default:
interruptible: true
retry:
max: 2
when:
- runner_system_failure
- unknown_failure
- api_failure
stages:
- lint
- test
- build
- tag
- publish
variables: &default-vars
GIT_STRATEGY: fetch
GIT_DEPTH: 100
CARGO_INCREMENTAL: 0
CARGO_TARGET_DIR: "/ci-cache/${CI_PROJECT_NAME}/targets/${CI_COMMIT_REF_NAME}/${CI_JOB_NAME}"
CI_IMAGE: "paritytech/ci-linux:production"
CARGO_UNLEASH_INSTALL_PARAMS: "--version 1.0.0-alpha.13"
CARGO_UNLEASH_PKG_DEF: ""
VAULT_SERVER_URL: "https://vault.parity-mgmt-vault.parity.io"
VAULT_AUTH_PATH: "gitlab-parity-io-jwt"
VAULT_AUTH_ROLE: "cicd_gitlab_parity_${CI_PROJECT_NAME}"
.publish-refs: &publish-refs
rules:
- if: $CI_PIPELINE_SOURCE == "web"
- if: $CI_PIPELINE_SOURCE == "schedule"
- if: $CI_COMMIT_REF_NAME == "master"
- if: $CI_COMMIT_REF_NAME == "main"
- if: $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/
.vault-secrets: &vault-secrets
secrets:
CRATES_TOKEN:
vault: cicd/gitlab/$CI_PROJECT_PATH/CRATES_TOKEN@kv
file: false
GITHUB_SSH_PRIV_KEY:
vault: cicd/gitlab/$CI_PROJECT_PATH/GITHUB_SSH_PRIV_KEY@kv
file: false
GITHUB_USER:
vault: cicd/gitlab/parity/GITHUB_USER@kv
file: false
NPM_TOKEN:
vault: cicd/gitlab/$CI_PROJECT_PATH/NPM_TOKEN@kv
file: false
.rust-info-script: &rust-info-script
- rustup show
- cargo --version
- rustup +nightly show
- cargo +nightly --version
- bash --version
- sccache -s
.docker-env: &docker-env
image: "${CI_IMAGE}"
before_script:
- *rust-info-script
- ./scripts/ci/pre_cache.sh
- sccache -s
tags:
- linux-docker
.kubernetes-env: &kubernetes-env
image: "${CI_IMAGE}"
tags:
- kubernetes-parity-build
.collect-artifacts: &collect-artifacts
artifacts:
name: "${CI_JOB_NAME}_${CI_COMMIT_REF_NAME}"
when: on_success
expire_in: 28 days
paths:
- ./artifacts/
fmt:
stage: lint
<<: *docker-env
script:
- cargo +nightly fmt --all -- --check
clippy:
stage: lint
<<: *docker-env
script:
- cargo +nightly clippy --all --verbose
deny:
stage: test
<<: *docker-env
<<: *collect-artifacts
script:
- cargo deny check --hide-inclusion-graph -c scripts/ci/deny.toml
after_script:
- mkdir -p ./artifacts
- echo "___Complete logs can be found in the artifacts___"
- cargo deny check --hide-inclusion-graph 2> cargo_deny.log
test:
stage: test
<<: *docker-env
script:
- cargo test --all --verbose
build:
stage: build
<<: *docker-env
script:
- cargo build --no-default-features --target wasm32-unknown-unknown --verbose
tag-job:
stage: tag
<<: *kubernetes-env
<<: *vault-secrets
<<: *publish-refs
script:
- apt-get update && apt-get install -y ssh
- eval $(ssh-agent)
- ssh-add - <<< ${GITHUB_SSH_PRIV_KEY}
- mkdir ~/.ssh && touch ~/.ssh/known_hosts
- ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts
- export CURRENT_TAG=$(git describe --tags --abbrev=0)
- export PKG_VER=v$(cat Cargo.toml | grep -A 5 package] | grep version | cut -d '=' -f 2 | tr -d '"' | tr -d " ")
- echo "Current tag $CURRENT_TAG"
- echo "Package version $PKG_VER"
- git config user.name "${GITHUB_USER}"
- git config user.email "devops-team@parity.io"
- git config remote.origin.url "git@github.com:/paritytech/${CI_PROJECT_NAME}.git"
- git config remote.origin.fetch "+refs/heads/*:refs/remotes/origin/*"
- if [ $CURRENT_TAG == $PKG_VER ];
then
echo "Tag is up to date. Nothing to do.";
export TAG=old;
else
echo "Tag was updated.";
git tag -a $PKG_VER -m "new tag";
git log --tags --simplify-by-decoration --pretty="format:%ci %d";
git push origin --tags;
export TAG=new;
fi
- echo "TAG=$TAG" > tag.env;
artifacts:
reports:
dotenv: tag.env
unleash-to-crates-io:
stage: publish
<<: *docker-env
<<: *vault-secrets
<<: *publish-refs
script:
- echo $TAG
- if [ $TAG == "new" ];
then
echo "Publishing to crates.io";
cargo install cargo-unleash ${CARGO_UNLEASH_INSTALL_PARAMS};
cargo unleash em-dragons --no-check --owner github:paritytech:core-devs ${CARGO_UNLEASH_PKG_DEF};
else
echo "Tag was not updated. Not releasing.";
fi
publish-npmjs:
stage: publish
<<: *kubernetes-env
<<: *vault-secrets
<<: *publish-refs
variables:
CI_IMAGE: "node:16"
script:
- echo $TAG
- if [ $TAG == "new" ];
then
echo "------------Publishing to npmjs------------";
npm install;
npm run build;
cd npm_dist/;
echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > .npmrc;
npm publish --access public;
cd ..;
echo "------------Configuring git------------";
eval $(ssh-agent);
ssh-add - <<< ${GITHUB_SSH_PRIV_KEY};
mkdir ~/.ssh && touch ~/.ssh/known_hosts;
ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts;
git config user.name "${GITHUB_USER}";
git config user.email "devops-team@parity.io";
git config remote.origin.url "git@github.com:/paritytech/${CI_PROJECT_NAME}.git";
git config remote.origin.fetch "+refs/heads/*:refs/remotes/origin/*";
echo "------------Pushing package.json and package-lock.json to github------------";
git branch tmp;
git checkout main || git checkout master;
git add package.json;
git add package-lock.json;
git commit -m "[skip ci] Update package.json and package-lock.json";
git push;
else
echo "Tag was not updated. Not publishing.";
fi