fic/server
Archived
1
0
Fork 0
Code Issues Pull requests 10 Releases Wiki Activity

feat(ci): add sast and qa jobs

Browse source
This commit is contained in:
Adrien Langou 2023-07-14 02:07:31 +02:00 committed by Pierre-Olivier Mercier
commit eb67674da0
3 changed files with 104 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

60
.gitlab-ci.yml
View file

@ -4,12 +4,10 @@ stages:
- deps - deps
- build - build
- sast - sast
- qa
- image - image
- container_scanning
before_script:
- export GOPATH="$CI_PROJECT_DIR/.go"
- mkdir -p .go
- mkdir -p deploy
cache: cache:
paths: paths:
@ -20,16 +18,58 @@ cache:
include: include:
- '.gitlab-ci/build.yml' - '.gitlab-ci/build.yml'
- '.gitlab-ci/image.yml' - '.gitlab-ci/image.yml'
- template: SAST.gitlab-ci.yml
- template: Security/License-Scanning.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
- template: Security/Container-Scanning.gitlab-ci.yml
.scanners-matrix:
parallel:
matrix:
- IMAGE_NAME: [checker, admin, evdist, frontend-ui, nginx, dashboard, repochecker, qa, receiver]
container_scanning:
stage: container_scanning
extends:
- .scanners-matrix
variables:
DOCKER_SERVICE: localhost
DOCKERFILE_PATH: Dockerfile-${IMAGE_NAME}
CI_APPLICATION_REPOSITORY: ${CI_REGISTRY_IMAGE}/${CI_COMMIT_REF_SLUG}/${IMAGE_NAME}
CI_APPLICATION_TAG: latest
GIT_STRATEGY: fetch
before_script:
- 'echo "Scanning: ${IMAGE_NAME}"'
rules:
- if: '$CI_COMMIT_BRANCH == "master"'
sast:
stage: sast
interruptible: true
needs: []
secret_detection:
stage: sast
interruptible: true
needs: []
license_scanning:
stage: qa
interruptible: true
needs: []
get-deps: get-deps:
stage: deps stage: deps
image: golang:alpine3.18 image: golang:alpine3.18
before_script:
- export GOPATH="$CI_PROJECT_DIR/.go"
- mkdir -p .go
script: script:
- apk --no-cache add git - apk --no-cache add git
- go get -v -d srs.epita.fr/fic-server/admin - go get -v -d srs.epita.fr/fic-server/admin
- go get -v -d srs.epita.fr/fic-server/backend - go get -v -d srs.epita.fr/fic-server/checker
- go get -v -d srs.epita.fr/fic-server/receiver
- go get -v -d srs.epita.fr/fic-server/evdist - go get -v -d srs.epita.fr/fic-server/evdist
- go get -v -d srs.epita.fr/fic-server/frontend
- go get -v -d srs.epita.fr/fic-server/dashboard - go get -v -d srs.epita.fr/fic-server/dashboard
- go get -v -d srs.epita.fr/fic-server/repochecker - go get -v -d srs.epita.fr/fic-server/repochecker
- go get -v -d srs.epita.fr/fic-server/repochecker/epita - go get -v -d srs.epita.fr/fic-server/repochecker/epita
@ -45,6 +85,9 @@ vet:
dependencies: dependencies:
- build-qa-ui - build-qa-ui
image: golang:alpine3.18 image: golang:alpine3.18
before_script:
- export GOPATH="$CI_PROJECT_DIR/.go"
- mkdir -p .go
script: script:
- apk --no-cache add build-base - apk --no-cache add build-base
- go vet -v -buildvcs=false -tags gitgo srs.epita.fr/fic-server/admin - go vet -v -buildvcs=false -tags gitgo srs.epita.fr/fic-server/admin
@ -52,9 +95,9 @@ vet:
- go vet -v -buildvcs=false srs.epita.fr/fic-server/admin/sync - go vet -v -buildvcs=false srs.epita.fr/fic-server/admin/sync
- go vet -v -buildvcs=false srs.epita.fr/fic-server/admin/pki - go vet -v -buildvcs=false srs.epita.fr/fic-server/admin/pki
- go vet -v -buildvcs=false srs.epita.fr/fic-server/admin - go vet -v -buildvcs=false srs.epita.fr/fic-server/admin
- go vet -v -buildvcs=false srs.epita.fr/fic-server/backend - go vet -v -buildvcs=false srs.epita.fr/fic-server/checker
- go vet -v -buildvcs=false srs.epita.fr/fic-server/receiver
- go vet -v -buildvcs=false srs.epita.fr/fic-server/evdist - go vet -v -buildvcs=false srs.epita.fr/fic-server/evdist
- go vet -v -buildvcs=false srs.epita.fr/fic-server/frontend
- go vet -v -buildvcs=false srs.epita.fr/fic-server/dashboard - go vet -v -buildvcs=false srs.epita.fr/fic-server/dashboard
- go vet -v -buildvcs=false srs.epita.fr/fic-server/repochecker - go vet -v -buildvcs=false srs.epita.fr/fic-server/repochecker
- go vet -v -buildvcs=false srs.epita.fr/fic-server/repochecker/epita - go vet -v -buildvcs=false srs.epita.fr/fic-server/repochecker/epita
@ -64,4 +107,3 @@ vet:
- go vet -v -buildvcs=false srs.epita.fr/fic-server/repochecker/videos - go vet -v -buildvcs=false srs.epita.fr/fic-server/repochecker/videos
- go vet -v -buildvcs=false srs.epita.fr/fic-server/qa - go vet -v -buildvcs=false srs.epita.fr/fic-server/qa
- go vet -v -buildvcs=false srs.epita.fr/fic-server/settings - go vet -v -buildvcs=false srs.epita.fr/fic-server/settings

42
.gitlab-ci/build.yml
View file

@ -1,14 +1,18 @@
--- ---
.build: &build-image .build:
stage: build stage: build
image: golang:alpine3.18 image: golang:alpine3.18
before_script:
- export GOPATH="$CI_PROJECT_DIR/.go"
- mkdir -p .go
variables: variables:
CGO_ENABLED: 0 CGO_ENABLED: 0
build-qa-ui: build-qa-ui:
stage: build stage: build
image: node:20-alpine3.18 image: node:20-alpine3.18
before_script:
script: script:
- cd qa/ui - cd qa/ui
- npm install --network-timeout=100000 - npm install --network-timeout=100000
@ -19,43 +23,50 @@ build-qa-ui:
- qa/ui/build/ - qa/ui/build/
when: on_success when: on_success
build-backend: build-checker:
<<: *build-image extends:
- .build
script: script:
- go build -v -buildvcs=false -o deploy/backend srs.epita.fr/fic-server/backend - go build -v -buildvcs=false -o deploy/backend srs.epita.fr/fic-server/checker
build-receiver:
extends:
- .build
script:
- go build -v -buildvcs=false -o deploy/backend srs.epita.fr/fic-server/receiver
build-admin: build-admin:
<<: *build-image extends:
- .build
script: script:
- go build -v -buildvcs=false -tags gitgo -o deploy/admin-gitgo srs.epita.fr/fic-server/admin - go build -v -buildvcs=false -tags gitgo -o deploy/admin-gitgo srs.epita.fr/fic-server/admin
- go build -v -buildvcs=false -o deploy/admin srs.epita.fr/fic-server/admin - go build -v -buildvcs=false -o deploy/admin srs.epita.fr/fic-server/admin
build-evdist: build-evdist:
<<: *build-image extends:
- .build
script: script:
- go build -v -buildvcs=false -o deploy/evdist srs.epita.fr/fic-server/evdist - go build -v -buildvcs=false -o deploy/evdist srs.epita.fr/fic-server/evdist
build-frontend:
<<: *build-image
script:
- go build -v -buildvcs=false -o deploy/frontend srs.epita.fr/fic-server/frontend
build-frontend-ui: build-frontend-ui:
stage: build stage: build
image: node:20-alpine3.18 image: node:20-alpine3.18
before_script:
script: script:
- cd frontend/ui - cd frontend/fic
- npm install --network-timeout=100000 - npm install --network-timeout=100000
- sed -i 's!@popperjs/core/dist/esm/popper!@popperjs/core!' node_modules/sveltestrap/src/*.js node_modules/sveltestrap/src/*.svelte - sed -i 's!@popperjs/core/dist/esm/popper!@popperjs/core!' node_modules/sveltestrap/src/*.js node_modules/sveltestrap/src/*.svelte
- npm run build - npm run build
build-dashboard: build-dashboard:
<<: *build-image extends:
- .build
script: script:
- go build -v -buildvcs=false -o deploy/dashboard srs.epita.fr/fic-server/dashboard - go build -v -buildvcs=false -o deploy/dashboard srs.epita.fr/fic-server/dashboard
build-repochecker: build-repochecker:
<<: *build-image extends:
- .build
script: script:
- apk --no-cache add build-base - apk --no-cache add build-base
- go build -buildvcs=false --tags checkupdate -v -o deploy/repochecker srs.epita.fr/fic-server/repochecker - go build -buildvcs=false --tags checkupdate -v -o deploy/repochecker srs.epita.fr/fic-server/repochecker
@ -67,7 +78,8 @@ build-repochecker:
- grep "const version" repochecker/update.go | sed -r 's/^.*=\s*(\S.*)$/\1/' > deploy/repochecker.version - grep "const version" repochecker/update.go | sed -r 's/^.*=\s*(\S.*)$/\1/' > deploy/repochecker.version
build-qa: build-qa:
<<: *build-image extends:
- .build
needs: ["build-qa-ui"] needs: ["build-qa-ui"]
dependencies: dependencies:
- build-qa-ui - build-qa-ui

42
.gitlab-ci/image.yml
View file

@ -1,8 +1,9 @@
--- ---
.push: &push-image .push:
stage: image stage: image
interruptible: true interruptible: true
needs: []
image: image:
name: gcr.io/kaniko-project/executor:v1.9.0-debug name: gcr.io/kaniko-project/executor:v1.9.0-debug
entrypoint: [""] entrypoint: [""]
@ -19,47 +20,56 @@
only: only:
- master - master
backend: checker:
extends:
- .push
variables: variables:
DOCKERFILE: Dockerfile-backend DOCKERFILE: Dockerfile-checker
<<: *push-image
receiver:
extends:
- .push
variables:
DOCKERFILE: Dockerfile-receiver
admin: admin:
extends:
- .push
variables: variables:
DOCKERFILE: Dockerfile-admin DOCKERFILE: Dockerfile-admin
<<: *push-image
evdist: evdist:
extends:
- .push
variables: variables:
DOCKERFILE: Dockerfile-evdist DOCKERFILE: Dockerfile-evdist
<<: *push-image
frontend:
variables:
DOCKERFILE: Dockerfile-frontend
<<: *push-image
frontend-ui: frontend-ui:
extends:
- .push
variables: variables:
DOCKERFILE: Dockerfile-frontend-ui DOCKERFILE: Dockerfile-frontend-ui
<<: *push-image
nginx: nginx:
extends:
- .push
variables: variables:
DOCKERFILE: Dockerfile-nginx DOCKERFILE: Dockerfile-nginx
<<: *push-image
dashboard: dashboard:
extends:
- .push
variables: variables:
DOCKERFILE: Dockerfile-dashboard DOCKERFILE: Dockerfile-dashboard
<<: *push-image
repochecker: repochecker:
extends:
- .push
variables: variables:
DOCKERFILE: Dockerfile-repochecker DOCKERFILE: Dockerfile-repochecker
<<: *push-image
qa: qa:
extends:
- .push
variables: variables:
DOCKERFILE: Dockerfile-qa DOCKERFILE: Dockerfile-qa
<<: *push-image