working

parent b3299e4b
Pipeline #891 passed with stages
in 3 minutes and 19 seconds
......@@ -53,9 +53,9 @@ services:
stages:
- init
- build
- unit-tests
- pen-tests
- publish-image
# - unit-tests
# - pen-tests
# - publish-image
- trigger_deploy
initialize:
......@@ -110,97 +110,97 @@ build:
# paths:
# - docker-images
run unit tests:
stage: unit-tests
image: trion/ng-cli-e2e
cache:
# untracked: true # cache all files that are untracked in your Git repository
# job doesn’t alter cached files, skip the upload step by setting policy: pull
policy: pull
# only:
# - master
script:
- npm install --no-audit --no-save
- ng lint
- ng test hazdev-ng-geoserve-output --watch=false --code-coverage --progress false --browsers ChromeHeadless
- npm run build
- ng test earthquake-geoserve-ui --watch=false --code-coverage --progress false --browsers ChromeHeadless
- ng e2e
run penetration tests:
stage: pen-tests
image: docker:stable
cache:
policy: pull
# before_script:
# - npm i
# - npm i highlightjs
# only:
# - master
script:
- mkdir -p $OWASP_REPORT_DIR
- chmod 777 $OWASP_REPORT_DIR
- docker load -i docker-images/app.tar
- docker run --rm --name $LOCAL_CONTAINER -d $LOCAL_IMAGE
- docker run --rm -d -u zap --name=$OWASP_CONTAINER --link=$LOCAL_CONTAINER:application -v $OWASP_REPORT_DIR:/zap/reports:rw -i $OWASP_IMAGE zap.sh -daemon -port $ZAP_API_PORT -config api.disablekey=true
- sleep 20
# docker run --rm -d -u zap --name=earthquake-geoserve-ui-3-OWASP --link=earthquake-geoserve-ui-3-PENTEST:application -v /var/lib/jenkins/workspace/HazDev/earthquake-geoserve/build-ui/owasp-data:/zap/reports:rw -i code.chs.usgs.gov:5001/devops/images/owasp/zap2docker-stable zap.sh -daemon -port 8090 -config api.disablekey=true
# docker run --rm --name earthquake-geoserve-ui-1.0.4-PENTEST -d jamesmalin/usgs-geoserve-ui:1.0.4
# docker run --rm -d -u zap --name=earthquake-geoserve-ui-1.0.4-OWASP --link=earthquake-geoserve-ui-1.0.4-PENTEST:application -v /owasp-data:/zap/reports:rw -i owasp/zap2docker-stable zap.sh -daemon -port 8090 -config api.disablekey=true
- "docker exec -i ${OWASP_CONTAINER}
curl -I localhost:${ZAP_API_PORT}
> /dev/null 2>&1 && echo 'SUCCESS'"
- docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT spider http://$PENTEST_IP/
- docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT active-scan http://$PENTEST_IP/
- docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT report -o owasp-zap-report.html -f html
- docker stop $OWASP_CONTAINER ${LOCAL_CONTAINER}
artifacts: # can you make this not available to the public
paths:
- owasp-zap-report.html
- docker-images
dependencies:
- build
###### Publish ######
publish image:
stage: publish-image
image: docker:stable
only:
- merge_requests
before_script:
# - curl -O https://bootstrap.pypa.io/get-pip.py
# - python3 get-pip.py --user
# - /root/.local/bin/pip3 install awscli --upgrade --user
# - npm install -g docker
# - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
script:
# - aws cloudformation package --template-file ./deployment/aws-create-user.json --s3-bucket $S3_BUCKET --output-template usgs-user-template-export.yml
# - aws cloudformation deploy --template-file /builds/jmalin/earthquake-geoserve-ui/usgs-user-template-export.yml --stack-name usgs-user-deploy-stack
