diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 737bde7e7a43e313fa0ed3f937aba812e43ec6e5..1710c2791df85b02801ada44201eaa0539da4904 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -14,430 +14,429 @@ cache:
- /root/.npm/
stages:
-# - build
-# - test
-# - scan
+ - build
+ - test
+ - scan
- release
-#build-metadata-service:
-# image: maven:3-openjdk-17
-# stage: build
-# script:
-# - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
-#
-#build-analyse-service:
-# image: python:3.9-slim
-# stage: build
-# script:
-# - "pip install -r ./dbrepo-analyse-service/requirements.txt"
-#
-#build-data-service:
-# image: maven:3-openjdk-17
-# stage: build
-# needs:
-# - build-metadata-service
-# script:
-# - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
-# - "mvn -f ./dbrepo-data-service/pom.xml clean package -Dstyle.color=always -DskipTests"
-#
-#build-mirror-service:
-# image: maven:3-openjdk-17
-# stage: build
-# needs:
-# - build-metadata-service
-# script:
-# - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
-# - "mvn -f ./dbrepo-mirror-service/pom.xml clean package -Dstyle.color=always -DskipTests"
-#
-#build-frontend:
-# image: node:14-alpine
-# stage: build
-# script:
-# - "yarn config set network-timeout 600000 -g"
-# - "yarn --cwd ./dbrepo-ui install --legacy-peer-deps"
-# - "yarn --cwd ./dbrepo-ui run build"
-#
-#build-docker:
-# image: docker:24-dind
-# stage: build
-# script:
-# - "cp .env.unix.example .env"
-# - "docker build -t dbrepo-metadata-service:build --target build dbrepo-metadata-service"
-# - "docker build -t dbrepo-data-service:build --target build dbrepo-data-service"
-# - "docker build -t dbrepo-mirror-service:build --target build dbrepo-mirror-service"
-# - "docker build ./dbrepo-log-service -t dbrepo-log-service"
-# - "docker compose build --parallel"
-#
-#test-metadata-service:
-# image: maven:3-openjdk-17
-# stage: test
-# needs:
-# - build-metadata-service
-# script:
-# - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
-# - "mvn -f ./dbrepo-metadata-service/pom.xml clean test -Dstyle.color=always verify"
-# - "cat ./dbrepo-metadata-service/report/target/site/jacoco-aggregate/index.html | grep -o 'Total[^%]*%' | sed 's/<.*>/ /; s/Total/Jacoco Coverage Total:/'"
-# artifacts:
-# when: always
-# paths:
-# - ./dbrepo-metadata-service/report/target/site/jacoco-aggregate/
-# - ./dbrepo-metadata-service/rest-service/target/surefire-reports/
-# expire_in: 1 days
-# reports:
-# junit: ./dbrepo-metadata-service/rest-service/target/surefire-reports/TEST-*.xml
-# coverage: '/Total.*?([0-9]{1,3})%/'
-#
-#test-data-service:
-# image: maven:3-openjdk-17
-# stage: test
-# needs:
-# - build-data-service
-# script:
-# - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
-# - "mvn -f ./dbrepo-data-service/pom.xml clean test verify -Dstyle.color=always"
-# - "cat ./dbrepo-data-service/report/target/site/jacoco-aggregate/index.html | grep -o 'Total[^%]*%' | sed 's/<.*>/ /; s/Total/Jacoco Coverage Total:/'"
-# artifacts:
-# when: always
-# paths:
-# - ./dbrepo-data-service/report/target/site/jacoco-aggregate/
-# - ./dbrepo-data-service/rest-service/target/surefire-reports/
-# expire_in: 1 days
-# reports:
-# junit: ./dbrepo-data-service/rest-service/target/surefire-reports/TEST-*.xml
-# coverage: '/Total.*?([0-9]{1,3})%/'
-#
-#test-mirror-service:
-# image: maven:3-openjdk-17
-# stage: test
-# needs:
-# - build-mirror-service
-# script:
-# - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
-# - "mvn -f ./dbrepo-mirror-service/pom.xml clean test verify -Dstyle.color=always"
-# - "cat ./dbrepo-mirror-service/report/target/site/jacoco-aggregate/index.html | grep -o 'Total[^%]*%' | sed 's/<.*>/ /; s/Total/Jacoco Coverage Total:/'"
-# artifacts:
-# when: always
-# paths:
-# - ./dbrepo-mirror-service/report/target/site/jacoco-aggregate/
-# - ./dbrepo-mirror-service/rest-service/target/surefire-reports/
-# expire_in: 1 days
-# reports:
-# junit: ./dbrepo-mirror-service/rest-service/target/surefire-reports/TEST-*.xml
-# coverage: '/Total.*?([0-9]{1,3})%/'
-#
-#test-analyse-service:
-# image: python:3.9-slim
-# stage: test
-# needs:
-# - build-analyse-service
-# script:
-# - "pip install -r ./dbrepo-analyse-service/requirements.txt"
-# - "cd ./dbrepo-analyse-service/ && coverage run -m pytest test/test_determine_dt.py test/test_determine_pk.py --junitxml=report.xml && coverage html && coverage report > ./coverage.txt"
-# - "cat ./coverage.txt | grep -o 'TOTAL[^%]*%'"
-# artifacts:
-# when: always
-# paths:
-# - ./dbrepo-analyse-service/report.xml
-# expire_in: 1 days
-# reports:
-# junit: ./dbrepo-analyse-service/report.xml
-# coverage: '/TOTAL.*?([0-9]{1,3})%/'
-#
-#test-frontend:
-# image: node:14-alpine
-# stage: test
-# needs:
-# - build-frontend
-# script:
-# - "yarn --cwd ./dbrepo-ui install"
-# - "yarn --cwd ./dbrepo-ui run test:unit || true"
-# - "yarn --cwd ./dbrepo-ui run coverage || true"
-# - "cat ./dbrepo-ui/coverage/cobertura-coverage.xml | grep -o 'line-rate=\"[0-9.]*' | head -1 || true"
-# artifacts:
-# when: always
-# paths:
-# - ./dbrepo-ui/coverage/
-# expire_in: 1 days
-# reports:
-# coverage_report:
-# coverage_format: cobertura
-# path: ./dbrepo-ui/coverage/cobertura-coverage.xml
-# coverage: '/TOTAL.*?([0-9]{1,3})%/'
-#
-#scan-analyse-service:
-# image: bitnami/trivy:latest
-# stage: scan
-# needs:
-# - build-docker
-# only:
-# refs:
-# - dev
-# - master
-# allow_failure: true
-# script:
-# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-analyse-service-report.json dbrepo-analyse-service:latest
-# - trivy image --insecure --exit-code 0 dbrepo-analyse-service:latest
-# - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-analyse-service:latest
-# cache:
-# paths:
-# - .trivycache/
-# artifacts:
-# when: always
-# expire_in: 1 days
-# reports:
-# container_scanning: ./.trivy/trivy-analyse-service-report.json
-#
-#scan-authentication-service:
-# image: bitnami/trivy:latest
-# stage: scan
-# needs:
-# - build-docker
-# only:
-# refs:
-# - dev
-# - master
-# allow_failure: true
-# script:
-# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-authentication-service-report.json dbrepo-authentication-service:latest
-# - trivy image --insecure --exit-code 0 dbrepo-authentication-service:latest
-# - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-authentication-service:latest
-# cache:
-# paths:
-# - .trivycache/
-# artifacts:
-# when: always
-# expire_in: 1 days
-# reports:
-# container_scanning: ./.trivy/trivy-authentication-service-report.json
-#
-#scan-broker-service:
-# image: bitnami/trivy:latest
-# stage: scan
-# needs:
-# - build-docker
-# only:
-# refs:
-# - dev
-# - master
-# allow_failure: true
-# script:
-# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-broker-service-report.json dbrepo-authentication-service:latest
-# - trivy image --insecure --exit-code 0 dbrepo-broker-service:latest
-# - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-broker-service:latest
-# cache:
-# paths:
-# - .trivycache/
-# artifacts:
-# when: always
-# expire_in: 1 days
-# reports:
-# container_scanning: ./.trivy/trivy-broker-service-report.json
-#
-#scan-gateway-service:
-# image: bitnami/trivy:latest
-# stage: scan
-# needs:
-# - build-docker
-# only:
-# refs:
-# - dev
-# - master
-# allow_failure: true
-# script:
-# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-gateway-service-report.json "nginx:1.25.0-alpine-slim"
-# - trivy image --insecure --exit-code 0 "nginx:1.25.0-alpine-slim"
-# - trivy image --insecure --exit-code 1 --severity CRITICAL "nginx:1.25.0-alpine-slim""
-# cache:
-# paths:
-# - .trivycache/
-# artifacts:
-# when: always
-# expire_in: 1 days
-# reports:
-# container_scanning: ./.trivy/trivy-gateway-service-report.json
-#
-#scan-metadata-service:
-# image: bitnami/trivy:latest
-# stage: scan
-# needs:
-# - build-docker
-# only:
-# refs:
-# - dev
-# - master
-# allow_failure: true
-# script:
-# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-service-report.json dbrepo-metadata-service:latest
-# - trivy image --insecure --exit-code 0 dbrepo-metadata-service:latest
-# - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-metadata-service:latest
-# cache:
-# paths:
-# - .trivycache/
-# artifacts:
-# when: always
-# expire_in: 1 days
-# reports:
-# container_scanning: ./.trivy/trivy-metadata-service-report.json
-#
-#scan-search-db:
-# image: bitnami/trivy:latest
-# stage: scan
-# needs:
-# - build-docker
-# only:
-# refs:
-# - dev
-# - master
-# allow_failure: true
-# script:
-# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-report.json "dbrepo-search-db"
-# - trivy image --insecure --exit-code 0 "dbrepo-search-db"
-# - trivy image --insecure --exit-code 1 --severity CRITICAL "dbrepo-search-db"
-# cache:
-# paths:
-# - .trivycache/
-# artifacts:
-# when: always
-# expire_in: 1 days
-# reports:
-# container_scanning: ./.trivy/trivy-search-db-report.json
-#
-#scan-data-db:
-# image: bitnami/trivy:latest
-# stage: scan
-# needs:
-# - build-docker
-# only:
-# refs:
-# - dev
-# - master
-# allow_failure: true
-# script:
-# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-db-report.json "bitnami/mariadb:10.5"
-# - trivy image --insecure --exit-code 0 "bitnami/mariadb:10.5"
-# - trivy image --insecure --exit-code 1 --severity CRITICAL "bitnami/mariadb:10.5"
-# cache:
-# paths:
-# - .trivycache/
-# artifacts:
-# when: always
-# expire_in: 1 days
-# reports:
-# container_scanning: ./.trivy/trivy-data-db-report.json
-#
-#scan-metadata-db:
-# image: bitnami/trivy:latest
-# stage: scan
-# needs:
-# - build-docker
-# only:
-# refs:
-# - dev
-# - master
-# allow_failure: true
-# script:
-# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-db-report.json dbrepo-metadata-db:latest
-# - trivy image --insecure --exit-code 0 dbrepo-metadata-db:latest
-# - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-metadata-db:latest
-# cache:
-# paths:
-# - .trivycache/
-# artifacts:
-# when: always
-# expire_in: 1 days
-# reports:
-# container_scanning: ./.trivy/trivy-metadata-db-report.json
-#
-#scan-ui:
-# image: bitnami/trivy:latest
-# stage: scan
-# needs:
-# - build-docker
-# only:
-# refs:
-# - dev
-# - master
-# allow_failure: true
-# script:
-# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-ui-report.json dbrepo-ui:latest
-# - trivy image --insecure --exit-code 0 dbrepo-ui:latest
-# - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-ui:latest
-# cache:
-# paths:
-# - .trivycache/
-# artifacts:
-# when: always
-# expire_in: 1 days
-# reports:
-# container_scanning: ./.trivy/trivy-ui-report.json
-#
-#scan-log-service:
-# image: bitnami/trivy:latest
-# stage: scan
-# needs:
-# - build-docker
-# only:
-# refs:
-# - dev
-# - master
-# allow_failure: true
-# script:
-# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-log-service-report.json dbrepo-log-service:latest
-# - trivy image --insecure --exit-code 0 dbrepo-log-service:latest
-# - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-log-service:latest
-# cache:
-# paths:
-# - .trivycache/
-# artifacts:
-# when: always
-# expire_in: 1 days
-# reports:
-# container_scanning: ./.trivy/trivy-log-service-report.json
+build-metadata-service:
+ image: maven:3-openjdk-17
+ stage: build
+ script:
+ - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
+
+build-analyse-service:
+ image: python:3.9-slim
+ stage: build
+ script:
+ - "pip install -r ./dbrepo-analyse-service/requirements.txt"
+
+build-data-service:
+ image: maven:3-openjdk-17
+ stage: build
+ needs:
+ - build-metadata-service
+ script:
+ - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
+ - "mvn -f ./dbrepo-data-service/pom.xml clean package -Dstyle.color=always -DskipTests"
+
+build-mirror-service:
+ image: maven:3-openjdk-17
+ stage: build
+ needs:
+ - build-metadata-service
+ script:
+ - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
+ - "mvn -f ./dbrepo-mirror-service/pom.xml clean package -Dstyle.color=always -DskipTests"
+
+build-frontend:
+ image: node:14-alpine
+ stage: build
+ script:
+ - "yarn config set network-timeout 600000 -g"
+ - "yarn --cwd ./dbrepo-ui install --legacy-peer-deps"
+ - "yarn --cwd ./dbrepo-ui run build"
+
+build-docker:
+ image: docker:24-dind
+ stage: build
+ script:
+ - "cp .env.unix.example .env"
+ - "docker build -t dbrepo-metadata-service:build --target build dbrepo-metadata-service"
+ - "docker build -t dbrepo-data-service:build --target build dbrepo-data-service"
+ - "docker build -t dbrepo-mirror-service:build --target build dbrepo-mirror-service"
+ - "docker build ./dbrepo-log-service -t dbrepo-log-service"
+ - "docker compose build --parallel"
+
+test-metadata-service:
+ image: maven:3-openjdk-17
+ stage: test
+ needs:
+ - build-metadata-service
+ script:
+ - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
+ - "mvn -f ./dbrepo-metadata-service/pom.xml clean test -Dstyle.color=always verify"
+ - "cat ./dbrepo-metadata-service/report/target/site/jacoco-aggregate/index.html | grep -o 'Total[^%]*%' | sed 's/<.*>/ /; s/Total/Jacoco Coverage Total:/'"
+ artifacts:
+ when: always
+ paths:
+ - ./dbrepo-metadata-service/report/target/site/jacoco-aggregate/
+ - ./dbrepo-metadata-service/rest-service/target/surefire-reports/
+ expire_in: 1 days
+ reports:
+ junit: ./dbrepo-metadata-service/rest-service/target/surefire-reports/TEST-*.xml
+ coverage: '/Total.*?([0-9]{1,3})%/'
+
+test-data-service:
+ image: maven:3-openjdk-17
+ stage: test
+ needs:
+ - build-data-service
+ script:
+ - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
+ - "mvn -f ./dbrepo-data-service/pom.xml clean test verify -Dstyle.color=always"
+ - "cat ./dbrepo-data-service/report/target/site/jacoco-aggregate/index.html | grep -o 'Total[^%]*%' | sed 's/<.*>/ /; s/Total/Jacoco Coverage Total:/'"
+ artifacts:
