Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
DBRepo
Manage
Activity
Members
Labels
Plan
External wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Deploy
Releases
Package registry
Model registry
Operate
Terraform modules
Analyze
Contributor analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
FAIR Data Austria DB Repository
DBRepo
Commits
f9c5adce
Verified
Commit
f9c5adce
authored
1 year ago
by
Martin Weise
Browse files
Options
Downloads
Patches
Plain Diff
Updated CI/CD
parent
fe69869f
No related branches found
No related tags found
No related merge requests found
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
.gitlab-ci.yml
+458
-471
458 additions, 471 deletions
.gitlab-ci.yml
with
458 additions
and
471 deletions
.gitlab-ci.yml
+
458
−
471
View file @
f9c5adce
...
@@ -16,480 +16,467 @@ cache:
...
@@ -16,480 +16,467 @@ cache:
-
/root/.npm/
-
/root/.npm/
stages
:
stages
:
-
build
#
- build
-
test
#
- test
-
docs
#
- docs
-
release
-
release
-
scan
# - scan
build-metadata-service
:
#build-metadata-service:
image
:
maven:3-openjdk-17
# image: maven:3-openjdk-17
stage
:
build
# stage: build
script
:
# script:
-
"
mvn
-f
./dbrepo-metadata-service/pom.xml
clean
install
-Dstyle.color=always
-DskipTests"
# - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
#
build-analyse-service
:
#build-analyse-service:
image
:
python:3.9-slim
# image: python:3.9-slim
stage
:
build
# stage: build
variables
:
# variables:
PIPENV_PIPFILE
:
"
./dbrepo-analyse-service/Pipfile"
# PIPENV_PIPFILE: "./dbrepo-analyse-service/Pipfile"
script
:
# script:
-
"
pip
install
pipenv"
# - "pip install pipenv"
-
"
pipenv
install
gunicorn
&&
pipenv
install
--dev
--system
--deploy"
# - "pipenv install gunicorn && pipenv install --dev --system --deploy"
#
build-data-service
:
#build-data-service:
image
:
maven:3-openjdk-17
# image: maven:3-openjdk-17
stage
:
build
# stage: build
needs
:
# needs:
-
build-metadata-service
# - build-metadata-service
script
:
# script:
-
"
mvn
-f
./dbrepo-metadata-service/pom.xml
clean
install
-Dstyle.color=always
-DskipTests"
# - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
-
"
mvn
-f
./dbrepo-data-service/pom.xml
clean
package
-Dstyle.color=always
-DskipTests"
# - "mvn -f ./dbrepo-data-service/pom.xml clean package -Dstyle.color=always -DskipTests"
#
build-frontend
:
#build-frontend:
image
:
node:14-alpine
# image: node:14-alpine
stage
:
build
# stage: build
script
:
# script:
-
"
yarn
config
set
network-timeout
600000
-g"
# - "yarn config set network-timeout 600000 -g"
-
"
yarn
--cwd
./dbrepo-ui
install
--legacy-peer-deps"
# - "yarn --cwd ./dbrepo-ui install --legacy-peer-deps"
-
"
yarn
--cwd
./dbrepo-ui
run
build"
# - "yarn --cwd ./dbrepo-ui run build"
#
build-search-service
:
#build-search-service:
image
:
python:3.10-alpine
# image: python:3.10-alpine
stage
:
build
# stage: build
script
:
# script:
-
"
pip
install
pipenv"
# - "pip install pipenv"
-
"
cd
dbrepo-search-service
&&
pipenv
install
--system
--deploy"
# - "cd dbrepo-search-service && pipenv install --system --deploy"
#
build-docker
:
#build-docker:
image
:
docker.io/docker:24-dind
# image: docker.io/docker:24-dind
stage
:
build
# stage: build
before_script
:
# before_script:
-
echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY_URL
# - echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY_URL
script
:
# script:
-
"
cp
.env.unix.example
.env"
# - "cp .env.unix.example .env"
-
"
docker
build
-t
dbrepo-metadata-service:build
--target
build
dbrepo-metadata-service"
# - "docker build -t dbrepo-metadata-service:build --target build dbrepo-metadata-service"
-
"
docker
build
-t
dbrepo-data-service:build
--target
build
dbrepo-data-service"
# - "docker build -t dbrepo-data-service:build --target build dbrepo-data-service"
-
"
docker
compose
build
--parallel"
# - "docker compose build --parallel"
#
build-helm
:
#build-helm:
image
:
docker.io/docker:24-dind
# image: docker.io/docker:24-dind
stage
:
build
# stage: build
before_script
:
# before_script:
-
echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY_URL
# - echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY_URL
script
:
# script:
-
apk add sed helm curl
# - apk add sed helm curl
-
'
sed
-i
-e
"s/^version:.*/version:
\"${CHART_VERSION}\"/g"
./helm-charts/dbrepo/Chart.yaml'
# - 'sed -i -e "s/^version:.*/version: \"${CHART_VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml'
-
'
sed
-i
-e
"s/^appVersion:.*/appVersion:
\"${APP_VERSION}\"/g"
./helm-charts/dbrepo/Chart.yaml'
# - 'sed -i -e "s/^appVersion:.*/appVersion: \"${APP_VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml'
-
find ./helm-charts -type f -exec sed -i -e "s/__CHARTVERSION__/${CHART_VERSION}/g" {} \;
# - find ./helm-charts -type f -exec sed -i -e "s/__CHARTVERSION__/${CHART_VERSION}/g" {} \;
-
helm package ./helm-charts/dbrepo --destination ./build
# - helm package ./helm-charts/dbrepo --destination ./build
#
test-metadata-service
:
#test-metadata-service:
image
:
maven:3-openjdk-17
# image: maven:3-openjdk-17
stage
:
test
# stage: test
needs
:
# needs:
-
build-metadata-service
# - build-metadata-service
script
:
# script:
-
"
mvn
-f
./dbrepo-metadata-service/pom.xml
clean
install
-Dstyle.color=always
-DskipTests"
# - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
-
"
mvn
-f
./dbrepo-metadata-service/pom.xml
clean
test
-Dstyle.color=always
verify"
# - "mvn -f ./dbrepo-metadata-service/pom.xml clean test -Dstyle.color=always verify"
-
"
cat
./dbrepo-metadata-service/report/target/site/jacoco-aggregate/index.html
|
grep
-o
'Total[^%]*%'
|
sed
's/<.*>/
/;
s/Total/Jacoco
Coverage
Total:/'"
# - "cat ./dbrepo-metadata-service/report/target/site/jacoco-aggregate/index.html | grep -o 'Total[^%]*%' | sed 's/<.*>/ /; s/Total/Jacoco Coverage Total:/'"
artifacts
:
# artifacts:
when
:
always
# when: always
paths
:
# paths:
-
./dbrepo-metadata-service/report/target/site/jacoco-aggregate/
# - ./dbrepo-metadata-service/report/target/site/jacoco-aggregate/
-
./dbrepo-metadata-service/rest-service/target/surefire-reports/
# - ./dbrepo-metadata-service/rest-service/target/surefire-reports/
expire_in
:
1 days
# expire_in: 1 days
reports
:
# reports:
junit
:
./dbrepo-metadata-service/rest-service/target/surefire-reports/TEST-*.xml
# junit: ./dbrepo-metadata-service/rest-service/target/surefire-reports/TEST-*.xml
coverage
:
'
/Total.*?([0-9]{1,3})%/'
# coverage: '/Total.*?([0-9]{1,3})%/'
#
test-data-service
:
#test-data-service:
image
:
maven:3-openjdk-17
# image: maven:3-openjdk-17
stage
:
test
# stage: test
needs
:
# needs:
-
build-data-service
# - build-data-service
script
:
# script:
-
"
mvn
-f
./dbrepo-metadata-service/pom.xml
clean
install
-Dstyle.color=always
-DskipTests"
# - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
-
"
mvn
-f
./dbrepo-data-service/pom.xml
clean
test
verify
-Dstyle.color=always"
# - "mvn -f ./dbrepo-data-service/pom.xml clean test verify -Dstyle.color=always"
-
"
cat
./dbrepo-data-service/report/target/site/jacoco-aggregate/index.html
|
grep
-o
'Total[^%]*%'
|
sed
's/<.*>/
/;
s/Total/Jacoco
Coverage
Total:/'"
# - "cat ./dbrepo-data-service/report/target/site/jacoco-aggregate/index.html | grep -o 'Total[^%]*%' | sed 's/<.*>/ /; s/Total/Jacoco Coverage Total:/'"
artifacts
:
# artifacts:
when
:
always
# when: always
paths
:
# paths:
-
./dbrepo-data-service/report/target/site/jacoco-aggregate/
# - ./dbrepo-data-service/report/target/site/jacoco-aggregate/
-
./dbrepo-data-service/rest-service/target/surefire-reports/
# - ./dbrepo-data-service/rest-service/target/surefire-reports/
expire_in
:
1 days
# expire_in: 1 days
reports
:
# reports:
junit
:
./dbrepo-data-service/rest-service/target/surefire-reports/TEST-*.xml
# junit: ./dbrepo-data-service/rest-service/target/surefire-reports/TEST-*.xml
coverage
:
'
/Total.*?([0-9]{1,3})%/'
# coverage: '/Total.*?([0-9]{1,3})%/'
#
test-analyse-service
:
#test-analyse-service:
image
:
python:3.9-slim
# image: python:3.9-slim
stage
:
test
# stage: test
variables
:
# variables:
PIPENV_PIPFILE
:
"
./dbrepo-analyse-service/Pipfile"
# PIPENV_PIPFILE: "./dbrepo-analyse-service/Pipfile"
needs
:
# needs:
-
build-analyse-service
# - build-analyse-service
script
:
# script:
-
"
pip
install
pipenv"
# - "pip install pipenv"
-
"
pipenv
install
gunicorn
&&
pipenv
install
--dev
--system
--deploy"
# - "pipenv install gunicorn && pipenv install --dev --system --deploy"
-
cd ./dbrepo-analyse-service/ && coverage run -m pytest test/test_determine_dt.py test/test_determine_pk.py test/test_s3_client.py --junitxml=report.xml && coverage html --omit="test/*" && coverage report --omit="test/*" > ./coverage.txt
# - cd ./dbrepo-analyse-service/ && coverage run -m pytest test/test_determine_dt.py test/test_determine_pk.py test/test_s3_client.py --junitxml=report.xml && coverage html --omit="test/*" && coverage report --omit="test/*" > ./coverage.txt
-
"
cat
./coverage.txt
|
grep
-o
'TOTAL[^%]*%'"
# - "cat ./coverage.txt | grep -o 'TOTAL[^%]*%'"
artifacts
:
# artifacts:
when
:
always
# when: always
paths
:
# paths:
-
./dbrepo-analyse-service/report.xml
# - ./dbrepo-analyse-service/report.xml
-
./dbrepo-analyse-service/coverage.txt
# - ./dbrepo-analyse-service/coverage.txt
expire_in
:
1 days
# expire_in: 1 days
reports
:
# reports:
junit
:
./dbrepo-analyse-service/report.xml
# junit: ./dbrepo-analyse-service/report.xml
coverage
:
'
/TOTAL.*?([0-9]{1,3})%/'
# coverage: '/TOTAL.*?([0-9]{1,3})%/'
#
test-frontend
:
#test-frontend:
image
:
node:14-alpine
# image: node:14-alpine
stage
:
test
# stage: test
needs
:
# needs:
-
build-frontend
# - build-frontend
script
:
# script:
-
"
yarn
--cwd
./dbrepo-ui
install"
# - "yarn --cwd ./dbrepo-ui install"
-
"
yarn
--cwd
./dbrepo-ui
run
test:unit
||
true"
# - "yarn --cwd ./dbrepo-ui run test:unit || true"
-
"
yarn
--cwd
./dbrepo-ui
run
coverage
||
true"
# - "yarn --cwd ./dbrepo-ui run coverage || true"
-
"
cat
./dbrepo-ui/coverage/cobertura-coverage.xml
|
grep
-o
'line-rate=
\"
[0-9.]*'
|
head
-1
||
true"
# - "cat ./dbrepo-ui/coverage/cobertura-coverage.xml | grep -o 'line-rate=\"[0-9.]*' | head -1 || true"
artifacts
:
# artifacts:
when
:
always
# when: always
paths
:
# paths:
-
./dbrepo-ui/coverage/
# - ./dbrepo-ui/coverage/
expire_in
:
1 days
# expire_in: 1 days
reports
:
# reports:
coverage_report
:
# coverage_report:
coverage_format
:
cobertura
# coverage_format: cobertura
path
:
./dbrepo-ui/coverage/cobertura-coverage.xml
# path: ./dbrepo-ui/coverage/cobertura-coverage.xml
coverage
:
'
/TOTAL.*?([0-9]{1,3})%/'
# coverage: '/TOTAL.*?([0-9]{1,3})%/'
#
scan-analyse-service
:
#scan-analyse-service:
image
:
bitnami/trivy:latest
# image: bitnami/trivy:latest
stage
:
scan
# stage: scan
only
:
# only:
refs
:
# refs:
-
master
# - master
-
release-v1.4
# - release-v1.4
allow_failure
:
true
# allow_failure: true
script
:
# script:
-
trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-analyse-service-report.json docker.io/dbrepo/analyse-service:latest
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-analyse-service-report.json docker.io/dbrepo/analyse-service:latest
-
trivy image --insecure --exit-code 0 docker.io/dbrepo/analyse-service:latest
# - trivy image --insecure --exit-code 0 docker.io/dbrepo/analyse-service:latest
-
trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/analyse-service:latest
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/analyse-service:latest
cache
:
# cache:
paths
:
# paths:
-
.trivycache/
# - .trivycache/
artifacts
:
# artifacts:
when
:
always
# when: always
expire_in
:
1 days
# expire_in: 1 days
reports
:
# reports:
container_scanning
:
./.trivy/trivy-analyse-service-report.json
# container_scanning: ./.trivy/trivy-analyse-service-report.json
#
scan-authentication-service
:
#scan-authentication-service:
image
:
bitnami/trivy:latest
# image: bitnami/trivy:latest
stage
:
scan
# stage: scan
only
:
# only:
refs
:
# refs:
-
master
# - master
-
release-v1.4
# - release-v1.4
allow_failure
:
true
# allow_failure: true
script
:
# script:
-
trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-authentication-service-report.json docker.io/dbrepo/authentication-service:latest
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-authentication-service-report.json docker.io/dbrepo/authentication-service:latest
-
trivy image --insecure --exit-code 0 docker.io/dbrepo/authentication-service:latest
# - trivy image --insecure --exit-code 0 docker.io/dbrepo/authentication-service:latest
-
trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/authentication-service:latest
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/authentication-service:latest
cache
:
# cache:
paths
:
# paths:
-
.trivycache/
# - .trivycache/
artifacts
:
# artifacts:
when
:
always
# when: always
expire_in
:
1 days
# expire_in: 1 days
reports
:
# reports:
container_scanning
:
./.trivy/trivy-authentication-service-report.json
# container_scanning: ./.trivy/trivy-authentication-service-report.json
#
scan-broker-service
:
#scan-broker-service:
image
:
bitnami/trivy:latest
# image: bitnami/trivy:latest
stage
:
scan
# stage: scan
only
:
# only:
refs
:
# refs:
-
master
# - master
-
release-v1.4
# - release-v1.4
allow_failure
:
true
# allow_failure: true
script
:
# script:
-
trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-broker-service-report.json docker.io/dbrepo/broker-service:latest
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-broker-service-report.json docker.io/dbrepo/broker-service:latest
-
trivy image --insecure --exit-code 0 docker.io/dbrepo/broker-service:latest
# - trivy image --insecure --exit-code 0 docker.io/dbrepo/broker-service:latest
-
trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/broker-service:latest
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/broker-service:latest
cache
:
# cache:
paths
:
# paths:
-
.trivycache/
# - .trivycache/
artifacts
:
# artifacts:
when
:
always
# when: always
expire_in
:
1 days
# expire_in: 1 days
reports
:
# reports:
container_scanning
:
./.trivy/trivy-broker-service-report.json
# container_scanning: ./.trivy/trivy-broker-service-report.json
#
scan-gateway-service
:
#scan-gateway-service:
image
:
bitnami/trivy:latest
# image: bitnami/trivy:latest
stage
:
scan
# stage: scan
only
:
# only:
refs
:
# refs:
-
master
# - master
-
release-v1.4
# - release-v1.4
allow_failure
:
true
# allow_failure: true
script
:
# script:
-
trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-gateway-service-report.json docker.io/nginx:1.25.0-alpine-slim
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-gateway-service-report.json docker.io/nginx:1.25.0-alpine-slim
-
trivy image --insecure --exit-code 0 docker.io/nginx:1.25.0-alpine-slim
# - trivy image --insecure --exit-code 0 docker.io/nginx:1.25.0-alpine-slim
-
trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/nginx:1.25.0-alpine-slim
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/nginx:1.25.0-alpine-slim
cache
:
# cache:
paths
:
# paths:
-
.trivycache/
# - .trivycache/
artifacts
:
# artifacts:
when
:
always
# when: always
expire_in
:
1 days
# expire_in: 1 days
reports
:
# reports:
container_scanning
:
./.trivy/trivy-gateway-service-report.json
# container_scanning: ./.trivy/trivy-gateway-service-report.json
#
scan-metadata-service
:
#scan-metadata-service:
image
:
bitnami/trivy:latest
# image: bitnami/trivy:latest
stage
:
scan
# stage: scan
only
:
# only:
refs
:
# refs:
-
master
# - master
-
release-v1.4
# - release-v1.4
allow_failure
:
true
# allow_failure: true
script
:
# script:
-
trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-service-report.json docker.io/dbrepo/metadata-service:latest
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-service-report.json docker.io/dbrepo/metadata-service:latest
-
trivy image --insecure --exit-code 0 docker.io/dbrepo/metadata-service:latest
# - trivy image --insecure --exit-code 0 docker.io/dbrepo/metadata-service:latest
-
trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/metadata-service:latest
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/metadata-service:latest
cache
:
# cache:
paths
:
# paths:
-
.trivycache/
# - .trivycache/
artifacts
:
# artifacts:
when
:
always
# when: always
expire_in
:
1 days
# expire_in: 1 days
reports
:
# reports:
container_scanning
:
./.trivy/trivy-metadata-service-report.json
# container_scanning: ./.trivy/trivy-metadata-service-report.json
#
scan-data-service
:
#scan-data-service:
image
:
bitnami/trivy:latest
# image: bitnami/trivy:latest
stage
:
scan
# stage: scan
only
:
# only:
refs
:
# refs:
-
master
# - master
-
release-v1.4
# - release-v1.4
allow_failure
:
true
# allow_failure: true
script
:
# script:
-
trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-service-report.json docker.io/dbrepo/data-service:latest
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-service-report.json docker.io/dbrepo/data-service:latest
-
trivy image --insecure --exit-code 0 docker.io/dbrepo/data-service:latest
# - trivy image --insecure --exit-code 0 docker.io/dbrepo/data-service:latest
-
trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/data-service:latest
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/data-service:latest
cache
:
# cache:
paths
:
# paths:
-
.trivycache/
# - .trivycache/
artifacts
:
# artifacts:
when
:
always
# when: always
expire_in
:
1 days
# expire_in: 1 days
reports
:
# reports:
container_scanning
:
./.trivy/trivy-data-service-report.json
# container_scanning: ./.trivy/trivy-data-service-report.json
#
scan-search-db
:
#scan-search-db:
image
:
bitnami/trivy:latest
# image: bitnami/trivy:latest
stage
:
scan
# stage: scan
only
:
# only:
refs
:
# refs:
-
master
# - master
-
release-v1.4
# - release-v1.4
allow_failure
:
true
# allow_failure: true
script
:
# script:
-
trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-report.json docker.io/dbrepo/search-db:latest
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-report.json docker.io/dbrepo/search-db:latest
-
trivy image --insecure --exit-code 0 docker.io/dbrepo/search-db:latest
# - trivy image --insecure --exit-code 0 docker.io/dbrepo/search-db:latest
-
trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/search-db:latest
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/search-db:latest
cache
:
# cache:
paths
:
# paths:
-
.trivycache/
# - .trivycache/
artifacts
:
# artifacts:
when
:
always
# when: always
expire_in
:
1 days
# expire_in: 1 days
reports
:
# reports:
container_scanning
:
./.trivy/trivy-search-db-report.json
# container_scanning: ./.trivy/trivy-search-db-report.json
#
scan-search-dashboard
:
#scan-search-dashboard:
image
:
bitnami/trivy:latest
# image: bitnami/trivy:latest
stage
:
scan
# stage: scan
only
:
# only:
refs
:
# refs:
-
master
# - master
-
release-v1.4
# - release-v1.4
allow_failure
:
true
# allow_failure: true
script
:
# script:
-
trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-dashboard-report.json docker.io/opensearchproject/opensearch-dashboards:2.10.0
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-dashboard-report.json docker.io/opensearchproject/opensearch-dashboards:2.10.0
-
trivy image --insecure --exit-code 0 docker.io/opensearchproject/opensearch-dashboards:2.10.0
# - trivy image --insecure --exit-code 0 docker.io/opensearchproject/opensearch-dashboards:2.10.0
-
trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/opensearchproject/opensearch-dashboards:2.10.0
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/opensearchproject/opensearch-dashboards:2.10.0
cache
:
# cache:
paths
:
# paths:
-
.trivycache/
# - .trivycache/
artifacts
:
# artifacts:
when
:
always
# when: always
expire_in
:
1 days
# expire_in: 1 days
reports
:
# reports:
container_scanning
:
./.trivy/trivy-search-dashboard-report.json
# container_scanning: ./.trivy/trivy-search-dashboard-report.json
#
scan-search-db-init
:
#scan-search-db-init:
image
:
bitnami/trivy:latest
# image: bitnami/trivy:latest
stage
:
scan
# stage: scan
only
:
# only:
refs
:
# refs:
-
master
# - master
-
release-v1.4
# - release-v1.4
allow_failure
:
true
# allow_failure: true
script
:
# script:
-
trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-init-report.json docker.io/dbrepo/search-db-init:latest
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-init-report.json docker.io/dbrepo/search-db-init:latest
-
trivy image --insecure --exit-code 0 docker.io/dbrepo/search-db-init:latest
# - trivy image --insecure --exit-code 0 docker.io/dbrepo/search-db-init:latest
-
trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/search-db-init:latest
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/search-db-init:latest
cache
:
# cache:
paths
:
# paths:
-
.trivycache/
# - .trivycache/
artifacts
:
# artifacts:
when
:
always
# when: always
expire_in
:
1 days
# expire_in: 1 days
reports
:
# reports:
container_scanning
:
./.trivy/trivy-search-db-init-report.json
# container_scanning: ./.trivy/trivy-search-db-init-report.json
#
scan-data-db
:
#scan-data-db:
image
:
bitnami/trivy:latest
# image: bitnami/trivy:latest
stage
:
scan
# stage: scan
only
:
# only:
refs
:
# refs:
-
master
# - master
-
release-v1.4
# - release-v1.4
allow_failure
:
true
# allow_failure: true
script
:
# script:
-
trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-db-report.json docker.io/bitnami/mariadb:11.2.2-debian-11-r0
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-db-report.json docker.io/bitnami/mariadb:11.2.2-debian-11-r0
-
trivy image --insecure --exit-code 0 docker.io/bitnami/mariadb:11.2.2-debian-11-r0
# - trivy image --insecure --exit-code 0 docker.io/bitnami/mariadb:11.2.2-debian-11-r0
-
trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/bitnami/mariadb:11.2.2-debian-11-r0
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/bitnami/mariadb:11.2.2-debian-11-r0
cache
:
# cache:
paths
:
# paths:
-
.trivycache/
# - .trivycache/
artifacts
:
# artifacts:
when
:
always
# when: always
expire_in
:
1 days
# expire_in: 1 days
reports
:
# reports:
container_scanning
:
./.trivy/trivy-data-db-report.json
# container_scanning: ./.trivy/trivy-data-db-report.json
#
scan-metadata-db
:
#scan-metadata-db:
image
:
bitnami/trivy:latest
# image: bitnami/trivy:latest
stage
:
scan
# stage: scan
only
:
# only:
refs
:
# refs:
-
master
# - master
-
release-v1.4
# - release-v1.4
allow_failure
:
true
# allow_failure: true
script
:
# script:
-
trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-db-report.json docker.io/dbrepo/metadata-db:latest
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-db-report.json docker.io/dbrepo/metadata-db:latest
-
trivy image --insecure --exit-code 0 docker.io/dbrepo/metadata-db:latest
# - trivy image --insecure --exit-code 0 docker.io/dbrepo/metadata-db:latest
-
trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/metadata-db:latest
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/metadata-db:latest
cache
:
# cache:
paths
:
# paths:
-
.trivycache/
# - .trivycache/
artifacts
:
# artifacts:
when
:
always
# when: always
expire_in
:
1 days
# expire_in: 1 days
reports
:
# reports:
container_scanning
:
./.trivy/trivy-metadata-db-report.json
# container_scanning: ./.trivy/trivy-metadata-db-report.json
#
scan-ui
:
#scan-ui:
image
:
bitnami/trivy:latest
# image: bitnami/trivy:latest
stage
:
scan
# stage: scan
only
:
# only:
refs
:
# refs:
-
master
# - master
-
release-v1.4
# - release-v1.4
allow_failure
:
true
# allow_failure: true
script
:
# script:
-
trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-ui-report.json docker.io/dbrepo/ui:latest
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-ui-report.json docker.io/dbrepo/ui:latest
-
trivy image --insecure --exit-code 0 docker.io/dbrepo/ui:latest
# - trivy image --insecure --exit-code 0 docker.io/dbrepo/ui:latest
-
trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/ui:latest
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/ui:latest
cache
:
# cache:
paths
:
# paths:
-
.trivycache/
# - .trivycache/
artifacts
:
# artifacts:
when
:
always
# when: always
expire_in
:
1 days
# expire_in: 1 days
reports
:
# reports:
container_scanning
:
./.trivy/trivy-ui-report.json
# container_scanning: ./.trivy/trivy-ui-report.json
#
scan-storage-service
:
#scan-storage-service:
image
:
bitnami/trivy:latest
# image: bitnami/trivy:latest
stage
:
scan
# stage: scan
only
:
# only:
refs
:
# refs:
-
master
# - master
-
release-v1.4
# - release-v1.4
allow_failure
:
true
# allow_failure: true
script
:
# script:
-
trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-storage-service-report.json docker.io/chrislusf/seaweedfs:3.59
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-storage-service-report.json docker.io/chrislusf/seaweedfs:3.59
-
trivy image --insecure --exit-code 0 docker.io/chrislusf/seaweedfs:3.59
# - trivy image --insecure --exit-code 0 docker.io/chrislusf/seaweedfs:3.59
-
trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/chrislusf/seaweedfs:3.59
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/chrislusf/seaweedfs:3.59
cache
:
# cache:
paths
:
# paths:
-
.trivycache/
# - .trivycache/
artifacts
:
# artifacts:
when
:
always
# when: always
expire_in
:
1 days
# expire_in: 1 days
reports
:
# reports:
container_scanning
:
./.trivy/trivy-storage-service-report.json
# container_scanning: ./.trivy/trivy-storage-service-report.json
#
scan-storage-service-init
:
#scan-storage-service-init:
image
:
bitnami/trivy:latest
# image: bitnami/trivy:latest
stage
:
scan
# stage: scan
only
:
# only:
refs
:
# refs:
-
master
# - master
-
release-v1.4
# - release-v1.4
allow_failure
:
true
# allow_failure: true
script
:
# script:
-
trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-storage-service-init-report.json docker.io/dbrepo/storage-service-init:latest
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-storage-service-init-report.json docker.io/dbrepo/storage-service-init:latest
-
trivy image --insecure --exit-code 0 docker.io/dbrepo/storage-service-init:latest
# - trivy image --insecure --exit-code 0 docker.io/dbrepo/storage-service-init:latest
-
trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/storage-service-init:latest
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/storage-service-init:latest
cache
:
# cache:
paths
:
# paths:
-
.trivycache/
# - .trivycache/
artifacts
:
# artifacts:
when
:
always
# when: always
expire_in
:
1 days
# expire_in: 1 days
reports
:
# reports:
container_scanning
:
./.trivy/trivy-storage-service-init-report.json
# container_scanning: ./.trivy/trivy-storage-service-init-report.json
#
docs-registry
:
#docs-registry:
stage
:
docs
# stage: docs
image
:
docker.io/python:3.11-slim
# image: docker.io/python:3.11-slim
only
:
# only:
refs
:
# refs:
-
/^release-.*/
# - /^release-.*/
script
:
# script:
-
pip install -r ./requirements.txt
# - pip install -r ./requirements.txt
-
python3 .docs/docker/release.py
# - python3 .docs/docker/release.py
docs-docs
:
stage
:
docs
image
:
docker.io/python:3.11-slim
only
:
refs
:
-
/^release-.*/
script
:
-
apt-get update && apt-get install -y git make sed wget
-
make docs
cache
:
paths
:
-
./final
release-images
:
release-images
:
stage
:
release
stage
:
release
image
:
docker:24-dind
image
:
docker:24-dind
needs
:
#
needs:
-
test-metadata-service
#
- test-metadata-service
-
test-data-service
#
- test-data-service
-
test-analyse-service
#
- test-analyse-service
-
test-frontend
#
- test-frontend
only
:
only
:
refs
:
refs
:
-
/^release-.*/
-
/^release-.*/
...
@@ -520,12 +507,12 @@ release-chart:
...
@@ -520,12 +507,12 @@ release-chart:
release-docs
:
release-docs
:
stage
:
release
stage
:
release
image
:
docker.io/finalgene/openssh:9.1
image
:
docker.io/finalgene/openssh:9.1
needs
:
-
docs-docs
only
:
only
:
refs
:
refs
:
-
/^release-.*/
-
/^release-.*/
script
:
script
:
-
apt-get update && apt-get install -y git make sed wget
-
make docs
-
eval $(ssh-agent -s)
-
eval $(ssh-agent -s)
-
echo "$CI_KEY_PRIVATE" > /root/.ssh/id_rsa && chmod 0600 /root/.ssh/id_rsa
-
echo "$CI_KEY_PRIVATE" > /root/.ssh/id_rsa && chmod 0600 /root/.ssh/id_rsa
-
echo "$CI_KEY_PUBLIC" > /root/.ssh/id_rsa.pub
-
echo "$CI_KEY_PUBLIC" > /root/.ssh/id_rsa.pub
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment