Pierre-Olivier Mercier
81958ef4b9
Some checks reported errors
continuous-integration/drone/push Build was killed
123 lines
3.6 KiB
YAML
123 lines
3.6 KiB
YAML
---
|
|
|
|
stages:
|
|
- deps
|
|
- build
|
|
- fickit
|
|
- sast
|
|
- qa
|
|
- image
|
|
- container_scanning
|
|
|
|
cache:
|
|
paths:
|
|
- .go/pkg/mod/
|
|
- qa/ui/node_modules/
|
|
- frontend/ui/node_modules/
|
|
|
|
include:
|
|
- '.gitlab-ci/build.yml'
|
|
- '.gitlab-ci/image.yml'
|
|
- template: SAST.gitlab-ci.yml
|
|
- template: Security/Dependency-Scanning.gitlab-ci.yml
|
|
- template: Security/Secret-Detection.gitlab-ci.yml
|
|
- template: Security/Container-Scanning.gitlab-ci.yml
|
|
|
|
.scanners-matrix:
|
|
parallel:
|
|
matrix:
|
|
- IMAGE_NAME: [checker, admin, evdist, frontend-ui, nginx, dashboard, repochecker, qa, receiver, generator, remote-challenge-sync-airbus]
|
|
|
|
container_scanning:
|
|
stage: container_scanning
|
|
extends:
|
|
- .scanners-matrix
|
|
variables:
|
|
DOCKER_SERVICE: localhost
|
|
DOCKERFILE_PATH: Dockerfile-${IMAGE_NAME}
|
|
CI_APPLICATION_REPOSITORY: ${CI_REGISTRY_IMAGE}/${CI_COMMIT_REF_SLUG}/${IMAGE_NAME}
|
|
CI_APPLICATION_TAG: latest
|
|
GIT_STRATEGY: fetch
|
|
before_script:
|
|
- 'echo "Scanning: ${IMAGE_NAME}"'
|
|
rules:
|
|
- if: '$CI_COMMIT_BRANCH == "master"'
|
|
|
|
sast:
|
|
stage: sast
|
|
interruptible: true
|
|
needs: []
|
|
before_script:
|
|
- rm -rf .go/
|
|
|
|
secret_detection:
|
|
stage: sast
|
|
interruptible: true
|
|
needs: []
|
|
|
|
dependency_scanning:
|
|
stage: qa
|
|
interruptible: true
|
|
needs: []
|
|
|
|
get-deps:
|
|
stage: deps
|
|
image: golang:1-alpine
|
|
before_script:
|
|
- export GOPATH="$CI_PROJECT_DIR/.go"
|
|
- mkdir -p .go
|
|
script:
|
|
- apk --no-cache add git
|
|
- go get -v -d ./...
|
|
|
|
vet:
|
|
stage: sast
|
|
needs: ["build-qa-ui"]
|
|
dependencies:
|
|
- build-qa-ui
|
|
image: golang:1-alpine
|
|
before_script:
|
|
- export GOPATH="$CI_PROJECT_DIR/.go"
|
|
- mkdir -p .go
|
|
script:
|
|
- apk --no-cache add build-base
|
|
- go vet -v -buildvcs=false -tags gitgo ./...
|
|
- go vet -v -buildvcs=false ./...
|
|
|
|
fickit:
|
|
stage: fickit
|
|
interruptible: true
|
|
needs: ["build-admin","build-checker","build-dashboard","build-evdist","build-generator","build-qa","build-receiver","build-repochecker"]
|
|
image: nemunaire/linuxkit
|
|
tags: ['docker']
|
|
before_script:
|
|
- mkdir -p ~/.docker
|
|
- echo "{\"auths\":{\"${CI_REGISTRY}\":{\"username\":\"${CI_REGISTRY_USER}\",\"password\":\"${CI_REGISTRY_PASSWORD}\"}}}" > ~/.docker/config.json
|
|
script:
|
|
- dockerd & sleep 5
|
|
|
|
- linuxkit pkg push -force -org "${CI_REGISTRY_IMAGE}/${CI_COMMIT_REF_SLUG}" fickit-pkg/boot/
|
|
- linuxkit pkg push -force -org "${CI_REGISTRY_IMAGE}/${CI_COMMIT_REF_SLUG}" fickit-pkg/kexec/
|
|
- linuxkit pkg push -force -org "${CI_REGISTRY_IMAGE}/${CI_COMMIT_REF_SLUG}" fickit-pkg/mariadb-client/
|
|
- linuxkit pkg push -force -org "${CI_REGISTRY_IMAGE}/${CI_COMMIT_REF_SLUG}" fickit-pkg/mdadm/
|
|
- linuxkit pkg push -force -org "${CI_REGISTRY_IMAGE}/${CI_COMMIT_REF_SLUG}" fickit-pkg/rsync/
|
|
- linuxkit pkg push -force -org "${CI_REGISTRY_IMAGE}/${CI_COMMIT_REF_SLUG}" fickit-pkg/syslinux/
|
|
- linuxkit pkg push -force -org "${CI_REGISTRY_IMAGE}/${CI_COMMIT_REF_SLUG}" fickit-pkg/unbound/
|
|
|
|
- sed -i "s@nemunaire/fic-@${CI_REGISTRY_IMAGE}/master/@;s@nemunaire/@${CI_REGISTRY_IMAGE}/${CI_COMMIT_REF_SLUG}/@" fickit-backend.yml fickit-boot.yml fickit-frontend.yml fickit-prepare.yml fickit-update.yml
|
|
|
|
- linuxkit build -format kernel+squashfs fickit-backend.yml
|
|
- linuxkit build -format kernel+squashfs fickit-frontend.yml
|
|
- linuxkit build -format kernel+initrd fickit-boot.yml
|
|
- linuxkit build -format kernel+initrd fickit-prepare.yml
|
|
- linuxkit build -format kernel+initrd fickit-update.yml
|
|
artifacts:
|
|
expire_in: 8 hours
|
|
paths:
|
|
- fickit-backend-squashfs.img
|
|
- fickit-frontend-squashfs.img
|
|
- fickit-boot-kernel
|
|
- fickit-boot-initrd.img
|
|
- fickit-prepare-initrd.img
|
|
- fickit-update-initrd.img
|