brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
9f0144c04a4ab1eceee9121cbf7cef58bfa4f892
oam/snippets/gitlab/pipeline tasks.yml

120 lines
3.9 KiB
YAML
Raw Blame History

---
print-postgis-service-logs:
when: manual
variables:
CI_DEBUG_SERVICES: "true"
services:
- name: postgis/postgis:15-3.4@sha256:6a6eb58d25a331da1d2532412641330b064ffec33f294aa5a7812fe26a6ed2f3
alias: db
variables:
POSTGRES_DB: postgres
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_HOST_AUTH_METHOD: trust
script:
- echo 'hello!!'
docker-build-image-dind:
rules:
- when: manual
variables:
BUILDER_NAME: tmp-$CI_JOB_ID
DOCKER_VERSION: '26.1.2'
GIT_DEPTH: '1'
IMAGE_NAME: $CI_PROJECT_NAME
IMAGE_TAG: $CI_COMMIT_SHORT_SHA
PLATFORM: linux/amd64
services:
- docker:$DOCKER_VERSION-dind
image: library/docker:DOCKER_VERSION-cli-alpine3.19
before_script:
- docker info
- docker buildx create --driver 'docker-container' --name "$BUILDER_NAME" --use
script:
- docker buildx build --platform "$PLATFORM" --tag "$IMAGE_NAME/$IMAGE_TAG" '.'
after_script:
- docker buildx rm "$BUILDER_NAME"
powerpipe-report:
# Strongly suggested to just create your own image for this.
# Initializing it from scratch alone takes me about 8 mins.
stage: test
rules:
- when: manual
variables:
DEBIAN_FRONTEND: noninteractive
POWERPIPE_MOD_LOCATION: /home/piper/powerpipe
POWERPIPE_TELEMETRY: none
POWERPIPE_UPDATE_CHECK: 'false'
POWERPIPE_VERSION: v0.3.0
STEAMPIPE_MOD_LOCATION: /home/piper/steampipe
STEAMPIPE_TELEMETRY: none
STEAMPIPE_UPDATE_CHECK: 'false'
STEAMPIPE_VERSION: v0.23.2
image: library/debian:12.5-slim@sha256:804194b909ef23fb995d9412c9378fb3505fe2427b70f3cc425339e48a828fca
before_script:
- |-
: "${AWS_ACCESS_KEY_ID?required}"
: "${AWS_SECRET_ACCESS_KEY?required}"
- adduser --disabled-password --gecos '' --shell '/bin/sh' 'piper'
- apt update
- apt install --assume-yes --no-install-recommends 'curl' 'ca-certificates'
- curl -fsSL -O 'https://steampipe.io/install/steampipe.sh' -O 'https://powerpipe.io/install/powerpipe.sh'
- su piper -c "mkdir -pv '$STEAMPIPE_MOD_LOCATION' '$POWERPIPE_MOD_LOCATION'"
- /bin/sh steampipe.sh "$STEAMPIPE_VERSION"
- /bin/sh powerpipe.sh "$POWERPIPE_VERSION"
- su piper -c "steampipe service start --database-listen 'local'"
script:
- su piper -c "steampipe plugin install 'aws'"
- su piper -c "powerpipe mod install 'github.com/turbot/steampipe-mod-aws-compliance'"
- su piper -c "powerpipe benchmark run 'aws_compliance.benchmark.gdpr' --export 'nunit3'"
artifacts:
when: always
expire_in: 1 week
reports:
# not a junit, so useless, but hey…
junit: "*.nunit3.xml"
pulumi update:
stage: deploy
rules:
# This job should only be created for changes to the main branch, and only if any program-related file changed.
- if: >-
$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
&& $CI_PIPELINE_SOURCE == "push"
changes:
paths:
- infra/*.ts
- infra/packages.json
- when: never
interruptible: false
variables:
PULUMI_BACKEND_URL: file://.
PULUMI_PROJECT_DIR: infra
PULUMI_STACK: dev
image:
name: ${ECR_REPO_URL}/pulumi/pulumi-nodejs:3.120.0@sha256:b4806aaddda0b79e33fab4b7c12a4ecbf43657db2e392f35b5b4bcff3e7c7ba0
pull_policy: if-not-present
before_script:
# Run everything from the (sub)project's directory so all is confined there.
- cd "${CI_PROJECT_DIR}/${PULUMI_PROJECT_DIR}"
# Install dependencies anew.
# Make sure no packages-lock or yarn-lock files are in the folder.
# Make sure the dependencies reflect the needs of the pulumi project.
- pulumi install
# Pulumi's backend is set by the default ENV, no need to login here.
- pulumi stack select "${PULUMI_STACK:?required but not set}"
- pulumi about
script:
- >-
pulumi update --yes --non-interactive --verbose '3'
--parallel "${THREADS:-$(nproc)}"
do-it-again:
retry:
max: 2
when: runner_system_failure
Reference in New Issue View Git Blame Copy Permalink