Newer
Older
# This file is a template, and might need editing before it works on your project.
# This is a sample GitLab CI/CD configuration file that should run without any modifications.
# It demonstrates a basic 3 stage CI/CD pipeline. Instead of real tests or scripts,
# it uses echo commands to simulate the pipeline execution.
#
# A pipeline is composed of independent jobs that run scripts, grouped into stages.
# Stages run in sequential order, but jobs within stages run in parallel.
#
# For more information, see: https://docs.gitlab.com/ee/ci/yaml/index.html#stages
#
# You can copy and paste this template into a new `.gitlab-ci.yml` file.
# You should not add this template to an existing `.gitlab-ci.yml` file by using the `include:` keyword.
#
# To contribute improvements to CI/CD templates, please follow the Development guide at:
# https://docs.gitlab.com/ee/development/cicd/templates.html
# This specific template is located at:
# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Getting-Started.gitlab-ci.yml
include:
- template: SAST.gitlab-ci.yml
- template: Dependency-Scanning.gitlab-ci.yml
nodejs-scan-sast:
tags: [docker]
semgrep-sast:
tags: [docker]
gemnasium-dependency_scanning:
tags: [docker]
stages: # List of stages for jobs, and their order of execution
- build
- test
- deploy
build-job: # This job runs in the build stage, which runs first.
stage: build
script:
- docker build -t demo/front .
- docker save demo/front -o demo.tar
artifacts:
untracked: true
code-quality:
stage: test
image: docker:20.10.12
allow_failure: false
services:
- name: "docker:20.10.12-dind"
command: ["--tls=false", "--host=tcp://0.0.0.0:2375"]
variables:
DOCKER_DRIVER: overlay2
DOCKER_CERT_PATH: ""
DOCKER_TLS_CERTDIR: ""
DOCKER_TLS_VERIFY: ""
CODE_QUALITY_IMAGE_TAG: "0.96.0"
CODE_QUALITY_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/ci-cd/codequality:$CODE_QUALITY_IMAGE_TAG"
DOCKER_SOCKET_PATH: /var/run/docker.sock
needs: []
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
- export SOURCE_CODE=$PWD
- |
if ! docker info &>/dev/null; then
if [ -z "$DOCKER_HOST" ] && [ -n "$KUBERNETES_PORT" ]; then
export DOCKER_HOST='tcp://localhost:2375'
fi
fi
- | # this is required to avoid undesirable reset of Docker image ENV variables being set on build stage
function propagate_env_vars() {
CURRENT_ENV=$(printenv)
for VAR_NAME; do
echo $CURRENT_ENV | grep "${VAR_NAME}=" > /dev/null && echo "--env $VAR_NAME "
done
}
- |
if [ -n "$CODECLIMATE_REGISTRY_USERNAME" ] && [ -n "$CODECLIMATE_REGISTRY_PASSWORD" ] && [ -n "$CODECLIMATE_PREFIX" ]; then
CODECLIMATE_REGISTRY=${CODECLIMATE_PREFIX%%/*}
docker login "$CODECLIMATE_REGISTRY" --username "$CODECLIMATE_REGISTRY_USERNAME" --password "$CODECLIMATE_REGISTRY_PASSWORD"
fi
- |
docker run --rm \
$(propagate_env_vars \
SOURCE_CODE \
TIMEOUT_SECONDS \
CODECLIMATE_DEBUG \
CODECLIMATE_DEV \
REPORT_STDOUT \
REPORT_FORMAT \
ENGINE_MEMORY_LIMIT_BYTES \
CODECLIMATE_PREFIX \
CODECLIMATE_REGISTRY_USERNAME \
CODECLIMATE_REGISTRY_PASSWORD \
DOCKER_SOCKET_PATH \
) \
--volume "$PWD":/code \
--volume "$DOCKER_SOCKET_PATH":/var/run/docker.sock \
"$CODE_QUALITY_IMAGE" /code
- cat gl-code-quality-report.json
- |
if grep "issue" gl-code-quality-report.json
then
echo "Test fail"
else
echo "Test success"
exit 0
fi
artifacts:
reports:
codequality: gl-code-quality-report.json
paths:
- gl-code-quality-report.json
expire_in: 1 week
dependencies: []
rules:
- if: "$CODE_QUALITY_DISABLED"
when: never
- if: "$CI_COMMIT_TAG || $CI_COMMIT_BRANCH"
deploy-job: # This job runs in the deploy stage.
stage: deploy # It only runs when *both* jobs in the test stage complete successfully.
environment: production
- sshpass -p "${APP_SERVER_PWD}" scp -o StrictHostKeyChecking=no demo.tar root@172.29.4.124:~
- sshpass -p "${APP_SERVER_PWD}" ssh -o StrictHostKeyChecking=no root@172.29.4.124 'docker container rm -f demo; docker load -i demo.tar; docker run -d --name demo -p 80:80 demo/front /bin/bash -c "nginx; tail -f /dev/null"'