Fixed some pipeline stuff

c8f736a5 · Martin Weise · c46466f2 · c8f736a5 · c8f736a5 · c8f736a5
Unverified Commit c8f736a5 authored May 30, 2023 by Martin Weise
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -30,7 +30,7 @@ stages:
  - test-frontend
  - build-docker
  - scan-docker
-  - release
+  - release-docker

 build-metadata-db:
  stage: build-backend
@@ -612,7 +612,7 @@ scan-user-service:
      container_scanning: ./.trivy/trivy-user-service-report.json

 release-latest:
-  stage: release
+  stage: release-docker
  needs:
    - scan-analyse-service
    - scan-authentication-service
@@ -639,7 +639,7 @@ release-latest:
    - TAG=latest make release

 release-version:
-  stage: release
+  stage: release-docker
  needs:
    - scan-analyse-service
    - scan-authentication-service

--- a/Makefile
+++ b/Makefile
@@ -2,6 +2,8 @@

 TAG ?= latest
 TRIVY_VERSION ?= v0.41.0
+ELASTIC_VERSION ?= 8.7.1
+NGINX_VERSION ?= 1.25.0-alpine-slim

 all:

@@ -48,7 +50,7 @@ build-frontend:
 build-clients:
 	bash ./.gitlab/swagger/generate.sh

-tag: tag-identifier tag-search tag-container tag-database tag-discovery tag-gateway tag-query tag-table tag-analyse tag-authentication tag-metadata-db tag-ui tag-units tag-broker tag-metadata tag-user
+tag: tag-identifier tag-container tag-database tag-query tag-table tag-analyse tag-authentication tag-metadata-db tag-ui tag-semantics tag-broker tag-metadata tag-user

 tag-analyse:
 	docker tag dbrepo-analyse-service:latest "dbrepo/analyse-service:${TAG}"
@@ -74,12 +76,6 @@ tag-container:
 tag-database:
 	docker tag dbrepo-database-service:latest "dbrepo/database-service:${TAG}"

-tag-discovery:
-	docker tag dbrepo-discovery-service:latest "dbrepo/discovery-service:${TAG}"
-
-tag-gateway:
-	docker tag dbrepo-gateway-service:latest "dbrepo/gateway-service:${TAG}"
-
 tag-query:
 	docker tag dbrepo-query-service:latest "dbrepo/query-service:${TAG}"

@@ -89,16 +85,13 @@ tag-user:
 tag-table:
 	docker tag dbrepo-table-service:latest "dbrepo/table-service:${TAG}"

-tag-units:
+tag-semantics:
 	docker tag dbrepo-semantics-service:latest "dbrepo/semantics-service:${TAG}"

 tag-broker:
 	docker tag dbrepo-broker-service:latest "dbrepo/broker-service:${TAG}"

-tag-search:
-	docker tag dbrepo-search-service:latest "dbrepo/search-service:${TAG}"
-
-release: build-docker tag release-identifier release-search release-container release-database release-discovery release-gateway release-query release-table release-analyse release-authentication release-metadata-db release-ui release-units release-broker release-metadata release-user
+release: build-docker tag release-identifier release-container release-database release-query release-table release-analyse release-authentication release-metadata-db release-ui release-units release-broker release-metadata release-user

 release-analyse: tag-analyse
 	docker push "dbrepo/analyse-service:${TAG}"
@@ -121,12 +114,6 @@ release-container: tag-container
 release-database: tag-database
 	docker push "dbrepo/database-service:${TAG}"

-release-discovery: tag-discovery
-	docker push "dbrepo/discovery-service:${TAG}"
-
-release-gateway: tag-gateway
-	docker push "dbrepo/gateway-service:${TAG}"
-
 release-query: tag-query
 	docker push "dbrepo/query-service:${TAG}"

@@ -142,9 +129,6 @@ release-units: tag-units
 release-broker: tag-broker
 	docker push "dbrepo/broker-service:${TAG}"

-release-search: tag-search
-	docker push "dbrepo/search-service:${TAG}"
-
 release-metadata: tag-metadata
 	docker push "dbrepo/metadata-service:${TAG}"

@@ -179,7 +163,7 @@ test-semantics-service: clean build-metadata-db build-semantics-service
 test-analyse-service: build-analyse-service
 	bash ./dbrepo-analyse-service/test.sh

-scan: scan-analyse-service scan-authentication-service scan-broker-service scan-container-service scan-database-service scan-discovery-service scan-gateway-service scan-identifier-service scan-metadata-db scan-metadata-service scan-proxy scan-query-service scan-search-service scan-semantics-service scan-table-service scan-ui scan-user-service
+scan: scan-analyse-service scan-authentication-service scan-broker-service scan-container-service scan-database-service scan-gateway-service scan-identifier-service scan-metadata-db scan-metadata-service scan-query-service scan-search-service scan-semantics-service scan-table-service scan-ui scan-user-service

 scan-analyse-service:
 	trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-analyse-service-report.json dbrepo-analyse-service:latest
@@ -206,15 +190,10 @@ scan-database-service:
 	trivy image --insecure --exit-code 0 dbrepo-database-service:latest
 	trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-database-service:latest

-scan-discovery-service:
-	trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-discovery-service-report.json dbrepo-discovery-service:latest
-	trivy image --insecure --exit-code 0 dbrepo-discovery-service:latest
-	trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-discovery-service:latest
-
 scan-gateway-service:
-	trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-gateway-service-report.json dbrepo-gateway-service:latest
-	trivy image --insecure --exit-code 0 dbrepo-gateway-service:latest
-	trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-gateway-service:latest
+	trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-gateway-service-report.json "nginx:${NGINX_VERSION}"
+	trivy image --insecure --exit-code 0 "nginx:${NGINX_VERSION}"
+	trivy image --insecure --exit-code 1 --severity CRITICAL "nginx:${NGINX_VERSION}"

 scan-identifier-service:
 	trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-identifier-service-report.json dbrepo-identifier-service:latest
@@ -231,20 +210,16 @@ scan-metadata-service:
 	trivy image --insecure --exit-code 0 dbrepo-metadata-service:latest
 	trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-metadata-service:latest

-scan-proxy:
-	trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-proxy-report.json dbrepo-proxy:latest
-	trivy image --insecure --exit-code 0 dbrepo-proxy:latest
-	trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-proxy:latest
-
 scan-query-service:
 	trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-query-service-report.json dbrepo-query-service:latest
 	trivy image --insecure --exit-code 0 dbrepo-query-service:latest
 	trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-query-service:latest

 scan-search-service:
-	trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-service-report.json dbrepo-search-service:latest
-	trivy image --insecure --exit-code 0 dbrepo-search-service:latest
-	trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-search-service:latest
+	docker pull "elasticsearch:${ELASTIC_VERSION}"
+	trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-service-report.json "elasticsearch:${ELASTIC_VERSION}"
+	trivy image --insecure --exit-code 0 "elasticsearch:${ELASTIC_VERSION}"
+	trivy image --insecure --exit-code 1 --severity CRITICAL "elasticsearch:${ELASTIC_VERSION}"

 scan-semantics-service:
 	trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-semantics-service-report.json dbrepo-semantics-service:latest

--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -339,7 +339,7 @@ services:
    restart: "no"
    container_name: dbrepo-gateway-service
    hostname: gateway-service
-    image: nginx:alpine
+    image: nginx:1.25.0-alpine-slim
    networks:
      core:
      public: