoc
View File

@ -1,33 +0,0 @@
:sourcedir: ../../../
= Ansible-template
Template Sammlung zur einfachen automation mit Ansible innerhalb der Gitlab CI.
Erwartet das $SSH_PRIVATE_KEY in den Gitlab CI Variablen gesetzt ist.
.Angebotene Templates:
|===
|Name |Description
|.ansible_lint | Ruft den Linter von Ansible auf.
Der Output wird dann in der CI gezeigt und kann den Stil der Playbooks verbessern.
|.ansible_playbook_validate | Validiert, ob die Playbooks ausgeführt werden können und syntaktisch Sinn ergeben.
|.ansible_playbook_run | Führt die Playbooks auf dem Inventar aus.
|===
.Variables
|===
|Name |Description | Default Value
|SSH_PRIVATE_KEY | SSH Key der von Ansible benutzt wird, um sich im Inventar anzumelden.
!!
Nicht in .gitlab.yml setzen. Statt dessen durch den CI Maintainer in den Gitlab Settings setzen lassen. | Nicht gesetzt. Muss in den Gitlab CI Variablen in den Settings gesetzt werden.
|PLAYBOOK_PATH | Path zum Playbook das ausgeführt werden soll | "playbook.yml"
|INVENTORY_PATH | Path zum Inventory das ausgeführt werden soll | "inventory.yml"
|EXTRA_ARGS | Extra Argumente für die Scripte | ""
|===
.Ansible-template
[source,yaml]
----
include::{sourcedir}/ansible.gitlab-ci.yml[]
----

24
documentation/chapters/templates/common/common-ci-variablen.adoc Normal file
View File

@ -0,0 +1,24 @@
:gitlab-ci-file: /common/common-ci-variablen.gitlab-ci.yml
[[Generel-Variablen]]
== Generelle Variablen
Getting the correct and best variables and configurations can be very hard.
Within the `{gitlab-ci-file}` file we provide common CI-Variablen.
These variables collect best practices from different projekts and the official Gitlab-CI documentation.
It is possible to include this file directly within your project.
Some of our Templates and Pipelines rely on the following variables.
|===
|Name |Description
|MAVE_IMAGE| The container image that will be used in jobs using Maven. We provide a https://www.exxcellent.de/confluence/pages/viewpage.action?pageId=119212963[Maven Base] Image with the eXXcellent Certificate.
|NODE_IMAGE| The container image that will be used in jobs using NPM.
|MAVEN_OPTS| Generell options to change the Maven configurations.
|MAVEN_CLI_OPTS| Options to change the Maven configurations on build time.
|GRADLE_OPTS| Generell options to change the Gradle configurations.
|FRONTEND_DIR| Directory where the frontend code can be found. This is useful when the repository contains frontend and backend Code.
|BACKEND_DIR| Directory where the backend code can be found. This is useful when the repository contains frontend and backend Code.
|===
:template: {gitlab-ci-file}
include::../../../template-printer.adoc[]

27
documentation/chapters/templates/container-publish-snapshot.adoc
View File

@ -1,27 +0,0 @@
:sourcedir: ../../../
= Container-Publish-Snapshot
Dieses Template funktioniert genauso wie das <<_container_publish, Container Publish>> Template.
Es wird jedoch in folgenden Branches ausgeführt.
Dabei sind die Imagenamen der Container abhängig von den Branchnamen.
.Ausführung
|===
|Branch |Container Image name
|DEFAULT BRANCH (master/main) |DOCKER_REGISTRY:latest
|feature/* |$DOCKER_REGISTRY:feature/(Branch-postfix)
|refactor/* |$DOCKER_REGISTRY:refactor/(Branch-postfix)
|===
.Variables
|===
|Name |Description | Default Value
|| Siehe <<_container_publish, Container Publish>> |
|===
.container-publish-snapshot
[source,yaml]
----
include::{sourcedir}/container-publish-snapshot.gitlab-ci.yml[]
----

29
documentation/chapters/templates/container-publish.adoc
View File

@ -1,29 +0,0 @@
:sourcedir: ../../../
= Container-Publish
Baut mithilfe von jib oder kaniko ein Docker Image und läd das Image in der Docker Registry des Projekts hoch.
Dieser Schritt wird nur ausgeführt, wenn ein Tag gesetzt wird.
Wenn das Template ohne Tags benutzt werden soll, müssen die Rules vererbt werden.
Ein Snapshot Template bieten wir hier an: <<_container-publish-snapshot>>
.Variables
|===
|Name |Description | Default Value
|MVN_VERSION | Bestimmt, ob die version von MAVEN gesetzt werden soll.
Falls das Projekt aus mehreren Poms besteht, kann `before_script:` benutzt werden. | "true"
|DOCKER_REGISTRY | Definiert die Registry an zu dem das Image veröffentlicht werden soll | $CI_REGISTRY_IMAGE
|DOCKER_REGISTRY_USER | Definiert den User der benutzt werden soll | $CI_REGISTRY_USER
|DOCKER_REGISTRY_PASSWORD | Definiert das Passwort des Benutzers | $CI_REGISTRY_PASSWORD
|EXTRA_ARGS | Weitere Argumente die an den jeweiligen Job gegeben werden sollen. | ""
|USE_VERSIONFILE | Wenn true, dann wird zur Versionierung das ./version file aus dem set-version tool verwendet | "false"
|ARTIFACT | Der Name des Versionfiles aus dem set-version tool | "version"
|GRADLE_CLI_OPTS | Zusätzliche CLI Opts für Gradle | ""
|===
.container-publish
[source,yaml]
----
include::{sourcedir}/container-publish.gitlab-ci.yml[]
----

34
documentation/chapters/templates/container-scan.adoc
View File

@ -1,34 +0,0 @@
:sourcedir: ../../../
= Container-Scan
Baut ein Image mithilfe von jib oder Kaniko welches im Anschluss gescanned wird. Dieser Schritt wird ausgeführt, wenn ein Tag gesetzt wird. Die Ergebnisse des Scans können genutzt werden den Build failen zu lassen, falls gewünscht (vgl. `EXITCODE_ON_HIGH` und `EXITCODE_ON_CRITICAL`).
.Variables
|===
|Name |Description | Default Value
|TRIVY_VERSION
| Version von Trivy die benutzt werden soll.
| -
|EXITCODE_ON_HIGH
| Bestimmt den Exit code der ausgegeben werden soll, wenn ein CVE der als HIGH markiert wurde, gefunden werden konnte.
Wenn 0 benutzt wird, läuft die CI weiter.
Benutzte `allow_failure: true` damit die CI weiter läuft aber ein Failure angezeigt wird.
| -
|EXITCODE_ON_CRITICAL
| Bestimmt den Exit code der ausgegeben werden soll, wenn ein CVE der als CRITICAL markiert wurde, gefunden werden konnte.
Wenn 0 benutzt wird, läuft die CI weiter.
Benutzte `allow_failure: true` damit die CI weiter läuft aber ein Failure angezeigt wird.
| -
|GRADLE_CLI_OPTS | Zusätzliche CLI Opts für Gradle | ""
|KANIKO_EXTRA_ARGS | Extra Arguments for the build of the image with Kaniko | ""
|===
.container scan template
[source, yaml]
----
include::{sourcedir}/container-scan.gitlab-ci.yml[]
----

43
documentation/chapters/templates/container/container-build.adoc Normal file
View File

@ -0,0 +1,43 @@
[[_container_build]]
= Build
.Provided Templates:
|===
|Name |Description
| .container-build-jib-maven | Baut Container mit dem Jib Plugin für Maven
| .container-build-jib-gradle | Baut Container mit dem Jib Plugin für Gradle
| .container-build-kaniko | Baut Container mit dem Kaniko
|===
Allows the simple building of Container Images.
We use Kaniko because it is faster than Docker builds and has less security problems.
The generated image will be passed as a Tar-Artefact between stages.
This allows us to make forder manipulations and scan jobs on one container Image.
The template <<_container_publish>> allows you to publish the build image to a registry.
.Variables
|===
|Name |Description | Default Value
|CONTEXT_LOCATION
| Defines the context of the container build. In case of jib this Path should point to the location of your Gradle/Maven projects.
| $CI_PROJECT_DIR
| EXTRA_ARGS
| Additional argument that will be passed to the used tool.
| ""
| Only with Kaniko |- |-
| DOCKERFILE_LOCATION
| Path to the Dockerfile
| $CI_PROJECT_DIR/Dockerfile
| REGISTRY_MIRROR
| Define the container Mirror that should be used
| exxcellent Nexus
|===
:template: container/container-build.gitlab-ci.yml
include::../../../template-printer.adoc[]

18
documentation/chapters/templates/container/container-publish.adoc Normal file
View File

@ -0,0 +1,18 @@
[#_container_publish]
= Publish
Moves a container from the filesystem to a remote repository.
Needs a build container on the path `image.tar`. Use one of the Container build templates for this.
.Variables
|===
|Name |Description | Default Value
| CONTAINER_REGISTRY | The address of the projects Container Registry. | $CI_REGISTRY
| CONTAINER_REGISTRY_USER | the user that should be used | $CI_REGISTRY_USER
| CONTAINER_REGISTRY_PASSWORD | the password for the remote registry | $CI_REGISTRY_PASSWORD
| EXTRA_PATH | Extra path that should be between the registry path and the image tag. Has to start with a "/" | ""
| IMAGE_TAG | the Tag the image should be found on | Depends on the current path. Look at the rules of the Job.
|===
:template: container/container-publish.gitlab-ci.yml
include::../../../template-printer.adoc[]

30
documentation/chapters/templates/container/container-scan.adoc Normal file
View File

@ -0,0 +1,30 @@
= Container CVE Scanner
Uses Trivy to scan for CVE Problems within your Image.
Needs a build container on the path `image.tar`.
Use one of the Container build templates for this.
====
NOTE: NPM Trivy can not find CVE's within Frontend containes that do not have a dependencie-lock file.
This file should not be part of the Image.
We provide an additional static CVE-Analyser-Template that can find these CVE's within your Repo.
We also have the https://gitlab.exxcellent.de/gilden/ci/security-scanner/security-scanner[Security-Scanner] if you have more than one image to scan.
====
.Variables
|===
|Name |Description | Default Value
|EXITCODE
| Define the exit code Trivy uses when finding a CVE of the High category.
When using 0 the CI will run not exit when finding CVEs
Please consider using `allow_failure: true` instead of 0. The CI will show you an error but not fail.
| 1
| TRIVY_EXTRA_ARGS
| Extra arguments to pass to Trivy
| Please see Template
|===
:template: container/container-scan.gitlab-ci.yml
include::../../../template-printer.adoc[]

14
documentation/chapters/templates/container/docker-in-docker.adoc Normal file
View File

@ -0,0 +1,14 @@
= Docker in Docker Helper
This template helps to start jobs, that need a docker environment to run.
Simply expand from this Template.
You than have access to a Docker over the address behind `$DOCKER_HOST`
:template: container/docker-in-docker.gitlab-ci.yml
include::../../../template-printer.adoc[]
.Simple example
[source,yaml]
----
include::../../../../test/docker/test-dind.gitlab-ci.yml[]
----

70
documentation/chapters/templates/docker-compose-deploy.adoc
View File

@ -1,70 +0,0 @@
:sourcedir: ../../../
= Docker-Compose-Deploy
Kopiert Daten mithilfe von scp aus dem Repo auf ein Deployment-System.
Dort wird über SSH Docker-compose up ausgeführt.
Für die SSH Verbindung muss ein Private-Key in den CI-CD Variablen unter dem Namen $SSH_PRIVATE_KEY abgelegt werden.
Wenn bereits andere SSH Keys vorhanden sind kann SSH_PRIVATE_KEY_DEPLOY in den Varibalen überschrieben werden.
Um die Compose-Files zu parametrisieren kann ein .env File benutzt werden.
Dieses sollte mit einem Skript das unter der Variable ENV_SETUP_FILE hinterlegt ist erstellt werden.
.env File sollten nicht in der Repo liegen da keine Passwörter in der Repo liegen sollten.
.Beispiel für ein setup_env.sh
----
#!/bin/sh
#Printed alle Umgebungsvariablen in das .env File.
printenv >> .env
echo COMPOSE_PROJECT_NAME=project-prefix >>.env
#Secrets
echo SOME_PASSWORD="$SOME_PASSWORD" >>.env
----
.Variables
|===
|Name |Description | Default Value
| SSH_PRIVATE_KEY_DEPLOY
| Private key der Zugriff auf den Deployment Server hat.
| $SSH_PRIVATE_KEY (In den CI-CD variablen)
| SSH_URL
| URL des Servers auf den Docker-Compose ausgeführt werden soll.
| -
| SSH_USER
| Der Passende SSH User zu der SSH Verbindung.
| -
| DOCKER_REGISTRY
| Die Docker Registry die benutzt werden soll um Images zu pullen.
| "$CI_REGISTRY"
| ENV_SETUP_FILE
| Falls ein .env file benutzt werden soll, kann es mit einem sh script erstellt werden.
Secrets sollten nicht in der Repository liegen, sondern in den CI-CD Variablen der Repository settings.
| "setup_env.sh"
| SCP_DESTINATION
| Ziel Pfad wo Daten mit SCP hin kopiert werden sollen.
| -
| SCP_SOURCE
| Pfad zu den daten die mithilfe von SCP kopiert werden sollen.
| $CI_PROJECT_DIR
| COMPOSE_EXTRA_ARGS
| Weitere argumente die an Docker-Compose geschickt werden können.
| -
|===
.Docker compose deploy
[source,yaml]
----
include::{sourcedir}/docker-compose-deploy.gitlab-ci.yml[]
----

20
documentation/chapters/templates/docker-compose-validate.adoc
View File

@ -1,20 +0,0 @@
:sourcedir: ../../../
= Docker-Compose-Validate
Validiert die semantische Korrektheit eines Docker-Compose files.
.Variables
|===
|Name |Description | Default Value
| COMPOSE_EXTRA_ARGS
| Weitere argumente die an Docker-Compose geschickt werden können.
| -
|===
.Docker compose validate
[source,yaml]
----
include::{sourcedir}/docker-compose-validate.gitlab-ci.yml[]
----

34
documentation/chapters/templates/documentation/documentation.adoc Normal file
View File

@ -0,0 +1,34 @@
= Dokumentation-Tool-template
The Dokumentation tool template.
More details and Variables can be found here: https://gitlab.exxcellent.de/gilden/ci/exxcellent-documentation-tool[Gilde CI/CD: exxcellent-documentation-tool].
The following variables have to be set and are not optional.
.Variables
|===
|Name |Description | Default Value
| FILE_INPUT
| A triplet of the converted html name followed by the page id of the confluence page we should generate below followed by the title of the parent page. Also supports multiple files separated by pipes: "<file>.html,<pageid>,<pageTitle2>\|<file2>.html,<pageid2>,<pageTitle2>"
| NO DEFAULT
| CONFLUENCE_SPACE
| Space Key of the target space e.g. RANDI for the Research and Innovation space
| NO DEFAULT
| CONFLUENCE_USER
| Username in Confluence
| NO DEFAULT SET IN SECRETS
| CONFLUENCE_PASSWORD
| Password in Confluence
| NO DEFAULT SET IN SECRETS
| OPTIONAL
| https://gitlab.exxcellent.de/gilden/ci/exxcellent-documentation-tool/-/blob/master/documentation/chapters/general-information.adoc#user-content-confluence[Read Here] for more information.
| -
|===
:template: documentations/documentation.gitlab-ci.yml
include::../../../template-printer.adoc[]

18
documentation/chapters/templates/gradle-build-template.adoc
View File

@ -1,18 +0,0 @@
:sourcedir: ../../../
= Gradle-build-template
Dieses Template lädt die Dependencies herunter und baut das Projekt.
Die Ergebnisse werden als Artifact gespeichert.
.Variables
|===
|Name |Description | Default Value
|GRADLE_CLI_OPTS | Zusätzliche CLI Opts für Gradle | ""
|===
.gradle-build-template
[source,yaml]
----
include::{sourcedir}/gradle-build-template.gitlab-ci.yml[]
----

18
documentation/chapters/templates/gradle-test-template.adoc
View File

@ -1,18 +0,0 @@
:sourcedir: ../../../
= Gradle-test-template
Dieses Template startet den Test Task in gradle.
Die Ergebnisse werden als Artifact gespeichert.
.Variables
|===
|Name |Description | Default Value
|GRADLE_CLI_OPTS | Zusätzliche CLI Opts für Gradle | ""
|===
.gradle-test-template
[source,yaml]
----
include::{sourcedir}/gradle-test-template.gitlab-ci.yml[]
----

16
documentation/chapters/templates/java/gradle/gradle-build-template.adoc Normal file
View File

@ -0,0 +1,16 @@
[#_Gradle-build-template]
= Gradle-build-template
This template resolves the gradle dependencies of your project and builds the project.
The result will be cached when you include the common CI variables.
The resulting build files will be published as artefacts.
.Variables
|===
|Name |Description | Default Value
|GRADLE_CLI_OPTS | Additional Options that will be passed to Gradle | ""
|GRADLE_CLI_BUILD_OPTS | Additional Options that will be passed to Gradle while Building | ""
|===
:template: java/gradle/gradle-build.gitlab-ci.yml
include::../../../../template-printer.adoc[]

22
documentation/chapters/templates/java/gradle/gradle-db-diff-template.adoc Normal file
View File

@ -0,0 +1,22 @@
= Gradle Database Diff
This template generates a diff between the Liquibase schema and the Hibernate model of a database.
The resulting xml can be used as a base for schema changes.
Please look at the resulting changelog since it can have errors.
== Run against real Server
If you wand to run the integration against a real server.
Override `GRADLE_CLI_OPTS` with `-Dvariable.liquibase.database.url=<database_url>`.
It is also possible to add a service container with your desired Database.
Use the alias field in the service definition to define the address for the for `database_url`
.Variables
|===
|Name |Description | Default Value
|GRADLE_CLI_OPTS | Additional options send to gradle | ""
| PATH_TO_DIFF | Path to the resulting diff is defined in gradle config, this will also be exposed as the artefact of the Job. | "build/db-diff.xml"
|===
:template: java/gradle/gradle-database-diff.gitlab-ci.yml
include::../../../../template-printer.adoc[]

15
documentation/chapters/templates/java/gradle/gradle-license.gitlab-ci.adoc Normal file
View File

@ -0,0 +1,15 @@
= Gradle license template
This template executes the cycloneBom gradle task which generates license information from gradle.xml files and stores them in a _bom.xml_ file. For more details: https://gitlab.exxcellent.de/gilden/ci/exxcellent-license-tools[Gilde CI/CD: exxcellent-license-tool].
TIP: Instead of using this template to generate the bom file you can simply include the _cyclonedxBom_ task in your regular gradle build <<_Gradle-build-template>> by adding it to the _GRADLE_CLI_OPTS_.
.Variables
|===
|Name |Description | Default Value
|GRADLE_CLI_OPTS | Additional Options that will be passed to Gradle | ""
|GRADLE_EXTRA_OPTS | Additional Extra Options that will be passed to Gradle | ""
|===
:template: java/gradle/gradle-license.gitlab-ci.yml
include::../../../../template-printer.adoc[]

22
documentation/chapters/templates/java/gradle/gradle-test-template.adoc Normal file
View File

@ -0,0 +1,22 @@
ifndef::imagesdir[]
:imagesdir: ../../../../images/
endif::[]
= Gradle Database Diff
These templates starts `gradle test` and saves the results as Artifacts.
When Junit Reports are generated they will be published as Artefacts within the Pipelines.
You can get a detailed view when clicking on Tests.
For more information look into the official https://docs.gitlab.com/ee/ci/unit_test_reports.html[Documentation].
image::GitlabCiTest.png[]
.Variables
|===
|Name |Description | Default Value
|GRADLE_CLI_OPTS | Zusätzliche CLI Opts für Gradle | ""
|===
:template: java/gradle/gradle-verify.gitlab-ci.yml
include::../../../../template-printer.adoc[]

13
documentation/chapters/templates/java/maven/maven-build-template.adoc Normal file
View File

@ -0,0 +1,13 @@
[#_Maven-build-template]
= maven-build-template
These Templates will build a .jar file with Maven and provides it as an Artifact
.Variables
|===
|Name |Description | Default Value
|MAVEN_CLI_BUILD_OPTS | Additional Options that will be passed to Maven while Building | ""
|===
:template: java/maven/maven-build.gitlab-ci.yml
include::../../../../template-printer.adoc[]

22
documentation/chapters/templates/java/maven/maven-db-diff-template.adoc Normal file
View File

@ -0,0 +1,22 @@
= Maven Database Diff
This template generates a diff between the Liquibase schema and the Hibernate model of a database.
The resulting xml can be used as a base for schema changes.
Please look at the resulting changelog since it can have errors.
.Variables
|===
|Name |Description | Default Value
| PATH_TO_DIFF
| Path to the resulting diff is defined in gradle config, this will also be exposed as the artefact of the Job.
| "target/db-diff.xml"
|MAVEN_CLI_OPTS | Additional Options that will be passed to Maven | ""
|MAVEN_EXTRA_OPTS | Additional extra options that will be passed to Maven | ""
|MAVEN_EXTRA_ARGS | Additional extra args that will be passed to Maven | ""
|===
:template: java/maven/maven-database-diff.gitlab-ci.yml
include::../../../../template-printer.adoc[]

12
documentation/chapters/templates/java/maven/maven-dependencies-template.adoc Normal file
View File

@ -0,0 +1,12 @@
= Gradle Dependencies Template
This Template resolves the Maven Dependencies of your Projekt.
The result will be cached when you include the common CI variables.
.Variables
|===
|Name |Description | Default Value
|===
:template: java/maven/maven-dependencies.gitlab-ci.yml
include::../../../../template-printer.adoc[]

16
documentation/chapters/templates/java/maven/maven-license.gitlab-ci.adoc Normal file
View File

@ -0,0 +1,16 @@
= Maven license template
This template executes the cycloneBom maven task which generates license information from pom.xml files and stores them in a _bom.xml_ file. For more details: https://gitlab.exxcellent.de/gilden/ci/exxcellent-license-tools[Gilde CI/CD: exxcellent-license-tool].
TIP: Instead of using this template to generate the bom file you can simply include the _cyclonedxBom_ task in your regular maven build <<_Maven-build-template>> by adding it to the _MAVEN_EXTRA_OPTS_.
.Variables
|===
|Name |Description | Default Value
|MAVEN_CLI_OPTS | Additional Options that will be passed to Maven | ""
|MAVEN_EXTRA_OPTS | Additional extra options that will be passed to Maven | ""
|MAVEN_EXTRA_ARGS | Additional extra args that will be passed to Maven | ""
|===
:template: java/maven/maven-license.gitlab-ci.yml
include::../../../../template-printer.adoc[]

22
documentation/chapters/templates/java/maven/maven-verify-template.adoc Normal file
View File

@ -0,0 +1,22 @@
ifndef::imagesdir[]
:imagesdir: ../../../../images/
endif::[]
= Maven verify template
This templates starts `mvn verify` and saves the results as Artifacts.
When Junit Reports are generated they will be published as Artefacts within the Pipelines.
You can get a detailed view when clicking on Tests.
For more information look into the official https://docs.gitlab.com/ee/ci/unit_test_reports.html[Documentation].
image::GitlabCiTest.png[]
.Variables
|===
|Name |Description | Default Value
|===
:template: /java/maven/maven-verify.gitlab-ci.yml
include::../../../../template-printer.adoc[]

32
documentation/chapters/templates/license/license.gitlab-ci.adoc Normal file
View File

@ -0,0 +1,32 @@
= license-template
This template provides a service to collect, validate and publish generated license information for a project. For more details: https://gitlab.exxcellent.de/gilden/ci/exxcellent-license-tools[Gilde CI/CD: exxcellent-license-tool].
TIP: The license tool needs a _bom.json_ file which is generated in a previous stage. This is generally done as a part of the build stage (p.ex. by adding cyclonedxBom to the gradle build) and then providing the generated bom.json with artifacts. Again, see https://gitlab.exxcellent.de/gilden/ci/exxcellent-license-tools[Gilde CI/CD: exxcellent-license-tool] for more infos
The following use cases are possible:
__Generate Asciidoc for all licenses:__
- Set BOM_FILE (source)
- Set LICENSE_ADOC_FILE (target)
__Validate licenses and generate Asciidoc file:__
- Set BOM_FILE (source)
- Set LICENSE_ADOC_FILE (target)
- Set INVALID_LICENSE_ADOC_FILE (target)
- Set ALLOWED_LICENSES
.Variables
|===
|Name |Description | Default Value
|BOM_FILE | the path to the bom file (provided in artifacts from previous stage)|bom.json
|ALLOWED_LICENSES | path to the text file with line separated list of allowed licenses |valid-licenses.txt
|LICENSE_ADOC_FILE | path to the generated adoc file with all licenses |licenses.adoc
|INVALID_LICENSE_ADOC_FILE | path to the generated adoc file with invalid licenses |invalid-licenses.adoc
|NUMBER_OF_ALLOWED_FAILURES | number of allowed invalid licenses |0
|===
:template: license/license.gitlab-ci.yml
include::../../../template-printer.adoc[]

16
documentation/chapters/templates/maven-build-template.adoc
View File

@ -1,16 +0,0 @@
:sourcedir: ../../../
= maven-build-template
Dieses Template baut die .jar Files und speichert die Ergebnisse als Artifact.
.Variables
|===
|Name |Description | Default Value
|===
.mvn-build-template
[source, yaml]
----
include::{sourcedir}/maven-build-template.gitlab-ci.yml[]
----

17
documentation/chapters/templates/maven-dependencies-template.adoc
View File

@ -1,17 +0,0 @@
:sourcedir: ../../../
= maven-dependencies-template
Dieses Template lädt die Maven Abhängigkeiten des Projekts runter.
Bitte den Cache hinzufügen. Siehe xref:Generel-Variablen[Generelle Variablen]
.Variables
|===
|Name |Description | Default Value
|===
.mvn-dependencies-template
[source, yaml]
----
include::{sourcedir}/maven-dependencies-template.gitlab-ci.yml[]
----

25
documentation/chapters/templates/maven-verify-template.adoc
View File

@ -1,25 +0,0 @@
:sourcedir: ../../../
ifndef::imagesdir[]
:imagesdir: ../../images
endif::[]
= maven-verify-template
Dieses Template startet `mvn verify` und speichert die Ergebnisse als Artifact.
Wenn Junit Report XML files generiert und als Artefakte innerhalb der Pipeline hochgeladen wurden, können diese innerhalb der Pipelines Detail Seite angezeigt werden. Für mehr Dokumentation klicke https://docs.gitlab.com/ee/ci/unit_test_reports.html[hier].
image::GitlabCiTest.png[]
.Variables
|===
|Name |Description | Default Value
|===
.mvn-verify-template
[source, yaml]
----
include::{sourcedir}/maven-verify-template.gitlab-ci.yml[]
----

16
documentation/chapters/templates/npm-build-template.adoc
View File

@ -1,16 +0,0 @@
:sourcedir: ../../../
= npm-build-template
Dieses Template baut das NPM projekt und speichert die Ergebnisse als Artifact.
.Variables
|===
|Name |Description | Default Value
|===
.npm-build-template
[source, yaml]
----
include::{sourcedir}/npm-build-template.gitlab-ci.yml[]
----

17
documentation/chapters/templates/npm-dependencies-template.adoc
View File

@ -1,17 +0,0 @@
:sourcedir: ../../../
= npm-dependencies-template
Dieses Template läd die NPM Abhängigkeiten des Projekts runter.
Bitte den Cache hinzufügen. Siehe xref:Generel-Variablen[Generelle Variablen]
.Variables
|===
|Name |Description | Default Value
|===
.npm-dependencies-template
[source, yaml]
----
include::{sourcedir}/npm-dependencies-template.gitlab-ci.yml[]
----

16
documentation/chapters/templates/npm-lint-template.adoc
View File

@ -1,16 +0,0 @@
:sourcedir: ../../../
= npm-lint-template
Dieses Template durchläuft den Linter des NPM Projekts.
.Variables
|===
|Name |Description | Default Value
|===
.npm-lint-template
[source, yaml]
----
include::{sourcedir}/npm-lint-template.gitlab-ci.yml[]
----

16
documentation/chapters/templates/npm-test-template.adoc
View File

@ -1,16 +0,0 @@
:sourcedir: ../../../
= npm-test-template
Dieses Template baut das NPM Projekt.
.Variables
|===
|Name |Description | Default Value
|===
.npm-test-template
[source, yaml]
----
include::{sourcedir}/npm-test-template.gitlab-ci.yml[]
----

11
documentation/chapters/templates/npm/npm-build-template.adoc Normal file
View File

@ -0,0 +1,11 @@
= NPM Build Template
This template will build a NPM project and saved the artifacts for the next build step.
.Variables
|===
|Name |Description | Default Value
|===
:template: npm/npm-build.gitlab-ci.yml
include::../../../template-printer.adoc[]

12
documentation/chapters/templates/npm/npm-dependencies-template.adoc Normal file
View File

@ -0,0 +1,12 @@
= NPM Dependencies template
This template loads the NPM dependencies of the project.
Please add the NPM cache. Look xref:Generel-Variablen[generell Variables]
.Variables
|===
|Name |Description | Default Value
|===
:template: npm/npm-dependencies.gitlab-ci.yml
include::../../../template-printer.adoc[]

11
documentation/chapters/templates/npm/npm-lint-template.adoc Normal file
View File

@ -0,0 +1,11 @@
= NPM Lint template
This template starts the linter of your NPM project.
.Variables
|===
|Name |Description | Default Value
|===
:template: npm/npm-lint.gitlab-ci.yml
include::../../../template-printer.adoc[]

11
documentation/chapters/templates/npm/npm-test-template.adoc Normal file
View File

@ -0,0 +1,11 @@
= NPM Test Template
This template will run your NPM unit tests
.Variables
|===
|Name |Description | Default Value
|===
:template: npm/npm-verify.gitlab-ci.yml
include::../../../template-printer.adoc[]

19
documentation/chapters/templates/publish-image.adoc
View File

@ -1,19 +0,0 @@
:sourcedir: ../../../
= Publish-Image-jib
Baut mithilfe von jib ein Docker Image und läd es in die Docker Registry des Projekts hoch.
Dieser Schritt wird nur ausgeführt, wenn ein Tag gesetzt wird.
.Variables
|===
|Name |Description | Default Value
|MVN_VERSION | Bestimmt, ob die version von MAVEN gesetzt werden soll.
Falls das Projekt aus mehreren Poms besteht, kann `bevor_script:` benutzt werden. | "true"
|===
.publish-image-jib-template
[source,yaml]
----
include::{sourcedir}/container-publish.gitlab-ci.yml[]
----

19
documentation/chapters/templates/release-template.adoc
View File

@ -1,19 +0,0 @@
:sourcedir: ../../../
= release-template
This template provides a template for including the child release pipeline.
For more information see the `update-version-pipeline` documentation.
.Variables
|===
|Name |Description | Default Value
|PARENT_PIPELINE_ID | The if of the parent pipeline. Needed to be able to use artifacts in the child pipeline | $CI_PIPELINE_ID
|===
.release-template
[source, yaml]
----
include::{sourcedir}/release-template.gitlab-ci.yml[]
----

9
documentation/chapters/templates/mail-template.adoc → documentation/chapters/templates/releasing/mail-template.adoc
View File

@ -1,5 +1,3 @@
:sourcedir: ../../../
= mail-template
This template provides a service to send mails from a pipeline with the help of a smtp server.
@ -15,8 +13,5 @@ For more details: https://gitlab.exxcellent.de/gilden/ci/exxcellent-mail-tool[Gi
NOTE: The template uses the port 25 config as a default which doesn't need a smtp auth and a smtp user with the restriction that it only works from within the exxcellent gitlab-ci runners. For other configs visit the https://gitlab.exxcellent.de/gilden/ci/exxcellent-mail-tool[mail-tool docs]
.mail-template
[source, yaml]
----
include::{sourcedir}/mail-template.gitlab-ci.yml[]
----
:template: releasing/mail.gitlab-ci.yml
include::../../../template-printer.adoc[]

12
documentation/chapters/templates/push-tag-and-version-template.adoc → documentation/chapters/templates/releasing/push-tag-and-version-template.adoc
View File

@ -1,9 +1,6 @@
:sourcedir: ../../../
= push-tag-and-version-template
= Push Tag and Version Template
This template creates a new tag und updates the version of your project in the repository. Additionally, the template builds a new artifact with the `mvn package` command after setting the version which then can be exported with the gitlab-ci _artifacts_ keyword and used in subsequent stages.
For more details: https://gitlab.exxcellent.de/gilden/ci/exxcellent-ssh-tool[Gilde CI/CD: exxcellent-ssh-tool].
.Variables
@ -14,8 +11,5 @@ For more details: https://gitlab.exxcellent.de/gilden/ci/exxcellent-ssh-tool[Gil
|MVN_EXTRA_ARGS | sets extra args which will be added behind the `mvn` command | ""
|===
.push-tag-and-version-template
[source, yaml]
----
include::{sourcedir}/push-tag-and-version-template.gitlab-ci.yml[]
----
:template: releasing/push-tag-and-version.gitlab-ci.yml
include::../../../template-printer.adoc[]

13
documentation/chapters/templates/releasing/release-gitlab-template.adoc Normal file
View File

@ -0,0 +1,13 @@
[#_release_gitlab_template]
= Gitlab Release Template
This Template makes it easier to create Gitlab Release from the CI
.Variables
|===
|Name |Description | Default Value
|DESCRIPTION | The Content that has changed in the last release. Can be changed manual afterwards | ""
|===
:template: releasing/release-gitlab.gitlab-ci.yml
include::../../../template-printer.adoc[]

26
documentation/chapters/templates/releasing/release-template.adoc Normal file
View File

@ -0,0 +1,26 @@
[#_release_template]
= Release Template
This collection provides multiple templated to make publish releases of your Software as easy as possible.
.Angebotene Templates:
|===
|Name |Description
| .release-common | This template contains a trigger for an additional release Pipeline. It will execute all Jobs defined in your release.gitlab-ci.yml file as a child pipeline
For more information see the <<_pipeline_release>> documentation.
| .release-default: | Builds upon .release-common defines rules, so it will only be executed on your default branch.
| .release-release-branch: | Builds upon .release-common defines rules, so it will only be executed on release branches.
|===
.Variables
|===
|Name |Description | Default Value
|PARENT_PIPELINE_ID | The if of the parent pipeline. Needed to be able to use artifacts in the child pipeline | $CI_PIPELINE_ID
|===
:template: releasing/release.gitlab-ci.yml
include::../../../template-printer.adoc[]

14
documentation/chapters/templates/set-version-template.adoc → documentation/chapters/templates/releasing/set-version-template.adoc
View File

@ -1,6 +1,4 @@
:sourcedir: ../../../
= set-version-template
= Set Version
This template provides the job for increasing the tag version.
For more details look at https://gitlab.exxcellent.de/gilden/ci/exxcellent-increase-version-tool[Gilde CI/CD: exxcellent-increase-version-tool].
@ -11,7 +9,8 @@ For more details look at https://gitlab.exxcellent.de/gilden/ci/exxcellent-incre
|Name |Description | Default Value
|BUMP_VERSION | defines the version bump | "major"
|PREFIX | the prefix for the tag | ""
|OUTPUT | defines where the updated version is written to | version
|OUTPUT | defines where the updated version is written to. Default case is an env File named Version.
Following Jobs will have set the $VERSION variable to the next version. | version.env
|SIMPLIFY
a|
* "false":
@ -20,8 +19,5 @@ a|
** use more traditional version number. e.g: 1.2.3.6 | "false"
|===
.set-version-template
[source, yaml]
----
include::{sourcedir}/set-version-template.gitlab-ci.yml[]
----
:template: /releasing/set-version.gitlab-ci.yml
include::../../../template-printer.adoc[]

30
documentation/chapters/templates/repo-cve-scan.adoc
View File

@ -1,30 +0,0 @@
:sourcedir: ../../../
= Repo-CVE-Scan
Scanned die gesamte Repo mit Trivy auf CVEs und Konfigurationsproblemen in Deployment files.
.Variables
|===
|Name |Description | Default Value
|EXITCODE
| Definiert den Exitcode der benutzt wird, wenn Trivy Probleme findet.
Bei 0 läuft die Pipeline durch, auch wenn Probleme gefunden werden.
Überlege, ob du die Flag `allow_failure: false` benutzen willst.
| 1
|TRIVY_EXTRA_ARGS
| Weitere Argumente die du an Trivy übergeben kannst.
| --no-progress --ignore-unfixed --severity HIGH,CRITICAL
|SCAN_PATH
| Der Path ab dem Trivy die Repo scannen soll.
| Root der Repository
|===
.Repo CVE scan template
[source, yaml]
----
include::{sourcedir}/repo-cve-scan.gitlab-ci.yml[]
----

29
documentation/chapters/templates/static-analysis/repo-cve-scan.adoc Normal file
View File

@ -0,0 +1,29 @@
= Repo CVE Scan
This template uses Trivy to scan for CVEs, Configuration Problems and Secrets within your Repository.
.Variables
|===
|Name |Description | Default Value
|EXITCODE
| Define the exit code Trivy uses when finding a CVE of the High category.
When using 0 the CI will run not exit when finding CVEs
Please consider using `allow_failure: true` instead of 0. The CI will show you an error but not fail.
| 1
|TRIVY_EXTRA_ARGS
| Extra arguments to pass to Trivy
| --no-progress --ignore-unfixed --severity HIGH,CRITICAL
| TRIVY_CKECKS
| Allows you to configure what checks will be executed on your Repository
| "vuln,config,secret"
| SCAN_PATH
| Path where Trivy should scan for security errors.
| $CI_PROJECT_DIR
|===
:template: static-analysis/repo-cve-scan-trivy.gitlab-ci.yml
include::../../../template-printer.adoc[]

23
documentation/chapters/templates/static-analysis/sonar-7.adoc Normal file
View File

@ -0,0 +1,23 @@
= Sonar 7
The following templates provide integrations for Sonar
More Details can be found here: https://www.exxcellent.de/confluence/x/RIWCC[Confluence: Sonar Plugin Setup].
.Variables
|===
|Name |Description | Default Value
|SONAR_HOST_URL | The Url for the Sonar server | http://sonar7.exxcellent.de/sonar7
|SONAR_TOKEN | The Sonar token to call protected sonar funtkions | ""
|SONAR_PROJECT_KEY | The Sonar-Projekt-Key of your Project. | ""
|SONAR_PROJECT_NAME | The Sonar-Projekt-Name. | "" (If you set project.name in maven the POM value will be used if this is empty)
|SONAR_EXCLUSIONS | Paths that will not be scanned by Sonar | **/target/**,**/src/test/**
|===
TIP: Der SONAR_TOKEN String kann über den persönlichen User Bereich in Sonar unter dem Tab _Security_ erzeugt werden.
Ein technischer User ist aktuell nicht möglich.
Das Token wird ausschließlich dafür benötigt, wenn der Sonar Buildbreaker über die Pipeline aktiviert wird (_sonar.buildbreaker.skip=true_).
Wenn der Build nicht gebrochen werden soll, kann es weggelassen werden.
:template: static-analysis/sonar-7.gitlab-ci.yml
include::../../../template-printer.adoc[]

21
documentation/chapters/templates/static-analysis/sonar-8.adoc Normal file
View File

@ -0,0 +1,21 @@
= Sonar 8
The following templates provide integrations for Sonar
More Details can be found here: https://www.exxcellent.de/confluence/x/RIWCC[Confluence: Sonar Plugin Setup].
.Variables
|===
|Name |Description | Default Value
|SONAR_HOST_URL | The Url for the Sonar server | https://sonar.exxcellent.de/sonar8
|SONAR_TOKEN | The Sonar token to call protected sonar functions | ""
|SONAR_PROJECT_KEY | The Sonar-Projekt-Key of your Project. | ""
|SONAR_PROJECT_NAME | The Sonar-Projekt-Name. | "" (Es wird dann standardmäßig der Maven project.name verwendet)
|SONAR_EXCLUSIONS | Paths that will not be scanned by Sonar | **/target/**,**/src/test/**
|SONAR_QUALITYGATE_WAIT | Defines if the quality-gate should be considered while evaluation.
Has to be `true` if the quality-gate should fail your pipelines. Please consider setting `allow_failure` to `true` if your pipeline shouldn't fail but the quality gate should be still called. | true
|SONAR_QUALITYGATE_TIMEOUT | Define the timeout time when the quality-gate should be timing out. | 10000
|===
:template: static-analysis/sonar-8.gitlab-ci.yml
include::../../../template-printer.adoc[]

12
documentation/chapters/templates/tool-documentation-tool.adoc
View File

@ -1,12 +0,0 @@
:sourcedir: ../../../
= Dokumentation-Tool-template
Das Dokumentation-Tool template.
Mehr Details und die Variablendokumentation sind hier zu finden: https://gitlab.exxcellent.de/gilden/ci/exxcellent-documentation-tool[Gilde CI/CD: exxcellent-documentation-tool].
.dokumentation-tool
[source,yaml]
----
include::{sourcedir}/tool-documentation.gitlab-ci.yml[]
----

29
documentation/chapters/templates/tool-sonar7.adoc
View File

@ -1,29 +0,0 @@
:sourcedir: ../../../
= Sonar 7 template
Ruft den Sonar Job für das Projekt auf.
Mehr Details zu finden hier: https://gitlab.exxcellent.de/gilden/ci/exxcellent-sonar-tool[Gilde CI/CD: exxcellent-sonar-tool].
.Variables
|===
|Name |Description | Default Value
|SONAR_HOST_URL | Die URL des eXXcellent sonar servers | http://sonar7.exxcellent.de/sonar7
|SONAR_TOKEN | Token um geschützte Sonar Funktionen auszuführen | ""
|SONAR_PROJECT_KEY | Der Sonar-Projekt-Key. | ""
|SONAR_PROJECT_NAME | Der Sonar-Projekt-Name. | "" (Es wird dann standardmäßig der Maven project.name verwendet)
|SONAR_EXCLUSIONS | Von Sonar auszuschließende Bereiche | **/target/**,**/src/test/**
|GRADLE_CLI_OPTS | Zusätzliche CLI Opts für Gradle | ""
|===
TIP: Der SONAR_TOKEN String kann über den persönlichen User Bereich in Sonar unter dem Tab _Security_ erzeugt werden.
Ein technischer User ist aktuell nicht möglich.
Das Token wird ausschließlich dafür benötigt, wenn der Sonar Buildbreaker über die Pipeline aktiviert wird (_sonar.buildbreaker.skip=true_).
Wenn der Build nicht gebrochen werden soll, kann es weggelassen werden.
.sonar-template
[source,yaml]
----
include::{sourcedir}/tool-sonar7.gitlab-ci.yml[]
----

28
documentation/chapters/templates/tool-sonar8.adoc
View File

@ -1,28 +0,0 @@
:sourcedir: ../../../
= Sonar 8 template
Ruft den Sonar Job für das Projekt auf.
Mehr Details zu finden hier: https://gitlab.exxcellent.de/gilden/ci/exxcellent-sonar-tool[Gilde CI/CD: exxcellent-sonar-tool].
.Variables
|===
|Name |Description | Default Value
|SONAR_HOST_URL | Die URL des eXXcellent sonar servers | https://sonar.exxcellent.de/sonar8
|SONAR_PROJECT_KEY | Der Sonar-Projekt-Key. | ""
|SONAR_PROJECT_NAME | Der Sonar-Projekt-Name. | "" (Es wird dann standardmäßig der Maven project.name verwendet)
|SONAR_EXCLUSIONS | Von Sonar auszuschließende Bereiche | **/target/**,**/src/test/**
|GRADLE_CLI_OPTS | Zusätzliche CLI Opts für Gradle | ""
|SONAR_QUALITYGATE_WAIT | Definiert, ob auf das Quality-Gate gewartet werden soll. Muss auf True gesetzt werden damit das Quality gate beachtet wird. Wenn das Quality-Gate beachtet werden aber die Pipeline nicht Fehlschlagen soll empfehlen das Flag `allow_failure` auf `true` zu setzen. | true
|SONAR_QUALITYGATE_TIMEOUT | Zeit bis zum Timeout der Quality gate abfrage | 10000
|===
TIP: Der SONAR_TOKEN String kann über den persönlichen User Bereich in Sonar unter dem Tab _Security_ erzeugt werden.
Ein technischer User ist aktuell nicht möglich.
.sonar-template
[source,yaml]
----
include::{sourcedir}/tool-sonar8.gitlab-ci.yml[]
----

34
documentation/contribution.adoc Normal file
View File

@ -0,0 +1,34 @@
:sourcedir: ../../../../templates
:gitlab-ci-file: /common/common-ci-variablen.gitlab-ci.yml
Please follow the these rules to provide excellent templates.
We found that these rules will lead to better and more usable templates.
== Template Names convention
Template Names should begin with the Prefix of the file there are contained in.
If a Template File contains more than on template a Suffix should be provided.
This Suffix should describe the functionality of the Template as good as posible.
This rules makes it easy to find the file within our repositories. If you only have a yml definition.
Our experience told us it can be hard to find the File a Template Job is in.
====
Example:
The file `fuu.gitlab-ci.yml` contains the template that start with `.fuu*`
It could Container the Templates `.fuu-feature1` or `.fuu-feature2`
====
== Mono Repo support
We try to give as much Mono-Repo support as possible.
Because of this, the execution path of jobs should be variable.
Use a `cd $SOME_VAR_TO_PATH` within your `script` or `before_script` definitions.
The default path to should point to `$CI_PROJECT_DIR`.
== Use of Before/After script
avoid using `before_script` and `after_script` within a template.
these scripts should be overridable by the template user.

134
documentation/document.adoc
View File

@ -19,9 +19,8 @@ endif::[]
:classification: Intern
:author: Marcel Feix <marcel.feix@exxcellent.de>
Diese Repository enthält alle generellen CI Templates der CI Gilde.
Templates für Tools werden in den Repositorys der Tools gepflegt.
This Repository contains all CI Templates maintained by the CI-Gilde.
It also provides templates for simpler integration of CI-Gilde Tools.
// ###########################################################################
// Das Inhaltsverzeichnis ist nur im generierten HTML/PDF sichtbar (immer an erster Stelle, technisch bedingt)
@ -32,65 +31,122 @@ toc::[]
// Attribut leveloffset addiert die gegebene Zahl zu den Überschriften im Dokument
// Alle Überschriften erscheinen also eine Ebene tiefer
// ###########################################################################
include::chapters/generalInformation.adoc[leveloffset=1]
== General Information
== Ansible Templates
include::generalInformation.adoc[leveloffset=1]
include::chapters/templates/common/common-ci-variablen.adoc[leveloffset=1]
include::chapters/templates/ansible.adoc[leveloffset=2]
== Contribution
include::contribution.adoc[leveloffset=1]
== Deployment - IaC
Our collection of Infrastructure as Code (IaC) Templates.
For Terraform Template please use the https://docs.gitlab.com/ee/user/infrastructure/iac/[official Templates] provided by Gitlab.
include::chapters/templates/IaC/ansible.adoc[leveloffset=2]
include::chapters/templates/IaC/docker-compose.adoc[leveloffset=2]
include::chapters/templates/IaC/ssh-transfer-data.adoc[leveloffset=2]
== Container Templates
include::chapters/templates/container-publish.adoc[leveloffset=2]
include::chapters/templates/container-publish-snapshot.adoc[leveloffset=2]
include::chapters/templates/container-scan.adoc[leveloffset=2]
include::chapters/templates/docker-compose-validate.adoc[leveloffset=2]
include::chapters/templates/docker-compose-deploy.adoc[leveloffset=2]
We have optimised building container within our templates a lot.
We found divide building and releasing containers into different jobs to be the fastest way to build container artefacts.
Because you can build your container while executing other verify stages.
Publishing containers is a very cheap operation.
== Versionierungs Templates
The following graph charts shows thru which stages containers will go and which artefakts will be passed between stages.
[mermaid]
Im folgende sind erweiterte Templates zu finden für das https://gitlab.exxcellent.de/gilden/ci/exxcellent-increase-version-tool[Increase-Version-Tool] der CI Gilde.
Es enthält auch eine Child-Pipeline-Konfiguration um den Versionierungsprozess innerhalb einer Pipeline darzustellen.
....
flowchart LR
subgraph Build Stage
build_src(Source Code Build) -- Needs Source artefacts --> build_c
build_c(Container-Build)
end
=== Templates
subgraph Verify Stage
build_c -- image.tar --> cve(Scan CVEs)
end
include::chapters/templates/push-tag-and-version-template.adoc[leveloffset=3]
include::chapters/templates/set-version-template.adoc[leveloffset=3]
include::chapters/templates/release-template.adoc[leveloffset=3]
subgraph Release Stage
cve -- image.tar / Scanned --> Publish
end
Publish -- image --> Registry
....
=== Pipeline
include::chapters/templates/container/container-build.adoc[leveloffset=2]
include::chapters/templates/container/container-publish.adoc[leveloffset=2]
include::chapters/templates/container/container-scan.adoc[leveloffset=2]
include::chapters/templates/container/docker-in-docker.adoc[leveloffset=2]
include::chapters/pipelines/update-version-pipeline.adoc[leveloffset=3]
== Releasing Templates
The following Templates provide an simpler integration into the https://gitlab.exxcellent.de/gilden/ci/exxcellent-increase-version-tool[Increase-Version-Tool] of the CI-Gilde.
We also provide finished Pipelines in our <<_pipelines>> section.
We highly recommend using those Pipelines since this is our reference Implementation.
include::chapters/templates/releasing/push-tag-and-version-template.adoc[leveloffset=3]
include::chapters/templates/releasing/set-version-template.adoc[leveloffset=3]
include::chapters/templates/releasing/release-template.adoc[leveloffset=3]
include::chapters/templates/releasing/release-gitlab-template.adoc[leveloffset=3]
include::chapters/templates/releasing/mail-template.adoc[leveloffset=3]
== NPM Templates
include::chapters/templates/npm-dependencies-template.adoc[leveloffset=2]
include::chapters/templates/npm-build-template.adoc[leveloffset=2]
include::chapters/templates/npm-lint-template.adoc[leveloffset=2]
include::chapters/templates/npm-test-template.adoc[leveloffset=2]
Our collection of NPM Templates.
include::chapters/templates/npm/npm-dependencies-template.adoc[leveloffset=2]
include::chapters/templates/npm/npm-build-template.adoc[leveloffset=2]
include::chapters/templates/npm/npm-lint-template.adoc[leveloffset=2]
include::chapters/templates/npm/npm-test-template.adoc[leveloffset=2]
== Maven Templates
include::chapters/templates/maven-dependencies-template.adoc[leveloffset=2]
include::chapters/templates/maven-build-template.adoc[leveloffset=2]
include::chapters/templates/maven-verify-template.adoc[leveloffset=2]
Our collection of Maven Templates.
include::chapters/templates/java/maven/maven-dependencies-template.adoc[leveloffset=2]
include::chapters/templates/java/maven/maven-build-template.adoc[leveloffset=2]
include::chapters/templates/java/maven/maven-verify-template.adoc[leveloffset=2]
include::chapters/templates/java/maven/maven-db-diff-template.adoc[leveloffset=2]
== Gradle Templates
Aktuell gehen wir davon das der Gradle Wrapper in dem Projekt vorhanden ist.
Sollte dieser noch nicht vorhanden sein kann er mit dem Befehl `gradle wrapper` erstellt werden.
Our collection of Gradle Templates.
Currently, we start our Templates from the Gradle Wrapper within your Projekt.
If you do not have a wrapper you can create on with the command `gradle wrapper`.
Please keep in mind updating the wrapper from time to time.
We recommend using https://www.exxcellent.de/confluence/x/S4WCC[Renovate] for this task.
include::chapters/templates/gradle-build-template.adoc[leveloffset=2]
include::chapters/templates/gradle-test-template.adoc[leveloffset=2]
include::chapters/templates/java/gradle/gradle-build-template.adoc[leveloffset=2]
include::chapters/templates/java/gradle/gradle-test-template.adoc[leveloffset=2]
include::chapters/templates/java/gradle/gradle-db-diff-template.adoc[leveloffset=2]
== Misc
== Static Analysis
include::chapters/templates/repo-cve-scan.adoc[leveloffset=2]
With the following collection we provide Static code and Artefact analysis tools.
== Weitere Gilden-Tools
include::chapters/templates/static-analysis/repo-cve-scan.adoc[leveloffset=2]
include::chapters/templates/static-analysis/sonar-7.adoc[leveloffset=2]
include::chapters/templates/static-analysis/sonar-8.adoc[leveloffset=2]
include::chapters/templates/tool-sonar7.adoc[leveloffset=2]
include::chapters/templates/tool-sonar8.adoc[leveloffset=2]
include::chapters/templates/tool-documentation-tool.adoc[leveloffset=2]
include::chapters/templates/mail-template.adoc[leveloffset=2]
include::chapters/templates/ssh-transfer-data-template.adoc[leveloffset=2]
== Documentation
This collection provides templates to simplify your dokumentation prozess.
include::chapters/templates/documentation/documentation.adoc[leveloffset=2]
== Licensing
This collection provides templates to simplify your licencing prozess.
include::chapters/templates/license/license.gitlab-ci.adoc[leveloffset=2]
include::chapters/templates/java/gradle/gradle-license.gitlab-ci.adoc[leveloffset=2]
include::chapters/templates/java/maven/maven-license.gitlab-ci.adoc[leveloffset=2]
[#_pipelines]
== Pipelines
include::chapters/pipelines/eXXcellent-release.adoc[leveloffset=3]

106
documentation/generalInformation.adoc Normal file
View File

@ -0,0 +1,106 @@
:sourcedir: ../../../../templates
== High Level Architektur.
The entire architektur of the templates build on the following five stages.
they are assumed to be in the following order but don't have to be.
[mermaid]
....
flowchart LR
Start --> dep(Dependencies)
dep --> build(Build)
build --> verify(Verfiy)
verify --> docs(Documentation)
docs --> Release
....
=== Dependencies - dependencies
Jobs within this stage are loading all needed Dependencies. This is done for better cache management of Dependencies.
=== Build - build
Jobs within this stage, build all needed artefacts that you need in later stages and for releasing.
In case you need to build multiple artefacts execute following jobs as soon as needed artefacts are build.
Look into Gitlabs https://docs.gitlab.com/ee/ci/yaml/#needs[Needs Documentation].
=== Verify - verify
Jobs within this stage verify your repository functionality.
This is the biggest stage, within most continues integrations.
Verify and Test as much as you can in these Jobs.
=== Documentation - docs
Jobs within this stage build and publish your documentation.
=== Release - release
Jobs within this stage publish your artefacts or automate creating Tags.
For more information look into <<_pipeline_release>>
== About Templates and Pipelines
Within this Repository all CI Templates and CI Pipeline-Templates of the CI-Gilde can be found.
Templates are predefined Jobs.
These jobs implement one Use-Case as good as possible.
There mend to be imported to your project as simple as possible and provide best practises learned in multiple projects.
Most Templates do not have dependencies between Jobs.
If Jobs have dependencies the documentation will tell you how to integrate it.
Templates can be found in the Directory `Templates`.
We also provide finished Pipeline-Templates to integrate into your project.
Gitlab-CI has the possibility to execute Multi-Project- and Child-Pipelines that can be hard to integrate.
We have Pipline-Templates that implement common CI-Problems we found in different projekts.
These Piplines-Templates are not as Dynamic as templates but allow to integrate a lot of functionality within a short time.
Pipeline-Templates can be found in the Directory `Pipeline`.
== How to use Templates?
To use our Templates in your project you have to do the following:
1. `Include` the Template file you want to use within your `.gitlab-ci.yaml` File.
2. Now you have access to the template within your CI file.
Use the keyword `extend` to extend on the imported Template.
3. Most of the time you also have to provide additional variables within you CI Configuration.
To change or override a functionality of the gitlab Template just configure your gitlab-ci Job normally.
Read more about the `extend` keyword https://docs.gitlab.com/ee/ci/yaml/yaml_optimization.html#use-extends-to-reuse-configuration-sections[here]
====
The following example has the key `ref` set to the Tag `2.0.0`.
We recommend setting the `ref` to a Tag of the repository.
Changes on Master will not destroy your CI-Skripts.
To update this `ref` we recommend using Renovate.
You can also follow the Main branch of this repository.
We try not to break your stuff.
We are still learning a lot of stuff.
====
[source,yaml]
----
stages:
- test-image
include:
- project: 'gilden/ci/gitlab-ci-templates'
ref: '2.0.0'
file:
- '/templates/java/maven/maven-verify.gitlab-ci.yml'
test-image:
stage: test-image
extends: .maven-verify
#Example overriding Variable
variables:
GRADLE_CLI_OPTS: "$SOME_VARIABLE"
#Example overriding rules
rules:
- if: $SOME_VARIABLE
#Example overriding scripts
before_script:
- echo "my overriding changes"
----
== How to use Pipeline-Templates?
Most Pipelines Templates just have to be `included` within your CI File.
These have a high integration and are not really dynamic.
Please read the Dokumentation of every pipeline-template.

17
documentation/template-printer.adoc Normal file
View File

@ -0,0 +1,17 @@
.Include
[source,yaml,subs=attributes]
----
include:
- project: 'gilden/ci/gitlab-ci-templates'
ref: 'master'
file:
- '/templates/{template}'
----
.Original Template
[source,yaml]
----
include::../templates/{template}[]
----

10
gradle-build-template.gitlab-ci.yml
View File

@ -1,10 +0,0 @@
.gradle-build:
stage: build
image: $GRADLE_IMAGE
script:
- "./gradlew --build-cache clean assemble $GRADLE_CLI_OPTS"
artifacts:
expire_in: 2 weeks
when: on_success
paths:
- "**/build"

10
gradle-test-template.gitlab-ci.yml
View File

@ -1,10 +0,0 @@
.gradle-test:
image: $GRADLE_IMAGE
stage: test
script:
- "./gradlew --build-cache test $GRADLE_CLI_OPTS"
artifacts:
expire_in: 2 weeks
reports:
junit:
- "**/build/test-results/**/TEST-*.xml"

10
maven-build-template.gitlab-ci.yml
View File

@ -1,10 +0,0 @@
.maven-build:
stage: build
image: $MAVEN_IMAGE
script:
- mvn $MAVEN_CLI_OPTS package -DskipTests
artifacts:
expire_in: 2 weeks
when: always
paths:
- $BACKEND_DIR/target/*.jar

5
maven-dependencies-template.gitlab-ci.yml
View File

@ -1,5 +0,0 @@
.maven-dependencies:
stage: dependencies
image: $MAVEN_IMAGE
script:
- "mvn $MAVEN_CLI_OPTS dependency:resolve"

12
maven-verify-template.gitlab-ci.yml
View File

@ -1,12 +0,0 @@
.maven-test:
image: $MAVEN_IMAGE
stage: test
script:
- mvn $MAVEN_CLI_OPTS verify
artifacts:
expire_in: 2 weeks
reports:
junit:
- target/surefire-reports/TEST-*.xml
- target/failsafe-reports/TEST-*.xml

11
npm-build-template.gitlab-ci.yml
View File

@ -1,11 +0,0 @@
.npm-build:
image: $NODE_IMAGE
stage: build
script:
- npm install
- npm run build
artifacts:
expire_in: 2 weeks
when: always
paths:
- "**/dist/"

5
npm-dependencies-template.gitlab-ci.yml
View File

@ -1,5 +0,0 @@
.npm-dependencies:
image: $NODE_IMAGE
stage: dependencies
script:
- npm install

12
npm-lint-template.gitlab-ci.yml
View File

@ -1,12 +0,0 @@
.npm-lint:
image: $NODE_IMAGE
stage: test
before_script:
script:
- npm install -g eslint
- npm run lint
# artifacts: todo add lint results in artifact if posible
# expire_in: 2 weeks
# when: always
# paths:
# - dist/*

8
npm-test-template.gitlab-ci.yml
View File

@ -1,8 +0,0 @@
.npm-test:
image: $NODE_IMAGE
stage: test
before_script:
- npm install -g rimraf karma
script:
- cd $FRONTEND_DIR
- npm run test-ci

18
pipelines/java-gradle.gitlab-ci.yml Normal file
View File

@ -0,0 +1,18 @@
include:
- '/templates/java/gradle/gradle-build.gitlab-ci.yml'
- '/templates/java/gradle/gradle-verify.gitlab-ci.yml'
- '/templates/static-analysis/repo-cve-scan-trivy.gitlab-ci.yml'
- '/templates/static-analysis/sonar-8.gitlab-ci.yml'
Build-Java:
extends: .gradle-build
Test-Java:
extends: .gradle-verify
needs:
- job: "Build-Java"
artifacts: true
Repo-CVE-Scan:
allow_failure: true
extends: .repo-cve-scan-trivy

26
pipelines/java-maven.gitlab-ci.yml Normal file
View File

@ -0,0 +1,26 @@
include:
- '/templates/java/maven/maven-dependencies.gitlab-ci.yml'
- '/templates/java/maven/maven-build.gitlab-ci.yml'
- '/templates/java/maven/maven-verify.gitlab-ci.yml'
- '/templates/java/maven/maven-database-diff.gitlab-ci.yml'
- '/templates/static-analysis/repo-cve-scan-trivy.gitlab-ci.yml'
- '/templates/static-analysis/sonar-8.gitlab-ci.yml'
Dependencies-Java:
extends: .maven-dependencies
Build-Java:
extends: .maven-build
needs:
- job: "Dependencies-Java"
artifacts: true
Test-Java:
extends: .maven-verify
needs:
- job: "Build-Java"
artifacts: true
Repo-CVE-Scan:
allow_failure: true
extends: .repo-cve-scan-trivy

31
pipelines/npm.gitlab-ci.yml Normal file
View File

@ -0,0 +1,31 @@
stages:
- dependencies
- build
- verify
include:
- '/templates/common/common-ci-variablen.gitlab-ci.yml'
- '/templates/npm/npm-dependencies.gitlab-ci.yml'
- '/templates/npm/npm-build.gitlab-ci.yml'
- '/templates/npm/npm-verify.gitlab-ci.yml'
- '/templates/npm/npm-lint.gitlab-ci.yml'
- '/templates/npm/npm-e2e.gitlab-ci.yml'
variables:
FRONTEND_DIR: ''
FRONTEND_BUILD_DIR: 'dist'
Dependencies-npm:
extends: .npm-dependencies
Build-npm:
extends: .npm-build
Verify-npm:
extends: .npm-verify
Lint-npm:
extends: .npm-lint
E2E-npm:
extends: .npm-e2e

35
pipelines/release/eXXcellent-release-Child.gitlab-ci.yml Normal file
View File

@ -0,0 +1,35 @@
stages:
- set-version
- push-tag
include:
- local: 'templates/releasing/set-version.gitlab-ci.yml'
variables:
BUMP_VERSION: "major"
increase-version:
rules:
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
- if: $CI_COMMIT_REF_NAME == 'Templates2.0'
- if: $CI_COMMIT_REF_NAME =~ /^RELEASE.*/
variables:
TAG: "true"
before_script:
- setup-ssh
extends: .set-version
push-tag-and-branch:
stage: push-tag
image: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-ssh-tool:1.4.0
rules:
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
- if: $CI_COMMIT_REF_NAME == 'Templates2.0'
before_script:
- setup-ssh
- echo $VERSION
- pull
script:
- git checkout -b RELEASE-$VERSION
- git tag $VERSION
- git push origin RELEASE-$VERSION $VERSION

34
pipelines/release/eXXcellent-release-Main-Prerelease.gitlab-ci.yml Normal file
View File

@ -0,0 +1,34 @@
include:
- local: 'templates/releasing/release.gitlab-ci.yml'
- local: 'templates/releasing/release-gitlab.gitlab-ci.yml'
# Creates next major prerelease on master (e.g.: 2.0.0-rc.1 --> 3.0.0-rc.1)
a.major-prerelease:
extends: .release-default
variables:
BUMP_VERSION: "major prerelease"
MODE: "bump"
# Creates next minor prerelease on master (e.g.: 2.0.0-rc.1 --> 2.1.0-rc.1)
b.minor-prerelease:
extends: .release-default
variables:
BUMP_VERSION: "minor prerelease"
MODE: "bump"
# Creates release on release branch (e.g.: 2.0.0-rc.1 --> 2.0.0)
c.patch-release:
extends: .release-release-branch
variables:
BUMP_VERSION: "patch"
MODE: "next_version"
# Creates next prerelease on release branch (e.g.: 2.0.0 --> 2.0.1-rc.1 or 2.0.0-rc.1 --> 2.0.0-rc.2)
d.patch-prerelease:
extends: .release-release-branch
variables:
BUMP_VERSION: "prerelease"
MODE: "next_version"
Create-Gitlab-Release:
extends: .release-create-gitlab

33
pipelines/release/eXXcellent-release-Main.gitlab-ci.yml Normal file
View File

@ -0,0 +1,33 @@
include:
- local: 'templates/releasing/release.gitlab-ci.yml'
- local: 'templates/releasing/release-gitlab.gitlab-ci.yml'
a.major-release:
extends: .release-default
variables:
BUMP_VERSION: "major"
b.minor-release:
extends: .release-default
variables:
BUMP_VERSION: "minor"
c.patch-release:
extends: .release-release-branch
variables:
BUMP_VERSION: "patch"
d.prerelease-release:
extends: .release-release-branch
variables:
BUMP_VERSION: "prerelease"
SIMPLIFY: "true"
e.build-release:
extends: .release-release-branch
variables:
BUMP_VERSION: "build"
SIMPLIFY: "true"
Create-Gitlab-Release:
extends: .release-create-gitlab

19
pipelines/update-version-pipeline.gitlab-ci.yml
View File

@ -1,19 +0,0 @@
stages:
- set-version
- push-tag-and-version
include:
- local: 'set-version-template.gitlab-ci.yml'
- local: 'push-tag-and-version-template.gitlab-ci.yml'
variables:
BUMP_VERSION: "major"
increase-version:
stage: set-version
extends: .set-version
push-tag-and-version:
stage: push-tag-and-version
extends: .push-tag-and-version

13
release-template.gitlab-ci.yml
View File

@ -1,13 +0,0 @@
.release-template:
stage: release
rules:
- if: '$CI_PIPELINE_SOURCE == "pipeline"'
when: never
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
when: manual
- when: never
variables:
PARENT_PIPELINE_ID: $CI_PIPELINE_ID
trigger:
include: release.gitlab-ci.yml
strategy: depend

13
release.gitlab-ci.yml Normal file
View File

@ -0,0 +1,13 @@
include:
- local: 'templates/releasing/set-version.gitlab-ci.yml'
- local: 'templates/releasing/release.gitlab-ci.yml'
stages:
- set-version
increase-version:
extends: .set-version
before_script:
- setup-ssh
variables:
TAG: "true"

11
renovate.json
View File

@ -27,6 +27,17 @@
"depNameTemplate": "aquasecurity/trivy",
"datasourceTemplate": "github-releases",
"extractVersionTemplate": "^v(?<version>.*)$"
},
{
"fileMatch": [
"docker-compose.gitlab-ci.yml$"
],
"matchStrings": [
"DOCKER_COMPOSE_VERSION: (?<currentValue>.*)\\s"
],
"depNameTemplate": "docker/compose",
"datasourceTemplate": "github-releases",
"extractVersionTemplate": "^v(?<version>.*)$"
}
]
}

0
ansible.gitlab-ci.yml → templates/IaC/ansible.gitlab-ci.yml
View File

61
templates/IaC/docker-compose.gitlab-ci.yml Normal file
View File

@ -0,0 +1,61 @@
.docker-compose-deploy:
image: docker:20.10.16-alpine3.15
stage: deploy
variables:
DOCKER_COMPOSE_VERSION: v2.6.1
SCP_DESTINATION: ""
SCP_SOURCE: $CI_PROJECT_DIR
COMPOSE_EXTRA_ARGS: ""
COMPOSE_UP_EXTRA_ARGS: ""
SSH_URL: ""
SSH_USER: ""
SSH_PORT: "22"
DOCKER_REGISTRY: "$CI_REGISTRY"
DOCKER_REGISTRY_PASS: "$CI_REGISTRY_PASSWORD"
DOCKER_REGISTRY_USER: "$CI_REGISTRY_USER"
ENV_SETUP_FILE: "setup_env.sh"
SSH_PRIVATE_KEY_DEPLOY: $SSH_PRIVATE_KEY
rules:
- when: manual
# https://docs.gitlab.com/ee/ci/ssh_keys/
before_script:
- if [ -f "$ENV_SETUP_FILE" ]; then chmod +x ./$ENV_SETUP_FILE; ./$ENV_SETUP_FILE; fi
- 'command -v ssh-agent >/dev/null || ( apk --update add openssh-client )'
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY_DEPLOY" | tr -d '\r' | ssh-add -
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
# Add keys to known hosts for Docker Compose
- ssh-keyscan $SSH_URL >> ~/.ssh/known_hosts
#Install docker Compose, from release directly
- wget https://github.com/docker/compose/releases/download/$DOCKER_COMPOSE_VERSION/docker-compose-linux-x86_64 -O /usr/local/bin/docker-compose
- chmod +x /usr/local/bin/docker-compose
script:
- export DOCKER_HOST=ssh://$SSH_USER@$SSH_URL:$SSH_PORT
- if [[ -n "$SCP_SOURCE" && -n "$SCP_DESTINATION" ]]; then scp -rp $SCP_SOURCE $SSH_USER@$SSH_URL:$SCP_DESTINATION; fi
- if [[ -n "$DOCKER_REGISTRY" ]]; then echo "$DOCKER_REGISTRY_PASS" | docker login $DOCKER_REGISTRY --username $DOCKER_REGISTRY_USER --password-stdin; fi
- docker-compose $COMPOSE_EXTRA_ARGS pull
- docker-compose $COMPOSE_EXTRA_ARGS up -d --remove-orphans $COMPOSE_UP_EXTRA_ARGS
.broken-ssh-connection-workaround:
script:
- export DOCKER_HOST=unix:///tmp/docker.sock
- if [[ -n "$SCP_SOURCE" && -n "$SCP_DESTINATION" ]]; then scp -rp $SCP_SOURCE $SSH_USER@$SSH_URL:$SCP_DESTINATION; fi
# Tunnel Docker socket from remote Maschine to local Maschine. This should be more stable than the current SSH Implementation of Docker
- rm -f /tmp/docker.sock
- ssh -M -S docker-ctrl-socket -fnNT -L /tmp/docker.sock:/var/run/docker.sock "$SSH_USER@$SSH_URL" -p $SSH_PORT -o ControlPersist=no
- if [[ -n "$DOCKER_REGISTRY" ]]; then echo "$DOCKER_REGISTRY_PASS" | docker login $DOCKER_REGISTRY --username $DOCKER_REGISTRY_USER --password-stdin; fi
- docker-compose $COMPOSE_EXTRA_ARGS pull
- docker-compose $COMPOSE_EXTRA_ARGS up -d --remove-orphans $COMPOSE_UP_EXTRA_ARGS
.docker-compose-validate:
image: docker:20.10.16-alpine3.15
stage: verify
variables:
DOCKER_COMPOSE_VERSION: v2.6.1
before_script:
#Install docker Compose, from release directly
- wget https://github.com/docker/compose/releases/download/$DOCKER_COMPOSE_VERSION/docker-compose-linux-x86_64 -O /usr/local/bin/docker-compose
- chmod +x /usr/local/bin/docker-compose
script:
- docker-compose $COMPOSE_EXTRA_ARGS config

0
ssh-transfer-data-template.gitlab-ci.yml → templates/IaC/ssh-transfer-data.gitlab-ci.yml
View File

69
templates/common/common-ci-variablen.gitlab-ci.yml Normal file
View File

@ -0,0 +1,69 @@
cache:
key: "$CI_JOB_NAME"
paths:
# Cache Maven
- .m2/repository
# Cache NPM
#- $FRONTEND_DIR/dist
# Cache Gradle
- .gradle
- '**/build'
- "**/target"
#- "**/node_modules"
variables:
##NPM / Node Settings
NODE_IMAGE:
value: node:16-alpine3.15
description: The node image that will be used from the CI.
## Playwright Image
NODE_E2E_IMAGE:
value: mcr.microsoft.com/playwright:v1.23.1-focal
description: The image that will be used for E2E jobs.
##Global Variables we use in our CI scripts when using maven
MAVEN_IMAGE:
value: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-java-maven-base-image:java11-maven3.8.5
description: The Maven image that will be used from the CI.
MAVEN_OPTS:
value: >
-Dhttps.protocols=TLSv1.2
-Dmaven.repo.local=$CI_PROJECT_DIR/.m2/repository
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN
-Dorg.slf4j.simpleLogger.showDateTime=true
-Djava.awt.headless=true
description: "Additional options that are passed to Maven for faster/stable execution"
MAVEN_CLI_OPTS:
value: >
--batch-mode
--errors
--fail-at-end
--show-version
-DinstallAtEnd=true
-DdeployAtEnd=true
description: "Additional options that are passed to Maven for faster/stable execution"
##Global Variables we use in our CI scripts when using Gradle
GRADLE_OPTS:
value: "-Dorg.gradle.daemon=false"
description: "Additional options that are passed to gradle for faster/stable execution"
GRADLE_IMAGE:
value: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-java-maven-base-image:java11-maven3.8.3_latest
description: "Default Image to use in Gradle Jobs"
# Currently, we use the Maven image and use the Gradle Wrapper. This is slower but more compatible to your gradle scripts.
# Please Update your Gradle Wrapper from time to time. Use Renovate to automat that task.
##Set default directories for frontend and backend templates
FRONTEND_DIR:
value: $CI_PROJECT_DIR
description: "Default directories for the Frontend when having a frontend and a backend within your repo"
BACKEND_DIR:
value: $CI_PROJECT_DIR
description: "Default directories for the Backend when having a frontend and a backend within your repo"

51
templates/container/container-build.gitlab-ci.yml Normal file
View File

@ -0,0 +1,51 @@
.container-build-common:
stage: build
variables:
CONTEXT_LOCATION: $CI_PROJECT_DIR
EXTRA_ARGS: ""
artifacts:
paths:
- image.tar
.container-build-jib-maven:
extends: .container-build-common
image: $MAVEN_IMAGE
script:
- >
if [ "$CONTEXT_LOCATION" != "" ]; then
cd $CONTEXT_LOCATION
fi
- mvn $MAVEN_CLI_OPTS jib:buildTar -DskipTests -Djib.outputPaths.tar=$CI_PROJECT_DIR/image.tar $EXTRA_ARGS
.container-build-jib-gradle:
extends: .container-build-common
image: $GRADLE_IMAGE
variables:
EXTRA_ARGS: $GRADLE_EXTRA_ARGS
script:
- >
if [ "$CONTEXT_LOCATION" != "" ]; then
cd $CONTEXT_LOCATION
fi
- ./gradlew $GRADLE_CLI_OPTS jibBuildTar -DskipTests -Djib.outputPaths.tar=$CI_PROJECT_DIR/image.tar $EXTRA_ARGS
.container-build-kaniko:
extends: .container-build-common
image:
name: gcr.io/kaniko-project/executor:v1.8.0-debug
entrypoint: [ "" ]
variables:
DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile
REGISTRY_MIRROR: --registry-mirror nexus.corp.exxcellent.de:18000 --skip-tls-verify-registry nexus.corp.exxcellent.de:18000
script:
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"$DOCKER_REGISTRY\":{\"username\":\"$DOCKER_REGISTRY_USER\",\"password\":\"$DOCKER_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
- >-
/kaniko/executor
--context $CONTEXT_LOCATION
--dockerfile $DOCKERFILE_LOCATION
--no-push
--destination $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA
$EXTRA_ARGS
$REGISTRY_MIRROR
--tarPath image.tar

26
templates/container/container-publish.gitlab-ci.yml Normal file
View File

@ -0,0 +1,26 @@
.container-publish:
stage: release
image:
name: quay.io/containers/skopeo:v1.7.0
entrypoint: [ "" ]
variables:
CONTAINER_REGISTRY: $CI_REGISTRY_IMAGE
CONTAINER_REGISTRY_USER: $CI_REGISTRY_USER
CONTAINER_REGISTRY_PASSWORD: $CI_REGISTRY_PASSWORD
EXTRA_PATH: ""
rules:
- if: $CI_COMMIT_TAG
variables:
IMAGE_TAG: $CI_COMMIT_TAG
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
variables:
IMAGE_TAG: $CI_COMMIT_SHORT_SHA
EXTRA_PATH: "/snapshot"
- if: $CI_COMMIT_REF_NAME ~= "feat"
variables:
IMAGE_TAG: "latest"
EXTRA_PATH: "/feat/$CI_COMMIT_REF_NAME"
- when: never
script:
- skopeo login --username $CONTAINER_REGISTRY_USER --password $CONTAINER_REGISTRY_PASSWORD $CONTAINER_REGISTRY --tls-verify=false
- skopeo copy "docker-archive:image.tar" "docker://${CONTAINER_REGISTRY}${EXTRA_PATH}:${IMAGE_TAG}" $EXTRA_ARGS --dest-tls-verify=false

19
templates/container/container-scan.gitlab-ci.yml Normal file
View File

@ -0,0 +1,19 @@
.container-scan-trivy:
image:
name: docker.io/aquasec/trivy:0.29.2
entrypoint: [ "" ]
stage: verify
variables:
IMAGE_PATH: $CI_PROJECT_DIR/image.tar
EXITCODE: 1
TRIVY_EXTRA_ARGS: "--no-progress --ignore-unfixed --severity HIGH,CRITICAL --input image.tar"
cache:
paths:
- .trivycache/
artifacts:
reports:
junit: junit-report.xml
script:
# Builds report and puts it in the default workdir $CI_PROJECT_DIR, so artifacts: can take it from there
- trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code 0 --format template --template "/contrib/junit.tpl" -o junit-report.xml
- trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code $EXITCODE

22
templates/container/docker-in-docker.gitlab-ci.yml Normal file
View File

@ -0,0 +1,22 @@
.docker-in-docker:
services:
- name: docker:20.10.17-dind
command:
- "--registry-mirror"
- "https://nexus.corp.exxcellent.de:18000"
- "--insecure-registry"
- "nexus.corp.exxcellent.de:18000"
- "--insecure-registry"
- "gitlab.exxcellent.de:4567"
# explicitly disable tls to avoid docker startup interruption
- "--tls=false"
alias: docker
variables:
# Instruct Testcontainers to use the daemon of DinD.
DOCKER_HOST: "tcp://docker:2375"
# Instruct Docker not to start over TLS.
DOCKER_TLS_CERTDIR: ""
# Improve performance with overlayfs.
DOCKER_DRIVER: overlay2
# Needed by testcontainers https://www.testcontainers.org/supported_docker_environment/continuous_integration/gitlab_ci/
TESTCONTAINERS_HOST_OVERRIDE: "host.docker.internal"

19
tool-documentation.gitlab-ci.yml → templates/documentations/documentation.gitlab-ci.yml
View File

@ -1,4 +1,4 @@
.documentation-tool-template:
.documentation-tool-common:
image: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-documentation-tool:1.6.1
variables:
REV_NUMBER: $CI_COMMIT_SHORT_SHA
@ -12,21 +12,22 @@
- generate --type html
- generate --type pdf
.check_confluence_validity-template:
extends: .documentation-tool-template
stage: generate-docs
.documentation-check-confluence-validity:
extends: .documentation-tool-common
stage: verify
needs: []
variables:
OUTPUT_DIR: merge_requests
script:
- check-validity
artifacts:
paths: [ merge_requests/ ]
rules:
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
script:
- check-validity
.pages-template:
extends: .documentation-tool-template
stage: generate-docs
.documentation-publish:
extends: .documentation-tool-common
stage: docs
variables:
OUTPUT_DIR: public
script:

21
templates/java/gradle/gradle-build.gitlab-ci.yml Normal file
View File

@ -0,0 +1,21 @@
.gradle-build:
stage: build
image: $GRADLE_IMAGE
before_script:
- >
if [ "$BACKEND_DIR" != "" ]; then
cd $BACKEND_DIR
fi
# Replace version in Gradle file with $CI_COMMIT_TAG
- >
if [ ! -z "$CI_COMMIT_TAG" ] && [ ! -z "$PATH_TO_VERSION_FILE" ]; then
export GRADLE_VERSION=$(awk '/^version/{print $NF}' $PATH_TO_VERSION_FILE)
$(sed -i /^version/s/$GRADLE_VERSION/\'$CI_COMMIT_TAG\'/ $PATH_TO_VERSION_FILE)
fi
script:
- "./gradlew --build-cache assemble $GRADLE_CLI_BUILD_OPTS $GRADLE_CLI_OPTS $GRADLE_EXTRA_OPTS"
artifacts:
expire_in: 2 weeks
when: on_success
paths:
- "**/build"

17
templates/java/gradle/gradle-database-diff.gitlab-ci.yml Normal file
View File

@ -0,0 +1,17 @@
include:
local: "templates/java/java-common-db.gitlab-ci.yml"
.gradle-database-diff:
extends:
- .database-diff-common
image: $GRADLE_IMAGE
variables:
GRADLE_EXTRA_OPTS: ""
PATH_TO_DIFF: "build/db-diff.xml"
script:
- >
if [ "$BACKEND_DIR" != "" ]; then
cd $BACKEND_DIR
fi
- ./gradlew liquibase:update liquibase:diff $GRADLE_CLI_OPTS $GRADLE_EXTRA_OPTS

15
templates/java/gradle/gradle-license.gitlab-ci.yml Normal file
View File

@ -0,0 +1,15 @@
.gradle-licence-bom:
image: $GRADLE_IMAGE
stage: build
script:
- >
if [ "$BACKEND_DIR" != "" ]; then
cd $BACKEND_DIR
fi
- "./gradlew --build-cache cyclonedxBom $GRADLE_CLI_OPTS $GRADLE_EXTRA_OPTS"
needs: []
artifacts:
expire_in: 2 weeks
reports:
junit:
- "$BACKEND_DIR/build/reports/bom.json"

14
templates/java/gradle/gradle-verify.gitlab-ci.yml Normal file
View File

@ -0,0 +1,14 @@
.gradle-verify:
image: $GRADLE_IMAGE
stage: verify
script:
- >
if [ "$BACKEND_DIR" != "" ]; then
cd $BACKEND_DIR
fi
- "./gradlew --build-cache test $GRADLE_CLI_OPTS $GRADLE_EXTRA_OPTS"
artifacts:
expire_in: 2 weeks
reports:
junit:
- "**/build/test-results/**/TEST-*.xml"

13
templates/java/java-common-db.gitlab-ci.yml Normal file
View File

@ -0,0 +1,13 @@
.database-diff-common:
stage: verify
artifacts:
when: on_failure
expire_in: 2 weeks
paths:
- $PATH_TO_DIFF
after_script:
- >
if grep -x '<databaseChangeLog .*/>' $PATH_TO_DIFF;
then printf 'Found no Difference in DB-Diff.\n'; exit 0;
else printf 'DB-Diff has Found changes.\n'; exit 1;
fi

Some files were not shown because too many files have changed in this diff Show More