Run CI in GitLab

.gitlab-ci.yml

@@ -6,7 +6,26 @@
 variables:
   ECR_REGISTRY: '${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com'
   IDP_WORKER_IMAGE_TAG: 'main'
+  PIVCAC_CI_SHA: 'sha256:87767eb8daa6703c247d5a4baa5e19eddc58bc051f01070903f24d9f8a6c9267'
+
+default:
+  image: '${ECR_REGISTRY}/pivcac/ci@${PIVCAC_CI_SHA}'
+
+.bundle_install: &bundle_install
+  - bundle check || bundle install --deployment --jobs=4 --retry=3 --without deploy development doc production --path vendor/ruby
+
+.build_cache:
+  - &ruby_cache
+    key:
+      files:
+        - Gemfile.lock
+    paths:
+      - vendor/ruby
+    policy: pull
+
 stages:
+  - build
+  - test
   - review
   - scan
 
@@ -19,6 +38,102 @@ workflow:
     - if: '$CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "stages/prod"'
     - if: '$CI_MERGE_REQUEST_IID || $CI_EXTERNAL_PULL_REQUEST_IID'
 
+install:
+  stage: build
+  variables:
+    RAILS_ENV: test
+  cache:
+    - <<: *ruby_cache
+      policy: pull-push
+
+  script:
+    - echo "'$CI_PIPELINE_SOURCE'"
+    - echo "'$CI_MERGE_REQUEST_IID'"
+    - echo "'$CI_EXTERNAL_PULL_REQUEST_IID'"
+    - echo 'ok'
+    - *bundle_install
+
+specs:
+  stage: test
+  cache:
+    - <<: *ruby_cache
+  variables:
+    COVERAGE: 'true'
+    DOCKER_DB_HOST: db-postgres
+    POSTGRES_DB: identity_idp_test
+    POSTGRES_USER: postgres_user
+    POSTGRES_PASSWORD: postgres_password
+    POSTGRES_HOST_AUTH_METHOD: trust
+    RAILS_ENV: test
+  services:
+    - name: postgres:13.9
+      alias: db-postgres
+      command: ['--fsync=false', '--synchronous_commit=false', '--full_page_writes=false']
+    - name: redis:7.0
+      alias: db-redis
+  artifacts:
+    expire_in: 31d
+    when: always
+    paths:
+      - coverage/
+      - rspec.xml
+      - rspec.json
+    reports:
+      junit: rspec.xml
+  script:
+    - *bundle_install
+    - "echo -e \"test:\n  nonce_bloom_filter_server: 'redis://redis:6379/0'\" > config/application.yml"
+    - bundle exec rake db:setup --trace
+    - bundle exec rspec --format documentation --format RspecJunitFormatter --out rspec.xml --format json --out rspec.json
+
+lint:
+  stage: test
+  cache:
+    - <<: *ruby_cache
+  script:
+    - *bundle_install
+    - make lint
+
+check_certificate_bundle:
+  stage: test
+  cache:
+    - <<: *ruby_cache
+  variables:
+    DOCKER_DB_HOST: db-postgres
+    POSTGRES_DB: identity_idp_test
+    POSTGRES_USER: postgres_user
+    POSTGRES_PASSWORD: postgres_password
+    POSTGRES_HOST_AUTH_METHOD: trust
+    RAILS_ENV: test
+  services:
+    - name: postgres:13.9
+      alias: db-postgres
+      command: ['--fsync=false', '--synchronous_commit=false', '--full_page_writes=false']
+  script:
+    - *bundle_install
+    - bundle exec rake db:setup --trace
+    - bundle exec rake certs:check_certificate_bundle
+
+check_expiring_certificates:
+  stage: test
+  cache:
+    - <<: *ruby_cache
+  variables:
+    DOCKER_DB_HOST: db-postgres
+    POSTGRES_DB: identity_idp_test
+    POSTGRES_USER: postgres_user
+    POSTGRES_PASSWORD: postgres_password
+    POSTGRES_HOST_AUTH_METHOD: trust
+    RAILS_ENV: test
+  services:
+    - name: postgres:13.9
+      alias: db-postgres
+      command: ['--fsync=false', '--synchronous_commit=false', '--full_page_writes=false']
+  script:
+    - *bundle_install
+    - bundle exec rake db:setup --trace
+    - bundle exec rake certs:print_expiring
+
 # Build a container image async, and don't block CI tests
 # Cache intermediate images for 1 week (168 hours)
 build-pivcac-image:

Gemfile

@@ -43,6 +43,7 @@ group :test do
   gem 'factory_bot_rails', '>= 5.2.0'
   gem 'fakefs', require: 'fakefs/safe'
   gem 'rails-controller-testing', '>= 1.0.4'
+  gem 'rspec_junit_formatter'
   gem 'shoulda-matchers', '~> 3.1', '>= 3.1.3', require: false
   gem 'simplecov', '>= 0.13.0'
   gem 'timecop'

Gemfile.lock

@@ -135,7 +135,7 @@ GEM
     descendants_tracker (0.0.4)
       thread_safe (~> 0.3, >= 0.3.1)
     diff-lcs (1.5.0)
-    docile (1.1.5)
+    docile (1.4.0)
     dumb_delegator (0.8.1)
     equalizer (0.0.11)
     erubi (1.12.0)
@@ -306,6 +306,8 @@ GEM
       rspec-mocks (~> 3.9)
       rspec-support (~> 3.9)
     rspec-support (3.10.3)
+    rspec_junit_formatter (0.6.0)
+      rspec-core (>= 2, < 4, != 2.12.0)
     rubocop (1.50.1)
       json (~> 2.3)
       parallel (~> 1.10)
@@ -331,11 +333,12 @@ GEM
     shellany (0.0.1)
     shoulda-matchers (3.1.3)
       activesupport (>= 4.0.0)
-    simplecov (0.13.0)
-      docile (~> 1.1.0)
-      json (>= 1.8, < 3)
-      simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.2)
+    simplecov (0.22.0)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.12.3)
+    simplecov_json_formatter (0.1.4)
     sprockets (4.2.0)
       concurrent-ruby (~> 1.0)
       rack (>= 2.2.4, < 4)
@@ -399,6 +402,7 @@ DEPENDENCIES
   redacted_struct (~> 1.0)
   rgl
   rspec-rails (>= 3.8.3)
+  rspec_junit_formatter
   rubocop
   rubocop-performance (~> 1.17)
   rubocop-rails (>= 2.19.0)

config/database.yml

@@ -25,6 +25,9 @@ development:
 
 test:
   <<: *defaults
+  database: <%= ENV['POSTGRES_DB'] || "identity_pki_#{Rails.env}" %>
+  user: <%= ENV['POSTGRES_USER'] %>
+  password: <%= ENV['POSTGRES_PASSWORD'] %>
 
 production:
   <<: *defaults

spec/spec_helper.rb

@@ -1,8 +1,19 @@
 if ENV['COVERAGE']
   require 'simplecov'
   SimpleCov.start 'rails' do
+    track_files '{app,lib}/**/*.rb'
+
+    add_group 'Controllers', 'app/controllers'
+    add_group 'Services', 'app/services'
+    add_group 'Helpers', 'app/helpers'
+    add_group 'Models', 'app/models'
     add_filter '/config/'
     add_filter '/k8files/'
+    add_filter %r{^/spec/}
+    add_filter '/vendor/bundle/'
+    add_filter %r{^/db/}
+    add_filter %r{^/\.gem/}
+    add_filter %r{/vendor/ruby/}
   end
 end