Configure Container Scanning in .gitlab-ci.yml
, creating this file if it does not already exist
This commit is contained in:
parent
6a7a0c6485
commit
35dc2e5960
1 changed files with 46 additions and 40 deletions
|
@ -1,20 +1,28 @@
|
|||
stages: # List of stages for jobs, and their order of execution
|
||||
- build
|
||||
- test
|
||||
- deploy
|
||||
# You can override the included template(s) by including variable overrides
|
||||
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
|
||||
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
|
||||
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
|
||||
# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
|
||||
# Note that environment variables can be set in several places
|
||||
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
|
||||
|
||||
# container_scanning:
|
||||
# variables:
|
||||
# DOCKER_IMAGE: ...
|
||||
# DOCKER_USER: ...
|
||||
# DOCKER_PASSWORD: ...
|
||||
stages:
|
||||
- build
|
||||
- test
|
||||
- deploy
|
||||
image: debian
|
||||
|
||||
docker-build-push:
|
||||
# Use the official docker image.
|
||||
image: docker:latest
|
||||
stage: build
|
||||
services:
|
||||
- docker:dind
|
||||
before_script:
|
||||
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
|
||||
# Default branch leaves tag empty (= latest tag)
|
||||
# All other branches are tagged with the escaped branch name (commit ref slug)
|
||||
script:
|
||||
- |
|
||||
if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
|
||||
|
@ -29,7 +37,6 @@ docker-build-push:
|
|||
only:
|
||||
- master
|
||||
- dev
|
||||
|
||||
docker-build:
|
||||
image: docker:latest
|
||||
stage: build
|
||||
|
@ -42,20 +49,19 @@ docker-build:
|
|||
except:
|
||||
- master
|
||||
- dev
|
||||
|
||||
before_script:
|
||||
- apt-get update -qq
|
||||
# Setup SSH deploy keys
|
||||
- 'which ssh-agent || ( apt-get install -qq openssh-client )'
|
||||
- eval $(ssh-agent -s)
|
||||
- ssh-add <(echo "$SSH_PRIVATE_KEY")
|
||||
- mkdir -p ~/.ssh
|
||||
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
|
||||
|
||||
- apt-get update -qq
|
||||
- which ssh-agent || ( apt-get install -qq openssh-client )
|
||||
- eval $(ssh-agent -s)
|
||||
- ssh-add <(echo "$SSH_PRIVATE_KEY")
|
||||
- mkdir -p ~/.ssh
|
||||
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
|
||||
deploy_staging:
|
||||
stage: deploy
|
||||
script:
|
||||
- ssh $SSH_SERVER "cd /root && docker-compose pull shbot && docker-compose up -d shbot && exit"
|
||||
- ssh $SSH_SERVER "cd /root && docker-compose pull shbot && docker-compose up -d
|
||||
shbot && exit"
|
||||
only:
|
||||
- master
|
||||
|
||||
include:
|
||||
- template: Auto-DevOps.gitlab-ci.yml
|
||||
|
|
Loading…
Reference in a new issue