159 lines
5.7 KiB
YAML
159 lines
5.7 KiB
YAML
# commit_sha 文件记录上一次成功流水线的commit sha,用于定时计划检测是否有新代码提交,有就执行流水线,没有就终止流水线
|
||
cache:
|
||
# 不同的分支采用不同的 cache,防止分支之间相互影响
|
||
key: "${CI_COMMIT_REF_SLUG}_commit_sha"
|
||
paths:
|
||
- commit_sha
|
||
policy: pull
|
||
|
||
# 将打包&发送apk包邮件job 和代码分析job 并行执行
|
||
stages:
|
||
- build&analyze
|
||
- oss-upload&send-email
|
||
- ci_sonar_mail
|
||
|
||
# 阻止了 合并请求 或 push(分支和标签)的流水线。 最后的 when: always 规则运行所有其他流水线类型,包括定时计划流水线。
|
||
workflow:
|
||
rules:
|
||
- if: '$CI_PIPELINE_SOURCE == "push"'
|
||
when: always
|
||
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
|
||
when: never
|
||
- when: always
|
||
|
||
before_script:
|
||
# 检查是否存在 commit_sha 文件
|
||
- if [ -f commit_sha ]; then cat commit_sha; else echo "0000000" > commit_sha; fi
|
||
- export BEFORE_COMMIT_SHA=$(cat commit_sha)
|
||
# 比较commit sha ,若与上一次成功流水线的commit sha 相同,则退出流水线
|
||
- if [ "$CI_COMMIT_SHA" == "$BEFORE_COMMIT_SHA" ] && [ "$CI_PIPELINE_SOURCE" != "web" ]; then exit 137; fi
|
||
|
||
# 使用 .post 阶段使作业在流水线的末尾运行。.post 始终是流水线的最后阶段。
|
||
change_commit:
|
||
tags:
|
||
- offline-test
|
||
stage: .post
|
||
# 此job 跳过拉取git代码
|
||
variables:
|
||
GIT_STRATEGY: none
|
||
script:
|
||
# 更新 commit_sha
|
||
- if [ "$CI_COMMIT_SHA" != "$BEFORE_COMMIT_SHA" ]; then echo $CI_COMMIT_SHA > commit_sha; fi
|
||
cache:
|
||
# 不同的分支采用不同的 cache,防止分支之间相互影响
|
||
key: "${CI_COMMIT_REF_SLUG}_commit_sha"
|
||
paths:
|
||
- commit_sha
|
||
policy: pull-push
|
||
allow_failure:
|
||
exit_codes: 137
|
||
|
||
android_build:
|
||
tags:
|
||
# - local-runner
|
||
- offline-test
|
||
stage: build&analyze
|
||
image: hub.shanqu.cc/library/ci-android:jdk11-sdk31-33
|
||
resource_group: android_build
|
||
variables:
|
||
GIT_SUBMODULE_STRATEGY: recursive
|
||
KUBERNETES_CPU_LIMIT: "10"
|
||
script:
|
||
- export GRADLE_USER_HOME=/home/gitlab-runner/ci-build-cache/$CI_PROJECT_PATH/.gradle
|
||
- chmod +x ./gradlew
|
||
- ./scripts/jenkins_build.sh $CI_COMMIT_REF_NAME $BEFORE_COMMIT_SHA $CI_COMMIT_SHA
|
||
#设置打包后的产物,用于job之间共享
|
||
artifacts:
|
||
paths:
|
||
- app/build/tmp/*.apk
|
||
expire_in: 48 hrs # 指定附件上载后保存的时间24h,默认永久在Gitlab保存
|
||
allow_failure:
|
||
exit_codes: 137
|
||
only:
|
||
- dev
|
||
- release
|
||
|
||
# 代码检查
|
||
sonarqube_analysis:
|
||
tags:
|
||
- offline-test
|
||
stage: build&analyze
|
||
image: hub.shanqu.cc/library/sonar-scanner-cli:latest
|
||
dependencies: [] #禁止传递来的artifact
|
||
script:
|
||
## 获取项目的一级组和二级组和项目名作为projectKey,例如projectKey=platform-backend-eci-monitor
|
||
- group=`echo $CI_PROJECT_PATH | sed 's#/#-#g'`
|
||
- sonar-scanner
|
||
-Dsonar.host.url=http://sonarqube-server.sonarqube:9000/
|
||
-Dsonar.login=be43de7264ce4c4766eb0c020373c3e74e6df257
|
||
-Dsonar.jacoco.reportPaths=target/jacoco.exec
|
||
-Dsonar.projectKey=$group
|
||
-Dsonar.projectName=$CI_PROJECT_PATH
|
||
-Dsonar.sourceEncoding=UTF-8
|
||
-Dsonar.exclusions=**/vendor/**,**/errcode/**
|
||
-Dsonar.gitlab.project_id=$CI_PROJECT_ID
|
||
-Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA
|
||
-Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
|
||
-Dsonar.gitlab.ci_merge_request_iid=$CI_MERGE_REQUEST_IID
|
||
-Dsonar.gitlab.merge_request_discussion=true
|
||
-Dsonar.java.binaries=.
|
||
-Dsonar.branch.name=$CI_COMMIT_REF_NAME
|
||
allow_failure:
|
||
exit_codes: 137
|
||
only:
|
||
- dev
|
||
- release
|
||
|
||
## 发送简易检测结果报告
|
||
send_sonar_report:
|
||
tags:
|
||
- offline-test
|
||
stage: ci_sonar_mail
|
||
image: hub.shanqu.cc/library/docker:latest
|
||
# 此job 跳过拉取git代码
|
||
variables:
|
||
GIT_STRATEGY: none
|
||
script:
|
||
- group=`echo $CI_PROJECT_PATH | sed 's#/#-#g'`
|
||
- docker run -e PROJECTKEY=$group -e EMAIL=$GITLAB_USER_EMAIL -e BRANCH=$CI_COMMIT_REF_NAME --name send-email --rm hub.shanqu.cc/platform/send-sonar-report:latest
|
||
allow_failure:
|
||
exit_codes: 137
|
||
only:
|
||
- dev
|
||
- release
|
||
|
||
oss-upload&send-email:
|
||
tags:
|
||
- sysadm-devops
|
||
stage: oss-upload&send-email
|
||
image: hub.shanqu.cc/devops/android-apk-oss-upload:latest
|
||
id_tokens:
|
||
VAULT_ID_TOKEN:
|
||
aud: https://vault.shanqu.cc
|
||
variables:
|
||
GIT_STRATEGY: none
|
||
VAULT_ADDR: https://vault.shanqu.cc # 固定值
|
||
VAULT_SECRET_PATH: prod/devops/android-apk-oss-upload # 固定值
|
||
VAULT_ROLE: android-apk-oss-upload # 固定值
|
||
ENDPOINT: "tos-cn-guangzhou.ivolces.com" # 固定值
|
||
BUCKET: "sysadm-public" # 固定值
|
||
FILE_PATH: "app/build/tmp/" # APK 存放路径
|
||
Email_To_List: $EMAIL_TO_LIST # 邮件接受人列表
|
||
Email_Title: "光环助手 $CI_COMMIT_BRANCH" # 邮件标题
|
||
PIPELINE_ID: $CI_PIPELINE_ID # 流水线id
|
||
COMMIT_BRANCH: $CI_COMMIT_BRANCH # 提交分支
|
||
MAIL_MESSAGE: "[$CI_COMMIT_AUTHOR] $CI_COMMIT_MESSAGE"
|
||
needs:
|
||
- job: android_build
|
||
artifacts: true
|
||
script:
|
||
### 绑定上传参数 ###
|
||
|
||
- export OSS_PATH="release/dev/${CI_PROJECT_NAME}/$(date "+%Y/%m/%d")"
|
||
### 开启上传 ###
|
||
- /usr/local/bin/python /upload.py
|
||
### 发送邮件
|
||
- /usr/local/bin/python /ci-android-mail-jira-comment.py
|
||
only:
|
||
- dev
|
||
- release |