Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
netvs-core
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Iterations
Wiki
Requirements
Code
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Test cases
Artifacts
Deploy
Releases
Package registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Issue analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
scc-net
netvs
netvs-core
Commits
cfeb55aa
Commit
cfeb55aa
authored
2 years ago
by
Janis Streib
Browse files
Options
Downloads
Patches
Plain Diff
Configure Dependency Scanning in `.gitlab-ci.yml`, creating this file if it does not already exist
parent
ffb06bba
No related branches found
No related tags found
No related merge requests found
Pipeline
#272245
failed
2 years ago
Changes
1
Pipelines
2
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
.gitlab-ci.yml
+97
-85
97 additions, 85 deletions
.gitlab-ci.yml
with
97 additions
and
85 deletions
.gitlab-ci.yml
+
97
−
85
View file @
cfeb55aa
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
default
:
image
:
debian-bullseye:latest
tags
:
-
netvs
image
:
debian-bullseye:latest
tags
:
-
netvs
cache
:
key
:
files
:
-
frontend/package-lock.json
-
frontend/package-lock.json
paths
:
-
frontend/.npm/
-
frontend/.npm/
before_script
:
## dependencies
-
apt-get update -y
-
command -v curl || apt-get -y install curl
-
command -v git || apt-get -y install git
-
apt-
get -y install apt-transport-https gnupg2
-
test -e /etc/apt/sources.list.d/nodesource.list ||
curl -s
https://deb.nodesource.com/
gpgkey/nodesource.gpg.key | apt-key add -
-
test -e /etc/apt/sources.list.d/nodesource.list || echo 'deb https://deb.nodesource.com/node_15.x
bullseye main' > /etc/apt/sources.list.d/nodesource.list
-
'
command
-v
npm
||
(apt-get
update
-y
&&
apt-get
install
-y
nodejs)
'
-
'
command
-v
pip3
||
(apt-get
update
-y
&&
apt-get
install
-y
python3-pip)
'
-
pip3 install git+https://git.scc.kit.edu/scc-net/net-suite/api-generator.git@master#egg=net-api-generator
-
cd frontend/
-
echo "${CI_COMMIT_SHORT_SHA},Job ID ${CI_JOB_ID}@${CI_RUNNER_DESCRIPTION}"
-
sed "s&__LOCAL_BUILD__&${CI_COMMIT_SHORT_SHA},Job ID ${CI_JOB_ID}@${CI_RUNNER_DESCRIPTION}&g"
netvs.config.js.example > netvs.config.js
-
sed -i "s&__JOB_ID__&${CI_JOB_ID}&g"
netvs.config.js
-
sed -i "s&__
COMMIT_SHORT_SHA__&${CI_COMMIT_SHORT_SHA
}&g" netvs.config.js
-
sed -i "s&__
JOB_ID__&${CI_JOB_ID}&g" public/version
.js
on
-
sed -i "s&__
COMMIT_SHORT_SHA__&${CI_COMMIT_SHORT_SHA
}&g" public/version.json
-
if [ $CI_JOB_STAGE != "deploy" ]; then npm ci --cache .npm --prefer-offline; fi
-
cd ..
-
export API_VERSION=3.2
-
apt-get update -y
-
command -v curl || apt-get -y install curl
-
command -v git || apt-get -y install git
-
apt-get -y install apt-transport-https gnupg2
-
test -e /etc/apt/sources.list.d/nodesource.list || curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key
|
apt-
key add -
-
test -e /etc/apt/sources.list.d/nodesource.list ||
echo 'deb
https://deb.nodesource.com/
node_15.x
bullseye main' > /etc/apt/sources.list.d/nodesource.list
-
command -v npm || (apt-get update -y && apt-get install -y nodejs)
-
command -v pip3 || (apt-get update -y && apt-get install -y python3-pip)
-
pip3 install git+https://git.scc.kit.edu/scc-net/net-suite/api-generator.git@master#egg=net-api-generator
-
cd frontend/
-
echo "${CI_COMMIT_SHORT_SHA},Job ID ${CI_JOB_ID}@${CI_RUNNER_DESCRIPTION}"
-
sed "s&__LOCAL_BUILD__&${CI_COMMIT_SHORT_SHA},Job ID ${CI_JOB_ID}@${CI_RUNNER_DESCRIPTION}&g"
netvs.config.js.example >
netvs.config.js
-
sed -i "s&__
JOB_ID__&${CI_JOB_ID
}&g" netvs.config.js
-
sed -i "s&__
COMMIT_SHORT_SHA__&${CI_COMMIT_SHORT_SHA}&g" netvs.config
.js
-
sed -i "s&__
JOB_ID__&${CI_JOB_ID
}&g" public/version.json
-
sed -i "s&__COMMIT_SHORT_SHA__&${CI_COMMIT_SHORT_SHA}&g" public/version.json
-
if [ $CI_JOB_STAGE != "deploy" ]; then npm ci --cache .npm --prefer-offline; fi
-
cd ..
