Update .gitlab-ci.yml file

.gitlab-ci.yml

@@ -1,101 +1,90 @@
 stages:
-  - test
+  - deploy
-  - scan
 
-cache:
+deploy-dev:
-  paths:
+  stage: deploy
-    - .sonar/cache
+  image: alpine:3.20
-    - .cache
-
-# ======================================================
-# 🧪 Step 1: Unit Test + Coverage
-# ======================================================
-unit_test:
-  stage: test
-  image: golang:1.23
-  services:
-    - name: redis:7-alpine
-      alias: redis
   variables:
-    REDIS_HOST: redis
+    DEPLOY_APP: "LTI-MBUGROUP"
-    REDIS_PORT: 6379
+    # Opsional: kalau pakai submodule, ini bikin clone submodule pakai SSH juga
-  script:
+    GIT_SUBMODULE_STRATEGY: recursive
-    - echo "🧪 Menjalankan unit test..."
+    GIT_DEPTH: "1"
-    - go mod tidy
-    - go test ./... -coverprofile=coverage.out || true
-    - go tool cover -func=coverage.out | tail -n 1
-  artifacts:
-    when: always
-    paths:
-      - coverage.out
-    expire_in: 1 week
-  only:
-    - devops-ec2
 
-# ======================================================
+  before_script:
-# 🔒 Step 2: Security Scan (Gosec)
+    - echo "🧰 Installing dependencies..."
-# ======================================================
+    - apk update && apk add --no-cache openssh git curl bash
-gosec_scan:
+
-  stage: scan
+    # Setup SSH di runner
-  image: golang:1.24
+    - mkdir -p ~/.ssh
-  script:
+    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
-    - apt-get update && apt-get install -y jq
+    - chmod 600 ~/.ssh/id_rsa
-    - go install github.com/securego/gosec/v2/cmd/gosec@latest
+    - eval "$(ssh-agent -s)"
-    - echo "🔍 Menjalankan scan keamanan dengan gosec..."
+    - ssh-add ~/.ssh/id_rsa
-    - gosec -fmt=json -out=gosec-report.json ./... || true
+
-    - echo "📄 Jumlah issue ditemukan:" && cat gosec-report.json | jq '.Issues | length'
+    # Trust host keys (server + gitlab) biar SSH gak nanya interaktif
-    # Konversi hasil gosec ke format SonarQube
+    - ssh-keyscan -H "$SERVER_IP" >> ~/.ssh/known_hosts
-    - |
+    - ssh-keyscan -H gitlab.com >> ~/.ssh/known_hosts
-      jq -r '.Issues[] | {
-        engineId: "gosec",
-        ruleId: .rule_id,
-        primaryLocation: {
-          message: .details,
-          filePath: .file,
-          textRange: {startLine: .line}
-        },
-        type: "VULNERABILITY",
-        severity: (if .severity == "HIGH" then "CRITICAL" elif .severity == "MEDIUM" then "MAJOR" else "MINOR" end)
-      }' gosec-report.json | jq -s '{issues: .}' > gosec-generic-report.json
-  artifacts:
-    when: always
-    paths:
-      - gosec-report.json
-      - gosec-generic-report.json
-    expire_in: 1 week
-  allow_failure: false
-  only:
-    - devops-ec2
 
-# ======================================================
-# 📊 Step 3: SonarQube Analysis
-# ======================================================
-sonarqube_analysis:
-  stage: scan
-  image: sonarsource/sonar-scanner-cli:latest
   script:
-    - apk add --no-cache jq
+    - echo "🚀 Deploying latest code to $SERVER_USER@$SERVER_IP"
-    - echo "🚀 Mengirim analisis ke SonarQube..."
+
-    - |
+    - >
-      sonar-scanner \
+      if ssh -o StrictHostKeyChecking=no "$SERVER_USER@$SERVER_IP" "
-        -Dsonar.projectKey=mbu-lti-backend \
+        set -e
-        -Dsonar.projectName="MBU LTI Backend" \
+
-        -Dsonar.sources=. \
+        cd /home/devops/docker/deployment/development/lti-api
-        -Dsonar.host.url=https://status.mbugroup.id/sonar \
+
-        -Dsonar.login=sqp_57fbffb8337608c331091dd1544569df613a2d3f \
+        # Pastikan remote origin SSH (antisipasi kalau pernah ke-set HTTPS)
-        -Dsonar.go.coverage.reportPaths=coverage.out \
+        git remote set-url origin git@gitlab.com:mbugroup/lti-api.git
-        -Dsonar.externalIssuesReportPaths=gosec-generic-report.json \
+
-        -Dsonar.sourceEncoding=UTF-8 \
+        # Pastikan server percaya gitlab.com juga (untuk git fetch via SSH)
-        -Dsonar.verbose=true
+        mkdir -p ~/.ssh
-  dependencies:
+        ssh-keyscan -H gitlab.com >> ~/.ssh/known_hosts
-    - unit_test
+
-    - gosec_scan
+        # Fetch/reset pakai SSH
-  artifacts:
+        GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=no' git fetch origin development
-    when: always
+        git reset --hard origin/development
-    paths:
+
-      - .scannerwork
+        docker compose restart dev-api-lti || docker compose up -d dev-api-lti
-      - coverage.out
+      "; then
-      - gosec-generic-report.json
+        STATUS='success';
-    expire_in: 1 week
+      else
+        STATUS='failed';
+      fi;
+
+      RUN_URL="${CI_PROJECT_URL}/-/pipelines/${CI_PIPELINE_ID}";
+
+      if [ "$STATUS" = "success" ]; then
+        COLOR=3066993;
+        TITLE="✅ Deployment API Succeeded";
+        DESC="Deployment job on branch \`${CI_COMMIT_REF_NAME}\` completed successfully.";
+      else
+        COLOR=15158332;
+        TITLE="❌ Deployment API Failed Gaes";
+        DESC="Deployment job on branch \`${CI_COMMIT_REF_NAME}\` failed.";
+      fi;
+
+      echo "{
+        \"username\": \"CI Bot\",
+        \"embeds\": [{
+          \"title\": \"$TITLE\",
+          \"description\": \"$DESC\",
+          \"color\": $COLOR,
+          \"fields\": [
+            {\"name\": \"Repository\", \"value\": \"${CI_PROJECT_PATH}\", \"inline\": true},
+            {\"name\": \"Actor\", \"value\": \"${GITLAB_USER_LOGIN}\", \"inline\": true},
+            {\"name\": \"Commit\", \"value\": \"${CI_COMMIT_SHA}\", \"inline\": false},
+            {\"name\": \"Pipeline\", \"value\": \"[Open run](${RUN_URL})\", \"inline\": false}
+          ]
+        }]
+      }" > payload.json;
+
+      echo "📡 Sending notification to Discord...";
+      curl -sS -H "Content-Type: application/json" \
+        -d @payload.json "$DISCORD_WEBHOOK_URL";
+
   only:
-    - devops-ec2
+    - development
+
+  environment:
+    name: development