stages: - generate-api-clients - build - deploy variables: REGISTRY: devnexus.krohne.com:18079/repository/docker-krohne IMAGE_NAME: $REGISTRY/$CI_PROJECT_NAME DTRACK_API_URL: https://dtrack-api-rd.krohne.com DEFECTDOJO_API_URL: https://defectdojo-rd.krohne.com KROHNE_CA_URL: https://devwiki.krohnegroup.com/lib/exe/fetch.php?media=krohne-ca.crt KROHNE_CA_CHECKSUM: a921e440a742f1e67c7714306e2c0d76 .generate-api: stage: generate-api-clients image: openapitools/openapi-generator-cli:v7.12.0 tags: - linux - docker - bash rules: - if: '$CI_COMMIT_BRANCH == "main"' - if: '$CI_COMMIT_TAG' before_script: - curl --insecure $KROHNE_CA_URL -o krohne-ca.crt - echo "$KROHNE_CA_CHECKSUM krohne-ca.crt" | md5sum -c - mv krohne-ca.crt /usr/local/share/ca-certificates - update-ca-certificates generate-dtrack-api: extends: .generate-api artifacts: paths: - dependencytrack-client expire_in: 1 week script: - curl ${DTRACK_API_URL}/api/openapi.json > dependencytrack-openapi.json - | docker-entrypoint.sh \ author template \ -g python \ -o dependencytrack-openapi-custom-template - sed -i 's/import re/import regex as re/' dependencytrack-openapi-custom-template/model_anyof.mustache - sed -i 's/import re/import regex as re/' dependencytrack-openapi-custom-template/model_generic.mustache - | docker-entrypoint.sh \ generate \ -i dependencytrack-openapi.json \ -g python \ -o dependencytrack-client \ --package-name dependencytrack_api \ -t dependencytrack-openapi-custom-template generate-defectdojo-api: extends: .generate-api artifacts: paths: - defectdojo-client expire_in: 1 week script: - curl ${DEFECTDOJO_API_URL}/api/v2/oa3/schema/?format=json > defectdojo-openapi.json - | docker-entrypoint.sh \ generate \ -i defectdojo-openapi.json \ -g python \ -o defectdojo-client \ --package-name defectdojo_api .dockerize: stage: build image: devnexus.krohne.com:18079/repository/docker-krohne/krohnedockerbash:0.5 tags: - linux - docker - bash rules: - if: '$CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "production_deployment"' script: - docker build --build-arg ADDITIONAL_CA_URL="$KROHNE_CA_URL" --build-arg ADDITIONAL_CA_CHECKSUM=$KROHNE_CA_CHECKSUM --tag $IMAGE_NAME:latest-$CI_COMMIT_BRANCH --tag $IMAGE_NAME:$CI_COMMIT_SHA -f $DOCKERFILE . - docker login -u $NEXUS_USER -p $NEXUS_PASSWORD $REGISTRY - docker push $IMAGE_NAME:latest-$CI_COMMIT_BRANCH - docker push $IMAGE_NAME:$CI_COMMIT_SHA dockerize-cli: extends: .dockerize variables: DOCKERFILE: Dockerfile-cli dockerize-server: extends: .dockerize variables: DOCKERFILE: Dockerfile-server .deploy: stage: deploy image: devnexus.krohne.com:18079/repository/docker-krohne/krohnedockerbash:0.5 variables: GIT_STRATEGY: none SERVICE: sbom-dd-dt-integrator script: - VERSION=$CI_COMMIT_SHA - CONTAINER_NAME=$SERVICE"-"$INSTANCE_SPECIFIER - SERVICE_VOLUME=$SERVICE"-"$INSTANCE_SPECIFIER"-data" - docker volume inspect $SERVICE_VOLUME || docker volume create $SERVICE_VOLUME - docker stop $CONTAINER_NAME || echo "$CONTAINER_NAME not running, anyway okay" - docker rm $CONTAINER_NAME || echo "$CONTAINER_NAME not running, anyway okay" - docker login -u $NEXUS_USER -p $NEXUS_PASSWORD $REGISTRY - docker pull $IMAGE_NAME:$VERSION - | cat - > /start-scripts/${CONTAINER_NAME}.sh << EOT docker run \ -d \ --restart always \ -p 4701:8000 \ --name $CONTAINER_NAME \ -e DTRACK_API_URL=$DTRACK_API_URL \ -e DTRACK_TOKEN=$DTRACK_TOKEN \ -e DEFECTDOJO_URL=$DEFECTDOJO_URL \ -e DEFECTDOJO_TOKEN=$DEFECTDOJO_TOKEN \ $IMAGE_NAME:$VERSION EOT - chmod 755 /start-scripts/${CONTAINER_NAME}.sh - /start-scripts/${CONTAINER_NAME}.sh deploy-test: extends: .deploy rules: - if: '$CI_COMMIT_BRANCH == "main"' tags: - test-deployment-de01rdtst01 variables: INSTANCE_SPECIFIER: test environment: name: test deploy-dev: extends: .deploy rules: - if: '$CI_COMMIT_BRANCH == "production_deployment"' tags: - for-common-services-prod-deployment-only variables: INSTANCE_SPECIFIER: prod environment: name: prod