-
export API_VERSION=3.2
stages
:
-
build
-
lint
-
deploy
-
build
-
lint
-
deploy
frontend-build
:
stage
:
build
script
:
-
cd frontend/
-
if [ $CI_COMMIT_BRANCH == "devel" ]; then export NETDB_ENDPOINT="${NETDB_DEVEL_ENDPOINT}"; fi
-
if [ $CI_COMMIT_BRANCH == "devel" ]; then net-api-generator --version=${API_VERSION} openapi --default_endpoint=devel > public/api.yml; else net-api-generator --version=${API_VERSION} openapi --default_endpoint=test > public/api.yml; fi
-
net-api-generator --version=${API_VERSION} es-webpack
-
npm run build
artifacts
:
expire_in
:
7 days
paths
:
-
frontend/dist/
-
frontend/src/api-services.gen/
needs
:
[]
stage
:
build
script
:
-
cd frontend/
-
if [ $CI_COMMIT_BRANCH == "devel" ]; then export NETDB_ENDPOINT="${NETDB_DEVEL_ENDPOINT}";
fi
-
if [ $CI_COMMIT_BRANCH == "devel" ]; then net-api-generator --version=${API_VERSION}
openapi --default_endpoint=devel > public/api.yml; else net-api-generator --version=${API_VERSION}
openapi --default_endpoint=test > public/api.yml; fi
-
net-api-generator --version=${API_VERSION} es-webpack
-
npm run build
artifacts
:
expire_in
:
7 days
paths
:
-
frontend/dist/
-
frontend/src/api-services.gen/
needs
:
[]
frontend-lint
:
stage
:
lint
script
:
-
cd frontend/
-
npm run lint
allow_failure
:
true
needs
:
[]
stage
:
lint
script
:
-
cd frontend/
-
npm run lint
allow_failure
:
true
needs
:
[]
frontend-audit
:
stage
:
lint
script
:
-
cd frontend/
-
npm audit --audit-level high
allow_failure
:
true
needs
:
[]
stage
:
lint
script
:
-
cd frontend/
-
npm audit --audit-level high
allow_failure
:
true
needs
:
[]
deploy_devel
:
stage
:
deploy
script
:
-
'
command
-v
ssh-agent
||
(
apt-get
install
openssh-client
-y
)
'
-
eval $(ssh-agent -s)
-
echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
-
mkdir -p ~/.ssh
-
chmod 700 ~/.ssh
-
echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
-
chmod 644 ~/.ssh/known_hosts
-
ssh net-suite-devel@netvs-devel.scc.kit.edu "${CI_PIPELINE_ID}"
-
command -v ssh-agent || ( apt-get install openssh-client -y )
-
eval $(ssh-agent -s)
-
echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
-
mkdir -p ~/.ssh
-
chmod 700 ~/.ssh
-
echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
-
chmod 644 ~/.ssh/known_hosts
-
ssh net-suite-devel@netvs-devel.scc.kit.edu "${CI_PIPELINE_ID}"
environment
:
name
:
devel
url
:
https://netvs-devel.scc.kit.edu
only
:
-
devel
needs
:
[
"
frontend-build"
]
needs
:
-
frontend-build
deploy_test
:
stage
:
deploy
script
:
-
'
command
-v
ssh-agent
||
(
apt-get
install
openssh-client
-y
)
'
-
eval $(ssh-agent -s)
-
echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
-
mkdir -p ~/.ssh
-
chmod 700 ~/.ssh
-
echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
-
chmod 644 ~/.ssh/known_hosts
-
ssh www-net-suite@netvs-test.scc.kit.edu "${CI_PIPELINE_ID}"
-
command -v ssh-agent || ( apt-get install openssh-client -y )
-
eval $(ssh-agent -s)
-
echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
-
mkdir -p ~/.ssh
-
chmod 700 ~/.ssh
-
echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
-
chmod 644 ~/.ssh/known_hosts
-
ssh www-net-suite@netvs-test.scc.kit.edu "${CI_PIPELINE_ID}"
environment
:
name
:
test
url
:
https://netvs-test.scc.kit.edu
only
:
-
main
needs
:
[
"
frontend-build"
]
needs
:
-
frontend-build
deploy_prod
:
stage
:
deploy
script
:
-
'
command
-v
ssh-agent
||
(
apt-get
install
openssh-client
-y
)
'
-
eval $(ssh-agent -s)
-
echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
-
mkdir -p ~/.ssh
-
chmod 700 ~/.ssh
-
echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
-
chmod 644 ~/.ssh/known_hosts
-
ssh www-net-suite@netvs.scc.kit.edu "${CI_PIPELINE_ID}"
-
command -v ssh-agent || ( apt-get install openssh-client -y )
-
eval $(ssh-agent -s)
-
echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
-
mkdir -p ~/.ssh
-
chmod 700 ~/.ssh
-
echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
-
chmod 644 ~/.ssh/known_hosts
-
ssh www-net-suite@netvs.scc.kit.edu "${CI_PIPELINE_ID}"
environment
:
name
:
prod
url
:
https://netvs.scc.kit.edu
only
:
-
main
needs
:
[
"
frontend-build"
]
needs
:
-
frontend-build
include
:
-
template
:
Security/Dependency-Scanning.gitlab-ci.yml
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
