test create metadata.json, build, unit tests, pen tests, publish image, trigger deploy

8206eec6 · Malin, James (Contractor) Christopher · e7847310 · 8206eec6
Commit 8206eec6 authored May 29, 2019 by Malin, James (Contractor) Christopher
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -66,7 +66,13 @@ initialize:
    # - for env in "${!APP_@}"; do printf '%s=%s\n' "$env" "${!env}"; done;
    # - for i in "${MY_ARRAY_#[@]}"; do echo "$i"; done

-    # - for env in "${!APP_@}"; do echo "$env"="${!env}" >> test.txt; done;
+    # - PREFIXED VARIABLES NEEDED FOR DEPLOY
+    # - for env in "${!APP_@}"; do echo export "$env"="${!env}" >> test.txt; done;
+
+    - echo "export THISISENV=testit" >> test.sh
+    - cat test.sh
+    - source test.sh | while read line; do export "$line"; done
+    - echo $THISISENV

    - node metadata.js ${branch} ${CI_COMMIT_SHA} ${IMAGE_VERSION}
    - cat temp-metadata.json
@@ -85,13 +91,12 @@ build:
  script:
    - echo "Building..."
    - mv temp-metadata.json metadata.json
-    - cat metadata.json
-    # # build a local directory to be used later for testing or deploying
-    # - mkdir docker-images
-    # # build image and save
-    # - "docker build --build-arg FROM_IMAGE=$BASE_IMAGE
-    # --build-arg BUILD_IMAGE=$BUILDER_IMAGE -t $LOCAL_IMAGE ."
-    # - docker save $LOCAL_IMAGE > docker-images/app.tar
+    # build a local directory to be used later for testing or deploying
+    - mkdir docker-images
+    # build image and save
+    - "docker build --build-arg FROM_IMAGE=$BASE_IMAGE
+    --build-arg BUILD_IMAGE=$BUILDER_IMAGE -t $LOCAL_IMAGE ."
+    - docker save $LOCAL_IMAGE > docker-images/app.tar
    
  # Needed later when loading docker images
  # Could test without the docker images saved and try to pull local image
@@ -105,97 +110,97 @@ build:
  #   paths:
  #     - docker-images

-# run unit tests:
-#   stage: unit-tests
-#   image: trion/ng-cli-e2e
-#   cache:
-#     # untracked: true # cache all files that are untracked in your Git repository
-#     # job doesn’t alter cached files, skip the upload step by setting policy: pull
-#     policy: pull 
-#   # only:
-#   #   - master
-#   script:
-#     - npm install --no-audit --no-save
-#     - ng lint
-#     - ng test hazdev-ng-geoserve-output --watch=false --code-coverage --progress false --browsers ChromeHeadless
-#     - npm run build
-#     - ng test earthquake-geoserve-ui --watch=false --code-coverage --progress false --browsers ChromeHeadless
-#     - ng e2e
-
-# run penetration tests:
-#   stage: pen-tests
-#   image: docker:stable
-#   cache:
-#     policy: pull
-#   # before_script:
-#   #   - npm i
-#   #   - npm i highlightjs
-#   # only:
-#   #   - master
-#   script:
-#     - mkdir -p $OWASP_REPORT_DIR
-#     - chmod 777 $OWASP_REPORT_DIR
-#     - docker load -i docker-images/app.tar
-#     - docker run --rm --name $LOCAL_CONTAINER -d $LOCAL_IMAGE
-#     - docker run --rm -d -u zap --name=$OWASP_CONTAINER --link=$LOCAL_CONTAINER:application -v $OWASP_REPORT_DIR:/zap/reports:rw -i $OWASP_IMAGE zap.sh -daemon -port $ZAP_API_PORT -config api.disablekey=true
-#     - sleep 20
-#     # docker run --rm -d -u zap --name=earthquake-geoserve-ui-3-OWASP --link=earthquake-geoserve-ui-3-PENTEST:application -v /var/lib/jenkins/workspace/HazDev/earthquake-geoserve/build-ui/owasp-data:/zap/reports:rw -i code.chs.usgs.gov:5001/devops/images/owasp/zap2docker-stable zap.sh -daemon -port 8090 -config api.disablekey=true
-#     # docker run --rm --name earthquake-geoserve-ui-1.0.4-PENTEST -d jamesmalin/usgs-geoserve-ui:1.0.4
-#     # docker run --rm -d -u zap --name=earthquake-geoserve-ui-1.0.4-OWASP --link=earthquake-geoserve-ui-1.0.4-PENTEST:application -v /owasp-data:/zap/reports:rw -i owasp/zap2docker-stable zap.sh -daemon -port 8090 -config api.disablekey=true
-#     - "docker exec -i ${OWASP_CONTAINER} 
-#     curl -I localhost:${ZAP_API_PORT} 
-#     > /dev/null 2>&1 && echo 'SUCCESS'"
-#     - docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT spider http://$PENTEST_IP/
-#     - docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT active-scan http://$PENTEST_IP/
-#     - docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT report -o owasp-zap-report.html -f html
-#     - docker stop $OWASP_CONTAINER ${LOCAL_CONTAINER}
-#   artifacts: # can you make this not available to the public
-#     paths:
-#       - owasp-zap-report.html
-#       - docker-images
-#   dependencies:
-#     - build
-
-#     ###### Publish ######
-
-# publish image:
-#   stage: publish-image
-#   image: docker:stable
-#   only:
-#     - merge_requests
-#   before_script:
-#     # - curl -O https://bootstrap.pypa.io/get-pip.py
-#     # - python3 get-pip.py --user
-#     # - /root/.local/bin/pip3 install awscli --upgrade --user
-#     # - npm install -g docker
-#     # - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
-#   script:
-#     # - aws cloudformation package --template-file ./deployment/aws-create-user.json --s3-bucket $S3_BUCKET --output-template usgs-user-template-export.yml
-#     # - aws cloudformation deploy --template-file /builds/jmalin/earthquake-geoserve-ui/usgs-user-template-export.yml --stack-name usgs-user-deploy-stack
-#     # Re-tag candidate image as actual image name and push actual image to repository
-#     # TODO - Deploy to USGS Hazdev Registry
-#     # - docker build --build-arg FROM_IMAGE=$BASE_IMAGE --build-arg BUILD_IMAGE=$BUILDER_IMAGE -t $LOCAL_IMAGE .
-#     - docker load -i docker-images/app.tar
-#     - docker tag ${LOCAL_IMAGE} ${DEPLOY_IMAGE}:${IMAGE_VERSION}
-#     - echo "$CHS_PASSWORD" | docker login --username $CHS_USERNAME --password-stdin $GITLAB_INNERSOURCE_REGISTRY
-#     - docker push ${DEPLOY_IMAGE}:${IMAGE_VERSION}
-
-#     # Re-tag candidate image as public image name and push to docker hub
-#     # For a private registry include registry URL
-#     - docker tag ${LOCAL_IMAGE} ${DOCKER_HUB_IMAGE}:${IMAGE_VERSION}
-#     # login to dockerhub
-#     - echo "$DOCKER_PASSWORD" | docker login --username $DOCKER_USERNAME --password-stdin
-#     - docker push ${DOCKER_HUB_IMAGE}:${IMAGE_VERSION}
-#     # Delete pass file
-#     - rm -rf /root/.docker/config.json
-#   dependencies:
-#     - build
-#     # - 'run unit tests'
-#     # - 'run penetration tests'
-#   cache:
-#     key: "$CI_BUILD_REF_NAME"
-#     paths:
-#       - docker-images
+run unit tests:
+  stage: unit-tests
+  image: trion/ng-cli-e2e
+  cache:
+    # untracked: true # cache all files that are untracked in your Git repository
+    # job doesn’t alter cached files, skip the upload step by setting policy: pull
+    policy: pull 
+  # only:
+  #   - master
+  script:
+    - npm install --no-audit --no-save
+    - ng lint
+    - ng test hazdev-ng-geoserve-output --watch=false --code-coverage --progress false --browsers ChromeHeadless
+    - npm run build
+    - ng test earthquake-geoserve-ui --watch=false --code-coverage --progress false --browsers ChromeHeadless
+    - ng e2e
+
+run penetration tests:
+  stage: pen-tests
+  image: docker:stable
+  cache:
+    policy: pull
+  # before_script:
+  #   - npm i
+  #   - npm i highlightjs
+  # only:
+  #   - master
+  script:
+    - mkdir -p $OWASP_REPORT_DIR
+    - chmod 777 $OWASP_REPORT_DIR
+    - docker load -i docker-images/app.tar
+    - docker run --rm --name $LOCAL_CONTAINER -d $LOCAL_IMAGE
+    - docker run --rm -d -u zap --name=$OWASP_CONTAINER --link=$LOCAL_CONTAINER:application -v $OWASP_REPORT_DIR:/zap/reports:rw -i $OWASP_IMAGE zap.sh -daemon -port $ZAP_API_PORT -config api.disablekey=true
+    - sleep 20
+    # docker run --rm -d -u zap --name=earthquake-geoserve-ui-3-OWASP --link=earthquake-geoserve-ui-3-PENTEST:application -v /var/lib/jenkins/workspace/HazDev/earthquake-geoserve/build-ui/owasp-data:/zap/reports:rw -i code.chs.usgs.gov:5001/devops/images/owasp/zap2docker-stable zap.sh -daemon -port 8090 -config api.disablekey=true
+    # docker run --rm --name earthquake-geoserve-ui-1.0.4-PENTEST -d jamesmalin/usgs-geoserve-ui:1.0.4
+    # docker run --rm -d -u zap --name=earthquake-geoserve-ui-1.0.4-OWASP --link=earthquake-geoserve-ui-1.0.4-PENTEST:application -v /owasp-data:/zap/reports:rw -i owasp/zap2docker-stable zap.sh -daemon -port 8090 -config api.disablekey=true
+    - "docker exec -i ${OWASP_CONTAINER} 
+    curl -I localhost:${ZAP_API_PORT} 
+    > /dev/null 2>&1 && echo 'SUCCESS'"
+    - docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT spider http://$PENTEST_IP/
+    - docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT active-scan http://$PENTEST_IP/
+    - docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT report -o owasp-zap-report.html -f html
+    - docker stop $OWASP_CONTAINER ${LOCAL_CONTAINER}
+  artifacts: # can you make this not available to the public
+    paths:
+      - owasp-zap-report.html
+      - docker-images
+  dependencies:
+    - build
+
+    ###### Publish ######
+
+publish image:
+  stage: publish-image
+  image: docker:stable
+  only:
+    - merge_requests
+  before_script:
+    # - curl -O https://bootstrap.pypa.io/get-pip.py
+    # - python3 get-pip.py --user
+    # - /root/.local/bin/pip3 install awscli --upgrade --user
+    # - npm install -g docker
+    # - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+  script:
+    # - aws cloudformation package --template-file ./deployment/aws-create-user.json --s3-bucket $S3_BUCKET --output-template usgs-user-template-export.yml
+    # - aws cloudformation deploy --template-file /builds/jmalin/earthquake-geoserve-ui/usgs-user-template-export.yml --stack-name usgs-user-deploy-stack
+    # Re-tag candidate image as actual image name and push actual image to repository
+    # TODO - Deploy to USGS Hazdev Registry
+    # - docker build --build-arg FROM_IMAGE=$BASE_IMAGE --build-arg BUILD_IMAGE=$BUILDER_IMAGE -t $LOCAL_IMAGE .
+    - docker load -i docker-images/app.tar
+    - docker tag ${LOCAL_IMAGE} ${DEPLOY_IMAGE}:${IMAGE_VERSION}
+    - echo "$CHS_PASSWORD" | docker login --username $CHS_USERNAME --password-stdin $GITLAB_INNERSOURCE_REGISTRY
+    - docker push ${DEPLOY_IMAGE}:${IMAGE_VERSION}
+
+    # Re-tag candidate image as public image name and push to docker hub
+    # For a private registry include registry URL
+    - docker tag ${LOCAL_IMAGE} ${DOCKER_HUB_IMAGE}:${IMAGE_VERSION}
+    # login to dockerhub
+    - echo "$DOCKER_PASSWORD" | docker login --username $DOCKER_USERNAME --password-stdin
+    - docker push ${DOCKER_HUB_IMAGE}:${IMAGE_VERSION}
+    # Delete pass file
+    - rm -rf /root/.docker/config.json
+  dependencies:
+    - build
+    # - 'run unit tests'
+    # - 'run penetration tests'
+  cache:
+    key: "$CI_BUILD_REF_NAME"
+    paths:
+      - docker-images

 # trigger container master job
 trigger deploy: