├── README.md ├── gitlab-ci1.png ├── gitlab.jpg ├── job-log.png ├── job-status.png └── job-status1.png /README.md: -------------------------------------------------------------------------------- 1 |

GitLab CI for Rails

2 | 3 | ![](gitlab.jpg) 4 | 5 | GitLab CI/CD is GitLab’s built-in tool for software development using continuous methodology: 6 | 7 | Continuous integration (CI). 8 | Continuous delivery and deployment (CD). 9 | 10 | [Gitlab Documentation](https://docs.gitlab.com/ee/ci) 11 | 12 | ## Configure the project 13 | 14 | GitLab CI/CD pipelines are configured using a YAML file called .gitlab-ci.yml within each project. The .gitlab-ci.yml file defines the structure and order of the pipelines and determines: 15 | This is what the .gitlab-ci.yml file looks like for this project: 16 | 17 | ### Creating a .gitlab-ci.yml file 18 | 19 | The .gitlab-ci.yml file is where you configure what CI does with your project. It lives in the root of your repository. 20 | 21 | On any push to your repository, GitLab will look for the .gitlab-ci.yml file and start jobs on Runners according to the contents of the file, for that commit. 22 | 23 | ```yaml 24 | 25 | 26 | stages: 27 | - build 28 | # running build 29 | - linters 30 | # running code quality tools (rubocop, brakeman) 31 | - tests 32 | # running tests 33 | - scanners 34 | # image and application scanning 35 | - deploy 36 | # application deployment 37 | 38 | # All variables you will set up in your repo settings (Settings->CI/CD->Variables) 39 | variables: 40 | RAILS_MASTER_KEY: $RAILS_MASTER_KEY 41 | AWS_REGISTRY_URL: $AWS_REGISTRY_URL 42 | AWS_REGION: $AWS_REGION 43 | REGISTRY_IMAGE: $AWS_REGISTRY_URL:$CI_COMMIT_REF_SLUG 44 | REGISTRY_IMAGE_PRODUCTION: $AWS_REGISTRY_URL_PRODUCTION:$CI_COMMIT_REF_SLUG 45 | ECS_CLUSTER_STAGING: $ECS_CLUSTER_STAGING 46 | ECS_CLUSTER_PRODUCTION: $ECS_CLUSTER_PRODUCTION 47 | ECS_SERVICE_STAGING: $ECS_SERVICE_STAGING 48 | GITLEAKS_CONFIG: gitleaks.toml 49 | DOCKER_DRIVER: overlay2 50 | SENTRY_AUTH_TOKEN: $SENTRY_AUTH_TOKEN 51 | SENTRY_ORG: $SENTRY_ORG 52 | SENTRY_PROJECT: $SENTRY_PROJECT 53 | 54 | 55 | # Perform private ECR registry authentication 56 | .registry_auth: ®istry_auth 57 | image: public.ecr.aws/o0j8c5i3/codica:registry-auth-leaks 58 | before_script: 59 | - aws ecr get-login-password --region $AWS_REGION | docker login -u AWS --password-stdin $AWS_REGISTRY_URL 60 | 61 | 62 | # Rubocop linter 63 | rubocop: 64 | stage: linters 65 | needs: [Build] 66 | image: $REGISTRY_IMAGE_ID 67 | except: 68 | - master 69 | script: 70 | - bundle exec rubocop 71 | 72 | 73 | # Brakeman linter 74 | brakeman: 75 | stage: linters 76 | needs: [Build] 77 | image: $REGISTRY_IMAGE_ID 78 | except: 79 | - master 80 | script: 81 | - brakeman 82 | 83 | 84 | # Bundle audit 85 | bundle_audit: 86 | stage: linters 87 | needs: [Build] 88 | image: $REGISTRY_IMAGE_ID 89 | except: 90 | - master 91 | script: 92 | - bundle exec bundle-audit 93 | 94 | 95 | # Trivy to scan image vulnerabilities 96 | Trivy: 97 | stage: linters 98 | allow_failure: true 99 | image: 100 | name: aquasec/trivy:0.31.3 101 | entrypoint: [""] 102 | needs: [Build] 103 | except: 104 | - main 105 | script: 106 | - trivy image --security-checks vuln $REGISTRY_IMAGE_ID 107 | 108 | 109 | # Gitleaks to detect credentials leak 110 | Gitleaks: 111 | <<: *registry_auth 112 | stage: linters 113 | allow_failure: true 114 | needs: [] 115 | except: 116 | - main 117 | - master 118 | script: 119 | - gitleaks detect --verbose --no-git | jq -r '["Description:", .Description], ["File:", .File], ["Line:", .StartLine, "Column:", .StartColumn, "--------------"]' | tr -d '[],""' 120 | 121 | 122 | # Hadolint to check dockerfiles syntax 123 | Hadolint: 124 | needs: [] 125 | image: hadolint/hadolint:latest-debian 126 | stage: scanners 127 | allow_failure: false 128 | script: 129 | - hadolint Dockerfile 130 | - hadolint Dockerfile.dev 131 | rules: 132 | - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' 133 | when: never 134 | - changes: 135 | - Dockerfile* 136 | 137 | 138 | # Yamllint to check yaml files syntax 139 | Yamllint: 140 | needs: [] 141 | image: 142 | name: public.ecr.aws/**/codica:yamllint 143 | entrypoint: [""] 144 | stage: scanners 145 | allow_failure: false 146 | script: 147 | - rm -rf spec 148 | - yamllint . 149 | rules: 150 | - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' 151 | when: never 152 | - changes: 153 | - "**/*.yml" 154 | - "**/*.yaml" 155 | 156 | 157 | # Rspec tests 158 | rspec: 159 | stage: tests 160 | image: $REGISTRY_IMAGE 161 | needs: [Build | Staging] 162 | variables: 163 | DB_HOST: postgres 164 | DB_USERNAME: postgres 165 | DB_PASSWORD: $DB_PASSWORD 166 | DB_PORT: 5432 167 | REDIS_URL: "redis://redis:6379" 168 | script: 169 | - bundle exec rails db:migrate RAILS_ENV=test 170 | - bundle exec rspec 171 | except: 172 | - master 173 | 174 | 175 | # We use Kaniko as main image builder 176 | Build: 177 | stage: build 178 | image: 179 | name: gcr.io/kaniko-project/executor:debug 180 | entrypoint: [""] 181 | except: 182 | - master 183 | before_script: 184 | - mkdir -p /kaniko/.docker 185 | - echo "{\"credHelpers\":{\"$AWS_REGISTRY_URL\":\"ecr-login\"}}" > /kaniko/.docker/config.json 186 | script: 187 | - /kaniko/executor --destination "${REGISTRY_IMAGE}" 188 | --build-arg RAILS_MASTER_KEY=${RAILS_MASTER_KEY} # if we need to use RAILS_MASTER_KEY to build our app 189 | --context "${CI_PROJECT_DIR}" 190 | --dockerfile "${CI_PROJECT_DIR}/Dockerfile" 191 | 192 | 193 | # Deploy application to staging or production environment 194 | Deploy: 195 | stage: deploy 196 | variables: 197 | ASG_NAME: $ASG_STAGE 198 | CLUSTER_NAME: $ECS_CLUSTER_STAGING 199 | SERVICE_NAME: $SERVICE_STAGING 200 | AWS_REGION: $AWS_REGION 201 | REGISTRY_IMAGE: $REGISTRY_IMAGE_ID 202 | only: 203 | - develop 204 | <<: *registry_auth 205 | script: 206 | - aws ecs update-service --cluster $ECS_CLUSTER_STAGING --service $ECS_SERVICE_STAGING --force-new-deployment 207 | # We use sentry to push our release to our sentry account 208 | - VERSION=$(sentry-cli releases propose-version) && sentry-cli releases -o $SENTRY_ORG new -p $SENTRY_PROJECT $VERSION 209 | - sentry-cli releases -o $SENTRY_ORG -p $SENTRY_PROJECT --auth-token $SENTRY_AUTH_TOKEN set-commits --auto $VERSION 210 | environment: 211 | name: Staging 212 | ``` 213 | 214 | ### Push .gitlab-ci.yml to GitLab 215 | 216 | Once you’ve created .gitlab-ci.yml, you should add it to your Git repository and push it to GitLab. 217 | 218 | ``` 219 | git add .gitlab-ci.yml 220 | git commit -m "Add .gitlab-ci.yml" 221 | git push origin master 222 | ``` 223 | 224 | ### Configuring a Runner 225 | 226 | In GitLab, Runners run the jobs that you define in .gitlab-ci.yml. A Runner can be a virtual machine, a VPS, a bare-metal machine, a docker container or even a cluster of containers. GitLab and the Runners communicate through an API, so the only requirement is that the Runner’s machine has network access to the GitLab server. 227 | 228 | A Runner can be specific to a certain project or serve multiple projects in GitLab. If it serves all projects it’s called a Shared Runner. 229 | 230 | Find more information about different [Runners](https://docs.gitlab.com/ee/ci/runners/README.html) in the Runners documentation. 231 | 232 | ## Regular pipeline graphs 233 | 234 | Regular pipeline graphs show the names of the jobs of each stage. Regular pipeline graphs can be found when you are on a single pipeline page. For example: 235 | ![pipline](gitlab-ci1.png) 236 | 237 | ## Status of your pipeline and jobs 238 | 239 | After configuring the Runner successfully, you should see the status of your last commit change from pending to either running, success or failed. 240 | 241 | ![status](job-status1.png) 242 | 243 | By clicking on a job’s status, you will be able to see the log of that job. This is important to diagnose why a job failed or acted differently than you expected. 244 | 245 | ![error-log](job-log.png) 246 | 247 | ## Examples 248 | 249 | Visit the [examples README](https://docs.gitlab.com/ee/ci/examples/README.html) to see a list of examples using GitLab CI with various languages. 250 | 251 | ## License 252 | 253 | Copyright © 2015-2022 Codica. It is released under the [MIT License](https://opensource.org/licenses/MIT). 254 | 255 | ## About Codica 256 | 257 | [![Codica logo](https://www.codica.com/assets/images/logo/logo.svg)](https://www.codica.com) 258 | 259 | The names and logos for Codica are trademarks of Codica. 260 | 261 | We love open source software! See [our other projects](https://github.com/codica2) or [hire us](https://www.codica.com/) to design, develop, and grow your product. 262 | -------------------------------------------------------------------------------- /gitlab-ci1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codica2/gitlab-ci-configuration/e5b3c4f4e05807b2baeac0162d06901cf09fe1ca/gitlab-ci1.png -------------------------------------------------------------------------------- /gitlab.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codica2/gitlab-ci-configuration/e5b3c4f4e05807b2baeac0162d06901cf09fe1ca/gitlab.jpg -------------------------------------------------------------------------------- /job-log.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codica2/gitlab-ci-configuration/e5b3c4f4e05807b2baeac0162d06901cf09fe1ca/job-log.png -------------------------------------------------------------------------------- /job-status.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codica2/gitlab-ci-configuration/e5b3c4f4e05807b2baeac0162d06901cf09fe1ca/job-status.png -------------------------------------------------------------------------------- /job-status1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codica2/gitlab-ci-configuration/e5b3c4f4e05807b2baeac0162d06901cf09fe1ca/job-status1.png --------------------------------------------------------------------------------