Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
4a38b8a1
Commit
4a38b8a1
authored
Jan 19, 2018
by
Achilleas Pipinellis
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update Auto DevOps template
[ci skip]
parent
a1c0964d
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
40 additions
and
2 deletions
+40
-2
vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml
vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml
+40
-2
No files found.
vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml
View file @
4a38b8a1
...
@@ -42,6 +42,7 @@ stages:
...
@@ -42,6 +42,7 @@ stages:
-
build
-
build
-
test
-
test
-
review
-
review
-
dast
-
staging
-
staging
-
canary
-
canary
-
production
-
production
...
@@ -130,6 +131,23 @@ sast:container:
...
@@ -130,6 +131,23 @@ sast:container:
artifacts
:
artifacts
:
paths
:
[
gl-sast-container-report.json
]
paths
:
[
gl-sast-container-report.json
]
dast
:
stage
:
dast
allow_failure
:
true
image
:
owasp/zap2docker-stable
variables
:
POSTGRES_DB
:
"
false"
script
:
-
dast
artifacts
:
paths
:
[
gl-dast-report.json
]
only
:
refs
:
-
branches
kubernetes
:
active
except
:
-
master
review
:
review
:
stage
:
review
stage
:
review
script
:
script
:
...
@@ -270,8 +288,8 @@ production:
...
@@ -270,8 +288,8 @@ production:
docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
apk add -U wget ca-certificates
apk add -U wget ca-certificates
docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG}
docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG}
wget https://github.com/arminc/clair-scanner/releases/download/v
6/clair-scanner_linux_386
wget https://github.com/arminc/clair-scanner/releases/download/v
8/clair-scanner_linux_amd64
mv clair-scanner_linux_
386
clair-scanner
mv clair-scanner_linux_
amd64
clair-scanner
chmod +x clair-scanner
chmod +x clair-scanner
touch clair-whitelist.yml
touch clair-whitelist.yml
./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} || true
./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} || true
...
@@ -327,6 +345,12 @@ production:
...
@@ -327,6 +345,12 @@ production:
replicas="$new_replicas"
replicas="$new_replicas"
fi
fi
if [[ "$CI_PROJECT_VISIBILITY" != "public" ]]; then
secret_name='gitlab-registry'
else
secret_name=''
fi
helm upgrade --install \
helm upgrade --install \
--wait \
--wait \
--set service.enabled="$service_enabled" \
--set service.enabled="$service_enabled" \
...
@@ -334,6 +358,7 @@ production:
...
@@ -334,6 +358,7 @@ production:
--set image.repository="$CI_APPLICATION_REPOSITORY" \
--set image.repository="$CI_APPLICATION_REPOSITORY" \
--set image.tag="$CI_APPLICATION_TAG" \
--set image.tag="$CI_APPLICATION_TAG" \
--set image.pullPolicy=IfNotPresent \
--set image.pullPolicy=IfNotPresent \
--set image.secrets[0].name="$secret_name" \
--set application.track="$track" \
--set application.track="$track" \
--set application.database_url="$DATABASE_URL" \
--set application.database_url="$DATABASE_URL" \
--set service.url="$CI_ENVIRONMENT_URL" \
--set service.url="$CI_ENVIRONMENT_URL" \
...
@@ -462,6 +487,11 @@ production:
...
@@ -462,6 +487,11 @@ production:
}
}
function create_secret() {
function create_secret() {
echo "Create secret..."
if [[ "$CI_PROJECT_VISIBILITY" == "public" ]]; then
return
fi
kubectl create secret -n "$KUBE_NAMESPACE" \
kubectl create secret -n "$KUBE_NAMESPACE" \
docker-registry gitlab-registry \
docker-registry gitlab-registry \
--docker-server="$CI_REGISTRY" \
--docker-server="$CI_REGISTRY" \
...
@@ -471,6 +501,14 @@ production:
...
@@ -471,6 +501,14 @@ production:
-o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f -
-o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f -
}
}
function dast() {
export CI_ENVIRONMENT_URL=$(cat environment_url.txt)
mkdir /zap/wrk/
/zap/zap-baseline.py -J gl-dast-report.json -t "$CI_ENVIRONMENT_URL" || true
cp /zap/wrk/gl-dast-report.json .
}
function performance() {
function performance() {
export CI_ENVIRONMENT_URL=$(cat environment_url.txt)
export CI_ENVIRONMENT_URL=$(cat environment_url.txt)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment