Commit cfeb55aa authored by janis.streib's avatar janis.streib 🦉
Browse files

Configure Dependency Scanning in `.gitlab-ci.yml`, creating this file if it does not already exist

parent ffb06bba
Pipeline #214564 failed
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
default:
image: debian-bullseye:latest
tags:
- netvs
image: debian-bullseye:latest
tags:
- netvs
cache:
key:
files:
- frontend/package-lock.json
- frontend/package-lock.json
paths:
- frontend/.npm/
- frontend/.npm/
before_script:
## dependencies
- apt-get update -y
- command -v curl || apt-get -y install curl
- command -v git || apt-get -y install git
- apt-get -y install apt-transport-https gnupg2
- test -e /etc/apt/sources.list.d/nodesource.list || curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -
- test -e /etc/apt/sources.list.d/nodesource.list || echo 'deb https://deb.nodesource.com/node_15.x bullseye main' > /etc/apt/sources.list.d/nodesource.list
- 'command -v npm || (apt-get update -y && apt-get install -y nodejs)'
- 'command -v pip3 || (apt-get update -y && apt-get install -y python3-pip)'
- pip3 install git+https://git.scc.kit.edu/scc-net/net-suite/api-generator.git@master#egg=net-api-generator
- cd frontend/
- echo "${CI_COMMIT_SHORT_SHA},Job ID ${CI_JOB_ID}@${CI_RUNNER_DESCRIPTION}"
- sed "s&__LOCAL_BUILD__&${CI_COMMIT_SHORT_SHA},Job ID ${CI_JOB_ID}@${CI_RUNNER_DESCRIPTION}&g" netvs.config.js.example > netvs.config.js
- sed -i "s&__JOB_ID__&${CI_JOB_ID}&g" netvs.config.js
- sed -i "s&__COMMIT_SHORT_SHA__&${CI_COMMIT_SHORT_SHA}&g" netvs.config.js
- sed -i "s&__JOB_ID__&${CI_JOB_ID}&g" public/version.json
- sed -i "s&__COMMIT_SHORT_SHA__&${CI_COMMIT_SHORT_SHA}&g" public/version.json
- if [ $CI_JOB_STAGE != "deploy" ]; then npm ci --cache .npm --prefer-offline; fi
- cd ..
- export API_VERSION=3.2
- apt-get update -y
- command -v curl || apt-get -y install curl
- command -v git || apt-get -y install git
- apt-get -y install apt-transport-https gnupg2
- test -e /etc/apt/sources.list.d/nodesource.list || curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key
| apt-key add -
- test -e /etc/apt/sources.list.d/nodesource.list || echo 'deb https://deb.nodesource.com/node_15.x
bullseye main' > /etc/apt/sources.list.d/nodesource.list
- command -v npm || (apt-get update -y && apt-get install -y nodejs)
- command -v pip3 || (apt-get update -y && apt-get install -y python3-pip)
- pip3 install git+https://git.scc.kit.edu/scc-net/net-suite/api-generator.git@master#egg=net-api-generator
- cd frontend/
- echo "${CI_COMMIT_SHORT_SHA},Job ID ${CI_JOB_ID}@${CI_RUNNER_DESCRIPTION}"
- sed "s&__LOCAL_BUILD__&${CI_COMMIT_SHORT_SHA},Job ID ${CI_JOB_ID}@${CI_RUNNER_DESCRIPTION}&g"
netvs.config.js.example > netvs.config.js
- sed -i "s&__JOB_ID__&${CI_JOB_ID}&g" netvs.config.js
- sed -i "s&__COMMIT_SHORT_SHA__&${CI_COMMIT_SHORT_SHA}&g" netvs.config.js
- sed -i "s&__JOB_ID__&${CI_JOB_ID}&g" public/version.json
- sed -i "s&__COMMIT_SHORT_SHA__&${CI_COMMIT_SHORT_SHA}&g" public/version.json
- if [ $CI_JOB_STAGE != "deploy" ]; then npm ci --cache .npm --prefer-offline; fi
- cd ..
- export API_VERSION=3.2
stages:
- build
- lint
- deploy
- build
- lint
- deploy
frontend-build:
stage: build
script:
- cd frontend/
- if [ $CI_COMMIT_BRANCH == "devel" ]; then export NETDB_ENDPOINT="${NETDB_DEVEL_ENDPOINT}"; fi
- if [ $CI_COMMIT_BRANCH == "devel" ]; then net-api-generator --version=${API_VERSION} openapi --default_endpoint=devel > public/api.yml; else net-api-generator --version=${API_VERSION} openapi --default_endpoint=test > public/api.yml; fi
- net-api-generator --version=${API_VERSION} es-webpack
- npm run build
artifacts:
expire_in: 7 days
paths:
- frontend/dist/
- frontend/src/api-services.gen/
needs: []
stage: build
script:
- cd frontend/
- if [ $CI_COMMIT_BRANCH == "devel" ]; then export NETDB_ENDPOINT="${NETDB_DEVEL_ENDPOINT}";
fi
- if [ $CI_COMMIT_BRANCH == "devel" ]; then net-api-generator --version=${API_VERSION}
openapi --default_endpoint=devel > public/api.yml; else net-api-generator --version=${API_VERSION}
openapi --default_endpoint=test > public/api.yml; fi
- net-api-generator --version=${API_VERSION} es-webpack
- npm run build
artifacts:
expire_in: 7 days
paths:
- frontend/dist/
- frontend/src/api-services.gen/
needs: []
frontend-lint:
stage: lint
script:
- cd frontend/
- npm run lint
allow_failure: true
needs: []
stage: lint
script:
- cd frontend/
- npm run lint
allow_failure: true
needs: []
frontend-audit:
stage: lint
script:
- cd frontend/
- npm audit --audit-level high
allow_failure: true
needs: []
stage: lint
script:
- cd frontend/
- npm audit --audit-level high
allow_failure: true
needs: []
deploy_devel:
stage: deploy
script:
- 'command -v ssh-agent || ( apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- ssh net-suite-devel@netvs-devel.scc.kit.edu "${CI_PIPELINE_ID}"
- command -v ssh-agent || ( apt-get install openssh-client -y )
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- ssh net-suite-devel@netvs-devel.scc.kit.edu "${CI_PIPELINE_ID}"
environment:
name: devel
url: https://netvs-devel.scc.kit.edu
only:
- devel
needs: ["frontend-build"]
needs:
- frontend-build
deploy_test:
stage: deploy
script:
- 'command -v ssh-agent || ( apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- ssh www-net-suite@netvs-test.scc.kit.edu "${CI_PIPELINE_ID}"
- command -v ssh-agent || ( apt-get install openssh-client -y )
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- ssh www-net-suite@netvs-test.scc.kit.edu "${CI_PIPELINE_ID}"
environment:
name: test
url: https://netvs-test.scc.kit.edu
only:
- main
needs: ["frontend-build"]
needs:
- frontend-build
deploy_prod:
stage: deploy
script:
- 'command -v ssh-agent || ( apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- ssh www-net-suite@netvs.scc.kit.edu "${CI_PIPELINE_ID}"
- command -v ssh-agent || ( apt-get install openssh-client -y )
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- ssh www-net-suite@netvs.scc.kit.edu "${CI_PIPELINE_ID}"
environment:
name: prod
url: https://netvs.scc.kit.edu
only:
- main
needs: ["frontend-build"]
needs:
- frontend-build
include:
- template: Security/Dependency-Scanning.gitlab-ci.yml
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment