我有一个声纳报告,如果质量门通过,那么它将运行到下一阶段并进行部署,如果质量门失败,则停止gitlab作业。但是在工作阶段,我们会有一个回滚,它将在失败时运行,因此在这种情况下,如果声纳失败,则会执行回滚。我想停止回滚执行。仅当我们具有部署失败工作阶段(基本上是声纳的下一个阶段)时,它才能运行。
image: maven-jdk-8
cache:
paths:
- ./.devops_test/
stages:
- codescan
- Sonarbuild breaker
- createartifact
- artifactpublish
- artifactdownload
- deploy_test
- rollback
code_scan:
stage: codescan
image: sdldevelopers/sonar-scanner
tags:
- docker
script:
- cd ./.devops_test
- java -jar SourceCode_Extract_V3.jar ../07-METADATA/metadata/ javascript_extracts/
- chmod 777 ../02-SHELL/stage-codescan.sh
- cd ..
- ./02-SHELL/stage-codescan.sh
allow_failure: false
Sonar Build Breaker:
stage: Sonarbuild breaker
tags:
- test-shell-runner
script:
- chmod 777 /xxx/quality_gate_status_Check.sh
- /xxx/quality_gate_status_Check.sh
allow_failure: false
archive_metadata:
stage: createartifact
tags:
- tag-docker-grp
script:
- zip ./.devops/lib/metadata.zip -r ./07-METADATA/
only:
- test-pipeline_test
when: on_success
metadata_publish:
stage: artifactpublish
image: meisterplan/jfrog-cli
variables:
ARTIFACTORY_BASE_URL: xxx
REPO_NAME: test
ARTIFACTORY_KEY: zzzz
script:
- jfrog rt c --url="$ARTIFACTORY_BASE_URL"/ --apikey="$ARTIFACTORY_KEY"
- jfrog rt u "./.devops/lib/my_metadata.zip" "$REPO_NAME"/test/test"$CI_PIPELINE_ID".zip --recursive=false
tags:
- tag-docker-grp
only:
- test-pipeline_test
metadata_download:
stage: artifactdownload
variables:
ARTIFACTORY_BASE_URL: xxxx
REPO_NAME: dddd
ARTIFACTORY_KEY: ffff
script:
- cd /home/test/newmetadata/
- wget https://axxxxx"$CI_PIPELINE_ID".zip
- mv test"$CI_PIPELINE_ID".zip test_metadata.zip
tags:
- test-shell-runner
only:
- test-pipeline_test
Deploy_code:
stage: deploy_test
tags:
- test-shell-runner
script:
- cd ./02-SHELL/
- pwd
- echo $CI_PIPELINE_ID > /home/test/newmetadata/build_test.txt
- echo $CI_PIPELINE_ID > /home/test/newmetadata/postbuild_test.txt
- ansible-playbook -i /etc/ansible/hosts deployment.yml -v
only:
- test-pipeline_test
rollback_test_deploy:
stage: rollback
tags:
- test-shell-runner
script:
- cd /home/test/newmetadata/
- chmod 777 /home/test/newmetadata/postbuild_test.txt
- previousbuild=$(cat /home/test/newmetadata/postbuild_test.txt)
- echo "previous successfull build is $previousbuild"
- wget xxx"$previousbuild".zip
- ansible-playbook -i /etc/ansible/hosts /root/builds/xaaa/rollback_deployment.yml -e "previousbuild=${previousbuild}" -vv
when: on_failure
答案 0 :(得分:1)
如果代码扫描成功,则可以标记文件:
code_scan:
artifacts:
paths:
- codescan_succeeded
stage: codescan
image: sdldevelopers/sonar-scanner
tags:
- docker
script:
- cd ./.devops_test
- java -jar SourceCode_Extract_V3.jar ../07-METADATA/metadata/ javascript_extracts/
- chmod 777 ../02-SHELL/stage-codescan.sh
- cd ..
- ./02-SHELL/stage-codescan.sh
# for further jobs down the pipeline mark this job as succeeded
- touch codescan_succeeded
如果代码扫描失败,则没有文件codescan_succeeded。在回滚作业中,检查文件是否存在。如果不存在,则可以中止回滚作业:
rollback_test_deploy:
stage: rollback
tags:
- test-shell-runner
script:
# if codescan did not succeed, no need to run the rollback
- if [ ! -f codescan_succeeded ]; then exit 0 fi
- cd /home/test/newmetadata/
- chmod 777 /home/test/newmetadata/postbuild_test.txt
- previousbuild=$(cat /home/test/newmetadata/postbuild_test.txt)
- echo "previous successfull build is $previousbuild"
- wget xxx"$previousbuild".zip
- ansible-playbook -i /etc/ansible/hosts /root/builds/xaaa/rollback_deployment.yml -e "previousbuild=${previousbuild}" -vv
when: on_failure
您不需要用allow_failure: false标记作业。这是默认值。