Loading capif/templates/ci_main.gitlab-ci.yml +278 −278 Original line number Original line Diff line number Diff line stages: #stages: # - main_pulling_repo ## - main_pulling_repo - main_secrets_in_repo # - main_secrets_in_repo - main_linting_code # - main_linting_code - main_linting_docker # - main_linting_docker - main_security # - main_security - main_build_and_push # - main_build_and_push # variables: #variables: CI_JOB_TOKEN: $CI_JOB_TOKEN # CI_JOB_TOKEN: $CI_JOB_TOKEN CI_DEBUG_TRACE: "false" # CI_DEBUG_TRACE: "false" CI_REGISTRY_USER: $CI_REGISTRY_USER # CI_REGISTRY_USER: $CI_REGISTRY_USER CI_REGISTRY: $CI_REGISTRY # CI_REGISTRY: $CI_REGISTRY CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY # CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY # .main_common: &main_common #.main_common: &main_common only: # only: - merge_requests # - merge_requests except: # except: variables: # variables: - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "main" # - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "main" tags: # tags: - shell # - shell # .main_dnd: &main_dnd #.main_dnd: &main_dnd allow_failure: true # allow_failure: true rules: # rules: - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"' # - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"' when: always - when: never services: - docker:24.0.5-dind tags: - docker-in-docker main_secrets_in_repo: stage: main_secrets_in_repo script: - | pip install trufflehog cd ../ trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5 <<: *main_common # define the process to do linting code: Sonarque, ruff? main_linting_code: stage: main_linting_code script: - | echo "###ruff checks###" pip install ruff ruff check --config cicd/ruff.toml . || true needs: ["main_secrets_in_repo"] <<: *main_common main_linting_docker: stage: main_linting_docker script: - | # Download hadolint binary wget https://github.com/hadolint/hadolint/releases/download/v2.8.0/hadolint-Linux-x86_64 -O hadolint # Make it executable chmod +x hadolint # Move it to your binaries folder mv hadolint ../ # Verify the installation echo "### hadolint version ###" ../hadolint --version # Array of service names SERVICES=("vault" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" "TS29222_CAPIF_Events_API" "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" "vault") # Loop over service names for SERVICE in "${SERVICES[@]}"; do echo "### $SERVICE ###" # Run hadolint on Dockerfile ../hadolint services/$SERVICE/Dockerfile || true echo "----------------------------------------------------" done # artifacts: # name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" # when: always # when: always # reports: # - when: never # codequality: # services: # - docker-lint.json # - docker:24.0.5-dind # interruptible: true # tags: needs: ["main_linting_code"] # - docker-in-docker <<: *main_common # #main_secrets_in_repo: # stage: main_secrets_in_repo main_cvs: # script: needs: ["main_linting_docker"] # - | stage: main_security # pip install trufflehog script: # cd ../ - | # trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5 # Install grype # <<: *main_common curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b ../ # ## define the process to do linting code: Sonarque, ruff? # Print grype version #main_linting_code: echo "### grype version###" # stage: main_linting_code ../grype version # script: # - | # Create output directory if it doesn't exist # echo "###ruff checks###" DIRECTORY=./grype-outputs # pip install ruff if [ ! -d "$DIRECTORY" ]; then # ruff check --config cicd/ruff.toml . || true mkdir $DIRECTORY # needs: ["main_secrets_in_repo"] echo "Directory created" # <<: *main_common else # echo "Directory already exists" #main_linting_docker: fi # stage: main_linting_docker # script: # Save current directory # - | export TMP_PWD=$PWD # # Download hadolint binary echo "TMP_PWD=$TMP_PWD" # wget https://github.com/hadolint/hadolint/releases/download/v2.8.0/hadolint-Linux-x86_64 -O hadolint # # Array of image names # # Make it executable IMAGE_NAMES=("nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" # chmod +x hadolint "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" # "TS29222_CAPIF_Events_API" "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" # # Move it to your binaries folder "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" "vault") # mv hadolint ../ # # Loop over image names # # Verify the installation for IMAGE_NAME in "${IMAGE_NAMES[@]}"; do # echo "### hadolint version ###" # Convert SERVICE to lowercase # ../hadolint --version IMAGE_LOWER=${IMAGE_NAME,,} # # # Array of service names echo "---- variable ----" # SERVICES=("vault" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" echo "### build and push $IMAGE_NAME image###" # "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" "TS29222_CAPIF_Events_API" # "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" # Navigate to service directory # "vault") cd services/$IMAGE_NAME/ # # # Loop over service names # Login to Docker registry # for SERVICE in "${SERVICES[@]}"; do docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY # echo "### $SERVICE ###" # # Build Docker image # # Run hadolint on Dockerfile docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_LOWER:latest . # ../hadolint services/$SERVICE/Dockerfile || true # # Navigate back to original directory # echo "----------------------------------------------------" cd $TMP_PWD # done # echo "### Container Vulnerability Scanning $IMAGE_NAME###" ## artifacts: ## name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" # Scan Docker image with grype and save output to file ## when: always #../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_LOWER:latest --scope all-layers > ./grype-outputs/grype_$IMAGE_NAME-latest.txt ## reports: ## codequality: echo "----------------------------------------------------" ## - docker-lint.json done ## interruptible: true artifacts: # needs: ["main_linting_code"] untracked: false # <<: *main_common paths: # - ./grype-outputs/*.txt # when: on_success #main_cvs: expire_in: "1 week" # needs: ["main_linting_docker"] <<: *main_common # stage: main_security # script: main_semgrep_sast: # - | needs: # # Install grype - main_linting_code # curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b ../ - main_linting_docker # stage: main_security # # Print grype version extends: semgrep-sast # echo "### grype version###" variables: # ../grype version DOCKER_HOST: tcp://docker:2375 # SAST_DEFAULT_ANALYZERS: bandit # # Create output directory if it doesn't exist <<: *main_dnd # DIRECTORY=./grype-outputs # if [ ! -d "$DIRECTORY" ]; then gemnasium-python-dependency_scanning: # mkdir $DIRECTORY stage: test # echo "Directory created" before_script: # else - echo " ----- not run test stage -----" # echo "Directory already exists" rules: # fi - when: never # # # Save current directory main_gemnasium_python_sca: # export TMP_PWD=$PWD needs: # echo "TMP_PWD=$TMP_PWD" - main_linting_code # - main_linting_docker # # Array of image names stage: staging_security # IMAGE_NAMES=("nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" extends: gemnasium-python-dependency_scanning # "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" variables: # "TS29222_CAPIF_Events_API" "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" DS_ANALYZER_NAME: "gemnasium-python" # "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" "vault") <<: *main_dnd # # # Loop over image names main_build_and_push: # for IMAGE_NAME in "${IMAGE_NAMES[@]}"; do needs: ["main_security"] # # Convert SERVICE to lowercase stage: main_build_and_push # IMAGE_LOWER=${IMAGE_NAME,,} script: # - export TMP_PWD=$PWD # echo "---- variable ----" - echo "TMP_PWD=$TMP_PWD" # echo "### build and push $IMAGE_NAME image###" - echo "### docker login###" # - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY # # Navigate to service directory - echo "----------------------------------------------------" # cd services/$IMAGE_NAME/ - echo "### build and push nginx image###" # - cd $TMP_PWD/services/nginx/ # # Login to Docker registry - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG . # docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # # Build Docker image - echo "### build and push register image###" # docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_LOWER:latest . - cd $TMP_PWD/services/register/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG . # # Navigate back to original directory - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG # cd $TMP_PWD - echo "----------------------------------------------------" # - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###" # echo "### Container Vulnerability Scanning $IMAGE_NAME###" - cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG . # # Scan Docker image with grype and save output to file - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG # #../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_LOWER:latest --scope all-layers > ./grype-outputs/grype_$IMAGE_NAME-latest.txt - echo "----------------------------------------------------" # - echo "### build and push TS29222_CAPIF_API_Invoker_Management_API image###" # echo "----------------------------------------------------" - cd $TMP_PWD/services/TS29222_CAPIF_API_Invoker_Management_API/ # done - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG . # artifacts: - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG # untracked: false - echo "----------------------------------------------------" # paths: - echo "### build and push TS29222_CAPIF_API_Provider_Management_API image###" # - ./grype-outputs/*.txt - cd $TMP_PWD/services/TS29222_CAPIF_API_Provider_Management_API/ # when: on_success - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG . # expire_in: "1 week" - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG # <<: *main_common - echo "----------------------------------------------------" # - echo "### build and push TS29222_CAPIF_Auditing_API image###" #main_semgrep_sast: - cd $TMP_PWD/services/TS29222_CAPIF_Auditing_API/ # needs: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG . # - main_linting_code - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG # - main_linting_docker - echo "----------------------------------------------------" # stage: main_security - echo "### build and push TS29222_CAPIF_Discover_Service_API image###" # extends: semgrep-sast - cd $TMP_PWD/services/TS29222_CAPIF_Discover_Service_API/ # variables: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG . # DOCKER_HOST: tcp://docker:2375 - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG # SAST_DEFAULT_ANALYZERS: bandit - echo "----------------------------------------------------" # <<: *main_dnd - echo "### build and push TS29222_CAPIF_Events_API image###" # - cd $TMP_PWD/services/TS29222_CAPIF_Events_API/ #gemnasium-python-dependency_scanning: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG . # stage: test - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG # before_script: - echo "----------------------------------------------------" # - echo " ----- not run test stage -----" - echo "### build and push TS29222_CAPIF_Logging_API_Invocation_API image###" # rules: - cd $TMP_PWD/services/TS29222_CAPIF_Logging_API_Invocation_API/ # - when: never - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG #main_gemnasium_python_sca: - echo "----------------------------------------------------" # needs: - echo "### build and push TS29222_CAPIF_Publish_Service_API image###" # - main_linting_code - cd $TMP_PWD/services/TS29222_CAPIF_Publish_Service_API/ # - main_linting_docker - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG . # stage: staging_security - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG # extends: gemnasium-python-dependency_scanning - echo "----------------------------------------------------" # variables: - echo "### build and push TS29222_CAPIF_Routing_Info_API image###" # DS_ANALYZER_NAME: "gemnasium-python" - cd $TMP_PWD/services/TS29222_CAPIF_Routing_Info_API/ # <<: *main_dnd - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG #main_build_and_push: - echo "----------------------------------------------------" # needs: ["main_security"] - echo "### build and push TS29222_CAPIF_Security_API image###" # stage: main_build_and_push - cd $TMP_PWD/services/TS29222_CAPIF_Security_API/ # script: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG . # - export TMP_PWD=$PWD - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG # - echo "TMP_PWD=$TMP_PWD" - echo "----------------------------------------------------" # - echo "### docker login###" - echo "### build and push vault image###" # - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY - cd $TMP_PWD/services/vault/ # - echo "----------------------------------------------------" - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG . # - echo "### build and push nginx image###" - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG # - cd $TMP_PWD/services/nginx/ - echo "----------------------------------------------------" # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG . - echo "### build and push helper image###" # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG - cd $TMP_PWD/services/helper/ # - echo "----------------------------------------------------" - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG . # - echo "### build and push register image###" - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG # - cd $TMP_PWD/services/register/ - echo "----------------------------------------------------" # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG . - echo "### build and push mock-server image###" # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG - cd $TMP_PWD/services/mock_server/ # - echo "----------------------------------------------------" - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . # - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###" - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG # - cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/ - echo "----------------------------------------------------" # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG . - docker logout $CI_REGISTRY # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG <<: *main_common # - echo "----------------------------------------------------" # - echo "### build and push TS29222_CAPIF_API_Invoker_Management_API image###" # - cd $TMP_PWD/services/TS29222_CAPIF_API_Invoker_Management_API/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # - echo "### build and push TS29222_CAPIF_API_Provider_Management_API image###" # - cd $TMP_PWD/services/TS29222_CAPIF_API_Provider_Management_API/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # - echo "### build and push TS29222_CAPIF_Auditing_API image###" # - cd $TMP_PWD/services/TS29222_CAPIF_Auditing_API/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # - echo "### build and push TS29222_CAPIF_Discover_Service_API image###" # - cd $TMP_PWD/services/TS29222_CAPIF_Discover_Service_API/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # - echo "### build and push TS29222_CAPIF_Events_API image###" # - cd $TMP_PWD/services/TS29222_CAPIF_Events_API/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # - echo "### build and push TS29222_CAPIF_Logging_API_Invocation_API image###" # - cd $TMP_PWD/services/TS29222_CAPIF_Logging_API_Invocation_API/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # - echo "### build and push TS29222_CAPIF_Publish_Service_API image###" # - cd $TMP_PWD/services/TS29222_CAPIF_Publish_Service_API/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # - echo "### build and push TS29222_CAPIF_Routing_Info_API image###" # - cd $TMP_PWD/services/TS29222_CAPIF_Routing_Info_API/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # - echo "### build and push TS29222_CAPIF_Security_API image###" # - cd $TMP_PWD/services/TS29222_CAPIF_Security_API/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # - echo "### build and push vault image###" # - cd $TMP_PWD/services/vault/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # - echo "### build and push helper image###" # - cd $TMP_PWD/services/helper/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # - echo "### build and push mock-server image###" # - cd $TMP_PWD/services/mock_server/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # - docker logout $CI_REGISTRY # <<: *main_common Loading
capif/templates/ci_main.gitlab-ci.yml +278 −278 Original line number Original line Diff line number Diff line stages: #stages: # - main_pulling_repo ## - main_pulling_repo - main_secrets_in_repo # - main_secrets_in_repo - main_linting_code # - main_linting_code - main_linting_docker # - main_linting_docker - main_security # - main_security - main_build_and_push # - main_build_and_push # variables: #variables: CI_JOB_TOKEN: $CI_JOB_TOKEN # CI_JOB_TOKEN: $CI_JOB_TOKEN CI_DEBUG_TRACE: "false" # CI_DEBUG_TRACE: "false" CI_REGISTRY_USER: $CI_REGISTRY_USER # CI_REGISTRY_USER: $CI_REGISTRY_USER CI_REGISTRY: $CI_REGISTRY # CI_REGISTRY: $CI_REGISTRY CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY # CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY # .main_common: &main_common #.main_common: &main_common only: # only: - merge_requests # - merge_requests except: # except: variables: # variables: - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "main" # - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "main" tags: # tags: - shell # - shell # .main_dnd: &main_dnd #.main_dnd: &main_dnd allow_failure: true # allow_failure: true rules: # rules: - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"' # - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"' when: always - when: never services: - docker:24.0.5-dind tags: - docker-in-docker main_secrets_in_repo: stage: main_secrets_in_repo script: - | pip install trufflehog cd ../ trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5 <<: *main_common # define the process to do linting code: Sonarque, ruff? main_linting_code: stage: main_linting_code script: - | echo "###ruff checks###" pip install ruff ruff check --config cicd/ruff.toml . || true needs: ["main_secrets_in_repo"] <<: *main_common main_linting_docker: stage: main_linting_docker script: - | # Download hadolint binary wget https://github.com/hadolint/hadolint/releases/download/v2.8.0/hadolint-Linux-x86_64 -O hadolint # Make it executable chmod +x hadolint # Move it to your binaries folder mv hadolint ../ # Verify the installation echo "### hadolint version ###" ../hadolint --version # Array of service names SERVICES=("vault" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" "TS29222_CAPIF_Events_API" "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" "vault") # Loop over service names for SERVICE in "${SERVICES[@]}"; do echo "### $SERVICE ###" # Run hadolint