-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
276 additions
and
174 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,110 +1,33 @@ | ||
| # Use the latest 2.1 version of CircleCI pipeline process engine. | ||
| # See: https://circleci.com/docs/configuration-reference | ||
| version: 2.1 | ||
|
|
||
| # Orbs - Reusable packages for use. | ||
| orbs: | ||
| docker: circleci/[email protected] | ||
| # heroku: circleci/[email protected] | ||
| # The maven orb contains a set of prepackaged circleci configuration you can use repeatedly in your configurations files. | ||
| # Orb commands and jobs help you with common scripting around a language/tool so you dont have to copy and paste it everywhere. | ||
| # See the orb documentation here: https://circleci.com/developer/orbs/orb/circleci/maven | ||
| maven: circleci/[email protected] | ||
| snyk: snyk/[email protected] | ||
|
|
||
| # Jobs - Set of instructions / functions. | ||
| # Define a job to be invoked later in a workflow. | ||
| # See: https://circleci.com/docs/jobs-steps/#jobs-overview & https://circleci.com/docs/configuration-reference/#jobs | ||
| jobs: | ||
| # build: # Job name. | ||
| build_and_test: # Job name. | ||
| # Specify the execution environment. You can specify an image from Docker Hub or use one of our convenience images from CircleCI's Developer Hub. | ||
| # See: https://circleci.com/docs/executor-intro/ & https://circleci.com/docs/configuration-reference/#executor-job | ||
| docker: # Environment. | ||
| # Specify the version you desire here. | ||
| # See: https://circleci.com/developer/images/image/cimg/base | ||
| - image: cimg/openjdk:21.0.2 | ||
| environment: | ||
| PGHOST: 127.0.0.1 | ||
| - image: cimg/postgres:16.2 | ||
| environment: | ||
| # This optional variable can be used to control the auth-method for host connections for all databases, all users, and all addresses. | ||
| # If unspecified then scram-sha-256 password authentication is used (in 14+; md5 in older releases). | ||
| # On an uninitialized database, this will populate pg_hba.conf via this approximate line: echo "host all all all $POSTGRES_HOST_AUTH_METHOD" >> pg_hba.conf | ||
| # See the PostgreSQL documentation on pg_hba.conf for more information about possible values and their meanings. | ||
| # It is not recommended to use trust since it allows anyone to connect without a password, even if one is set (like via POSTGRES_PASSWORD). | ||
| # For more information see the PostgreSQL documentation on Trust Authentication. | ||
| # If you set POSTGRES_HOST_AUTH_METHOD to trust, then POSTGRES_PASSWORD is not required. | ||
| # If you set this to an alternative value (such as scram-sha-256), you might need additional POSTGRES_INITDB_ARGS for the database | ||
| # to initialize correctly (such as POSTGRES_INITDB_ARGS=--auth-host=scram-sha-256). | ||
| # POSTGRES_HOST_AUTH_METHOD: trust | ||
| # This optional environment variable is used in conjunction with POSTGRES_PASSWORD to set a user and its password. | ||
| # This variable will create the specified user with superuser power and a database with the same name. | ||
| # If it is not specified, then the default user of postgres will be used. | ||
| # POSTGRES_USER: postgres | ||
| # This environment variable is required for you to use the PostgreSQL image. It must not be empty or undefined. | ||
| # This environment variable sets the superuser password for PostgreSQL. The default superuser is defined by the POSTGRES_USER environment variable. | ||
| # The PostgreSQL image sets up trust authentication locally so you may notice a password is not required when connecting from | ||
| # localhost (inside the same container). However, a password will be required if connecting from a different host/container. | ||
| # This variable defines the superuser password in the PostgreSQL instance, as set by the initdb script during initial container startup. | ||
| # It has no effect on the PGPASSWORD environment variable that may be used by the psql client at runtime, as described | ||
| # at https://www.postgresql.org/docs/14/libpq-envars.html. PGPASSWORD, if used, will be specified as a separate environment variable. | ||
| POSTGRES_PASSWORD: password | ||
| # This optional environment variable can be used to define a different name for the default database that is created when the image is first started. | ||
| # If it is not specified, then the value of POSTGRES_USER will be used. | ||
| POSTGRES_DB: the_review_room | ||
|
|
||
| # Add steps to the job. | ||
| # See: https://circleci.com/docs/jobs-steps/#steps-overview & https://circleci.com/docs/configuration-reference/#steps | ||
| steps: | ||
| - checkout # Check out source code to the working directory. | ||
| # - restore_cache: # Restore the saved cache after the first run or if `pom.xml` has changed. | ||
| # # Read about caching dependencies: https://circleci.com/docs/caching/ | ||
| # key: circleci-the-review-room-{{ checksum "pom.xml" }} | ||
| - run: | | ||
| echo "Installing dependencies..." | ||
| mvn dependency:go-offline # Get the project dependencies. Goal that resolves all project dependencies, including plugins and reports and their dependencies. | ||
| # - save_cache: # Save the project dependencies. | ||
| # paths: | ||
| # - ~/.m2 | ||
| # key: circleci-the-review-room-{{ checksum "pom.xml" }} | ||
|
|
||
| # Maven Build Lifecycle. | ||
| # validate - Validate the project is correct and all necessary information is available. | ||
| # compile - Compile the source code of the project. | ||
| # test - Test the compiled source code using a suitable unit testing framework. These tests should not require the code be packaged or deployed. | ||
| # package - Take the compiled code and package it in its distributable format, such as a JAR. | ||
| # verify - Run any checks on results of integration tests to ensure quality criteria are met. | ||
| # install - Install the package into the local repository, for use as a dependency in other projects locally. | ||
| # deploy - Done in the build environment, copies the final package to the remote repository for sharing with other developers and projects. | ||
| # These lifecycle phases (plus the other lifecycle phases not shown here) are executed sequentially to complete the default lifecycle. | ||
| # This means that calling the later lifecycle phases will run through all the earlier lifecycle phases sequentially. | ||
| - run: mvn verify # Build and run the tests. | ||
|
|
||
| - store_test_results: # Upload the test metadata from the `target/surefire-reports` directory so that it can show up in the CircleCI dashboard. | ||
| # Upload test results for display in Test Summary: https://circleci.com/docs/2.0/collect-test-data/ | ||
| path: target/surefire-reports | ||
|
|
||
| - store_artifacts: # Store the uber jar as an artifact. | ||
| # Upload test summary for display in Artifacts: https://circleci.com/docs/2.0/artifacts/ | ||
| path: target/the-review-room-0.0.1-SNAPSHOT.jar | ||
| # See https://circleci.com/docs/2.0/deployment-integrations/ for deploy examples. | ||
|
|
||
| # test: | ||
| # docker: # Environment. | ||
| # - image: cimg/openjdk:21.0.2 | ||
|
|
||
| # steps: | ||
| # - checkout | ||
| # - run: | | ||
| # echo "Installing dependencies..." | ||
| # echo "Running tests..." | ||
| # java --version | ||
|
|
||
| scan: | ||
| docker: | ||
| # - image: cimg/node:20.12.2 | ||
| # - image: cimg/node:current | ||
| - image: cimg/base:current | ||
|
|
||
| environment: # The environment allows us to create an environment for the job and allows us to create custom environment variables. | ||
|
|
@@ -121,154 +44,59 @@ jobs: | |
| severity-threshold: high # Only report vulnerabilities of provided level or higher (low/medium/high/critical). If param is not present, the default value is low. | ||
|
|
||
| publish: # Also known as the build-and-push. | ||
| executor: docker/docker # Define the execution environment in which the steps of a job will run. | ||
|
|
||
| executor: docker/docker # Define the execution environment in which the steps of a job will run.S | ||
| steps: | ||
| - checkout | ||
| - setup_remote_docker | ||
| - docker/check | ||
| - docker/build: # Build the image. | ||
| image: nhkhai/the-review-room | ||
| # tag: v1.0.1 | ||
| tag: latest # Consider setting this dynamically based on the tag using env vars or CircleCI parameters. | ||
| # tag: ${CIRCLE_TAG:-latest} # Use the tag name if triggered by a tag, otherwise use 'latest'. | ||
| - docker/push: # Pushes the image to the specified account in the environment variables. | ||
| image: nhkhai/the-review-room | ||
| # tag: v1.0.1 | ||
| tag: latest # Consider setting this dynamically based on the tag using env vars or CircleCI parameters. | ||
| # tag: ${CIRCLE_TAG:-latest} # Use the tag name if triggered by a tag, otherwise use 'latest'. | ||
|
|
||
| # deploy: | ||
| # docker: | ||
| # - image: cimg/node:20.12.2 | ||
| # | ||
| # steps: | ||
| # - checkout | ||
| # - setup_remote_docker | ||
| # - heroku/install | ||
| # - run: | ||
| # name: Heroku Container Push | ||
| # command: | | ||
| # heroku container:login | ||
| # heroku container:push web -a nhkhai-node-app-for-devops | ||
| # heroku container:release web -a nhkhai-node-app-for-devops | ||
| deploy: | ||
| docker: | ||
| # - image: cimg/deploy:2024.03 | ||
| # - image: cimg/deploy:2024.03-node | ||
| # - image: cimg/base:current-22.04 | ||
| - image: cimg/base:current | ||
|
|
||
| steps: | ||
| # - checkout | ||
| # - setup_remote_docker | ||
| - run: | ||
| name: Render Deploy Hook | ||
| command: | | ||
| curl "$RENDER_DEPLOY_HOOK_URL" | ||
| # Workflow - Defines what sequence will the jobs run. | ||
| # Orchestrate jobs using workflows. | ||
| # See: https://circleci.com/docs/workflows/ & https://circleci.com/docs/configuration-reference/#workflows | ||
| workflows: | ||
| ci_flow: # Workflow name. This is the name of the workflow, feel free to change it to better match your workflow. | ||
| # Inside the workflow, you define the jobs you want to run. | ||
| jobs: | ||
| # - build | ||
| # # - build: | ||
| # # filters: | ||
| # # branches: | ||
| # # only: | ||
| # # - main | ||
| # # ignore: | ||
| # # - release | ||
|
|
||
| # - test: | ||
| # requires: | ||
| # - build | ||
| # # filters: | ||
| # # branches: | ||
| # # only: | ||
| # # - main | ||
| # # ignore: | ||
| # # - release | ||
|
|
||
| - build_and_test: | ||
| filters: | ||
| branches: | ||
| ignore: | ||
| - release | ||
|
|
||
| # The Snyk security scan job. | ||
| - scan: | ||
| requires: | ||
| # - build | ||
| - build_and_test | ||
| # filters: | ||
| # branches: | ||
| # only: | ||
| # - main | ||
| # ignore: | ||
| # - release | ||
|
|
||
| - publish: | ||
| # Ensure that the dependency job(s) are able to run (watch out for branch filtering affecting this), else publish and deploy (depends on publish) will not run at all. | ||
| requires: | ||
| # - test | ||
| - build_and_test | ||
| - scan | ||
| filters: | ||
| # tags: | ||
| # only: /^v[0-9]+\.[0-9]+\.[0-9]+$/ # Ensure this job runs only for semantically versioned tags. This regex pattern matches semantic versioning tags (e.g., v1.0.0, v2.1.3). | ||
| branches: | ||
| # only: | ||
| # - release | ||
| ignore: | ||
| - develop | ||
| # - release | ||
|
|
||
| cicd_flow: | ||
| jobs: | ||
| - build_and_test: | ||
| filters: | ||
| branches: | ||
| only: | ||
| - release | ||
|
|
||
| # The Snyk security scan job. | ||
| - scan: | ||
| requires: | ||
| # - build | ||
| - build_and_test | ||
| # filters: | ||
| # branches: | ||
| # only: | ||
| # - main | ||
| # ignore: | ||
| # - release | ||
| # branches: | ||
| # only: | ||
| # - release | ||
|
|
||
| - publish: | ||
| # Ensure that the dependency job(s) are able to run (watch out for branch filtering affecting this), else publish and deploy (depends on publish) will not run at all. | ||
| requires: | ||
| # - test | ||
| - build_and_test | ||
| - scan | ||
| # filters: | ||
| # tags: | ||
| # only: /^v[0-9]+\.[0-9]+\.[0-9]+$/ # Ensure this job runs only for semantically versioned tags. This regex pattern matches semantic versioning tags (e.g., v1.0.0, v2.1.3). | ||
| # branches: | ||
| # only: | ||
| # - release | ||
|
|
||
| - deploy: | ||
| requires: | ||
| - publish | ||
| # filters: | ||
| # tags: | ||
| # only: /^v[0-9]+\.[0-9]+\.[0-9]+$/ # Ensure this job runs only for semantically versioned tags. This regex pattern matches semantic versioning tags (e.g., v1.0.0, v2.1.3). | ||
| # branches: | ||
| # only: | ||
| # - release | ||
| - publish | ||
Oops, something went wrong.