+ when: always
+ paths:
+ - ./dbrepo-data-service/report/target/site/jacoco-aggregate/
+ - ./dbrepo-data-service/rest-service/target/surefire-reports/
+ expire_in: 1 days
+ reports:
+ junit: ./dbrepo-data-service/rest-service/target/surefire-reports/TEST-*.xml
+ coverage: '/Total.*?([0-9]{1,3})%/'
+
+test-mirror-service:
+ image: maven:3-openjdk-17
+ stage: test
+ needs:
+ - build-mirror-service
+ script:
+ - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
+ - "mvn -f ./dbrepo-mirror-service/pom.xml clean test verify -Dstyle.color=always"
+ - "cat ./dbrepo-mirror-service/report/target/site/jacoco-aggregate/index.html | grep -o 'Total[^%]*%' | sed 's/<.*>/ /; s/Total/Jacoco Coverage Total:/'"
+ artifacts:
+ when: always
+ paths:
+ - ./dbrepo-mirror-service/report/target/site/jacoco-aggregate/
+ - ./dbrepo-mirror-service/rest-service/target/surefire-reports/
+ expire_in: 1 days
+ reports:
+ junit: ./dbrepo-mirror-service/rest-service/target/surefire-reports/TEST-*.xml
+ coverage: '/Total.*?([0-9]{1,3})%/'
+
+test-analyse-service:
+ image: python:3.9-slim
+ stage: test
+ needs:
+ - build-analyse-service
+ script:
+ - "pip install -r ./dbrepo-analyse-service/requirements.txt"
+ - "cd ./dbrepo-analyse-service/ && coverage run -m pytest test/test_determine_dt.py test/test_determine_pk.py --junitxml=report.xml && coverage html && coverage report > ./coverage.txt"
+ - "cat ./coverage.txt | grep -o 'TOTAL[^%]*%'"
+ artifacts:
+ when: always
+ paths:
+ - ./dbrepo-analyse-service/report.xml
+ expire_in: 1 days
+ reports:
+ junit: ./dbrepo-analyse-service/report.xml
+ coverage: '/TOTAL.*?([0-9]{1,3})%/'
+
+test-frontend:
+ image: node:14-alpine
+ stage: test
+ needs:
+ - build-frontend
+ script:
+ - "yarn --cwd ./dbrepo-ui install"
+ - "yarn --cwd ./dbrepo-ui run test:unit || true"
+ - "yarn --cwd ./dbrepo-ui run coverage || true"
+ - "cat ./dbrepo-ui/coverage/cobertura-coverage.xml | grep -o 'line-rate=\"[0-9.]*' | head -1 || true"
+ artifacts:
+ when: always
+ paths:
+ - ./dbrepo-ui/coverage/
+ expire_in: 1 days
+ reports:
+ coverage_report:
+ coverage_format: cobertura
+ path: ./dbrepo-ui/coverage/cobertura-coverage.xml
+ coverage: '/TOTAL.*?([0-9]{1,3})%/'
+
+scan-analyse-service:
+ image: bitnami/trivy:latest
+ stage: scan
+ needs:
+ - build-docker
+ only:
+ refs:
+ - dev
+ - master
+ allow_failure: true
+ script:
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-analyse-service-report.json dbrepo-analyse-service:latest
+ - trivy image --insecure --exit-code 0 dbrepo-analyse-service:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-analyse-service:latest
+ cache:
+ paths:
+ - .trivycache/
+ artifacts:
+ when: always
+ expire_in: 1 days
+ reports:
+ container_scanning: ./.trivy/trivy-analyse-service-report.json
+
+scan-authentication-service:
+ image: bitnami/trivy:latest
+ stage: scan
+ needs:
+ - build-docker
+ only:
+ refs:
+ - dev
+ - master
+ allow_failure: true
+ script:
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-authentication-service-report.json dbrepo-authentication-service:latest
+ - trivy image --insecure --exit-code 0 dbrepo-authentication-service:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-authentication-service:latest
+ cache:
+ paths:
+ - .trivycache/
+ artifacts:
+ when: always
+ expire_in: 1 days
+ reports:
+ container_scanning: ./.trivy/trivy-authentication-service-report.json
+
+scan-broker-service:
+ image: bitnami/trivy:latest
+ stage: scan
+ needs:
+ - build-docker
+ only:
+ refs:
+ - dev
+ - master
+ allow_failure: true
+ script:
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-broker-service-report.json dbrepo-authentication-service:latest
+ - trivy image --insecure --exit-code 0 dbrepo-broker-service:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-broker-service:latest
+ cache:
+ paths:
+ - .trivycache/
+ artifacts:
+ when: always
+ expire_in: 1 days
+ reports:
+ container_scanning: ./.trivy/trivy-broker-service-report.json
+
+scan-gateway-service:
+ image: bitnami/trivy:latest
+ stage: scan
+ needs:
+ - build-docker
+ only:
+ refs:
+ - dev
+ - master
+ allow_failure: true
+ script:
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-gateway-service-report.json "nginx:1.25.0-alpine-slim"
+ - trivy image --insecure --exit-code 0 "nginx:1.25.0-alpine-slim"
+ - trivy image --insecure --exit-code 1 --severity CRITICAL "nginx:1.25.0-alpine-slim""
+ cache:
+ paths:
+ - .trivycache/
+ artifacts:
+ when: always
+ expire_in: 1 days
+ reports:
+ container_scanning: ./.trivy/trivy-gateway-service-report.json
+
+scan-metadata-service:
+ image: bitnami/trivy:latest
+ stage: scan
+ needs:
+ - build-docker
+ only:
+ refs:
+ - dev
+ - master
+ allow_failure: true
+ script:
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-service-report.json dbrepo-metadata-service:latest
+ - trivy image --insecure --exit-code 0 dbrepo-metadata-service:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-metadata-service:latest
+ cache:
+ paths:
+ - .trivycache/
+ artifacts:
+ when: always
+ expire_in: 1 days
+ reports:
+ container_scanning: ./.trivy/trivy-metadata-service-report.json
+
+scan-search-db:
+ image: bitnami/trivy:latest
+ stage: scan
+ needs:
+ - build-docker
+ only:
+ refs:
+ - dev
+ - master
+ allow_failure: true
+ script:
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-report.json "dbrepo-search-db"
+ - trivy image --insecure --exit-code 0 "dbrepo-search-db"
+ - trivy image --insecure --exit-code 1 --severity CRITICAL "dbrepo-search-db"
+ cache:
+ paths:
+ - .trivycache/
+ artifacts:
+ when: always
+ expire_in: 1 days
+ reports:
+ container_scanning: ./.trivy/trivy-search-db-report.json
+
+scan-data-db:
+ image: bitnami/trivy:latest
+ stage: scan
+ needs:
+ - build-docker
+ only:
+ refs:
+ - dev
+ - master
+ allow_failure: true
+ script:
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-db-report.json "bitnami/mariadb:10.5"
+ - trivy image --insecure --exit-code 0 "bitnami/mariadb:10.5"
+ - trivy image --insecure --exit-code 1 --severity CRITICAL "bitnami/mariadb:10.5"
+ cache:
+ paths:
+ - .trivycache/
+ artifacts:
+ when: always
+ expire_in: 1 days
+ reports:
+ container_scanning: ./.trivy/trivy-data-db-report.json
+
+scan-metadata-db:
+ image: bitnami/trivy:latest
+ stage: scan
+ needs:
+ - build-docker
+ only:
+ refs:
+ - dev
+ - master
+ allow_failure: true
+ script:
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-db-report.json dbrepo-metadata-db:latest
+ - trivy image --insecure --exit-code 0 dbrepo-metadata-db:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-metadata-db:latest
+ cache:
+ paths:
+ - .trivycache/
+ artifacts:
+ when: always
+ expire_in: 1 days
+ reports:
+ container_scanning: ./.trivy/trivy-metadata-db-report.json
+
+scan-ui:
+ image: bitnami/trivy:latest
+ stage: scan
+ needs:
+ - build-docker
+ only:
+ refs:
+ - dev
+ - master
+ allow_failure: true
+ script:
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-ui-report.json dbrepo-ui:latest
+ - trivy image --insecure --exit-code 0 dbrepo-ui:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-ui:latest
+ cache:
+ paths:
+ - .trivycache/
+ artifacts:
+ when: always
+ expire_in: 1 days
+ reports:
+ container_scanning: ./.trivy/trivy-ui-report.json
+
+scan-log-service:
+ image: bitnami/trivy:latest
+ stage: scan
+ needs:
+ - build-docker
+ only:
+ refs:
+ - dev
+ - master
+ allow_failure: true
+ script:
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-log-service-report.json dbrepo-log-service:latest
+ - trivy image --insecure --exit-code 0 dbrepo-log-service:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-log-service:latest
+ cache:
+ paths:
+ - .trivycache/
+ artifacts:
+ when: always
+ expire_in: 1 days
+ reports:
+ container_scanning: ./.trivy/trivy-log-service-report.json
release-latest:
stage: release
image: docker:24-dind
-# needs:
-# - scan-analyse-service
-# - scan-authentication-service
-# - scan-broker-service
-# - scan-gateway-service
-# - scan-metadata-service
-# - scan-metadata-db
-# - scan-data-db
-# - scan-search-db
-# - scan-ui
-# - scan-log-service
-# only:
-# refs:
-# - dev
+ needs:
+ - scan-analyse-service
+ - scan-authentication-service
+ - scan-broker-service
+ - scan-gateway-service
+ - scan-metadata-service
+ - scan-metadata-db
+ - scan-data-db
+ - scan-search-db
+ - scan-ui
+ - scan-log-service
+ only:
+ refs:
+ - dev
script:
- "ifconfig eth0 mtu 1450 up"
- - "ip a"
- "apk add make"
- echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin docker.io
- - echo "$AZURE_PASSWORD" | docker login --username "$AZURE_USERNAME" --password-stdin https://dbrepo.azurecr.io/v1/
+ - echo "$AZURE_PASSWORD" | docker login --username "$AZURE_USERNAME" --password-stdin dbrepo.azurecr.io
- TAG=latest make release
-#release-version:
-# stage: release
-# image: docker:24-dind-rootless
-# needs:
-# - scan-analyse-service
-# - scan-authentication-service
-# - scan-broker-service
-# - scan-gateway-service
-# - scan-metadata-service
-# - scan-metadata-db
-# - scan-data-db
-# - scan-search-db
-# - scan-ui
-# only:
-# refs:
-# - master
-# script:
-# - "apk add make"
-# - "cp .env.unix.example .env"
-# - "docker login docker.io -u \"${DOCKER_USERNAME}\" -p \"${DOCKER_PASSWORD}\""
-# - "docker login dbrepo.azurecr.io -u \"${AZURE_USERNAME}\" -p \"${AZURE_PASSWORD}\""
-# - "TAG=1.3 make release"
+release-version:
+ stage: release
+ image: docker:24-dind-rootless
+ needs:
+ - scan-analyse-service
+ - scan-authentication-service
+ - scan-broker-service
+ - scan-gateway-service
+ - scan-metadata-service
+ - scan-metadata-db
+ - scan-data-db
+ - scan-search-db
+ - scan-ui
+ only:
+ refs:
+ - master
+ script:
+ - "ifconfig eth0 mtu 1450 up"
+ - "apk add make"
+ - echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin docker.io
+ - echo "$AZURE_PASSWORD" | docker login --username "$AZURE_USERNAME" --password-stdin dbrepo.azurecr.io
+ - "TAG=1.3 make release"
diff --git a/README.md b/README.md
index 87df2d65eb51a700d95ed206c705cc36b01f7767..ade550f1a310538601670b285fb870229856bcd7 100644
--- a/README.md
+++ b/README.md
@@ -55,6 +55,10 @@ concurrent = 10
name = "rundind"
mount_path = "/var/run/dind"
medium = "Memory"
+ [[runners.kubernetes.volumes.empty_dir]]
+ name = "tmp"
+ mount_path = "/tmp"
+ medium = "Memory"
```
For each job in the CI/CD pipeline, a pod with three containers is started: