.gitlab-ci.yml

image: ${DEVOPS_REGISTRY}usgs/centos:latest

stages:
  - test
  - integration
  - scan
  - deploy

variables:
  CI_REGISTRY: ${CODE_REGISTRY}
  CI_REGISTRY_IMAGE: ${CODE_REGISTRY_IMAGE}
  TRIVY_VERSION: "0.11.0"
  # docker variables
  DOCKER_DRIVER: overlay2
  FROM_IMAGE: ${CODE_REGISTRY}/devops/images/usgs/centos:latest
  # environment variables
  APP_NAME: geomag-algorithms
  DATA_HOST: "cwbpub.cr.usgs.gov"
  DATA_PORT: "2060"
  DATA_TYPE: "edge"

## --------------------------------------------------
# Templates
## --------------------------------------------------

.adjust_image_names:
  before_script:
    - IMAGE_NAME=usgs/${APP_NAME}:${CI_COMMIT_REF_SLUG}
    - IMAGE_NAME=${IMAGE_NAME/:master/:latest}
    - INTERNAL_IMAGE_NAME=${CI_REGISTRY_IMAGE}/${IMAGE_NAME}
    - STACK_NAME=${APP_NAME}

.build_docker_image:
  cache: {}
  extends:
    - .adjust_image_names
  image: docker:19.03-git
  only:
    - master@ghsc/geomag/geomag-algorithms
    - production@ghsc/geomag/geomag-algorithms
    - tags@ghsc/geomag/geomag-algorithms
  script:
    - docker build
      --pull
      --build-arg FROM_IMAGE=${FROM_IMAGE}
      --build-arg GIT_BRANCH_NAME=${CI_COMMIT_REF_NAME}
      --build-arg GIT_COMMIT_SHA=${CI_COMMIT_SHA}
      --tag local/${IMAGE_NAME} .

    - docker tag local/${IMAGE_NAME} ${IMAGE_NAME}
    - docker push ${IMAGE_NAME}
    - docker image rm ${IMAGE_NAME}

    - docker tag local/${IMAGE_NAME} ${INTERNAL_IMAGE_NAME}
    - docker push ${INTERNAL_IMAGE_NAME}
    - docker image rm ${INTERNAL_IMAGE_NAME}
  services:
    - docker:19.03-dind
  stage: integration
  tags:
    - build

.check_code:
  cache: {}
  image: ${DEVOPS_REGISTRY}usgs/conda:latest
  script:
    - export PYTHON_VERSION=${PYTHON_VERSION:-3.8}
    - scripts/ci_check_code.sh
  artifacts:
    paths:
      - cov.xml
    reports:
      junit: cov.xml
  stage: test
  tags:
    - development

.deploy:
  cache: {}
  extends:
    - .adjust_image_names
  image: ${CODE_REGISTRY}/ghsc/hazdev/cloud-formation/hazdev-build-runner:latest
  script:
    - git clone ${GENERIC_SWARM_DEPLOY_REPO} generic-deploy
    - cp -v
      generic-deploy/default.config.sh
      generic-deploy/default.funcs.sh
      generic-deploy/deploy.sh
      scripts/.

    - export APP_NAME=${APP_NAME}
    - export IMAGE_NAME=${IMAGE_NAME}
    - export REGISTRY=${CI_REGISTRY_IMAGE}
    - export STACK_NAME=${APP_NAME}
    - ./scripts/deploy.sh
  stage: deploy
  tags:
    - deploy
    - swarm

.mage:
  variables:
    DATA_HOST: "cwbpub.cr.usgs.gov"
    DATA_PORT: "2060"
    DATA_TYPE: "edge"

.staging:
  only:
    - master@ghsc/geomag/geomag-algorithms
    - tags@ghsc/geomag/geomag-algorithms

.production:
  except:
    - ^.*beta.*$
    - ^.*-rc.*$
  only:
    - tags@ghsc/geomag/geomag-algorithms
    - production@ghsc/geomag/geomag-algorithms
  when: manual

## --------------------------------------------------
# Test Stage
## --------------------------------------------------

Check Python 3.6:
  extends:
    - .check_code
  script:
    - export PYTHON_VERSION=3.6
    - scripts/ci_check_code.sh

Check Python 3.7:
  extends:
    - .check_code
  script:
    - export PYTHON_VERSION=3.7
    - scripts/ci_check_code.sh

Check Python 3.8:
  extends:
    - .check_code
  script:
    - export PYTHON_VERSION=3.8
    - scripts/ci_check_code.sh

## --------------------------------------------------
# Integration Stage
## --------------------------------------------------

Build Docker Image:
  extends:
    - .build_docker_image
  variables:
    APP_NAME: geomag-algorithms

## --------------------------------------------------
# Scanning Stage (e.g. OWASP ZAP etc...)
## --------------------------------------------------

Scan Docker Image:
  cache: {}
  extends:
    - .adjust_image_names
  image: docker:19.03-git
  only:
    - master@ghsc/geomag/geomag-algorithms
    - production@ghsc/geomag/geomag-algorithms
    - tags@ghsc/geomag/geomag-algorithms
  script:
    # install trivy
    - wget https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
    - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
    # run trivy
    - ./trivy --exit-code 0 --no-progress ${INTERNAL_IMAGE}
  services:
    - docker:19.03-dind
  stage: scan
  tags:
    - build

## --------------------------------------------------
# Deploy Stage
## --------------------------------------------------

Deploy Mage01:
  extends:
    - .deploy
    - .staging
  tags:
    - deploy
    - swarm
    - mage01
  variables:
    APP_NAME: geomag-algorithms

Deploy Mage02:
  extends:
    - .deploy
    - .production
  tags:
    - deploy
    - swarm
    - mage02
  variables:
    APP_NAME: geomag-algorithms

Deploy Algorithms Production01:
  extends:
    - .deploy
    - .production
  tags:
    - deploy
    - swarm
    - production01
  variables:
    APP_NAME: geomag-algorithms

Deploy Algorithms Production02:
  extends:
    - .deploy
    - .production
  tags:
    - deploy
    - swarm
    - production02
  variables:
    APP_NAME: geomag-algorithms

Deploy Algorithms Staging01:
  extends:
    - .deploy
    - .staging
  tags:
    - deploy
    - swarm
    - staging01
  variables:
    APP_NAME: geomag-algorithms

Deploy Algorithms Staging02:
  extends:
    - .deploy
    - .staging
  tags:
    - deploy
    - swarm
    - staging02
  variables:
    APP_NAME: geomag-algorithms