Loading capif/.gitlab-ci.yml +82 −193 Original line number Diff line number Diff line Loading @@ -4,6 +4,7 @@ stages: - test - main_sast - main_container_scanning - staging_container_scanning # DELETE - main_build_and_push - deploy_ocf_main - main_rf_testing Loading Loading @@ -64,86 +65,6 @@ variables: tags: - docker-in-docker #.main_common: &main_common # only: # - merge_requests # except: # variables: # - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "main" # tags: # - shell# #.dev_common: &dev_common # tags: # - shell #main_cancel_previous_action: # stage: main_pre_pipeline # script: # - | # if [[ -n "$CI_JOB_TOKEN" ]]; then # echo "Checking for running jobs in the same pipeline..." # jobs=$(curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs") # for job in $(echo "$jobs" | jq -r '.[] | @base64'); do # _jq() { # echo ${job} | base64 --decode | jq -r ${1} # } # status=$(_jq '.status') # id=$(_jq '.id') # if [[ "$status" == "running" ]] && [[ "$id" != "$CI_JOB_ID" ]]; then # echo "Cancelling job $id" # curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/jobs/$id/cancel" # fi # done # fi # <<: *main_common #merge_request_main_into_main: # stage: merge_request_main_into_main # script: # - > # if [ "$CI_COMMIT_REF_NAME" == "main" ]; then # # Variables # SOURCE_BRANCH="main" # TARGET_BRANCH="main" # TITLE="Merge main into main created by GitLab CICD" # # # Create Merge Request # curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" \ # --data "source_branch=$SOURCE_BRANCH&target_branch=$TARGET_BRANCH&title=$TITLE" \ # "$GITLAB_API/projects/$PROJECT_ID/merge_requests" # else # echo "Nothing to do" # fi # only: # - main # tags: # - shell #dev_cancel_previous_action: # stage: dev_pre_pipeline # script: # - | # echo "### cancel previous actions in dev branchc ###" # if [[ -n "$CI_JOB_TOKEN" ]]; then # echo "Checking for running jobs in the same pipeline..." # jobs=$(curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs") # for job in $(echo "$jobs" | jq -r '.[] | @base64'); do # _jq() { # echo ${job} | base64 --decode | jq -r ${1} # } # status=$(_jq '.status') # id=$(_jq '.id') # if [[ "$status" == "running" ]] && [[ "$id" != "$CI_JOB_ID" ]]; then # echo "Cancelling job $id" # curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/jobs/$id/cancel" # fi # done # fi # rules: # - if: $CI_COMMIT_BRANCH # <<: *dev_common include: - template: 'Jobs/SAST.gitlab-ci.yml' - template: 'Jobs/Dependency-Scanning.gitlab-ci.yml' Loading Loading @@ -298,10 +219,7 @@ main_secret_detection: cvs_nginx: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -321,10 +239,7 @@ cvs_nginx: cvs_register: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -341,10 +256,7 @@ cvs_register: cvs_ocf_access_control_policy_api: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -361,10 +273,7 @@ cvs_ocf_access_control_policy_api: cvs_ocf_api_invoker_management_api: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -381,10 +290,7 @@ cvs_ocf_api_invoker_management_api: cvs_ocf_api_provider_management_api: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -401,10 +307,7 @@ cvs_ocf_api_provider_management_api: cvs_ocf_auditing_api: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -421,10 +324,7 @@ cvs_ocf_auditing_api: cvs_ocf_discover_service_api: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -441,10 +341,7 @@ cvs_ocf_discover_service_api: cvs_ocf_events_api: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -461,10 +358,7 @@ cvs_ocf_events_api: cvs_ocf_logging_api_invocation_api: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -481,10 +375,7 @@ cvs_ocf_logging_api_invocation_api: cvs_ocf_publish_service_api: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -501,10 +392,7 @@ cvs_ocf_publish_service_api: cvs_ocf_routing_info_api: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -521,10 +409,7 @@ cvs_ocf_routing_info_api: cvs_ocf_security_api: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -540,10 +425,7 @@ cvs_ocf_security_api: cvs_vault: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -559,27 +441,17 @@ cvs_vault: main_build_and_push: stage: main_build_and_push needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection variables: CI_REGISTRY_USER: $CI_REGISTRY_USER CI_REGISTRY: $CI_REGISTRY CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY before_script: - echo "--- Login to Docker registry ---" - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY needs: - cvs_nginx - cvs_register - cvs_ocf_access_control_policy_api - cvs_ocf_api_invoker_management_api - cvs_ocf_api_provider_management_api - cvs_ocf_auditing_api - cvs_ocf_discover_service_api - cvs_ocf_events_api - cvs_ocf_logging_api_invocation_api - cvs_ocf_publish_service_api - cvs_ocf_routing_info_api - cvs_ocf_security_api - cvs_vault - echo "--- Login to Docker registry --- - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading Loading @@ -659,17 +531,31 @@ main_build_and_push: deploy_ocf_main: stage: deploy_ocf_main before_script: - echo "--- cluster production ---" - export KUBECONFIG=$KUBECONFIG_PROD - kubectl cluster-info variables: DOMAIN_PRE_PROD: ocf.pre-production NAMESPACE_PRE_PROD: ocf-main needs: - main_build_and_push - cvs_nginx - cvs_register - cvs_ocf_access_control_policy_api - cvs_ocf_api_invoker_management_api - cvs_ocf_api_provider_management_api - cvs_ocf_auditing_api - cvs_ocf_discover_service_api - cvs_ocf_events_api - cvs_ocf_logging_api_invocation_api - cvs_ocf_publish_service_api - cvs_ocf_routing_info_api - cvs_ocf_security_api - cvs_vault <<: *main_common environment: name: review/main url: https://$NAMESPACE_PRE_PROD.$DOMAIN_PRE_PROD on_stop: delete_ocf_main auto_stop_in: 3 day script: - | helm version Loading Loading @@ -711,44 +597,51 @@ deploy_ocf_main: --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ --set otelcollector.enabled=true \ --set otelcollector.configMap.tempoEndpoint=ocf-main-tempo:4317 \ --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-access-control-policy-api \ --set ocf-access-control-policy.image.tag=main \ --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ --set ocf-access-control-policy.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-access-control-policy.image.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set ocf-access-control-policy.monitoring="true" \ --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-logging-api-invocation-api \ --set ocf-api-invocation-logs.image.tag=main \ --set ocf-access-control-policy.env.logLevel="INFO" \ --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ --set ocf-api-invocation-logs.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-invocation-logs.env.monitoring="true" \ --set ocf-api-invocation-logs.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-api-invoker-management-api \ --set ocf-api-invoker-management.image.tag=main \ --set ocf-api-invocation-logs.env.logLevel="INFO" \ --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ --set ocf-api-invoker-management.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-invoker-management.env.monitoring="true" \ --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \ --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-api-provider-management-api \ --set ocf-api-provider-management.image.tag=main \ --set ocf-api-invoker-management.env.logLevel="INFO" \ --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api \ --set ocf-api-provider-management.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-provider-management.env.monitoring="true" \ --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \ --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-events-api \ --set ocf-events.image.tag=main \ --set ocf-api-provider-management.env.logLevel="INFO" \ --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api \ --set ocf-events.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-events.env.monitoring="true" \ --set ocf-routing-info.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-routing-info-api \ --set ocf-routing-info.image.tag=main \ --set ocf-events.env.logLevel="INFO" \ --set ocf-routing-info.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api \ --set ocf-routing-info.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-routing-info.env.monitoring="true" \ --set ocf-security.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-security-api \ --set ocf-security.image.tag=main \ --set ocf-routing-info.env.logLevel="INFO" \ --set ocf-security.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api \ --set ocf-security.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-security.env.monitoring="true" \ --set ocf-security.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-security.env.vaultPort=$VAULT_PORT \ --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-register.image.repository=$CI_REGISTRY/ocf/capif/main/register \ --set ocf-register.image.tag=main \ --set ocf-security.env.logLevel="INFO" \ --set ocf-register.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register \ --set ocf-register.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-register.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-register.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-register.env.vaultPort=$VAULT_PORT \ Loading @@ -759,17 +652,21 @@ deploy_ocf_main: --set ocf-register.ingress.hosts[0].host=register-main.$DOMAIN_PRE_PROD \ --set ocf-register.ingress.hosts[0].paths[0].path="/" \ --set ocf-register.ingress.hosts[0].paths[0].pathType="Prefix" \ --set ocf-auditing-api-logs.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-auditing-api \ --set ocf-auditing-api-logs.image.tag=main \ --set ocf-register.env.logLevel="INFO" \ --set ocf-auditing-api-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api \ --set ocf-auditing-api-logs.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-auditing-api-logs.env.monitoring="true" \ --set ocf-publish-service-api.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-publish-service-api \ --set ocf-publish-service-api.image.tag=main \ --set ocf-auditing-api-logs.env.logLevel="INFO" \ --set ocf-publish-service-api.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api \ --set ocf-publish-service-api.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-publish-service-api.env.monitoring="true" \ --set ocf-discover-service-api.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-discover-service-api \ --set ocf-discover-service-api.image.tag=main \ --set ocf-publish-service-api.env.logLevel="INFO" \ --set ocf-discover-service-api.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api \ --set ocf-discover-service-api.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-discover-service-api.env.monitoring="true" \ --set nginx.image.repository=$CI_REGISTRY/ocf/capif/main/nginx \ --set nginx.image.tag=main \ --set ocf-discover-service-api.env.logLevel="INFO" \ --set nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ --set nginx.image.tag=$CI_COMMIT_REF_SLUG \ --set nginx.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set nginx.env.vaultHostname=$VAULT_HOSTNAME \ --set nginx.env.vaultPort=$VAULT_PORT \ Loading @@ -778,19 +675,22 @@ deploy_ocf_main: --set nginx.ingress.hosts[0].host=capif-main.$DOMAIN_PRE_PROD \ --set nginx.ingress.hosts[0].paths[0].path="/" \ --set nginx.ingress.hosts[0].paths[0].pathType="Prefix" \ --set ocf-helper.image.repository=$CI_REGISTRY/ocf/capif/main/helper \ --set ocf-helper.image.tag=main \ --set nginx.env.logLevel="info" \ --set ocf-helper.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper \ --set ocf-helper.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-helper.env.vaultPort=$VAULT_PORT \ --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-helper.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set mock-server.enabled=false \ --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/main/mock-server \ --set mock-server.image.tag=main \ --set mock-server.ingress.enabled=false \ --set ocf-helper.env.logLevel="INFO" \ --set mock-server.enabled=true \ --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server \ --set mock-server.image.tag=$CI_COMMIT_REF_SLUG \ --set mock-server.ingress.enabled=true \ --set mock-server.ingress.hosts[0].host=mock-server-main.$DOMAIN_PRE_PROD \ --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mock-server.env.logLevel="INFO" \ --set mongo-register-express.enabled=true \ --set mongo-register-express.ingress.enabled=true \ --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-main.$DOMAIN_PRE_PROD" \ Loading @@ -810,14 +710,3 @@ main_rf_testing: - | echo "------ Robot Framework Testing ------" <<: *main_common No newline at end of file delete_ocf_main: stage: delete_ocf_main <<: *main_common script: - echo "### deleting environment $NAMESPACE_main###" # - helm uninstall -n $NAMESPACE_main ocf --kubeconfig ~/cluster.kubeconfig when: manual environment: name: review/main action: stop No newline at end of file capif/templates/ci_main.gitlab-ci.yml +122 −71 File changed.Preview size limit exceeded, changes collapsed. Show changes capif/templates/ci_staging.gitlab-ci.yml +23 −1 Original line number Diff line number Diff line Loading @@ -8,6 +8,7 @@ stages: - staging_security - staging_build_and_push - staging_build_and_push_mr - staging_container_scanning # DELETE variables: CI_JOB_TOKEN: $CI_JOB_TOKEN Loading Loading @@ -416,3 +417,24 @@ staging_build_and_push_mr: - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" - docker logout $CI_REGISTRY cvs_nginx: stage: staging_container_scanning needs: - staging_unit_tests before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - ls -lrta extends: container_scanning variables: CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" CS_REGISTRY_USER: $CI_REGISTRY_USER CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY # GIT_STRATEGY: fetch # CS_DOCKERFILE_PATH: capif/services/nginx/ SECURE_LOG_LEVEL: debug <<: *staging_dnd No newline at end of file Loading
capif/.gitlab-ci.yml +82 −193 Original line number Diff line number Diff line Loading @@ -4,6 +4,7 @@ stages: - test - main_sast - main_container_scanning - staging_container_scanning # DELETE - main_build_and_push - deploy_ocf_main - main_rf_testing Loading Loading @@ -64,86 +65,6 @@ variables: tags: - docker-in-docker #.main_common: &main_common # only: # - merge_requests # except: # variables: # - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "main" # tags: # - shell# #.dev_common: &dev_common # tags: # - shell #main_cancel_previous_action: # stage: main_pre_pipeline # script: # - | # if [[ -n "$CI_JOB_TOKEN" ]]; then # echo "Checking for running jobs in the same pipeline..." # jobs=$(curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs") # for job in $(echo "$jobs" | jq -r '.[] | @base64'); do # _jq() { # echo ${job} | base64 --decode | jq -r ${1} # } # status=$(_jq '.status') # id=$(_jq '.id') # if [[ "$status" == "running" ]] && [[ "$id" != "$CI_JOB_ID" ]]; then # echo "Cancelling job $id" # curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/jobs/$id/cancel" # fi # done # fi # <<: *main_common #merge_request_main_into_main: # stage: merge_request_main_into_main # script: # - > # if [ "$CI_COMMIT_REF_NAME" == "main" ]; then # # Variables # SOURCE_BRANCH="main" # TARGET_BRANCH="main" # TITLE="Merge main into main created by GitLab CICD" # # # Create Merge Request # curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" \ # --data "source_branch=$SOURCE_BRANCH&target_branch=$TARGET_BRANCH&title=$TITLE" \ # "$GITLAB_API/projects/$PROJECT_ID/merge_requests" # else # echo "Nothing to do" # fi # only: # - main # tags: # - shell #dev_cancel_previous_action: # stage: dev_pre_pipeline # script: # - | # echo "### cancel previous actions in dev branchc ###" # if [[ -n "$CI_JOB_TOKEN" ]]; then # echo "Checking for running jobs in the same pipeline..." # jobs=$(curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs") # for job in $(echo "$jobs" | jq -r '.[] | @base64'); do # _jq() { # echo ${job} | base64 --decode | jq -r ${1} # } # status=$(_jq '.status') # id=$(_jq '.id') # if [[ "$status" == "running" ]] && [[ "$id" != "$CI_JOB_ID" ]]; then # echo "Cancelling job $id" # curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/jobs/$id/cancel" # fi # done # fi # rules: # - if: $CI_COMMIT_BRANCH # <<: *dev_common include: - template: 'Jobs/SAST.gitlab-ci.yml' - template: 'Jobs/Dependency-Scanning.gitlab-ci.yml' Loading Loading @@ -298,10 +219,7 @@ main_secret_detection: cvs_nginx: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -321,10 +239,7 @@ cvs_nginx: cvs_register: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -341,10 +256,7 @@ cvs_register: cvs_ocf_access_control_policy_api: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -361,10 +273,7 @@ cvs_ocf_access_control_policy_api: cvs_ocf_api_invoker_management_api: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -381,10 +290,7 @@ cvs_ocf_api_invoker_management_api: cvs_ocf_api_provider_management_api: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -401,10 +307,7 @@ cvs_ocf_api_provider_management_api: cvs_ocf_auditing_api: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -421,10 +324,7 @@ cvs_ocf_auditing_api: cvs_ocf_discover_service_api: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -441,10 +341,7 @@ cvs_ocf_discover_service_api: cvs_ocf_events_api: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -461,10 +358,7 @@ cvs_ocf_events_api: cvs_ocf_logging_api_invocation_api: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -481,10 +375,7 @@ cvs_ocf_logging_api_invocation_api: cvs_ocf_publish_service_api: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -501,10 +392,7 @@ cvs_ocf_publish_service_api: cvs_ocf_routing_info_api: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -521,10 +409,7 @@ cvs_ocf_routing_info_api: cvs_ocf_security_api: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -540,10 +425,7 @@ cvs_ocf_security_api: cvs_vault: stage: main_container_scanning needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading @@ -559,27 +441,17 @@ cvs_vault: main_build_and_push: stage: main_build_and_push needs: - main_semgrep_sast - main_kubesec_sast - main_gemnasium_python_dependency_scanning - main_secret_detection variables: CI_REGISTRY_USER: $CI_REGISTRY_USER CI_REGISTRY: $CI_REGISTRY CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY before_script: - echo "--- Login to Docker registry ---" - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY needs: - cvs_nginx - cvs_register - cvs_ocf_access_control_policy_api - cvs_ocf_api_invoker_management_api - cvs_ocf_api_provider_management_api - cvs_ocf_auditing_api - cvs_ocf_discover_service_api - cvs_ocf_events_api - cvs_ocf_logging_api_invocation_api - cvs_ocf_publish_service_api - cvs_ocf_routing_info_api - cvs_ocf_security_api - cvs_vault - echo "--- Login to Docker registry --- - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" Loading Loading @@ -659,17 +531,31 @@ main_build_and_push: deploy_ocf_main: stage: deploy_ocf_main before_script: - echo "--- cluster production ---" - export KUBECONFIG=$KUBECONFIG_PROD - kubectl cluster-info variables: DOMAIN_PRE_PROD: ocf.pre-production NAMESPACE_PRE_PROD: ocf-main needs: - main_build_and_push - cvs_nginx - cvs_register - cvs_ocf_access_control_policy_api - cvs_ocf_api_invoker_management_api - cvs_ocf_api_provider_management_api - cvs_ocf_auditing_api - cvs_ocf_discover_service_api - cvs_ocf_events_api - cvs_ocf_logging_api_invocation_api - cvs_ocf_publish_service_api - cvs_ocf_routing_info_api - cvs_ocf_security_api - cvs_vault <<: *main_common environment: name: review/main url: https://$NAMESPACE_PRE_PROD.$DOMAIN_PRE_PROD on_stop: delete_ocf_main auto_stop_in: 3 day script: - | helm version Loading Loading @@ -711,44 +597,51 @@ deploy_ocf_main: --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ --set otelcollector.enabled=true \ --set otelcollector.configMap.tempoEndpoint=ocf-main-tempo:4317 \ --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-access-control-policy-api \ --set ocf-access-control-policy.image.tag=main \ --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ --set ocf-access-control-policy.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-access-control-policy.image.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set ocf-access-control-policy.monitoring="true" \ --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-logging-api-invocation-api \ --set ocf-api-invocation-logs.image.tag=main \ --set ocf-access-control-policy.env.logLevel="INFO" \ --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ --set ocf-api-invocation-logs.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-invocation-logs.env.monitoring="true" \ --set ocf-api-invocation-logs.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-api-invoker-management-api \ --set ocf-api-invoker-management.image.tag=main \ --set ocf-api-invocation-logs.env.logLevel="INFO" \ --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ --set ocf-api-invoker-management.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-invoker-management.env.monitoring="true" \ --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \ --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-api-provider-management-api \ --set ocf-api-provider-management.image.tag=main \ --set ocf-api-invoker-management.env.logLevel="INFO" \ --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api \ --set ocf-api-provider-management.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-provider-management.env.monitoring="true" \ --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \ --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-events-api \ --set ocf-events.image.tag=main \ --set ocf-api-provider-management.env.logLevel="INFO" \ --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api \ --set ocf-events.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-events.env.monitoring="true" \ --set ocf-routing-info.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-routing-info-api \ --set ocf-routing-info.image.tag=main \ --set ocf-events.env.logLevel="INFO" \ --set ocf-routing-info.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api \ --set ocf-routing-info.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-routing-info.env.monitoring="true" \ --set ocf-security.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-security-api \ --set ocf-security.image.tag=main \ --set ocf-routing-info.env.logLevel="INFO" \ --set ocf-security.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api \ --set ocf-security.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-security.env.monitoring="true" \ --set ocf-security.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-security.env.vaultPort=$VAULT_PORT \ --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-register.image.repository=$CI_REGISTRY/ocf/capif/main/register \ --set ocf-register.image.tag=main \ --set ocf-security.env.logLevel="INFO" \ --set ocf-register.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register \ --set ocf-register.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-register.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-register.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-register.env.vaultPort=$VAULT_PORT \ Loading @@ -759,17 +652,21 @@ deploy_ocf_main: --set ocf-register.ingress.hosts[0].host=register-main.$DOMAIN_PRE_PROD \ --set ocf-register.ingress.hosts[0].paths[0].path="/" \ --set ocf-register.ingress.hosts[0].paths[0].pathType="Prefix" \ --set ocf-auditing-api-logs.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-auditing-api \ --set ocf-auditing-api-logs.image.tag=main \ --set ocf-register.env.logLevel="INFO" \ --set ocf-auditing-api-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api \ --set ocf-auditing-api-logs.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-auditing-api-logs.env.monitoring="true" \ --set ocf-publish-service-api.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-publish-service-api \ --set ocf-publish-service-api.image.tag=main \ --set ocf-auditing-api-logs.env.logLevel="INFO" \ --set ocf-publish-service-api.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api \ --set ocf-publish-service-api.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-publish-service-api.env.monitoring="true" \ --set ocf-discover-service-api.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-discover-service-api \ --set ocf-discover-service-api.image.tag=main \ --set ocf-publish-service-api.env.logLevel="INFO" \ --set ocf-discover-service-api.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api \ --set ocf-discover-service-api.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-discover-service-api.env.monitoring="true" \ --set nginx.image.repository=$CI_REGISTRY/ocf/capif/main/nginx \ --set nginx.image.tag=main \ --set ocf-discover-service-api.env.logLevel="INFO" \ --set nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ --set nginx.image.tag=$CI_COMMIT_REF_SLUG \ --set nginx.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set nginx.env.vaultHostname=$VAULT_HOSTNAME \ --set nginx.env.vaultPort=$VAULT_PORT \ Loading @@ -778,19 +675,22 @@ deploy_ocf_main: --set nginx.ingress.hosts[0].host=capif-main.$DOMAIN_PRE_PROD \ --set nginx.ingress.hosts[0].paths[0].path="/" \ --set nginx.ingress.hosts[0].paths[0].pathType="Prefix" \ --set ocf-helper.image.repository=$CI_REGISTRY/ocf/capif/main/helper \ --set ocf-helper.image.tag=main \ --set nginx.env.logLevel="info" \ --set ocf-helper.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper \ --set ocf-helper.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-helper.env.vaultPort=$VAULT_PORT \ --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-helper.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set mock-server.enabled=false \ --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/main/mock-server \ --set mock-server.image.tag=main \ --set mock-server.ingress.enabled=false \ --set ocf-helper.env.logLevel="INFO" \ --set mock-server.enabled=true \ --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server \ --set mock-server.image.tag=$CI_COMMIT_REF_SLUG \ --set mock-server.ingress.enabled=true \ --set mock-server.ingress.hosts[0].host=mock-server-main.$DOMAIN_PRE_PROD \ --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mock-server.env.logLevel="INFO" \ --set mongo-register-express.enabled=true \ --set mongo-register-express.ingress.enabled=true \ --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-main.$DOMAIN_PRE_PROD" \ Loading @@ -810,14 +710,3 @@ main_rf_testing: - | echo "------ Robot Framework Testing ------" <<: *main_common No newline at end of file delete_ocf_main: stage: delete_ocf_main <<: *main_common script: - echo "### deleting environment $NAMESPACE_main###" # - helm uninstall -n $NAMESPACE_main ocf --kubeconfig ~/cluster.kubeconfig when: manual environment: name: review/main action: stop No newline at end of file
capif/templates/ci_main.gitlab-ci.yml +122 −71 File changed.Preview size limit exceeded, changes collapsed. Show changes
capif/templates/ci_staging.gitlab-ci.yml +23 −1 Original line number Diff line number Diff line Loading @@ -8,6 +8,7 @@ stages: - staging_security - staging_build_and_push - staging_build_and_push_mr - staging_container_scanning # DELETE variables: CI_JOB_TOKEN: $CI_JOB_TOKEN Loading Loading @@ -416,3 +417,24 @@ staging_build_and_push_mr: - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" - docker logout $CI_REGISTRY cvs_nginx: stage: staging_container_scanning needs: - staging_unit_tests before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - ls -lrta extends: container_scanning variables: CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" CS_REGISTRY_USER: $CI_REGISTRY_USER CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY # GIT_STRATEGY: fetch # CS_DOCKERFILE_PATH: capif/services/nginx/ SECURE_LOG_LEVEL: debug <<: *staging_dnd No newline at end of file
