-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
129 lines (127 loc) · 2.89 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
include:
- project: iiidevops-templates/ci-template
file: ci/template.gitlab-ci.yml
ref: v2.6.0
stages:
- initial
- scan
- build
- deploy
- test
Test--SonarQube source code scan:
variables:
iiidevops: sonarqube
CHART_TYPE: normal
only:
- master
Test--Anchore SBOM source code scan:
variables:
iiidevops: anchore-code
only:
- skip
Test--Checkmarx source code scan:
variables:
iiidevops: checkmarx
only:
- master
- excalidraw
Build image:
variables:
iiidevops: build-image
only:
- master
- develop
- pipeline-update
- update-file
Build--Scan docker image:
stage: build
image:
name: alpine:3.17
entrypoint:
- ''
variables:
iiidevops: build-image
needs:
- Build image
before_script:
- apk add --update curl
script:
- echo "curl -s -L -X POST "${IIIDEV_URL}/v2/harbor/${CI_PROJECT_NAME}/scan" -F
branch=${CI_COMMIT_BRANCH} -F commit_id=${CI_COMMIT_SHORT_SHA}"
- curl -s -L -X POST "${IIIDEV_URL}/v2/harbor/${CI_PROJECT_NAME}/scan" -F branch=${CI_COMMIT_BRANCH}
-F commit_id=${CI_COMMIT_SHORT_SHA}
only:
- master
- develop
- pipeline-update
- update-file
except:
variables:
- $CI_COMMIT_MESSAGE =~ /.*\(store\)$/
Build--Copy Image:
stage: build
image:
name: iiiorg/iiidevops-cli:0.0.4
allow_failure: true
variables:
iiidevops: deployed-environments
needs:
- Build image
script:
- 'RAWDATA="{}" RAWDATA=$(echo "${RAWDATA}" | jq --arg username "${BOT_USERNAME}"
--arg password "${BOT_PASSWORD}" ''. + {username: $username, password: $password}'') '
- RESPONSE="$(curl -sL --fail -X POST ${IIIDEV_URL}/user/login -H "Content-Type:application/json"
-d "${RAWDATA}")"
- TOKEN="$(echo "${RESPONSE}" | jq -r '.data.token')"
- if [ -z "${TOKEN}" ]; then echo "Login failed"; exit 1; fi
- echo "${CI_COMMIT_BRANCH} ${CI_PROJECT_NAME} ${CI_COMMIT_SHORT_SHA} {IIIDEV_URL}"
- curl -L -X POST ${IIIDEV_URL}/harbor/handle_image -H "Authorization:Bearer $TOKEN"
-F project_name=${CI_PROJECT_NAME} -F from_repo_name=${CI_COMMIT_BRANCH} -F from_tag=${CI_COMMIT_SHORT_SHA}
-F dest_repo_name=${CI_PROJECT_NAME} -F dest_tag=${CI_COMMIT_BRANCH}
only:
- master
- develop
- pipeline-update
except:
variables:
- $CI_COMMIT_MESSAGE =~ /.*\(store\)$/
Deploy--Set environment and wait deployment:
variables:
iiidevops: deploy-web
only:
- skip
Deploy--Web:
variables:
iiidevops: deploy-web
CHART_WEB_PORT: 10009
CHART_PROXY_BODY_SIZE: 1m
only:
- skip
Test--Anchore SBOM:
variables:
iiidevops: anchore
only:
- master
Test--ZAP:
variables:
iiidevops: zap
CHART_WEB_PORT: 10009
only:
- skip
Test--WebInspect:
variables:
iiidevops: webinspect
only:
- skip
Test--Postman:
variables:
iiidevops: postman
CHART_WEB_PORT: 10009
only:
- skip
Test--Sideex:
variables:
iiidevops: sideex
CHART_WEB_PORT: 10009
only:
- skip