Skip to content
Snippets Groups Projects
Verified Commit f9c5adce authored by Martin Weise's avatar Martin Weise
Browse files

Updated CI/CD

parent fe69869f
No related branches found
No related tags found
No related merge requests found
...@@ -16,480 +16,467 @@ cache: ...@@ -16,480 +16,467 @@ cache:
- /root/.npm/ - /root/.npm/
stages: stages:
- build # - build
- test # - test
- docs # - docs
- release - release
- scan # - scan
build-metadata-service: #build-metadata-service:
image: maven:3-openjdk-17 # image: maven:3-openjdk-17
stage: build # stage: build
script: # script:
- "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests" # - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
#
build-analyse-service: #build-analyse-service:
image: python:3.9-slim # image: python:3.9-slim
stage: build # stage: build
variables: # variables:
PIPENV_PIPFILE: "./dbrepo-analyse-service/Pipfile" # PIPENV_PIPFILE: "./dbrepo-analyse-service/Pipfile"
script: # script:
- "pip install pipenv" # - "pip install pipenv"
- "pipenv install gunicorn && pipenv install --dev --system --deploy" # - "pipenv install gunicorn && pipenv install --dev --system --deploy"
#
build-data-service: #build-data-service:
image: maven:3-openjdk-17 # image: maven:3-openjdk-17
stage: build # stage: build
needs: # needs:
- build-metadata-service # - build-metadata-service
script: # script:
- "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests" # - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
- "mvn -f ./dbrepo-data-service/pom.xml clean package -Dstyle.color=always -DskipTests" # - "mvn -f ./dbrepo-data-service/pom.xml clean package -Dstyle.color=always -DskipTests"
#
build-frontend: #build-frontend:
image: node:14-alpine # image: node:14-alpine
stage: build # stage: build
script: # script:
- "yarn config set network-timeout 600000 -g" # - "yarn config set network-timeout 600000 -g"
- "yarn --cwd ./dbrepo-ui install --legacy-peer-deps" # - "yarn --cwd ./dbrepo-ui install --legacy-peer-deps"
- "yarn --cwd ./dbrepo-ui run build" # - "yarn --cwd ./dbrepo-ui run build"
#
build-search-service: #build-search-service:
image: python:3.10-alpine # image: python:3.10-alpine
stage: build # stage: build
script: # script:
- "pip install pipenv" # - "pip install pipenv"
- "cd dbrepo-search-service && pipenv install --system --deploy" # - "cd dbrepo-search-service && pipenv install --system --deploy"
#
build-docker: #build-docker:
image: docker.io/docker:24-dind # image: docker.io/docker:24-dind
stage: build # stage: build
before_script: # before_script:
- echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY_URL # - echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY_URL
script: # script:
- "cp .env.unix.example .env" # - "cp .env.unix.example .env"
- "docker build -t dbrepo-metadata-service:build --target build dbrepo-metadata-service" # - "docker build -t dbrepo-metadata-service:build --target build dbrepo-metadata-service"
- "docker build -t dbrepo-data-service:build --target build dbrepo-data-service" # - "docker build -t dbrepo-data-service:build --target build dbrepo-data-service"
- "docker compose build --parallel" # - "docker compose build --parallel"
#
build-helm: #build-helm:
image: docker.io/docker:24-dind # image: docker.io/docker:24-dind
stage: build # stage: build
before_script: # before_script:
- echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY_URL # - echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY_URL
script: # script:
- apk add sed helm curl # - apk add sed helm curl
- 'sed -i -e "s/^version:.*/version: \"${CHART_VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml' # - 'sed -i -e "s/^version:.*/version: \"${CHART_VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml'
- 'sed -i -e "s/^appVersion:.*/appVersion: \"${APP_VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml' # - 'sed -i -e "s/^appVersion:.*/appVersion: \"${APP_VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml'
- find ./helm-charts -type f -exec sed -i -e "s/__CHARTVERSION__/${CHART_VERSION}/g" {} \; # - find ./helm-charts -type f -exec sed -i -e "s/__CHARTVERSION__/${CHART_VERSION}/g" {} \;
- helm package ./helm-charts/dbrepo --destination ./build # - helm package ./helm-charts/dbrepo --destination ./build
#
test-metadata-service: #test-metadata-service:
image: maven:3-openjdk-17 # image: maven:3-openjdk-17
stage: test # stage: test
needs: # needs:
- build-metadata-service # - build-metadata-service
script: # script:
