paul/gilde-ci-cd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat(Templates): Ideal eXXcellent Pipeline

Browse Source
This commit is contained in:
Marcel Feix 2022-03-04 16:12:26 +01:00
parent 13ffa82aea
commit 86ed4d3850
No known key found for this signature in database
GPG Key ID: 04D016E104A25F03
85 changed files with 1054 additions and 786 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
.gitlab-ci.yml
View File

@ -1,23 +1,26 @@
stages:
- test
- generate-docs
- verify
- documentation
- release
include:
- local: 'release-template.gitlab-ci.yml'
- local: 'tool-documentation.gitlab-ci.yml'
- local: 'templates/releasing/release.gitlab-ci.yml'
- local: 'templates/releasing/release-gitlab.gitlab-ci.yml'
- local: 'templates/documentations/documentation.gitlab-ci.yml'
Test-Java-Backend:
stage: test
stage: verify
rules:
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
when: always
- when: never
- when: manual
trigger:
project: gilden/ci/java-backend-template
branch: "Templates2.0"
strategy: depend
check_confluence_validity:
extends: .documentation-ckeck-confluence-validity
variables:
DOCUMENT_ROOT: "documentation"
INPUT_FILE: "document.adoc"
@ -28,9 +31,9 @@ check_confluence_validity:
TEXT_GENERATED_HINT: '<ac:structured-macro ac:name="warning"><ac:parameter ac:name="title" /><ac:rich-text-body>This is a generated page, do not edit! All changes must happen in the <a href="${CI_PROJECT_URL}">Repository</a>
.</ac:rich-text-body></ac:structured-macro>'
FILE_INPUT: "index.html,107524048,CI Templates"
extends: .check_confluence_validity-template
pages:
extends: .documentation-publish
variables:
DOCUMENT_ROOT: "documentation"
INPUT_FILE: "document.adoc"
@ -41,35 +44,25 @@ pages:
TEXT_GENERATED_HINT: '<ac:structured-macro ac:name="warning"><ac:parameter ac:name="title" /><ac:rich-text-body>This is a generated page, do not edit! All changes must happen in the <a href="${CI_PROJECT_URL}">Repository</a>
.</ac:rich-text-body></ac:structured-macro>'
FILE_INPUT: "index.html,107524048,CI Templates"
extends: .pages-template
.release-template:
trigger:
include: pipelines/update-version-pipeline.gitlab-ci.yml
strategy: depend
a.major-release:
extends: .release-template
extends:
- .release-default
variables:
BUMP_VERSION: "major"
b.minor-release:
extends: .release-template
extends:
- .release-default
variables:
BUMP_VERSION: "minor"
c.patch-release:
extends: .release-template
extends:
- .release-default
variables:
BUMP_VERSION: "patch"
d.prerelease-release:
extends: .release-template
variables:
BUMP_VERSION: "prerelease"
e.build-release:
extends: .release-template
variables:
BUMP_VERSION: "build"
create-gitlab-release:
extends: .release-create-gitlab

3
.idea/misc.xml
View File

@ -3,4 +3,7 @@
<component name="ProjectRootManager">
<output url="file://$PROJECT_DIR$/out" />
</component>
<component name="ProjectType">
<option name="id" value="jpab" />
</component>
</project>

51
STD-variablen-Template.gitlab-ci.yml
View File

@ -1,51 +0,0 @@
stages:
- dependencies
- build
- test
- set-version
- publish
- post-process
- package
cache:
key: "$CI_JOB_NAME"
paths:
# Cache Maven
- .m2/repository
# Cache NPM
- $FRONTEND_DIR/dist
# Cache Gradle
- .gradle
- build
variables:
CI_REGISTRY: gitlab.exxcellent.de:4567
##NPM / Node Settings
NODE_IMAGE: node:16-alpine3.15
##Global Variables we use in our CI scripts when using maven
MAVEN_IMAGE: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-java-maven-base-image:java11-maven3.8.3_latest
MAVEN_OPTS: >
-Dhttps.protocols=TLSv1.2
-Dmaven.repo.local=$CI_PROJECT_DIR/.m2/repository
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN
-Dorg.slf4j.simpleLogger.showDateTime=true
-Djava.awt.headless=true
MAVEN_CLI_OPTS: >
--batch-mode
--errors
--fail-at-end
--show-version
-DinstallAtEnd=true
-DdeployAtEnd=true
##Global Variables we use in our CI scripts when using Gradle
GRADLE_OPTS: "-Dorg.gradle.daemon=false"
GRADLE_IMAGE: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-java-maven-base-image:java11-maven3.8.3_latest
# Currently we use the Maven image and use the Gradle Wrapper. This is slower but saver at the moment
##Set default directories for frontend and backend templates
FRONTEND_DIR: $CI_PROJECT_DIR
BACKEND_DIR: $CI_PROJECT_DIR

30
container-publish-snapshot.gitlab-ci.yml
View File

@ -1,30 +0,0 @@
include:
- local: 'container-publish.gitlab-ci.yml'
.container-publish-snapshot-rules: &container-publish-snapshot-rules
stage: snapshot
rules:
- if: "$CI_PIPELINE_SOURCE == 'merge_request_event'"
when: never
- if: '$CI_COMMIT_REF_NAME =~ /^feature/'
variables:
IMAGE_TAG: $CI_COMMIT_REF_SLUG
- if: '$CI_COMMIT_REF_NAME =~ /^refactor/'
variables:
IMAGE_TAG: $CI_COMMIT_REF_SLUG
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
variables:
IMAGE_TAG: "latest"
- when: never
.publish-image-jib-maven-snapshot:
<<: *container-publish-snapshot-rules
extends: .publish-image-jib-maven
.publish-image-jib-gradle-snapshot:
<<: *container-publish-snapshot-rules
extends: .publish-image-jib-gradle
.publish-image-kaniko-snapshot:
<<: *container-publish-snapshot-rules
extends: .publish-image-kaniko

68
container-publish.gitlab-ci.yml
View File

@ -1,68 +0,0 @@
.container-publish-common-variables: &container-publish-common-variables
DOCKER_REGISTRY: $CI_REGISTRY_IMAGE
DOCKER_REGISTRY_USER: $CI_REGISTRY_USER
DOCKER_REGISTRY_PASSWORD: $CI_REGISTRY_PASSWORD
EXTRA_ARGS: ""
USE_VERSIONFILE: "false"
ARTIFACT: "version"
.container-publish-common: &container-publish-common
before_script:
- if [ "$USE_VERSIONFILE" == "true" ]; then IMAGE_TAG=$(cat ./"$ARTIFACT"); fi
- export PARSED_VERSION=$(echo $IMAGE_TAG | sed -r 's/\+/_/g') # Replace + sign since this is not valid in a docker tag
- echo $PARSED_VERSION
stage: package
rules:
- if: $CI_COMMIT_TAG
variables:
IMAGE_TAG: $CI_COMMIT_TAG
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
variables:
USE_VERSIONFILE: "true"
- when: never
.publish-image-jib-maven:
image: $MAVEN_IMAGE
<<: *container-publish-common
variables:
<<: *container-publish-common-variables
MVN_VERSION: "true"
script:
- >
if [ "${MVN_VERSION}" == "true" ]; then
mvn versions:set -DnewVersion=$PARSED_VERSION -DgenerateBackupPoms=false
fi
- mvn $MAVEN_CLI_OPTS compile jib:build $EXTRA_ARGS
"-DskipTests"
"-Djib.to.image=$DOCKER_REGISTRY:$PARSED_VERSION"
"-Djib.to.auth.username=$DOCKER_REGISTRY_USER"
"-Djib.to.auth.password=$DOCKER_REGISTRY_PASSWORD"
.publish-image-jib-gradle:
image: $GRADLE_IMAGE
<<: *container-publish-common
variables:
<<: *container-publish-common-variables
EXTRA_ARGS: $GRADLE_EXTRA_ARGS
script:
- echo $PARSED_VERSION
- ./gradlew assemble jib $GRADLE_CLI_OPTS $EXTRA_ARGS
"-DskipTests"
"-Djib.to.image=$DOCKER_REGISTRY:$PARSED_VERSION""
"-Djib.to.auth.username=$DOCKER_REGISTRY_USER"
"-Djib.to.auth.password=$DOCKER_REGISTRY_PASSWORD"
.publish-image-kaniko:
image:
name: gcr.io/kaniko-project/executor:v1.6.0-debug
entrypoint: [ "" ]
<<: *container-publish-common
variables:
<<: *container-publish-common-variables
PROJECT_DIR: $CI_PROJECT_DIR
DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile
CONTEXT_LOCATION: $CI_PROJECT_DIR
script:
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"$DOCKER_REGISTRY\":{\"username\":\"$DOCKER_REGISTRY_USER\",\"password\":\"$DOCKER_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
- /kaniko/executor --context $CONTEXT_LOCATION --dockerfile $DOCKERFILE_LOCATION --destination $CI_REGISTRY_IMAGE:$PARSED_VERSION $EXTRA_ARGS --registry-mirror nexus.corp.exxcellent.de:18000 --skip-tls-verify-registry nexus.corp.exxcellent.de:18000 --skip-tls-verify

69
container-scan.gitlab-ci.yml
View File

@ -1,69 +0,0 @@
.scan-container-jib:
image: $MAVEN_IMAGE
stage: test
variables:
TRIVY_VERSION: 0.25.1
EXITCODE: 1
TRIVY_EXTRA_ARGS: "--no-progress --ignore-unfixed"
before_script:
- curl -L "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" --output trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
- tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
script:
- mvn $MAVEN_CLI_OPTS compile jib:buildTar -DskipTests
- ./trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code 0 --severity HIGH,CRITICAL --format template --template "@contrib/junit.tpl" -o junit-report.xml --input target/jib-image.tar
- ./trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code $EXITCODE --severity HIGH,CRITICAL --input target/jib-image.tar
cache:
paths:
- .trivycache/
artifacts:
reports:
junit: junit-report.xml
.scan-container-jib-gradle:
image: $GRADLE_IMAGE
stage: test
variables:
TRIVY_VERSION: 0.25.1
EXITCODE: 1
PROJECT_DIR: $CI_PROJECT_DIR/build
TRIVY_EXTRA_ARGS: "--no-progress --ignore-unfixed"
before_script:
- export GRADLE_USER_HOME=`pwd`/.gradle
- curl -L "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" --output trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
- tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
script:
- ./gradlew $GRADLE_CLI_OPTS jibBuildTar -DskipTests
- ./trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code 0 --severity HIGH,CRITICAL --format template --template "@contrib/junit.tpl" -o junit-report.xml --input $PROJECT_DIR/jib-image.tar
- ./trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code $EXITCODE --severity HIGH,CRITICAL --input $PROJECT_DIR/jib-image.tar
cache:
paths:
- .trivycache/
artifacts:
reports:
junit: junit-report.xml
.scan-container-kaniko:
stage: test
image:
name: gcr.io/kaniko-project/executor:v1.6.0-debug
entrypoint: [ "" ]
variables:
TRIVY_VERSION: 0.25.1
PROJECT_DIR: $CI_PROJECT_DIR
DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile
CONTEXT_LOCATION: $CI_PROJECT_DIR
EXITCODE: 1
TRIVY_EXTRA_ARGS: "--no-progress --ignore-unfixed"
before_script:
- wget "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz"
- tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
script:
- /kaniko/executor --context $CONTEXT_LOCATION --dockerfile $DOCKERFILE_LOCATION $KANIKO_EXTRA_ARGS --cache-dir cache/image --tarPath image.tar --no-push --destination image --registry-mirror nexus.corp.exxcellent.de:18000 --skip-tls-verify-registry nexus.corp.exxcellent.de:18000 --skip-tls-verify
- ./trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code 0 --severity HIGH,CRITICAL --format template --template "@contrib/junit.tpl" -o junit-report.xml --input image.tar
- ./trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code $EXITCODE --severity HIGH,CRITICAL --input image.tar
cache:
paths:
- .trivycache/
artifacts:
reports:
junit: junit-report.xml