on Dockerfile ../hadolint services/$SERVICE/Dockerfile || true echo "----------------------------------------------------" done # artifacts: # name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" # when: always # when: always # reports: # - when: never # codequality: # services: # - docker-lint.json # - docker:24.0.5-dind # interruptible: true # tags: needs: ["main_linting_code"] # - docker-in-docker <<: *main_common # #main_secrets_in_repo: # stage: main_secrets_in_repo main_cvs: # script: needs: ["main_linting_docker"] # - | stage: main_security # pip install trufflehog script: # cd ../ - | # trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5 # Install grype # <<: *main_common curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b ../ # ## define the process to do linting code: Sonarque, ruff? # Print grype version #main_linting_code: echo "### grype version###" # stage: main_linting_code ../grype version # script: # - | # Create output directory if it doesn't exist # echo "###ruff checks###" DIRECTORY=./grype-outputs # pip install ruff if [ ! -d "$DIRECTORY" ]; then # ruff check --config cicd/ruff.toml . || true mkdir $DIRECTORY # needs: ["main_secrets_in_repo"] echo "Directory created" # <<: *main_common else # echo "Directory already exists" #main_linting_docker: fi # stage: main_linting_docker # script: # Save current directory # - | export TMP_PWD=$PWD # # Download hadolint binary echo "TMP_PWD=$TMP_PWD" # wget https://github.com/hadolint/hadolint/releases/download/v2.8.0/hadolint-Linux-x86_64 -O hadolint # # Array of image names # # Make it executable IMAGE_NAMES=("nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" # chmod +x hadolint "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" # "TS29222_CAPIF_Events_API" "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" # # Move it to your binaries folder "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" "vault") # mv hadolint ../ # # Loop over image names # # Verify the installation for IMAGE_NAME in "${IMAGE_NAMES[@]}"; do # echo "### hadolint version ###" # Convert SERVICE to lowercase # ../hadolint --version IMAGE_LOWER=${IMAGE_NAME,,} # # # Array of service names echo "---- variable ----" # SERVICES=("vault" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" echo "### build and push $IMAGE_NAME image###" # "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" "TS29222_CAPIF_Events_API" # "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" # Navigate to service directory # "vault") cd services/$IMAGE_NAME/ # # # Loop over service names # Login to Docker registry # for SERVICE in "${SERVICES[@]}"; do docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY # echo "### $SERVICE ###" # # Build Docker image # # Run hadolint on Dockerfile docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_LOWER:latest . # ../hadolint services/$SERVICE/Dockerfile || true # # Navigate back to original directory # echo "----------------------------------------------------" cd $TMP_PWD # done # echo "### Container Vulnerability Scanning $IMAGE_NAME###" ## artifacts: ## name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" # Scan Docker image with grype and save output to file ## when: always #../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_LOWER:latest --scope all-layers > ./grype-outputs/grype_$IMAGE_NAME-latest.txt ## reports: ## codequality: echo "----------------------------------------------------" ## - docker-lint.json done ## interruptible: true artifacts: # needs: ["main_linting_code"] untracked: false # <<: *main_common paths: # - ./grype-outputs/*.txt # when: on_success #main_cvs: expire_in: "1 week" # needs: ["main_linting_docker"] <<: *main_common # stage: main_security # script: main_semgrep_sast: # - | needs: # # Install grype - main_linting_code # curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b ../ - main_linting_docker # stage: main_security # # Print grype version extends: semgrep-sast # echo "### grype version###" variables: # ../grype version DOCKER_HOST: tcp://docker:2375 # SAST_DEFAULT_ANALYZERS: bandit # # Create output directory if it doesn't exist <<: *main_dnd # DIRECTORY=./grype-outputs # if [ ! -d "$DIRECTORY" ]; then gemnasium-python-dependency_scanning: # mkdir $DIRECTORY stage: test # echo "Directory created" before_script: # else - echo " ----- not run test stage -----" # echo "Directory already exists" rules: # fi - when: never # # # Save current directory main_gemnasium_python_sca: # export TMP_PWD=$PWD needs: # echo "TMP_PWD=$TMP_PWD" - main_linting_code # - main_linting_docker # # Array of image names stage: staging_security # IMAGE_NAMES=("nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" extends: gemnasium-python-dependency_scanning # "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" variables: # "TS29222_CAPIF_Events_API" "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" DS_ANALYZER_NAME: "gemnasium-python" # "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" "vault") <<: *main_dnd # # # Loop over image names main_build_and_push: # for IMAGE_NAME in "${IMAGE_NAMES[@]}"; do needs: ["main_security"] # # Convert SERVICE to lowercase stage: main_build_and_push # IMAGE_LOWER=${IMAGE_NAME,,} script: # - export TMP_PWD=$PWD # echo "---- variable ----" - echo "TMP_PWD=$TMP_PWD" # echo "### build and push $IMAGE_NAME image###" - echo "### docker login###" # - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY # # Navigate to service directory - echo "----------------------------------------------------" # cd services/$IMAGE_NAME/ - echo "### build and push nginx image###" # - cd $TMP_PWD/services/nginx/ # # Login to Docker registry - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG . # docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # # Build Docker image - echo "### build and push register image###" # docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_LOWER:latest . - cd $TMP_PWD/services/register/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG . # # Navigate back to original directory - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG # cd $TMP_PWD - echo "----------------------------------------------------" # - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###" # echo "### Container Vulnerability Scanning $IMAGE_NAME###" - cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG . # # Scan Docker image with grype and save output to file - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG # #../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_LOWER:latest --scope all-layers > ./grype-outputs/grype_$IMAGE_NAME-latest.txt - echo "----------------------------------------------------" # - echo "### build and push TS29222_CAPIF_API_Invoker_Management_API image###" # echo "----------------------------------------------------" - cd $TMP_PWD/services/TS29222_CAPIF_API_Invoker_Management_API/ # done - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG . # artifacts: - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG # untracked: false - echo "----------------------------------------------------" # paths: - echo "### build and push TS29222_CAPIF_API_Provider_Management_API image###" # - ./grype-outputs/*.txt - cd $TMP_PWD/services/TS29222_CAPIF_API_Provider_Management_API/ # when: on_success - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG . # expire_in: "1 week" - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG # <<: *main_common - echo "----------------------------------------------------" # - echo "### build and push TS29222_CAPIF_Auditing_API image###" #main_semgrep_sast: - cd $TMP_PWD/services/TS29222_CAPIF_Auditing_API/ # needs: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG . # - main_linting_code - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG # - main_linting_docker - echo "----------------------------------------------------" # stage: main_security - echo "### build and push TS29222_CAPIF_Discover_Service_API image###" # extends: semgrep-sast - cd $TMP_PWD/services/TS29222_CAPIF_Discover_Service_API/ # variables: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG . # DOCKER_HOST: tcp://docker:2375 - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG # SAST_DEFAULT_ANALYZERS: bandit - echo "----------------------------------------------------" # <<: *main_dnd - echo "### build and push TS29222_CAPIF_Events_API image###" # - cd $TMP_PWD/services/TS29222_CAPIF_Events_API/ #gemnasium-python-dependency_scanning: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG . # stage: test - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG # before_script: - echo "----------------------------------------------------" # - echo " ----- not run test stage -----" - echo "### build and push TS29222_CAPIF_Logging_API_Invocation_API image###" # rules: - cd $TMP_PWD/services/TS29222_CAPIF_Logging_API_Invocation_API/ # - when: never - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG #main_gemnasium_python_sca: - echo "----------------------------------------------------" # needs: - echo "### build and push TS29222_CAPIF_Publish_Service_API image###" # - main_linting_code - cd $TMP_PWD/services/TS29222_CAPIF_Publish_Service_API/ # - main_linting_docker - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG . # stage: staging_security - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG # extends: gemnasium-python-dependency_scanning - echo "----------------------------------------------------" # variables: - echo "### build and push TS29222_CAPIF_Routing_Info_API image###" # DS_ANALYZER_NAME: "gemnasium-python" - cd $TMP_PWD/services/TS29222_CAPIF_Routing_Info_API/ # <<: *main_dnd - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG #main_build_and_push: - echo "----------------------------------------------------" # needs: ["main_security"] - echo "### build and push TS29222_CAPIF_Security_API image###" # stage: main_build_and_push - cd $TMP_PWD/services/TS29222_CAPIF_Security_API/ # script: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG . # - export TMP_PWD=$PWD - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG # - echo "TMP_PWD=$TMP_PWD" - echo "----------------------------------------------------" # - echo "### docker login###" - echo "### build and push vault image###" # - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY - cd $TMP_PWD/services/vault/ # - echo "----------------------------------------------------" - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG . # - echo "### build and push nginx image###" - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG # - cd $TMP_PWD/services/nginx/ - echo "----------------------------------------------------" # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG . - echo "### build and push helper image###" # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG - cd $TMP_PWD/services/helper/ # - echo "----------------------------------------------------" - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG . # - echo "### build and push register image###" - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG # - cd $TMP_PWD/services/register/ - echo "----------------------------------------------------" # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG . - echo "### build and push mock-server image###" # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG - cd $TMP_PWD/services/mock_server/ # - echo "----------------------------------------------------" - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . # - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###" - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG # - cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/ - echo "----------------------------------------------------" # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG . - docker logout $CI_REGISTRY # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG <<: *main_common # - echo "----------------------------------------------------" # - echo "### build and push TS29222_CAPIF_API_Invoker_Management_API image###" # - cd $TMP_PWD/services/TS29222_CAPIF_API_Invoker_Management_API/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # - echo "### build and push TS29222_CAPIF_API_Provider_Management_API image###" # - cd $TMP_PWD/services/TS29222_CAPIF_API_Provider_Management_API/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # - echo "### build and push TS29222_CAPIF_Auditing_API image###" # - cd $TMP_PWD/services/TS29222_CAPIF_Auditing_API/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # - echo "### build and push TS29222_CAPIF_Discover_Service_API image###" # - cd $TMP_PWD/services/TS29222_CAPIF_Discover_Service_API/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # - echo "### build and push TS29222_CAPIF_Events_API image###" # - cd $TMP_PWD/services/TS29222_CAPIF_Events_API/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # - echo "### build and push TS29222_CAPIF_Logging_API_Invocation_API image###" # - cd $TMP_PWD/services/TS29222_CAPIF_Logging_API_Invocation_API/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # - echo "### build and push TS29222_CAPIF_Publish_Service_API image###" # - cd $TMP_PWD/services/TS29222_CAPIF_Publish_Service_API/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # - echo "### build and push TS29222_CAPIF_Routing_Info_API image###" # - cd $TMP_PWD/services/TS29222_CAPIF_Routing_Info_API/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # - echo "### build and push TS29222_CAPIF_Security_API image###" # - cd $TMP_PWD/services/TS29222_CAPIF_Security_API/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # - echo "### build and push vault image###" # - cd $TMP_PWD/services/vault/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # - echo "### build and push helper image###" # - cd $TMP_PWD/services/helper/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # - echo "### build and push mock-server image###" # - cd $TMP_PWD/services/mock_server/ # - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . # - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG # - echo "----------------------------------------------------" # - docker logout $CI_REGISTRY # <<: *main_common
