Commit | Line | Data |
---|---|---|
31329c3f TP |
1 | stages: |
2 | - test | |
3 | - build | |
96c9fc0a | 4 | - deploy |
31329c3f TP |
5 | |
6 | test: | |
7 | stage: test | |
8 | image: python:3.6 | |
76ab4939 TP |
9 | tags: |
10 | - docker | |
616663f4 | 11 | variables: |
2bda98c2 | 12 | FLASK_TESTING: "True" |
31329c3f TP |
13 | script: |
14 | - pip install -e . | |
15 | - python test.py | |
16 | ||
17 | build: | |
18 | stage: build | |
19 | image: docker:stable | |
20 | services: | |
21 | - docker:dind | |
22 | variables: | |
23 | DOCKER_HOST: tcp://docker:2375 | |
24 | DOCKER_DRIVER: overlay2 | |
25 | script: | |
36f65cfa TP |
26 | - docker login $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD |
27 | - docker build . -t $CI_REGISTRY_IMAGE:$CI_PIPELINE_IID | |
28 | - docker push $CI_REGISTRY_IMAGE:$CI_PIPELINE_IID | |
96c9fc0a TP |
29 | deploy: |
30 | stage: deploy | |
31 | variables: | |
32 | KUBECONFIG: /kubeconfig.yml | |
33 | script: | |
34 | - curl -sLo /usr/local/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v1.12.2/bin/linux/amd64/kubectl | |
35 | - chmod +x /usr/local/bin/kubectl | |
36 | - mkdir ~/.kube/ | |
37 | - echo $KUBE_CONFIG | base64 -d > $KUBECONFIG | |
38 | - kubectl config view | |
39 | - kubectl config set-credentials gitlab --token=$KUBE_TOKEN | |
40 | - kubectl -n builds set image deployment/builds $CI_REGISTRY_IMAGE:$CI_PIPELINE_IID | |
41 | - kubectl -n builds rollout status --timeout 60s deploy/builds || (kubectl -n builds rollout undo deploy/builds && false) | |
42 | only: | |
43 | refs: | |
44 | - master | |
36f65cfa TP |
45 | |
46 | # EVERYTHING BELOW HERE CAN BE IGNORED | |
47 | # DO NOT TOUCH ANYTHING BELOW THIS LINE | |
48 | dependency_scanning: | |
49 | stage: test | |
50 | image: docker:stable | |
51 | variables: | |
52 | DOCKER_DRIVER: overlay2 | |
53 | allow_failure: true | |
54 | services: | |
55 | - docker:stable-dind | |
56 | script: | |
57 | - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/') | |
58 | - docker run | |
59 | --env DEP_SCAN_DISABLE_REMOTE_CHECKS="${DEP_SCAN_DISABLE_REMOTE_CHECKS:-false}" | |
60 | --volume "$PWD:/code" | |
61 | --volume /var/run/docker.sock:/var/run/docker.sock | |
62 | "registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$SP_VERSION" /code | |
63 | artifacts: | |
64 | reports: | |
65 | dependency_scanning: gl-dependency-scanning-report.json | |
66 | sast: | |
67 | stage: test | |
68 | image: docker:stable | |
69 | variables: | |
70 | DOCKER_DRIVER: overlay2 | |
71 | allow_failure: true | |
72 | services: | |
73 | - docker:stable-dind | |
74 | script: | |
75 | - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/') | |
76 | - docker run | |
77 | --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}" | |
78 | --volume "$PWD:/code" | |
79 | --volume /var/run/docker.sock:/var/run/docker.sock | |
80 | "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code | |
81 | artifacts: | |
82 | reports: | |
83 | sast: gl-sast-report |