Compare commits
20 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 58a827b1aa | |||
|
adb4cb6060 | ||
| 13cb51706b | |||
| e83a7bbfae | |||
|
|
49a8693fc0 | ||
| b143379f20 | |||
|
|
534a8b805e | ||
| de1d073c6d | |||
| d3e34871aa | |||
| 3e8aead632 | |||
| 9498554758 | |||
| c2167d5d97 | |||
| 6eb2d0145e | |||
| b1ca0497b0 | |||
| 589fb4fcf7 | |||
| 51213c51e0 | |||
| da20bbe045 | |||
| bb17ad6135 | |||
| 40c7d020d2 | |||
| 9b5adba3ed |
@@ -11,12 +11,14 @@ stages:
|
||||
- push_dockerhub
|
||||
|
||||
.docker_base:
|
||||
image: docker:18.09.7-dind
|
||||
image: docker:20.10.6-dind
|
||||
services:
|
||||
- docker:18.09.7-dind
|
||||
- name: docker:20.10.6-dind
|
||||
command: ["--tls=false"]
|
||||
variables:
|
||||
DOCKER_DRIVER: overlay
|
||||
DOCKER_HOST: tcp://localhost:2375/
|
||||
DOCKER_DRIVER: overlay2
|
||||
DOCKER_HOST: tcp://127.0.0.1:2375/
|
||||
DOCKER_TLS_CERTDIR: ""
|
||||
IMAGE_TAG: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
|
||||
FF_GITLAB_REGISTRY_HELPER_IMAGE: 1
|
||||
before_script:
|
||||
@@ -68,10 +70,10 @@ push dockerhub:
|
||||
- docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_DOCKERHUB_IMAGE:$CI_COMMIT_REF_NAME
|
||||
- docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_DOCKERHUB_IMAGE:latest
|
||||
- docker login -u "$CI_DOCKERHUB_USER" -p "$CI_DOCKERHUB_PASSWORD" $CI_DOCKERHUB_REGISTRY
|
||||
- docker push $CI_DOCKERHUB_IMAGE
|
||||
- docker push $CI_DOCKERHUB_IMAGE --all-tags
|
||||
|
||||
release:
|
||||
image: node:13
|
||||
image: node:16-alpine3.13
|
||||
stage: release
|
||||
only:
|
||||
refs:
|
||||
@@ -81,9 +83,14 @@ release:
|
||||
- /^(([0-9]+)\.)?([0-9]+)\.x/
|
||||
# This matches pre-releases
|
||||
- /^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$/
|
||||
except:
|
||||
refs:
|
||||
- tags
|
||||
script:
|
||||
- touch CHANGELOG.md
|
||||
- npm install @semantic-release/gitlab @semantic-release/changelog @semantic-release/git
|
||||
- apk add --no-cache git
|
||||
- npm install @semantic-release/gitlab @semantic-release/changelog
|
||||
@semantic-release/git conventional-changelog-eslint
|
||||
- npx semantic-release
|
||||
artifacts:
|
||||
paths:
|
||||
@@ -93,3 +100,48 @@ sast:
|
||||
stage: test
|
||||
include:
|
||||
- template: Security/SAST.gitlab-ci.yml
|
||||
|
||||
sonarqube-check:
|
||||
stage: test
|
||||
image:
|
||||
name: sonarsource/sonar-scanner-cli:4.6
|
||||
entrypoint: [""]
|
||||
variables:
|
||||
SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache
|
||||
GIT_DEPTH: "0" # Tells git to fetch all the branches of the project, required by the analysis task
|
||||
cache:
|
||||
key: "${CI_JOB_NAME}"
|
||||
paths:
|
||||
- .sonar/cache
|
||||
script:
|
||||
- sonar-scanner
|
||||
allow_failure: true
|
||||
only:
|
||||
- master # or the name of your main branch
|
||||
- branches
|
||||
|
||||
trivy:
|
||||
stage: test
|
||||
extends:
|
||||
- .docker_base
|
||||
before_script:
|
||||
- export TRIVY_VERSION=$(wget -qO - "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/')
|
||||
- echo $TRIVY_VERSION
|
||||
- wget --no-verbose https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz -O - | tar -zxvf -
|
||||
allow_failure: true
|
||||
script:
|
||||
# Build image
|
||||
- docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA ./Docker/
|
||||
# Build report
|
||||
- ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
|
||||
# Print report
|
||||
- ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --severity HIGH image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
|
||||
# Fail on severe vulnerabilities
|
||||
- ./trivy --exit-code 1 --cache-dir .trivycache/ --severity CRITICAL --no-progress image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
|
||||
cache:
|
||||
paths:
|
||||
- .trivycache/
|
||||
# Enables https://docs.gitlab.com/ee/user/application_security/container_scanning/ (Container Scanning report is available on GitLab EE Ultimate or GitLab.com Gold)
|
||||
artifacts:
|
||||
reports:
|
||||
container_scanning: gl-container-scanning-report.json
|
||||
|
||||
@@ -1,6 +1,38 @@
|
||||
plugins:
|
||||
- "@semantic-release/commit-analyzer"
|
||||
- "@semantic-release/release-notes-generator"
|
||||
- - "@semantic-release/commit-analyzer"
|
||||
- preset: eslint
|
||||
releaseRules:
|
||||
- tag: Breaking
|
||||
release: major
|
||||
- tag: Build
|
||||
release: patch
|
||||
- tag: Chore
|
||||
release: minor
|
||||
- tag: Fix
|
||||
release: patch
|
||||
- tag: New
|
||||
release: minor
|
||||
- tag: Update
|
||||
release: minor
|
||||
- tag: Upgrade
|
||||
release: minor
|
||||
- - "@semantic-release/release-notes-generator"
|
||||
- preset: eslint
|
||||
releaseRules:
|
||||
- tag: Breaking
|
||||
release: major
|
||||
- tag: Build
|
||||
release: patch
|
||||
- tag: Chore
|
||||
release: minor
|
||||
- tag: Fix
|
||||
release: patch
|
||||
- tag: New
|
||||
release: minor
|
||||
- tag: Update
|
||||
release: minor
|
||||
- tag: Upgrade
|
||||
release: minor
|
||||
- - "@semantic-release/changelog"
|
||||
- changelogFile: CHANGELOG.md
|
||||
- "@semantic-release/gitlab"
|
||||
|
||||
27
CHANGELOG.md
27
CHANGELOG.md
@@ -1,3 +1,30 @@
|
||||
## [1.7.6](https://gitlab.evanrichardsonphotography.com/erichardson/py-eagle-mqtt/compare/v1.7.5...v1.7.6) (2021-05-10)
|
||||
|
||||
|
||||
### Build
|
||||
|
||||
* Change docker driver to overlay2 ([13cb517](https://gitlab.evanrichardsonphotography.com/erichardson/py-eagle-mqtt/commit/13cb51706b97f25486f62dd6985903e834d28ee2))
|
||||
|
||||
## [1.7.5](https://gitlab.evanrichardsonphotography.com/erichardson/py-eagle-mqtt/compare/v1.7.4...v1.7.5) (2021-05-09)
|
||||
|
||||
|
||||
### Build
|
||||
|
||||
* push all tags instead of just latest ([b143379](https://gitlab.evanrichardsonphotography.com/erichardson/py-eagle-mqtt/commit/b143379f2018f410677a9646234e7b483d9277d3))
|
||||
|
||||
## [1.7.4](https://gitlab.evanrichardsonphotography.com/erichardson/py-eagle-mqtt/compare/v1.7.3...v1.7.4) (2021-05-09)
|
||||
|
||||
|
||||
### Build
|
||||
|
||||
* cleanup long install line ([de1d073](https://gitlab.evanrichardsonphotography.com/erichardson/py-eagle-mqtt/commit/de1d073c6daf5d43fb7d9b7dafddd3b0cbcffc9b))
|
||||
|
||||
### ci
|
||||
|
||||
* Add git to node image ([6eb2d01](https://gitlab.evanrichardsonphotography.com/erichardson/py-eagle-mqtt/commit/6eb2d0145eff50c3243a364d821e769ae2ee06c9))
|
||||
* change semantic release image to alpine to save space, updated to node 16 ([b1ca049](https://gitlab.evanrichardsonphotography.com/erichardson/py-eagle-mqtt/commit/b1ca0497b0b51e0c50ca1e5f99e5c8abd4224d53))
|
||||
* Update DinD base to 20.10.6 and semantic release to node:15. Also pin sonar-scanner-cli to 4.6 ([589fb4f](https://gitlab.evanrichardsonphotography.com/erichardson/py-eagle-mqtt/commit/589fb4fcf7841d3c5f08327d7fb5d5c107562ed6))
|
||||
|
||||
## [1.7.3](https://gitlab.evanrichardsonphotography.com/erichardson/py-eagle-mqtt/compare/v1.7.2...v1.7.3) (2021-04-12)
|
||||
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
FROM python:3.9.4-alpine3.13
|
||||
FROM python:3.9.6-alpine3.14
|
||||
LABEL maintainer="Evan Richardson (evanrich81[at]gmail.com)"
|
||||
|
||||
ARG BUILD_DATE
|
||||
|
||||
3
sonar-project.properties
Normal file
3
sonar-project.properties
Normal file
@@ -0,0 +1,3 @@
|
||||
sonar.projectKey=erichardson_py-eagle-mqtt_AXkgI9tRLcemhRz3NCjo
|
||||
sonar.qualitygate.wait=true
|
||||
sonar.projectBaseDir=Docker/src
|
||||
Reference in New Issue
Block a user