stages:
# - dev_pulling_repo
- dev_pre_pipeline
- dev_secrets_in_repo
- dev_linting
- dev_build_and_push
variables:
CI_JOB_TOKEN: $CI_JOB_TOKEN
CI_DEBUG_TRACE: "false"
CI_REGISTRY_USER: $CI_REGISTRY_USER
CI_REGISTRY: $CI_REGISTRY
CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY
.dev_common: &dev_common
tags:
- shell
#dev_pulling_repo:
# stage: dev_pulling_repo
# script:
# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git
# <<: *dev_common
dev_cancel_previous_action:
stage: dev_pre_pipeline
script:
- |
echo "### cancel previous actions in dev branchc ###"
# if [[ -n "$CI_JOB_TOKEN" ]]; then
# echo "Checking for running jobs in the same pipeline..."
# jobs=$(curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs")
# for job in $(echo "$jobs" | jq -r '.[] | @base64'); do
# _jq() {
# echo ${job} | base64 --decode | jq -r ${1}
# }
# status=$(_jq '.status')
# id=$(_jq '.id')
# if [[ "$status" == "running" ]] && [[ "$id" != "$CI_JOB_ID" ]]; then
# echo "Cancelling job $id"
# curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/jobs/$id/cancel"
# fi
# done
# fi
rules:
- if: $CI_COMMIT_BRANCH
<<: *dev_common
dev_secrets_in_repo:
needs:
- dev_cancel_previous_action
stage: dev_secrets_in_repo
script:
- |
pip install trufflehog
cd ../
trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5
# needs: ["dev_pulling_repo"]
<<: *dev_common
# define the process to do linting code: Sonarque, ruff?
dev_linting_code:
stage: dev_linting
script:
- |
echo "###ruff checks###"
pip install ruff
ruff check --config cicd/ruff.toml . || true
needs: ["dev_secrets_in_repo"]
<<: *dev_common
dev_linting_docker:
stage: dev_linting
script:
- |
# Download hadolint binary
wget https://github.com/hadolint/hadolint/releases/download/v2.8.0/hadolint-Linux-x86_64 -O hadolint
# Make it executable
chmod +x hadolint
# Move it to your binaries folder
mv hadolint ../
# Verify the installation
echo "### hadolint version ###"
../hadolint --version
# Array of service names
SERVICES=("capif-client" "vault" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API"
"TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" "TS29222_CAPIF_Events_API"
"TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API"
"vault")
# Loop over service names
for SERVICE in "${SERVICES[@]}"; do
echo "### $SERVICE ###"
# Run hadolint on Dockerfile
../hadolint services/$SERVICE/Dockerfile || true
echo "----------------------------------------------------"
done
# artifacts:
# name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
# when: always
# reports:
# codequality:
# - docker-lint.json
# interruptible: true
<<: *dev_common
dev_build_and_push:
needs:
- dev_linting_code
- dev_linting_docker
stage: dev_build_and_push
script:
- export TMP_PWD=$PWD
- echo "TMP_PWD=$TMP_PWD"
- echo "### build and push capif-client image###"
- cd services/capif-client/
- docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY
- docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG .
- docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG
- echo "----------------------------------------------------"
- echo "### build and push nginx image###"
- cd $TMP_PWD/services/nginx/
- docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG .
- docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG
- echo "----------------------------------------------------"
- echo "### build and push register image###"
- cd $TMP_PWD/services/register/
- docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG .
- docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG
- echo "----------------------------------------------------"
- echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###"
- cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/
- docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG .
- docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG
- echo "----------------------------------------------------"
- echo "### build and push TS29222_CAPIF_API_Invoker_Management_API image###"
- cd $TMP_PWD/services/TS29222_CAPIF_API_Invoker_Management_API/
- docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG .
- docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG
- echo "----------------------------------------------------"
- echo "### build and push TS29222_CAPIF_API_Provider_Management_API image###"
- cd $TMP_PWD/services/TS29222_CAPIF_API_Provider_Management_API/
- docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG .
- docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG
- echo "----------------------------------------------------"
- echo "### build and push TS29222_CAPIF_Auditing_API image###"
- cd $TMP_PWD/services/TS29222_CAPIF_Auditing_API/
- docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG .
- docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG
- echo "----------------------------------------------------"
- echo "### build and push TS29222_CAPIF_Discover_Service_API image###"
- cd $TMP_PWD/services/TS29222_CAPIF_Discover_Service_API/
- docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG .
- docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG
- echo "----------------------------------------------------"
- echo "### build and push TS29222_CAPIF_Events_API image###"
- cd $TMP_PWD/services/TS29222_CAPIF_Events_API/
- docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG .
- docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG
- echo "----------------------------------------------------"
- echo "### build and push TS29222_CAPIF_Logging_API_Invocation_API image###"
- cd $TMP_PWD/services/TS29222_CAPIF_Logging_API_Invocation_API/
- docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG .
- docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG
- echo "----------------------------------------------------"
- echo "### build and push TS29222_CAPIF_Publish_Service_API image###"
- cd $TMP_PWD/services/TS29222_CAPIF_Publish_Service_API/
- docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG .
- docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG
- echo "----------------------------------------------------"
- echo "### build and push TS29222_CAPIF_Routing_Info_API image###"
- cd $TMP_PWD/services/TS29222_CAPIF_Routing_Info_API/
- docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG .
- docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG
- echo "----------------------------------------------------"
- echo "### build and push TS29222_CAPIF_Security_API image###"
- cd $TMP_PWD/services/TS29222_CAPIF_Security_API/
- docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG .
- docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG
- echo "----------------------------------------------------"
- echo "### build and push vault image###"
- cd $TMP_PWD/services/vault/
- docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG .
- docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG
- echo "----------------------------------------------------"
- docker logout $CI_REGISTRY
<<: *dev_common