From cd2549891a26384f1ebd1773af0d1a5a2ed0f8a7 Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Mon, 28 Jun 2021 10:52:26 +0200 Subject: [PATCH 01/25] refactor(Container) Rename all Container related stuff from image suffix to container prefix --- publish-image.yml => container-publish.yml | 0 documentation/chapters/generalInformation.adoc | 2 +- .../templates/{publish-image.adoc => container-publish.adoc} | 2 +- documentation/document.adoc | 2 +- 4 files changed, 3 insertions(+), 3 deletions(-) rename publish-image.yml => container-publish.yml (100%) rename documentation/chapters/templates/{publish-image.adoc => container-publish.adoc} (90%) diff --git a/publish-image.yml b/container-publish.yml similarity index 100% rename from publish-image.yml rename to container-publish.yml diff --git a/documentation/chapters/generalInformation.adoc b/documentation/chapters/generalInformation.adoc index 2b47efc..1369924 100644 --- a/documentation/chapters/generalInformation.adoc +++ b/documentation/chapters/generalInformation.adoc @@ -23,7 +23,7 @@ include: - 'npm-dependencies-template.yml' - 'npm-lint-template.yml' - 'npm-test-template.yml' - - 'publish-image.yml' + - 'container-publish.yml' - 'set-version-template.yml' - 'sonar-template.yml' diff --git a/documentation/chapters/templates/publish-image.adoc b/documentation/chapters/templates/container-publish.adoc similarity index 90% rename from documentation/chapters/templates/publish-image.adoc rename to documentation/chapters/templates/container-publish.adoc index 2c2fa41..f0d261a 100644 --- a/documentation/chapters/templates/publish-image.adoc +++ b/documentation/chapters/templates/container-publish.adoc @@ -14,5 +14,5 @@ Falls das Projekt aus mehreren Poms besteht, kann `bevor_script:` benutzt werden .sonar-template ---- -include::{sourcedir}/publish-image.yml[] +include::{sourcedir}/container-publish.yml[] ---- \ No newline at end of file diff --git a/documentation/document.adoc b/documentation/document.adoc index 65a24ae..88bcacb 100644 --- a/documentation/document.adoc +++ b/documentation/document.adoc @@ -37,7 +37,7 @@ include::chapters/generalInformation.adoc[leveloffset=1] == Misc Templates include::chapters/templates/sonar-template.adoc[leveloffset=1] -include::chapters/templates/publish-image.adoc[leveloffset=1] +include::chapters/templates/container-publish.adoc[leveloffset=1] == NPM Templates From 146ff9b89e5623559498f5a6181608233a684adb Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Mon, 28 Jun 2021 10:52:41 +0200 Subject: [PATCH 02/25] feat(Container) add container scan template --- container-scan.yml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 container-scan.yml diff --git a/container-scan.yml b/container-scan.yml new file mode 100644 index 0000000..fde0286 --- /dev/null +++ b/container-scan.yml @@ -0,0 +1,33 @@ +.publish-image-jib: + image: $MAVEN_IMAGE + stage: test + variables: + TRIVY_VERSION: 0.18.3 + PROJECT_DIR: $CI_PROJECT_DIR + DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile + CONTEXT_LOCATION: $CI_PROJECT_DIR + before_script: + - wget "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" + - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz + script: + - mvn $MAVEN_CLI_OPTS compile jib:buildTar -DskipTests + - ./trivy --exit-code 0 --severity HIGH --no-progress --auto-refresh --input target/jib-image.tar + - ./trivy --exit-code 1 --severity CRITICAL --no-progress --auto-refresh --input target/jib-image.tar + +.check-kani: + stage: test + image: + name: gcr.io/kaniko-project/executor:debug + entrypoint: [ "" ] + variables: + TRIVY_VERSION: 0.18.3 + PROJECT_DIR: $CI_PROJECT_DIR + DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile + CONTEXT_LOCATION: $CI_PROJECT_DIR + before_script: + - wget "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" + - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz + script: + - /kaniko/executor --context $CONTEXT_LOCATION --dockerfile $DOCKERFILE_LOCATION --cache-dir cache/image --tarPath image.tar --no-push --destination image + - ./trivy --exit-code 0 --severity HIGH --no-progress --auto-refresh --input image.tar + - ./trivy --exit-code 1 --severity CRITICAL --no-progress --auto-refresh --input image.tar \ No newline at end of file From 2162e372de8dee4fe1c2b03a43f8c78d8774a87f Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Mon, 28 Jun 2021 10:55:41 +0200 Subject: [PATCH 03/25] feat(Container) rename to scan container kaniko/jib --- container-scan.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/container-scan.yml b/container-scan.yml index fde0286..3f622fd 100644 --- a/container-scan.yml +++ b/container-scan.yml @@ -1,4 +1,4 @@ -.publish-image-jib: +.scan-container-jib: image: $MAVEN_IMAGE stage: test variables: @@ -14,7 +14,7 @@ - ./trivy --exit-code 0 --severity HIGH --no-progress --auto-refresh --input target/jib-image.tar - ./trivy --exit-code 1 --severity CRITICAL --no-progress --auto-refresh --input target/jib-image.tar -.check-kani: +.scan-container-kaniko: stage: test image: name: gcr.io/kaniko-project/executor:debug From b527942602c2b097cf06fceb8ab14ef2136f66e2 Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Mon, 28 Jun 2021 13:04:20 +0200 Subject: [PATCH 04/25] feat(Container) use curl instead of wget in maven --- container-scan.yml | 2 +- documentation/chapters/generalInformation.adoc | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/container-scan.yml b/container-scan.yml index 3f622fd..f3eacc8 100644 --- a/container-scan.yml +++ b/container-scan.yml @@ -25,7 +25,7 @@ DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile CONTEXT_LOCATION: $CI_PROJECT_DIR before_script: - - wget "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" + - curl -L "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" --output trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz script: - /kaniko/executor --context $CONTEXT_LOCATION --dockerfile $DOCKERFILE_LOCATION --cache-dir cache/image --tarPath image.tar --no-push --destination image diff --git a/documentation/chapters/generalInformation.adoc b/documentation/chapters/generalInformation.adoc index 1369924..24fb4c7 100644 --- a/documentation/chapters/generalInformation.adoc +++ b/documentation/chapters/generalInformation.adoc @@ -24,6 +24,7 @@ include: - 'npm-lint-template.yml' - 'npm-test-template.yml' - 'container-publish.yml' + - 'container-scan.yml' - 'set-version-template.yml' - 'sonar-template.yml' From 4c4e7a202666908231c570f09897617207c7417d Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Mon, 28 Jun 2021 13:14:51 +0200 Subject: [PATCH 05/25] feat(Container) correct last wget and curl. --- container-scan.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/container-scan.yml b/container-scan.yml index f3eacc8..244f3dc 100644 --- a/container-scan.yml +++ b/container-scan.yml @@ -7,7 +7,7 @@ DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile CONTEXT_LOCATION: $CI_PROJECT_DIR before_script: - - wget "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" + - curl -L "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" --output trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz script: - mvn $MAVEN_CLI_OPTS compile jib:buildTar -DskipTests @@ -25,7 +25,7 @@ DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile CONTEXT_LOCATION: $CI_PROJECT_DIR before_script: - - curl -L "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" --output trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz + - wget "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz script: - /kaniko/executor --context $CONTEXT_LOCATION --dockerfile $DOCKERFILE_LOCATION --cache-dir cache/image --tarPath image.tar --no-push --destination image From 6c78be307715ba368206e3ab5dc3a64a11ba5d7c Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Tue, 29 Jun 2021 08:05:49 +0000 Subject: [PATCH 06/25] Update publish-image.yml to use rules --- publish-image.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/publish-image.yml b/publish-image.yml index 5abb8a8..cb09eb4 100644 --- a/publish-image.yml +++ b/publish-image.yml @@ -1,8 +1,8 @@ .publish-image-jib: image: $MAVEN_IMAGE stage: package - only: - - tags + rules: + - if: $CI_COMMIT_TAG variables: MVN_VERSION: "true" script: From cac068d7c82447697790a0691569eb15be392e36 Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Tue, 29 Jun 2021 08:16:44 +0000 Subject: [PATCH 07/25] Update container-publish.yml --- container-publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/container-publish.yml b/container-publish.yml index 5abb8a8..cb09eb4 100644 --- a/container-publish.yml +++ b/container-publish.yml @@ -1,8 +1,8 @@ .publish-image-jib: image: $MAVEN_IMAGE stage: package - only: - - tags + rules: + - if: $CI_COMMIT_TAG variables: MVN_VERSION: "true" script: From 2e0fa76f413c8c35404bcad6e274fe1109d04301 Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Tue, 29 Jun 2021 08:49:03 +0000 Subject: [PATCH 08/25] feat(Container Scan) Make exit code variable --- container-scan.yml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/container-scan.yml b/container-scan.yml index 244f3dc..4c246e8 100644 --- a/container-scan.yml +++ b/container-scan.yml @@ -6,14 +6,16 @@ PROJECT_DIR: $CI_PROJECT_DIR DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile CONTEXT_LOCATION: $CI_PROJECT_DIR + EXITCODE_ON_HIGH: 1 + EXITCODE_ON_CRITICAL: 1 before_script: - curl -L "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" --output trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz script: - mvn $MAVEN_CLI_OPTS compile jib:buildTar -DskipTests - - ./trivy --exit-code 0 --severity HIGH --no-progress --auto-refresh --input target/jib-image.tar - - ./trivy --exit-code 1 --severity CRITICAL --no-progress --auto-refresh --input target/jib-image.tar - + - ./trivy --exit-code $EXITCODE_ON_HIGH --severity HIGH --no-progress --auto-refresh --input target/jib-image.tar + - ./trivy --exit-code $EXITCODE_ON_CRITICAL --severity CRITICAL --no-progress --auto-refresh --input target/jib-image.tar + .scan-container-kaniko: stage: test image: @@ -24,10 +26,12 @@ PROJECT_DIR: $CI_PROJECT_DIR DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile CONTEXT_LOCATION: $CI_PROJECT_DIR + EXITCODE_ON_HIGH: 1 + EXITCODE_ON_CRITICAL: 1 before_script: - wget "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz script: - /kaniko/executor --context $CONTEXT_LOCATION --dockerfile $DOCKERFILE_LOCATION --cache-dir cache/image --tarPath image.tar --no-push --destination image - - ./trivy --exit-code 0 --severity HIGH --no-progress --auto-refresh --input image.tar - - ./trivy --exit-code 1 --severity CRITICAL --no-progress --auto-refresh --input image.tar \ No newline at end of file + - ./trivy --exit-code $EXITCODE_ON_HIGH --severity HIGH --no-progress --auto-refresh --input image.tar + - ./trivy --exit-code $EXITCODE_ON_CRITICAL --severity CRITICAL --no-progress --auto-refresh --input image.tar From 1b3a5854d54178ff33b48fed2b2fb7ff285aeeba Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Tue, 29 Jun 2021 17:09:35 +0200 Subject: [PATCH 09/25] refactor(*) add Sonar lint to gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 0a16fa7..e095c17 100644 --- a/.gitignore +++ b/.gitignore @@ -72,3 +72,4 @@ fabric.properties # Android studio 3.1+ serialized cache file .idea/caches/build_file_checksums.ser +/.idea/sonarlint/ From f92490d01aa319572ba26df2333d100d2e923a58 Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Tue, 29 Jun 2021 17:10:01 +0200 Subject: [PATCH 10/25] refactor(*) remove files from Sonar lint --- .../issuestore/2/e/2eef21b10116aab77b6b014cb5adf007d2d2e128 | 0 .idea/sonarlint/issuestore/index.pb | 3 --- 2 files changed, 3 deletions(-) delete mode 100644 .idea/sonarlint/issuestore/2/e/2eef21b10116aab77b6b014cb5adf007d2d2e128 delete mode 100644 .idea/sonarlint/issuestore/index.pb diff --git a/.idea/sonarlint/issuestore/2/e/2eef21b10116aab77b6b014cb5adf007d2d2e128 b/.idea/sonarlint/issuestore/2/e/2eef21b10116aab77b6b014cb5adf007d2d2e128 deleted file mode 100644 index e69de29..0000000 diff --git a/.idea/sonarlint/issuestore/index.pb b/.idea/sonarlint/issuestore/index.pb deleted file mode 100644 index 201e7fb..0000000 --- a/.idea/sonarlint/issuestore/index.pb +++ /dev/null @@ -1,3 +0,0 @@ - -A -publish-image.yml,2/e/2eef21b10116aab77b6b014cb5adf007d2d2e128 \ No newline at end of file From 98a2292a753b35ddb31cc2b2212c762d2a020df7 Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Tue, 29 Jun 2021 17:10:22 +0200 Subject: [PATCH 11/25] refactor(*) cleanup Sonar Template doc that is now in own repo --- .../chapters/templates/sonar-template.adoc | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 documentation/chapters/templates/sonar-template.adoc diff --git a/documentation/chapters/templates/sonar-template.adoc b/documentation/chapters/templates/sonar-template.adoc deleted file mode 100644 index dd5e6d7..0000000 --- a/documentation/chapters/templates/sonar-template.adoc +++ /dev/null @@ -1,17 +0,0 @@ -:sourcedir: ../../../ - -= sonar-template - -Ruft den Sonar Job für das Projekt auf. -Mehr Details zu finden hier: https://gitlab.exxcellent.de/gilden/ci/exxcellent-sonar-tool[Gilde CI/CD: exxcellent-sonar-tool]. - -.Variables -|=== -|Name |Description | Default Value -|SONAR_PROJECT_KEY | Der Sonar-Projekt-Key. | "" -|=== - -.sonar-template ----- -include::{sourcedir}/sonar-template.yml[] ----- \ No newline at end of file From 66dcfe8579fccef11ef7fffb16a2c01a7bff6d29 Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Tue, 29 Jun 2021 17:11:29 +0200 Subject: [PATCH 12/25] docs(Container) Add Container Documentation for Scan and corrected Publish Docs --- container-scan.yml | 3 --- .../chapters/templates/container-publish.adoc | 4 ++-- .../chapters/templates/container-scan.adoc | 23 +++++++++++++++++++ documentation/document.adoc | 8 +++++-- 4 files changed, 31 insertions(+), 7 deletions(-) create mode 100644 documentation/chapters/templates/container-scan.adoc diff --git a/container-scan.yml b/container-scan.yml index 4c246e8..df6734a 100644 --- a/container-scan.yml +++ b/container-scan.yml @@ -3,9 +3,6 @@ stage: test variables: TRIVY_VERSION: 0.18.3 - PROJECT_DIR: $CI_PROJECT_DIR - DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile - CONTEXT_LOCATION: $CI_PROJECT_DIR EXITCODE_ON_HIGH: 1 EXITCODE_ON_CRITICAL: 1 before_script: diff --git a/documentation/chapters/templates/container-publish.adoc b/documentation/chapters/templates/container-publish.adoc index f0d261a..27db2e7 100644 --- a/documentation/chapters/templates/container-publish.adoc +++ b/documentation/chapters/templates/container-publish.adoc @@ -1,8 +1,8 @@ :sourcedir: ../../../ -= Publish-Image-jib += Container-Publish -Baut mithilfe von jib ein Docker Image und läd es in der Docker Registry des Projekt hoch. +Baut mithilfe von jib oder kaniko ein Docker Image und läd das Image in der Docker Registry des Projekts hoch. Dieser Schritt wird nur ausgeführt, wenn ein Tag gesetzt wird. .Variables diff --git a/documentation/chapters/templates/container-scan.adoc b/documentation/chapters/templates/container-scan.adoc new file mode 100644 index 0000000..1a200b0 --- /dev/null +++ b/documentation/chapters/templates/container-scan.adoc @@ -0,0 +1,23 @@ +:sourcedir: ../../../ + += Container-Scan + +Scanned ein Container Baut mithilfe von jib oder kaniko ein Container ein Docker Image und läd es in der Docker Registry des Projekt hoch. +Dieser Schritt wird nur ausgeführt, wenn ein Tag gesetzt wird. + +.Variables +|=== +|Name |Description | Default Value +|TRIVY_VERSION | Version von Trivy die benutzt werden soll. +|EXITCODE_ON_HIGH | Bestimmt den Exit code der ausgegeben werden soll, wenn ein CVE der als HIGH markiert wurde, gefunden werden konnte. +Wenn 0 benutzt wird, läuft die CI weiter. +Benutzte `allow_failure: true` damit die CI weiter läuft aber ein Failure angezeigt wird. +|EXITCODE_ON_CRITICAL | Bestimmt den Exit code der ausgegeben werden soll, wenn ein CVE der als CRITICAL markiert wurde, gefunden werden konnte. +Wenn 0 benutzt wird, läuft die CI weiter. +Benutzte `allow_failure: true` damit die CI weiter läuft aber ein Failure angezeigt wird. +|=== + +.sonar-template +---- +include::{sourcedir}/container-scan.yml[] +---- \ No newline at end of file diff --git a/documentation/document.adoc b/documentation/document.adoc index 88bcacb..c783dfb 100644 --- a/documentation/document.adoc +++ b/documentation/document.adoc @@ -36,8 +36,8 @@ include::chapters/generalInformation.adoc[leveloffset=1] == Misc Templates -include::chapters/templates/sonar-template.adoc[leveloffset=1] include::chapters/templates/container-publish.adoc[leveloffset=1] +include::chapters/templates/container-scan.adoc[leveloffset=1] == NPM Templates @@ -50,4 +50,8 @@ include::chapters/templates/npm-test-template.adoc[leveloffset=1] include::chapters/templates/maven-dependencies-template.adoc[leveloffset=1] include::chapters/templates/maven-build-template.adoc[leveloffset=1] -include::chapters/templates/maven-verify-template.adoc[leveloffset=1] \ No newline at end of file +include::chapters/templates/maven-verify-template.adoc[leveloffset=1] + +== Tools + +Weitere Templates für die Tools der CI Gilde, sind in den jeweiligen Repos zu finden. \ No newline at end of file From 92eef1b7a96c9bc80d7e2b2f0914d27b4f65848c Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Thu, 1 Jul 2021 12:48:49 +0000 Subject: [PATCH 13/25] Add docker variables to jib build --- container-publish.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/container-publish.yml b/container-publish.yml index cb09eb4..51d1b55 100644 --- a/container-publish.yml +++ b/container-publish.yml @@ -4,6 +4,9 @@ rules: - if: $CI_COMMIT_TAG variables: + DOCKER_REGISTRY: $CI_REGISTRY + DOCKER_REGISTRY_USER: $CI_REGISTRY_USER + DOCKER_REGISTRY_PASSWORD: $CI_REGISTRY_PASSWORD MVN_VERSION: "true" script: - export PARSED_VERSION=$(echo $CI_COMMIT_TAG | sed -r 's/\+/_/g') # Replace + sign since this is not valid in a docker tag @@ -14,8 +17,9 @@ fi - mvn $MAVEN_CLI_OPTS compile jib:build "-DskipTests" - "-Djib.to.auth.username=$CI_REGISTRY_USER" - "-Djib.to.auth.password=$CI_REGISTRY_PASSWORD" + "-Djib.to.image=$DOCKER_REGISTRY:$PARSED_VERSION" + "-Djib.to.auth.username=$DOCKER_REGISTRY_USER" + "-Djib.to.auth.password=$DOCKER_REGISTRY_PASSWORD" .publish-image-kaniko: image: From ee4482d4ad2859d956d847d7f7e99acb75787488 Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Fri, 2 Jul 2021 08:54:05 +0200 Subject: [PATCH 14/25] docs(Container) Small Corrections in the doc from merg requests feedback. --- .idea/gitlab-ci-templates.iml | 4 +++- documentation/chapters/templates/container-publish.adoc | 2 +- documentation/chapters/templates/container-scan.adoc | 3 +-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.idea/gitlab-ci-templates.iml b/.idea/gitlab-ci-templates.iml index d6ebd48..2576ae6 100644 --- a/.idea/gitlab-ci-templates.iml +++ b/.idea/gitlab-ci-templates.iml @@ -2,7 +2,9 @@ - + + + diff --git a/documentation/chapters/templates/container-publish.adoc b/documentation/chapters/templates/container-publish.adoc index 27db2e7..c90abce 100644 --- a/documentation/chapters/templates/container-publish.adoc +++ b/documentation/chapters/templates/container-publish.adoc @@ -9,7 +9,7 @@ Dieser Schritt wird nur ausgeführt, wenn ein Tag gesetzt wird. |=== |Name |Description | Default Value |MVN_VERSION | Bestimmt, ob die version von MAVEN gesetzt werden soll. -Falls das Projekt aus mehreren Poms besteht, kann `bevor_script:` benutzt werden. | "true" +Falls das Projekt aus mehreren Poms besteht, kann `before_script:` benutzt werden. | "true" |=== .sonar-template diff --git a/documentation/chapters/templates/container-scan.adoc b/documentation/chapters/templates/container-scan.adoc index 1a200b0..2dc3a1d 100644 --- a/documentation/chapters/templates/container-scan.adoc +++ b/documentation/chapters/templates/container-scan.adoc @@ -2,8 +2,7 @@ = Container-Scan -Scanned ein Container Baut mithilfe von jib oder kaniko ein Container ein Docker Image und läd es in der Docker Registry des Projekt hoch. -Dieser Schritt wird nur ausgeführt, wenn ein Tag gesetzt wird. +Baut ein Image mithilfe von jib oder Kaniko welches im Anschluss gescanned wird. Dieser Schritt wird ausgeführt, wenn ein Tag gesetzt wird. Die Ergebnisse des Scans können genutzt werden den Build failen zu lassen, falls gewünscht (vgl. `EXITCODE_ON_HIGH` und `EXITCODE_ON_CRITICAL`). .Variables |=== From 771785ef5cf1eb174c96054dc48f0f4aab05ced4 Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Fri, 2 Jul 2021 07:46:03 +0000 Subject: [PATCH 15/25] Update Docker Registry to take the correct Path. Not only the registry --- container-publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/container-publish.yml b/container-publish.yml index 51d1b55..c4929fd 100644 --- a/container-publish.yml +++ b/container-publish.yml @@ -4,7 +4,7 @@ rules: - if: $CI_COMMIT_TAG variables: - DOCKER_REGISTRY: $CI_REGISTRY + DOCKER_REGISTRY: $CI_REGISTRY_IMAGE DOCKER_REGISTRY_USER: $CI_REGISTRY_USER DOCKER_REGISTRY_PASSWORD: $CI_REGISTRY_PASSWORD MVN_VERSION: "true" @@ -29,7 +29,7 @@ rules: - if: $CI_COMMIT_TAG variables: - DOCKER_REGISTRY: $CI_REGISTRY + DOCKER_REGISTRY: $CI_REGISTRY_IMAGE DOCKER_REGISTRY_USER: $CI_REGISTRY_USER DOCKER_REGISTRY_PASSWORD: $CI_REGISTRY_PASSWORD PROJECT_DIR: $CI_PROJECT_DIR From 53f9142b93eb11bab955925a83fedd8d7bab7161 Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Fri, 2 Jul 2021 12:56:38 +0000 Subject: [PATCH 16/25] Update maven-verify-template.yml --- maven-verify-template.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/maven-verify-template.yml b/maven-verify-template.yml index 8104905..a62ae47 100644 --- a/maven-verify-template.yml +++ b/maven-verify-template.yml @@ -8,5 +8,5 @@ expire_in: 2 weeks reports: junit: - - $BACKEND_DIR/target/surefire-reports/TEST-*.xml - - $BACKEND_DIR/target/failsafe-reports/TEST-*.xml \ No newline at end of file + - target/surefire-reports/TEST-*.xml + - target/failsafe-reports/TEST-*.xml From d2ac295a76106051d6d434a73a76fefd4548de94 Mon Sep 17 00:00:00 2001 From: Fabian Widmann Date: Mon, 5 Jul 2021 07:45:28 +0000 Subject: [PATCH 17/25] Feat/cve scan add cachedir and junit report --- container-scan.yml | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/container-scan.yml b/container-scan.yml index df6734a..b457a9b 100644 --- a/container-scan.yml +++ b/container-scan.yml @@ -3,16 +3,23 @@ stage: test variables: TRIVY_VERSION: 0.18.3 - EXITCODE_ON_HIGH: 1 - EXITCODE_ON_CRITICAL: 1 + EXITCODE_ON_HIGH: 1 + EXITCODE_ON_CRITICAL: 1 before_script: - curl -L "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" --output trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz script: - mvn $MAVEN_CLI_OPTS compile jib:buildTar -DskipTests - - ./trivy --exit-code $EXITCODE_ON_HIGH --severity HIGH --no-progress --auto-refresh --input target/jib-image.tar - - ./trivy --exit-code $EXITCODE_ON_CRITICAL --severity CRITICAL --no-progress --auto-refresh --input target/jib-image.tar - + - ./trivy --cache-dir .trivycache/ --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/junit.tpl" -o junit-report.xml --input target/jib-image.tar + - ./trivy --cache-dir .trivycache/ --exit-code $EXITCODE_ON_HIGH --severity HIGH --no-progress --auto-refresh --input target/jib-image.tar + - ./trivy --cache-dir .trivycache/ --exit-code $EXITCODE_ON_CRITICAL --severity CRITICAL --no-progress --auto-refresh --input target/jib-image.tar + cache: + paths: + - .trivycache/ + artifacts: + reports: + junit: junit-report.xml + .scan-container-kaniko: stage: test image: @@ -23,12 +30,19 @@ PROJECT_DIR: $CI_PROJECT_DIR DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile CONTEXT_LOCATION: $CI_PROJECT_DIR - EXITCODE_ON_HIGH: 1 - EXITCODE_ON_CRITICAL: 1 + EXITCODE_ON_HIGH: 1 + EXITCODE_ON_CRITICAL: 1 before_script: - wget "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz script: - /kaniko/executor --context $CONTEXT_LOCATION --dockerfile $DOCKERFILE_LOCATION --cache-dir cache/image --tarPath image.tar --no-push --destination image - - ./trivy --exit-code $EXITCODE_ON_HIGH --severity HIGH --no-progress --auto-refresh --input image.tar - - ./trivy --exit-code $EXITCODE_ON_CRITICAL --severity CRITICAL --no-progress --auto-refresh --input image.tar + - ./trivy --cache-dir .trivycache/ --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/junit.tpl" -o junit-report.xml --input image.tar + - ./trivy --cache-dir .trivycache/ --exit-code $EXITCODE_ON_HIGH --severity HIGH --no-progress --auto-refresh --input image.tar + - ./trivy --cache-dir .trivycache/ --exit-code $EXITCODE_ON_CRITICAL --severity CRITICAL --no-progress --auto-refresh --input image.tar + cache: + paths: + - .trivycache/ + artifacts: + reports: + junit: junit-report.xml From a4189a9550bad7eb0057c178826ddf745d2c0cc2 Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Mon, 5 Jul 2021 13:30:40 +0200 Subject: [PATCH 18/25] chore(CI) Test Renovate --- .gitlab-ci.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2fa7b22..85bac0f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,6 +1,30 @@ stages: + - dependencies - generate-docs +.renovate: + variables: + RENOVATE_GIT_AUTHOR: "${GITLAB_USER_NAME} <${GITLAB_USER_EMAIL}>" + RENOVATE_DRY_RUN: "false" + image: + name: renovate/renovate + entrypoint: [ "" ] + stage: dependencies + script: + - > + renovate + --platform "gitlab" + --endpoint "${CI_API_V4_URL}" + --git-author "${RENOVATE_GIT_AUTHOR}" + --dry-run "${RENOVATE_DRY_RUN}" + "${CI_PROJECT_PATH}" + only: + - feat/renovate_test + - schedules + +Renovate: + extends: .renovate + .generate-document: image: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-documentation-tool:latest stage: generate-docs From 4d90097a9feedd4244ffa11ea999b2b50fc2ace4 Mon Sep 17 00:00:00 2001 From: Fabian Widmann Date: Mon, 5 Jul 2021 13:47:05 +0200 Subject: [PATCH 19/25] chore(ci-scan): fix table layout --- .../chapters/templates/container-scan.adoc | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/documentation/chapters/templates/container-scan.adoc b/documentation/chapters/templates/container-scan.adoc index 2dc3a1d..308d414 100644 --- a/documentation/chapters/templates/container-scan.adoc +++ b/documentation/chapters/templates/container-scan.adoc @@ -7,16 +7,24 @@ Baut ein Image mithilfe von jib oder Kaniko welches im Anschluss gescanned wird. .Variables |=== |Name |Description | Default Value -|TRIVY_VERSION | Version von Trivy die benutzt werden soll. -|EXITCODE_ON_HIGH | Bestimmt den Exit code der ausgegeben werden soll, wenn ein CVE der als HIGH markiert wurde, gefunden werden konnte. +|TRIVY_VERSION +| Version von Trivy die benutzt werden soll. +| - + +|EXITCODE_ON_HIGH +| Bestimmt den Exit code der ausgegeben werden soll, wenn ein CVE der als HIGH markiert wurde, gefunden werden konnte. Wenn 0 benutzt wird, läuft die CI weiter. Benutzte `allow_failure: true` damit die CI weiter läuft aber ein Failure angezeigt wird. -|EXITCODE_ON_CRITICAL | Bestimmt den Exit code der ausgegeben werden soll, wenn ein CVE der als CRITICAL markiert wurde, gefunden werden konnte. +| - + +|EXITCODE_ON_CRITICAL +| Bestimmt den Exit code der ausgegeben werden soll, wenn ein CVE der als CRITICAL markiert wurde, gefunden werden konnte. Wenn 0 benutzt wird, läuft die CI weiter. Benutzte `allow_failure: true` damit die CI weiter läuft aber ein Failure angezeigt wird. +| - |=== -.sonar-template +.container scan template ---- include::{sourcedir}/container-scan.yml[] ---- \ No newline at end of file From c1783421ba3e33012eb454c404981a91c827b703 Mon Sep 17 00:00:00 2001 From: Fabian Widmann Date: Mon, 5 Jul 2021 13:48:30 +0200 Subject: [PATCH 20/25] chore(ci-scan): fix link to repo (maybe) --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2fa7b22..91027ff 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -16,7 +16,7 @@ stages: PAGE_PREFIX: "[CI/CD] - [TMPL] - " CONFLUENCE_SPACE: RANDI REV_NUMBER: $CI_COMMIT_SHORT_SHA - TEXT_GENERATED_HINT: 'This is a generated page, do not edit! All changes must happen in the https://gitlab.exxcellent.de/gilden/ci/exxcellent-documentation-tool[repository] + TEXT_GENERATED_HINT: 'This is a generated page, do not edit! All changes must happen in the Repository .' FILE_INPUT: "index.html,111183157,gitlab-ci-templates" before_script: From ed585f54aa2dc04b3e957bd2366fd06b56c42461 Mon Sep 17 00:00:00 2001 From: Fabian Widmann Date: Tue, 6 Jul 2021 08:28:18 +0200 Subject: [PATCH 21/25] chore(ci-scan): fix link to repo (maybe) --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 91027ff..65f1c92 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -16,7 +16,7 @@ stages: PAGE_PREFIX: "[CI/CD] - [TMPL] - " CONFLUENCE_SPACE: RANDI REV_NUMBER: $CI_COMMIT_SHORT_SHA - TEXT_GENERATED_HINT: 'This is a generated page, do not edit! All changes must happen in the Repository + TEXT_GENERATED_HINT: 'This is a generated page, do not edit! All changes must happen in the Repository .' FILE_INPUT: "index.html,111183157,gitlab-ci-templates" before_script: From d3575bbfdf99e9af8d92d520c2ae6c338023e572 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 6 Jul 2021 07:14:13 +0000 Subject: [PATCH 22/25] Add renovate.json --- renovate.json | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 renovate.json diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..39a2b6e --- /dev/null +++ b/renovate.json @@ -0,0 +1,6 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:base" + ] +} From 4a82c7ab8721cc047d37307838e15899cc373647 Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Tue, 6 Jul 2021 14:24:10 +0200 Subject: [PATCH 23/25] chore(CI) Rename Templates to work with Renovate --- .gitlab-ci.yml | 23 ------------------- ...ml => STD-variablen-Template.gitlab-ci.yml | 0 ...ish.yml => container-publish.gitlab-ci.yml | 0 ...r-scan.yml => container-scan.gitlab-ci.yml | 0 .../chapters/generalInformation.adoc | 20 ++++++++-------- .../chapters/templates/container-publish.adoc | 2 +- .../chapters/templates/container-scan.adoc | 2 +- .../templates/maven-build-template.adoc | 2 +- .../maven-dependencies-template.adoc | 2 +- .../templates/maven-verify-template.adoc | 2 +- .../templates/npm-build-template.adoc | 2 +- .../templates/npm-dependencies-template.adoc | 2 +- .../chapters/templates/npm-lint-template.adoc | 2 +- .../chapters/templates/npm-test-template.adoc | 2 +- ....yml => maven-build-template.gitlab-ci.yml | 0 ... maven-dependencies-template.gitlab-ci.yml | 0 ...yml => maven-verify-template.gitlab-ci.yml | 0 ...te.yml => npm-build-template.gitlab-ci.yml | 0 ...=> npm-dependencies-template.gitlab-ci.yml | 0 ...ate.yml => npm-lint-template.gitlab-ci.yml | 0 ...ate.yml => npm-test-template.gitlab-ci.yml | 0 21 files changed, 19 insertions(+), 42 deletions(-) rename STD-variablen-Template.yml => STD-variablen-Template.gitlab-ci.yml (100%) rename container-publish.yml => container-publish.gitlab-ci.yml (100%) rename container-scan.yml => container-scan.gitlab-ci.yml (100%) rename maven-build-template.yml => maven-build-template.gitlab-ci.yml (100%) rename maven-dependencies-template.yml => maven-dependencies-template.gitlab-ci.yml (100%) rename maven-verify-template.yml => maven-verify-template.gitlab-ci.yml (100%) rename npm-build-template.yml => npm-build-template.gitlab-ci.yml (100%) rename npm-dependencies-template.yml => npm-dependencies-template.gitlab-ci.yml (100%) rename npm-lint-template.yml => npm-lint-template.gitlab-ci.yml (100%) rename npm-test-template.yml => npm-test-template.gitlab-ci.yml (100%) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 85bac0f..855a82d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -2,29 +2,6 @@ stages: - dependencies - generate-docs -.renovate: - variables: - RENOVATE_GIT_AUTHOR: "${GITLAB_USER_NAME} <${GITLAB_USER_EMAIL}>" - RENOVATE_DRY_RUN: "false" - image: - name: renovate/renovate - entrypoint: [ "" ] - stage: dependencies - script: - - > - renovate - --platform "gitlab" - --endpoint "${CI_API_V4_URL}" - --git-author "${RENOVATE_GIT_AUTHOR}" - --dry-run "${RENOVATE_DRY_RUN}" - "${CI_PROJECT_PATH}" - only: - - feat/renovate_test - - schedules - -Renovate: - extends: .renovate - .generate-document: image: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-documentation-tool:latest stage: generate-docs diff --git a/STD-variablen-Template.yml b/STD-variablen-Template.gitlab-ci.yml similarity index 100% rename from STD-variablen-Template.yml rename to STD-variablen-Template.gitlab-ci.yml diff --git a/container-publish.yml b/container-publish.gitlab-ci.yml similarity index 100% rename from container-publish.yml rename to container-publish.gitlab-ci.yml diff --git a/container-scan.yml b/container-scan.gitlab-ci.yml similarity index 100% rename from container-scan.yml rename to container-scan.gitlab-ci.yml diff --git a/documentation/chapters/generalInformation.adoc b/documentation/chapters/generalInformation.adoc index 24fb4c7..bd14a70 100644 --- a/documentation/chapters/generalInformation.adoc +++ b/documentation/chapters/generalInformation.adoc @@ -16,15 +16,15 @@ include: - project: 'gilden/ci/gitlab-ci-templates' ref: 'master' file: - - 'maven-build-template.yml' - - 'maven-dependencies-template.yml' - - 'maven-verify-template.yml' - - 'npm-build-template.yml' - - 'npm-dependencies-template.yml' - - 'npm-lint-template.yml' - - 'npm-test-template.yml' - - 'container-publish.yml' - - 'container-scan.yml' + - 'maven-build-template.gitlab-ci.yml' + - 'maven-dependencies-template.gitlab-ci.yml' + - 'maven-verify-template.gitlab-ci.yml' + - 'npm-build-template.gitlab-ci.yml' + - 'npm-dependencies-template.gitlab-ci.yml' + - 'npm-lint-template.gitlab-ci.yml' + - 'npm-test-template.gitlab-ci.yml' + - 'container-publish.gitlab-ci.yml' + - 'container-scan.gitlab-ci.yml' - 'set-version-template.yml' - 'sonar-template.yml' @@ -56,5 +56,5 @@ Bitte folgende Variablen in `.gitlab-ci.yaml` setzen |=== ---- -include::{sourcedir}/STD-variablen-Template.yml[] +include::{sourcedir}/STD-variablen-Template.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/container-publish.adoc b/documentation/chapters/templates/container-publish.adoc index c90abce..d8ffbdf 100644 --- a/documentation/chapters/templates/container-publish.adoc +++ b/documentation/chapters/templates/container-publish.adoc @@ -14,5 +14,5 @@ Falls das Projekt aus mehreren Poms besteht, kann `before_script:` benutzt werde .sonar-template ---- -include::{sourcedir}/container-publish.yml[] +include::{sourcedir}/container-publish.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/container-scan.adoc b/documentation/chapters/templates/container-scan.adoc index 2dc3a1d..cb5efa8 100644 --- a/documentation/chapters/templates/container-scan.adoc +++ b/documentation/chapters/templates/container-scan.adoc @@ -18,5 +18,5 @@ Benutzte `allow_failure: true` damit die CI weiter läuft aber ein Failure angez .sonar-template ---- -include::{sourcedir}/container-scan.yml[] +include::{sourcedir}/container-scan.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/maven-build-template.adoc b/documentation/chapters/templates/maven-build-template.adoc index 1db46ab..42f4eb4 100644 --- a/documentation/chapters/templates/maven-build-template.adoc +++ b/documentation/chapters/templates/maven-build-template.adoc @@ -11,5 +11,5 @@ Diese Template Baut die .jar Files und speichert die Ergebnisse als Artifact. .mvn-build-template ---- -include::{sourcedir}/maven-build-template.yml[] +include::{sourcedir}/maven-build-template.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/maven-dependencies-template.adoc b/documentation/chapters/templates/maven-dependencies-template.adoc index ab8a4a3..2d85373 100644 --- a/documentation/chapters/templates/maven-dependencies-template.adoc +++ b/documentation/chapters/templates/maven-dependencies-template.adoc @@ -12,5 +12,5 @@ Bitte den Cache hinzufügen. Siehe xref:Generel-Veriablen[Generelle Veriablen] .mvn-dependencies-template ---- -include::{sourcedir}/maven-dependencies-template.yml[] +include::{sourcedir}/maven-dependencies-template.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/maven-verify-template.adoc b/documentation/chapters/templates/maven-verify-template.adoc index 4852abf..6757312 100644 --- a/documentation/chapters/templates/maven-verify-template.adoc +++ b/documentation/chapters/templates/maven-verify-template.adoc @@ -11,5 +11,5 @@ Dieses Template startet `mvn verify` und speichert die Ergebnisse als Artifact. .mvn-verify-template ---- -include::{sourcedir}/maven-verify-template.yml[] +include::{sourcedir}/maven-verify-template.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/npm-build-template.adoc b/documentation/chapters/templates/npm-build-template.adoc index 836bd49..8b99c39 100644 --- a/documentation/chapters/templates/npm-build-template.adoc +++ b/documentation/chapters/templates/npm-build-template.adoc @@ -11,5 +11,5 @@ Dieses Template baut das NPM projekt und speichert die Ergebnisse als Artifact.. .npm-build-template ---- -include::{sourcedir}/npm-build-template.yml[] +include::{sourcedir}/npm-build-template.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/npm-dependencies-template.adoc b/documentation/chapters/templates/npm-dependencies-template.adoc index 340006d..7621486 100644 --- a/documentation/chapters/templates/npm-dependencies-template.adoc +++ b/documentation/chapters/templates/npm-dependencies-template.adoc @@ -12,5 +12,5 @@ Bitte den Cache hinzufügen. Siehe xref:Generel-Veriablen[Generelle Veriablen] .npm-dependencies-template ---- -include::{sourcedir}/npm-dependencies-template.yml[] +include::{sourcedir}/npm-dependencies-template.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/npm-lint-template.adoc b/documentation/chapters/templates/npm-lint-template.adoc index 8f89e87..1c3116c 100644 --- a/documentation/chapters/templates/npm-lint-template.adoc +++ b/documentation/chapters/templates/npm-lint-template.adoc @@ -11,5 +11,5 @@ Dieses Template durchläuft den Linter das NPM projekts. .npm-lint-template ---- -include::{sourcedir}/npm-lint-template.yml[] +include::{sourcedir}/npm-lint-template.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/npm-test-template.adoc b/documentation/chapters/templates/npm-test-template.adoc index 109a82b..8b4c8f5 100644 --- a/documentation/chapters/templates/npm-test-template.adoc +++ b/documentation/chapters/templates/npm-test-template.adoc @@ -11,5 +11,5 @@ Dieses Template baut das NPM projekt. .npm-test-template ---- -include::{sourcedir}/npm-test-template.yml[] +include::{sourcedir}/npm-test-template.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/maven-build-template.yml b/maven-build-template.gitlab-ci.yml similarity index 100% rename from maven-build-template.yml rename to maven-build-template.gitlab-ci.yml diff --git a/maven-dependencies-template.yml b/maven-dependencies-template.gitlab-ci.yml similarity index 100% rename from maven-dependencies-template.yml rename to maven-dependencies-template.gitlab-ci.yml diff --git a/maven-verify-template.yml b/maven-verify-template.gitlab-ci.yml similarity index 100% rename from maven-verify-template.yml rename to maven-verify-template.gitlab-ci.yml diff --git a/npm-build-template.yml b/npm-build-template.gitlab-ci.yml similarity index 100% rename from npm-build-template.yml rename to npm-build-template.gitlab-ci.yml diff --git a/npm-dependencies-template.yml b/npm-dependencies-template.gitlab-ci.yml similarity index 100% rename from npm-dependencies-template.yml rename to npm-dependencies-template.gitlab-ci.yml diff --git a/npm-lint-template.yml b/npm-lint-template.gitlab-ci.yml similarity index 100% rename from npm-lint-template.yml rename to npm-lint-template.gitlab-ci.yml diff --git a/npm-test-template.yml b/npm-test-template.gitlab-ci.yml similarity index 100% rename from npm-test-template.yml rename to npm-test-template.gitlab-ci.yml From 7ddcaeb36eaf7c2faf65a3fe7d7de1a6352619b5 Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Tue, 6 Jul 2021 15:15:50 +0000 Subject: [PATCH 24/25] Update maven-build-template.gitlab-ci.yml --- maven-build-template.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/maven-build-template.gitlab-ci.yml b/maven-build-template.gitlab-ci.yml index bdccbe2..59c9c60 100644 --- a/maven-build-template.gitlab-ci.yml +++ b/maven-build-template.gitlab-ci.yml @@ -2,9 +2,9 @@ stage: build image: $MAVEN_IMAGE script: - - mvn $MAVEN_CLI_OPTS clean package -DskipTests + - mvn $MAVEN_CLI_OPTS package -DskipTests artifacts: expire_in: 2 weeks when: always paths: - - $BACKEND_DIR/target/*.jar \ No newline at end of file + - $BACKEND_DIR/target/*.jar From 02a1c23a429d92e66f0d49893b9e267fd4ec1bb1 Mon Sep 17 00:00:00 2001 From: Fabian Widmann Date: Wed, 7 Jul 2021 08:41:23 +0200 Subject: [PATCH 25/25] chore(docs): add `[source,yaml]` above all code listings --- documentation/chapters/templates/container-publish.adoc | 1 + documentation/chapters/templates/container-scan.adoc | 1 + documentation/chapters/templates/maven-build-template.adoc | 1 + .../chapters/templates/maven-dependencies-template.adoc | 1 + documentation/chapters/templates/maven-verify-template.adoc | 1 + documentation/chapters/templates/npm-build-template.adoc | 1 + documentation/chapters/templates/npm-dependencies-template.adoc | 1 + documentation/chapters/templates/npm-lint-template.adoc | 1 + documentation/chapters/templates/npm-test-template.adoc | 1 + 9 files changed, 9 insertions(+) diff --git a/documentation/chapters/templates/container-publish.adoc b/documentation/chapters/templates/container-publish.adoc index d8ffbdf..267d3f5 100644 --- a/documentation/chapters/templates/container-publish.adoc +++ b/documentation/chapters/templates/container-publish.adoc @@ -13,6 +13,7 @@ Falls das Projekt aus mehreren Poms besteht, kann `before_script:` benutzt werde |=== .sonar-template +[source, yaml] ---- include::{sourcedir}/container-publish.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/container-scan.adoc b/documentation/chapters/templates/container-scan.adoc index 5ba12de..4baaabe 100644 --- a/documentation/chapters/templates/container-scan.adoc +++ b/documentation/chapters/templates/container-scan.adoc @@ -25,6 +25,7 @@ Benutzte `allow_failure: true` damit die CI weiter läuft aber ein Failure angez |=== .container scan template +[source, yaml] ---- include::{sourcedir}/container-scan.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/maven-build-template.adoc b/documentation/chapters/templates/maven-build-template.adoc index 42f4eb4..71e9f06 100644 --- a/documentation/chapters/templates/maven-build-template.adoc +++ b/documentation/chapters/templates/maven-build-template.adoc @@ -10,6 +10,7 @@ Diese Template Baut die .jar Files und speichert die Ergebnisse als Artifact. |=== .mvn-build-template +[source, yaml] ---- include::{sourcedir}/maven-build-template.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/maven-dependencies-template.adoc b/documentation/chapters/templates/maven-dependencies-template.adoc index 2d85373..9cbba8f 100644 --- a/documentation/chapters/templates/maven-dependencies-template.adoc +++ b/documentation/chapters/templates/maven-dependencies-template.adoc @@ -11,6 +11,7 @@ Bitte den Cache hinzufügen. Siehe xref:Generel-Veriablen[Generelle Veriablen] |=== .mvn-dependencies-template +[source, yaml] ---- include::{sourcedir}/maven-dependencies-template.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/maven-verify-template.adoc b/documentation/chapters/templates/maven-verify-template.adoc index 6757312..7f74390 100644 --- a/documentation/chapters/templates/maven-verify-template.adoc +++ b/documentation/chapters/templates/maven-verify-template.adoc @@ -10,6 +10,7 @@ Dieses Template startet `mvn verify` und speichert die Ergebnisse als Artifact. |=== .mvn-verify-template +[source, yaml] ---- include::{sourcedir}/maven-verify-template.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/npm-build-template.adoc b/documentation/chapters/templates/npm-build-template.adoc index 8b99c39..e13b88b 100644 --- a/documentation/chapters/templates/npm-build-template.adoc +++ b/documentation/chapters/templates/npm-build-template.adoc @@ -10,6 +10,7 @@ Dieses Template baut das NPM projekt und speichert die Ergebnisse als Artifact.. |=== .npm-build-template +[source, yaml] ---- include::{sourcedir}/npm-build-template.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/npm-dependencies-template.adoc b/documentation/chapters/templates/npm-dependencies-template.adoc index 7621486..11feb1a 100644 --- a/documentation/chapters/templates/npm-dependencies-template.adoc +++ b/documentation/chapters/templates/npm-dependencies-template.adoc @@ -11,6 +11,7 @@ Bitte den Cache hinzufügen. Siehe xref:Generel-Veriablen[Generelle Veriablen] |=== .npm-dependencies-template +[source, yaml] ---- include::{sourcedir}/npm-dependencies-template.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/npm-lint-template.adoc b/documentation/chapters/templates/npm-lint-template.adoc index 1c3116c..50437f2 100644 --- a/documentation/chapters/templates/npm-lint-template.adoc +++ b/documentation/chapters/templates/npm-lint-template.adoc @@ -10,6 +10,7 @@ Dieses Template durchläuft den Linter das NPM projekts. |=== .npm-lint-template +[source, yaml] ---- include::{sourcedir}/npm-lint-template.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/npm-test-template.adoc b/documentation/chapters/templates/npm-test-template.adoc index 8b4c8f5..190f7fc 100644 --- a/documentation/chapters/templates/npm-test-template.adoc +++ b/documentation/chapters/templates/npm-test-template.adoc @@ -10,6 +10,7 @@ Dieses Template baut das NPM projekt. |=== .npm-test-template +[source, yaml] ---- include::{sourcedir}/npm-test-template.gitlab-ci.yml[] ---- \ No newline at end of file