Update .gitlab-ci.yml file

2023-10-07 01:26:31 +00:00
parent 95ed67b399
commit 6e176eb3e1
1 changed files with 68 additions and 68 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -57,51 +57,51 @@ push local:
  - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:latest
  - docker push $CI_REGISTRY_IMAGE:latest
-push dockerhub:
+# push dockerhub:
-  extends:
+#   extends:
-    - .docker_base
+#     - .docker_base
-  stage: push_dockerhub
+#   stage: push_dockerhub
-  variables:
+#   variables:
-    GIT_STRATEGY: none
+#     GIT_STRATEGY: none
-    CI_DOCKERHUB_IMAGE: index.docker.io/evanrich/py-eagle-mqtt
+#     CI_DOCKERHUB_IMAGE: index.docker.io/evanrich/py-eagle-mqtt
-    CI_DOCKERHUB_REGISTRY: docker.io
+#     CI_DOCKERHUB_REGISTRY: docker.io
-  only:
+#   only:
-  - tags
+#   - tags
-  script:
+#   script:
-  - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+#   - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
-  - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_DOCKERHUB_IMAGE:$CI_COMMIT_REF_NAME 
+#   - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_DOCKERHUB_IMAGE:$CI_COMMIT_REF_NAME 
-  - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_DOCKERHUB_IMAGE:latest
+#   - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_DOCKERHUB_IMAGE:latest
-  - docker login -u "$CI_DOCKERHUB_USER" -p "$CI_DOCKERHUB_PASSWORD" $CI_DOCKERHUB_REGISTRY
+#   - docker login -u "$CI_DOCKERHUB_USER" -p "$CI_DOCKERHUB_PASSWORD" $CI_DOCKERHUB_REGISTRY
-  - docker push $CI_DOCKERHUB_IMAGE --all-tags
+#   - docker push $CI_DOCKERHUB_IMAGE --all-tags
-release:
+# release:
-  image: node:19-alpine3.15
+#   image: node:19-alpine3.15
-  stage: release
+#   stage: release
-  only:
+#   only:
-    refs:
+#     refs:
-    - master
+#     - master
-    - alpha
+#     - alpha
-    # This matches maintenance branches
+#     # This matches maintenance branches
-    - /^(([0-9]+)\.)?([0-9]+)\.x/
+#     - /^(([0-9]+)\.)?([0-9]+)\.x/
-    # This matches pre-releases
+#     # This matches pre-releases
-    - /^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$/ 
+#     - /^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$/ 
-  except:
+#   except:
-    refs:
+#     refs:
-      - tags
+#       - tags
-  script:
+#   script:
-    - touch CHANGELOG.md
+#     - touch CHANGELOG.md
-    - apk add --no-cache git
+#     - apk add --no-cache git
-    - npm install @semantic-release/gitlab@10.1.4 @semantic-release/changelog@6.0.2
+#     - npm install @semantic-release/gitlab@10.1.4 @semantic-release/changelog@6.0.2
-      @semantic-release/git@10.0.1 conventional-changelog-eslint@3.0.9
+#       @semantic-release/git@10.0.1 conventional-changelog-eslint@3.0.9
-    - npx semantic-release
+#     - npx semantic-release
-  artifacts:
+#   artifacts:
-    paths:
+#     paths:
-    - CHANGELOG.md
+#     - CHANGELOG.md
-sast:
+# sast:
-  stage: test
+#   stage: test
-include:
+# include:
- template: Security/SAST.gitlab-ci.yml
+# - template: Security/SAST.gitlab-ci.yml
 #sonarqube-check:
 #  stage: test
@@ -122,28 +122,28 @@ include:
 #    - master # or the name of your main branch
 #    - branches
-trivy:
+# trivy:
-  stage: test
+#   stage: test
-  extends:
+#   extends:
-    - .docker_base
+#     - .docker_base
-  before_script:
+#   before_script:
-    - export TRIVY_VERSION=$(wget -qO - "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/')
+#     - export TRIVY_VERSION=$(wget -qO - "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/')
-    - echo $TRIVY_VERSION
+#     - echo $TRIVY_VERSION
-    - wget --no-verbose https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz -O - | tar -zxvf -
+#     - wget --no-verbose https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz -O - | tar -zxvf -
-  allow_failure: true
+#   allow_failure: true
-  script:
+#   script:
-    # Build image
+#     # Build image
-    - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA ./Docker/
+#     - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA ./Docker/
-    # Build report
+#     # Build report
-    - ./trivy --cache-dir .trivycache/ image --exit-code 0 --no-progress --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+#     - ./trivy --cache-dir .trivycache/ image --exit-code 0 --no-progress --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
-    # Print report
+#     # Print report
-    - ./trivy --cache-dir .trivycache/ image --exit-code 0 --no-progress --severity HIGH $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+#     - ./trivy --cache-dir .trivycache/ image --exit-code 0 --no-progress --severity HIGH $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
-    # Fail on severe vulnerabilities
+#     # Fail on severe vulnerabilities
-    - ./trivy --cache-dir .trivycache/ image --exit-code 1 --severity CRITICAL --no-progress $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+#     - ./trivy --cache-dir .trivycache/ image --exit-code 1 --severity CRITICAL --no-progress $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
-  cache:
+#   cache:
-    paths:
+#     paths:
-      - .trivycache/
+#       - .trivycache/
-  # Enables https://docs.gitlab.com/ee/user/application_security/container_scanning/ (Container Scanning report is available on GitLab EE Ultimate or GitLab.com Gold)
+#   # Enables https://docs.gitlab.com/ee/user/application_security/container_scanning/ (Container Scanning report is available on GitLab EE Ultimate or GitLab.com Gold)
-  artifacts:
+#   artifacts:
-    reports:
+#     reports:
-      container_scanning: gl-container-scanning-report.json
+#       container_scanning: gl-container-scanning-report.json