[GitLab/stricted-build/lineage_builder.git] / .gitlab-ci.yml

stages:
  - test
  - build
  - deploy

test:
  stage: test
  image: python:3.6
  tags:
    - docker
  variables:
    FLASK_TESTING: "True"
  script:
    - pip install -e .
    - python test.py

build:
  stage: build
  image: docker:stable
  services:
    - docker:dind
  variables:
    DOCKER_HOST: tcp://docker:2375
    DOCKER_DRIVER: overlay2
  script:
    - docker login $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD
    - docker build --build-arg VERSION=$CI_COMMIT_SHA . -t $CI_REGISTRY_IMAGE:$CI_PIPELINE_IID
    - docker tag $CI_REGISTRY_IMAGE:$CI_PIPELINE_IID $CI_REGISTRY_IMAGE:latest
    - docker push $CI_REGISTRY_IMAGE:latest
    - docker push $CI_REGISTRY_IMAGE:$CI_PIPELINE_IID
deploy:
  stage: deploy
  variables:
    KUBECONFIG: /kubeconfig.yml
  script:
    - curl -sLo /usr/local/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v1.12.2/bin/linux/amd64/kubectl
    - chmod +x /usr/local/bin/kubectl
    - mkdir ~/.kube/
    - echo $KUBE_CONFIG | base64 -d > $KUBECONFIG
    - kubectl config view
    - kubectl config set-credentials gitlab --token=$KUBE_TOKEN
    - kubectl -n builds set image deployment/builds builds=$CI_REGISTRY_IMAGE:$CI_PIPELINE_IID
    - kubectl -n builds rollout status --timeout 60s deploy/builds || (kubectl -n builds rollout undo deploy/builds && false)
  only:
    refs:
      - master

# EVERYTHING BELOW HERE CAN BE IGNORED
# DO NOT TOUCH ANYTHING BELOW THIS LINE
dependency_scanning:
  stage: test
  image: docker:stable
  variables:
    DOCKER_DRIVER: overlay2
  allow_failure: true
  services:
    - docker:stable-dind
  script:
    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
    - docker run
        --env DEP_SCAN_DISABLE_REMOTE_CHECKS="${DEP_SCAN_DISABLE_REMOTE_CHECKS:-false}"
        --volume "$PWD:/code"
        --volume /var/run/docker.sock:/var/run/docker.sock
        "registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$SP_VERSION" /code
  artifacts:
    reports:
      dependency_scanning: gl-dependency-scanning-report.json
sast:
  stage: test
  image: docker:stable
  variables:
    DOCKER_DRIVER: overlay2
  allow_failure: true
  services:
    - docker:stable-dind
  script:
    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
    - docker run
        --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}"
        --volume "$PWD:/code"
        --volume /var/run/docker.sock:/var/run/docker.sock
        "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
  artifacts:
    reports:
      sast: gl-sast-report
Commit	Line	Data
31329c3f TP	1	stages:
	2	- test
	3	- build
96c9fc0a	4	- deploy
31329c3f TP	5
	6	test:
	7	stage: test
	8	image: python:3.6
76ab4939 TP	9	tags:
76ab4939 TP	10	- docker
616663f4	11	variables:
2bda98c2	12	FLASK_TESTING: "True"
31329c3f TP	13	script:
	14	- pip install -e .
	15	- python test.py
	16
	17	build:
	18	stage: build
	19	image: docker:stable
	20	services:
	21	- docker:dind
	22	variables:
	23	DOCKER_HOST: tcp://docker:2375
	24	DOCKER_DRIVER: overlay2
	25	script:
36f65cfa	26	- docker login $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD
de2bd7f5	27	- docker build --build-arg VERSION=$CI_COMMIT_SHA . -t $CI_REGISTRY_IMAGE:$CI_PIPELINE_IID
695d0f1b TP	28	- docker tag $CI_REGISTRY_IMAGE:$CI_PIPELINE_IID $CI_REGISTRY_IMAGE:latest
695d0f1b TP	29	- docker push $CI_REGISTRY_IMAGE:latest
36f65cfa	30	- docker push $CI_REGISTRY_IMAGE:$CI_PIPELINE_IID
96c9fc0a TP	31	deploy:
	32	stage: deploy
	33	variables:
	34	KUBECONFIG: /kubeconfig.yml
	35	script:
	36	- curl -sLo /usr/local/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v1.12.2/bin/linux/amd64/kubectl
	37	- chmod +x /usr/local/bin/kubectl
	38	- mkdir ~/.kube/
	39	- echo $KUBE_CONFIG \| base64 -d > $KUBECONFIG
	40	- kubectl config view
	41	- kubectl config set-credentials gitlab --token=$KUBE_TOKEN
3618ff0f	42	- kubectl -n builds set image deployment/builds builds=$CI_REGISTRY_IMAGE:$CI_PIPELINE_IID
96c9fc0a TP	43	- kubectl -n builds rollout status --timeout 60s deploy/builds \|\| (kubectl -n builds rollout undo deploy/builds && false)
	44	only:
	45	refs:
	46	- master
36f65cfa TP	47
	48	# EVERYTHING BELOW HERE CAN BE IGNORED
	49	# DO NOT TOUCH ANYTHING BELOW THIS LINE
	50	dependency_scanning:
	51	stage: test
	52	image: docker:stable
	53	variables:
	54	DOCKER_DRIVER: overlay2
	55	allow_failure: true
	56	services:
	57	- docker:stable-dind
	58	script:
	59	- export SP_VERSION=$(echo "$CI_SERVER_VERSION" \| sed 's/^\([0-9]\)\.\([0-9]\).*/\1-\2-stable/')
	60	- docker run
	61	--env DEP_SCAN_DISABLE_REMOTE_CHECKS="${DEP_SCAN_DISABLE_REMOTE_CHECKS:-false}"
	62	--volume "$PWD:/code"
	63	--volume /var/run/docker.sock:/var/run/docker.sock
	64	"registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$SP_VERSION" /code
	65	artifacts:
	66	reports:
	67	dependency_scanning: gl-dependency-scanning-report.json
	68	sast:
	69	stage: test
	70	image: docker:stable
	71	variables:
	72	DOCKER_DRIVER: overlay2
	73	allow_failure: true
	74	services:
	75	- docker:stable-dind
	76	script:
	77	- export SP_VERSION=$(echo "$CI_SERVER_VERSION" \| sed 's/^\([0-9]\)\.\([0-9]\).*/\1-\2-stable/')
	78	- docker run
	79	--env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}"
	80	--volume "$PWD:/code"
	81	--volume /var/run/docker.sock:/var/run/docker.sock
	82	"registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
	83	artifacts:
	84	reports:
	85	sast: gl-sast-report