5
docker-compose-validate.gitlab-ci.yml
View File

@ -1,5 +0,0 @@
.docker-compose-validate:
image: docker/compose:alpine-1.29.1
stage: test
script:
- docker-compose $COMPOSE_EXTRA_ARGS config

71
documentation/chapters/generalInformation.adoc
View File

@ -1,71 +0,0 @@
:sourcedir: ../../
= General Information
== Templates und Pipelines
In dieser Repository sind Templates und Pipeline-Templates zu finden.
Templates sind vorgefertigte Jobs die jeweils einen Use-Case abbilden sollen und direkt importiert werde können.
Da eine CI jedoch aus Pipelines besteht und Gitlab die Möglichkeit Multiprojekt- und child-Pipelines zu benutzen werden hier auch vorgefertigte bereit gestellt.
Diese Pipeline-Templates bilden komplexere Use-Cases ab.
Pipelines sind in dem dafür vorgesehenen Pipeline Ordner zu finden.
== Wie können Templates benutzt werden
Um die Templates in deinem Projekt zu benutzten musst du folgendes machen:
1. `Include` das Template file in deinem `.gitlab-ci.yaml` File.
2. Jetzt kannst du `extend` benutzen, um das Template zu integrieren.
Es ist möglich weitere Veränderungen vorzunehmen.
[source,yaml]
----
stages:
- test-image
include:
- project: 'gilden/ci/gitlab-ci-templates'
ref: '1.0.0'
file:
- 'maven-build-template.gitlab-ci.yml'
- 'maven-dependencies-template.gitlab-ci.yml'
- 'maven-verify-template.gitlab-ci.yml'
- 'npm-build-template.gitlab-ci.yml'
- 'npm-dependencies-template.gitlab-ci.yml'
- 'npm-lint-template.gitlab-ci.yml'
- 'npm-test-template.gitlab-ci.yml'
- 'container-publish.gitlab-ci.yml'
- 'container-scan.gitlab-ci.yml'
- 'set-version-template.gitlab-ci.yml'
- 'push-tag-and-version-template.gitlab-ci.yml'
test-image:
stage: test-image
extends: .build-image
when: manual
except:
- master
- tags
before_script:
- cd ImportantPath
----
[[Generel-Variablen]]
== Generelle Variablen
Bitte folgende Variablen in `.gitlab-ci.yaml` setzen
|===
|Name |Description
|CI_REGISTRY| Registry der CI
|MAVE_IMAGE| Das Image das benutzt werden soll für Jobs die Maven benötigen.
|NODE_IMAGE| Das Image das benutzt werden soll für Jobs die NPM benötigen
|MAVEN_OPTS| Generelle optionen um Maven zu verändern
|MAVEN_CLI_OPTS| Optionen um Maven beim Bauen zu verbessern.
|FRONTEND_DIR| Wenn das Projekt ein Frontend besitzt, muss der Pfad definiert werden, wo die note module gespeichert werden.
|===
----
include::{sourcedir}/STD-variablen-Template.gitlab-ci.yml[]
----

49
documentation/chapters/pipelines/update-version-pipeline.adoc
View File

@ -4,7 +4,10 @@ ifndef::imagesdir[]
:imagesdir: ../../images
endif::[]
= update-version-pipeline
[#_pipeline_release]
= Release Version Pipeline
//todo umschreiben auf tag pipelines.
This pipeline provides the jobs to increase the version, create a new tag and updates the changed files (version) the repository.
@ -59,30 +62,35 @@ include:
- project: 'gilden/ci/gitlab-ci-templates'
ref: 'master'
file:
- 'release-template.gitlab-ci.yml'
- 'templates/releasing/release.gitlab-ci.yml'
a.major-release:
extends: .release-template
#Pressent in all Pipelines
extends: .release-common
variables:
BUMP_VERSION: "major"
b.minor-release:
extends: .release-template
#Pressent only on Default Branch
extends: .release-default
variables:
BUMP_VERSION: "minor"
c.patch-release:
extends: .release-template
#Pressent only on Release Branches
extends: .release-release-branch
variables:
BUMP_VERSION: "patch"
d.prerelease-release:
extends: .release-template
#Pressent only on Release Branches
extends: .release-release-branch
variables:
BUMP_VERSION: "prerelease"
e.build-release:
extends: .release-template
#Pressent only on Release Branches
extends: .release-release-branch
variables:
BUMP_VERSION: "build"
@ -102,30 +110,13 @@ include:
- project: 'gilden/ci/gitlab-ci-templates'
ref: 'master'
file:
- 'pipelines/update-version-pipeline.gitlab-ci.yml'
- 'push-image.yml'
# This is optional
push-docker-image:
extends: .publish-image-kaniko
stage: release
# You only need NEED if you use a artifact from your parent pipeline to build the image
needs:
- pipeline: $PARENT_PIPELINE_ID
job: Build
- job: increase-version
- job: push-tag-and-version
rules:
- when: always
before_script:
- "[ -f ./version ] && export LATEST_VERSION=$(cat ./version)"
- export PARSED_VERSION=$(echo $LATEST_VERSION | sed -r 's/\+/_/g') # Replace + sign since this is not valid in a docker tag
- export IMAGE_NAME=$CI_REGISTRY_IMAGE:$PARSED_VERSION
- 'pipelines/update-version.gitlab-ci.yml'
----
You pipeline then looks like the following:
.Release Pipeline
//todo update image for tag pipelines
image::Release-Docker-Image-Pipeline.png[]
== Pipeline
@ -133,7 +124,7 @@ image::Release-Docker-Image-Pipeline.png[]
.update-version-pipeline
[source, yaml]
----
include::{sourcedir}/update-version-pipeline.gitlab-ci.yml[]
include::{sourcedir}/update-version.gitlab-ci.yml[]
----
== Usage with release branches
@ -152,7 +143,7 @@ include:
- project: 'gilden/ci/gitlab-ci-templates'
ref: 'master'
file:
- 'release-template.gitlab-ci.yml'
- 'release.gitlab-ci.yml'
# Creates next major prerelease on master (e.g.: 2.0.0-rc.1 --> 3.0.0-rc.1)
a.major-prerelease:
@ -204,7 +195,7 @@ include:
- project: 'gilden/ci/gitlab-ci-templates'
ref: 'master'
file:
- 'pipelines/update-version-pipeline.gitlab-ci.yml'
- 'pipelines/update-version.gitlab-ci.yml'
- 'push-image.yml'
# This is optional

36
documentation/chapters/templates/IaC/ansible.adoc Normal file
View File

@ -0,0 +1,36 @@
:sourcedir: ../../../../templates
= Ansible Template
A Template Collection to simplify the deployment automation with Ansible.
All Templates need a $SSH_PRIVATE_KEY variable to be set in den Gitlab CI Variablen.
.Provided Templates:
|===
|Name |Description
|
.ansible_lint | Calls the Ansible Linter for static analysis.
Output will be shown in CI output and can be used to optimize the Ansible manifests.
|.ansible_playbook_validate | Executes the Ansible-check, provides inside if the execution of Ansible is possible and syntactically correct.
|.ansible_playbook_run | Executes a defined Ansible playbooks.
|===
.Variables
|===
|Name |Description | Default Value
|SSH_PRIVATE_KEY | The SSH key that will be used to access the remote maschine.
!!
DO NOT set this variable in your Repository.
Use the Gitlab CI variables so not everyone has access to this Secret. Only Maintainer will have access to those Settings
| NOT SET. Has to be set in the gitlab CI variables settings UI.
|PLAYBOOK_PATH | Path to the playbook that should be executed | "playbook.yml"
|INVENTORY_PATH | Path to the inventory that should be executed | "inventory.yml"
|EXTRA_ARGS | Additional Arguments that will be used from Ansible | ""
|===
.Ansible Collection
[source,yaml]
----
include::{sourcedir}/IaC/ansible.gitlab-ci.yml[]
----

80
documentation/chapters/templates/IaC/docker-compose.adoc Normal file
View File

@ -0,0 +1,80 @@
:sourcedir: ../../../../templates
= Docker-Compose Template
.Provided Templates:
|===
|Name |Description
|.docker-compose-deploy | Executes Docker Compose against a remote maschine.
|.docker-compose-validate | Validates the syntactic correctness of your compose files. Still can have execution Problems.
|===
Copy files with scp onto from your Repo to the Remote system.
Then executes Docker-compose over a SSH connection.
For this SSH connection you have to Provide a SSH Key under a CI-CD-Variable with the name $SSH_PRIVATE_KEY.
If you already have a different $SSH_PRIVATE_KEY you can overwrite the Variable SSH_PRIVATE_KEY_DEPLOY.
To Parametrise the Docker-Compose File you can use a .env File.
The .env File should not contain any Secrets.
For this reason you can create a .env file dynamically.
To generate a .env file you can provide a script under the path ENV_SETUP_FILE.
.Beispiel für ein setup_env.sh
----
#!/bin/sh
#Prints all Enviroments into the .env File.
printenv >> .env
#to set a diffrent Project Prefix use this ENV
echo COMPOSE_PROJECT_NAME=project-prefix >>.env
#Secrets
#Some Secret is a Variable within the gitlab CI Variable
echo SOME_PASSWORD="$SOME_PASSWORD" >>.env
----
.Variables
|===
|Name |Description | Default Value
| SSH_PRIVATE_KEY_DEPLOY
| Private key to access remote system.
| $SSH_PRIVATE_KEY (In den CI-CD variablen)
| SSH_URL
| URL of the remote server.
| -
| SSH_USER
| The user that is used to login into the remote maschine.
| -
| DOCKER_REGISTRY
| The Container Registry that will be used to pull images.
| "$CI_REGISTRY"
| ENV_SETUP_FILE
| If you want to use a .env file, this skript can be used to create one.
Secrets should not be stored within your repository. Use the CI-CD Variables in the setting page.
| "setup_env.sh"
| SCP_DESTINATION
| Target path for scp to push files to.
| -
| SCP_SOURCE
| Path you want to copy to the remote System.
| $CI_PROJECT_DIR
| COMPOSE_EXTRA_ARGS
| Additional arguments you want to send to Docker Compose.
For example multiple `-f compose.file.extra` definitions.
| -
|===
.Docker Templates
[source,yaml]
----
include::{sourcedir}/IaC/docker-compose.gitlab-ci.yml[]
----

4
documentation/chapters/templates/ssh-transfer-data-template.adoc → documentation/chapters/templates/IaC/ssh-transfer-data.adoc
View File

@ -1,4 +1,4 @@
:sourcedir: ../../../
:sourcedir: ../../../../templates/
= ssh-transfer-data-template
@ -16,5 +16,5 @@ For more details: https://gitlab.exxcellent.de/gilden/ci/exxcellent-ssh-tool#use
.ssh-transfer-data-template
[source, yaml]
----
include::{sourcedir}/ssh-transfer-data-template.gitlab-ci.yml[]
include::{sourcedir}IaC/ssh-transfer-data.gitlab-ci.yml[]
----

33
documentation/chapters/templates/ansible.adoc
View File

@ -1,33 +0,0 @@
:sourcedir: ../../../
= Ansible-template
Template Sammlung zur einfachen automation mit Ansible innerhalb der Gitlab CI.
Erwartet das $SSH_PRIVATE_KEY in den Gitlab CI Variablen gesetzt ist.
.Angebotene Templates:
|===
|Name |Description
|.ansible_lint | Ruft den Linter von Ansible auf.
Der Output wird dann in der CI gezeigt und kann den Stil der Playbooks verbessern.
|.ansible_playbook_validate | Validiert, ob die Playbooks ausgeführt werden können und syntaktisch Sinn ergeben.
|.ansible_playbook_run | Führt die Playbooks auf dem Inventar aus.
|===
.Variables
|===
|Name |Description | Default Value
|SSH_PRIVATE_KEY | SSH Key der von Ansible benutzt wird, um sich im Inventar anzumelden.
!!
Nicht in .gitlab.yml setzen. Statt dessen durch den CI Maintainer in den Gitlab Settings setzen lassen. | Nicht gesetzt. Muss in den Gitlab CI Variablen in den Settings gesetzt werden.
|PLAYBOOK_PATH | Path zum Playbook das ausgeführt werden soll | "playbook.yml"
|INVENTORY_PATH | Path zum Inventory das ausgeführt werden soll | "inventory.yml"
|EXTRA_ARGS | Extra Argumente für die Scripte | ""
|===
.Ansible-template
[source,yaml]
----
include::{sourcedir}/ansible.gitlab-ci.yml[]
----

25
documentation/chapters/templates/common/common-ci-variablen.adoc Normal file
View File

@ -0,0 +1,25 @@
:sourcedir: ../../../../templates
:gitlab-ci-file: /common/common-ci-variablen.gitlab-ci.yml
[[Generel-Variablen]]
== Generelle Variablen
Wir stellen von uns empfohlene CI-Variablen in `{gitlab-ci-file}` zur verfügung.
Diese werden von uns gepflegt und bekommen von verschiedenen Projekten Feedback.
Es ist möglich das File direkt einzubinden.
Bitte folgende Variablen in `.gitlab-ci.yaml` setzen
|===
|Name |Description
|MAVE_IMAGE| Das Image das benutzt werden soll für Jobs die Maven benötigen.
|NODE_IMAGE| Das Image das benutzt werden soll für Jobs die NPM benötigen
|MAVEN_OPTS| Generelle optionen um Maven zu verändern
|MAVEN_CLI_OPTS| Optionen um Maven beim Bauen zu verbessern.
|FRONTEND_DIR| Wenn das Projekt ein Frontend besitzt, muss der Pfad definiert werden, damit die NPM Templates, das die Files finden kann.
|BACKEND_DIR| Wenn das Projekt ein Backend besitzt, muss der Pfad definiert werden. So kann gradle/maven an der richtigen Stelle ausgeführt werden.
|===
----
include::{sourcedir}{gitlab-ci-file}[]
----

27
documentation/chapters/templates/container-publish-snapshot.adoc
View File

@ -1,27 +0,0 @@
:sourcedir: ../../../
= Container-Publish-Snapshot
Dieses Template funktioniert genauso wie das <<_container_publish, Container Publish>> Template.
Es wird jedoch in folgenden Branches ausgeführt.
Dabei sind die Imagenamen der Container abhängig von den Branchnamen.
.Ausführung
|===
|Branch |Container Image name
|DEFAULT BRANCH (master/main) |DOCKER_REGISTRY:latest
|feature/* |$DOCKER_REGISTRY:feature/(Branch-postfix)
|refactor/* |$DOCKER_REGISTRY:refactor/(Branch-postfix)
|===
.Variables
|===
|Name |Description | Default Value
|| Siehe <<_container_publish, Container Publish>> |
|===
.container-publish-snapshot
[source,yaml]
----
include::{sourcedir}/container-publish-snapshot.gitlab-ci.yml[]
----

29
documentation/chapters/templates/container-publish.adoc
View File

@ -1,29 +0,0 @@
:sourcedir: ../../../
= Container-Publish
Baut mithilfe von jib oder kaniko ein Docker Image und läd das Image in der Docker Registry des Projekts hoch.
Dieser Schritt wird nur ausgeführt, wenn ein Tag gesetzt wird.
Wenn das Template ohne Tags benutzt werden soll, müssen die Rules vererbt werden.
Ein Snapshot Template bieten wir hier an: <<_container-publish-snapshot>>
.Variables
|===
|Name |Description | Default Value
|MVN_VERSION | Bestimmt, ob die version von MAVEN gesetzt werden soll.
Falls das Projekt aus mehreren Poms besteht, kann `before_script:` benutzt werden. | "true"
|DOCKER_REGISTRY | Definiert die Registry an zu dem das Image veröffentlicht werden soll | $CI_REGISTRY_IMAGE
|DOCKER_REGISTRY_USER | Definiert den User der benutzt werden soll | $CI_REGISTRY_USER
|DOCKER_REGISTRY_PASSWORD | Definiert das Passwort des Benutzers | $CI_REGISTRY_PASSWORD
|EXTRA_ARGS | Weitere Argumente die an den jeweiligen Job gegeben werden sollen. | ""
|USE_VERSIONFILE | Wenn true, dann wird zur Versionierung das ./version file aus dem set-version tool verwendet | "false"
|ARTIFACT | Der Name des Versionfiles aus dem set-version tool | "version"
|GRADLE_CLI_OPTS | Zusätzliche CLI Opts für Gradle | ""
|===
.container-publish
[source,yaml]
----
include::{sourcedir}/container-publish.gitlab-ci.yml[]
----

34
documentation/chapters/templates/container/container-build.adoc Normal file
View File

@ -0,0 +1,34 @@
:sourcedir: ../../../../templates
= Build
.Provided Templates:
|===
|Name |Description
| .container-build-jib-maven | Baut Container mit dem Jib Plugin für Maven
| .container-build-jib-gradle | Baut Container mit dem Jib Plugin für Gradle
| .container-build-kaniko | Baut Container mit dem Kaniko
|===
Erlaubt es das einfache bauen von Container Images.
Die Images werden als Tar in den CI-Artifacten abgelegt damit es einfach an weitere Pipeline-Schritte übergeben werden kann.
Für das Veröffentlichen des Images ist das Template ContainerPublish[Container Publish] zuständig.
.Variables
|===
|Name |Description | Default Value
|CONTEXT_LOCATION | Der Context des Dockerfiles. Im Fall von Jib ist dies der Path wo Maven/Gradle ausgeführt wird. | $CI_PROJECT_DIR
| EXTRA_ARGS | Weitere Argumente die an das Tool geschickt werden soll | ""
| Nur bei Kaniko |- |-
| DOCKERFILE_LOCATION | Pfad zum Dockerfile | $CI_PROJECT_DIR/Dockerfile
| REGISTRY_MIRROR | Welcher Mirror benutzt werden soll | Nexus von exxcellent
|===
.Container Build Templates
[source,yaml]
----
include::{sourcedir}/container/container-build.gitlab-ci.yml[]
----

22
documentation/chapters/templates/container/container-publish.adoc Normal file
View File

@ -0,0 +1,22 @@
:sourcedir: ../../../../templates
= Container Publish
Moves a container from the filesystem to a remote repository.
Needs a build container on the path `image.tar`. Use one of the Container build templates for this.
.Variables
|===
|Name |Description | Default Value
| CONTAINER_REGISTRY | Url to the remote Registry | $CI_REGISTRY_IMAGE
| CONTAINER_REGISTRY_USER | the user that should be used | $CI_REGISTRY_USER
| CONTAINER_REGISTRY_PASSWORD | the passwort for the remote registry | $CI_REGISTRY_PASSWORD
| EXTRA_PATH | Extra path that should be between the registry path and the image tag | ""
| IMAGE_TAG | the Tag the image should be found on | Depends on the current path. Look at the rules of the Job.
|===
.container-publish
[source,yaml]
----
include::{sourcedir}/container/container-publish.gitlab-ci.yml[]
----

21
documentation/chapters/templates/container-scan.adoc → documentation/chapters/templates/container/container-scan.adoc
View File

@ -1,16 +1,21 @@
:sourcedir: ../../../
:sourcedir: ../../../../templates/
= Container-Scan
= Container CVE Scanner
Baut ein Image mithilfe von jib oder Kaniko welches im Anschluss gescanned wird. Dieser Schritt wird ausgeführt, wenn ein Tag gesetzt wird. Die Ergebnisse des Scans können genutzt werden den Build failen zu lassen, falls gewünscht (vgl. `EXITCODE_ON_HIGH` und `EXITCODE_ON_CRITICAL`).
Uses Trivy to scan for CVE Problems within your Image.
Needs a build container on the path `image.tar`. Use one of the Container build templates for this.
====
NOTE: NPM
Trivy can not find CVE's within Frontend containes that do not have a dependencie-lock file.
This file should not be part of the Image.
We provide an additional static CVE-Analyser-Template that can find these CVE's within your Repo.
We also have the https://gitlab.exxcellent.de/gilden/ci/security-scanner/security-scanner[Security-Scanner] if you have more than one image to scan.
====
.Variables
|===
|Name |Description | Default Value
|TRIVY_VERSION
| Version von Trivy die benutzt werden soll.
| -
|EXITCODE_ON_HIGH
| Bestimmt den Exit code der ausgegeben werden soll, wenn ein CVE der als HIGH markiert wurde, gefunden werden konnte.
Wenn 0 benutzt wird, läuft die CI weiter.
@ -30,5 +35,5 @@ Benutzte `allow_failure: true` damit die CI weiter läuft aber ein Failure angez
.container scan template
[source, yaml]
----
include::{sourcedir}/container-scan.gitlab-ci.yml[]
include::{sourcedir}container/container-scan.gitlab-ci.yml[]
----

70
documentation/chapters/templates/docker-compose-deploy.adoc
View File

@ -1,70 +0,0 @@
:sourcedir: ../../../
= Docker-Compose-Deploy
Kopiert Daten mithilfe von scp aus dem Repo auf ein Deployment-System.
Dort wird über SSH Docker-compose up ausgeführt.
Für die SSH Verbindung muss ein Private-Key in den CI-CD Variablen unter dem Namen $SSH_PRIVATE_KEY abgelegt werden.
Wenn bereits andere SSH Keys vorhanden sind kann SSH_PRIVATE_KEY_DEPLOY in den Varibalen überschrieben werden.
Um die Compose-Files zu parametrisieren kann ein .env File benutzt werden.
Dieses sollte mit einem Skript das unter der Variable ENV_SETUP_FILE hinterlegt ist erstellt werden.
.env File sollten nicht in der Repo liegen da keine Passwörter in der Repo liegen sollten.
.Beispiel für ein setup_env.sh
----
#!/bin/sh
#Printed alle Umgebungsvariablen in das .env File.
printenv >> .env
echo COMPOSE_PROJECT_NAME=project-prefix >>.env
#Secrets
echo SOME_PASSWORD="$SOME_PASSWORD" >>.env
----
.Variables
|===
|Name |Description | Default Value
| SSH_PRIVATE_KEY_DEPLOY
| Private key der Zugriff auf den Deployment Server hat.
| $SSH_PRIVATE_KEY (In den CI-CD variablen)
| SSH_URL
| URL des Servers auf den Docker-Compose ausgeführt werden soll.
| -
| SSH_USER
| Der Passende SSH User zu der SSH Verbindung.
| -
| DOCKER_REGISTRY
| Die Docker Registry die benutzt werden soll um Images zu pullen.
| "$CI_REGISTRY"
| ENV_SETUP_FILE
| Falls ein .env file benutzt werden soll, kann es mit einem sh script erstellt werden.
Secrets sollten nicht in der Repository liegen, sondern in den CI-CD Variablen der Repository settings.
| "setup_env.sh"
| SCP_DESTINATION
| Ziel Pfad wo Daten mit SCP hin kopiert werden sollen.
| -
| SCP_SOURCE
| Pfad zu den daten die mithilfe von SCP kopiert werden sollen.
| $CI_PROJECT_DIR
| COMPOSE_EXTRA_ARGS
| Weitere argumente die an Docker-Compose geschickt werden können.
| -
|===
.Docker compose deploy
[source,yaml]
----
include::{sourcedir}/docker-compose-deploy.gitlab-ci.yml[]
----

20
documentation/chapters/templates/docker-compose-validate.adoc
View File

@ -1,20 +0,0 @@
:sourcedir: ../../../
= Docker-Compose-Validate
Validiert die semantische Korrektheit eines Docker-Compose files.
.Variables
|===
|Name |Description | Default Value
| COMPOSE_EXTRA_ARGS
| Weitere argumente die an Docker-Compose geschickt werden können.
| -
|===
.Docker compose validate
[source,yaml]
----
include::{sourcedir}/docker-compose-validate.gitlab-ci.yml[]
----

12
documentation/chapters/templates/documentation/tool-documentation-tool.adoc Normal file
View File

@ -0,0 +1,12 @@
:sourcedir: ../../../../templates/
= Dokumentation-Tool-template
The Dokumentation tool template.
More details and Variables can be found here: https://gitlab.exxcellent.de/gilden/ci/exxcellent-documentation-tool[Gilde CI/CD: exxcellent-documentation-tool].
.dokumentation-tool
[source,yaml]
----
include::{sourcedir}documentations/documentation.gitlab-ci.yml[]
----

18
documentation/chapters/templates/gradle-build-template.adoc
View File

@ -1,18 +0,0 @@
:sourcedir: ../../../
= Gradle-build-template
Dieses Template lädt die Dependencies herunter und baut das Projekt.
Die Ergebnisse werden als Artifact gespeichert.
.Variables
|===
|Name |Description | Default Value
|GRADLE_CLI_OPTS | Zusätzliche CLI Opts für Gradle | ""
|===
.gradle-build-template
[source,yaml]
----
include::{sourcedir}/gradle-build-template.gitlab-ci.yml[]
----

18
documentation/chapters/templates/gradle-test-template.adoc
View File

@ -1,18 +0,0 @@
:sourcedir: ../../../
= Gradle-test-template
Dieses Template startet den Test Task in gradle.
Die Ergebnisse werden als Artifact gespeichert.
.Variables
|===
|Name |Description | Default Value
|GRADLE_CLI_OPTS | Zusätzliche CLI Opts für Gradle | ""
|===
.gradle-test-template
[source,yaml]
----
include::{sourcedir}/gradle-test-template.gitlab-ci.yml[]
----

19
documentation/chapters/templates/java/gradle/gradle-build-template.adoc Normal file
View File

@ -0,0 +1,19 @@
:sourcedir: ../../../../../templates/
= Gradle-build-template
This template resolves the gradle dependencies of your project and builds the project.
The result will be cached when you include the common CI variables.
The resulting build files will be published as artefacts.
.Variables
|===
|Name |Description | Default Value
|GRADLE_CLI_OPTS | Additional Options that will be passed to Gradle | ""
|===
.gradle-build-template
[source,yaml]
----
include::{sourcedir}java/gradle/gradle-build.gitlab-ci.yml[]
----

26
documentation/chapters/templates/java/gradle/gradle-db-diff-template.adoc Normal file
View File

@ -0,0 +1,26 @@
:sourcedir: ../../../../../templates/
= Gradle Database Diff
This template generates a diff between the Liquibase schema and the Hibernate model of a database.
The resulting xml can be used as a base for schema changes.
Please look at the resulting changelog since it can have errors.
//#todo add documentation how to run agains real server oder service
//#If you wand to run against a real server.
//#overrite -Dvariable.liquibase.database.url=<alias> in the script section
//#add a service with your desired Database container.
//#use the alias in the service to define the alias for the database url
.Variables
|===
|Name |Description | Default Value
|GRADLE_CLI_OPTS | Additional options send to gradle | ""
| PATH_TO_DIFF | Path to the resulting diff is defined in gradle config, this will also be exposed as the artefact of the Job. | "build/db-diff.xml"
|===
.Gradle Liquibase Diff
[source,yaml]
----
include::{sourcedir}java/gradle/gradle-database-diff.gitlab-ci.yml[]
----

27
documentation/chapters/templates/java/gradle/gradle-test-template.adoc Normal file
View File

@ -0,0 +1,27 @@
:sourcedir: ../../../../../templates/
ifndef::imagesdir[]
:imagesdir: ../../../../images/
endif::[]
= Gradle Database Diff
This templates starts `gradle test` and saves the results as Artifacts.
When Junit Reports are generated they will be published as Artefacts within the Pipelines.
You can get a detailed view when clicking on Tests.
For more information look into the official https://docs.gitlab.com/ee/ci/unit_test_reports.html[Documentation].
image::GitlabCiTest.png[]
.Variables
|===
|Name |Description | Default Value
|GRADLE_CLI_OPTS | Zusätzliche CLI Opts für Gradle | ""
|===
.gradle-test-template
[source,yaml]
----
include::{sourcedir}java/gradle/gradle-test.gitlab-ci.yml[]
----

4
documentation/chapters/templates/maven-build-template.adoc → documentation/chapters/templates/java/maven/maven-build-template.adoc
View File

@ -1,4 +1,4 @@
:sourcedir: ../../../
:sourcedir: ../../../../../templates/
= maven-build-template
@ -12,5 +12,5 @@ Dieses Template baut die .jar Files und speichert die Ergebnisse als Artifact.
.mvn-build-template
[source, yaml]
----
include::{sourcedir}/maven-build-template.gitlab-ci.yml[]
include::{sourcedir}java/maven/maven-build.gitlab-ci.yml[]
----

20
documentation/chapters/templates/java/maven/maven-db-diff-template.adoc Normal file
View File

@ -0,0 +1,20 @@
:sourcedir: ../../../../../templates/
= Maven Database Diff
This template generates a diff between the Liquibase schema and the Hibernate model of a database.
The resulting xml can be used as a base for schema changes.
Please look at the resulting changelog since it can have errors.
.Variables
|===
|Name |Description | Default Value
|GRADLE_CLI_OPTS | Additional options send to gradle | ""
| PATH_TO_DIFF | Path to the resulting diff is defined in gradle config, this will also be exposed as the artefact of the Job. | "target/db-diff.xml"
|===
.gradle-build-template
[source,yaml]
----
include::{sourcedir}java/maven/maven-database-diff.gitlab-ci.yml[]
----

17
documentation/chapters/templates/java/maven/maven-dependencies-template.adoc Normal file
View File

@ -0,0 +1,17 @@
:sourcedir: ../../../../../templates/
= Gradle Dependencies Template
This Template resolves the Maven Dependencies of your Projekt.
The result will be cached when you include the common CI variables.
.Variables
|===
|Name |Description | Default Value
|===
.mvn-dependencies-template
[source, yaml]
----
include::{sourcedir}java/maven/maven-dependencies.gitlab-ci.yml[]
----

27
documentation/chapters/templates/java/maven/maven-verify-template.adoc Normal file
View File

@ -0,0 +1,27 @@
:sourcedir: ../../../../../templates/
ifndef::imagesdir[]
:imagesdir: ../../../../images/
endif::[]
= maven-verify-template
This templates starts `mvn verify` and saves the results as Artifacts.
When Junit Reports are generated they will be published as Artefacts within the Pipelines.
You can get a detailed view when clicking on Tests.
For more information look into the official https://docs.gitlab.com/ee/ci/unit_test_reports.html[Documentation].
image::GitlabCiTest.png[]
.Variables
|===
|Name |Description | Default Value
|===
.mvn-verify-template
[source, yaml]
----
include::{sourcedir}/java/maven/maven-verify.gitlab-ci.yml[]
----

17
documentation/chapters/templates/maven-dependencies-template.adoc
View File

@ -1,17 +0,0 @@
:sourcedir: ../../../
= maven-dependencies-template
Dieses Template lädt die Maven Abhängigkeiten des Projekts runter.
Bitte den Cache hinzufügen. Siehe xref:Generel-Variablen[Generelle Variablen]
.Variables
|===
|Name |Description | Default Value
|===
.mvn-dependencies-template
[source, yaml]
----
include::{sourcedir}/maven-dependencies-template.gitlab-ci.yml[]
----

25
documentation/chapters/templates/maven-verify-template.adoc
View File

@ -1,25 +0,0 @@
:sourcedir: ../../../
ifndef::imagesdir[]
:imagesdir: ../../images
endif::[]
= maven-verify-template
Dieses Template startet `mvn verify` und speichert die Ergebnisse als Artifact.
Wenn Junit Report XML files generiert und als Artefakte innerhalb der Pipeline hochgeladen wurden, können diese innerhalb der Pipelines Detail Seite angezeigt werden. Für mehr Dokumentation klicke https://docs.gitlab.com/ee/ci/unit_test_reports.html[hier].
image::GitlabCiTest.png[]
.Variables
|===
|Name |Description | Default Value
|===
.mvn-verify-template
[source, yaml]
----
include::{sourcedir}/maven-verify-template.gitlab-ci.yml[]
----

4
documentation/chapters/templates/npm-build-template.adoc → documentation/chapters/templates/npm/npm-build-template.adoc
View File

@ -1,4 +1,4 @@
:sourcedir: ../../../
:sourcedir: ../../../../templates/
= npm-build-template
@ -12,5 +12,5 @@ Dieses Template baut das NPM projekt und speichert die Ergebnisse als Artifact.
.npm-build-template
[source, yaml]
----
include::{sourcedir}/npm-build-template.gitlab-ci.yml[]
include::{sourcedir}npm/npm-build.gitlab-ci.yml[]
----

4
documentation/chapters/templates/npm-dependencies-template.adoc → documentation/chapters/templates/npm/npm-dependencies-template.adoc
View File

@ -1,4 +1,4 @@
:sourcedir: ../../../
:sourcedir: ../../../../templates/
= npm-dependencies-template
@ -13,5 +13,5 @@ Bitte den Cache hinzufügen. Siehe xref:Generel-Variablen[Generelle Variablen]
.npm-dependencies-template
[source, yaml]
----
include::{sourcedir}/npm-dependencies-template.gitlab-ci.yml[]
include::{sourcedir}npm/npm-dependencies.gitlab-ci.yml[]
----

4
documentation/chapters/templates/npm-lint-template.adoc → documentation/chapters/templates/npm/npm-lint-template.adoc
View File

@ -1,4 +1,4 @@
:sourcedir: ../../../
:sourcedir: ../../../../templates/
= npm-lint-template
@ -12,5 +12,5 @@ Dieses Template durchläuft den Linter des NPM Projekts.
.npm-lint-template
[source, yaml]
----
include::{sourcedir}/npm-lint-template.gitlab-ci.yml[]
include::{sourcedir}npm/npm-lint.gitlab-ci.yml[]
----

4
documentation/chapters/templates/npm-test-template.adoc → documentation/chapters/templates/npm/npm-test-template.adoc
View File

@ -1,4 +1,4 @@
:sourcedir: ../../../
:sourcedir: ../../../../templates/
= npm-test-template
@ -12,5 +12,5 @@ Dieses Template baut das NPM Projekt.
.npm-test-template
[source, yaml]
----
include::{sourcedir}/npm-test-template.gitlab-ci.yml[]
include::{sourcedir}npm/npm-test.gitlab-ci.yml[]
----

19
documentation/chapters/templates/publish-image.adoc
View File

@ -1,19 +0,0 @@
:sourcedir: ../../../
= Publish-Image-jib
Baut mithilfe von jib ein Docker Image und läd es in die Docker Registry des Projekts hoch.
Dieser Schritt wird nur ausgeführt, wenn ein Tag gesetzt wird.
.Variables
|===
|Name |Description | Default Value
|MVN_VERSION | Bestimmt, ob die version von MAVEN gesetzt werden soll.
Falls das Projekt aus mehreren Poms besteht, kann `bevor_script:` benutzt werden. | "true"
|===
.publish-image-jib-template
[source,yaml]
----
include::{sourcedir}/container-publish.gitlab-ci.yml[]
----

19
documentation/chapters/templates/release-template.adoc
View File

@ -1,19 +0,0 @@
:sourcedir: ../../../
= release-template
This template provides a template for including the child release pipeline.
For more information see the `update-version-pipeline` documentation.
.Variables
|===
|Name |Description | Default Value
|PARENT_PIPELINE_ID | The if of the parent pipeline. Needed to be able to use artifacts in the child pipeline | $CI_PIPELINE_ID
|===
.release-template
[source, yaml]
----
include::{sourcedir}/release-template.gitlab-ci.yml[]
----

4
documentation/chapters/templates/mail-template.adoc → documentation/chapters/templates/releasing/mail-template.adoc
View File

@ -1,4 +1,4 @@
:sourcedir: ../../../
:sourcedir: ../../../../templates/
= mail-template
@ -18,5 +18,5 @@ NOTE: The template uses the port 25 config as a default which doesn't need a smt
.mail-template
[source, yaml]
----
include::{sourcedir}/mail-template.gitlab-ci.yml[]
include::{sourcedir}releasing/mail.gitlab-ci.yml[]
----

7
documentation/chapters/templates/push-tag-and-version-template.adoc → documentation/chapters/templates/releasing/push-tag-and-version-template.adoc
View File

@ -1,9 +1,8 @@
:sourcedir: ../../../
:sourcedir: ../../../../templates/
= push-tag-and-version-template
= Push Tag and Version Template
This template creates a new tag und updates the version of your project in the repository. Additionally, the template builds a new artifact with the `mvn package` command after setting the version which then can be exported with the gitlab-ci _artifacts_ keyword and used in subsequent stages.
For more details: https://gitlab.exxcellent.de/gilden/ci/exxcellent-ssh-tool[Gilde CI/CD: exxcellent-ssh-tool].
.Variables
@ -17,5 +16,5 @@ For more details: https://gitlab.exxcellent.de/gilden/ci/exxcellent-ssh-tool[Gil
.push-tag-and-version-template
[source, yaml]
----
include::{sourcedir}/push-tag-and-version-template.gitlab-ci.yml[]
include::{sourcedir}releasing/push-tag-and-version.gitlab-ci.yml[]
----

17
documentation/chapters/templates/releasing/release-gitlab-template.adoc Normal file
View File

@ -0,0 +1,17 @@
:sourcedir: ../../../../templates/
= Gitlab Release Template
This Template makes it easier to create Gitlab Release from the CI
.Variables
|===
|Name |Description | Default Value
|DESCRIPTION | The Content that has changed in the last release. Can be changed manual afterwards | ""
|===
.Template
[source, yaml]
----
include::{sourcedir}releasing/release-gitlab.gitlab-ci.yml[]
----

32
documentation/chapters/templates/releasing/release-template.adoc Normal file
View File

@ -0,0 +1,32 @@
:sourcedir: ../../../../templates/
= Release Template
This collection provides multiple templated to make publish releases of your Software as easy as possible.
.Angebotene Templates:
|===
|Name |Description
| .release-common | This template contains a trigger for an additional release Pipeline. It will execute all Jobs defined in your release.gitlab-ci.yml file as a child pipeline
For more information see the <<_pipeline_release>> documentation.
| .release-default: | Builds upon .release-common defines rules, so it will only be executed on your default branch.
| .release-release-branch: | Builds upon .release-common defines rules, so it will only be executed on release branches.
|===
.Variables
|===
|Name |Description | Default Value
|PARENT_PIPELINE_ID | The if of the parent pipeline. Needed to be able to use artifacts in the child pipeline | $CI_PIPELINE_ID
|===
.release-template
[source, yaml]
----
include::{sourcedir}releasing/release.gitlab-ci.yml[]
----

10
documentation/chapters/templates/set-version-template.adoc → documentation/chapters/templates/releasing/set-version-template.adoc
View File

@ -1,6 +1,7 @@
:sourcedir: ../../../
:sourcedir: ../../../../templates/
= set-version-template
= set-version
This template provides the job for increasing the tag version.
For more details look at https://gitlab.exxcellent.de/gilden/ci/exxcellent-increase-version-tool[Gilde CI/CD: exxcellent-increase-version-tool].
@ -11,7 +12,8 @@ For more details look at https://gitlab.exxcellent.de/gilden/ci/exxcellent-incre
|Name |Description | Default Value
|BUMP_VERSION | defines the version bump | "major"
|PREFIX | the prefix for the tag | ""
|OUTPUT | defines where the updated version is written to | version
|OUTPUT | defines where the updated version is written to. Default case is an env File named Version.
Following Jobs will have set the $VERSION variable to the next version. | version.env
|SIMPLIFY
a|
* "false":
@ -23,5 +25,5 @@ a|
.set-version-template
[source, yaml]
----
include::{sourcedir}/set-version-template.gitlab-ci.yml[]
include::{sourcedir}/releasing/set-version.gitlab-ci.yml[]
----

4
documentation/chapters/templates/repo-cve-scan.adoc → documentation/chapters/templates/static-analysis/repo-cve-scan.adoc
View File

@ -1,4 +1,4 @@
:sourcedir: ../../../
:sourcedir: ../../../../templates/
= Repo-CVE-Scan
@ -26,5 +26,5 @@ Bei 0 läuft die Pipeline durch, auch wenn Probleme gefunden werden.
.Repo CVE scan template
[source, yaml]
----
include::{sourcedir}/repo-cve-scan.gitlab-ci.yml[]
include::{sourcedir}static-analysis/repo-cve-scan-trivy.gitlab-ci.yml[]
----

7
documentation/chapters/templates/tool-sonar7.adoc → documentation/chapters/templates/static-analysis/tool-sonar.adoc
View File

@ -1,6 +1,5 @@
:sourcedir: ../../../
= Sonar 7 template
:sourcedir: ../../../../templates/
= sonar-template
Ruft den Sonar Job für das Projekt auf.
Mehr Details zu finden hier: https://gitlab.exxcellent.de/gilden/ci/exxcellent-sonar-tool[Gilde CI/CD: exxcellent-sonar-tool].
@ -25,5 +24,5 @@ Wenn der Build nicht gebrochen werden soll, kann es weggelassen werden.
.sonar-template
[source,yaml]
----
include::{sourcedir}/tool-sonar7.gitlab-ci.yml[]
include::{sourcedir}static-analysis/sonar.gitlab-ci.yml[]
----

12
documentation/chapters/templates/tool-documentation-tool.adoc
View File

@ -1,12 +0,0 @@
:sourcedir: ../../../
= Dokumentation-Tool-template
Das Dokumentation-Tool template.
Mehr Details und die Variablendokumentation sind hier zu finden: https://gitlab.exxcellent.de/gilden/ci/exxcellent-documentation-tool[Gilde CI/CD: exxcellent-documentation-tool].
.dokumentation-tool
[source,yaml]
----
include::{sourcedir}/tool-documentation.gitlab-ci.yml[]
----

20
documentation/contribution.adoc Normal file
View File

@ -0,0 +1,20 @@
:sourcedir: ../../../../templates
:gitlab-ci-file: /common/common-ci-variablen.gitlab-ci.yml
Im Folgenden sind ein paar Regeln wie die Repo aufgebaut ist um ein möglicht einfaches einarbeiten und zusammenarbeiten zu ermöglichen.
== Template Names convention
Template Namen fangen immer mit dem Prefix des Files an, in dem sie sich befinden.
Wenn in dem File mehrere Templates enthalten sind, wird an den Filenamen ein Suffix gehängt der, die Funktion des Templates zusammenfasst.
Das machen mir damit die CI Files und die Templates eine Verbindung zueinander haben.
Die Erfahrung hat gezeigt das es sonst schwer wird die Templates mit den Imports zu verbinden.
====
Beispiel:
fuu.gitlab-ci.yml enthält template die anfangen mit .fuu-feature1 und .fuu-feature2
====

86
documentation/document.adoc
View File

@ -32,65 +32,77 @@ toc::[]
// Attribut leveloffset addiert die gegebene Zahl zu den Überschriften im Dokument
// Alle Überschriften erscheinen also eine Ebene tiefer
// ###########################################################################
include::chapters/generalInformation.adoc[leveloffset=1]
== General Information
== Ansible Templates
include::generalInformation.adoc[leveloffset=1]
include::chapters/templates/common/common-ci-variablen.adoc[leveloffset=1]
== Contribution
include::contribution.adoc[leveloffset=1]
== Deployment - IaC
include::chapters/templates/IaC/ansible.adoc[leveloffset=2]
include::chapters/templates/IaC/docker-compose.adoc[leveloffset=2]
include::chapters/templates/IaC/ssh-transfer-data.adoc[leveloffset=2]
include::chapters/templates/ansible.adoc[leveloffset=2]
== Container Templates
include::chapters/templates/container-publish.adoc[leveloffset=2]
include::chapters/templates/container-publish-snapshot.adoc[leveloffset=2]
include::chapters/templates/container-scan.adoc[leveloffset=2]
include::chapters/templates/docker-compose-validate.adoc[leveloffset=2]
include::chapters/templates/docker-compose-deploy.adoc[leveloffset=2]
include::chapters/templates/container/container-build.adoc[leveloffset=2]
include::chapters/templates/container/container-publish.adoc[leveloffset=2]
include::chapters/templates/container/container-scan.adoc[leveloffset=2]
== Versionierungs Templates
== Releasing Templates
Im folgende sind erweiterte Templates zu finden für das https://gitlab.exxcellent.de/gilden/ci/exxcellent-increase-version-tool[Increase-Version-Tool] der CI Gilde.
Es enthält auch eine Child-Pipeline-Konfiguration um den Versionierungsprozess innerhalb einer Pipeline darzustellen.
Für vorgegebene Release Pipelines bitte im Abschnitt <<_pipelines>> gucken.
=== Templates
include::chapters/templates/push-tag-and-version-template.adoc[leveloffset=3]
include::chapters/templates/set-version-template.adoc[leveloffset=3]
include::chapters/templates/release-template.adoc[leveloffset=3]
=== Pipeline
include::chapters/pipelines/update-version-pipeline.adoc[leveloffset=3]
include::chapters/templates/releasing/push-tag-and-version-template.adoc[leveloffset=3]
include::chapters/templates/releasing/set-version-template.adoc[leveloffset=3]
include::chapters/templates/releasing/release-template.adoc[leveloffset=3]
include::chapters/templates/releasing/release-gitlab-template.adoc[leveloffset=3]
include::chapters/templates/releasing/mail-template.adoc[leveloffset=3]
== NPM Templates
include::chapters/templates/npm-dependencies-template.adoc[leveloffset=2]
include::chapters/templates/npm-build-template.adoc[leveloffset=2]
include::chapters/templates/npm-lint-template.adoc[leveloffset=2]
include::chapters/templates/npm-test-template.adoc[leveloffset=2]
include::chapters/templates/npm/npm-dependencies-template.adoc[leveloffset=2]
include::chapters/templates/npm/npm-build-template.adoc[leveloffset=2]
include::chapters/templates/npm/npm-lint-template.adoc[leveloffset=2]
include::chapters/templates/npm/npm-test-template.adoc[leveloffset=2]
== Maven Templates
include::chapters/templates/maven-dependencies-template.adoc[leveloffset=2]
include::chapters/templates/maven-build-template.adoc[leveloffset=2]
include::chapters/templates/maven-verify-template.adoc[leveloffset=2]
include::chapters/templates/java/maven/maven-dependencies-template.adoc[leveloffset=2]
include::chapters/templates/java/maven/maven-build-template.adoc[leveloffset=2]
include::chapters/templates/java/maven/maven-verify-template.adoc[leveloffset=2]
== Gradle Templates
Aktuell gehen wir davon das der Gradle Wrapper in dem Projekt vorhanden ist.
Sollte dieser noch nicht vorhanden sein kann er mit dem Befehl `gradle wrapper` erstellt werden.
include::chapters/templates/gradle-build-template.adoc[leveloffset=2]
include::chapters/templates/gradle-test-template.adoc[leveloffset=2]
include::chapters/templates/java/gradle/gradle-build-template.adoc[leveloffset=2]
include::chapters/templates/java/gradle/gradle-test-template.adoc[leveloffset=2]
include::chapters/templates/java/gradle/gradle-db-diff-template.adoc[leveloffset=2]
== Misc
== Static Analysis
include::chapters/templates/repo-cve-scan.adoc[leveloffset=2]
include::chapters/templates/static-analysis/repo-cve-scan.adoc[leveloffset=2]
include::chapters/templates/static-analysis/tool-sonar.adoc[leveloffset=2]
== Weitere Gilden-Tools
== Documentation
include::chapters/templates/tool-sonar7.adoc[leveloffset=2]
include::chapters/templates/tool-sonar8.adoc[leveloffset=2]
include::chapters/templates/tool-documentation-tool.adoc[leveloffset=2]
include::chapters/templates/mail-template.adoc[leveloffset=2]
include::chapters/templates/ssh-transfer-data-template.adoc[leveloffset=2]
include::chapters/templates/documentation/tool-documentation-tool.adoc[leveloffset=2]
[#_pipelines]
=== Pipelines
include::chapters/pipelines/update-version-pipeline.adoc[leveloffset=3]
//todo docs for new pipelines
//In particular docs for the keyword needs hinzufügen. needs container build step. artefacts true
//todo licensing documentieren

50
documentation/generalInformation.adoc Normal file
View File

@ -0,0 +1,50 @@
:sourcedir: ../../../../templates
== Templates und Pipelines
In dieser Repository sind CI Templates und CI Pipeline-Templates zu finden.
Templates sind vorgefertigte Jobs, die jeweils einen Use-Case abbilden sollen und in dein Projekt importiert werden können. Die meisten Templates haben kein abhängigkeiten untereinander. Wenn doch, werden die Abhängigkeiten dokumentiert.
Alle Templates sind im Ordner Templates zu finden.
Da eine CI jedoch aus Pipelines besteht und Gitlab die Möglichkeit Multi-Projekt- und Child-Pipelines zu benutzen, werden hier auch vorgefertigte Pipelines bereitgestellt.
Diese Pipeline-Templates bilden komplexere Use-Cases ab.
Pipelines sind in dem dafür vorgesehenen Pipeline Ordner zu finden.
== Wie können Templates benutzt werden
Damit du die Templates in deinem Projekt zu benutzten kannst, musst du folgendes machen:
1. `Include` das Template file das du benutzen willst in deinem `.gitlab-ci.yaml` File.
2. Jetzt kannst du in von dir gewählten Job das Template mit dem keyword `extend` als Ausgangspunkt benutzen.
3. Du kannst den Job für deinen Anwendungszweck weitere verändern indem du diese bei dir Überschreibst.
====
Bei dem folgenden Beispiel wurde als ref der Tag 1.0.0 gesetzt.
Wir empfehlen diesen Tag zu setzen damit Änderungen von uns nicht eure CI Skripte kaputt machen.
Um automatisch mitzubekommen, wenn sich die CI verändert empfehlen wir das Benutzen von Renovate
====
[source,yaml]
----
stages:
- test-image
include:
- project: 'gilden/ci/gitlab-ci-templates'
ref: '1.0.0'
file:
- '/templates/java/maven/maven-verify.gitlab-ci.yml'
test-image:
stage: test-image
extends: .maven-verify
rules:
- if: $NURAUFMEINEMBRANCH
before_script:
- echo "meine änderungen"
----
== Wie können Pipelines benutzt werden
Um Pipelines zu benutzen, müssen diese nur mit `Include` importiert werden.
Für weitere Informationen ließ bitte die Doku der Pipelines selbst.

31
pipelines/eXXcellent-release.gitlab-ci.yml Normal file
View File

@ -0,0 +1,31 @@
include:
- local: 'templates/releasing/release.gitlab-ci.yml'
- local: 'templates/releasing/release-gitlab.gitlab-ci.yml'
a.major-release:
extends: .release-default
variables:
BUMP_VERSION: "major"
b.minor-release:
extends: .release-release-branch
variables:
BUMP_VERSION: "minor"
c.patch-release:
extends: .release-release-branch
variables:
BUMP_VERSION: "patch"
d.prerelease-release:
extends: .release-release-branch
variables:
BUMP_VERSION: "prerelease"
e.build-release:
extends: .release-release-branch
variables:
BUMP_VERSION: "build"
Create-Gitlab-Release:
extends: .release-create-gitlab

39
pipelines/java-maven.gitlab-ci.yml Normal file
View File

@ -0,0 +1,39 @@
include:
- '/templates/java/maven/maven-dependencies.gitlab-ci.yml'
- '/templates/java/maven/maven-build.gitlab-ci.yml'
- '/templates/java/maven/maven-verify.gitlab-ci.yml'
- '/templates/java/maven/maven-database-diff.gitlab-ci.yml'
Dependencies-Java:
extends: .maven-dependencies
Build-Java:
extends: .maven-build
needs:
- job: "Dependencies-Java"
artifacts: true
Test-Java:
extends: .maven-test
needs:
- job: "Build-Java"
artifacts: true
Database-Diff:
extends:
- .maven-database-diff
needs:
- job: "Build-Java"
artifacts: true
Repo-CVE-Scan:
allow_failure: true
extends: .repo-cve-scan-trivy
sonar:
extends: .sonar-maven
needs:
- job: "Build-Java"
artifacts: true
variables:
SONAR_PROJECT_KEY: "gilde.ci.cd.restservice:java-backend-template"

23
pipelines/license.gitlab-ci.yml Normal file
View File

@ -0,0 +1,23 @@
stages:
- bom
- asciidoc
License-Bom:
image: maven:3-jdk-11
stage: bom
script:
- mvn cyclonedx:makeBom
artifacts:
when: always
paths:
- target/bom.json
license-asciidoc:
image: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-license-tools
stage: asciidoc
script:
- licenseBom2Adoc --bom target/bom.json --adoc target/licenses.adoc
artifacts:
when: always
paths:
- target/licenses.adoc

19
pipelines/update-version-pipeline.gitlab-ci.yml
View File

@ -1,19 +0,0 @@
stages:
- set-version
- push-tag-and-version
include:
- local: 'set-version-template.gitlab-ci.yml'
- local: 'push-tag-and-version-template.gitlab-ci.yml'
variables:
BUMP_VERSION: "major"
increase-version:
stage: set-version
extends: .set-version
push-tag-and-version:
stage: push-tag-and-version
extends: .push-tag-and-version

48
pipelines/update-version.gitlab-ci.yml Normal file
View File

@ -0,0 +1,48 @@
stages:
- set-version
- push-tag
include:
- local: 'templates/releasing/set-version.gitlab-ci.yml'
variables:
BUMP_VERSION: "major"
increase-version:
extends: .set-version
push-tag-and-branch:
stage: push-tag
image: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-ssh-tool:1.4.0
rules:
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
- if: $CI_COMMIT_REF_NAME == 'Templates2.0'
before_script:
- setup-ssh
- echo $VERSION
- pull
script:
- git checkout -b RELEASE-$VERSION
- git push origin RELEASE-$VERSION $VERSION
#I would like to use this.
#I think this could be more stable in the long run
#But it is not working: https://github.com/jdalrymple/gitbeaker/issues/2398
#push-tag-and-branch:
# stage: push-tag
# image: node:lts-buster-slim
# variables:
# GITLAB_HOST: $CI_SERVER_URL
# CI_DEBUG_TRACE: "true"
# rules:
# - if: $CI_COMMIT_REF_NAME == 'Templates2.0'
# script:
# - echo "Create version $VERSION"
# - npm -g install @gitbeaker/cli
# - >
# NODE_EXTRA_CA_CERTS=$CI_SERVER_TLS_CA_FILE gitbeaker branches create
# --project-id $CI_PROJECT_ID
# --branch-name RELEASE-$VERSION
# --ref $CI_COMMIT_SHA
# --gb-job-token="$CI_JOB_TOKEN"
# - NODE_EXTRA_CA_CERTS=$CI_SERVER_TLS_CA_FILE gitbeaker tag create --project-id $CI_PROJECT_ID --tag-name $VERSION --ref $CI_COMMIT_SHA

13
release-template.gitlab-ci.yml
View File

@ -1,13 +0,0 @@
.release-template:
stage: release
rules:
- if: '$CI_PIPELINE_SOURCE == "pipeline"'
when: never
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
when: manual
- when: never
variables:
PARENT_PIPELINE_ID: $CI_PIPELINE_ID
trigger:
include: release.gitlab-ci.yml
strategy: depend

13
release.gitlab-ci.yml Normal file
View File

@ -0,0 +1,13 @@
include:
- local: 'templates/releasing/set-version.gitlab-ci.yml'
- local: 'templates/releasing/release.gitlab-ci.yml'
stages:
- set-version
increase-version:
extends: .set-version
before_script:
- setup-ssh
variables:
TAG: "true"

0
ansible.gitlab-ci.yml → templates/IaC/ansible.gitlab-ci.yml
View File

6
docker-compose-deploy.gitlab-ci.yml → templates/IaC/docker-compose.gitlab-ci.yml
View File

@ -26,3 +26,9 @@
script:
- if [[ -n "$SCP_SOURCE" && -n "$SCP_DESTINATION" ]]; then scp -rp $SCP_SOURCE $SSH_USER@$SSH_URL:$SCP_DESTINATION; fi
- DOCKER_HOST=ssh://$SSH_USER@$SSH_URL docker-compose $COMPOSE_EXTRA_ARGS up -d --remove-orphans
.docker-compose-validate:
image: docker/compose:alpine-1.29.1
stage: verify
script:
- docker-compose $COMPOSE_EXTRA_ARGS config

0
ssh-transfer-data-template.gitlab-ci.yml → templates/IaC/ssh-transfer-data.gitlab-ci.yml
View File

71
templates/common/common-ci-variablen.gitlab-ci.yml Normal file
View File

@ -0,0 +1,71 @@
stages:
- dependencies
- build
- test
- documentation
- post-process
- send-mail
- release
cache:
key: "$CI_JOB_NAME"
paths:
# Cache Maven
- .m2/repository
# Cache NPM
- $FRONTEND_DIR/dist
# Cache Gradle
- .gradle
- build
variables:
##NPM / Node Settings
NODE_IMAGE:
value: node:16-alpine3.15
description: The node image that will be used from the CI.
##Global Variables we use in our CI scripts when using maven
MAVEN_IMAGE:
value: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-java-maven-base-image:java11-maven3.8.3_latest
description: The Maven image that will be used from the CI.
MAVEN_OPTS:
value: >
-Dhttps.protocols=TLSv1.2
-Dmaven.repo.local=$CI_PROJECT_DIR/.m2/repository
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN
-Dorg.slf4j.simpleLogger.showDateTime=true
-Djava.awt.headless=true
description: "Additional options that are passed to Maven for faster/stable execution"
MAVEN_CLI_OPTS:
value: >
--batch-mode
--errors
--fail-at-end
--show-version
-DinstallAtEnd=true
-DdeployAtEnd=true
description: "Additional options that are passed to Maven for faster/stable execution"
##Global Variables we use in our CI scripts when using Gradle
GRADLE_OPTS:
value: "-Dorg.gradle.daemon=false"
description: "Additional options that are passed to gradle for faster/stable execution"
GRADLE_IMAGE:
value: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-java-maven-base-image:java11-maven3.8.3_latest
description: "Default Image to use in Gradle Jobs"
# Currently, we use the Maven image and use the Gradle Wrapper. This is slower but more compatible to your gradle scripts.
# Please Update your Gradle Wrapper from time to time. Use Renovate to automat that task.
##Set default directories for frontend and backend templates
FRONTEND_DIR:
value: $CI_PROJECT_DIR
description: "Default directories for the Frontend when having a frontend and a backend within your repo"
BACKEND_DIR:
value: $CI_PROJECT_DIR
description: "Default directories for the Backend when having a frontend and a backend within your repo"

37
templates/container/container-build.gitlab-ci.yml Normal file
View File

@ -0,0 +1,37 @@
.container-build-common:
stage: build
variables:
CONTEXT_LOCATION: $CI_PROJECT_DIR
EXTRA_ARGS: ""
artifacts:
paths:
- image.tar
.container-build-jib-maven:
extends: .container-build-common
image: $MAVEN_IMAGE
script:
- cd $CONTEXT_LOCATION
- mvn $MAVEN_CLI_OPTS jib:buildTar -DskipTests $EXTRA_ARGS
.container-build-jib-gradle:
extends: .container-build-common
image: $GRADLE_IMAGE
variables:
EXTRA_ARGS: $GRADLE_EXTRA_ARGS
script:
- cd $CONTEXT_LOCATION
- ./gradlew $GRADLE_CLI_OPTS jibBuildTar -DskipTests $EXTRA_ARGS
.container-build-kaniko:
extends: .container-build-common
image:
name: gcr.io/kaniko-project/executor:v1.8.0-debug
entrypoint: [ "" ]
variables:
DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile
REGISTRY_MIRROR: --registry-mirror nexus.corp.exxcellent.de:18000 --skip-tls-verify-registry nexus.corp.exxcellent.de:18000 --skip-tls-verify
script:
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"$DOCKER_REGISTRY\":{\"username\":\"$DOCKER_REGISTRY_USER\",\"password\":\"$DOCKER_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
- /kaniko/executor --context $CONTEXT_LOCATION --dockerfile $DOCKERFILE_LOCATION --no-push --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA $EXTRA_ARGS $REGISTRY_MIRROR --tarPath image.tar

28
templates/container/container-publish.gitlab-ci.yml Normal file
View File

@ -0,0 +1,28 @@
.container-publish:
stage: release
image:
name: quay.io/containers/skopeo:v1.5.2
entrypoint: [ "" ]
variables:
CONTAINER_REGISTRY: $CI_REGISTRY_IMAGE
CONTAINER_REGISTRY_USER: $CI_REGISTRY_USER
CONTAINER_REGISTRY_PASSWORD: $CI_REGISTRY_PASSWORD
EXTRA_PATH: ""
rules:
- if: $CI_COMMIT_TAG
variables:
IMAGE_TAG: $CI_COMMIT_TAG
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
variables:
IMAGE_TAG: $CI_COMMIT_SHORT_SHA
EXTRA_PATH: "/snapshot"
- if: $CI_COMMIT_REF_NAME ~= "feat"
variables:
IMAGE_TAG: $CI_COMMIT_SHORT_SHA
EXTRA_PATH: "/feat/$CI_COMMIT_REF_NAME"
- when: never
script:
- skopeo login --username $CONTAINER_REGISTRY_USER --password $CONTAINER_REGISTRY_PASSWORD $CONTAINER_REGISTRY --tls-verify=false
- skopeo copy "docker-archive:image.tar" "docker://${CONTAINER_REGISTRY}${EXTRA_PATH}:${IMAGE_TAG}" --dest-tls-verify=false
#TODO wir müssen noch den aktuell Tag bekommen damit wir den setzen können. (in default oder feat ausgeführt wird)

19
templates/container/container-scan.gitlab-ci.yml Normal file
View File

@ -0,0 +1,19 @@
.container-scan-trivy:
image:
name: docker.io/aquasec/trivy:0.24.2
entrypoint: [ "" ]
stage: verify
variables:
IMAGE_PATH: $CI_PROJECT_DIR/image.tar
EXITCODE: 1
TRIVY_EXTRA_ARGS: "--no-progress --ignore-unfixed --severity HIGH,CRITICAL --input image.tar"
cache:
paths:
- .trivycache/
artifacts:
reports:
junit: junit-report.xml
script:
# Builds report and puts it in the default workdir $CI_PROJECT_DIR, so artifacts: can take it from there
- trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code 0 --format template --template "/contrib/junit.tpl" -o junit-report.xml
- trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code $EXITCODE

20
tool-documentation.gitlab-ci.yml → templates/documentations/documentation.gitlab-ci.yml
View File

@ -1,4 +1,4 @@
.documentation-tool-template:
.documentation-tool-common:
image: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-documentation-tool:1.6.1
variables:
REV_NUMBER: $CI_COMMIT_SHORT_SHA
@ -12,21 +12,23 @@
- generate --type html
- generate --type pdf
.check_confluence_validity-template:
extends: .documentation-tool-template
stage: generate-docs
.documentation-ckeck-confluence-validity:
extends: .documentation-tool-common
stage: verify
needs: []
variables:
OUTPUT_DIR: merge_requests
script:
- check-validity
artifacts:
paths: [ merge_requests/ ]
rules:
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
script:
- check-validity
.pages-template:
extends: .documentation-tool-template
stage: generate-docs
.documentation-publish:
extends: .documentation-tool-common
stage: documentation
variables:
OUTPUT_DIR: public
script:

3
gradle-build-template.gitlab-ci.yml → templates/java/gradle/gradle-build.gitlab-ci.yml
View File

@ -2,7 +2,8 @@
stage: build
image: $GRADLE_IMAGE
script:
- "./gradlew --build-cache clean assemble $GRADLE_CLI_OPTS"
# todo increase version like maven set. OR Define Gradle skript to use ENV
- "./gradlew --build-cache assemble $GRADLE_CLI_OPTS"
artifacts:
expire_in: 2 weeks
when: on_success

13
templates/java/gradle/gradle-database-diff.gitlab-ci.yml Normal file
View File

@ -0,0 +1,13 @@
include:
local: "templates/java/java-common-db.gitlab-ci.yml"
.gradle-database-diff:
extends:
- .database-diff-common
image: $GRADLE_IMAGE
variables:
GRADLE_EXTRA_OPTS: ""
PATH_TO_DIFF: "build/db-diff.xml"
script:
- ./gradlew liquibase:update liquibase:diff $GRADLE_EXTRA_OPTS

2
gradle-test-template.gitlab-ci.yml → templates/java/gradle/gradle-test.gitlab-ci.yml
View File

@ -1,6 +1,6 @@
.gradle-test:
image: $GRADLE_IMAGE
stage: test
stage: verify
script:
- "./gradlew --build-cache test $GRADLE_CLI_OPTS"
artifacts:

13
templates/java/java-common-db.gitlab-ci.yml Normal file
View File

@ -0,0 +1,13 @@
.database-diff-common:
stage: verify
artifacts:
when: on_failure
expire_in: 2 weeks
paths:
- $PATH_TO_DIFF
after_script:
- >
if grep -x '<databaseChangeLog .*/>' $PATH_TO_DIFF;
then printf 'Found no Difference in DB-Diff.\n'; exit 0;
else printf 'DB-Diff has Found changes.\n'; exit 1;
fi

5
maven-build-template.gitlab-ci.yml → templates/java/maven/maven-build.gitlab-ci.yml
View File

@ -1,6 +1,11 @@
.maven-build:
stage: build
image: $MAVEN_IMAGE
before_script:
- >
if [ "$CI_COMMIT_TAG" != "" ]; then
mvn $MVN_EXTRA_ARGS $MAVEN_CLI_OPTS versions:set -DnewVersion=$CI_COMMIT_TAG -DgenerateBackupPoms=false
fi
script:
- mvn $MAVEN_CLI_OPTS package -DskipTests
artifacts:

12
templates/java/maven/maven-database-diff.gitlab-ci.yml Normal file
View File

@ -0,0 +1,12 @@
include:
local: "templates/java/java-common-db.gitlab-ci.yml"
.maven-database-diff:
extends:
- .database-diff-common
image: $MAVEN_IMAGE
variables:
MAVEN_EXTRA_OPTS: ""
PATH_TO_DIFF: "target/db-diff.xml"
script:
- mvn compile liquibase:update liquibase:diff $MAVEN_EXTRA_OPTS

0
maven-dependencies-template.gitlab-ci.yml → templates/java/maven/maven-dependencies.gitlab-ci.yml
View File

2
maven-verify-template.gitlab-ci.yml → templates/java/maven/maven-verify.gitlab-ci.yml
View File

@ -1,6 +1,6 @@
.maven-test:
image: $MAVEN_IMAGE
stage: test
stage: verify
script:
- mvn $MAVEN_CLI_OPTS verify
artifacts:

7
npm-build-template.gitlab-ci.yml → templates/npm/npm-build.gitlab-ci.yml
View File

@ -1,6 +1,13 @@
.npm-build:
image: $NODE_IMAGE
stage: build
before_script:
#Todo this needs Testing!!
- >
if [ "$CI_COMMIT_TAG" != "" ]; then
npm --no-git-tag-version version from-git
fi
#Testing END
script:
- npm install
- npm run build

0
npm-dependencies-template.gitlab-ci.yml → templates/npm/npm-dependencies.gitlab-ci.yml
View File

2
npm-lint-template.gitlab-ci.yml → templates/npm/npm-lint.gitlab-ci.yml
View File

@ -1,6 +1,6 @@
.npm-lint:
image: $NODE_IMAGE
stage: test
stage: verify
before_script:
script:
- npm install -g eslint

2
npm-test-template.gitlab-ci.yml → templates/npm/npm-test.gitlab-ci.yml
View File

@ -1,6 +1,6 @@
.npm-test:
image: $NODE_IMAGE
stage: test
stage: verify
before_script:
- npm install -g rimraf karma
script:

2
mail-template.gitlab-ci.yml → templates/releasing/mail.gitlab-ci.yml
View File

@ -1,4 +1,4 @@
.send-mail:
.mail-send:
image: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-mail-tool:1.1.0
stage: send-mail
variables:

7
push-tag-and-version-template.gitlab-ci.yml → templates/releasing/push-tag-and-version.gitlab-ci.yml
View File

@ -8,8 +8,10 @@
before_script:
- setup-ssh
script:
- export VERSION="0.0.0"
- "[ -f ./$ARTIFACT ] && export VERSION=$(cat ./$ARTIFACT)"
- |
if [ -z ${VERSION+x} ]; then
[ -f ./$ARTIFACT ] && export VERSION=$(cat ./$ARTIFACT);
fi
- echo $VERSION
- pull
- echo $VERSION > $ARTIFACT
@ -20,3 +22,4 @@
mvn $MVN_EXTRA_ARGS $MAVEN_CLI_OPTS package
fi
- push $VERSION

15
templates/releasing/release-gitlab.gitlab-ci.yml Normal file
View File

@ -0,0 +1,15 @@
.release-create-gitlab:
stage: release
image: registry.gitlab.com/gitlab-org/release-cli:v0.11.0
rules:
- if: $CI_COMMIT_TAG
script:
- echo "running release_job"
- echo $DESCRIPTION
variables:
ADDITIONAL_CA_CERT_BUNDLE: $CI_SERVER_TLS_CA_FILE
release:
name: 'Release $CI_COMMIT_TAG'
description: "$DESCRIPTION"
tag_name: '$CI_COMMIT_TAG'
ref: '$CI_COMMIT_TAG'

33
templates/releasing/release.gitlab-ci.yml Normal file
View File

@ -0,0 +1,33 @@
.release-common:
stage: release
variables:
PARENT_PIPELINE_ID: $CI_PIPELINE_ID
trigger:
include: release.gitlab-ci.yml
strategy: depend
.release-default:
extends: .release-common
rules:
# Do not create Release Job when the job was triggered in a manual job
# This is so depending triggers can run successfully.
- if: '$CI_PIPELINE_SOURCE == "pipeline"'
when: never
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
when: manual
- if: $CI_COMMIT_REF_NAME == 'Templates2.0'
when: manual
#Do not make releases available in TAG CIs
- if: $CI_COMMIT_TAG
when: never
- when: never
.release-release-branch:
extends: .release-common
rules:
- if: $CI_COMMIT_REF_NAME =~ 'RELEASE'
when: manual
#Do not make releases available in TAG CIs
- if: $CI_COMMIT_TAG
when: never
- when: never

7
set-version-template.gitlab-ci.yml → templates/releasing/set-version.gitlab-ci.yml
View File

@ -4,12 +4,15 @@
variables:
BUMP_VERSION: "major"
PREFIX: ""
OUTPUT: version
OUTPUT: "version.env"
SIMPLIFY: "false"
TAG: "false"
MODE: "next_version"
script:
- increase-version
- echo "VERSION=$(cat $OUTPUT)" > $OUTPUT
- cat $OUTPUT
artifacts:
paths:
reports:
dotenv:
- $OUTPUT

11
templates/static-analysis/license.gitlab-ci.yml Normal file
View File

@ -0,0 +1,11 @@
.license-license:
stage: verify
rules:
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
- if: $CI_COMMIT_REF_NAME =~ "RELEASE"
- if: $CI_COMMIT_REF_NAME == "Templates2.0"
- when: never
needs: []
trigger:
include: license.gitlab-ci.yml
strategy: depend

6
repo-cve-scan.gitlab-ci.yml → templates/static-analysis/repo-cve-scan-trivy.gitlab-ci.yml
View File

@ -1,13 +1,13 @@
.repo_cve_scan:
.repo-cve-scan-trivy:
image:
name: docker.io/aquasec/trivy:0.25.1
entrypoint: [ "" ]
stage: test
stage: verify
needs: []
variables:
SCAN_PATH: "."
EXITCODE: 1
TRIVY_EXTRA_ARGS: "--no-progress --ignore-unfixed --severity HIGH,CRITICAL"
SCAN_PATH: "."
cache:
paths:
- .trivycache/

6
tool-sonar7.gitlab-ci.yml → templates/static-analysis/sonar.gitlab-ci.yml
View File

@ -1,5 +1,5 @@
.sonar-template-common:
stage: test
stage: verify
variables:
SONAR_HOST_URL: http://sonar7.exxcellent.de/sonar7
SONAR_PROJECT_KEY: ""
@ -9,7 +9,7 @@
SONAR_QUERY_MAX_ATTEMPTS_BUILD_BREAKER: "30"
SONAR_QUERY_INTERVAL_BUILD_BREAKER: "10000"
.sonar-template:
.sonar-maven:
extends: .sonar-template-common
image: $MAVEN_IMAGE
script:
@ -23,7 +23,7 @@
"-Dsonar.buildbreaker.queryMaxAttempts=$SONAR_QUERY_MAX_ATTEMPTS_BUILD_BREAKER"
"-Dsonar.buildbreaker.queryInterval=$SONAR_QUERY_INTERVAL_BUILD_BREAKER"
.sonar-template-gradle:
.sonar-gradle:
extends: .sonar-template-common
image: $GRADLE_IMAGE
script: