stages:
- dev_pulling_repo
- dev_secrets_in_repo
- dev_linting_code
- dev_linting_docker
- docker_login
variables:
GITLAB_API: "https://labs.etsi.org/api/v4"
CI_JOB_TOKEN: $CI_JOB_TOKEN
CI_DEBUG_TRACE: "false"
CI_REGISTRY_USER: $CI_REGISTRY_USER
CI_REGISTRY_PASSWORD: $CI_REGISTRY_PASSWORD
CI_REGISTRY: $CI_REGISTRY
CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY
.dev_common: &dev_common
tags:
- shell
#dev_pulling_repo:
# stage: dev_pulling_repo
# script:
# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git
# <<: *dev_common
dev_secrets_in_repo:
stage: dev_secrets_in_repo
script:
- |
pip install trufflehog
cd ../
trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5
# needs: ["dev_pulling_repo"]
<<: *dev_common
# define the process to do linting code: Sonarque, ruff?
dev_linting_code:
stage: dev_linting_code
script:
- |
echo "###ruff checks###"
pip install ruff
ruff check --config cicd/ruff.toml . || true
needs: ["dev_secrets_in_repo"]
<<: *dev_common
dev_linting_docker:
stage: dev_linting_docker
script:
- |
# Download hadolint binary
wget https://github.com/hadolint/hadolint/releases/download/v2.8.0/hadolint-Linux-x86_64 -O hadolint
# Make it executable
chmod +x hadolint
# Move it to your binaries folder
mv hadolint ../
# Verify the installation
../hadolint --version
#find . -name 'services/Dockerfile*' -exec hadolint --no-fail -f gitlab_codeclimate {} + > docker-lint.json
../hadolint services/capif-client/Dockerfile || true
../hadolint services/vault/Dockerfile || true
echo "### nginx ###"
../hadolint services/nginx/Dockerfile || true
echo "### register ###"
../hadolint services/register/Dockerfile || true
echo "### TS29222_CAPIF_Access_Control_Policy_API ###"
../hadolint services/TS29222_CAPIF_Access_Control_Policy_API/Dockerfile || true
echo "### TS29222_CAPIF_API_Invoker_Management_API ###"
../hadolint services/TS29222_CAPIF_API_Invoker_Management_API/Dockerfile || true
echo "### TS29222_CAPIF_API_Provider_Management_API ###"
../hadolint services/TS29222_CAPIF_API_Provider_Management_API/Dockerfile || true
echo "### TS29222_CAPIF_Auditing_API ###"
../hadolint services/TS29222_CAPIF_Auditing_API/Dockerfile || true
echo "### TS29222_CAPIF_Discover_Service_API ###"
../hadolint services/TS29222_CAPIF_Discover_Service_API/Dockerfile || true
echo "### TS29222_CAPIF_Events_API ###"
../hadolint services/TS29222_CAPIF_Events_API/Dockerfile || true
echo "### TS29222_CAPIF_Logging_API_Invocation_API ###"
../hadolint services/TS29222_CAPIF_Logging_API_Invocation_API/Dockerfile || true
echo "### TS29222_CAPIF_Publish_Service_API ###"
../hadolint services/TS29222_CAPIF_Publish_Service_API/Dockerfile || true
echo "### TS29222_CAPIF_Routing_Info_API ###"
../hadolint services/TS29222_CAPIF_Routing_Info_API/Dockerfile || true
echo "### TS29222_CAPIF_Security_API ###"
../hadolint services/TS29222_CAPIF_Security_API/Dockerfile || true
# artifacts:
# name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
# when: always
# reports:
# codequality:
# - docker-lint.json
# interruptible: true
needs: ["dev_linting_code"]
<<: *dev_common
# NOT WORKING: failed when docker login. seem we need to use docker-in-docker rather than
# shell alpine runners
docker_login:
stage: docker_login
image: docker:19.03.12
services:
- docker:19.03.12-dind
tags:
- docker
script:
- |
cd services/capif-client/
docker build -t capif-client:$CI_COMMIT_REF_SLUG .
docker push capif-client:$CI_COMMIT_REF_SLUG
## NOT WORKING: failed when build de images - failed to mount overlay: operation not permitted" storage-driver=overlay2
#docker_login:
# stage: docker_login
# script:
# - |
# #!/bin/bash
#
# # Update your existing list of packages
# apk update
#
# # Install Docker
# apk add docker
#
# # Start the Docker service
# dockerd &
#
# # Verify the installation
# docker --version
#
# echo "### docker login ###"
# docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY
#
# echo "### build & push capif-client ###"
# cd services/capif-client/ && docker build -t capif-client:$CI_COMMIT_REF_SLUG .
#
# docker push capif-client:$CI_COMMIT_REF_SLUG