Skip to content
Snippets Groups Projects
Normal view Permalink
ci_dev.gitlab-ci.yml 4.58 KiB
Newer Older
Andres Anaya Amariels's avatar
frist commit
Andres Anaya Amariels committed
1 
stages:
Andres Anaya Amariels's avatar
execution  
Andres Anaya Amariels committed
2 3 4 5 
  - dev_pulling_repo
  - dev_secrets_in_repo
  - dev_linting_code
  - dev_linting_docker
Andres Anaya Amariels's avatar
docker_login  
Andres Anaya Amariels committed
6 
  - docker_login
Andres Anaya Amariels's avatar
frist commit
Andres Anaya Amariels committed
7 8 9 10 

variables:
  GITLAB_API: "https://labs.etsi.org/api/v4"
  CI_JOB_TOKEN: $CI_JOB_TOKEN
Andres Anaya Amariels's avatar
CI_DEBUG_TRACE: "true"  
Andres Anaya Amariels committed
11 
  CI_DEBUG_TRACE: "false"
Andres Anaya Amariels's avatar
variables  
Andres Anaya Amariels committed
12 13 14 
  CI_REGISTRY_USER: $CI_REGISTRY_USER
  CI_REGISTRY_PASSWORD: $CI_REGISTRY_PASSWORD
  CI_REGISTRY: $CI_REGISTRY
Andres Anaya Amariels's avatar
docker  
Andres Anaya Amariels committed
15 
  CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY
Andres Anaya Amariels's avatar
variables  
Andres Anaya Amariels committed
16
Andres Anaya Amariels's avatar
CI_DEBUG_TRACE: "true"  
Andres Anaya Amariels committed
17
Andres Anaya Amariels's avatar
execution  
Andres Anaya Amariels committed
18 
.dev_common: &dev_common
Andres Anaya Amariels's avatar
staging gitlab ci  
Andres Anaya Amariels committed
19 20 21 
  tags:
    - shell
Andres Anaya Amariels's avatar
CI_DEBUG_TRACE: "false" and dev_secrets_in_repo  
Andres Anaya Amariels committed
22 23 24 25 26 
#dev_pulling_repo:
#  stage: dev_pulling_repo
#  script:
#    - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git
#  <<: *dev_common
Andres Anaya Amariels's avatar
frist commit
Andres Anaya Amariels committed
27
Andres Anaya Amariels's avatar
execution  
Andres Anaya Amariels committed
28 29 
dev_secrets_in_repo:
  stage: dev_secrets_in_repo
Andres Anaya Amariels's avatar
frist commit
Andres Anaya Amariels committed
30 
  script:
Andres Anaya Amariels's avatar
CI_DEBUG_TRACE: "false" and dev_secrets_in_repo  
Andres Anaya Amariels committed
31 32 
    - |
      pip install trufflehog
Andres Anaya Amariels's avatar
cd ../  
Andres Anaya Amariels committed
33 
      cd ../
Andres Anaya Amariels's avatar
capif/cicd/exclusions  
Andres Anaya Amariels committed
34 
      trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5
Andres Anaya Amariels's avatar
CI_DEBUG_TRACE: "false" and dev_secrets_in_repo  
Andres Anaya Amariels committed
35 
#  needs: ["dev_pulling_repo"]
Andres Anaya Amariels's avatar
execution  
Andres Anaya Amariels committed
36 
  <<: *dev_common
Andres Anaya Amariels's avatar
frist commit
Andres Anaya Amariels committed
37 38 

# define the process to do linting code: Sonarque, ruff?
Andres Anaya Amariels's avatar
execution  
Andres Anaya Amariels committed
39 40 
dev_linting_code:
  stage: dev_linting_code
Andres Anaya Amariels's avatar
frist commit
Andres Anaya Amariels committed
41 
  script:
Andres Anaya Amariels's avatar
dev_linting_code  
Andres Anaya Amariels committed
42 43 44 
    - |
      echo "###ruff checks###"
      pip install ruff
Andres Anaya Amariels's avatar
|| true  
Andres Anaya Amariels committed
45 
      ruff check --config cicd/ruff.toml . || true
Andres Anaya Amariels's avatar
execution  
Andres Anaya Amariels committed
46 47 
  needs: ["dev_secrets_in_repo"]
  <<: *dev_common
Andres Anaya Amariels's avatar
frist commit
Andres Anaya Amariels committed
48
Andres Anaya Amariels's avatar
execution  
Andres Anaya Amariels committed
49 50 
dev_linting_docker:
  stage: dev_linting_docker
Andres Anaya Amariels's avatar
frist commit
Andres Anaya Amariels committed
51 
  script:
Andres Anaya Amariels's avatar
dev_linting_docker  
Andres Anaya Amariels committed
52 
   - |
Andres Anaya Amariels's avatar
hadolint --version  
Andres Anaya Amariels committed
53 54 55 56 57 58 59 
    # Download hadolint binary
    wget https://github.com/hadolint/hadolint/releases/download/v2.8.0/hadolint-Linux-x86_64 -O hadolint

    # Make it executable
    chmod +x hadolint
    
    # Move it to your binaries folder
Andres Anaya Amariels's avatar
../  
Andres Anaya Amariels committed
60 
    mv hadolint ../
Andres Anaya Amariels's avatar
hadolint --version  
Andres Anaya Amariels committed
61 62 
    
    # Verify the installation
Andres Anaya Amariels's avatar
../  
Andres Anaya Amariels committed
63 
    ../hadolint --version
Andres Anaya Amariels's avatar
hadolint --version  
Andres Anaya Amariels committed
64
Andres Anaya Amariels's avatar
hadolint  
Andres Anaya Amariels committed
65 
    #find . -name 'services/Dockerfile*' -exec hadolint --no-fail -f gitlab_codeclimate {} + > docker-lint.json
Andres Anaya Amariels's avatar
hadolint  
Andres Anaya Amariels committed
66
Andres Anaya Amariels's avatar
|| true  
Andres Anaya Amariels committed
67 
    ../hadolint services/capif-client/Dockerfile || true
Andres Anaya Amariels's avatar
hadolint  
Andres Anaya Amariels committed
68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 
    ../hadolint services/vault/Dockerfile || true

    echo "### nginx ###"
    ../hadolint services/nginx/Dockerfile || true

    echo "### register ###"
    ../hadolint services/register/Dockerfile || true

    echo "### TS29222_CAPIF_Access_Control_Policy_API ###"
    ../hadolint services/TS29222_CAPIF_Access_Control_Policy_API/Dockerfile || true

    echo "### TS29222_CAPIF_API_Invoker_Management_API ###"
    ../hadolint services/TS29222_CAPIF_API_Invoker_Management_API/Dockerfile || true

    echo "### TS29222_CAPIF_API_Provider_Management_API ###"
    ../hadolint services/TS29222_CAPIF_API_Provider_Management_API/Dockerfile || true

    echo "### TS29222_CAPIF_Auditing_API ###"
    ../hadolint services/TS29222_CAPIF_Auditing_API/Dockerfile || true

    echo "### TS29222_CAPIF_Discover_Service_API ###"
    ../hadolint services/TS29222_CAPIF_Discover_Service_API/Dockerfile || true

    echo "### TS29222_CAPIF_Events_API ###"
    ../hadolint services/TS29222_CAPIF_Events_API/Dockerfile || true

    echo "### TS29222_CAPIF_Logging_API_Invocation_API ###"
    ../hadolint services/TS29222_CAPIF_Logging_API_Invocation_API/Dockerfile || true

    echo "### TS29222_CAPIF_Publish_Service_API ###"
    ../hadolint services/TS29222_CAPIF_Publish_Service_API/Dockerfile || true

    echo "### TS29222_CAPIF_Routing_Info_API ###"
    ../hadolint services/TS29222_CAPIF_Routing_Info_API/Dockerfile || true

    echo "### TS29222_CAPIF_Security_API ###"
    ../hadolint services/TS29222_CAPIF_Security_API/Dockerfile || true
Andres Anaya Amariels's avatar
hadolint  
Andres Anaya Amariels committed
105 106 107 108 109 110 111 
#  artifacts:
#    name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
#    when: always
#    reports:
#      codequality:
#        - docker-lint.json
#  interruptible: true
Andres Anaya Amariels's avatar
execution  
Andres Anaya Amariels committed
112 113 
  needs: ["dev_linting_code"]
  <<: *dev_common
Andres Anaya Amariels's avatar
docker  
Andres Anaya Amariels committed
114
Andres Anaya Amariels's avatar
comments  
Andres Anaya Amariels committed
115 116 
# NOT WORKING: failed when docker login. seem we need to use docker-in-docker rather than 
# shell alpine runners
Andres Anaya Amariels's avatar
docker_login  
Andres Anaya Amariels committed
117 118 
docker_login:
  stage: docker_login
Miguel Angel Reina Ortega's avatar
Fix docker image tag  
Miguel Angel Reina Ortega committed
119 120 121 
  image: docker:19.03.12-dind
  #services:
  #  - docker:19.03.12-dind
Andres Anaya Amariels's avatar
docker_login  
Andres Anaya Amariels committed
122 123 124 
  tags:
    - docker
  script:
Andres Anaya Amariels's avatar
docker  
Andres Anaya Amariels committed
125 
   - cd services/capif-client/
Miguel Angel Reina Ortega's avatar
Fix docker image tag  
Miguel Angel Reina Ortega committed
126 127 128 
   - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY
   - docker build -t CI_REGISTRY/ocf/capif/capif-client:$CI_COMMIT_REF_SLUG .
   - docker logout $CI_REGISTRY
Andres Anaya Amariels's avatar
docker  
Andres Anaya Amariels committed
129 
#   - docker push capif-client:$CI_COMMIT_REF_SLUG
Andres Anaya Amariels's avatar
docker in alpine  
Andres Anaya Amariels committed
130
Andres Anaya Amariels's avatar
comments  
Andres Anaya Amariels committed
131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 
## NOT WORKING: failed when build de images - failed to mount overlay: operation not permitted" storage-driver=overlay2
#docker_login:
#  stage: docker_login
#  script:
#   - |
#    #!/bin/bash
#
#    # Update your existing list of packages
#    apk update
#
#    # Install Docker
#    apk add docker
#
#    # Start the Docker service
#    dockerd &
#
#    # Verify the installation
#    docker --version
#
#    echo "### docker login ###"
#    docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY
#
#    echo "### build & push capif-client ###"
#    cd services/capif-client/ && docker build -t capif-client:$CI_COMMIT_REF_SLUG .
#
#    docker push capif-client:$CI_COMMIT_REF_SLUG