1+ # GitLab CI/CD Pipeline for Roo Code On-Premises
2+ #
3+ # 이 파이프라인은 온프레미스 Roo Code VS Code 확장을 빌드하고 배포합니다.
4+ # - 코드 품질 검사
5+ # - 외부 호출 차단 테스트
6+ # - VSIX 패키지 빌드
7+ # - 아티팩트 저장 및 배포
8+
9+ stages :
10+ - validate
11+ - test
12+ - build
13+ - package
14+ - deploy
15+
16+ variables :
17+ # Node.js 및 pnpm 설정
18+ NODE_VERSION : " 20.19.2"
19+ PNPM_VERSION : " 10.8.1"
20+
21+ # 온프레미스 환경 변수
22+ ON_PREM : " true"
23+ NODE_ENV : " production"
24+
25+ # Docker 이미지
26+ NODE_IMAGE : " node:20.19.2-alpine"
27+ DOCKER_IMAGE : " docker:27-alpine"
28+
29+ # 기본 설정
30+ default :
31+ image : $NODE_IMAGE
32+ before_script :
33+ - apk add --no-cache git curl
34+ - npm install -g pnpm@$PNPM_VERSION
35+ - pnpm config set store-dir .pnpm-store
36+ - pnpm install --frozen-lockfile
37+
38+ # 캐시 설정
39+ cache :
40+ key :
41+ files :
42+ - pnpm-lock.yaml
43+ paths :
44+ - .pnpm-store/
45+ - node_modules/
46+ - src/node_modules/
47+ - webview-ui/node_modules/
48+
49+ # 1. 코드 검증 단계
50+ code_quality :
51+ stage : validate
52+ script :
53+ - echo "🔍 Running code quality checks..."
54+ - pnpm lint
55+ - pnpm check-types
56+ - echo "✅ Code quality checks passed"
57+ rules :
58+ - if : $CI_PIPELINE_SOURCE == "merge_request_event"
59+ - if : $CI_COMMIT_BRANCH == "main"
60+ - if : $CI_COMMIT_TAG
61+
62+ # 외부 호출 검증
63+ outbound_detection :
64+ stage : validate
65+ script :
66+ - echo "🔍 Detecting external HTTP calls..."
67+ - pnpm detect-outbound
68+ - echo "📊 External calls detected and cataloged"
69+ artifacts :
70+ reports :
71+ junit : outbound-report.xml
72+ paths :
73+ - outbound-urls.json
74+ expire_in : 1 week
75+ rules :
76+ - if : $CI_PIPELINE_SOURCE == "merge_request_event"
77+ - if : $CI_COMMIT_BRANCH == "main"
78+ - if : $CI_COMMIT_TAG
79+
80+ # 2. 테스트 단계
81+ unit_tests :
82+ stage : test
83+ script :
84+ - echo "🧪 Running unit tests..."
85+ - pnpm test
86+ - echo "✅ Unit tests passed"
87+ coverage : ' /Lines\s*:\s*(\d+\.\d+)%/'
88+ artifacts :
89+ reports :
90+ junit : test-results.xml
91+ coverage_report :
92+ coverage_format : cobertura
93+ path : coverage/cobertura-coverage.xml
94+ paths :
95+ - coverage/
96+ expire_in : 1 week
97+ rules :
98+ - if : $CI_PIPELINE_SOURCE == "merge_request_event"
99+ - if : $CI_COMMIT_BRANCH == "main"
100+ - if : $CI_COMMIT_TAG
101+
102+ # 온프레미스 통합 테스트
103+ integration_tests :
104+ stage : test
105+ services :
106+ - name : docker:27-dind
107+ alias : docker
108+ variables :
109+ DOCKER_HOST : tcp://docker:2376
110+ DOCKER_TLS_CERTDIR : " /certs"
111+ before_script :
112+ - apk add --no-cache git curl docker-compose
113+ - npm install -g pnpm@$PNPM_VERSION
114+ - pnpm config set store-dir .pnpm-store
115+ - pnpm install --frozen-lockfile
116+ script :
117+ - echo "🔥 Running firewall integration tests..."
118+ - pnpm test:firewall:docker
119+ - echo "✅ Integration tests passed"
120+ artifacts :
121+ paths :
122+ - test-results/
123+ expire_in : 1 week
124+ rules :
125+ - if : $CI_COMMIT_BRANCH == "main"
126+ - if : $CI_COMMIT_TAG
127+ allow_failure : true # 외부 의존성으로 인해 실패할 수 있음
128+
129+ # 3. 빌드 단계
130+ build_extension :
131+ stage : build
132+ script :
133+ - echo "🏗️ Building extension for on-premises..."
134+ - pnpm build
135+ - pnpm bundle:onprem
136+ - echo "✅ Extension built successfully"
137+ artifacts :
138+ paths :
139+ - src/dist/
140+ - webview-ui/dist/
141+ expire_in : 1 day
142+ rules :
143+ - if : $CI_COMMIT_BRANCH == "main"
144+ - if : $CI_COMMIT_TAG
145+
146+ # 4. VSIX 패키징 단계
147+ package_vsix :
148+ stage : package
149+ dependencies :
150+ - build_extension
151+ script :
152+ - echo "📦 Packaging on-premises VSIX..."
153+ - pnpm package:onprem
154+ - ls -la bin/
155+ - echo "📊 VSIX package information:"
156+ - cat bin/build-info-onprem.json | head -20
157+ - echo "✅ VSIX packaging completed"
158+ artifacts :
159+ name : " roo-cline-onprem-${CI_COMMIT_SHA:0:8}"
160+ paths :
161+ - bin/*.vsix
162+ - bin/build-info-onprem.json
163+ expire_in : 30 days
164+ reports :
165+ artifacts :
166+ file : bin/build-info-onprem.json
167+ rules :
168+ - if : $CI_COMMIT_BRANCH == "main"
169+ - if : $CI_COMMIT_TAG
170+
171+ # VSIX 유효성 검사
172+ validate_vsix :
173+ stage : package
174+ dependencies :
175+ - package_vsix
176+ script :
177+ - echo "🔍 Validating VSIX package..."
178+ - apk add --no-cache unzip
179+ - |
180+ for vsix in bin/*.vsix; do
181+ echo "📋 Analyzing $vsix"
182+
183+ # 파일 크기 확인
184+ size=$(stat -c%s "$vsix")
185+ echo " Size: $(echo $size | numfmt --to=iec-i)B"
186+
187+ # VSIX 구조 확인
188+ unzip -t "$vsix" > /dev/null
189+ echo " ✅ ZIP structure valid"
190+
191+ # manifest 확인
192+ unzip -q "$vsix" extension/package.json -d /tmp/
193+ if [ -f /tmp/extension/package.json ]; then
194+ echo " ✅ Package manifest found"
195+ name=$(cat /tmp/extension/package.json | grep '"name"' | head -1)
196+ version=$(cat /tmp/extension/package.json | grep '"version"' | head -1)
197+ echo " 📦 $name $version"
198+ else
199+ echo " ❌ Package manifest missing"
200+ exit 1
201+ fi
202+
203+ # 최소 크기 확인 (1MB)
204+ if [ $size -lt 1048576 ]; then
205+ echo " ❌ VSIX too small: ${size} bytes"
206+ exit 1
207+ fi
208+
209+ echo " ✅ VSIX validation passed"
210+ done
211+ echo "✅ All VSIX packages validated"
212+ rules :
213+ - if : $CI_COMMIT_BRANCH == "main"
214+ - if : $CI_COMMIT_TAG
215+
216+ # 5. 배포 단계
217+ deploy_to_nexus :
218+ stage : deploy
219+ dependencies :
220+ - package_vsix
221+ - validate_vsix
222+ script :
223+ - echo "🚀 Deploying to internal Nexus repository..."
224+ - |
225+ if [ -z "$NEXUS_URL" ] || [ -z "$NEXUS_USER" ] || [ -z "$NEXUS_PASSWORD" ]; then
226+ echo "⚠️ Nexus credentials not configured, skipping deployment"
227+ exit 0
228+ fi
229+ |
230+ for vsix in bin/*.vsix; do
231+ filename=$(basename "$vsix")
232+ echo "📤 Uploading $filename to Nexus..."
233+
234+ curl -u "$NEXUS_USER:$NEXUS_PASSWORD" \
235+ --upload-file "$vsix" \
236+ "$NEXUS_URL/repository/vscode-extensions/$filename"
237+
238+ if [ $? -eq 0 ]; then
239+ echo "✅ Successfully uploaded $filename"
240+ else
241+ echo "❌ Failed to upload $filename"
242+ exit 1
243+ fi
244+ done
245+ echo "✅ Deployment completed"
246+ rules :
247+ - if : $CI_COMMIT_TAG
248+ - if : $CI_COMMIT_BRANCH == "main"
249+ when : manual
250+ environment :
251+ name : production
252+ url : $NEXUS_URL
253+
254+ # 태그 릴리스 (수동)
255+ create_release :
256+ stage : deploy
257+ dependencies :
258+ - package_vsix
259+ script :
260+ - echo "🏷️ Creating release for tag $CI_COMMIT_TAG..."
261+ - |
262+ if [ -z "$CI_COMMIT_TAG" ]; then
263+ echo "❌ This job should only run on tags"
264+ exit 1
265+ fi
266+ |
267+ # Release API를 통한 릴리스 생성
268+ curl --request POST \
269+ --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" \
270+ --data name="Roo Code On-Premises $CI_COMMIT_TAG" \
271+ --data tag_name="$CI_COMMIT_TAG" \
272+ --data description="On-premises version of Roo Code VS Code extension" \
273+ "$CI_API_V4_URL/projects/$CI_PROJECT_ID/releases"
274+ echo "✅ Release created for $CI_COMMIT_TAG"
275+ rules :
276+ - if : $CI_COMMIT_TAG
277+ when : manual
278+
279+ # 벤치마크 (선택적)
280+ benchmark_local_llm :
281+ stage : test
282+ script :
283+ - echo "⚡ Running local LLM benchmarks..."
284+ - pnpm benchmark-local-llm || echo "⚠️ Benchmark failed (expected in CI)"
285+ - echo "📊 Benchmark completed"
286+ artifacts :
287+ paths :
288+ - benchmark-results.json
289+ expire_in : 1 week
290+ rules :
291+ - if : $CI_COMMIT_BRANCH == "main"
292+ when : manual
293+ - if : $CI_COMMIT_TAG
294+ when : manual
295+ allow_failure : true
296+
297+ # 정리 작업
298+ cleanup :
299+ stage : .post
300+ script :
301+ - echo "🧹 Cleaning up temporary files..."
302+ - rm -rf .pnpm-store/
303+ - rm -rf node_modules/.cache/
304+ - echo "✅ Cleanup completed"
305+ when : always
306+ rules :
307+ - if : $CI_PIPELINE_SOURCE == "merge_request_event"
308+ - if : $CI_COMMIT_BRANCH == "main"
309+ - if : $CI_COMMIT_TAG
310+
311+ # Workflow rules
312+ workflow :
313+ rules :
314+ - if : $CI_COMMIT_BRANCH == "main"
315+ - if : $CI_PIPELINE_SOURCE == "merge_request_event"
316+ - if : $CI_COMMIT_TAG
317+ - if : $CI_PIPELINE_SOURCE == "web"
0 commit comments