wn/dtrack-defectdojo-automation
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
b430afcfefe973b9d18ccc462e08b6ee58677287
dtrack-defectdojo-automation/.gitlab-ci.yml

158 lines
4.4 KiB
YAML
Raw Blame History

stages:
- generate-api-clients
- build
- deploy
variables:
REGISTRY: devnexus.krohne.com:18079/repository/docker-krohne
IMAGE_NAME: $REGISTRY/$CI_PROJECT_NAME
DTRACK_API_URL: https://dtrack-api-rd.krohne.com
DEFECTDOJO_API_URL: https://defectdojo-rd.krohne.com
KROHNE_CA_URL: https://devwiki.krohnegroup.com/lib/exe/fetch.php?media=krohne-ca.crt
KROHNE_CA_CHECKSUM: a921e440a742f1e67c7714306e2c0d76
.generate-api:
stage: generate-api-clients
image: openapitools/openapi-generator-cli:v7.12.0
tags:
- linux
- docker
- bash
rules:
- if: '$CI_COMMIT_BRANCH == "main"'
- if: '$CI_COMMIT_TAG'
before_script:
- curl --insecure $KROHNE_CA_URL -o krohne-ca.crt
- echo "$KROHNE_CA_CHECKSUM krohne-ca.crt" | md5sum -c
- mv krohne-ca.crt /usr/local/share/ca-certificates
- update-ca-certificates
generate-dtrack-api:
extends: .generate-api
artifacts:
paths:
- dependencytrack-client
expire_in: 1 week
script:
- curl ${DTRACK_API_URL}/api/openapi.json > dependencytrack-openapi.json
- |
docker-entrypoint.sh \
author template \
-g python \
-o dependencytrack-openapi-custom-template
- sed -i 's/import re/import regex as re/' dependencytrack-openapi-custom-template/model_anyof.mustache
- sed -i 's/import re/import regex as re/' dependencytrack-openapi-custom-template/model_generic.mustache
- |
docker-entrypoint.sh \
generate \
-i dependencytrack-openapi.json \
-g python \
-o dependencytrack-client \
--package-name dependencytrack_api \
-t dependencytrack-openapi-custom-template
generate-defectdojo-api:
extends: .generate-api
artifacts:
paths:
- defectdojo-client
expire_in: 1 week
script:
- curl ${DEFECTDOJO_API_URL}/api/v2/oa3/schema/?format=json > defectdojo-openapi.json
- |
docker-entrypoint.sh \
generate \
-i defectdojo-openapi.json \
-g python \
-o defectdojo-client \
--package-name defectdojo_api
.dockerize:
stage: build
image: devnexus.krohne.com:18079/repository/docker-krohne/krohnedockerbash:0.5
tags:
- linux
- docker
- bash
rules:
- if: '$CI_COMMIT_TAG'
script:
- docker build --build-arg ADDITIONAL_CA_URL="$KROHNE_CA_URL"
--build-arg ADDITIONAL_CA_CHECKSUM=$KROHNE_CA_CHECKSUM
--tag $IMAGE_NAME:latest
--tag $IMAGE_NAME:$CI_COMMIT_SHA
--tag $IMAGE_NAME:$CI_COMMIT_TAG
-f $DOCKERFILE
.
- docker login -u $NEXUS_USER -p $NEXUS_PASSWORD $REGISTRY
- docker push $IMAGE_NAME:latest
- docker push $IMAGE_NAME:$CI_COMMIT_SHA
- docker push $IMAGE_NAME:$CI_COMMIT_TAG
dockerize-cli:
extends: .dockerize
variables:
DOCKERFILE: Dockerfile-cli
dockerize-server:
extends: .dockerize
variables:
DOCKERFILE: Dockerfile-server
.deploy:
stage: deploy
image: devnexus.krohne.com:18079/repository/docker-krohne/krohnedockerbash:0.5
variables:
GIT_STRATEGY: none
SERVICE: sbom-dd-dt-integrator
script:
- VERSION=$CI_COMMIT_SHA
- CONTAINER_NAME=$SERVICE"-"$INSTANCE_SPECIFIER
- SERVICE_VOLUME=$SERVICE"-"$INSTANCE_SPECIFIER"-data"
- docker volume inspect $SERVICE_VOLUME || docker volume create $SERVICE_VOLUME
- docker stop $CONTAINER_NAME || echo "$CONTAINER_NAME not running, anyway okay"
- docker rm $CONTAINER_NAME || echo "$CONTAINER_NAME not running, anyway okay"
- docker login -u $NEXUS_USER -p $NEXUS_PASSWORD $REGISTRY
- docker pull $IMAGE_NAME:$VERSION
- |
cat - > /start-scripts/${CONTAINER_NAME}.sh << EOT
docker run \
-d \
--restart always
--name $CONTAINER_NAME \
-e DTRACK_API_URL=$DTRACK_API_URL \
-e DTRACK_TOKEN=$DTRACK_TOKEN \
-e DEFECTDOJO_URL=$DEFECTDOJO_URL \
-e DEFECTDOJO_TOKEN=$DEFECTDOJO_TOKEN \
$IMAGE_NAME:$VERSION
EOT
- chmod 755 /start-scripts/${CONTAINER_NAME}.sh
- /start-scripts/${CONTAINER_NAME}.sh
deploy-test:
extends: .deploy
only:
refs:
- main
tags:
- test-deployment-de01rdtst01
variables:
INSTANCE_SPECIFIER: test
environment:
name: test
deploy-dev:
extends: .deploy
only:
refs:
- production_deployment
tags:
- for-common-services-prod-deployment-only
variables:
INSTANCE_SPECIFIER: prod
environment:
name: prod
Reference in New Issue View Git Blame Copy Permalink