mirror of
https://github.com/johndoe6345789/low-code-react-app-b.git
synced 2026-04-24 13:44:54 +00:00
274 lines
6.7 KiB
YAML
274 lines
6.7 KiB
YAML
version: 2.1
|
|
|
|
orbs:
|
|
node: circleci/node@5.2.0
|
|
node-executor:
|
|
- image: cimg/node:20.11
|
|
|
|
playwrig
|
|
node-executor:
|
|
docker:
|
|
- image: cimg/node:20.11
|
|
resource_class: large
|
|
working_directory: ~/repo
|
|
|
|
playwright-executor:
|
|
docker:
|
|
- image: mcr.microsoft.com/playwright:v1.57.0-jammy
|
|
resource_class: large
|
|
working_directory: ~/repo
|
|
|
|
descr
|
|
restore-dependencies:
|
|
description: 'Restore npm dependencies from cache'
|
|
steps:
|
|
save-dependencies:
|
|
keys:
|
|
- v1-dependencies-{{ checksum "package-lock.json" }}
|
|
- v1-dependencies-
|
|
|
|
install-dependencies:
|
|
description: 'Install npm dependencies'
|
|
steps:
|
|
- run:
|
|
- run:
|
|
command: npm run lint || echo "No lint
|
|
|
|
- notify-slack
|
|
test:
|
|
steps:
|
|
- restore-dep
|
|
- save-dep
|
|
name: Run unit t
|
|
- store_test_results:
|
|
|
|
destination:
|
|
|
|
execut
|
|
- checkout
|
|
- install-depen
|
|
- run:
|
|
|
|
root: .
|
|
- dist
|
|
|
|
- notify-slack-
|
|
e2e-test:
|
|
steps:
|
|
|
|
|
|
|
|
name: Install Pla
|
|
- ru
|
|
comman
|
|
path: playwright-r
|
|
path: playwright-r
|
|
- store_artifacts:
|
|
de
|
|
|
|
executor: node-executor
|
|
- chec
|
|
- install-dependencies
|
|
- run:
|
|
command: npm audit
|
|
|
|
test:
|
|
sudo apt-get up
|
|
steps:
|
|
comman
|
|
path: trivy-report
|
|
- notify-slack-on-fail
|
|
docker-build-and-push:
|
|
steps:
|
|
- setup_remote_docker:
|
|
- attach_workspace:
|
|
- store_test_results:
|
|
command: |
|
|
- run:
|
|
command: |
|
|
docker buildx inspe
|
|
name: Build multi-
|
|
|
|
|
|
--tag ghcr.io
|
|
|
|
- checkout
|
|
--tag ghcr.i
|
|
.
|
|
- notify-slack-on-f
|
|
- run:
|
|
steps:
|
|
- run:
|
|
command: |
|
|
root: .
|
|
-H
|
|
- dist
|
|
|
|
executor: node-e
|
|
- checkout
|
|
name: Deploy to pr
|
|
|
|
e2e-test:
|
|
-d "{\"image\":\"gh
|
|
steps:
|
|
workflows:
|
|
build-test-deploy:
|
|
- lint
|
|
requires:
|
|
- build:
|
|
- t
|
|
re
|
|
- security-scan:
|
|
- build
|
|
re
|
|
- test
|
|
filters:
|
|
only:
|
|
path: playwright-report
|
|
- store_artifacts:
|
|
path: playwright-report
|
|
destination: e2e-report
|
|
- store_artifacts:
|
|
path: test-results
|
|
destination: test-results
|
|
- notify-slack-on-fail
|
|
|
|
security-scan:
|
|
executor: node-executor
|
|
steps:
|
|
- checkout
|
|
- restore-dependencies
|
|
- install-dependencies
|
|
- save-dependencies
|
|
- run:
|
|
name: Run npm audit
|
|
command: npm audit --audit-level=moderate || true
|
|
- run:
|
|
name: Install Trivy
|
|
command: |
|
|
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
|
|
echo "deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
|
|
sudo apt-get update
|
|
sudo apt-get install trivy -y
|
|
- run:
|
|
name: Run Trivy scan
|
|
command: trivy fs --exit-code 0 --no-progress --format json --output trivy-report.json .
|
|
- store_artifacts:
|
|
path: trivy-report.json
|
|
destination: security/trivy-report.json
|
|
- notify-slack-on-fail
|
|
|
|
docker-build-and-push:
|
|
executor: docker/docker
|
|
steps:
|
|
- checkout
|
|
- setup_remote_docker:
|
|
docker_layer_caching: true
|
|
- attach_workspace:
|
|
at: .
|
|
- run:
|
|
name: Install QEMU
|
|
command: |
|
|
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
|
|
- run:
|
|
name: Set up Docker Buildx
|
|
command: |
|
|
docker buildx create --name multiarch --driver docker-container --use
|
|
docker buildx inspect --bootstrap
|
|
- run:
|
|
name: Build multi-arch Docker image
|
|
command: |
|
|
echo $DOCKER_PASSWORD | docker login ghcr.io -u $DOCKER_USERNAME --password-stdin
|
|
docker buildx build \
|
|
--platform linux/amd64,linux/arm64 \
|
|
--tag ghcr.io/$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME:$CIRCLE_BRANCH \
|
|
--tag ghcr.io/$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME:$CIRCLE_BRANCH-$CIRCLE_SHA1 \
|
|
--push \
|
|
.
|
|
if [ "$CIRCLE_BRANCH" = "main" ]; then
|
|
docker buildx build \
|
|
--platform linux/amd64,linux/arm64 \
|
|
--tag ghcr.io/$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME:latest \
|
|
--push \
|
|
.
|
|
fi
|
|
- notify-slack-on-fail
|
|
|
|
deploy-staging:
|
|
executor: node-executor
|
|
steps:
|
|
- checkout
|
|
- run:
|
|
name: Deploy to staging
|
|
command: |
|
|
echo "Deploying to staging environment..."
|
|
echo "Image: ghcr.io/$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME:develop-$CIRCLE_SHA1"
|
|
curl -X POST $STAGING_WEBHOOK_URL \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"image\":\"ghcr.io/$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME:develop\",\"sha\":\"$CIRCLE_SHA1\"}"
|
|
- notify-slack-on-success
|
|
- notify-slack-on-fail
|
|
|
|
deploy-production:
|
|
executor: node-executor
|
|
steps:
|
|
- checkout
|
|
- run:
|
|
name: Deploy to production
|
|
command: |
|
|
echo "Deploying to production environment..."
|
|
echo "Image: ghcr.io/$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME:latest"
|
|
curl -X POST $PRODUCTION_WEBHOOK_URL \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"image\":\"ghcr.io/$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME:latest\",\"sha\":\"$CIRCLE_SHA1\"}"
|
|
- notify-slack-on-success
|
|
- notify-slack-on-fail
|
|
|
|
workflows:
|
|
version: 2
|
|
build-test-deploy:
|
|
jobs:
|
|
- lint
|
|
- test:
|
|
|
|
- lint
|
|
- build:
|
|
|
|
- test
|
|
- e2e-test:
|
|
requires:
|
|
- build
|
|
- security-scan:
|
|
requires:
|
|
- build
|
|
- docker-build-and-push:
|
|
requires:
|
|
- build
|
|
- test
|
|
- security-scan
|
|
filters:
|
|
branches:
|
|
only:
|
|
- main
|
|
- develop
|
|
- deploy-staging:
|
|
requires:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|