- "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests" # - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
- "mvn -f ./dbrepo-metadata-service/pom.xml clean test -Dstyle.color=always verify" # - "mvn -f ./dbrepo-metadata-service/pom.xml clean test -Dstyle.color=always verify"
- "cat ./dbrepo-metadata-service/report/target/site/jacoco-aggregate/index.html | grep -o 'Total[^%]*%' | sed 's/<.*>/ /; s/Total/Jacoco Coverage Total:/'" # - "cat ./dbrepo-metadata-service/report/target/site/jacoco-aggregate/index.html | grep -o 'Total[^%]*%' | sed 's/<.*>/ /; s/Total/Jacoco Coverage Total:/'"
artifacts: # artifacts:
when: always # when: always
paths: # paths:
- ./dbrepo-metadata-service/report/target/site/jacoco-aggregate/ # - ./dbrepo-metadata-service/report/target/site/jacoco-aggregate/
- ./dbrepo-metadata-service/rest-service/target/surefire-reports/ # - ./dbrepo-metadata-service/rest-service/target/surefire-reports/
expire_in: 1 days # expire_in: 1 days
reports: # reports:
junit: ./dbrepo-metadata-service/rest-service/target/surefire-reports/TEST-*.xml # junit: ./dbrepo-metadata-service/rest-service/target/surefire-reports/TEST-*.xml
coverage: '/Total.*?([0-9]{1,3})%/' # coverage: '/Total.*?([0-9]{1,3})%/'
#
test-data-service: #test-data-service:
image: maven:3-openjdk-17 # image: maven:3-openjdk-17
stage: test # stage: test
needs: # needs:
- build-data-service # - build-data-service
script: # script:
- "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests" # - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
- "mvn -f ./dbrepo-data-service/pom.xml clean test verify -Dstyle.color=always" # - "mvn -f ./dbrepo-data-service/pom.xml clean test verify -Dstyle.color=always"
- "cat ./dbrepo-data-service/report/target/site/jacoco-aggregate/index.html | grep -o 'Total[^%]*%' | sed 's/<.*>/ /; s/Total/Jacoco Coverage Total:/'" # - "cat ./dbrepo-data-service/report/target/site/jacoco-aggregate/index.html | grep -o 'Total[^%]*%' | sed 's/<.*>/ /; s/Total/Jacoco Coverage Total:/'"
artifacts: # artifacts:
when: always # when: always
paths: # paths:
- ./dbrepo-data-service/report/target/site/jacoco-aggregate/ # - ./dbrepo-data-service/report/target/site/jacoco-aggregate/
- ./dbrepo-data-service/rest-service/target/surefire-reports/ # - ./dbrepo-data-service/rest-service/target/surefire-reports/
expire_in: 1 days # expire_in: 1 days
reports: # reports:
junit: ./dbrepo-data-service/rest-service/target/surefire-reports/TEST-*.xml # junit: ./dbrepo-data-service/rest-service/target/surefire-reports/TEST-*.xml
coverage: '/Total.*?([0-9]{1,3})%/' # coverage: '/Total.*?([0-9]{1,3})%/'
#
test-analyse-service: #test-analyse-service:
image: python:3.9-slim # image: python:3.9-slim
stage: test # stage: test
variables: # variables:
PIPENV_PIPFILE: "./dbrepo-analyse-service/Pipfile" # PIPENV_PIPFILE: "./dbrepo-analyse-service/Pipfile"
needs: # needs:
- build-analyse-service # - build-analyse-service
script: # script:
- "pip install pipenv" # - "pip install pipenv"
- "pipenv install gunicorn && pipenv install --dev --system --deploy" # - "pipenv install gunicorn && pipenv install --dev --system --deploy"
- cd ./dbrepo-analyse-service/ && coverage run -m pytest test/test_determine_dt.py test/test_determine_pk.py test/test_s3_client.py --junitxml=report.xml && coverage html --omit="test/*" && coverage report --omit="test/*" > ./coverage.txt # - cd ./dbrepo-analyse-service/ && coverage run -m pytest test/test_determine_dt.py test/test_determine_pk.py test/test_s3_client.py --junitxml=report.xml && coverage html --omit="test/*" && coverage report --omit="test/*" > ./coverage.txt
- "cat ./coverage.txt | grep -o 'TOTAL[^%]*%'" # - "cat ./coverage.txt | grep -o 'TOTAL[^%]*%'"
artifacts: # artifacts:
when: always # when: always
paths: # paths:
- ./dbrepo-analyse-service/report.xml # - ./dbrepo-analyse-service/report.xml
- ./dbrepo-analyse-service/coverage.txt # - ./dbrepo-analyse-service/coverage.txt
expire_in: 1 days # expire_in: 1 days
reports: # reports:
junit: ./dbrepo-analyse-service/report.xml # junit: ./dbrepo-analyse-service/report.xml
coverage: '/TOTAL.*?([0-9]{1,3})%/' # coverage: '/TOTAL.*?([0-9]{1,3})%/'
#
test-frontend: #test-frontend:
image: node:14-alpine # image: node:14-alpine
stage: test # stage: test
needs: # needs:
- build-frontend # - build-frontend
script: # script:
- "yarn --cwd ./dbrepo-ui install" # - "yarn --cwd ./dbrepo-ui install"
- "yarn --cwd ./dbrepo-ui run test:unit || true" # - "yarn --cwd ./dbrepo-ui run test:unit || true"
- "yarn --cwd ./dbrepo-ui run coverage || true" # - "yarn --cwd ./dbrepo-ui run coverage || true"
- "cat ./dbrepo-ui/coverage/cobertura-coverage.xml | grep -o 'line-rate=\"[0-9.]*' | head -1 || true" # - "cat ./dbrepo-ui/coverage/cobertura-coverage.xml | grep -o 'line-rate=\"[0-9.]*' | head -1 || true"
artifacts: # artifacts:
when: always # when: always
paths: # paths:
- ./dbrepo-ui/coverage/ # - ./dbrepo-ui/coverage/
expire_in: 1 days # expire_in: 1 days
reports: # reports:
coverage_report: # coverage_report:
coverage_format: cobertura # coverage_format: cobertura
path: ./dbrepo-ui/coverage/cobertura-coverage.xml # path: ./dbrepo-ui/coverage/cobertura-coverage.xml
coverage: '/TOTAL.*?([0-9]{1,3})%/' # coverage: '/TOTAL.*?([0-9]{1,3})%/'
#
scan-analyse-service: #scan-analyse-service:
image: bitnami/trivy:latest # image: bitnami/trivy:latest
stage: scan # stage: scan
only: # only:
refs: # refs:
- master # - master
- release-v1.4 # - release-v1.4
allow_failure: true # allow_failure: true
script: # script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-analyse-service-report.json docker.io/dbrepo/analyse-service:latest # - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-analyse-service-report.json docker.io/dbrepo/analyse-service:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/analyse-service:latest # - trivy image --insecure --exit-code 0 docker.io/dbrepo/analyse-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/analyse-service:latest # - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/analyse-service:latest
cache: # cache:
paths: # paths:
- .trivycache/ # - .trivycache/
artifacts: # artifacts:
when: always # when: always
expire_in: 1 days # expire_in: 1 days
reports: # reports:
container_scanning: ./.trivy/trivy-analyse-service-report.json # container_scanning: ./.trivy/trivy-analyse-service-report.json
#
scan-authentication-service: #scan-authentication-service:
image: bitnami/trivy:latest # image: bitnami/trivy:latest
stage: scan # stage: scan
only: # only:
refs: # refs:
- master # - master
- release-v1.4 # - release-v1.4
allow_failure: true # allow_failure: true
script: # script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-authentication-service-report.json docker.io/dbrepo/authentication-service:latest # - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-authentication-service-report.json docker.io/dbrepo/authentication-service:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/authentication-service:latest # - trivy image --insecure --exit-code 0 docker.io/dbrepo/authentication-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/authentication-service:latest # - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/authentication-service:latest
cache: # cache:
paths: # paths:
- .trivycache/ # - .trivycache/
artifacts: # artifacts:
when: always # when: always
expire_in: 1 days # expire_in: 1 days
reports: # reports:
container_scanning: ./.trivy/trivy-authentication-service-report.json # container_scanning: ./.trivy/trivy-authentication-service-report.json
#
scan-broker-service: #scan-broker-service:
image: bitnami/trivy:latest # image: bitnami/trivy:latest
stage: scan # stage: scan
only: # only:
refs: # refs:
- master # - master
- release-v1.4 # - release-v1.4
allow_failure: true # allow_failure: true
script: # script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-broker-service-report.json docker.io/dbrepo/broker-service:latest # - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-broker-service-report.json docker.io/dbrepo/broker-service:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/broker-service:latest # - trivy image --insecure --exit-code 0 docker.io/dbrepo/broker-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/broker-service:latest # - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/broker-service:latest
cache: # cache:
paths: # paths:
- .trivycache/ # - .trivycache/
artifacts: # artifacts:
when: always # when: always
expire_in: 1 days # expire_in: 1 days
reports: # reports:
container_scanning: ./.trivy/trivy-broker-service-report.json # container_scanning: ./.trivy/trivy-broker-service-report.json
#
scan-gateway-service: #scan-gateway-service:
image: bitnami/trivy:latest # image: bitnami/trivy:latest
stage: scan # stage: scan
only: # only:
refs: # refs:
- master # - master
- release-v1.4 # - release-v1.4
allow_failure: true # allow_failure: true
script: # script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-gateway-service-report.json docker.io/nginx:1.25.0-alpine-slim # - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-gateway-service-report.json docker.io/nginx:1.25.0-alpine-slim
- trivy image --insecure --exit-code 0 docker.io/nginx:1.25.0-alpine-slim # - trivy image --insecure --exit-code 0 docker.io/nginx:1.25.0-alpine-slim
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/nginx:1.25.0-alpine-slim # - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/nginx:1.25.0-alpine-slim
cache: # cache:
paths: # paths:
- .trivycache/ # - .trivycache/
artifacts: # artifacts:
when: always # when: always
expire_in: 1 days # expire_in: 1 days
reports: # reports:
container_scanning: ./.trivy/trivy-gateway-service-report.json # container_scanning: ./.trivy/trivy-gateway-service-report.json
#
scan-metadata-service: #scan-metadata-service:
image: bitnami/trivy:latest # image: bitnami/trivy:latest
stage: scan # stage: scan
only: # only:
refs: # refs:
- master # - master
- release-v1.4 # - release-v1.4
allow_failure: true # allow_failure: true
script: # script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-service-report.json docker.io/dbrepo/metadata-service:latest # - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-service-report.json docker.io/dbrepo/metadata-service:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/metadata-service:latest # - trivy image --insecure --exit-code 0 docker.io/dbrepo/metadata-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/metadata-service:latest # - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/metadata-service:latest
cache: # cache:
paths: # paths:
- .trivycache/ # - .trivycache/
artifacts: # artifacts:
when: always # when: always
expire_in: 1 days # expire_in: 1 days
reports: # reports:
container_scanning: ./.trivy/trivy-metadata-service-report.json # container_scanning: ./.trivy/trivy-metadata-service-report.json
#
scan-data-service: #scan-data-service:
image: bitnami/trivy:latest # image: bitnami/trivy:latest
stage: scan # stage: scan
only: # only:
refs: # refs:
- master # - master
- release-v1.4 # - release-v1.4
allow_failure: true # allow_failure: true
script: # script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-service-report.json docker.io/dbrepo/data-service:latest # - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-service-report.json docker.io/dbrepo/data-service:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/data-service:latest # - trivy image --insecure --exit-code 0 docker.io/dbrepo/data-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/data-service:latest # - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/data-service:latest
cache: # cache:
paths: # paths:
- .trivycache/ # - .trivycache/
artifacts: # artifacts:
when: always # when: always
expire_in: 1 days # expire_in: 1 days
reports: # reports:
container_scanning: ./.trivy/trivy-data-service-report.json # container_scanning: ./.trivy/trivy-data-service-report.json
#
scan-search-db: #scan-search-db:
image: bitnami/trivy:latest # image: bitnami/trivy:latest
stage: scan # stage: scan
only: # only:
refs: # refs:
- master # - master
- release-v1.4 # - release-v1.4
allow_failure: true # allow_failure: true
script: # script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-report.json docker.io/dbrepo/search-db:latest # - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-report.json docker.io/dbrepo/search-db:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/search-db:latest # - trivy image --insecure --exit-code 0 docker.io/dbrepo/search-db:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/search-db:latest # - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/search-db:latest
cache: # cache:
paths: # paths:
- .trivycache/ # - .trivycache/
artifacts: # artifacts:
when: always # when: always
expire_in: 1 days # expire_in: 1 days
reports: # reports:
container_scanning: ./.trivy/trivy-search-db-report.json # container_scanning: ./.trivy/trivy-search-db-report.json
#
scan-search-dashboard: #scan-search-dashboard:
image: bitnami/trivy:latest # image: bitnami/trivy:latest
stage: scan # stage: scan
only: # only:
refs: # refs:
- master # - master
- release-v1.4 # - release-v1.4
allow_failure: true # allow_failure: true
script: # script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-dashboard-report.json docker.io/opensearchproject/opensearch-dashboards:2.10.0 # - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-dashboard-report.json docker.io/opensearchproject/opensearch-dashboards:2.10.0
- trivy image --insecure --exit-code 0 docker.io/opensearchproject/opensearch-dashboards:2.10.0 # - trivy image --insecure --exit-code 0 docker.io/opensearchproject/opensearch-dashboards:2.10.0
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/opensearchproject/opensearch-dashboards:2.10.0 # - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/opensearchproject/opensearch-dashboards:2.10.0
cache: # cache:
paths: # paths:
- .trivycache/ # - .trivycache/
artifacts: # artifacts:
when: always # when: always
expire_in: 1 days # expire_in: 1 days
reports: # reports:
container_scanning: ./.trivy/trivy-search-dashboard-report.json # container_scanning: ./.trivy/trivy-search-dashboard-report.json
#
scan-search-db-init: #scan-search-db-init:
image: bitnami/trivy:latest # image: bitnami/trivy:latest
stage: scan # stage: scan
only: # only:
refs: # refs:
- master # - master
- release-v1.4 # - release-v1.4
allow_failure: true # allow_failure: true
script: # script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-init-report.json docker.io/dbrepo/search-db-init:latest # - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-init-report.json docker.io/dbrepo/search-db-init:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/search-db-init:latest # - trivy image --insecure --exit-code 0 docker.io/dbrepo/search-db-init:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/search-db-init:latest # - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/search-db-init:latest
cache: # cache:
paths: # paths:
- .trivycache/ # - .trivycache/
artifacts: # artifacts:
when: always # when: always
expire_in: 1 days # expire_in: 1 days
reports: # reports:
container_scanning: ./.trivy/trivy-search-db-init-report.json # container_scanning: ./.trivy/trivy-search-db-init-report.json
#
scan-data-db: #scan-data-db:
image: bitnami/trivy:latest # image: bitnami/trivy:latest
stage: scan # stage: scan
only: # only:
refs: # refs:
- master # - master
- release-v1.4 # - release-v1.4
allow_failure: true # allow_failure: true
script: # script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-db-report.json docker.io/bitnami/mariadb:11.2.2-debian-11-r0 # - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-db-report.json docker.io/bitnami/mariadb:11.2.2-debian-11-r0
- trivy image --insecure --exit-code 0 docker.io/bitnami/mariadb:11.2.2-debian-11-r0 # - trivy image --insecure --exit-code 0 docker.io/bitnami/mariadb:11.2.2-debian-11-r0
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/bitnami/mariadb:11.2.2-debian-11-r0 # - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/bitnami/mariadb:11.2.2-debian-11-r0
cache: # cache:
paths: # paths:
- .trivycache/ # - .trivycache/
artifacts: # artifacts:
when: always # when: always
expire_in: 1 days # expire_in: 1 days
reports: # reports:
container_scanning: ./.trivy/trivy-data-db-report.json # container_scanning: ./.trivy/trivy-data-db-report.json
#
scan-metadata-db: #scan-metadata-db:
image: bitnami/trivy:latest # image: bitnami/trivy:latest
stage: scan # stage: scan
only: # only:
refs: # refs:
- master # - master
- release-v1.4 # - release-v1.4
allow_failure: true # allow_failure: true
script: # script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-db-report.json docker.io/dbrepo/metadata-db:latest # - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-db-report.json docker.io/dbrepo/metadata-db:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/metadata-db:latest # - trivy image --insecure --exit-code 0 docker.io/dbrepo/metadata-db:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/metadata-db:latest # - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/metadata-db:latest
cache: # cache:
paths: # paths:
- .trivycache/ # - .trivycache/
artifacts: # artifacts:
when: always # when: always
expire_in: 1 days # expire_in: 1 days
reports: # reports:
container_scanning: ./.trivy/trivy-metadata-db-report.json # container_scanning: ./.trivy/trivy-metadata-db-report.json
#
scan-ui: #scan-ui:
image: bitnami/trivy:latest # image: bitnami/trivy:latest
stage: scan # stage: scan
only: # only:
refs: # refs:
- master # - master
- release-v1.4 # - release-v1.4
allow_failure: true # allow_failure: true
script: # script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-ui-report.json docker.io/dbrepo/ui:latest # - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-ui-report.json docker.io/dbrepo/ui:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/ui:latest # - trivy image --insecure --exit-code 0 docker.io/dbrepo/ui:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/ui:latest # - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/ui:latest
cache: # cache:
paths: # paths:
- .trivycache/ # - .trivycache/
artifacts: # artifacts:
when: always # when: always
expire_in: 1 days # expire_in: 1 days
reports: # reports:
container_scanning: ./.trivy/trivy-ui-report.json # container_scanning: ./.trivy/trivy-ui-report.json
#
scan-storage-service: #scan-storage-service:
image: bitnami/trivy:latest # image: bitnami/trivy:latest
stage: scan # stage: scan
only: # only:
refs: # refs:
- master # - master
- release-v1.4 # - release-v1.4
allow_failure: true # allow_failure: true
script: # script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-storage-service-report.json docker.io/chrislusf/seaweedfs:3.59 # - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-storage-service-report.json docker.io/chrislusf/seaweedfs:3.59
- trivy image --insecure --exit-code 0 docker.io/chrislusf/seaweedfs:3.59 # - trivy image --insecure --exit-code 0 docker.io/chrislusf/seaweedfs:3.59
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/chrislusf/seaweedfs:3.59 # - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/chrislusf/seaweedfs:3.59
cache: # cache:
paths: # paths:
- .trivycache/ # - .trivycache/
artifacts: # artifacts:
when: always # when: always
expire_in: 1 days # expire_in: 1 days
reports: # reports:
container_scanning: ./.trivy/trivy-storage-service-report.json # container_scanning: ./.trivy/trivy-storage-service-report.json
#
scan-storage-service-init: #scan-storage-service-init:
image: bitnami/trivy:latest # image: bitnami/trivy:latest
stage: scan # stage: scan
only: # only:
refs: # refs:
- master # - master
- release-v1.4 # - release-v1.4
allow_failure: true # allow_failure: true
script: # script:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-storage-service-init-report.json docker.io/dbrepo/storage-service-init:latest # - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-storage-service-init-report.json docker.io/dbrepo/storage-service-init:latest
- trivy image --insecure --exit-code 0 docker.io/dbrepo/storage-service-init:latest # - trivy image --insecure --exit-code 0 docker.io/dbrepo/storage-service-init:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/storage-service-init:latest # - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/storage-service-init:latest
cache: # cache:
paths: # paths:
- .trivycache/ # - .trivycache/
artifacts: # artifacts:
when: always # when: always
expire_in: 1 days # expire_in: 1 days
reports: # reports:
container_scanning: ./.trivy/trivy-storage-service-init-report.json # container_scanning: ./.trivy/trivy-storage-service-init-report.json
#
docs-registry: #docs-registry:
stage: docs # stage: docs
image: docker.io/python:3.11-slim # image: docker.io/python:3.11-slim
only: # only:
refs: # refs:
- /^release-.*/ # - /^release-.*/
script: # script:
- pip install -r ./requirements.txt # - pip install -r ./requirements.txt
- python3 .docs/docker/release.py # - python3 .docs/docker/release.py
docs-docs:
stage: docs
image: docker.io/python:3.11-slim
only:
refs:
- /^release-.*/
script:
- apt-get update && apt-get install -y git make sed wget
- make docs
cache:
paths:
- ./final
release-images: release-images:
stage: release stage: release
image: docker:24-dind image: docker:24-dind
needs: # needs:
- test-metadata-service # - test-metadata-service
- test-data-service # - test-data-service
- test-analyse-service # - test-analyse-service
- test-frontend # - test-frontend
only: only:
refs: refs:
- /^release-.*/ - /^release-.*/
...@@ -520,12 +507,12 @@ release-chart: ...@@ -520,12 +507,12 @@ release-chart:
release-docs: release-docs:
stage: release stage: release
image: docker.io/finalgene/openssh:9.1 image: docker.io/finalgene/openssh:9.1
needs:
- docs-docs
only: only:
refs: refs:
- /^release-.*/ - /^release-.*/
script: script:
- apt-get update && apt-get install -y git make sed wget
- make docs
- eval $(ssh-agent -s) - eval $(ssh-agent -s)
- echo "$CI_KEY_PRIVATE" > /root/.ssh/id_rsa && chmod 0600 /root/.ssh/id_rsa - echo "$CI_KEY_PRIVATE" > /root/.ssh/id_rsa && chmod 0600 /root/.ssh/id_rsa
- echo "$CI_KEY_PUBLIC" > /root/.ssh/id_rsa.pub - echo "$CI_KEY_PUBLIC" > /root/.ssh/id_rsa.pub
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment