image: tcitworld/mobilizon-ci stages: - install - check - build-js - sentry - test - build - upload - deploy variables: MIX_ENV: "test" # DB Variables for Postgres / Postgis POSTGRES_DB: mobilizon_test POSTGRES_USER: postgres POSTGRES_PASSWORD: postgres POSTGRES_HOST: postgres # DB Variables for Mobilizon MOBILIZON_DATABASE_USERNAME: $POSTGRES_USER MOBILIZON_DATABASE_PASSWORD: $POSTGRES_PASSWORD MOBILIZON_DATABASE_DBNAME: $POSTGRES_DB MOBILIZON_DATABASE_HOST: $POSTGRES_HOST GEOLITE_CITIES_PATH: "/usr/share/GeoIP/GeoLite2-City.mmdb" MOBILIZON_INSTANCE_REGISTRATIONS_OPEN: "true" # Release elements PACKAGE_REGISTRY_URL: "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}" ARCH: "amd64" EXPORT_FORMATS: "csv,ods,pdf" APP_VERSION: "${CI_COMMIT_REF_NAME}" APP_ASSET: "${CI_PROJECT_NAME}_${CI_COMMIT_REF_NAME}_${ARCH}.tar.gz" cache: key: "${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}" paths: - deps/ - _build/ - node_modules - .npm # Installed dependencies are cached across the pipeline # So there is no need to reinstall them all the time # It saves minutes during a pipeline build time install: stage: install script: - npm ci - mix deps.get - mix compile lint-elixir: stage: check before_script: - mix deps.get script: - export EXITVALUE=0 - git fetch origin ${CI_DEFAULT_BRANCH} - TARGET_SHA1=$(git show-ref -s ${CI_DEFAULT_BRANCH}) - echo "$TARGET_SHA1" - mix format --check-formatted --dry-run || export EXITVALUE=1 - mix credo diff --from-git-merge-base $TARGET_SHA1 --strict -a || export EXITVALUE=1 - mix sobelow --config || export EXITVALUE=1 - exit $EXITVALUE artifacts: reports: codequality: codeclimate.json lint-front: image: node:20 stage: check before_script: - export EXITVALUE=0 - npm ci script: - npm run lint || export EXITVALUE=1 - npx prettier -c . || export EXITVALUE=1 - exit $EXITVALUE build-frontend: stage: build-js image: node:20 before_script: - apt update - apt install -y --no-install-recommends python3 build-essential webp imagemagick gifsicle jpegoptim optipng pngquant script: - npm install --frozen-lockfile - npm run build artifacts: expire_in: 5 days paths: - priv/static needs: - lint-front sentry-commit: stage: sentry image: getsentry/sentry-cli script: - echo "Create a new release $CI_COMMIT_TAG" - sentry-cli releases new $CI_COMMIT_TAG - sentry-cli releases set-commits $CI_COMMIT_TAG --auto - sentry-cli releases files $CI_COMMIT_TAG upload-sourcemaps priv/static/assets/ - sentry-cli releases finalize $CI_COMMIT_TAG - echo "Finalized release for $CI_COMMIT_TAG" needs: - build-frontend only: - tags@framasoft/mobilizon deps: stage: check before_script: - mix deps.get script: - export EXITVALUE=0 - mix hex.outdated || export EXITVALUE=1 - npm outdated || export EXITVALUE=1 - exit $EXITVALUE allow_failure: true needs: - install exunit: stage: test services: - name: postgis/postgis:16-3.4 alias: postgres variables: MIX_ENV: test before_script: - mix deps.get - mix compile - mix tz_world.update - mix ecto.create - mix ecto.migrate script: - mix coveralls artifacts: when: always reports: junit: - test-junit-report.xml expire_in: 30 days vitest: stage: test needs: - lint-front before_script: - npm install --frozen-lockfile script: - npm run coverage --reporter=default --reporter=junit --outputFile.junit=./junit.xml artifacts: when: always paths: - coverage reports: junit: - junit.xml expire_in: 30 days e2e: stage: test services: - name: postgis/postgis:16-3.4 alias: postgres variables: MIX_ENV: "e2e" before_script: - mix deps.get - mix ecto.create - mix ecto.migrate - mix run priv/repo/e2e.seed.exs - npm install && npm run build && npx playwright install - mix phx.digest script: - mix phx.server & - npx wait-on http://localhost:4000 - npx playwright test --project $BROWSER parallel: matrix: - BROWSER: ["firefox", "chromium"] artifacts: expire_in: 2 days paths: - playwright-report/ - test-results/ pages: stage: deploy script: - mv public public-mbz - mkdir public - mix deps.get - mix docs - mv doc public/backend # #- npm run styleguide:build # #- mv styleguide public/frontend rules: - if: '$CI_COMMIT_BRANCH == "main"' artifacts: expire_in: 1 hour paths: - public .docker: &docker stage: build image: docker:24 variables: DOCKER_TLS_CERTDIR: "/certs" DOCKER_HOST: tcp://docker:2376 DOCKER_TLS_VERIFY: 1 DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client" DOCKER_DRIVER: overlay2 DOCKER_CLI_EXPERIMENTAL: enabled services: - docker:24-dind cache: {} before_script: # Install buildx - wget https://github.com/docker/buildx/releases/download/v0.11.2/buildx-v0.11.2.linux-amd64 - mkdir -p ~/.docker/cli-plugins/ - mv buildx-v0.11.2.linux-amd64 ~/.docker/cli-plugins/docker-buildx - chmod a+x ~/.docker/cli-plugins/docker-buildx # Create env - docker context create tls-environment - docker buildx create --use tls-environment # Install qemu/binfmt - docker pull tonistiigi/binfmt:latest - docker run --rm --privileged tonistiigi/binfmt:latest --install all # Install jq - apk --no-cache add jq # Login to DockerHub - mkdir -p ~/.docker - echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$CI_REGISTRY_AUTH\",\"email\":\"$CI_REGISTRY_EMAIL\"}}}" > ~/.docker/config.json tags: - "privileged" build-docker-main: <<: *docker rules: - if: '$CI_PROJECT_NAMESPACE != "framasoft"' when: never - if: '$CI_PIPELINE_SOURCE == "schedule" || $CI_PIPELINE_TRIGGERED == "true"' script: - docker buildx build --platform linux/amd64 -t framasoft/mobilizon:main -f docker/production/Dockerfile . build-docker-tag: <<: *docker rules: &release-tag-rules - if: '$CI_PROJECT_NAMESPACE != "framasoft"' when: never - if: $CI_COMMIT_TAG != null when: on_success timeout: 3 hours script: - > docker buildx build --push --platform linux/${ARCH} --provenance=false --build-arg="${ERL_FLAGS}" -t framasoft/mobilizon:${CI_COMMIT_TAG}-${ARCH} -f docker/production/Dockerfile . parallel: matrix: - ARCH: ["amd64"] ERL_FLAGS: ["ERL_FLAGS="] - ARCH: ["arm64"] ERL_FLAGS: ["ERL_FLAGS=+JMsingle true"] # Create manifest and push docker-manifest-push: <<: *docker needs: ["build-docker-tag"] rules: &release-tag-rules - if: '$CI_PROJECT_NAMESPACE != "framasoft"' when: never - if: $CI_COMMIT_TAG != null when: on_success script: - > docker manifest create framasoft/mobilizon:${CI_COMMIT_TAG} --amend framasoft/mobilizon:${CI_COMMIT_TAG}-amd64 --amend framasoft/mobilizon:${CI_COMMIT_TAG}-arm64 - docker manifest push --purge framasoft/mobilizon:${CI_COMMIT_TAG} ### # Simply creating an alias to the tag doesn't work: # « xxx is a manifest list » # https://joonas.fi/2021/02/docker-multi-arch-image-tooling-buildx/ ### docker-latest: <<: *docker needs: ["docker-manifest-push"] rules: &release-tag-rules - if: '$CI_PROJECT_NAMESPACE != "framasoft"' when: never - if: $CI_COMMIT_TAG != null && $CI_COMMIT_TAG !~ /alpha|beta|rc/ when: on_success script: - echo docker manifest create framasoft/mobilizon:latest $(docker manifest inspect framasoft/mobilizon:$CI_COMMIT_TAG | jq '.manifests[] | .digest' | xargs -I {} echo framasoft/mobilizon@{}) - docker manifest create framasoft/mobilizon:latest $(docker manifest inspect framasoft/mobilizon:$CI_COMMIT_TAG | jq -r '.manifests[] | .digest' | xargs -I {} echo framasoft/mobilizon@{}) - docker manifest push --purge framasoft/mobilizon:latest # Packaging app for amd64 package-app: image: mobilizon/buildpack:1.16.1-erlang-26.2.2-${SYSTEM} stage: build variables: &release-variables MIX_ENV: "prod" DEBIAN_FRONTEND: noninteractive TZ: Etc/UTC APP_ASSET: "${CI_PROJECT_NAME}_${CI_COMMIT_REF_NAME}_${ARCH}.tar.gz" script: &release-script - mix local.hex --force - mix local.rebar --force - mix deps.get --only-prod - mix compile - mix phx.digest.clean --all && mix phx.digest - mix release --path release/mobilizon - cd release/mobilizon && ln -s lib/mobilizon-*/priv priv && cd ../../ - du -sh release/ - 'echo "Artifact: ${APP_ASSET}"' - tar czf ${APP_ASSET} -C release mobilizon - du -sh ${APP_ASSET} only: - tags@framasoft/mobilizon artifacts: expire_in: 2 days paths: - ${APP_ASSET} parallel: matrix: - SYSTEM: [ "debian-bookworm", "debian-bullseye", "debian-buster", "ubuntu-jammy", "ubuntu-focal", "fedora-38", "fedora-39", ] package-app-dev: stage: build variables: *release-variables script: *release-script except: - tags@framasoft/mobilizon artifacts: expire_in: 2 days paths: - ${APP_ASSET} # Packaging app for multi-arch package-multi-arch-release: stage: build image: docker:24 variables: DOCKER_TLS_CERTDIR: "/certs" DOCKER_HOST: tcp://docker:2376 DOCKER_TLS_VERIFY: 1 DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client" DOCKER_DRIVER: overlay2 APP_ASSET: "${CI_PROJECT_NAME}_${CI_COMMIT_REF_NAME}_${ARCH}.tar.gz" OS: debian-buster services: - docker:24-dind cache: {} before_script: # Install buildx - wget https://github.com/docker/buildx/releases/download/v0.11.2/buildx-v0.11.2.linux-amd64 - mkdir -p ~/.docker/cli-plugins/ - mv buildx-v0.11.2.linux-amd64 ~/.docker/cli-plugins/docker-buildx - chmod a+x ~/.docker/cli-plugins/docker-buildx # Create env - docker context create tls-environment - docker buildx create --use tls-environment # Install qemu/binfmt - docker pull tonistiigi/binfmt:latest - docker run --rm --privileged tonistiigi/binfmt:latest --install all script: - docker buildx build --platform linux/${ARCH} --output type=local,dest=releases --build-arg="ERL_FLAGS=+JMsingle true" --build-arg APP_ASSET=${APP_ASSET} -f docker/multiarch/Dockerfile . - ls -alh releases/mobilizon/ - du -sh releases/mobilizon/${APP_ASSET} - mv releases/mobilizon/${APP_ASSET} . tags: - "privileged" artifacts: expire_in: 2 days paths: - ${APP_ASSET} - erl_crash.dump # if there's a memory issue parallel: matrix: - ARCH: ["arm64"] ## Currently not used as the hexpm base images do not have support for other architectures than amd64 # SYSTEM: # [ # "debian-bookworm", # "debian-bullseye", # "ubuntu-jammy", # "ubuntu-focal", # "ubuntu-bionic", # "alpine-3.17.5", # "alpine-3.18.4", # "fedora-38", # "fedora-39", # ] rules: - if: '$CI_COMMIT_TAG != null || $CI_PIPELINE_SOURCE == "schedule" || $CI_PIPELINE_TRIGGERED == "true"' timeout: 3h allow_failure: true # Release release-upload: stage: upload image: framasoft/upload-packages:latest variables: APP_ASSET: "${CI_PROJECT_NAME}_${CI_COMMIT_REF_NAME}_${ARCH}.tar.gz" rules: - if: '$CI_PROJECT_NAMESPACE != "framasoft"' when: never script: - eval `ssh-agent -s` - ssh-add <(echo "${DEPLOYEMENT_KEY}" | base64 --decode -i) - echo "put -r ${APP_ASSET}" | sftp -o "VerifyHostKeyDNS yes" ${DEPLOYEMENT_USER}@${DEPLOYEMENT_HOST}:public/ artifacts: expire_in: 1 day when: on_success paths: - mobilizon_*.tar.gz parallel: matrix: - ARCH: ["amd64", "arm", "arm64"] allow_failure: true release-create: stage: deploy image: registry.gitlab.com/gitlab-org/release-cli:latest rules: - if: '$CI_PROJECT_NAMESPACE != "framasoft"' when: never variables: APP_ASSET_AMD64: "${CI_PROJECT_NAME}_${CI_COMMIT_REF_NAME}_amd64.tar.gz" APP_ASSET_ARM: "${CI_PROJECT_NAME}_${CI_COMMIT_REF_NAME}_arm.tar.gz" APP_ASSET_ARM64: "${CI_PROJECT_NAME}_${CI_COMMIT_REF_NAME}_arm64.tar.gz" before_script: - apk --no-cache add gawk sed grep script: | CHANGELOG=$(awk -v version="$APP_VERSION" '/^## / { printit = $2 == version }; printit' CHANGELOG.md | grep -v "## $APP_VERSION" | sed '1{/^$/d}') ENDPOINT="https://packages.joinmobilizon.org" release-cli create --name "$CI_COMMIT_TAG" \ --description "$CHANGELOG" \ --tag-name "$CI_COMMIT_TAG" \ --assets-link "{\"name\":\"${APP_ASSET_AMD64}\",\"url\":\"${ENDPOINT}/${CI_COMMIT_REF_NAME}/${APP_ASSET_AMD64}\"}" \ --assets-link "{\"name\":\"${APP_ASSET_ARM}\",\"url\":\"${ENDPOINT}/${CI_COMMIT_REF_NAME}/${APP_ASSET_ARM}\"}" \ --assets-link "{\"name\":\"${APP_ASSET_ARM64}\",\"url\":\"${ENDPOINT}/${CI_COMMIT_REF_NAME}/${APP_ASSET_ARM64}\"}"