erichardson/py-eagle-mqtt
1
0
Fork 0
Code Issues 1 Pull Requests 5 Actions Packages Projects Releases 11 Wiki Activity
Files
13cb51706b97f25486f62dd6985903e834d28ee2
py-eagle-mqtt/.gitlab-ci.yml

148 lines
4.5 KiB
YAML
Raw Blame History

# You can override the included template(s) by including variable overrides
# See https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#priority-of-environment-variables
stages:
- test
- build
- push_local
- release
- push_dockerhub
.docker_base:
image: docker:20.10.6-dind
services:
- name: docker:20.10.6-dind
command: ["--tls=false"]
variables:
DOCKER_DRIVER: overlay2
DOCKER_HOST: tcp://127.0.0.1:2375/
DOCKER_TLS_CERTDIR: ""
IMAGE_TAG: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
FF_GITLAB_REGISTRY_HELPER_IMAGE: 1
before_script:
- docker version
- docker info
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
build:
extends:
- .docker_base
stage: build
script:
- docker pull $CI_REGISTRY_IMAGE:latest || true
- >
docker build
--pull
--cache-from $CI_REGISTRY_IMAGE:latest
--tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
--build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
--build-arg VCS_REF=$CI_COMMIT_SHORT_SHA
./Docker/
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
push local:
extends:
- .docker_base
stage: push_local
variables:
GIT_STRATEGY: none
only:
- master
script:
- docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
- docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:latest
- docker push $CI_REGISTRY_IMAGE:latest
push dockerhub:
extends:
- .docker_base
stage: push_dockerhub
variables:
GIT_STRATEGY: none
CI_DOCKERHUB_IMAGE: index.docker.io/evanrich/py-eagle-mqtt
CI_DOCKERHUB_REGISTRY: docker.io
only:
- tags
script:
- docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
- docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_DOCKERHUB_IMAGE:$CI_COMMIT_REF_NAME
- docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_DOCKERHUB_IMAGE:latest
- docker login -u "$CI_DOCKERHUB_USER" -p "$CI_DOCKERHUB_PASSWORD" $CI_DOCKERHUB_REGISTRY
- docker push $CI_DOCKERHUB_IMAGE --all-tags
release:
image: node:16-alpine3.13
stage: release
only:
refs:
- master
- alpha
# This matches maintenance branches
- /^(([0-9]+)\.)?([0-9]+)\.x/
# This matches pre-releases
- /^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$/
except:
refs:
- tags
script:
- touch CHANGELOG.md
- apk add --no-cache git
- npm install @semantic-release/gitlab @semantic-release/changelog
@semantic-release/git conventional-changelog-eslint
- npx semantic-release
artifacts:
paths:
- CHANGELOG.md
sast:
stage: test
include:
- template: Security/SAST.gitlab-ci.yml
sonarqube-check:
stage: test
image:
name: sonarsource/sonar-scanner-cli:4.6
entrypoint: [""]
variables:
SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache
GIT_DEPTH: "0" # Tells git to fetch all the branches of the project, required by the analysis task
cache:
key: "${CI_JOB_NAME}"
paths:
- .sonar/cache
script:
- sonar-scanner
allow_failure: true
only:
- master # or the name of your main branch
- branches
trivy:
stage: test
extends:
- .docker_base
before_script:
- export TRIVY_VERSION=$(wget -qO - "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/')
- echo $TRIVY_VERSION
- wget --no-verbose https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz -O - | tar -zxvf -
allow_failure: true
script:
# Build image
- docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA ./Docker/
# Build report
- ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
# Print report
- ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --severity HIGH image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
# Fail on severe vulnerabilities
- ./trivy --exit-code 1 --cache-dir .trivycache/ --severity CRITICAL --no-progress image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
cache:
paths:
- .trivycache/
# Enables https://docs.gitlab.com/ee/user/application_security/container_scanning/ (Container Scanning report is available on GitLab EE Ultimate or GitLab.com Gold)
artifacts:
reports:
container_scanning: gl-container-scanning-report.json
Reference in New Issue View Git Blame Copy Permalink