Commit 956dfa6c authored by Malin, James (Contractor) Christopher's avatar Malin, James (Contractor) Christopher
Browse files

Merge branch 'trigger' into 'master'

Trigger

See merge request !20
parents 1446e5e5 67730669
Pipeline #837 passed with stage
in 18 seconds
variables:
# DOCKER_DRIVER: overlay2
# TEST_IMAGE: node:latest
# RELEASE_IMAGE: node:latest
BUILD_ID: "test"
BUILD_ID: "1.0.6"
APP_NAME: "earthquake-geoserve-ui"
DEVOPS_REGISTRY: "$GITLAB_INNERSOURCE_REGISTRY/devops/images"
# DEVOPS_REGISTRY: "$GITLAB_INNERSOURCE_REGISTRY/devops/images"
#WORKSPACE: "prod"
FAILURE: "null"
# name of the branch; if master, do latest
IMAGE_VERSION: "test"
IMAGE_VERSION: "1.0.6"
SCM_VARS: "[:]"
# Name of image to use as basis when building LOCAL_IMAGE/DEPLOY_IMAGE
BASE_IMAGE: "usgs/nginx:latest"
......@@ -16,21 +13,39 @@ variables:
BUILDER_CONTAINER: $APP_NAME-$BUILD_ID-BUILDER
BUILDER_IMAGE: "usgs/node:10"
# Name of image to deploy (push) to registry
DEPLOY_IMAGE: "$GITLAB_INNERSOURCE_REGISTRY/ghsc/hazdev/earthquake-geoserve/ui"
DOCKER_HUB_IMAGE: "usgs/earthquake-geoserve-ui"
# DOCKER_HUB_IMAGE: "jamesmalin/usgs-geoserve-ui"
DEPLOY_IMAGE: "$GITLAB_INNERSOURCE_REGISTRY:5001/ghsc/hazdev/earthquake-geoserve/ui"
# DOCKER_HUB_IMAGE: "usgs/earthquake-geoserve-ui"
DOCKER_HUB_IMAGE: "jamesmalin/usgs-geoserve-ui"
# Run application locally for testing security vulnerabilities
LOCAL_CONTAINER: $APP_NAME-$BUILD_ID-pentest
LOCAL_CONTAINER: $APP_NAME-$BUILD_ID-PENTEST
LOCAL_IMAGE: local/$APP_NAME:$BUILD_ID
# Runs zap.sh as daemon and used to execute zap-cli calls within
OWASP_CONTAINER: $APP_NAME-$BUILD_ID-owasp
OWASP_IMAGE: "$DEVOPS_REGISTRY/owasp/zap2docker-stable"
OWASP_CONTAINER: $APP_NAME-$BUILD_ID-OWASP
OWASP_IMAGE: "owasp/zap2docker-stable"
OWASP_REPORT_DIR: "owasp-data"
ZAP_API_PORT: "8090"
PENTEST_IP: "application:8080"
PENTEST_IP: 'application:8080'
S3_BUCKET: usgs-cf-templates
# COMBINING VARIABLES FROM DEPLOY JOB
CONFIG: ''
# DEPLOY_DIR: '/tmp/${APP_NAME}'
DEPLOY_APP_NAME: 'earthquake-geoserve'
DEPLOY_DIR: '${APP_NAME}'
REMOTE_DEPLOY_DIR: '/tmp/${DEPLOY_DIR}'
EXPORTS: ''
TARGET_HOSTS: ''
branch: 'origin/master'
REMOTE_USER: 'jmalin'
#WORKING_DIR: '/var/lib/jenkins/workspace/HazDev/earthquake-geoserve/deploy'
#WORKING_DIR: ''
# GENERIC_APP_REPOSITORY: 'https://${CHS_USERNAME}:${CHS_PASSWORD}@${GITLAB_INNERSOURCE_REGISTRY}/ghsc/hazdev/container-deploy.git'
# CUSTOM_APP_REPOSITORY: 'https://${CHS_USERNAME}:${CHS_PASSWORD}@${GITLAB_INNERSOURCE_REGISTRY}/ghsc/hazdev/earthquake-geoserve.git'
# CONFIG_REPOSITORY: 'https://${CHS_USERNAME}:${CHS_PASSWORD}@${GITLAB_INNERSOURCE_REGISTRY}/ghsc/hazdev/jenkins.git'
# ENVIRONMENT: 'dev01'
# Using docker in docker
services:
- docker:dind
......@@ -38,9 +53,10 @@ services:
stages:
# - init
- build
- unit-tests
- trigger_deploy
# - unit-tests
# - pen-tests
- publish-image
# - publish-image
# - deploy
# initialize:
......@@ -59,6 +75,7 @@ stages:
# paths:
# - code
###### Build ######
build:
stage: build
image: docker:stable
......@@ -66,48 +83,53 @@ build:
- rm -rf docker-images
- rm -rf $OWASP_REPORT_DIR
- rm package-lock.json
# - rm -rf node_modules
# - ls
# - npm install
# cache:
# untracked: true
only:
- master
script:
- echo $OWASP_CONTAINER $LOCAL_CONTAINER $OWASP_REPORT_DIR $OWASP_IMAGE $ZAP_API_PORT
# - docker login -u $DOCKER_USERNAME -p '$DOCKER_PASSWORD' $CI_REGISTRY
- echo "Building..."
# build a local directory to be used later for testing or deploying
- mkdir docker-images
# build image and save
- "docker build --build-arg FROM_IMAGE=$BASE_IMAGE
--build-arg BUILD_IMAGE=$BUILDER_IMAGE -t $LOCAL_IMAGE ."
- docker save $LOCAL_IMAGE > docker-images/app.tar
# # build a local directory to be used later for testing or deploying
# - mkdir docker-images
# # build image and save
# - "docker build --build-arg FROM_IMAGE=$BASE_IMAGE
# --build-arg BUILD_IMAGE=$BUILDER_IMAGE -t $LOCAL_IMAGE ."
# - docker save $LOCAL_IMAGE > docker-images/app.tar
# Needed later when loading docker images
# Could test without the docker images saved and try to pull local image
artifacts:
paths:
- docker-images
cache:
key: "$CI_BUILD_REF_NAME"
paths:
- docker-images
run unit tests:
stage: unit-tests
image: trion/ng-cli-e2e
only:
- master
script:
- npm install --no-audit --no-save
- ng lint
- ng test hazdev-ng-geoserve-output --watch=false --code-coverage --progress false --browsers ChromeHeadless
- npm run build
- ng test earthquake-geoserve-ui --watch=false --code-coverage --progress false --browsers ChromeHeadless
- ng e2e
# run unit tests:
# stage: unit-tests
# image: trion/ng-cli-e2e
# cache:
# # untracked: true # cache all files that are untracked in your Git repository
# # job doesn’t alter cached files, skip the upload step by setting policy: pull
# policy: pull
# # only:
# # - master
# script:
# - npm install --no-audit --no-save
# - ng lint
# - ng test hazdev-ng-geoserve-output --watch=false --code-coverage --progress false --browsers ChromeHeadless
# - npm run build
# - ng test earthquake-geoserve-ui --watch=false --code-coverage --progress false --browsers ChromeHeadless
# - ng e2e
# run penetration tests:
# stage: pen-tests
# image: docker:stable
# cache:
# policy: pull
# # before_script:
# # - npm i
# # - npm i highlightjs
# only:
# - master
# # only:
# # - master
# script:
# - mkdir -p $OWASP_REPORT_DIR
# - chmod 777 $OWASP_REPORT_DIR
......@@ -118,65 +140,86 @@ run unit tests:
# # docker run --rm -d -u zap --name=earthquake-geoserve-ui-3-OWASP --link=earthquake-geoserve-ui-3-PENTEST:application -v /var/lib/jenkins/workspace/HazDev/earthquake-geoserve/build-ui/owasp-data:/zap/reports:rw -i code.chs.usgs.gov:5001/devops/images/owasp/zap2docker-stable zap.sh -daemon -port 8090 -config api.disablekey=true
# # docker run --rm --name earthquake-geoserve-ui-1.0.4-PENTEST -d jamesmalin/usgs-geoserve-ui:1.0.4
# # docker run --rm -d -u zap --name=earthquake-geoserve-ui-1.0.4-OWASP --link=earthquake-geoserve-ui-1.0.4-PENTEST:application -v /owasp-data:/zap/reports:rw -i owasp/zap2docker-stable zap.sh -daemon -port 8090 -config api.disablekey=true
# - "docker exec -i ${OWASP_CONTAINER}
# curl -I localhost:${ZAP_API_PORT}
# - "docker exec -i ${OWASP_CONTAINER}
# curl -I localhost:${ZAP_API_PORT}
# > /dev/null 2>&1 && echo 'SUCCESS'"
# # - sleep 10
# - docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT spider http://$PENTEST_IP/
# # - sleep 10
# - docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT active-scan http://$PENTEST_IP/
# - docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT report -o owasp-zap-report.html -f html
# - docker stop $OWASP_CONTAINER ${LOCAL_CONTAINER}
# artifacts: # can you make this not available to the public
# paths:
# - owasp-zap-report.html
# - docker-images
# dependencies:
# - build
publish image:
stage: publish-image
# image: node:latest
image: docker:stable
only:
- master
# before_script:
# - curl -O https://bootstrap.pypa.io/get-pip.py
# - python3 get-pip.py --user
# - /root/.local/bin/pip3 install awscli --upgrade --user
# - npm install -g docker
# - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
script:
# - aws cloudformation package --template-file ./deployment/aws-create-user.json --s3-bucket $S3_BUCKET --output-template usgs-user-template-export.yml
# - aws cloudformation deploy --template-file /builds/jmalin/earthquake-geoserve-ui/usgs-user-template-export.yml --stack-name usgs-user-deploy-stack
# Re-tag candidate image as actual image name and push actual image to repository
# TODO - Deploy to USGS Hazdev Registry
# - docker tag ${LOCAL_IMAGE} ${DEPLOY_IMAGE}:${IMAGE_VERSION}
# - docker push ${DEPLOY_IMAGE}:${IMAGE_VERSION}
# ###### Publish ######
# Re-tag candidate image as public image name and push to docker hub
# For a private registry include registry URL
- docker load -i docker-images/app.tar
# - docker build --build-arg FROM_IMAGE=$BASE_IMAGE --build-arg BUILD_IMAGE=$BUILDER_IMAGE -t $LOCAL_IMAGE .
# - docker tag ${LOCAL_IMAGE} ${DOCKER_HUB_IMAGE}:${IMAGE_VERSION}
- docker tag ${LOCAL_IMAGE} ${DEPLOY_IMAGE}:${IMAGE_VERSION}
# login to dockerhub
# - echo $CHS_PASSWORD | docker login --username $CHS_USERNAME --password-stdin https://$GITLAB_INNERSOURCE_REGISTRY
- echo $TEST_PASSWORD | docker login --username $TEST_USERNAME --password-stdin https://$GITLAB_INNERSOURCE_REGISTRY
# - docker push ${DOCKER_HUB_IMAGE}:${IMAGE_VERSION}
- docker push ${DEPLOY_IMAGE}:${IMAGE_VERSION}
# Delete pass file
- rm -rf /root/.docker/config.json
dependencies:
- build
# deploy:
# stage: deploy
# image: node:latest
# before_script:
# - npm i -g docker
# publish image:
# stage: publish-image
# image: docker:stable
# only:
# - master
# - merge_requests
# before_script:
# # - curl -O https://bootstrap.pypa.io/get-pip.py
# # - python3 get-pip.py --user
# # - /root/.local/bin/pip3 install awscli --upgrade --user
# # - npm install -g docker
# # - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
# script:
# - sleep 5
# # - aws cloudformation package --template-file ./deployment/aws-create-user.json --s3-bucket $S3_BUCKET --output-template usgs-user-template-export.yml
# # - aws cloudformation deploy --template-file /builds/jmalin/earthquake-geoserve-ui/usgs-user-template-export.yml --stack-name usgs-user-deploy-stack
# # Re-tag candidate image as actual image name and push actual image to repository
# # TODO - Deploy to USGS Hazdev Registry
# # - docker build --build-arg FROM_IMAGE=$BASE_IMAGE --build-arg BUILD_IMAGE=$BUILDER_IMAGE -t $LOCAL_IMAGE .
# - docker load -i docker-images/app.tar
# - docker tag ${LOCAL_IMAGE} ${DEPLOY_IMAGE}:${IMAGE_VERSION}
# - echo "$CHS_PASSWORD" | docker login --username $CHS_USERNAME --password-stdin $GITLAB_INNERSOURCE_REGISTRY
# - docker push ${DEPLOY_IMAGE}:${IMAGE_VERSION}
# # Re-tag candidate image as public image name and push to docker hub
# # For a private registry include registry URL
# - docker tag ${LOCAL_IMAGE} ${DOCKER_HUB_IMAGE}:${IMAGE_VERSION}
# # login to dockerhub
# - echo "$DOCKER_PASSWORD" | docker login --username $DOCKER_USERNAME --password-stdin
# - docker push ${DOCKER_HUB_IMAGE}:${IMAGE_VERSION}
# # Delete pass file
# - rm -rf /root/.docker/config.json
# dependencies:
# - build
# - publish-image
# # - 'run unit tests'
# # - 'run penetration tests'
# cache:
# key: "$CI_BUILD_REF_NAME"
# paths:
# - docker-images
trigger deploy:
# variables:
# BUILD_ID: $${BUILD_ID}
image: node:latest
stage: trigger_deploy
only:
- merge_requests
# trigger: jmalin/container-deploy
script:
- 'curl -X POST
-F token=c09718baf4dd9bce693eecc01fda51
-F "ref=master"
-F "variables[CI_COMMIT_MESSAGE]=$CI_COMMIT_MESSAGE"
-F "variables[IMAGE_VERSION]=${IMAGE_VERSION}"
-F "variables[DB_IMAGE_NAME]=ghsc/hazdev/earthquake-geoserve/db:${IMAGE_VERSION}"
-F "variables[ENVIRONMENT]=${ENVIRONMENT}"
-F "variables[UI_IMAGE_NAME]=ghsc/hazdev/earthquake-geoserve/ui:${IMAGE_VERSION}"
-F "variables[APP_NAME]=${DEPLOY_APP_NAME}"
-F "variables[GIT_BRANCH]=origin/master"
-F "variables[WS_IMAGE_NAME]=ghsc/hazdev/earthquake-geoserve/ws:${IMAGE_VERSION}"
-F "variables[APP_REPO]=ghsc/hazdev/earthquake-geoserve.git"
-F "variables[STACK_NAME]=earthquake-geoserve"
-F "variables[TARGET_HOSTNAME]=dev01-container01.cr.usgs.gov"
-F "variables[REMOTE_DEPLOY_DIR]=${REMOTE_DEPLOY_DIR}"
https://code.usgs.gov/api/v4/projects/1207/trigger/pipeline'
# use triggers with Jenkins config
# use triggers w/ container master
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment