.drone.yml

---
kind: pipeline
name: python
trigger:
  event:
    exclude:
    - promote

services:
- name: postgres
  image: postgres:10-alpine
  ports:
  - 5432
  environment:
    POSTGRES_USER: postgres
    POSTGRES_DB: mrs
    POSTGRES_PASSWORD: test

steps:
- name: test
  image: yourlabs/python
  environment:
    DB_HOST: postgres
    DB_USER: postgres
    DB_NAME: test
    DB_PASSWORD: test
    XDG_CACHE_HOME: /drone/.cache
    venv: none
  cache:
    mount:
    - .cache
  commands:
  - ./do pip.dev
  - ./do py.test

- name: qa
  image: yourlabs/python
  commands:
  - HOME=$(pwd) venv=none ./do py.qa

- name: safety
  image: yourlabs/python
  commands:
  - safety check -r requirements.txt

- name: bandit
  image: yourlabs/python
  commands:
  - bandit -v -x commands,tests -r src

---
kind: pipeline
name: docker
trigger:
  event:
    exclude:
    - promote

volumes:
- name: docker
  host:
    path: /var/run/docker.sock

steps:
- name: build
  image: yourlabs/docker
  privileged: true
  volumes:
  - name: docker
    path: /var/run/docker.sock
  commands:
  - echo $DOCKER_PASS | docker login -u $DOCKER_USER --password-stdin
  - docker build
        --shm-size 512M
        -t $REPO:$DRONE_COMMIT
        --build-arg GIT_COMMIT=$DRONE_COMMIT
        .
  - docker push
        $REPO:$DRONE_COMMIT
  - docker tag
        $REPO:$DRONE_COMMIT
        $REPO:$DRONE_BRANCH
  - docker push
        $REPO:$DRONE_BRANCH
  environment:
    DOCKER_USER:
      from_secret: DOCKER_USER
    DOCKER_PASS:
      from_secret: DOCKER_PASS
    REPO: betagouv/mrs

---
kind: pipeline
name: js
trigger:
  event:
    exclude:
    - promote
steps:
- name: js-test
  image: node:10
  commands:
  - yarn install
  - yarn run test
  - npm install -g codecov
  - codecov --token $CODECOV_TOKEN -e $TOXENV
- name: js-qa
  image: node:10
  commands:
  - yarn install
  - yarn run lint

---
kind: pipeline
name: docs
trigger:
  event:
    exclude:
    - promote
steps:
- name: docs-qa
  image: yourlabs/python
  commands:
  - "tar -xzf .gitlab-cache.tar.gz -C / || true"
  - tox --sitepackages -e docs
  - "tar -czf .gitlab-cache.tar.gz /root/.cache/pip /root/.local || true"

---
kind: pipeline
name: acceptance
trigger:
  event:
    exclude:
    - promote

depends_on:
- docker

steps:
- name: webpack-acceptance
  image: "betagouv/mrs:${DRONE_COMMIT}"
  commands:
  - export HOST=localhost:8000
  - DEBUG=1 mrs migrate
  - "echo 'from institution.models import Institution; Institution.objects.create(finess=310000000, origin=\"http://$HOST\")' | DEBUG=1 mrs shell"
  - "cd /app && DEBUG=1 ALLOWED_HOSTS='*' mrs runserver $HOST &"
  - until curl $HOST; do sleep 1; done
  - "cd /app && node_modules/.bin/jest src/mrs/static/js/smoke.test.js"

---
kind: pipeline
name: deploy
depends_on:
- docker
steps:
- name: test deploy
  image: yourlabs/ansible
  environment:
    SECRET_KEY: notsecret
    ANSIBLE_FORCE_COLOR: "1"
    SLACK_TOKEN:
      from_secret: SLACK_TOKEN
    SSH_KEY:
      from_secret: SSH_KEY
    SSH_FINGERPRINTS:
      from_secret: SSH_FINGERPRINTS
  commands:
  - export HOST_SLUG="mrs-test-$(echo $DRONE_BRANCH | sed 's/[_/]/-/g')"
  - export HOST="$(echo $DRONE_BRANCH | sed 's/[_/]/-/g').test.staging.mrs.beta.gouv.fr"
  - mkdir -p ~/.ssh; echo "$SSH_KEY" > ~/.ssh/id_ed25519; echo "$SSH_FINGERPRINTS" > ~/.ssh/known_hosts; chmod 700 ~/.ssh; chmod 600 ~/.ssh/*
  - bigsudo roleup yourlabs.compose
  - bigsudo
    ./ansible/deploy.yml
    project=test-$DRONE_BRANCH
    lifetime=604800
    compose_django_image=betagouv/mrs:$DRONE_COMMIT
    compose=docker-compose.yml,docker-compose.maildev.yml,docker-compose.traefik.yml
    deploy@staging.mrs.beta.gouv.fr
    -v | tee out
  - grep unreachable=0 out
  - grep failed=0 out
  when:
    event:
      exclude:
      - promote
    branch:
      exclude:
      - master
      - staging
      - production

- name: staging
  image: yourlabs/ansible
  environment:
    HOST: staging.mrs.beta.gouv.fr
    HOST_SLUG: mrs-staging
    PROTO: https
    ANSIBLE_FORCE_COLOR: "1"
    SLACK_TOKEN:
      from_secret: SLACK_TOKEN
    SSH_KEY:
      from_secret: SSH_KEY
    SSH_FINGERPRINTS:
      from_secret: SSH_FINGERPRINTS
    STAGING_ENV:
      from_secret: STAGING_ENV
  commands:
  - mkdir -p ~/.ssh; echo "$SSH_KEY" > ~/.ssh/id_ed25519; echo "$SSH_FINGERPRINTS" > ~/.ssh/known_hosts; chmod 700 ~/.ssh; chmod 600 ~/.ssh/*
  - export $(echo $STAGING_ENV | xargs)
  - bigsudo
    ./ansible/deploy.yml
    home=/home/mrs-staging
    compose_django_image=betagouv/mrs:$DRONE_COMMIT
    compose=docker-compose.yml,docker-compose.maildev.yml,docker-compose.traefik.yml,docker-compose.persist.yml
    deploy@staging.mrs.beta.gouv.fr
    -v | tee out
  - grep unreachable=0 out
  - grep failed=0 out
  when:
    event:
      exclude:
      - promote
    branch:
    - master
    - staging

- name: ecole
  image: yourlabs/ansible
  environment:
    HOST: ecole.mrs.beta.gouv.fr
    HOST_SLUG: mrs-ecole
    PROTO: https
    ANSIBLE_FORCE_COLOR: "1"
    SLACK_TOKEN:
      from_secret: SLACK_TOKEN
    SSH_KEY:
      from_secret: SSH_KEY
    SSH_FINGERPRINTS:
      from_secret: SSH_FINGERPRINTS
    ECOLE_ENV:
      from_secret: ECOLE_ENV
  commands:
  - mkdir -p ~/.ssh; echo "$SSH_KEY" > ~/.ssh/id_ed25519; echo "$SSH_FINGERPRINTS" > ~/.ssh/known_hosts; chmod 700 ~/.ssh; chmod 600 ~/.ssh/*
  - export $(echo $ECOLE_ENV | xargs)
  - bigsudo
    ./ansible/deploy.yml
    home=/home/mrs-ecole
    compose_django_image=betagouv/mrs:$DRONE_COMMIT
    compose=docker-compose.yml,docker-compose.maildev.yml,docker-compose.traefik.yml,docker-compose.persist.yml
    deploy@staging.mrs.beta.gouv.fr
    -v | tee out
  - grep unreachable=0 out
  - grep failed=0 out
  when:
    event:
      exclude:
      - promote
    branch:
    - master
    - ecole

- name: production
  image: yourlabs/ansible
  when:
    event:
    - promote
    environment:
    - production
  environment:
    HOST: mrs.beta.gouv.fr
    HOST_SLUG: mrs-production
    ANSIBLE_FORCE_COLOR: "1"
    BASICAUTH_DISABLE: "1"
    PROTO: https
    SLACK_TOKEN:
      from_secret: SLACK_TOKEN
    SSH_KEY:
      from_secret: SSH_KEY
    SSH_FINGERPRINTS:
      from_secret: SSH_FINGERPRINTS
    PRODUCTION_ENV:
      from_secret: PRODUCTION_ENV
  commands:
  - mkdir -p ~/.ssh; echo "$SSH_KEY" > ~/.ssh/id_ed25519; echo "$SSH_FINGERPRINTS" > ~/.ssh/known_hosts; chmod 700 ~/.ssh; chmod 600 ~/.ssh/*
  - export $(echo $PRODUCTION_ENV | xargs)
  - bigsudo
    ./ansible/deploy.yml
    home=/home/mrs-production
    compose_django_image=betagouv/mrs:$DRONE_COMMIT
    compose=docker-compose.yml,docker-compose.traefik.yml,docker-compose.persist.yml
    deploy@mrs.beta.gouv.fr
    -v | tee out
  - grep unreachable=0 out
  - grep failed=0 out