Configure Container Scanning in .gitlab-ci.yml, creating this file if it does not already exist
This commit is contained in:
parent
6a7a0c6485
commit
35dc2e5960
1 changed files with 46 additions and 40 deletions
|
|
@ -1,20 +1,28 @@
|
||||||
stages: # List of stages for jobs, and their order of execution
|
# You can override the included template(s) by including variable overrides
|
||||||
|
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
|
||||||
|
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
|
||||||
|
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
|
||||||
|
# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
|
||||||
|
# Note that environment variables can be set in several places
|
||||||
|
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
|
||||||
|
|
||||||
|
# container_scanning:
|
||||||
|
# variables:
|
||||||
|
# DOCKER_IMAGE: ...
|
||||||
|
# DOCKER_USER: ...
|
||||||
|
# DOCKER_PASSWORD: ...
|
||||||
|
stages:
|
||||||
- build
|
- build
|
||||||
- test
|
- test
|
||||||
- deploy
|
- deploy
|
||||||
|
|
||||||
image: debian
|
image: debian
|
||||||
|
|
||||||
docker-build-push:
|
docker-build-push:
|
||||||
# Use the official docker image.
|
|
||||||
image: docker:latest
|
image: docker:latest
|
||||||
stage: build
|
stage: build
|
||||||
services:
|
services:
|
||||||
- docker:dind
|
- docker:dind
|
||||||
before_script:
|
before_script:
|
||||||
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
|
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
|
||||||
# Default branch leaves tag empty (= latest tag)
|
|
||||||
# All other branches are tagged with the escaped branch name (commit ref slug)
|
|
||||||
script:
|
script:
|
||||||
- |
|
- |
|
||||||
if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
|
if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
|
||||||
|
|
@ -29,7 +37,6 @@ docker-build-push:
|
||||||
only:
|
only:
|
||||||
- master
|
- master
|
||||||
- dev
|
- dev
|
||||||
|
|
||||||
docker-build:
|
docker-build:
|
||||||
image: docker:latest
|
image: docker:latest
|
||||||
stage: build
|
stage: build
|
||||||
|
|
@ -42,20 +49,19 @@ docker-build:
|
||||||
except:
|
except:
|
||||||
- master
|
- master
|
||||||
- dev
|
- dev
|
||||||
|
|
||||||
before_script:
|
before_script:
|
||||||
- apt-get update -qq
|
- apt-get update -qq
|
||||||
# Setup SSH deploy keys
|
- which ssh-agent || ( apt-get install -qq openssh-client )
|
||||||
- 'which ssh-agent || ( apt-get install -qq openssh-client )'
|
|
||||||
- eval $(ssh-agent -s)
|
- eval $(ssh-agent -s)
|
||||||
- ssh-add <(echo "$SSH_PRIVATE_KEY")
|
- ssh-add <(echo "$SSH_PRIVATE_KEY")
|
||||||
- mkdir -p ~/.ssh
|
- mkdir -p ~/.ssh
|
||||||
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
|
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
|
||||||
|
|
||||||
deploy_staging:
|
deploy_staging:
|
||||||
stage: deploy
|
stage: deploy
|
||||||
script:
|
script:
|
||||||
- ssh $SSH_SERVER "cd /root && docker-compose pull shbot && docker-compose up -d shbot && exit"
|
- ssh $SSH_SERVER "cd /root && docker-compose pull shbot && docker-compose up -d
|
||||||
|
shbot && exit"
|
||||||
only:
|
only:
|
||||||
- master
|
- master
|
||||||
|
include:
|
||||||
|
- template: Auto-DevOps.gitlab-ci.yml
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue