Pipeline editor
Edit
Visualize
Lint
Full configuration
ⓘ Pipeline Change Notes
{fill}
| 1 | # CI/CD pipeline for securenet/platform-api |
| 2 | # Maintained by DevOps · Last reviewed 2026-04-01 |
| 3 | |
| 4 | image: docker:24.0.5 |
| 5 | |
| 6 | variables: |
| 7 | DOCKER_REGISTRY: registry.gitlab.com/securenet/platform-api |
| 8 | APP_IMAGE: $DOCKER_REGISTRY/app |
| 9 | PYTHON_VERSION: "3.11" |
| 10 | DEPLOY_ENV: staging |
| 11 | SAST_EXCLUDED_PATHS: spec, test, vendor |
| 12 | |
| 13 | stages: |
| 14 | - test |
| 15 | - build |
| 16 | - docker |
| 17 | - deploy |
| 18 | |
| 19 | # ── test stage ────────────────────────────────────── |
| 20 | |
| 21 | unit-tests: |
| 22 | stage: test |
| 23 | image: python:3.11-slim |
| 24 | script: |
| 25 | - pip install -r requirements-dev.txt |
| 26 | - pytest tests/unit/ --cov=app --cov-report=xml |
| 27 | coverage: '/TOTAL.*\s+(\d+%)$/' |
| 28 | artifacts: |
| 29 | reports: |
| 30 | coverage_report: |
| 31 | coverage_format: cobertura |
| 32 | path: coverage.xml |
| 33 | |
| 34 | integration-tests: |
| 35 | stage: test |
| 36 | image: python:3.11-slim |
| 37 | services: |
| 38 | - postgres:15-alpine |
| 39 | - redis:7-alpine |
| 40 | variables: |
| 41 | DATABASE_URL: postgresql://postgres:test@postgres/platform_api_test |
| 42 | REDIS_URL: redis://redis:6379/0 |
| 43 | script: |
| 44 | - pip install -r requirements-dev.txt |
| 45 | - pytest tests/integration/ -v |
| 46 | |
| 47 | # ── build stage ───────────────────────────────────── |
| 48 | |
| 49 | build-app: |
| 50 | stage: build |
| 51 | image: python:3.11-slim |
| 52 | script: |
| 53 | - pip install build |
| 54 | - python -m build --wheel |
| 55 | artifacts: |
| 56 | paths: |
| 57 | - dist/ |
| 58 | expire_in: 1 week |
| 59 | only: |
| 60 | - main |
| 61 | |
| 62 | # ── docker stage ──────────────────────────────────── |
| 63 | |
| 64 | build-docker-image: |
| 65 | stage: docker |
| 66 | services: |
| 67 | - docker:dind |
| 68 | variables: |
| 69 | DOCKER_TLS_CERTDIR: "/certs" |
| 70 | before_script: |
| 71 | - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY |
| 72 | script: |
| 73 | - docker build -t $APP_IMAGE:$CI_COMMIT_SHA -t $APP_IMAGE:latest . |
| 74 | - docker push $APP_IMAGE:$CI_COMMIT_SHA |
| 75 | - docker push $APP_IMAGE:latest |
| 76 | only: |
| 77 | - main |
| 78 | |
| 79 | # ── deploy stage ──────────────────────────────────── |
| 80 | |
| 81 | deploy-staging: |
| 82 | stage: deploy |
| 83 | environment: |
| 84 | name: staging |
| 85 | url: https://staging.platform-api.securenet.io |
| 86 | script: |
| 87 | - helm upgrade --install platform-api ./helm --set image.tag=$CI_COMMIT_SHA |
| 88 | - kubectl rollout status deployment/platform-api -n staging |
| 89 | only: |
| 90 | - main |
| 91 | |
| 92 | deploy-production: |
| 93 | stage: deploy |
| 94 | environment: |
| 95 | name: production |
| 96 | url: https://api.securenet.io |
| 97 | script: |
| 98 | - helm upgrade platform-api ./helm --set image.tag=$CI_COMMIT_SHA --set env=prod |
| 99 | - kubectl rollout status deployment/platform-api -n production |
| 100 | when: manual |
| 101 | only: |
| 102 | - main |
#2847
Duration: 4m 32s
test
→
build
→
docker
→
deploy
CI/CD Variables
| Key | Value | Type | Scope |
|---|---|---|---|
| CI_REGISTRY_USER | ••••••••• | Variable | All |
| CI_REGISTRY_PASSWORD | ••••••••• | Variable | All |
| KUBE_CONFIG_STAGING | ••••••••• | File | staging |
| KUBE_CONFIG_PROD | ••••••••• | File | production |
| SENTRY_DSN | ••••••••• | Variable | All |