diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 28a29f2477c8225d0b0a241a15af2f6721132ad9..5b96d7f6ebd40f86af7b69377b63298ea0cbec9a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,9 +1,7 @@
default:
before_script:
- set -e
- # env -0 | sort -z | tr '\0' '\n': Sort env output alphabetically, keeping multiline variables intact
- # egrep: Remove sensitive information from the output of env
- #- env -0 | sort -z | tr '\0' '\n' | egrep -ve '^(DOCKER_AUTH_CONFIG|GOOGLE_APPLICATION_CREDENTIALS)=.*'
+ # DANGER don't use `set -x` or print the environment via e.g. `env` in pipeline runs, this might leak credentials (has leaked them)
interruptible: true
tags:
- 1cpu-4gb # build on smaller machine
@@ -49,7 +47,7 @@ variables:
## common steps
cache_lint_test:
- image: 'europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/denoland/deno:2.2.3'
+ image: 'europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/denoland/deno:2.2.5'
stage: 'test'
script:
- deno cache --allow-import --lock=deno.lock app/deps.ts app/dev_deps.ts
@@ -156,14 +154,16 @@ staging_deploy:
url: https://staging.notifications.apis.holi.social
variables:
ENVIRONMENT_ID: staging
- only:
- - main
+ rules:
+ - if: $CI_COMMIT_BRANCH == "main"
+ when: on_success
staging_smoketest:
extends: .smoketest
needs: ['staging_deploy']
- only:
- - main
+ rules:
+ - if: $CI_COMMIT_BRANCH == "main"
+ when: on_success
resource_group: unified-api-staging
staging_trigger_unified-api_redeployment:
@@ -174,8 +174,9 @@ staging_trigger_unified-api_redeployment:
forward:
yaml_variables: false
pipeline_variables: false
- only:
- - main
+ rules:
+ - if: $CI_COMMIT_BRANCH == "main"
+ when: on_success
## production environment
@@ -189,14 +190,16 @@ production_deploy:
url: https://production.notifications.apis.holi.social
variables:
ENVIRONMENT_ID: production
- only:
- - production
+ rules:
+ - if: $CI_COMMIT_BRANCH == "production"
+ when: on_success
production_smoketest:
extends: .smoketest
needs: ['production_deploy']
- only:
- - production
+ rules:
+ - if: $CI_COMMIT_BRANCH == "production"
+ when: on_success
production_trigger_unified-api_redeployment:
needs: ['production_smoketest']
@@ -206,6 +209,7 @@ production_trigger_unified-api_redeployment:
forward:
yaml_variables: false
pipeline_variables: false
- only:
- - production
+ rules:
+ - if: $CI_COMMIT_BRANCH == "production"
+ when: on_success
resource_group: unified-api-production
diff --git a/Dockerfile b/Dockerfile
index 7524a817285062e60bd536caea9b4c7b4bbbae35..7f212e8178b46699139e3ee68f5a83b5d3c3025d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/denoland/deno:2.2.3
+FROM europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/denoland/deno:2.2.5
# The port that your application listens to.
EXPOSE 8005
diff --git a/terraform/common/init.tf b/terraform/common/init.tf
index 2f36d7747f935b4f75a92912a97bd7830d80d431..7cdc4f265fab44bbed7dd527dd5a75760ac49614 100644
--- a/terraform/common/init.tf
+++ b/terraform/common/init.tf
@@ -4,11 +4,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "6.24.0"
+ version = "6.25.0"
}
google-beta = {
source = "hashicorp/google-beta"
- version = "6.24.0"
+ version = "6.25.0"
}
}
backend "gcs" {
diff --git a/terraform/environments/init.tf b/terraform/environments/init.tf
index 8d82ffa250e9d842b0c34bcf82c56d34ca467e81..034ba4454d8a56c503aac779a3753fc065ae9c5b 100644
--- a/terraform/environments/init.tf
+++ b/terraform/environments/init.tf
@@ -4,11 +4,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "6.24.0"
+ version = "6.25.0"
}
google-beta = {
source = "hashicorp/google-beta"
- version = "6.24.0"
+ version = "6.25.0"
}
}
backend "gcs" {