# Re-tag candidate image as actual image name and push actual image to repository
# TODO - Deploy to USGS Hazdev Registry
# - docker build --build-arg FROM_IMAGE=$BASE_IMAGE --build-arg BUILD_IMAGE=$BUILDER_IMAGE -t $LOCAL_IMAGE .
- docker load -i docker-images/app.tar
- docker tag ${LOCAL_IMAGE} ${DEPLOY_IMAGE}:${IMAGE_VERSION}
- echo "$CHS_PASSWORD" | docker login --username $CHS_USERNAME --password-stdin $GITLAB_INNERSOURCE_REGISTRY
- docker push ${DEPLOY_IMAGE}:${IMAGE_VERSION}
# Re-tag candidate image as public image name and push to docker hub
# For a private registry include registry URL
- docker tag ${LOCAL_IMAGE} ${DOCKER_HUB_IMAGE}:${IMAGE_VERSION}
# login to dockerhub
- echo "$DOCKER_PASSWORD" | docker login --username $DOCKER_USERNAME --password-stdin
- docker push ${DOCKER_HUB_IMAGE}:${IMAGE_VERSION}
# Delete pass file
- rm -rf /root/.docker/config.json
dependencies:
- build
# - 'run unit tests'
# - 'run penetration tests'
cache:
key: "$CI_BUILD_REF_NAME"
paths:
- docker-images
# run unit tests:
# stage: unit-tests
# image: trion/ng-cli-e2e
# cache:
# # untracked: true # cache all files that are untracked in your Git repository
# # job doesn’t alter cached files, skip the upload step by setting policy: pull
# policy: pull
# # only:
# # - master
# script:
# - npm install --no-audit --no-save
# - ng lint
# - ng test hazdev-ng-geoserve-output --watch=false --code-coverage --progress false --browsers ChromeHeadless
# - npm run build
# - ng test earthquake-geoserve-ui --watch=false --code-coverage --progress false --browsers ChromeHeadless
# - ng e2e
# run penetration tests:
# stage: pen-tests
# image: docker:stable
# cache:
# policy: pull
# # before_script:
# # - npm i
# # - npm i highlightjs
# # only:
# # - master
# script:
# - mkdir -p $OWASP_REPORT_DIR
# - chmod 777 $OWASP_REPORT_DIR
# - docker load -i docker-images/app.tar
# - docker run --rm --name $LOCAL_CONTAINER -d $LOCAL_IMAGE
# - docker run --rm -d -u zap --name=$OWASP_CONTAINER --link=$LOCAL_CONTAINER:application -v $OWASP_REPORT_DIR:/zap/reports:rw -i $OWASP_IMAGE zap.sh -daemon -port $ZAP_API_PORT -config api.disablekey=true
# - sleep 20
# # docker run --rm -d -u zap --name=earthquake-geoserve-ui-3-OWASP --link=earthquake-geoserve-ui-3-PENTEST:application -v /var/lib/jenkins/workspace/HazDev/earthquake-geoserve/build-ui/owasp-data:/zap/reports:rw -i code.chs.usgs.gov:5001/devops/images/owasp/zap2docker-stable zap.sh -daemon -port 8090 -config api.disablekey=true
# # docker run --rm --name earthquake-geoserve-ui-1.0.4-PENTEST -d jamesmalin/usgs-geoserve-ui:1.0.4
# # docker run --rm -d -u zap --name=earthquake-geoserve-ui-1.0.4-OWASP --link=earthquake-geoserve-ui-1.0.4-PENTEST:application -v /owasp-data:/zap/reports:rw -i owasp/zap2docker-stable zap.sh -daemon -port 8090 -config api.disablekey=true
# - "docker exec -i ${OWASP_CONTAINER}
# curl -I localhost:${ZAP_API_PORT}
# > /dev/null 2>&1 && echo 'SUCCESS'"
# - docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT spider http://$PENTEST_IP/
# - docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT active-scan http://$PENTEST_IP/
# - docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT report -o owasp-zap-report.html -f html
# - docker stop $OWASP_CONTAINER ${LOCAL_CONTAINER}
# artifacts: # can you make this not available to the public
# paths:
# - owasp-zap-report.html
# - docker-images
# dependencies:
# - build
# ###### Publish ######
# publish image:
# stage: publish-image
# image: docker:stable
# only:
# - merge_requests
# before_script:
# # - curl -O https://bootstrap.pypa.io/get-pip.py
# # - python3 get-pip.py --user
# # - /root/.local/bin/pip3 install awscli --upgrade --user
# # - npm install -g docker
# # - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
# script:
# # - aws cloudformation package --template-file ./deployment/aws-create-user.json --s3-bucket $S3_BUCKET --output-template usgs-user-template-export.yml
# # - aws cloudformation deploy --template-file /builds/jmalin/earthquake-geoserve-ui/usgs-user-template-export.yml --stack-name usgs-user-deploy-stack
# # Re-tag candidate image as actual image name and push actual image to repository
# # TODO - Deploy to USGS Hazdev Registry
# # - docker build --build-arg FROM_IMAGE=$BASE_IMAGE --build-arg BUILD_IMAGE=$BUILDER_IMAGE -t $LOCAL_IMAGE .
# - docker load -i docker-images/app.tar
# - docker tag ${LOCAL_IMAGE} ${DEPLOY_IMAGE}:${IMAGE_VERSION}
# - echo "$CHS_PASSWORD" | docker login --username $CHS_USERNAME --password-stdin $GITLAB_INNERSOURCE_REGISTRY
# - docker push ${DEPLOY_IMAGE}:${IMAGE_VERSION}
# # Re-tag candidate image as public image name and push to docker hub
# # For a private registry include registry URL
# - docker tag ${LOCAL_IMAGE} ${DOCKER_HUB_IMAGE}:${IMAGE_VERSION}
# # login to dockerhub
# - echo "$DOCKER_PASSWORD" | docker login --username $DOCKER_USERNAME --password-stdin
# - docker push ${DOCKER_HUB_IMAGE}:${IMAGE_VERSION}
# # Delete pass file
# - rm -rf /root/.docker/config.json
# dependencies:
# - build
# # - 'run unit tests'
# # - 'run penetration tests'
# cache:
# key: "$CI_BUILD_REF_NAME"
# paths:
# - docker-images
# trigger container master job
trigger deploy:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment