--- print-postgis-service-logs: when: manual variables: CI_DEBUG_SERVICES: "true" services: - name: postgis/postgis:15-3.4@sha256:6a6eb58d25a331da1d2532412641330b064ffec33f294aa5a7812fe26a6ed2f3 alias: db variables: POSTGRES_DB: postgres POSTGRES_USER: postgres POSTGRES_PASSWORD: postgres POSTGRES_HOST_AUTH_METHOD: trust script: - echo 'hello!!' docker-build-image-dind: rules: - when: manual variables: BUILDER_NAME: tmp-$CI_JOB_ID DOCKER_VERSION: '26.1.2' GIT_DEPTH: '1' IMAGE_NAME: $CI_PROJECT_NAME IMAGE_TAG: $CI_COMMIT_SHORT_SHA PLATFORM: linux/amd64 services: - docker:$DOCKER_VERSION-dind image: library/docker:DOCKER_VERSION-cli-alpine3.19 before_script: - docker info - docker buildx create --driver 'docker-container' --name "$BUILDER_NAME" --use script: - docker buildx build --platform "$PLATFORM" --tag "$IMAGE_NAME/$IMAGE_TAG" '.' after_script: - docker buildx rm "$BUILDER_NAME" powerpipe-report: # Strongly suggested to just create your own image for this. # Initializing it from scratch alone takes me about 8 mins. stage: test rules: - when: manual variables: DEBIAN_FRONTEND: noninteractive POWERPIPE_MOD_LOCATION: /home/piper/powerpipe POWERPIPE_TELEMETRY: none POWERPIPE_UPDATE_CHECK: 'false' POWERPIPE_VERSION: v0.3.0 STEAMPIPE_MOD_LOCATION: /home/piper/steampipe STEAMPIPE_TELEMETRY: none STEAMPIPE_UPDATE_CHECK: 'false' STEAMPIPE_VERSION: v0.23.2 image: library/debian:12.5-slim@sha256:804194b909ef23fb995d9412c9378fb3505fe2427b70f3cc425339e48a828fca before_script: - |- : "${AWS_ACCESS_KEY_ID?required}" : "${AWS_SECRET_ACCESS_KEY?required}" - adduser --disabled-password --gecos '' --shell '/bin/sh' 'piper' - apt update - apt install --assume-yes --no-install-recommends 'curl' 'ca-certificates' - curl -fsSL -O 'https://steampipe.io/install/steampipe.sh' -O 'https://powerpipe.io/install/powerpipe.sh' - su piper -c "mkdir -pv '$STEAMPIPE_MOD_LOCATION' '$POWERPIPE_MOD_LOCATION'" - /bin/sh steampipe.sh "$STEAMPIPE_VERSION" - /bin/sh powerpipe.sh "$POWERPIPE_VERSION" - su piper -c "steampipe service start --database-listen 'local'" script: - su piper -c "steampipe plugin install 'aws'" - su piper -c "powerpipe mod install 'github.com/turbot/steampipe-mod-aws-compliance'" - su piper -c "powerpipe benchmark run 'aws_compliance.benchmark.gdpr' --export 'nunit3'" artifacts: when: always expire_in: 1 week reports: # not a junit, so useless, but hey… junit: "*.nunit3.xml" pulumi update: stage: deploy rules: # This job should only be created for changes to the main branch, and only if any program-related file changed. - if: >- $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "push" changes: paths: - infra/*.ts - infra/packages.json - when: never interruptible: false variables: PULUMI_BACKEND_URL: file://. PULUMI_PROJECT_DIR: infra PULUMI_STACK: dev image: name: ${ECR_REPO_URL}/pulumi/pulumi-nodejs:3.120.0@sha256:b4806aaddda0b79e33fab4b7c12a4ecbf43657db2e392f35b5b4bcff3e7c7ba0 pull_policy: if-not-present before_script: # Run everything from the (sub)project's directory so all is confined there. - cd "${CI_PROJECT_DIR}/${PULUMI_PROJECT_DIR}" # Install dependencies anew. # Make sure no packages-lock or yarn-lock files are in the folder. # Make sure the dependencies reflect the needs of the pulumi project. - pulumi install # Pulumi's backend is set by the default ENV, no need to login here. - pulumi stack select "${PULUMI_STACK:?required but not set}" - pulumi about script: - >- pulumi update --yes --non-interactive --verbose '3' --parallel "${THREADS:-$(nproc)}" do-it-again: retry: max: 2 when: runner_system_failure