From 11e271a368a51ddae24734d7211a53f7c6c0e92e Mon Sep 17 00:00:00 2001
From: Evan Richardson <evanrich81@gmail.com>
Date: Fri, 2 Apr 2021 21:14:57 +0000
Subject: [PATCH 1/3] Set .gitlab-ci.yml to enable or configure SAST

---
 .gitlab-ci.yml | 72 +++++++++++++++++++++-----------------------------
 1 file changed, 30 insertions(+), 42 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index ecb085d..1bba27d 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,65 +1,53 @@
+# You can override the included template(s) by including variable overrides
+# See https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
+# Note that environment variables can be set in several places
+# See https://docs.gitlab.com/ee/ci/variables/#priority-of-environment-variables
 image: docker:18.09.7-dind
 services:
-  - docker:18.09.7-dind
+- docker:18.09.7-dind
 variables:
   DOCKER_DRIVER: overlay
   DOCKER_HOST: tcp://localhost:2375/
-  IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
+  IMAGE_TAG: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
   FF_GITLAB_REGISTRY_HELPER_IMAGE: 1
-
 stages:
-  - build
-  - push_local
-  - push_dockerhub
-
+- build
+- push_local
+- push_dockerhub
+- test
 before_script:
-  - docker version
-  - docker info
-  - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
-
+- docker version
+- docker info
+- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
 build:
   stage: build
-  #  image: docker:18.09.7-dind
-  #  services:
-          #    - docker:18.09.7-dind
-      #  variables:
-      #    DOCKER_DRIVER: overlay
-      #    DOCKER_HOST: tcp://localhost:2375/
-      #    IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
-      #    FF_GITLAB_REGISTRY_HELPER_IMAGE: 1
-      #  before_script:
-      #    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
   script:
-    - docker build --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA ./Docker/
-    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
-      #- docker login registry.evanrichardsonphotography.com
-      #- docker build -t registry.evanrichardsonphotography.com/erichardson/py-eagle-mqtt ./Docker/
-      #- docker push registry.evanrichardsonphotography.com/erichardson/py-eagle-mqtt
-    #- ls 
-    #- docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" ./Docker/
-    #- docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
-
+  - docker build --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA ./Docker/
+  - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
 push local:
   stage: push_local
   variables:
     GIT_STRATEGY: none
   only:
-    - master
+  - master
   script:
-    - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
-    - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:latest
-    - docker push $CI_REGISTRY_IMAGE:latest
-
+  - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+  - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:latest
+  - docker push $CI_REGISTRY_IMAGE:latest
 push dockerhub:
   stage: push_dockerhub
   variables:
     GIT_STRATEGY: none
-    CI_DOCKERHUB_IMAGE: "index.docker.io/evanrich/py-eagle-mqtt"
-    CI_DOCKERHUB_REGISTRY: "docker.io"
+    CI_DOCKERHUB_IMAGE: index.docker.io/evanrich/py-eagle-mqtt
+    CI_DOCKERHUB_REGISTRY: docker.io
   only:
-    - master
+  - master
   script:
-    - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
-    - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_DOCKERHUB_IMAGE:latest
-    - docker login -u "$CI_DOCKERHUB_USER" -p "$CI_DOCKERHUB_PASSWORD" $CI_DOCKERHUB_REGISTRY
-    - docker push $CI_DOCKERHUB_IMAGE:latest
+  - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+  - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_DOCKERHUB_IMAGE:latest
+  - docker login -u "$CI_DOCKERHUB_USER" -p "$CI_DOCKERHUB_PASSWORD" $CI_DOCKERHUB_REGISTRY
+  - docker push $CI_DOCKERHUB_IMAGE:latest
+sast:
+  stage: test
+include:
+- template: Security/SAST.gitlab-ci.yml

From 0390fd17e78d8f6f61ad302d823b2ffeb7340d79 Mon Sep 17 00:00:00 2001
From: Evan Richardson <evanrich81@gmail.com>
Date: Fri, 2 Apr 2021 21:20:22 +0000
Subject: [PATCH 2/3] Update .gitlab-ci.yml

---
 .gitlab-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1bba27d..d708e99 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -11,10 +11,10 @@ variables:
   IMAGE_TAG: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
   FF_GITLAB_REGISTRY_HELPER_IMAGE: 1
 stages:
+- test
 - build
 - push_local
 - push_dockerhub
-- test
 before_script:
 - docker version
 - docker info

From 8f25241cc83913c29c5318a101ab485d6d277e88 Mon Sep 17 00:00:00 2001
From: Evan Richardson <evanrich81@gmail.com>
Date: Fri, 2 Apr 2021 21:25:57 +0000
Subject: [PATCH 3/3] refactor ci file

---
 .gitlab-ci.yml | 37 +++++++++++++++++++++++++------------
 1 file changed, 25 insertions(+), 12 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d708e99..13b1d58 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -2,29 +2,38 @@
 # See https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
 # Note that environment variables can be set in several places
 # See https://docs.gitlab.com/ee/ci/variables/#priority-of-environment-variables
-image: docker:18.09.7-dind
-services:
-- docker:18.09.7-dind
-variables:
-  DOCKER_DRIVER: overlay
-  DOCKER_HOST: tcp://localhost:2375/
-  IMAGE_TAG: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
-  FF_GITLAB_REGISTRY_HELPER_IMAGE: 1
+
 stages:
 - test
 - build
 - push_local
 - push_dockerhub
-before_script:
-- docker version
-- docker info
-- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
+
+.docker_base:
+  image: docker:18.09.7-dind
+  services:
+    - docker:18.09.7-dind
+  variables:
+    DOCKER_DRIVER: overlay
+    DOCKER_HOST: tcp://localhost:2375/
+    IMAGE_TAG: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
+    FF_GITLAB_REGISTRY_HELPER_IMAGE: 1
+  before_script:
+    - docker version
+    - docker info
+    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
+
 build:
+  extends:
+    - .docker_base
   stage: build
   script:
   - docker build --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA ./Docker/
   - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+
 push local:
+  extends:
+    - .docker_base
   stage: push_local
   variables:
     GIT_STRATEGY: none
@@ -34,7 +43,10 @@ push local:
   - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
   - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:latest
   - docker push $CI_REGISTRY_IMAGE:latest
+
 push dockerhub:
+  extends:
+    - .docker_base
   stage: push_dockerhub
   variables:
     GIT_STRATEGY: none
@@ -47,6 +59,7 @@ push dockerhub:
   - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_DOCKERHUB_IMAGE:latest
   - docker login -u "$CI_DOCKERHUB_USER" -p "$CI_DOCKERHUB_PASSWORD" $CI_DOCKERHUB_REGISTRY
   - docker push $CI_DOCKERHUB_IMAGE:latest
+  
 sast:
   stage: test
 include: