Skip to content
Snippets Groups Projects
ci_main.gitlab-ci.yml 11.6 KiB
Newer Older
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
#stages:
##  - main_pulling_repo
#  - main_secrets_in_repo
#  - main_linting_code
#  - main_linting_docker
#  - main_security
#  - main_build_and_push
#
#variables:
#  CI_JOB_TOKEN: $CI_JOB_TOKEN
#  CI_DEBUG_TRACE: "false"
#  CI_REGISTRY_USER: $CI_REGISTRY_USER
#  CI_REGISTRY: $CI_REGISTRY
#  CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY
#
#.main_common: &main_common
#  only:
#    - merge_requests
#  except:
#    variables:
#      - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "main"
#  tags:
#    - shell
#
#.main_dnd: &main_dnd
#  allow_failure: true
#  rules:
#    - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"'
#      when: always
#    - when: never
#  services:
#    - docker:24.0.5-dind
#  tags:
#    - docker-in-docker
#
#main_secrets_in_repo:
#  stage: main_secrets_in_repo
#  script:
#    - |
#      pip install trufflehog
#      cd ../
#      trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5
#  <<: *main_common
#
## define the process to do linting code: Sonarque, ruff?
#main_linting_code:
#  stage: main_linting_code
#  script:
#    - |
#      echo "###ruff checks###"
#      pip install ruff
#      ruff check --config cicd/ruff.toml . || true
#  needs: ["main_secrets_in_repo"]
#  <<: *main_common
#
#main_linting_docker:
#  stage: main_linting_docker
#  script:
#   - |
#    # Download hadolint binary
#    wget https://github.com/hadolint/hadolint/releases/download/v2.8.0/hadolint-Linux-x86_64 -O hadolint    
#
#    # Make it executable
#    chmod +x hadolint    
#
#    # Move it to your binaries folder
#    mv hadolint ../    
#
#    # Verify the installation
#    echo "### hadolint version ###"
#    ../hadolint --version    
#
#    # Array of service names
#    SERVICES=("vault" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" 
#      "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" "TS29222_CAPIF_Events_API" 
#      "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API"
#      "vault")
#
#    # Loop over service names
#    for SERVICE in "${SERVICES[@]}"; do
#      echo "### $SERVICE ###"
#      
#      # Run hadolint on Dockerfile
#      ../hadolint services/$SERVICE/Dockerfile || true
#      
#      echo "----------------------------------------------------"
#    done
#
##  artifacts:
##    name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
##    when: always
##    reports:
##      codequality:
##        - docker-lint.json
##  interruptible: true    
#  needs: ["main_linting_code"]
#  <<: *main_common
#
#
#main_cvs:
#  needs: ["main_linting_docker"]
#  stage: main_security
#  script: 
#   - |
#    # Install grype
#    curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b ../
#    
#    # Print grype version
#    echo "### grype version###"
#    ../grype version
#    
#    # Create output directory if it doesn't exist
#    DIRECTORY=./grype-outputs
#    if [ ! -d "$DIRECTORY" ]; then
#      mkdir $DIRECTORY
#      echo "Directory created"
#    else
#      echo "Directory already exists"
#    fi
#    
#    # Save current directory
#    export TMP_PWD=$PWD
#    echo "TMP_PWD=$TMP_PWD"
#    
#    # Array of image names
#    IMAGE_NAMES=("nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API"
#      "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API"
#      "TS29222_CAPIF_Events_API" "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API"
#      "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" "vault")
#    
#    # Loop over image names
#    for IMAGE_NAME in "${IMAGE_NAMES[@]}"; do
#      # Convert SERVICE to lowercase
#      IMAGE_LOWER=${IMAGE_NAME,,}
#
#      echo "---- variable ----"
#      echo "### build and push $IMAGE_NAME image###"
#      
#      # Navigate to service directory
#      cd services/$IMAGE_NAME/
#      
#      # Login to Docker registry
#      docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY
#      
#      # Build Docker image
#      docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_LOWER:latest .
#      
#      # Navigate back to original directory
#      cd $TMP_PWD
#      
#      echo "### Container Vulnerability Scanning $IMAGE_NAME###"
#      
#      # Scan Docker image with grype and save output to file
#      #../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_LOWER:latest --scope all-layers > ./grype-outputs/grype_$IMAGE_NAME-latest.txt
#      
#      echo "----------------------------------------------------"
#    done
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
#  artifacts:
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
#    untracked: false
#    paths:
#      - ./grype-outputs/*.txt
#    when: on_success
#    expire_in: "1 week"
#  <<: *main_common    
#
#main_semgrep_sast:
#  needs:
#    - main_linting_code
#    - main_linting_docker
#  stage: main_security
#  extends: semgrep-sast
#  variables:
#    DOCKER_HOST: tcp://docker:2375
#    SAST_DEFAULT_ANALYZERS: bandit
#  <<: *main_dnd
#
#gemnasium-python-dependency_scanning:
#  stage: test
#  before_script:
#    - echo " ----- not run test stage -----"
#  rules:
#    - when: never
#
#main_gemnasium_python_sca:
#  needs:
#    - main_linting_code
#    - main_linting_docker
#  stage: staging_security
#  extends: gemnasium-python-dependency_scanning
#  variables:
#    DS_ANALYZER_NAME: "gemnasium-python"
#  <<: *main_dnd
#
#main_build_and_push:
#  needs: ["main_security"]
#  stage: main_build_and_push
#  script:
#   - export TMP_PWD=$PWD
#   - echo "TMP_PWD=$TMP_PWD"
#   - echo "### docker login###"
#   - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY
#   - echo "----------------------------------------------------"
#   - echo "### build and push nginx image###"
#   - cd $TMP_PWD/services/nginx/
#   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG .
#   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG
#   - echo "----------------------------------------------------"
#   - echo "### build and push register image###"
#   - cd $TMP_PWD/services/register/
#   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG .
#   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG
#   - echo "----------------------------------------------------"
#   - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###"
#   - cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/
#   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG .
#   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG
#   - echo "----------------------------------------------------"
#   - echo "### build and push TS29222_CAPIF_API_Invoker_Management_API image###"
#   - cd $TMP_PWD/services/TS29222_CAPIF_API_Invoker_Management_API/
#   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG .
#   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG
#   - echo "----------------------------------------------------"
#   - echo "### build and push TS29222_CAPIF_API_Provider_Management_API image###"
#   - cd $TMP_PWD/services/TS29222_CAPIF_API_Provider_Management_API/
#   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG .
#   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG
#   - echo "----------------------------------------------------"
#   - echo "### build and push TS29222_CAPIF_Auditing_API image###"
#   - cd $TMP_PWD/services/TS29222_CAPIF_Auditing_API/
#   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG .
#   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG
#   - echo "----------------------------------------------------"
#   - echo "### build and push TS29222_CAPIF_Discover_Service_API image###"
#   - cd $TMP_PWD/services/TS29222_CAPIF_Discover_Service_API/
#   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG .
#   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG
#   - echo "----------------------------------------------------"
#   - echo "### build and push TS29222_CAPIF_Events_API image###"
#   - cd $TMP_PWD/services/TS29222_CAPIF_Events_API/
#   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG .
#   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG
#   - echo "----------------------------------------------------"
#   - echo "### build and push TS29222_CAPIF_Logging_API_Invocation_API image###"
#   - cd $TMP_PWD/services/TS29222_CAPIF_Logging_API_Invocation_API/
#   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG .
#   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG
#   - echo "----------------------------------------------------"
#   - echo "### build and push TS29222_CAPIF_Publish_Service_API image###"
#   - cd $TMP_PWD/services/TS29222_CAPIF_Publish_Service_API/
#   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG .
#   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG
#   - echo "----------------------------------------------------"
#   - echo "### build and push TS29222_CAPIF_Routing_Info_API image###"
#   - cd $TMP_PWD/services/TS29222_CAPIF_Routing_Info_API/
#   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG .
#   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG
#   - echo "----------------------------------------------------"
#   - echo "### build and push TS29222_CAPIF_Security_API image###"
#   - cd $TMP_PWD/services/TS29222_CAPIF_Security_API/
#   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG .
#   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG
#   - echo "----------------------------------------------------"
#   - echo "### build and push vault image###"
#   - cd $TMP_PWD/services/vault/
#   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG .
#   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG
#   - echo "----------------------------------------------------"
#   - echo "### build and push helper image###"
#   - cd $TMP_PWD/services/helper/
#   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG .
#   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG
#   - echo "----------------------------------------------------"
#   - echo "### build and push mock-server image###"
#   - cd $TMP_PWD/services/mock_server/
#   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG .
#   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG
#   - echo "----------------------------------------------------"
#   - docker logout $CI_REGISTRY
#  <<: *main_common