# CI/CD pipeline for swagger-cli # Stages: test -> build -> release stages: - test - build - release variables: CARGO_HOME: ${CI_PROJECT_DIR}/.cargo RUSTFLAGS: "-D warnings" default: image: rust:1.93 cache: key: ${CI_COMMIT_REF_SLUG} paths: - .cargo/ - target/ # --------------------------------------------------------------------------- # Test stage # --------------------------------------------------------------------------- test:unit: stage: test script: - cargo test --lib rules: - if: $CI_PIPELINE_SOURCE == "merge_request_event" - if: $CI_COMMIT_BRANCH test:integration: stage: test script: - cargo test --test '*' rules: - if: $CI_PIPELINE_SOURCE == "merge_request_event" - if: $CI_COMMIT_BRANCH lint: stage: test script: - rustup component add rustfmt clippy - cargo fmt --check - cargo clippy --all-targets -- -D warnings rules: - if: $CI_PIPELINE_SOURCE == "merge_request_event" - if: $CI_COMMIT_BRANCH security:deps: stage: test script: - cargo install cargo-deny --locked - cargo install cargo-audit --locked - cargo deny check - cargo audit rules: - if: $CI_PIPELINE_SOURCE == "merge_request_event" - if: $CI_COMMIT_BRANCH allow_failure: false # --------------------------------------------------------------------------- # Build stage — cross-compile for 4 platform targets # --------------------------------------------------------------------------- .build-template: &build-template stage: build script: - rustup target add ${TARGET} - cargo build --release --target ${TARGET} - mkdir -p artifacts/ - cp target/${TARGET}/release/swagger-cli artifacts/swagger-cli-${TARGET} artifacts: paths: - artifacts/ expire_in: 1 week rules: - if: $CI_COMMIT_TAG build:aarch64-apple-darwin: <<: *build-template tags: - macos - arm64 variables: TARGET: aarch64-apple-darwin build:x86_64-apple-darwin: <<: *build-template tags: - macos - x86_64 variables: TARGET: x86_64-apple-darwin build:x86_64-unknown-linux-gnu: <<: *build-template variables: TARGET: x86_64-unknown-linux-gnu build:aarch64-unknown-linux-gnu: <<: *build-template before_script: - apt-get update -qq && apt-get install -y -qq gcc-aarch64-linux-gnu - export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc variables: TARGET: aarch64-unknown-linux-gnu # --------------------------------------------------------------------------- # Release stage — tag-only # --------------------------------------------------------------------------- release:artifacts: stage: release image: alpine:latest dependencies: - build:aarch64-apple-darwin - build:x86_64-apple-darwin - build:x86_64-unknown-linux-gnu - build:aarch64-unknown-linux-gnu before_script: - apk add --no-cache curl minisign coreutils script: - cd artifacts/ - sha256sum swagger-cli-* > SHA256SUMS - echo "${MINISIGN_SECRET_KEY}" > /tmp/minisign.key - minisign -S -s /tmp/minisign.key -m SHA256SUMS - rm -f /tmp/minisign.key # Upload all artifacts to GitLab Package Registry - | for file in swagger-cli-* SHA256SUMS SHA256SUMS.minisig; do curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" \ --upload-file "${file}" \ "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/swagger-cli/${CI_COMMIT_TAG}/${file}" done rules: - if: $CI_COMMIT_TAG artifacts: paths: - artifacts/ release:docker: stage: release image: docker:latest services: - docker:dind variables: DOCKER_TLS_CERTDIR: "/certs" script: - docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY} - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} -t ${CI_REGISTRY_IMAGE}:latest . - docker push ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} - docker push ${CI_REGISTRY_IMAGE}:latest rules: - if: $CI_COMMIT_TAG