HTWK/htwkalender
1
1
Fork 0
mirror of https://gitlab.dit.htwk-leipzig.de/htwk-software/htwkalender.git synced 2025-08-09 21:27:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Configure Dependency Scanning in .gitlab-ci.yml, creating this file if it does not already exist

Browse Source
This commit is contained in:
Elmar Kresse
2024-10-19 13:56:31 +00:00
parent d49fcf2ffe
commit da17b24ec5
1 changed files with 151 additions and 172 deletions
Download Patch File Download Diff File Expand all files Collapse all files

139
.gitlab-ci.yml
View File

@@ -1,28 +1,18 @@
#Calendar implementation for the HTWK Leipzig timetable. Evaluation and display of the individual dates in iCal format. # You can override the included template(s) by including variable overrides
#Copyright (C) 2024 HTWKalender support@htwkalender.de # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/pipeline/#customization
#This program is free software: you can redistribute it and/or modify # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
#it under the terms of the GNU Affero General Public License as published by # Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
#the Free Software Foundation, either version 3 of the License, or # Note that environment variables can be set in several places
#(at your option) any later version. # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
#GNU Affero General Public License for more details.
#You should have received a copy of the GNU Affero General Public License
#along with this program. If not, see <https://www.gnu.org/licenses/>.
stages: stages:
- lint - lint
- build - build
- test - test
- sonarqube-check - sonarqube-check
- oci-build - oci-build
- deploy - deploy
- deploy-dev # New stage for development deployment - deploy-dev
lint-frontend: lint-frontend:
image: node:lts image: node:lts
stage: lint stage: lint
@@ -33,7 +23,6 @@ lint-frontend:
- cd frontend - cd frontend
- npm i - npm i
- npm run lint-no-fix - npm run lint-no-fix
lint-data-manager: lint-data-manager:
stage: lint stage: lint
image: golangci/golangci-lint:latest image: golangci/golangci-lint:latest
@@ -45,7 +34,6 @@ lint-data-manager:
- go mod download - go mod download
- golangci-lint --version - golangci-lint --version
- golangci-lint run -v --skip-dirs=migrations --timeout=5m - golangci-lint run -v --skip-dirs=migrations --timeout=5m
lint-ical: lint-ical:
stage: lint stage: lint
image: golangci/golangci-lint:latest image: golangci/golangci-lint:latest
@@ -57,8 +45,6 @@ lint-ical:
- go mod download - go mod download
- golangci-lint --version - golangci-lint --version
- golangci-lint run -v --skip-dirs=migrations --timeout=5m - golangci-lint run -v --skip-dirs=migrations --timeout=5m
build-data-manager: build-data-manager:
image: golang:alpine image: golang:alpine
stage: build stage: build
@@ -73,7 +59,6 @@ build-data-manager:
- data-manager/htwkalender - data-manager/htwkalender
- data-manager/go.sum - data-manager/go.sum
- data-manager/go.mod - data-manager/go.mod
build-ical: build-ical:
image: golang:alpine image: golang:alpine
stage: build stage: build
@@ -88,19 +73,19 @@ build-ical:
- data-manager/htwkalender-ical - data-manager/htwkalender-ical
- data-manager/go.sum - data-manager/go.sum
- data-manager/go.mod - data-manager/go.mod
sonarqube-data-manager: sonarqube-data-manager:
stage: sonarqube-check stage: sonarqube-check
image: image:
name: sonarsource/sonar-scanner-cli:5.0 name: sonarsource/sonar-scanner-cli:5.0
entrypoint: [""] entrypoint:
- ''
variables: variables:
SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"
GIT_DEPTH: "0" # Tells git to fetch all the branches of the project, required by the analysis task GIT_DEPTH: '0'
cache: cache:
key: "${CI_JOB_NAME}" key: "${CI_JOB_NAME}"
paths: paths:
- .sonar/cache - ".sonar/cache"
script: script:
- cd services/data-manager - cd services/data-manager
- sonar-scanner - sonar-scanner
@@ -110,7 +95,6 @@ sonarqube-data-manager:
- master - master
- main - main
- develop - develop
build-frontend: build-frontend:
image: node:lts image: node:lts
stage: build stage: build
@@ -124,7 +108,6 @@ build-frontend:
artifacts: artifacts:
paths: paths:
- frontend/build - frontend/build
test-data-manager: test-data-manager:
image: golang:alpine image: golang:alpine
stage: test stage: test
@@ -136,7 +119,6 @@ test-data-manager:
- go test -v ./... - go test -v ./...
dependencies: dependencies:
- build-data-manager - build-data-manager
test-ical: test-ical:
image: golang:alpine image: golang:alpine
stage: test stage: test
@@ -148,7 +130,6 @@ test-ical:
- go test -v ./... - go test -v ./...
dependencies: dependencies:
- build-ical - build-ical
test-frontend: test-frontend:
image: node:lts image: node:lts
stage: test stage: test
@@ -161,7 +142,6 @@ test-frontend:
- npm run test - npm run test
dependencies: dependencies:
- lint-frontend - lint-frontend
build-data-manager-image: build-data-manager-image:
stage: oci-build stage: oci-build
image: docker:latest image: docker:latest
@@ -170,7 +150,7 @@ build-data-manager-image:
tags: tags:
- image - image
variables: variables:
IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-data-manager IMAGE_TAG: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-data-manager"
DOCKER_HOST: tcp://docker:2376 DOCKER_HOST: tcp://docker:2376
DOCKER_TLS_CERTDIR: "/certs" DOCKER_TLS_CERTDIR: "/certs"
DOCKER_TLS_VERIFY: 1 DOCKER_TLS_VERIFY: 1
@@ -178,13 +158,13 @@ build-data-manager-image:
before_script: before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
script: script:
- docker build --pull -t $IMAGE_TAG -f ./services/data-manager/Dockerfile --target prod ./services - docker build --pull -t $IMAGE_TAG -f ./services/data-manager/Dockerfile --target
prod ./services
- docker push $IMAGE_TAG - docker push $IMAGE_TAG
rules: rules:
- if: $CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "development" - if: $CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "development"
changes: changes:
- services/data-manager/**/* - services/data-manager/**/*
build-ical-image: build-ical-image:
stage: oci-build stage: oci-build
image: docker:latest image: docker:latest
@@ -193,7 +173,7 @@ build-ical-image:
tags: tags:
- image - image
variables: variables:
IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-ical IMAGE_TAG: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-ical"
DOCKER_HOST: tcp://docker:2376 DOCKER_HOST: tcp://docker:2376
DOCKER_TLS_CERTDIR: "/certs" DOCKER_TLS_CERTDIR: "/certs"
DOCKER_TLS_VERIFY: 1 DOCKER_TLS_VERIFY: 1
@@ -201,13 +181,13 @@ build-ical-image:
before_script: before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
script: script:
- docker build --pull -t $IMAGE_TAG -f ./services/ical/Dockerfile --target prod ./services - docker build --pull -t $IMAGE_TAG -f ./services/ical/Dockerfile --target prod
./services
- docker push $IMAGE_TAG - docker push $IMAGE_TAG
rules: rules:
- if: $CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "development" - if: $CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "development"
changes: changes:
- services/ical/**/* - services/ical/**/*
build-frontend-image: build-frontend-image:
stage: oci-build stage: oci-build
image: docker:latest image: docker:latest
@@ -216,7 +196,7 @@ build-frontend-image:
tags: tags:
- image - image
variables: variables:
IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-frontend IMAGE_TAG: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-frontend"
DOCKER_HOST: tcp://docker:2376 DOCKER_HOST: tcp://docker:2376
DOCKER_TLS_CERTDIR: "/certs" DOCKER_TLS_CERTDIR: "/certs"
DOCKER_TLS_VERIFY: 1 DOCKER_TLS_VERIFY: 1
@@ -231,52 +211,51 @@ build-frontend-image:
- if: $CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "development" - if: $CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "development"
changes: changes:
- frontend/**/* - frontend/**/*
# Development deployment job
deploy-dev: deploy-dev:
stage: deploy-dev # New stage for development deployment stage: deploy-dev
image: alpine:latest image: alpine:latest
before_script: before_script:
- apk add --no-cache openssh-client sed # install dependencies - apk add --no-cache openssh-client sed
- eval $(ssh-agent -s) # set some ssh variables - eval $(ssh-agent -s)
- ssh-add <(echo "$CI_SSH_KEY" | tr -d '\r') - ssh-add <(echo "$CI_SSH_KEY" | tr -d '\r')
script: script:
# replace some placeholders - sed -i -e "s|DOCKER_REGISTRY_REPO|$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG|" docker-compose.dev.yml
- sed -i -e "s|DOCKER_REGISTRY_REPO|$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG|" docker-compose.dev.yml # Assuming you have a separate docker-compose file for development - 'scp -P $CI_SSH_PORT -o StrictHostKeyChecking=no -o LogLevel=ERROR ./docker-compose.dev.yml
# upload necessary files to the dev server ./reverseproxy.dev.conf $CI_SSH_USER@$CI_SSH_DEV_HOST:/home/$CI_SSH_USER/docker/htwkalender/
- >
scp -P $CI_SSH_PORT -o StrictHostKeyChecking=no -o LogLevel=ERROR ./docker-compose.dev.yml ./reverseproxy.dev.conf '
$CI_SSH_USER@$CI_SSH_DEV_HOST:/home/$CI_SSH_USER/docker/htwkalender/ - 'ssh -p $CI_SSH_PORT -o StrictHostKeyChecking=no -o LogLevel=ERROR $CI_SSH_USER@$CI_SSH_DEV_HOST
# ssh to the dev server and start the service "cd /home/$CI_SSH_USER/docker/htwkalender/ && docker login -u $CI_REGISTRY_USER
- > -p $CI_REGISTRY_PASSWORD $CI_REGISTRY && docker compose -f ./docker-compose.dev.yml
ssh -p $CI_SSH_PORT -o StrictHostKeyChecking=no -o LogLevel=ERROR $CI_SSH_USER@$CI_SSH_DEV_HOST down && docker compose -f ./docker-compose.dev.yml up -d --remove-orphans && docker
"cd /home/$CI_SSH_USER/docker/htwkalender/ && logout"
docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY &&
docker compose -f ./docker-compose.dev.yml down && docker compose -f ./docker-compose.dev.yml up -d --remove-orphans && docker logout" '
rules: rules:
- if: $CI_COMMIT_BRANCH == "development" # Only execute for the development branch - if: $CI_COMMIT_BRANCH == "development"
deploy-all: deploy-all:
stage: deploy stage: deploy
image: alpine:latest image: alpine:latest
before_script: before_script:
- apk add --no-cache openssh-client sed # install dependencies - apk add --no-cache openssh-client sed
- eval $(ssh-agent -s) # set some ssh variables - eval $(ssh-agent -s)
- ssh-add <(echo "$CI_SSH_KEY" | tr -d '\r') - ssh-add <(echo "$CI_SSH_KEY" | tr -d '\r')
script: script:
# replace some placeholders
- sed -i -e "s|DOCKER_REGISTRY_REPO|$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG|" docker-compose.prod.yml - sed -i -e "s|DOCKER_REGISTRY_REPO|$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG|" docker-compose.prod.yml
# upload necessary files to the server - 'scp -P $CI_SSH_PORT -o StrictHostKeyChecking=no -o LogLevel=ERROR ./docker-compose.prod.yml
- > ./reverseproxy.conf $CI_SSH_USER@$CI_SSH_HOST:/home/$CI_SSH_USER/docker/htwkalender/
scp -P $CI_SSH_PORT -o StrictHostKeyChecking=no -o LogLevel=ERROR ./docker-compose.prod.yml ./reverseproxy.conf
$CI_SSH_USER@$CI_SSH_HOST:/home/$CI_SSH_USER/docker/htwkalender/ '
# ssh to the server and start the service - 'ssh -p $CI_SSH_PORT -o StrictHostKeyChecking=no -o LogLevel=ERROR $CI_SSH_USER@$CI_SSH_HOST
- > "cd /home/$CI_SSH_USER/docker/htwkalender/ && docker login -u $CI_REGISTRY_USER
ssh -p $CI_SSH_PORT -o StrictHostKeyChecking=no -o LogLevel=ERROR $CI_SSH_USER@$CI_SSH_HOST -p $CI_REGISTRY_PASSWORD $CI_REGISTRY && docker compose -f ./docker-compose.prod.yml
"cd /home/$CI_SSH_USER/docker/htwkalender/ && down && docker compose -f ./docker-compose.prod.yml up -d --remove-orphans &&
docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY && docker logout && docker exec --user root htwkalender-htwkalender-frontend-1 /bin/sh
docker compose -f ./docker-compose.prod.yml down && docker compose -f ./docker-compose.prod.yml up -d --remove-orphans && docker logout && -c \"echo ''google-site-verification: $GOOGLE_VERIFICATION.html'' > ./$GOOGLE_VERIFICATION.html\"
docker exec --user root htwkalender-htwkalender-frontend-1 /bin/sh -c \"echo 'google-site-verification: $GOOGLE_VERIFICATION.html' > ./$GOOGLE_VERIFICATION.html\" " "
'
rules: rules:
- if: $CI_COMMIT_BRANCH == "main" - if: $CI_COMMIT_BRANCH == "main"
include:
- template: Security/Dependency-Scanning.gitlab-ci.yml