# Ordinis — build & push images. # Helm deploy живёт в terravault/ordinis-infra (downstream pipeline). stages: - test - build - publish - trigger-deploy variables: MAVEN_OPTS: "-Dmaven.repo.local=$CI_PROJECT_DIR/.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn" MAVEN_CLI_OPTS: "-B -ntp --batch-mode" IMAGE_TAG: $CI_COMMIT_SHORT_SHA REGISTRY: registry.k8s.265.nstart.local IMAGE_REPO: terravault cache: key: files: ["pom.xml"] paths: - .m2/repository # ---- TEST stage ---- maven-test: stage: test image: maven:3.9.9-eclipse-temurin-21 script: - mvn $MAVEN_CLI_OPTS verify artifacts: when: always reports: junit: '**/target/surefire-reports/TEST-*.xml' expire_in: 1 week # ---- BUILD stage (один общий mvn package для всех 4 jar'ов) ---- maven-package: stage: build image: maven:3.9.9-eclipse-temurin-21 script: - mvn $MAVEN_CLI_OPTS package -DskipTests artifacts: paths: - ordinis-app/target/*.jar - ordinis-read-api/target/*.jar - ordinis-projection-writer/target/*.jar - ordinis-migrations/target/*.jar - ordinis-migrations/src/main/resources/db/changelog/** expire_in: 1 day # ---- PUBLISH stage (4 image параллельно) ---- .docker-image-template: &docker-image stage: publish image: docker:27 services: [docker:27-dind] variables: DOCKER_TLS_CERTDIR: "/certs" # registry.k8s.265.nstart.local — internal insecure HTTP registry, без auth DOCKER_OPTS: "--insecure-registry=registry.k8s.265.nstart.local" before_script: # Если REGISTRY_USER/PASSWORD заданы — login. Иначе registry без auth (default для internal) - | if [ -n "$REGISTRY_USER" ] && [ -n "$REGISTRY_PASSWORD" ]; then echo "$REGISTRY_PASSWORD" | docker login $REGISTRY -u "$REGISTRY_USER" --password-stdin fi docker-app: <<: *docker-image script: - docker build -f ordinis-app/Dockerfile -t $REGISTRY/$IMAGE_REPO/ordinis-app:$IMAGE_TAG -t $REGISTRY/$IMAGE_REPO/ordinis-app:$CI_COMMIT_REF_SLUG . - docker push $REGISTRY/$IMAGE_REPO/ordinis-app --all-tags needs: [maven-package] docker-read-api: <<: *docker-image script: - docker build -f ordinis-read-api/Dockerfile -t $REGISTRY/$IMAGE_REPO/ordinis-read-api:$IMAGE_TAG -t $REGISTRY/$IMAGE_REPO/ordinis-read-api:$CI_COMMIT_REF_SLUG . - docker push $REGISTRY/$IMAGE_REPO/ordinis-read-api --all-tags needs: [maven-package] docker-projection-writer: <<: *docker-image script: - docker build -f ordinis-projection-writer/Dockerfile -t $REGISTRY/$IMAGE_REPO/ordinis-projection-writer:$IMAGE_TAG -t $REGISTRY/$IMAGE_REPO/ordinis-projection-writer:$CI_COMMIT_REF_SLUG . - docker push $REGISTRY/$IMAGE_REPO/ordinis-projection-writer --all-tags needs: [maven-package] docker-migrations: <<: *docker-image script: - docker build -f ordinis-migrations/Dockerfile -t $REGISTRY/$IMAGE_REPO/ordinis-migrations:$IMAGE_TAG -t $REGISTRY/$IMAGE_REPO/ordinis-migrations:$CI_COMMIT_REF_SLUG ordinis-migrations/ - docker push $REGISTRY/$IMAGE_REPO/ordinis-migrations --all-tags needs: [maven-package] # ---- TRIGGER DEPLOY: запускает downstream pipeline в ordinis-infra ---- trigger-deploy-dev: stage: trigger-deploy trigger: project: 2-6/2-6-4/terravault/ordinis-infra branch: main strategy: depend variables: UPSTREAM_IMAGE_TAG: $IMAGE_TAG DEPLOY_ENV: dev rules: - if: '$CI_COMMIT_BRANCH == "main"' trigger-deploy-staging: stage: trigger-deploy trigger: project: 2-6/2-6-4/terravault/ordinis-infra branch: main strategy: depend variables: UPSTREAM_IMAGE_TAG: $IMAGE_TAG DEPLOY_ENV: staging rules: - if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+-rc.*/' trigger-deploy-prod: stage: trigger-deploy trigger: project: 2-6/2-6-4/terravault/ordinis-infra branch: main strategy: depend variables: UPSTREAM_IMAGE_TAG: $IMAGE_TAG DEPLOY_ENV: prod rules: - if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+$/' when: manual