paul/gilde-ci-cd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into feat/update_sonar_docs

Browse Source 
# Conflicts:
#	documentation/chapters/templates/tool-sonar7.adoc
This commit is contained in:
Karina Schaeffler 2022-03-04 12:57:33 +01:00
commit 1b1e789860
10 changed files with 20 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.gitlab-ci.yml
View File

@ -23,11 +23,11 @@ check_confluence_validity:
INPUT_FILE: "document.adoc" INPUT_FILE: "document.adoc"
IMAGES_DIR: images IMAGES_DIR: images
CREATE_SUB_PAGES: "false" CREATE_SUB_PAGES: "false"
PAGE_PREFIX: "[CI/CD] - [TMPL] - " PAGE_PREFIX: "[CI/CD] - "
CONFLUENCE_SPACE: RANDI CONFLUENCE_SPACE: RANDI
TEXT_GENERATED_HINT: '<ac:structured-macro ac:name="warning"><ac:parameter ac:name="title" /><ac:rich-text-body>This is a generated page, do not edit! All changes must happen in the <a href="${CI_PROJECT_URL}">Repository</a> TEXT_GENERATED_HINT: '<ac:structured-macro ac:name="warning"><ac:parameter ac:name="title" /><ac:rich-text-body>This is a generated page, do not edit! All changes must happen in the <a href="${CI_PROJECT_URL}">Repository</a>
.</ac:rich-text-body></ac:structured-macro>' .</ac:rich-text-body></ac:structured-macro>'
FILE_INPUT: "index.html,111183157,gitlab-ci-templates" FILE_INPUT: "index.html,107524048,CI Templates"
extends: .check_confluence_validity-template extends: .check_confluence_validity-template
pages: pages:
@ -36,11 +36,11 @@ pages:
INPUT_FILE: "document.adoc" INPUT_FILE: "document.adoc"
IMAGES_DIR: images IMAGES_DIR: images
CREATE_SUB_PAGES: "false" CREATE_SUB_PAGES: "false"
PAGE_PREFIX: "[CI/CD] - [TMPL] - " PAGE_PREFIX: "[CI/CD] - "
CONFLUENCE_SPACE: RANDI CONFLUENCE_SPACE: RANDI
TEXT_GENERATED_HINT: '<ac:structured-macro ac:name="warning"><ac:parameter ac:name="title" /><ac:rich-text-body>This is a generated page, do not edit! All changes must happen in the <a href="${CI_PROJECT_URL}">Repository</a> TEXT_GENERATED_HINT: '<ac:structured-macro ac:name="warning"><ac:parameter ac:name="title" /><ac:rich-text-body>This is a generated page, do not edit! All changes must happen in the <a href="${CI_PROJECT_URL}">Repository</a>
.</ac:rich-text-body></ac:structured-macro>' .</ac:rich-text-body></ac:structured-macro>'
FILE_INPUT: "index.html,111183157,gitlab-ci-templates" FILE_INPUT: "index.html,107524048,CI Templates"
extends: .pages-template extends: .pages-template
.release-template: .release-template:

2
container-publish.gitlab-ci.yml
View File

@ -46,7 +46,7 @@
EXTRA_ARGS: $GRADLE_EXTRA_ARGS EXTRA_ARGS: $GRADLE_EXTRA_ARGS
script: script:
- echo $PARSED_VERSION - echo $PARSED_VERSION
- ./gradlew assemble jib $EXTRA_ARGS - ./gradlew assemble jib $GRADLE_CLI_OPTS $EXTRA_ARGS
"-DskipTests" "-DskipTests"
"-Djib.to.image=$DOCKER_REGISTRY:$PARSED_VERSION"" "-Djib.to.image=$DOCKER_REGISTRY:$PARSED_VERSION""
"-Djib.to.auth.username=$DOCKER_REGISTRY_USER" "-Djib.to.auth.username=$DOCKER_REGISTRY_USER"

8
container-scan.gitlab-ci.yml
View File

@ -2,7 +2,7 @@
image: $MAVEN_IMAGE image: $MAVEN_IMAGE
stage: test stage: test
variables: variables:
TRIVY_VERSION: 0.24.1 TRIVY_VERSION: 0.24.2
EXITCODE: 1 EXITCODE: 1
TRIVY_EXTRA_ARGS: "--no-progress --ignore-unfixed" TRIVY_EXTRA_ARGS: "--no-progress --ignore-unfixed"
before_script: before_script:
@ -23,7 +23,7 @@
image: $GRADLE_IMAGE image: $GRADLE_IMAGE
stage: test stage: test
variables: variables:
TRIVY_VERSION: 0.24.1 TRIVY_VERSION: 0.24.2
EXITCODE: 1 EXITCODE: 1
PROJECT_DIR: $CI_PROJECT_DIR/build PROJECT_DIR: $CI_PROJECT_DIR/build
TRIVY_EXTRA_ARGS: "--no-progress --ignore-unfixed" TRIVY_EXTRA_ARGS: "--no-progress --ignore-unfixed"
@ -32,7 +32,7 @@
- curl -L "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" --output trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz - curl -L "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" --output trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
- tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
script: script:
- ./gradlew jibBuildTar -DskipTests - ./gradlew $GRADLE_CLI_OPTS jibBuildTar -DskipTests
- ./trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code 0 --severity HIGH,CRITICAL --format template --template "@contrib/junit.tpl" -o junit-report.xml --input $PROJECT_DIR/jib-image.tar - ./trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code 0 --severity HIGH,CRITICAL --format template --template "@contrib/junit.tpl" -o junit-report.xml --input $PROJECT_DIR/jib-image.tar
- ./trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code $EXITCODE --severity HIGH,CRITICAL --input $PROJECT_DIR/jib-image.tar - ./trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code $EXITCODE --severity HIGH,CRITICAL --input $PROJECT_DIR/jib-image.tar
cache: cache:
@ -48,7 +48,7 @@
name: gcr.io/kaniko-project/executor:debug name: gcr.io/kaniko-project/executor:debug
entrypoint: [ "" ] entrypoint: [ "" ]
variables: variables:
TRIVY_VERSION: 0.24.1 TRIVY_VERSION: 0.24.2
PROJECT_DIR: $CI_PROJECT_DIR PROJECT_DIR: $CI_PROJECT_DIR
DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile
CONTEXT_LOCATION: $CI_PROJECT_DIR CONTEXT_LOCATION: $CI_PROJECT_DIR

1
documentation/chapters/templates/container-publish.adoc
View File

@ -19,6 +19,7 @@ Falls das Projekt aus mehreren Poms besteht, kann `before_script:` benutzt werde
|EXTRA_ARGS | Weitere Argumente die an den jeweiligen Job gegeben werden sollen. | "" |EXTRA_ARGS | Weitere Argumente die an den jeweiligen Job gegeben werden sollen. | ""
|USE_VERSIONFILE | Wenn true, dann wird zur Versionierung das ./version file aus dem set-version tool verwendet | "false" |USE_VERSIONFILE | Wenn true, dann wird zur Versionierung das ./version file aus dem set-version tool verwendet | "false"
|ARTIFACT | Der Name des Versionfiles aus dem set-version tool | "version" |ARTIFACT | Der Name des Versionfiles aus dem set-version tool | "version"
|GRADLE_CLI_OPTS | Zusätzliche CLI Opts für Gradle | ""
|=== |===
.container-publish .container-publish

1
documentation/chapters/templates/container-scan.adoc
View File

@ -22,6 +22,7 @@ Benutzte `allow_failure: true` damit die CI weiter läuft aber ein Failure angez
Wenn 0 benutzt wird, läuft die CI weiter. Wenn 0 benutzt wird, läuft die CI weiter.
Benutzte `allow_failure: true` damit die CI weiter läuft aber ein Failure angezeigt wird. Benutzte `allow_failure: true` damit die CI weiter läuft aber ein Failure angezeigt wird.
| - | -
|GRADLE_CLI_OPTS | Zusätzliche CLI Opts für Gradle | ""
|=== |===
.container scan template .container scan template

1
documentation/chapters/templates/gradle-build-template.adoc
View File

@ -8,6 +8,7 @@ Die Ergebnisse werden als Artifact gespeichert.
.Variables .Variables
|=== |===
|Name |Description | Default Value |Name |Description | Default Value
|GRADLE_CLI_OPTS | Zusätzliche CLI Opts für Gradle | ""
|=== |===
.gradle-build-template .gradle-build-template

1
documentation/chapters/templates/gradle-test-template.adoc
View File

@ -8,6 +8,7 @@ Die Ergebnisse werden als Artifact gespeichert.
.Variables .Variables
|=== |===
|Name |Description | Default Value |Name |Description | Default Value
|GRADLE_CLI_OPTS | Zusätzliche CLI Opts für Gradle | ""
|=== |===
.gradle-test-template .gradle-test-template

7
documentation/chapters/templates/tool-sonar7.adoc
View File

@ -13,11 +13,14 @@ Mehr Details zu finden hier: https://gitlab.exxcellent.de/gilden/ci/exxcellent-s
|SONAR_PROJECT_KEY | Der Sonar-Projekt-Key. | "" |SONAR_PROJECT_KEY | Der Sonar-Projekt-Key. | ""
|SONAR_PROJECT_NAME | Der Sonar-Projekt-Name. | "" (Es wird dann standardmäßig der Maven project.name verwendet) |SONAR_PROJECT_NAME | Der Sonar-Projekt-Name. | "" (Es wird dann standardmäßig der Maven project.name verwendet)
|SONAR_EXCLUSIONS | Von Sonar auszuschließende Bereiche | **/target/**,**/src/test/** |SONAR_EXCLUSIONS | Von Sonar auszuschließende Bereiche | **/target/**,**/src/test/**
|GRADLE_CLI_OPTS | Zusätzliche CLI Opts für Gradle | ""
|=== |===
TIP: Der SONAR_TOKEN String kann über den persönlichen User Bereich in Sonar unter dem Tab _Security_ erzeugt werden. Ein technischer User ist aktuell nicht möglich. Das Token wird ausschließlich dafür benötigt, wenn der Sonar Buildbreaker über die Pipeline aktiviert wird (_sonar.buildbreaker.skip=true_). Wenn der Build nicht gebrochen werden soll, kann es weggelassen werden. TIP: Der SONAR_TOKEN String kann über den persönlichen User Bereich in Sonar unter dem Tab _Security_ erzeugt werden.
Ein technischer User ist aktuell nicht möglich.
Das Token wird ausschließlich dafür benötigt, wenn der Sonar Buildbreaker über die Pipeline aktiviert wird (_sonar.buildbreaker.skip=true_).
Wenn der Build nicht gebrochen werden soll, kann es weggelassen werden.
.sonar-template .sonar-template
[source,yaml] [source,yaml]

2
gradle-test-template.gitlab-ci.yml
View File

@ -2,7 +2,7 @@
image: $GRADLE_IMAGE image: $GRADLE_IMAGE
stage: test stage: test
script: script:
- "./gradlew --build-cache test" - "./gradlew --build-cache test $GRADLE_CLI_OPTS"
artifacts: artifacts:
expire_in: 2 weeks expire_in: 2 weeks
reports: reports:

2
tool-sonar7.gitlab-ci.yml
View File

@ -27,7 +27,7 @@
extends: .sonar-template-common extends: .sonar-template-common
image: $GRADLE_IMAGE image: $GRADLE_IMAGE
script: script:
- ./gradlew $GRADLE_OPTS sonarqube - ./gradlew $GRADLE_OPTS sonarqube $GRADLE_CLI_OPTS
"-Dsonar.host.url=$SONAR_HOST_URL" "-Dsonar.host.url=$SONAR_HOST_URL"
"-Dsonar.login=$SONAR_TOKEN" "-Dsonar.login=$SONAR_TOKEN"
"-Dsonar.projectKey=$SONAR_PROJECT_KEY" "-Dsonar.projectKey=$SONAR_PROJECT_KEY"