diff options
author | Achilleas Pipinellis <axil@gitlab.com> | 2018-01-19 09:41:26 +0100 |
---|---|---|
committer | Achilleas Pipinellis <axil@gitlab.com> | 2018-01-19 09:41:26 +0100 |
commit | 4a38b8a1608023cb65b1595d1cb1590fabcfb5f4 (patch) | |
tree | 753213097fb309e6be8b9709fae6ed9e4d995a58 | |
parent | a1c0964d7170a98214c37e1a45ce8223c83a33f5 (diff) | |
download | gitlab-ce-update-auto-devops-template.tar.gz |
Update Auto DevOps templateupdate-auto-devops-template
[ci skip]
-rw-r--r-- | vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml | 42 |
1 files changed, 40 insertions, 2 deletions
diff --git a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml index eec356b9f47..5ebad58e171 100644 --- a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml +++ b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml @@ -42,6 +42,7 @@ stages: - build - test - review + - dast - staging - canary - production @@ -130,6 +131,23 @@ sast:container: artifacts: paths: [gl-sast-container-report.json] +dast: + stage: dast + allow_failure: true + image: owasp/zap2docker-stable + variables: + POSTGRES_DB: "false" + script: + - dast + artifacts: + paths: [gl-dast-report.json] + only: + refs: + - branches + kubernetes: active + except: + - master + review: stage: review script: @@ -270,8 +288,8 @@ production: docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 apk add -U wget ca-certificates docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} - wget https://github.com/arminc/clair-scanner/releases/download/v6/clair-scanner_linux_386 - mv clair-scanner_linux_386 clair-scanner + wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 + mv clair-scanner_linux_amd64 clair-scanner chmod +x clair-scanner touch clair-whitelist.yml ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} || true @@ -327,6 +345,12 @@ production: replicas="$new_replicas" fi + if [[ "$CI_PROJECT_VISIBILITY" != "public" ]]; then + secret_name='gitlab-registry' + else + secret_name='' + fi + helm upgrade --install \ --wait \ --set service.enabled="$service_enabled" \ @@ -334,6 +358,7 @@ production: --set image.repository="$CI_APPLICATION_REPOSITORY" \ --set image.tag="$CI_APPLICATION_TAG" \ --set image.pullPolicy=IfNotPresent \ + --set image.secrets[0].name="$secret_name" \ --set application.track="$track" \ --set application.database_url="$DATABASE_URL" \ --set service.url="$CI_ENVIRONMENT_URL" \ @@ -462,6 +487,11 @@ production: } function create_secret() { + echo "Create secret..." + if [[ "$CI_PROJECT_VISIBILITY" == "public" ]]; then + return + fi + kubectl create secret -n "$KUBE_NAMESPACE" \ docker-registry gitlab-registry \ --docker-server="$CI_REGISTRY" \ @@ -471,6 +501,14 @@ production: -o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f - } + function dast() { + export CI_ENVIRONMENT_URL=$(cat environment_url.txt) + + mkdir /zap/wrk/ + /zap/zap-baseline.py -J gl-dast-report.json -t "$CI_ENVIRONMENT_URL" || true + cp /zap/wrk/gl-dast-report.json . + } + function performance() { export CI_ENVIRONMENT_URL=$(cat environment_url.txt) |