From 86ed4d38506a1f79553dda06040b616df1878810 Mon Sep 17 00:00:00 2001 From: Marcel Feix Date: Fri, 4 Mar 2022 16:12:26 +0100 Subject: [PATCH] feat(Templates): Ideal eXXcellent Pipeline --- .gitlab-ci.yml | 43 ++++------ .idea/misc.xml | 3 + STD-variablen-Template.gitlab-ci.yml | 51 ----------- container-publish-snapshot.gitlab-ci.yml | 30 ------- container-publish.gitlab-ci.yml | 68 --------------- container-scan.gitlab-ci.yml | 69 --------------- docker-compose-validate.gitlab-ci.yml | 5 -- .../chapters/generalInformation.adoc | 71 --------------- .../pipelines/update-version-pipeline.adoc | 49 +++++------ .../chapters/templates/IaC/ansible.adoc | 36 ++++++++ .../templates/IaC/docker-compose.adoc | 80 +++++++++++++++++ .../ssh-transfer-data.adoc} | 4 +- documentation/chapters/templates/ansible.adoc | 33 ------- .../templates/common/common-ci-variablen.adoc | 25 ++++++ .../templates/container-publish-snapshot.adoc | 27 ------ .../chapters/templates/container-publish.adoc | 29 ------- .../templates/container/container-build.adoc | 34 ++++++++ .../container/container-publish.adoc | 22 +++++ .../{ => container}/container-scan.adoc | 21 +++-- .../templates/docker-compose-deploy.adoc | 70 --------------- .../templates/docker-compose-validate.adoc | 20 ----- .../tool-documentation-tool.adoc | 12 +++ .../templates/gradle-build-template.adoc | 18 ---- .../templates/gradle-test-template.adoc | 18 ---- .../java/gradle/gradle-build-template.adoc | 19 ++++ .../java/gradle/gradle-db-diff-template.adoc | 26 ++++++ .../java/gradle/gradle-test-template.adoc | 27 ++++++ .../maven}/maven-build-template.adoc | 4 +- .../java/maven/maven-db-diff-template.adoc | 20 +++++ .../maven/maven-dependencies-template.adoc | 17 ++++ .../java/maven/maven-verify-template.adoc | 27 ++++++ .../maven-dependencies-template.adoc | 17 ---- .../templates/maven-verify-template.adoc | 25 ------ .../{ => npm}/npm-build-template.adoc | 4 +- .../{ => npm}/npm-dependencies-template.adoc | 4 +- .../{ => npm}/npm-lint-template.adoc | 4 +- .../{ => npm}/npm-test-template.adoc | 4 +- .../chapters/templates/publish-image.adoc | 19 ---- .../chapters/templates/release-template.adoc | 19 ---- .../{ => releasing}/mail-template.adoc | 4 +- .../push-tag-and-version-template.adoc | 7 +- .../releasing/release-gitlab-template.adoc | 17 ++++ .../templates/releasing/release-template.adoc | 32 +++++++ .../{ => releasing}/set-version-template.adoc | 10 ++- .../{ => static-analysis}/repo-cve-scan.adoc | 4 +- .../tool-sonar.adoc} | 7 +- .../templates/tool-documentation-tool.adoc | 12 --- documentation/contribution.adoc | 20 +++++ documentation/document.adoc | 86 +++++++++++-------- documentation/generalInformation.adoc | 50 +++++++++++ pipelines/eXXcellent-release.gitlab-ci.yml | 31 +++++++ pipelines/java-maven.gitlab-ci.yml | 39 +++++++++ pipelines/license.gitlab-ci.yml | 23 +++++ .../update-version-pipeline.gitlab-ci.yml | 19 ---- pipelines/update-version.gitlab-ci.yml | 48 +++++++++++ release-template.gitlab-ci.yml | 13 --- release.gitlab-ci.yml | 13 +++ .../IaC/ansible.gitlab-ci.yml | 0 .../IaC/docker-compose.gitlab-ci.yml | 6 ++ .../IaC/ssh-transfer-data.gitlab-ci.yml | 0 .../common/common-ci-variablen.gitlab-ci.yml | 71 +++++++++++++++ .../container/container-build.gitlab-ci.yml | 37 ++++++++ .../container/container-publish.gitlab-ci.yml | 28 ++++++ .../container/container-scan.gitlab-ci.yml | 19 ++++ .../documentation.gitlab-ci.yml | 20 +++-- .../java/gradle/gradle-build.gitlab-ci.yml | 3 +- .../gradle/gradle-database-diff.gitlab-ci.yml | 13 +++ .../java/gradle/gradle-test.gitlab-ci.yml | 2 +- templates/java/java-common-db.gitlab-ci.yml | 13 +++ .../java/maven/maven-build.gitlab-ci.yml | 5 ++ .../maven/maven-database-diff.gitlab-ci.yml | 12 +++ .../maven/maven-dependencies.gitlab-ci.yml | 0 .../java/maven/maven-verify.gitlab-ci.yml | 2 +- .../npm/npm-build.gitlab-ci.yml | 7 ++ .../npm/npm-dependencies.gitlab-ci.yml | 0 .../npm/npm-lint.gitlab-ci.yml | 2 +- .../npm/npm-test.gitlab-ci.yml | 2 +- .../releasing/mail.gitlab-ci.yml | 2 +- .../push-tag-and-version.gitlab-ci.yml | 7 +- .../releasing/release-gitlab.gitlab-ci.yml | 15 ++++ templates/releasing/release.gitlab-ci.yml | 33 +++++++ .../releasing/set-version.gitlab-ci.yml | 9 +- .../static-analysis/license.gitlab-ci.yml | 11 +++ .../repo-cve-scan-trivy.gitlab-ci.yml | 6 +- .../static-analysis/sonar.gitlab-ci.yml | 6 +- 85 files changed, 1054 insertions(+), 786 deletions(-) delete mode 100644 STD-variablen-Template.gitlab-ci.yml delete mode 100644 container-publish-snapshot.gitlab-ci.yml delete mode 100644 container-publish.gitlab-ci.yml delete mode 100644 container-scan.gitlab-ci.yml delete mode 100644 docker-compose-validate.gitlab-ci.yml delete mode 100644 documentation/chapters/generalInformation.adoc create mode 100644 documentation/chapters/templates/IaC/ansible.adoc create mode 100644 documentation/chapters/templates/IaC/docker-compose.adoc rename documentation/chapters/templates/{ssh-transfer-data-template.adoc => IaC/ssh-transfer-data.adoc} (83%) delete mode 100644 documentation/chapters/templates/ansible.adoc create mode 100644 documentation/chapters/templates/common/common-ci-variablen.adoc delete mode 100644 documentation/chapters/templates/container-publish-snapshot.adoc delete mode 100644 documentation/chapters/templates/container-publish.adoc create mode 100644 documentation/chapters/templates/container/container-build.adoc create mode 100644 documentation/chapters/templates/container/container-publish.adoc rename documentation/chapters/templates/{ => container}/container-scan.adoc (54%) delete mode 100644 documentation/chapters/templates/docker-compose-deploy.adoc delete mode 100644 documentation/chapters/templates/docker-compose-validate.adoc create mode 100644 documentation/chapters/templates/documentation/tool-documentation-tool.adoc delete mode 100644 documentation/chapters/templates/gradle-build-template.adoc delete mode 100644 documentation/chapters/templates/gradle-test-template.adoc create mode 100644 documentation/chapters/templates/java/gradle/gradle-build-template.adoc create mode 100644 documentation/chapters/templates/java/gradle/gradle-db-diff-template.adoc create mode 100644 documentation/chapters/templates/java/gradle/gradle-test-template.adoc rename documentation/chapters/templates/{ => java/maven}/maven-build-template.adoc (67%) create mode 100644 documentation/chapters/templates/java/maven/maven-db-diff-template.adoc create mode 100644 documentation/chapters/templates/java/maven/maven-dependencies-template.adoc create mode 100644 documentation/chapters/templates/java/maven/maven-verify-template.adoc delete mode 100644 documentation/chapters/templates/maven-dependencies-template.adoc delete mode 100644 documentation/chapters/templates/maven-verify-template.adoc rename documentation/chapters/templates/{ => npm}/npm-build-template.adoc (70%) rename documentation/chapters/templates/{ => npm}/npm-dependencies-template.adoc (75%) rename documentation/chapters/templates/{ => npm}/npm-lint-template.adoc (68%) rename documentation/chapters/templates/{ => npm}/npm-test-template.adoc (65%) delete mode 100644 documentation/chapters/templates/publish-image.adoc delete mode 100644 documentation/chapters/templates/release-template.adoc rename documentation/chapters/templates/{ => releasing}/mail-template.adoc (89%) rename documentation/chapters/templates/{ => releasing}/push-tag-and-version-template.adoc (87%) create mode 100644 documentation/chapters/templates/releasing/release-gitlab-template.adoc create mode 100644 documentation/chapters/templates/releasing/release-template.adoc rename documentation/chapters/templates/{ => releasing}/set-version-template.adoc (64%) rename documentation/chapters/templates/{ => static-analysis}/repo-cve-scan.adoc (85%) rename documentation/chapters/templates/{tool-sonar7.adoc => static-analysis/tool-sonar.adoc} (91%) delete mode 100644 documentation/chapters/templates/tool-documentation-tool.adoc create mode 100644 documentation/contribution.adoc create mode 100644 documentation/generalInformation.adoc create mode 100644 pipelines/eXXcellent-release.gitlab-ci.yml create mode 100644 pipelines/java-maven.gitlab-ci.yml create mode 100644 pipelines/license.gitlab-ci.yml delete mode 100644 pipelines/update-version-pipeline.gitlab-ci.yml create mode 100644 pipelines/update-version.gitlab-ci.yml delete mode 100644 release-template.gitlab-ci.yml create mode 100644 release.gitlab-ci.yml rename ansible.gitlab-ci.yml => templates/IaC/ansible.gitlab-ci.yml (100%) rename docker-compose-deploy.gitlab-ci.yml => templates/IaC/docker-compose.gitlab-ci.yml (89%) rename ssh-transfer-data-template.gitlab-ci.yml => templates/IaC/ssh-transfer-data.gitlab-ci.yml (100%) create mode 100644 templates/common/common-ci-variablen.gitlab-ci.yml create mode 100644 templates/container/container-build.gitlab-ci.yml create mode 100644 templates/container/container-publish.gitlab-ci.yml create mode 100644 templates/container/container-scan.gitlab-ci.yml rename tool-documentation.gitlab-ci.yml => templates/documentations/documentation.gitlab-ci.yml (73%) rename gradle-build-template.gitlab-ci.yml => templates/java/gradle/gradle-build.gitlab-ci.yml (51%) create mode 100644 templates/java/gradle/gradle-database-diff.gitlab-ci.yml rename gradle-test-template.gitlab-ci.yml => templates/java/gradle/gradle-test.gitlab-ci.yml (92%) create mode 100644 templates/java/java-common-db.gitlab-ci.yml rename maven-build-template.gitlab-ci.yml => templates/java/maven/maven-build.gitlab-ci.yml (52%) create mode 100644 templates/java/maven/maven-database-diff.gitlab-ci.yml rename maven-dependencies-template.gitlab-ci.yml => templates/java/maven/maven-dependencies.gitlab-ci.yml (100%) rename maven-verify-template.gitlab-ci.yml => templates/java/maven/maven-verify.gitlab-ci.yml (93%) rename npm-build-template.gitlab-ci.yml => templates/npm/npm-build.gitlab-ci.yml (50%) rename npm-dependencies-template.gitlab-ci.yml => templates/npm/npm-dependencies.gitlab-ci.yml (100%) rename npm-lint-template.gitlab-ci.yml => templates/npm/npm-lint.gitlab-ci.yml (93%) rename npm-test-template.gitlab-ci.yml => templates/npm/npm-test.gitlab-ci.yml (89%) rename mail-template.gitlab-ci.yml => templates/releasing/mail.gitlab-ci.yml (94%) rename push-tag-and-version-template.gitlab-ci.yml => templates/releasing/push-tag-and-version.gitlab-ci.yml (84%) create mode 100644 templates/releasing/release-gitlab.gitlab-ci.yml create mode 100644 templates/releasing/release.gitlab-ci.yml rename set-version-template.gitlab-ci.yml => templates/releasing/set-version.gitlab-ci.yml (67%) create mode 100644 templates/static-analysis/license.gitlab-ci.yml rename repo-cve-scan.gitlab-ci.yml => templates/static-analysis/repo-cve-scan-trivy.gitlab-ci.yml (95%) rename tool-sonar7.gitlab-ci.yml => templates/static-analysis/sonar.gitlab-ci.yml (96%) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 707edce..dfdf203 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,23 +1,26 @@ stages: - - test - - generate-docs + - verify + - documentation - release include: - - local: 'release-template.gitlab-ci.yml' - - local: 'tool-documentation.gitlab-ci.yml' + - local: 'templates/releasing/release.gitlab-ci.yml' + - local: 'templates/releasing/release-gitlab.gitlab-ci.yml' + - local: 'templates/documentations/documentation.gitlab-ci.yml' Test-Java-Backend: - stage: test + stage: verify rules: - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH when: always - - when: never + - when: manual trigger: project: gilden/ci/java-backend-template + branch: "Templates2.0" strategy: depend check_confluence_validity: + extends: .documentation-ckeck-confluence-validity variables: DOCUMENT_ROOT: "documentation" INPUT_FILE: "document.adoc" @@ -28,9 +31,9 @@ check_confluence_validity: TEXT_GENERATED_HINT: 'This is a generated page, do not edit! All changes must happen in the Repository .' FILE_INPUT: "index.html,107524048,CI Templates" - extends: .check_confluence_validity-template pages: + extends: .documentation-publish variables: DOCUMENT_ROOT: "documentation" INPUT_FILE: "document.adoc" @@ -41,35 +44,25 @@ pages: TEXT_GENERATED_HINT: 'This is a generated page, do not edit! All changes must happen in the Repository .' FILE_INPUT: "index.html,107524048,CI Templates" - extends: .pages-template -.release-template: - trigger: - include: pipelines/update-version-pipeline.gitlab-ci.yml - strategy: depend - a.major-release: - extends: .release-template + extends: + - .release-default variables: BUMP_VERSION: "major" b.minor-release: - extends: .release-template + extends: + - .release-default variables: BUMP_VERSION: "minor" c.patch-release: - extends: .release-template + extends: + - .release-default variables: BUMP_VERSION: "patch" -d.prerelease-release: - extends: .release-template - variables: - BUMP_VERSION: "prerelease" - -e.build-release: - extends: .release-template - variables: - BUMP_VERSION: "build" +create-gitlab-release: + extends: .release-create-gitlab \ No newline at end of file diff --git a/.idea/misc.xml b/.idea/misc.xml index 639900d..d79bd4e 100644 --- a/.idea/misc.xml +++ b/.idea/misc.xml @@ -3,4 +3,7 @@ + + \ No newline at end of file diff --git a/STD-variablen-Template.gitlab-ci.yml b/STD-variablen-Template.gitlab-ci.yml deleted file mode 100644 index 0757752..0000000 --- a/STD-variablen-Template.gitlab-ci.yml +++ /dev/null @@ -1,51 +0,0 @@ -stages: - - dependencies - - build - - test - - set-version - - publish - - post-process - - package - - -cache: - key: "$CI_JOB_NAME" - paths: - # Cache Maven - - .m2/repository - # Cache NPM - - $FRONTEND_DIR/dist - # Cache Gradle - - .gradle - - build - -variables: - CI_REGISTRY: gitlab.exxcellent.de:4567 - - ##NPM / Node Settings - NODE_IMAGE: node:16-alpine3.15 - - ##Global Variables we use in our CI scripts when using maven - MAVEN_IMAGE: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-java-maven-base-image:java11-maven3.8.3_latest - MAVEN_OPTS: > - -Dhttps.protocols=TLSv1.2 - -Dmaven.repo.local=$CI_PROJECT_DIR/.m2/repository - -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN - -Dorg.slf4j.simpleLogger.showDateTime=true - -Djava.awt.headless=true - MAVEN_CLI_OPTS: > - --batch-mode - --errors - --fail-at-end - --show-version - -DinstallAtEnd=true - -DdeployAtEnd=true - - ##Global Variables we use in our CI scripts when using Gradle - GRADLE_OPTS: "-Dorg.gradle.daemon=false" - GRADLE_IMAGE: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-java-maven-base-image:java11-maven3.8.3_latest - # Currently we use the Maven image and use the Gradle Wrapper. This is slower but saver at the moment - - ##Set default directories for frontend and backend templates - FRONTEND_DIR: $CI_PROJECT_DIR - BACKEND_DIR: $CI_PROJECT_DIR diff --git a/container-publish-snapshot.gitlab-ci.yml b/container-publish-snapshot.gitlab-ci.yml deleted file mode 100644 index c01fad3..0000000 --- a/container-publish-snapshot.gitlab-ci.yml +++ /dev/null @@ -1,30 +0,0 @@ -include: - - local: 'container-publish.gitlab-ci.yml' - -.container-publish-snapshot-rules: &container-publish-snapshot-rules - stage: snapshot - rules: - - if: "$CI_PIPELINE_SOURCE == 'merge_request_event'" - when: never - - if: '$CI_COMMIT_REF_NAME =~ /^feature/' - variables: - IMAGE_TAG: $CI_COMMIT_REF_SLUG - - if: '$CI_COMMIT_REF_NAME =~ /^refactor/' - variables: - IMAGE_TAG: $CI_COMMIT_REF_SLUG - - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH - variables: - IMAGE_TAG: "latest" - - when: never - -.publish-image-jib-maven-snapshot: - <<: *container-publish-snapshot-rules - extends: .publish-image-jib-maven - -.publish-image-jib-gradle-snapshot: - <<: *container-publish-snapshot-rules - extends: .publish-image-jib-gradle - -.publish-image-kaniko-snapshot: - <<: *container-publish-snapshot-rules - extends: .publish-image-kaniko \ No newline at end of file diff --git a/container-publish.gitlab-ci.yml b/container-publish.gitlab-ci.yml deleted file mode 100644 index d405e30..0000000 --- a/container-publish.gitlab-ci.yml +++ /dev/null @@ -1,68 +0,0 @@ -.container-publish-common-variables: &container-publish-common-variables - DOCKER_REGISTRY: $CI_REGISTRY_IMAGE - DOCKER_REGISTRY_USER: $CI_REGISTRY_USER - DOCKER_REGISTRY_PASSWORD: $CI_REGISTRY_PASSWORD - EXTRA_ARGS: "" - USE_VERSIONFILE: "false" - ARTIFACT: "version" - -.container-publish-common: &container-publish-common - before_script: - - if [ "$USE_VERSIONFILE" == "true" ]; then IMAGE_TAG=$(cat ./"$ARTIFACT"); fi - - export PARSED_VERSION=$(echo $IMAGE_TAG | sed -r 's/\+/_/g') # Replace + sign since this is not valid in a docker tag - - echo $PARSED_VERSION - stage: package - rules: - - if: $CI_COMMIT_TAG - variables: - IMAGE_TAG: $CI_COMMIT_TAG - - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH - variables: - USE_VERSIONFILE: "true" - - when: never - -.publish-image-jib-maven: - image: $MAVEN_IMAGE - <<: *container-publish-common - variables: - <<: *container-publish-common-variables - MVN_VERSION: "true" - script: - - > - if [ "${MVN_VERSION}" == "true" ]; then - mvn versions:set -DnewVersion=$PARSED_VERSION -DgenerateBackupPoms=false - fi - - mvn $MAVEN_CLI_OPTS compile jib:build $EXTRA_ARGS - "-DskipTests" - "-Djib.to.image=$DOCKER_REGISTRY:$PARSED_VERSION" - "-Djib.to.auth.username=$DOCKER_REGISTRY_USER" - "-Djib.to.auth.password=$DOCKER_REGISTRY_PASSWORD" - -.publish-image-jib-gradle: - image: $GRADLE_IMAGE - <<: *container-publish-common - variables: - <<: *container-publish-common-variables - EXTRA_ARGS: $GRADLE_EXTRA_ARGS - script: - - echo $PARSED_VERSION - - ./gradlew assemble jib $GRADLE_CLI_OPTS $EXTRA_ARGS - "-DskipTests" - "-Djib.to.image=$DOCKER_REGISTRY:$PARSED_VERSION"" - "-Djib.to.auth.username=$DOCKER_REGISTRY_USER" - "-Djib.to.auth.password=$DOCKER_REGISTRY_PASSWORD" - -.publish-image-kaniko: - image: - name: gcr.io/kaniko-project/executor:v1.6.0-debug - entrypoint: [ "" ] - <<: *container-publish-common - variables: - <<: *container-publish-common-variables - PROJECT_DIR: $CI_PROJECT_DIR - DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile - CONTEXT_LOCATION: $CI_PROJECT_DIR - script: - - mkdir -p /kaniko/.docker - - echo "{\"auths\":{\"$DOCKER_REGISTRY\":{\"username\":\"$DOCKER_REGISTRY_USER\",\"password\":\"$DOCKER_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json - - /kaniko/executor --context $CONTEXT_LOCATION --dockerfile $DOCKERFILE_LOCATION --destination $CI_REGISTRY_IMAGE:$PARSED_VERSION $EXTRA_ARGS --registry-mirror nexus.corp.exxcellent.de:18000 --skip-tls-verify-registry nexus.corp.exxcellent.de:18000 --skip-tls-verify diff --git a/container-scan.gitlab-ci.yml b/container-scan.gitlab-ci.yml deleted file mode 100644 index 6818e82..0000000 --- a/container-scan.gitlab-ci.yml +++ /dev/null @@ -1,69 +0,0 @@ -.scan-container-jib: - image: $MAVEN_IMAGE - stage: test - variables: - TRIVY_VERSION: 0.25.1 - EXITCODE: 1 - TRIVY_EXTRA_ARGS: "--no-progress --ignore-unfixed" - before_script: - - curl -L "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" --output trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz - - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz - script: - - mvn $MAVEN_CLI_OPTS compile jib:buildTar -DskipTests - - ./trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code 0 --severity HIGH,CRITICAL --format template --template "@contrib/junit.tpl" -o junit-report.xml --input target/jib-image.tar - - ./trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code $EXITCODE --severity HIGH,CRITICAL --input target/jib-image.tar - cache: - paths: - - .trivycache/ - artifacts: - reports: - junit: junit-report.xml - -.scan-container-jib-gradle: - image: $GRADLE_IMAGE - stage: test - variables: - TRIVY_VERSION: 0.25.1 - EXITCODE: 1 - PROJECT_DIR: $CI_PROJECT_DIR/build - TRIVY_EXTRA_ARGS: "--no-progress --ignore-unfixed" - before_script: - - export GRADLE_USER_HOME=`pwd`/.gradle - - curl -L "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" --output trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz - - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz - script: - - ./gradlew $GRADLE_CLI_OPTS jibBuildTar -DskipTests - - ./trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code 0 --severity HIGH,CRITICAL --format template --template "@contrib/junit.tpl" -o junit-report.xml --input $PROJECT_DIR/jib-image.tar - - ./trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code $EXITCODE --severity HIGH,CRITICAL --input $PROJECT_DIR/jib-image.tar - cache: - paths: - - .trivycache/ - artifacts: - reports: - junit: junit-report.xml - -.scan-container-kaniko: - stage: test - image: - name: gcr.io/kaniko-project/executor:v1.6.0-debug - entrypoint: [ "" ] - variables: - TRIVY_VERSION: 0.25.1 - PROJECT_DIR: $CI_PROJECT_DIR - DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile - CONTEXT_LOCATION: $CI_PROJECT_DIR - EXITCODE: 1 - TRIVY_EXTRA_ARGS: "--no-progress --ignore-unfixed" - before_script: - - wget "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" - - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz - script: - - /kaniko/executor --context $CONTEXT_LOCATION --dockerfile $DOCKERFILE_LOCATION $KANIKO_EXTRA_ARGS --cache-dir cache/image --tarPath image.tar --no-push --destination image --registry-mirror nexus.corp.exxcellent.de:18000 --skip-tls-verify-registry nexus.corp.exxcellent.de:18000 --skip-tls-verify - - ./trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code 0 --severity HIGH,CRITICAL --format template --template "@contrib/junit.tpl" -o junit-report.xml --input image.tar - - ./trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code $EXITCODE --severity HIGH,CRITICAL --input image.tar - cache: - paths: - - .trivycache/ - artifacts: - reports: - junit: junit-report.xml diff --git a/docker-compose-validate.gitlab-ci.yml b/docker-compose-validate.gitlab-ci.yml deleted file mode 100644 index e0aa668..0000000 --- a/docker-compose-validate.gitlab-ci.yml +++ /dev/null @@ -1,5 +0,0 @@ -.docker-compose-validate: - image: docker/compose:alpine-1.29.1 - stage: test - script: - - docker-compose $COMPOSE_EXTRA_ARGS config diff --git a/documentation/chapters/generalInformation.adoc b/documentation/chapters/generalInformation.adoc deleted file mode 100644 index 9056a70..0000000 --- a/documentation/chapters/generalInformation.adoc +++ /dev/null @@ -1,71 +0,0 @@ -:sourcedir: ../../ -= General Information - -== Templates und Pipelines - -In dieser Repository sind Templates und Pipeline-Templates zu finden. -Templates sind vorgefertigte Jobs die jeweils einen Use-Case abbilden sollen und direkt importiert werde können. - -Da eine CI jedoch aus Pipelines besteht und Gitlab die Möglichkeit Multiprojekt- und child-Pipelines zu benutzen werden hier auch vorgefertigte bereit gestellt. -Diese Pipeline-Templates bilden komplexere Use-Cases ab. -Pipelines sind in dem dafür vorgesehenen Pipeline Ordner zu finden. - -== Wie können Templates benutzt werden - -Um die Templates in deinem Projekt zu benutzten musst du folgendes machen: - -1. `Include` das Template file in deinem `.gitlab-ci.yaml` File. -2. Jetzt kannst du `extend` benutzen, um das Template zu integrieren. -Es ist möglich weitere Veränderungen vorzunehmen. - -[source,yaml] ----- -stages: - - test-image - -include: - - project: 'gilden/ci/gitlab-ci-templates' - ref: '1.0.0' - file: - - 'maven-build-template.gitlab-ci.yml' - - 'maven-dependencies-template.gitlab-ci.yml' - - 'maven-verify-template.gitlab-ci.yml' - - 'npm-build-template.gitlab-ci.yml' - - 'npm-dependencies-template.gitlab-ci.yml' - - 'npm-lint-template.gitlab-ci.yml' - - 'npm-test-template.gitlab-ci.yml' - - 'container-publish.gitlab-ci.yml' - - 'container-scan.gitlab-ci.yml' - - 'set-version-template.gitlab-ci.yml' - - 'push-tag-and-version-template.gitlab-ci.yml' - - -test-image: - stage: test-image - extends: .build-image - when: manual - except: - - master - - tags - before_script: - - cd ImportantPath ----- - -[[Generel-Variablen]] -== Generelle Variablen - -Bitte folgende Variablen in `.gitlab-ci.yaml` setzen - -|=== -|Name |Description -|CI_REGISTRY| Registry der CI -|MAVE_IMAGE| Das Image das benutzt werden soll für Jobs die Maven benötigen. -|NODE_IMAGE| Das Image das benutzt werden soll für Jobs die NPM benötigen -|MAVEN_OPTS| Generelle optionen um Maven zu verändern -|MAVEN_CLI_OPTS| Optionen um Maven beim Bauen zu verbessern. -|FRONTEND_DIR| Wenn das Projekt ein Frontend besitzt, muss der Pfad definiert werden, wo die note module gespeichert werden. -|=== - ----- -include::{sourcedir}/STD-variablen-Template.gitlab-ci.yml[] ----- diff --git a/documentation/chapters/pipelines/update-version-pipeline.adoc b/documentation/chapters/pipelines/update-version-pipeline.adoc index 23c922f..ad1e97c 100644 --- a/documentation/chapters/pipelines/update-version-pipeline.adoc +++ b/documentation/chapters/pipelines/update-version-pipeline.adoc @@ -4,7 +4,10 @@ ifndef::imagesdir[] :imagesdir: ../../images endif::[] -= update-version-pipeline +[#_pipeline_release] += Release Version Pipeline + +//todo umschreiben auf tag pipelines. This pipeline provides the jobs to increase the version, create a new tag and updates the changed files (version) the repository. @@ -59,30 +62,35 @@ include: - project: 'gilden/ci/gitlab-ci-templates' ref: 'master' file: - - 'release-template.gitlab-ci.yml' + - 'templates/releasing/release.gitlab-ci.yml' a.major-release: - extends: .release-template + #Pressent in all Pipelines + extends: .release-common variables: BUMP_VERSION: "major" b.minor-release: - extends: .release-template + #Pressent only on Default Branch + extends: .release-default variables: BUMP_VERSION: "minor" c.patch-release: - extends: .release-template + #Pressent only on Release Branches + extends: .release-release-branch variables: BUMP_VERSION: "patch" d.prerelease-release: - extends: .release-template + #Pressent only on Release Branches + extends: .release-release-branch variables: BUMP_VERSION: "prerelease" e.build-release: - extends: .release-template + #Pressent only on Release Branches + extends: .release-release-branch variables: BUMP_VERSION: "build" @@ -102,30 +110,13 @@ include: - project: 'gilden/ci/gitlab-ci-templates' ref: 'master' file: - - 'pipelines/update-version-pipeline.gitlab-ci.yml' - - 'push-image.yml' - -# This is optional -push-docker-image: - extends: .publish-image-kaniko - stage: release - # You only need NEED if you use a artifact from your parent pipeline to build the image - needs: - - pipeline: $PARENT_PIPELINE_ID - job: Build - - job: increase-version - - job: push-tag-and-version - rules: - - when: always - before_script: - - "[ -f ./version ] && export LATEST_VERSION=$(cat ./version)" - - export PARSED_VERSION=$(echo $LATEST_VERSION | sed -r 's/\+/_/g') # Replace + sign since this is not valid in a docker tag - - export IMAGE_NAME=$CI_REGISTRY_IMAGE:$PARSED_VERSION + - 'pipelines/update-version.gitlab-ci.yml' ---- You pipeline then looks like the following: .Release Pipeline +//todo update image for tag pipelines image::Release-Docker-Image-Pipeline.png[] == Pipeline @@ -133,7 +124,7 @@ image::Release-Docker-Image-Pipeline.png[] .update-version-pipeline [source, yaml] ---- -include::{sourcedir}/update-version-pipeline.gitlab-ci.yml[] +include::{sourcedir}/update-version.gitlab-ci.yml[] ---- == Usage with release branches @@ -152,7 +143,7 @@ include: - project: 'gilden/ci/gitlab-ci-templates' ref: 'master' file: - - 'release-template.gitlab-ci.yml' + - 'release.gitlab-ci.yml' # Creates next major prerelease on master (e.g.: 2.0.0-rc.1 --> 3.0.0-rc.1) a.major-prerelease: @@ -204,7 +195,7 @@ include: - project: 'gilden/ci/gitlab-ci-templates' ref: 'master' file: - - 'pipelines/update-version-pipeline.gitlab-ci.yml' + - 'pipelines/update-version.gitlab-ci.yml' - 'push-image.yml' # This is optional diff --git a/documentation/chapters/templates/IaC/ansible.adoc b/documentation/chapters/templates/IaC/ansible.adoc new file mode 100644 index 0000000..e7ddd3d --- /dev/null +++ b/documentation/chapters/templates/IaC/ansible.adoc @@ -0,0 +1,36 @@ +:sourcedir: ../../../../templates + += Ansible Template + +A Template Collection to simplify the deployment automation with Ansible. + +All Templates need a $SSH_PRIVATE_KEY variable to be set in den Gitlab CI Variablen. + +.Provided Templates: +|=== +|Name |Description +| +.ansible_lint | Calls the Ansible Linter for static analysis. +Output will be shown in CI output and can be used to optimize the Ansible manifests. +|.ansible_playbook_validate | Executes the Ansible-check, provides inside if the execution of Ansible is possible and syntactically correct. +|.ansible_playbook_run | Executes a defined Ansible playbooks. +|=== + +.Variables +|=== +|Name |Description | Default Value +|SSH_PRIVATE_KEY | The SSH key that will be used to access the remote maschine. +!! +DO NOT set this variable in your Repository. +Use the Gitlab CI variables so not everyone has access to this Secret. Only Maintainer will have access to those Settings +| NOT SET. Has to be set in the gitlab CI variables settings UI. +|PLAYBOOK_PATH | Path to the playbook that should be executed | "playbook.yml" +|INVENTORY_PATH | Path to the inventory that should be executed | "inventory.yml" +|EXTRA_ARGS | Additional Arguments that will be used from Ansible | "" +|=== + +.Ansible Collection +[source,yaml] +---- +include::{sourcedir}/IaC/ansible.gitlab-ci.yml[] +---- \ No newline at end of file diff --git a/documentation/chapters/templates/IaC/docker-compose.adoc b/documentation/chapters/templates/IaC/docker-compose.adoc new file mode 100644 index 0000000..a809387 --- /dev/null +++ b/documentation/chapters/templates/IaC/docker-compose.adoc @@ -0,0 +1,80 @@ +:sourcedir: ../../../../templates + += Docker-Compose Template + +.Provided Templates: +|=== +|Name |Description +|.docker-compose-deploy | Executes Docker Compose against a remote maschine. +|.docker-compose-validate | Validates the syntactic correctness of your compose files. Still can have execution Problems. +|=== + +Copy files with scp onto from your Repo to the Remote system. +Then executes Docker-compose over a SSH connection. +For this SSH connection you have to Provide a SSH Key under a CI-CD-Variable with the name $SSH_PRIVATE_KEY. +If you already have a different $SSH_PRIVATE_KEY you can overwrite the Variable SSH_PRIVATE_KEY_DEPLOY. + +To Parametrise the Docker-Compose File you can use a .env File. +The .env File should not contain any Secrets. +For this reason you can create a .env file dynamically. +To generate a .env file you can provide a script under the path ENV_SETUP_FILE. + +.Beispiel für ein setup_env.sh +---- +#!/bin/sh + +#Prints all Enviroments into the .env File. +printenv >> .env + +#to set a diffrent Project Prefix use this ENV +echo COMPOSE_PROJECT_NAME=project-prefix >>.env + +#Secrets +#Some Secret is a Variable within the gitlab CI Variable +echo SOME_PASSWORD="$SOME_PASSWORD" >>.env +---- + +.Variables +|=== + +|Name |Description | Default Value +| SSH_PRIVATE_KEY_DEPLOY +| Private key to access remote system. +| $SSH_PRIVATE_KEY (In den CI-CD variablen) + +| SSH_URL +| URL of the remote server. +| - + +| SSH_USER +| The user that is used to login into the remote maschine. +| - + +| DOCKER_REGISTRY +| The Container Registry that will be used to pull images. +| "$CI_REGISTRY" + +| ENV_SETUP_FILE +| If you want to use a .env file, this skript can be used to create one. +Secrets should not be stored within your repository. Use the CI-CD Variables in the setting page. +| "setup_env.sh" + +| SCP_DESTINATION +| Target path for scp to push files to. +| - + +| SCP_SOURCE +| Path you want to copy to the remote System. +| $CI_PROJECT_DIR + +| COMPOSE_EXTRA_ARGS +| Additional arguments you want to send to Docker Compose. +For example multiple `-f compose.file.extra` definitions. +| - +|=== + +.Docker Templates +[source,yaml] +---- +include::{sourcedir}/IaC/docker-compose.gitlab-ci.yml[] +---- diff --git a/documentation/chapters/templates/ssh-transfer-data-template.adoc b/documentation/chapters/templates/IaC/ssh-transfer-data.adoc similarity index 83% rename from documentation/chapters/templates/ssh-transfer-data-template.adoc rename to documentation/chapters/templates/IaC/ssh-transfer-data.adoc index 7134238..edb5ba3 100644 --- a/documentation/chapters/templates/ssh-transfer-data-template.adoc +++ b/documentation/chapters/templates/IaC/ssh-transfer-data.adoc @@ -1,4 +1,4 @@ -:sourcedir: ../../../ +:sourcedir: ../../../../templates/ = ssh-transfer-data-template @@ -16,5 +16,5 @@ For more details: https://gitlab.exxcellent.de/gilden/ci/exxcellent-ssh-tool#use .ssh-transfer-data-template [source, yaml] ---- -include::{sourcedir}/ssh-transfer-data-template.gitlab-ci.yml[] +include::{sourcedir}IaC/ssh-transfer-data.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/ansible.adoc b/documentation/chapters/templates/ansible.adoc deleted file mode 100644 index 5055fd7..0000000 --- a/documentation/chapters/templates/ansible.adoc +++ /dev/null @@ -1,33 +0,0 @@ -:sourcedir: ../../../ - -= Ansible-template - -Template Sammlung zur einfachen automation mit Ansible innerhalb der Gitlab CI. - -Erwartet das $SSH_PRIVATE_KEY in den Gitlab CI Variablen gesetzt ist. - -.Angebotene Templates: -|=== -|Name |Description -|.ansible_lint | Ruft den Linter von Ansible auf. -Der Output wird dann in der CI gezeigt und kann den Stil der Playbooks verbessern. -|.ansible_playbook_validate | Validiert, ob die Playbooks ausgeführt werden können und syntaktisch Sinn ergeben. -|.ansible_playbook_run | Führt die Playbooks auf dem Inventar aus. -|=== - -.Variables -|=== -|Name |Description | Default Value -|SSH_PRIVATE_KEY | SSH Key der von Ansible benutzt wird, um sich im Inventar anzumelden. -!! -Nicht in .gitlab.yml setzen. Statt dessen durch den CI Maintainer in den Gitlab Settings setzen lassen. | Nicht gesetzt. Muss in den Gitlab CI Variablen in den Settings gesetzt werden. -|PLAYBOOK_PATH | Path zum Playbook das ausgeführt werden soll | "playbook.yml" -|INVENTORY_PATH | Path zum Inventory das ausgeführt werden soll | "inventory.yml" -|EXTRA_ARGS | Extra Argumente für die Scripte | "" -|=== - -.Ansible-template -[source,yaml] ----- -include::{sourcedir}/ansible.gitlab-ci.yml[] ----- \ No newline at end of file diff --git a/documentation/chapters/templates/common/common-ci-variablen.adoc b/documentation/chapters/templates/common/common-ci-variablen.adoc new file mode 100644 index 0000000..8973738 --- /dev/null +++ b/documentation/chapters/templates/common/common-ci-variablen.adoc @@ -0,0 +1,25 @@ +:sourcedir: ../../../../templates + +:gitlab-ci-file: /common/common-ci-variablen.gitlab-ci.yml + +[[Generel-Variablen]] +== Generelle Variablen + +Wir stellen von uns empfohlene CI-Variablen in `{gitlab-ci-file}` zur verfügung. +Diese werden von uns gepflegt und bekommen von verschiedenen Projekten Feedback. +Es ist möglich das File direkt einzubinden. +Bitte folgende Variablen in `.gitlab-ci.yaml` setzen + +|=== +|Name |Description +|MAVE_IMAGE| Das Image das benutzt werden soll für Jobs die Maven benötigen. +|NODE_IMAGE| Das Image das benutzt werden soll für Jobs die NPM benötigen +|MAVEN_OPTS| Generelle optionen um Maven zu verändern +|MAVEN_CLI_OPTS| Optionen um Maven beim Bauen zu verbessern. +|FRONTEND_DIR| Wenn das Projekt ein Frontend besitzt, muss der Pfad definiert werden, damit die NPM Templates, das die Files finden kann. +|BACKEND_DIR| Wenn das Projekt ein Backend besitzt, muss der Pfad definiert werden. So kann gradle/maven an der richtigen Stelle ausgeführt werden. +|=== + +---- +include::{sourcedir}{gitlab-ci-file}[] +---- diff --git a/documentation/chapters/templates/container-publish-snapshot.adoc b/documentation/chapters/templates/container-publish-snapshot.adoc deleted file mode 100644 index b52163e..0000000 --- a/documentation/chapters/templates/container-publish-snapshot.adoc +++ /dev/null @@ -1,27 +0,0 @@ -:sourcedir: ../../../ - -= Container-Publish-Snapshot - -Dieses Template funktioniert genauso wie das <<_container_publish, Container Publish>> Template. -Es wird jedoch in folgenden Branches ausgeführt. -Dabei sind die Imagenamen der Container abhängig von den Branchnamen. - -.Ausführung -|=== -|Branch |Container Image name -|DEFAULT BRANCH (master/main) |DOCKER_REGISTRY:latest -|feature/* |$DOCKER_REGISTRY:feature/(Branch-postfix) -|refactor/* |$DOCKER_REGISTRY:refactor/(Branch-postfix) -|=== - -.Variables -|=== -|Name |Description | Default Value -|| Siehe <<_container_publish, Container Publish>> | -|=== - -.container-publish-snapshot -[source,yaml] ----- -include::{sourcedir}/container-publish-snapshot.gitlab-ci.yml[] ----- \ No newline at end of file diff --git a/documentation/chapters/templates/container-publish.adoc b/documentation/chapters/templates/container-publish.adoc deleted file mode 100644 index e39c3c0..0000000 --- a/documentation/chapters/templates/container-publish.adoc +++ /dev/null @@ -1,29 +0,0 @@ -:sourcedir: ../../../ - -= Container-Publish - -Baut mithilfe von jib oder kaniko ein Docker Image und läd das Image in der Docker Registry des Projekts hoch. -Dieser Schritt wird nur ausgeführt, wenn ein Tag gesetzt wird. -Wenn das Template ohne Tags benutzt werden soll, müssen die Rules vererbt werden. - -Ein Snapshot Template bieten wir hier an: <<_container-publish-snapshot>> - -.Variables -|=== -|Name |Description | Default Value -|MVN_VERSION | Bestimmt, ob die version von MAVEN gesetzt werden soll. -Falls das Projekt aus mehreren Poms besteht, kann `before_script:` benutzt werden. | "true" -|DOCKER_REGISTRY | Definiert die Registry an zu dem das Image veröffentlicht werden soll | $CI_REGISTRY_IMAGE -|DOCKER_REGISTRY_USER | Definiert den User der benutzt werden soll | $CI_REGISTRY_USER -|DOCKER_REGISTRY_PASSWORD | Definiert das Passwort des Benutzers | $CI_REGISTRY_PASSWORD -|EXTRA_ARGS | Weitere Argumente die an den jeweiligen Job gegeben werden sollen. | "" -|USE_VERSIONFILE | Wenn true, dann wird zur Versionierung das ./version file aus dem set-version tool verwendet | "false" -|ARTIFACT | Der Name des Versionfiles aus dem set-version tool | "version" -|GRADLE_CLI_OPTS | Zusätzliche CLI Opts für Gradle | "" -|=== - -.container-publish -[source,yaml] ----- -include::{sourcedir}/container-publish.gitlab-ci.yml[] ----- \ No newline at end of file diff --git a/documentation/chapters/templates/container/container-build.adoc b/documentation/chapters/templates/container/container-build.adoc new file mode 100644 index 0000000..43ff119 --- /dev/null +++ b/documentation/chapters/templates/container/container-build.adoc @@ -0,0 +1,34 @@ +:sourcedir: ../../../../templates + += Build + +.Provided Templates: +|=== +|Name |Description +| .container-build-jib-maven | Baut Container mit dem Jib Plugin für Maven +| .container-build-jib-gradle | Baut Container mit dem Jib Plugin für Gradle +| .container-build-kaniko | Baut Container mit dem Kaniko +|=== + +Erlaubt es das einfache bauen von Container Images. +Die Images werden als Tar in den CI-Artifacten abgelegt damit es einfach an weitere Pipeline-Schritte übergeben werden kann. +Für das Veröffentlichen des Images ist das Template ContainerPublish[Container Publish] zuständig. + +.Variables +|=== +|Name |Description | Default Value +|CONTEXT_LOCATION | Der Context des Dockerfiles. Im Fall von Jib ist dies der Path wo Maven/Gradle ausgeführt wird. | $CI_PROJECT_DIR + +| EXTRA_ARGS | Weitere Argumente die an das Tool geschickt werden soll | "" + +| Nur bei Kaniko |- |- +| DOCKERFILE_LOCATION | Pfad zum Dockerfile | $CI_PROJECT_DIR/Dockerfile + +| REGISTRY_MIRROR | Welcher Mirror benutzt werden soll | Nexus von exxcellent +|=== + +.Container Build Templates +[source,yaml] +---- +include::{sourcedir}/container/container-build.gitlab-ci.yml[] +---- \ No newline at end of file diff --git a/documentation/chapters/templates/container/container-publish.adoc b/documentation/chapters/templates/container/container-publish.adoc new file mode 100644 index 0000000..32bf360 --- /dev/null +++ b/documentation/chapters/templates/container/container-publish.adoc @@ -0,0 +1,22 @@ +:sourcedir: ../../../../templates + += Container Publish + +Moves a container from the filesystem to a remote repository. +Needs a build container on the path `image.tar`. Use one of the Container build templates for this. + +.Variables +|=== +|Name |Description | Default Value +| CONTAINER_REGISTRY | Url to the remote Registry | $CI_REGISTRY_IMAGE +| CONTAINER_REGISTRY_USER | the user that should be used | $CI_REGISTRY_USER +| CONTAINER_REGISTRY_PASSWORD | the passwort for the remote registry | $CI_REGISTRY_PASSWORD +| EXTRA_PATH | Extra path that should be between the registry path and the image tag | "" +| IMAGE_TAG | the Tag the image should be found on | Depends on the current path. Look at the rules of the Job. +|=== + +.container-publish +[source,yaml] +---- +include::{sourcedir}/container/container-publish.gitlab-ci.yml[] +---- diff --git a/documentation/chapters/templates/container-scan.adoc b/documentation/chapters/templates/container/container-scan.adoc similarity index 54% rename from documentation/chapters/templates/container-scan.adoc rename to documentation/chapters/templates/container/container-scan.adoc index ff1bead..9233580 100644 --- a/documentation/chapters/templates/container-scan.adoc +++ b/documentation/chapters/templates/container/container-scan.adoc @@ -1,16 +1,21 @@ -:sourcedir: ../../../ +:sourcedir: ../../../../templates/ -= Container-Scan += Container CVE Scanner -Baut ein Image mithilfe von jib oder Kaniko welches im Anschluss gescanned wird. Dieser Schritt wird ausgeführt, wenn ein Tag gesetzt wird. Die Ergebnisse des Scans können genutzt werden den Build failen zu lassen, falls gewünscht (vgl. `EXITCODE_ON_HIGH` und `EXITCODE_ON_CRITICAL`). +Uses Trivy to scan for CVE Problems within your Image. +Needs a build container on the path `image.tar`. Use one of the Container build templates for this. + +==== +NOTE: NPM +Trivy can not find CVE's within Frontend containes that do not have a dependencie-lock file. +This file should not be part of the Image. +We provide an additional static CVE-Analyser-Template that can find these CVE's within your Repo. +We also have the https://gitlab.exxcellent.de/gilden/ci/security-scanner/security-scanner[Security-Scanner] if you have more than one image to scan. +==== .Variables |=== |Name |Description | Default Value -|TRIVY_VERSION -| Version von Trivy die benutzt werden soll. -| - - |EXITCODE_ON_HIGH | Bestimmt den Exit code der ausgegeben werden soll, wenn ein CVE der als HIGH markiert wurde, gefunden werden konnte. Wenn 0 benutzt wird, läuft die CI weiter. @@ -30,5 +35,5 @@ Benutzte `allow_failure: true` damit die CI weiter läuft aber ein Failure angez .container scan template [source, yaml] ---- -include::{sourcedir}/container-scan.gitlab-ci.yml[] +include::{sourcedir}container/container-scan.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/docker-compose-deploy.adoc b/documentation/chapters/templates/docker-compose-deploy.adoc deleted file mode 100644 index ab61fd2..0000000 --- a/documentation/chapters/templates/docker-compose-deploy.adoc +++ /dev/null @@ -1,70 +0,0 @@ -:sourcedir: ../../../ - -= Docker-Compose-Deploy - - Kopiert Daten mithilfe von scp aus dem Repo auf ein Deployment-System. - Dort wird über SSH Docker-compose up ausgeführt. - Für die SSH Verbindung muss ein Private-Key in den CI-CD Variablen unter dem Namen $SSH_PRIVATE_KEY abgelegt werden. - Wenn bereits andere SSH Keys vorhanden sind kann SSH_PRIVATE_KEY_DEPLOY in den Varibalen überschrieben werden. - -Um die Compose-Files zu parametrisieren kann ein .env File benutzt werden. -Dieses sollte mit einem Skript das unter der Variable ENV_SETUP_FILE hinterlegt ist erstellt werden. -.env File sollten nicht in der Repo liegen da keine Passwörter in der Repo liegen sollten. - -.Beispiel für ein setup_env.sh ----- -#!/bin/sh - -#Printed alle Umgebungsvariablen in das .env File. -printenv >> .env - -echo COMPOSE_PROJECT_NAME=project-prefix >>.env - -#Secrets -echo SOME_PASSWORD="$SOME_PASSWORD" >>.env ----- - -.Variables -|=== - -|Name |Description | Default Value -| SSH_PRIVATE_KEY_DEPLOY -| Private key der Zugriff auf den Deployment Server hat. -| $SSH_PRIVATE_KEY (In den CI-CD variablen) - -| SSH_URL -| URL des Servers auf den Docker-Compose ausgeführt werden soll. -| - - -| SSH_USER -| Der Passende SSH User zu der SSH Verbindung. -| - - -| DOCKER_REGISTRY -| Die Docker Registry die benutzt werden soll um Images zu pullen. -| "$CI_REGISTRY" - -| ENV_SETUP_FILE -| Falls ein .env file benutzt werden soll, kann es mit einem sh script erstellt werden. -Secrets sollten nicht in der Repository liegen, sondern in den CI-CD Variablen der Repository settings. -| "setup_env.sh" - -| SCP_DESTINATION -| Ziel Pfad wo Daten mit SCP hin kopiert werden sollen. -| - - -| SCP_SOURCE -| Pfad zu den daten die mithilfe von SCP kopiert werden sollen. -| $CI_PROJECT_DIR - -| COMPOSE_EXTRA_ARGS -| Weitere argumente die an Docker-Compose geschickt werden können. -| - -|=== - -.Docker compose deploy -[source,yaml] ----- -include::{sourcedir}/docker-compose-deploy.gitlab-ci.yml[] ----- - diff --git a/documentation/chapters/templates/docker-compose-validate.adoc b/documentation/chapters/templates/docker-compose-validate.adoc deleted file mode 100644 index ce55809..0000000 --- a/documentation/chapters/templates/docker-compose-validate.adoc +++ /dev/null @@ -1,20 +0,0 @@ -:sourcedir: ../../../ - -= Docker-Compose-Validate - -Validiert die semantische Korrektheit eines Docker-Compose files. - -.Variables -|=== -|Name |Description | Default Value -| COMPOSE_EXTRA_ARGS -| Weitere argumente die an Docker-Compose geschickt werden können. -| - - -|=== - -.Docker compose validate -[source,yaml] ----- -include::{sourcedir}/docker-compose-validate.gitlab-ci.yml[] ----- \ No newline at end of file diff --git a/documentation/chapters/templates/documentation/tool-documentation-tool.adoc b/documentation/chapters/templates/documentation/tool-documentation-tool.adoc new file mode 100644 index 0000000..ebcae36 --- /dev/null +++ b/documentation/chapters/templates/documentation/tool-documentation-tool.adoc @@ -0,0 +1,12 @@ +:sourcedir: ../../../../templates/ + += Dokumentation-Tool-template + +The Dokumentation tool template. +More details and Variables can be found here: https://gitlab.exxcellent.de/gilden/ci/exxcellent-documentation-tool[Gilde CI/CD: exxcellent-documentation-tool]. + +.dokumentation-tool +[source,yaml] +---- +include::{sourcedir}documentations/documentation.gitlab-ci.yml[] +---- \ No newline at end of file diff --git a/documentation/chapters/templates/gradle-build-template.adoc b/documentation/chapters/templates/gradle-build-template.adoc deleted file mode 100644 index 11ccecf..0000000 --- a/documentation/chapters/templates/gradle-build-template.adoc +++ /dev/null @@ -1,18 +0,0 @@ -:sourcedir: ../../../ - -= Gradle-build-template - -Dieses Template lädt die Dependencies herunter und baut das Projekt. -Die Ergebnisse werden als Artifact gespeichert. - -.Variables -|=== -|Name |Description | Default Value -|GRADLE_CLI_OPTS | Zusätzliche CLI Opts für Gradle | "" -|=== - -.gradle-build-template -[source,yaml] ----- -include::{sourcedir}/gradle-build-template.gitlab-ci.yml[] ----- \ No newline at end of file diff --git a/documentation/chapters/templates/gradle-test-template.adoc b/documentation/chapters/templates/gradle-test-template.adoc deleted file mode 100644 index b609da1..0000000 --- a/documentation/chapters/templates/gradle-test-template.adoc +++ /dev/null @@ -1,18 +0,0 @@ -:sourcedir: ../../../ - -= Gradle-test-template - -Dieses Template startet den Test Task in gradle. -Die Ergebnisse werden als Artifact gespeichert. - -.Variables -|=== -|Name |Description | Default Value -|GRADLE_CLI_OPTS | Zusätzliche CLI Opts für Gradle | "" -|=== - -.gradle-test-template -[source,yaml] ----- -include::{sourcedir}/gradle-test-template.gitlab-ci.yml[] ----- \ No newline at end of file diff --git a/documentation/chapters/templates/java/gradle/gradle-build-template.adoc b/documentation/chapters/templates/java/gradle/gradle-build-template.adoc new file mode 100644 index 0000000..bb4073f --- /dev/null +++ b/documentation/chapters/templates/java/gradle/gradle-build-template.adoc @@ -0,0 +1,19 @@ +:sourcedir: ../../../../../templates/ + += Gradle-build-template + +This template resolves the gradle dependencies of your project and builds the project. +The result will be cached when you include the common CI variables. +The resulting build files will be published as artefacts. + +.Variables +|=== +|Name |Description | Default Value +|GRADLE_CLI_OPTS | Additional Options that will be passed to Gradle | "" +|=== + +.gradle-build-template +[source,yaml] +---- +include::{sourcedir}java/gradle/gradle-build.gitlab-ci.yml[] +---- \ No newline at end of file diff --git a/documentation/chapters/templates/java/gradle/gradle-db-diff-template.adoc b/documentation/chapters/templates/java/gradle/gradle-db-diff-template.adoc new file mode 100644 index 0000000..6a01af9 --- /dev/null +++ b/documentation/chapters/templates/java/gradle/gradle-db-diff-template.adoc @@ -0,0 +1,26 @@ +:sourcedir: ../../../../../templates/ + += Gradle Database Diff + +This template generates a diff between the Liquibase schema and the Hibernate model of a database. +The resulting xml can be used as a base for schema changes. +Please look at the resulting changelog since it can have errors. + +//#todo add documentation how to run agains real server oder service +//#If you wand to run against a real server. +//#overrite -Dvariable.liquibase.database.url= in the script section +//#add a service with your desired Database container. +//#use the alias in the service to define the alias for the database url + +.Variables +|=== +|Name |Description | Default Value +|GRADLE_CLI_OPTS | Additional options send to gradle | "" +| PATH_TO_DIFF | Path to the resulting diff is defined in gradle config, this will also be exposed as the artefact of the Job. | "build/db-diff.xml" +|=== + +.Gradle Liquibase Diff +[source,yaml] +---- +include::{sourcedir}java/gradle/gradle-database-diff.gitlab-ci.yml[] +---- \ No newline at end of file diff --git a/documentation/chapters/templates/java/gradle/gradle-test-template.adoc b/documentation/chapters/templates/java/gradle/gradle-test-template.adoc new file mode 100644 index 0000000..9408765 --- /dev/null +++ b/documentation/chapters/templates/java/gradle/gradle-test-template.adoc @@ -0,0 +1,27 @@ +:sourcedir: ../../../../../templates/ + +ifndef::imagesdir[] +:imagesdir: ../../../../images/ +endif::[] + += Gradle Database Diff + +This templates starts `gradle test` and saves the results as Artifacts. + +When Junit Reports are generated they will be published as Artefacts within the Pipelines. +You can get a detailed view when clicking on Tests. +For more information look into the official https://docs.gitlab.com/ee/ci/unit_test_reports.html[Documentation]. + +image::GitlabCiTest.png[] + +.Variables +|=== +|Name |Description | Default Value +|GRADLE_CLI_OPTS | Zusätzliche CLI Opts für Gradle | "" +|=== + +.gradle-test-template +[source,yaml] +---- +include::{sourcedir}java/gradle/gradle-test.gitlab-ci.yml[] +---- \ No newline at end of file diff --git a/documentation/chapters/templates/maven-build-template.adoc b/documentation/chapters/templates/java/maven/maven-build-template.adoc similarity index 67% rename from documentation/chapters/templates/maven-build-template.adoc rename to documentation/chapters/templates/java/maven/maven-build-template.adoc index 7670432..9050c74 100644 --- a/documentation/chapters/templates/maven-build-template.adoc +++ b/documentation/chapters/templates/java/maven/maven-build-template.adoc @@ -1,4 +1,4 @@ -:sourcedir: ../../../ +:sourcedir: ../../../../../templates/ = maven-build-template @@ -12,5 +12,5 @@ Dieses Template baut die .jar Files und speichert die Ergebnisse als Artifact. .mvn-build-template [source, yaml] ---- -include::{sourcedir}/maven-build-template.gitlab-ci.yml[] +include::{sourcedir}java/maven/maven-build.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/java/maven/maven-db-diff-template.adoc b/documentation/chapters/templates/java/maven/maven-db-diff-template.adoc new file mode 100644 index 0000000..3fe7db7 --- /dev/null +++ b/documentation/chapters/templates/java/maven/maven-db-diff-template.adoc @@ -0,0 +1,20 @@ +:sourcedir: ../../../../../templates/ + += Maven Database Diff + +This template generates a diff between the Liquibase schema and the Hibernate model of a database. +The resulting xml can be used as a base for schema changes. +Please look at the resulting changelog since it can have errors. + +.Variables +|=== +|Name |Description | Default Value +|GRADLE_CLI_OPTS | Additional options send to gradle | "" +| PATH_TO_DIFF | Path to the resulting diff is defined in gradle config, this will also be exposed as the artefact of the Job. | "target/db-diff.xml" +|=== + +.gradle-build-template +[source,yaml] +---- +include::{sourcedir}java/maven/maven-database-diff.gitlab-ci.yml[] +---- \ No newline at end of file diff --git a/documentation/chapters/templates/java/maven/maven-dependencies-template.adoc b/documentation/chapters/templates/java/maven/maven-dependencies-template.adoc new file mode 100644 index 0000000..a01389a --- /dev/null +++ b/documentation/chapters/templates/java/maven/maven-dependencies-template.adoc @@ -0,0 +1,17 @@ +:sourcedir: ../../../../../templates/ + += Gradle Dependencies Template + +This Template resolves the Maven Dependencies of your Projekt. +The result will be cached when you include the common CI variables. + +.Variables +|=== +|Name |Description | Default Value +|=== + +.mvn-dependencies-template +[source, yaml] +---- +include::{sourcedir}java/maven/maven-dependencies.gitlab-ci.yml[] +---- \ No newline at end of file diff --git a/documentation/chapters/templates/java/maven/maven-verify-template.adoc b/documentation/chapters/templates/java/maven/maven-verify-template.adoc new file mode 100644 index 0000000..7b25536 --- /dev/null +++ b/documentation/chapters/templates/java/maven/maven-verify-template.adoc @@ -0,0 +1,27 @@ +:sourcedir: ../../../../../templates/ + +ifndef::imagesdir[] +:imagesdir: ../../../../images/ +endif::[] + += maven-verify-template + +This templates starts `mvn verify` and saves the results as Artifacts. + +When Junit Reports are generated they will be published as Artefacts within the Pipelines. +You can get a detailed view when clicking on Tests. +For more information look into the official https://docs.gitlab.com/ee/ci/unit_test_reports.html[Documentation]. + +image::GitlabCiTest.png[] + + +.Variables +|=== +|Name |Description | Default Value +|=== + +.mvn-verify-template +[source, yaml] +---- +include::{sourcedir}/java/maven/maven-verify.gitlab-ci.yml[] +---- \ No newline at end of file diff --git a/documentation/chapters/templates/maven-dependencies-template.adoc b/documentation/chapters/templates/maven-dependencies-template.adoc deleted file mode 100644 index d767fae..0000000 --- a/documentation/chapters/templates/maven-dependencies-template.adoc +++ /dev/null @@ -1,17 +0,0 @@ -:sourcedir: ../../../ - -= maven-dependencies-template - -Dieses Template lädt die Maven Abhängigkeiten des Projekts runter. -Bitte den Cache hinzufügen. Siehe xref:Generel-Variablen[Generelle Variablen] - -.Variables -|=== -|Name |Description | Default Value -|=== - -.mvn-dependencies-template -[source, yaml] ----- -include::{sourcedir}/maven-dependencies-template.gitlab-ci.yml[] ----- \ No newline at end of file diff --git a/documentation/chapters/templates/maven-verify-template.adoc b/documentation/chapters/templates/maven-verify-template.adoc deleted file mode 100644 index f0b4017..0000000 --- a/documentation/chapters/templates/maven-verify-template.adoc +++ /dev/null @@ -1,25 +0,0 @@ -:sourcedir: ../../../ - -ifndef::imagesdir[] -:imagesdir: ../../images -endif::[] - -= maven-verify-template - -Dieses Template startet `mvn verify` und speichert die Ergebnisse als Artifact. - -Wenn Junit Report XML files generiert und als Artefakte innerhalb der Pipeline hochgeladen wurden, können diese innerhalb der Pipelines Detail Seite angezeigt werden. Für mehr Dokumentation klicke https://docs.gitlab.com/ee/ci/unit_test_reports.html[hier]. - -image::GitlabCiTest.png[] - - -.Variables -|=== -|Name |Description | Default Value -|=== - -.mvn-verify-template -[source, yaml] ----- -include::{sourcedir}/maven-verify-template.gitlab-ci.yml[] ----- \ No newline at end of file diff --git a/documentation/chapters/templates/npm-build-template.adoc b/documentation/chapters/templates/npm/npm-build-template.adoc similarity index 70% rename from documentation/chapters/templates/npm-build-template.adoc rename to documentation/chapters/templates/npm/npm-build-template.adoc index 4169d70..d79abf0 100644 --- a/documentation/chapters/templates/npm-build-template.adoc +++ b/documentation/chapters/templates/npm/npm-build-template.adoc @@ -1,4 +1,4 @@ -:sourcedir: ../../../ +:sourcedir: ../../../../templates/ = npm-build-template @@ -12,5 +12,5 @@ Dieses Template baut das NPM projekt und speichert die Ergebnisse als Artifact. .npm-build-template [source, yaml] ---- -include::{sourcedir}/npm-build-template.gitlab-ci.yml[] +include::{sourcedir}npm/npm-build.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/npm-dependencies-template.adoc b/documentation/chapters/templates/npm/npm-dependencies-template.adoc similarity index 75% rename from documentation/chapters/templates/npm-dependencies-template.adoc rename to documentation/chapters/templates/npm/npm-dependencies-template.adoc index 383e624..6689f4c 100644 --- a/documentation/chapters/templates/npm-dependencies-template.adoc +++ b/documentation/chapters/templates/npm/npm-dependencies-template.adoc @@ -1,4 +1,4 @@ -:sourcedir: ../../../ +:sourcedir: ../../../../templates/ = npm-dependencies-template @@ -13,5 +13,5 @@ Bitte den Cache hinzufügen. Siehe xref:Generel-Variablen[Generelle Variablen] .npm-dependencies-template [source, yaml] ---- -include::{sourcedir}/npm-dependencies-template.gitlab-ci.yml[] +include::{sourcedir}npm/npm-dependencies.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/npm-lint-template.adoc b/documentation/chapters/templates/npm/npm-lint-template.adoc similarity index 68% rename from documentation/chapters/templates/npm-lint-template.adoc rename to documentation/chapters/templates/npm/npm-lint-template.adoc index f559f09..9d74a00 100644 --- a/documentation/chapters/templates/npm-lint-template.adoc +++ b/documentation/chapters/templates/npm/npm-lint-template.adoc @@ -1,4 +1,4 @@ -:sourcedir: ../../../ +:sourcedir: ../../../../templates/ = npm-lint-template @@ -12,5 +12,5 @@ Dieses Template durchläuft den Linter des NPM Projekts. .npm-lint-template [source, yaml] ---- -include::{sourcedir}/npm-lint-template.gitlab-ci.yml[] +include::{sourcedir}npm/npm-lint.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/npm-test-template.adoc b/documentation/chapters/templates/npm/npm-test-template.adoc similarity index 65% rename from documentation/chapters/templates/npm-test-template.adoc rename to documentation/chapters/templates/npm/npm-test-template.adoc index 94d7d07..7a67dd8 100644 --- a/documentation/chapters/templates/npm-test-template.adoc +++ b/documentation/chapters/templates/npm/npm-test-template.adoc @@ -1,4 +1,4 @@ -:sourcedir: ../../../ +:sourcedir: ../../../../templates/ = npm-test-template @@ -12,5 +12,5 @@ Dieses Template baut das NPM Projekt. .npm-test-template [source, yaml] ---- -include::{sourcedir}/npm-test-template.gitlab-ci.yml[] +include::{sourcedir}npm/npm-test.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/publish-image.adoc b/documentation/chapters/templates/publish-image.adoc deleted file mode 100644 index 0126c78..0000000 --- a/documentation/chapters/templates/publish-image.adoc +++ /dev/null @@ -1,19 +0,0 @@ -:sourcedir: ../../../ - -= Publish-Image-jib - -Baut mithilfe von jib ein Docker Image und läd es in die Docker Registry des Projekts hoch. -Dieser Schritt wird nur ausgeführt, wenn ein Tag gesetzt wird. - -.Variables -|=== -|Name |Description | Default Value -|MVN_VERSION | Bestimmt, ob die version von MAVEN gesetzt werden soll. -Falls das Projekt aus mehreren Poms besteht, kann `bevor_script:` benutzt werden. | "true" -|=== - -.publish-image-jib-template -[source,yaml] ----- -include::{sourcedir}/container-publish.gitlab-ci.yml[] ----- \ No newline at end of file diff --git a/documentation/chapters/templates/release-template.adoc b/documentation/chapters/templates/release-template.adoc deleted file mode 100644 index 6201492..0000000 --- a/documentation/chapters/templates/release-template.adoc +++ /dev/null @@ -1,19 +0,0 @@ -:sourcedir: ../../../ - -= release-template - -This template provides a template for including the child release pipeline. - -For more information see the `update-version-pipeline` documentation. - -.Variables -|=== -|Name |Description | Default Value -|PARENT_PIPELINE_ID | The if of the parent pipeline. Needed to be able to use artifacts in the child pipeline | $CI_PIPELINE_ID -|=== - -.release-template -[source, yaml] ----- -include::{sourcedir}/release-template.gitlab-ci.yml[] ----- \ No newline at end of file diff --git a/documentation/chapters/templates/mail-template.adoc b/documentation/chapters/templates/releasing/mail-template.adoc similarity index 89% rename from documentation/chapters/templates/mail-template.adoc rename to documentation/chapters/templates/releasing/mail-template.adoc index 8803db8..ff095d4 100644 --- a/documentation/chapters/templates/mail-template.adoc +++ b/documentation/chapters/templates/releasing/mail-template.adoc @@ -1,4 +1,4 @@ -:sourcedir: ../../../ +:sourcedir: ../../../../templates/ = mail-template @@ -18,5 +18,5 @@ NOTE: The template uses the port 25 config as a default which doesn't need a smt .mail-template [source, yaml] ---- -include::{sourcedir}/mail-template.gitlab-ci.yml[] +include::{sourcedir}releasing/mail.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/push-tag-and-version-template.adoc b/documentation/chapters/templates/releasing/push-tag-and-version-template.adoc similarity index 87% rename from documentation/chapters/templates/push-tag-and-version-template.adoc rename to documentation/chapters/templates/releasing/push-tag-and-version-template.adoc index a2d9c7b..b9676c1 100644 --- a/documentation/chapters/templates/push-tag-and-version-template.adoc +++ b/documentation/chapters/templates/releasing/push-tag-and-version-template.adoc @@ -1,9 +1,8 @@ -:sourcedir: ../../../ +:sourcedir: ../../../../templates/ -= push-tag-and-version-template += Push Tag and Version Template This template creates a new tag und updates the version of your project in the repository. Additionally, the template builds a new artifact with the `mvn package` command after setting the version which then can be exported with the gitlab-ci _artifacts_ keyword and used in subsequent stages. - For more details: https://gitlab.exxcellent.de/gilden/ci/exxcellent-ssh-tool[Gilde CI/CD: exxcellent-ssh-tool]. .Variables @@ -17,5 +16,5 @@ For more details: https://gitlab.exxcellent.de/gilden/ci/exxcellent-ssh-tool[Gil .push-tag-and-version-template [source, yaml] ---- -include::{sourcedir}/push-tag-and-version-template.gitlab-ci.yml[] +include::{sourcedir}releasing/push-tag-and-version.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/releasing/release-gitlab-template.adoc b/documentation/chapters/templates/releasing/release-gitlab-template.adoc new file mode 100644 index 0000000..d1f77e6 --- /dev/null +++ b/documentation/chapters/templates/releasing/release-gitlab-template.adoc @@ -0,0 +1,17 @@ +:sourcedir: ../../../../templates/ + += Gitlab Release Template + +This Template makes it easier to create Gitlab Release from the CI + +.Variables +|=== +|Name |Description | Default Value +|DESCRIPTION | The Content that has changed in the last release. Can be changed manual afterwards | "" +|=== + +.Template +[source, yaml] +---- +include::{sourcedir}releasing/release-gitlab.gitlab-ci.yml[] +---- \ No newline at end of file diff --git a/documentation/chapters/templates/releasing/release-template.adoc b/documentation/chapters/templates/releasing/release-template.adoc new file mode 100644 index 0000000..6569d24 --- /dev/null +++ b/documentation/chapters/templates/releasing/release-template.adoc @@ -0,0 +1,32 @@ +:sourcedir: ../../../../templates/ + += Release Template + +This collection provides multiple templated to make publish releases of your Software as easy as possible. + + + +.Angebotene Templates: +|=== +|Name |Description +| .release-common | This template contains a trigger for an additional release Pipeline. It will execute all Jobs defined in your release.gitlab-ci.yml file as a child pipeline +For more information see the <<_pipeline_release>> documentation. + +| .release-default: | Builds upon .release-common defines rules, so it will only be executed on your default branch. + +| .release-release-branch: | Builds upon .release-common defines rules, so it will only be executed on release branches. + +|=== + + +.Variables +|=== +|Name |Description | Default Value +|PARENT_PIPELINE_ID | The if of the parent pipeline. Needed to be able to use artifacts in the child pipeline | $CI_PIPELINE_ID +|=== + +.release-template +[source, yaml] +---- +include::{sourcedir}releasing/release.gitlab-ci.yml[] +---- \ No newline at end of file diff --git a/documentation/chapters/templates/set-version-template.adoc b/documentation/chapters/templates/releasing/set-version-template.adoc similarity index 64% rename from documentation/chapters/templates/set-version-template.adoc rename to documentation/chapters/templates/releasing/set-version-template.adoc index d2f7393..8f68815 100644 --- a/documentation/chapters/templates/set-version-template.adoc +++ b/documentation/chapters/templates/releasing/set-version-template.adoc @@ -1,6 +1,7 @@ -:sourcedir: ../../../ +:sourcedir: ../../../../templates/ -= set-version-template + += set-version This template provides the job for increasing the tag version. For more details look at https://gitlab.exxcellent.de/gilden/ci/exxcellent-increase-version-tool[Gilde CI/CD: exxcellent-increase-version-tool]. @@ -11,7 +12,8 @@ For more details look at https://gitlab.exxcellent.de/gilden/ci/exxcellent-incre |Name |Description | Default Value |BUMP_VERSION | defines the version bump | "major" |PREFIX | the prefix for the tag | "" -|OUTPUT | defines where the updated version is written to | version +|OUTPUT | defines where the updated version is written to. Default case is an env File named Version. +Following Jobs will have set the $VERSION variable to the next version. | version.env |SIMPLIFY a| * "false": @@ -23,5 +25,5 @@ a| .set-version-template [source, yaml] ---- -include::{sourcedir}/set-version-template.gitlab-ci.yml[] +include::{sourcedir}/releasing/set-version.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/repo-cve-scan.adoc b/documentation/chapters/templates/static-analysis/repo-cve-scan.adoc similarity index 85% rename from documentation/chapters/templates/repo-cve-scan.adoc rename to documentation/chapters/templates/static-analysis/repo-cve-scan.adoc index 5c8e5a8..2b49111 100644 --- a/documentation/chapters/templates/repo-cve-scan.adoc +++ b/documentation/chapters/templates/static-analysis/repo-cve-scan.adoc @@ -1,4 +1,4 @@ -:sourcedir: ../../../ +:sourcedir: ../../../../templates/ = Repo-CVE-Scan @@ -26,5 +26,5 @@ Bei 0 läuft die Pipeline durch, auch wenn Probleme gefunden werden. .Repo CVE scan template [source, yaml] ---- -include::{sourcedir}/repo-cve-scan.gitlab-ci.yml[] +include::{sourcedir}static-analysis/repo-cve-scan-trivy.gitlab-ci.yml[] ---- \ No newline at end of file diff --git a/documentation/chapters/templates/tool-sonar7.adoc b/documentation/chapters/templates/static-analysis/tool-sonar.adoc similarity index 91% rename from documentation/chapters/templates/tool-sonar7.adoc rename to documentation/chapters/templates/static-analysis/tool-sonar.adoc index a642419..5f4ce24 100644 --- a/documentation/chapters/templates/tool-sonar7.adoc +++ b/documentation/chapters/templates/static-analysis/tool-sonar.adoc @@ -1,6 +1,5 @@ -:sourcedir: ../../../ - -= Sonar 7 template +:sourcedir: ../../../../templates/ += sonar-template Ruft den Sonar Job für das Projekt auf. Mehr Details zu finden hier: https://gitlab.exxcellent.de/gilden/ci/exxcellent-sonar-tool[Gilde CI/CD: exxcellent-sonar-tool]. @@ -25,5 +24,5 @@ Wenn der Build nicht gebrochen werden soll, kann es weggelassen werden. .sonar-template [source,yaml] ---- -include::{sourcedir}/tool-sonar7.gitlab-ci.yml[] +include::{sourcedir}static-analysis/sonar.gitlab-ci.yml[] ---- diff --git a/documentation/chapters/templates/tool-documentation-tool.adoc b/documentation/chapters/templates/tool-documentation-tool.adoc deleted file mode 100644 index 97f8299..0000000 --- a/documentation/chapters/templates/tool-documentation-tool.adoc +++ /dev/null @@ -1,12 +0,0 @@ -:sourcedir: ../../../ - -= Dokumentation-Tool-template - -Das Dokumentation-Tool template. -Mehr Details und die Variablendokumentation sind hier zu finden: https://gitlab.exxcellent.de/gilden/ci/exxcellent-documentation-tool[Gilde CI/CD: exxcellent-documentation-tool]. - -.dokumentation-tool -[source,yaml] ----- -include::{sourcedir}/tool-documentation.gitlab-ci.yml[] ----- \ No newline at end of file diff --git a/documentation/contribution.adoc b/documentation/contribution.adoc new file mode 100644 index 0000000..e342e38 --- /dev/null +++ b/documentation/contribution.adoc @@ -0,0 +1,20 @@ +:sourcedir: ../../../../templates + +:gitlab-ci-file: /common/common-ci-variablen.gitlab-ci.yml + +Im Folgenden sind ein paar Regeln wie die Repo aufgebaut ist um ein möglicht einfaches einarbeiten und zusammenarbeiten zu ermöglichen. + + +== Template Names convention + +Template Namen fangen immer mit dem Prefix des Files an, in dem sie sich befinden. +Wenn in dem File mehrere Templates enthalten sind, wird an den Filenamen ein Suffix gehängt der, die Funktion des Templates zusammenfasst. +Das machen mir damit die CI Files und die Templates eine Verbindung zueinander haben. +Die Erfahrung hat gezeigt das es sonst schwer wird die Templates mit den Imports zu verbinden. + +==== +Beispiel: + +fuu.gitlab-ci.yml enthält template die anfangen mit .fuu-feature1 und .fuu-feature2 +==== + diff --git a/documentation/document.adoc b/documentation/document.adoc index 8841d74..e1e257e 100644 --- a/documentation/document.adoc +++ b/documentation/document.adoc @@ -32,65 +32,77 @@ toc::[] // Attribut leveloffset addiert die gegebene Zahl zu den Überschriften im Dokument // Alle Überschriften erscheinen also eine Ebene tiefer // ########################################################################### -include::chapters/generalInformation.adoc[leveloffset=1] +== General Information -== Ansible Templates +include::generalInformation.adoc[leveloffset=1] +include::chapters/templates/common/common-ci-variablen.adoc[leveloffset=1] + +== Contribution + +include::contribution.adoc[leveloffset=1] + +== Deployment - IaC + +include::chapters/templates/IaC/ansible.adoc[leveloffset=2] +include::chapters/templates/IaC/docker-compose.adoc[leveloffset=2] +include::chapters/templates/IaC/ssh-transfer-data.adoc[leveloffset=2] -include::chapters/templates/ansible.adoc[leveloffset=2] == Container Templates -include::chapters/templates/container-publish.adoc[leveloffset=2] -include::chapters/templates/container-publish-snapshot.adoc[leveloffset=2] -include::chapters/templates/container-scan.adoc[leveloffset=2] -include::chapters/templates/docker-compose-validate.adoc[leveloffset=2] -include::chapters/templates/docker-compose-deploy.adoc[leveloffset=2] +include::chapters/templates/container/container-build.adoc[leveloffset=2] +include::chapters/templates/container/container-publish.adoc[leveloffset=2] +include::chapters/templates/container/container-scan.adoc[leveloffset=2] -== Versionierungs Templates + +== Releasing Templates Im folgende sind erweiterte Templates zu finden für das https://gitlab.exxcellent.de/gilden/ci/exxcellent-increase-version-tool[Increase-Version-Tool] der CI Gilde. -Es enthält auch eine Child-Pipeline-Konfiguration um den Versionierungsprozess innerhalb einer Pipeline darzustellen. +Für vorgegebene Release Pipelines bitte im Abschnitt <<_pipelines>> gucken. - -=== Templates - -include::chapters/templates/push-tag-and-version-template.adoc[leveloffset=3] -include::chapters/templates/set-version-template.adoc[leveloffset=3] -include::chapters/templates/release-template.adoc[leveloffset=3] - -=== Pipeline - -include::chapters/pipelines/update-version-pipeline.adoc[leveloffset=3] +include::chapters/templates/releasing/push-tag-and-version-template.adoc[leveloffset=3] +include::chapters/templates/releasing/set-version-template.adoc[leveloffset=3] +include::chapters/templates/releasing/release-template.adoc[leveloffset=3] +include::chapters/templates/releasing/release-gitlab-template.adoc[leveloffset=3] +include::chapters/templates/releasing/mail-template.adoc[leveloffset=3] == NPM Templates -include::chapters/templates/npm-dependencies-template.adoc[leveloffset=2] -include::chapters/templates/npm-build-template.adoc[leveloffset=2] -include::chapters/templates/npm-lint-template.adoc[leveloffset=2] -include::chapters/templates/npm-test-template.adoc[leveloffset=2] +include::chapters/templates/npm/npm-dependencies-template.adoc[leveloffset=2] +include::chapters/templates/npm/npm-build-template.adoc[leveloffset=2] +include::chapters/templates/npm/npm-lint-template.adoc[leveloffset=2] +include::chapters/templates/npm/npm-test-template.adoc[leveloffset=2] == Maven Templates -include::chapters/templates/maven-dependencies-template.adoc[leveloffset=2] -include::chapters/templates/maven-build-template.adoc[leveloffset=2] -include::chapters/templates/maven-verify-template.adoc[leveloffset=2] +include::chapters/templates/java/maven/maven-dependencies-template.adoc[leveloffset=2] +include::chapters/templates/java/maven/maven-build-template.adoc[leveloffset=2] +include::chapters/templates/java/maven/maven-verify-template.adoc[leveloffset=2] == Gradle Templates Aktuell gehen wir davon das der Gradle Wrapper in dem Projekt vorhanden ist. Sollte dieser noch nicht vorhanden sein kann er mit dem Befehl `gradle wrapper` erstellt werden. -include::chapters/templates/gradle-build-template.adoc[leveloffset=2] -include::chapters/templates/gradle-test-template.adoc[leveloffset=2] +include::chapters/templates/java/gradle/gradle-build-template.adoc[leveloffset=2] +include::chapters/templates/java/gradle/gradle-test-template.adoc[leveloffset=2] +include::chapters/templates/java/gradle/gradle-db-diff-template.adoc[leveloffset=2] -== Misc +== Static Analysis -include::chapters/templates/repo-cve-scan.adoc[leveloffset=2] +include::chapters/templates/static-analysis/repo-cve-scan.adoc[leveloffset=2] +include::chapters/templates/static-analysis/tool-sonar.adoc[leveloffset=2] -== Weitere Gilden-Tools +== Documentation -include::chapters/templates/tool-sonar7.adoc[leveloffset=2] -include::chapters/templates/tool-sonar8.adoc[leveloffset=2] -include::chapters/templates/tool-documentation-tool.adoc[leveloffset=2] -include::chapters/templates/mail-template.adoc[leveloffset=2] -include::chapters/templates/ssh-transfer-data-template.adoc[leveloffset=2] +include::chapters/templates/documentation/tool-documentation-tool.adoc[leveloffset=2] + +[#_pipelines] +=== Pipelines + +include::chapters/pipelines/update-version-pipeline.adoc[leveloffset=3] + +//todo docs for new pipelines +//In particular docs for the keyword needs hinzufügen. needs container build step. artefacts true + +//todo licensing documentieren \ No newline at end of file diff --git a/documentation/generalInformation.adoc b/documentation/generalInformation.adoc new file mode 100644 index 0000000..645c6fa --- /dev/null +++ b/documentation/generalInformation.adoc @@ -0,0 +1,50 @@ +:sourcedir: ../../../../templates + +== Templates und Pipelines + +In dieser Repository sind CI Templates und CI Pipeline-Templates zu finden. +Templates sind vorgefertigte Jobs, die jeweils einen Use-Case abbilden sollen und in dein Projekt importiert werden können. Die meisten Templates haben kein abhängigkeiten untereinander. Wenn doch, werden die Abhängigkeiten dokumentiert. +Alle Templates sind im Ordner Templates zu finden. + +Da eine CI jedoch aus Pipelines besteht und Gitlab die Möglichkeit Multi-Projekt- und Child-Pipelines zu benutzen, werden hier auch vorgefertigte Pipelines bereitgestellt. +Diese Pipeline-Templates bilden komplexere Use-Cases ab. +Pipelines sind in dem dafür vorgesehenen Pipeline Ordner zu finden. + +== Wie können Templates benutzt werden + +Damit du die Templates in deinem Projekt zu benutzten kannst, musst du folgendes machen: + +1. `Include` das Template file das du benutzen willst in deinem `.gitlab-ci.yaml` File. +2. Jetzt kannst du in von dir gewählten Job das Template mit dem keyword `extend` als Ausgangspunkt benutzen. +3. Du kannst den Job für deinen Anwendungszweck weitere verändern indem du diese bei dir Überschreibst. + +==== +Bei dem folgenden Beispiel wurde als ref der Tag 1.0.0 gesetzt. +Wir empfehlen diesen Tag zu setzen damit Änderungen von uns nicht eure CI Skripte kaputt machen. +Um automatisch mitzubekommen, wenn sich die CI verändert empfehlen wir das Benutzen von Renovate +==== + +[source,yaml] +---- +stages: + - test-image + +include: + - project: 'gilden/ci/gitlab-ci-templates' + ref: '1.0.0' + file: + - '/templates/java/maven/maven-verify.gitlab-ci.yml' + +test-image: + stage: test-image + extends: .maven-verify + rules: + - if: $NURAUFMEINEMBRANCH + before_script: + - echo "meine änderungen" +---- + +== Wie können Pipelines benutzt werden + +Um Pipelines zu benutzen, müssen diese nur mit `Include` importiert werden. +Für weitere Informationen ließ bitte die Doku der Pipelines selbst. diff --git a/pipelines/eXXcellent-release.gitlab-ci.yml b/pipelines/eXXcellent-release.gitlab-ci.yml new file mode 100644 index 0000000..29627c3 --- /dev/null +++ b/pipelines/eXXcellent-release.gitlab-ci.yml @@ -0,0 +1,31 @@ +include: + - local: 'templates/releasing/release.gitlab-ci.yml' + - local: 'templates/releasing/release-gitlab.gitlab-ci.yml' + +a.major-release: + extends: .release-default + variables: + BUMP_VERSION: "major" + +b.minor-release: + extends: .release-release-branch + variables: + BUMP_VERSION: "minor" + +c.patch-release: + extends: .release-release-branch + variables: + BUMP_VERSION: "patch" + +d.prerelease-release: + extends: .release-release-branch + variables: + BUMP_VERSION: "prerelease" + +e.build-release: + extends: .release-release-branch + variables: + BUMP_VERSION: "build" + +Create-Gitlab-Release: + extends: .release-create-gitlab \ No newline at end of file diff --git a/pipelines/java-maven.gitlab-ci.yml b/pipelines/java-maven.gitlab-ci.yml new file mode 100644 index 0000000..c495f89 --- /dev/null +++ b/pipelines/java-maven.gitlab-ci.yml @@ -0,0 +1,39 @@ +include: + - '/templates/java/maven/maven-dependencies.gitlab-ci.yml' + - '/templates/java/maven/maven-build.gitlab-ci.yml' + - '/templates/java/maven/maven-verify.gitlab-ci.yml' + - '/templates/java/maven/maven-database-diff.gitlab-ci.yml' + +Dependencies-Java: + extends: .maven-dependencies + +Build-Java: + extends: .maven-build + needs: + - job: "Dependencies-Java" + artifacts: true + +Test-Java: + extends: .maven-test + needs: + - job: "Build-Java" + artifacts: true + +Database-Diff: + extends: + - .maven-database-diff + needs: + - job: "Build-Java" + artifacts: true + +Repo-CVE-Scan: + allow_failure: true + extends: .repo-cve-scan-trivy + +sonar: + extends: .sonar-maven + needs: + - job: "Build-Java" + artifacts: true + variables: + SONAR_PROJECT_KEY: "gilde.ci.cd.restservice:java-backend-template" \ No newline at end of file diff --git a/pipelines/license.gitlab-ci.yml b/pipelines/license.gitlab-ci.yml new file mode 100644 index 0000000..93bd4b3 --- /dev/null +++ b/pipelines/license.gitlab-ci.yml @@ -0,0 +1,23 @@ +stages: + - bom + - asciidoc + +License-Bom: + image: maven:3-jdk-11 + stage: bom + script: + - mvn cyclonedx:makeBom + artifacts: + when: always + paths: + - target/bom.json + +license-asciidoc: + image: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-license-tools + stage: asciidoc + script: + - licenseBom2Adoc --bom target/bom.json --adoc target/licenses.adoc + artifacts: + when: always + paths: + - target/licenses.adoc diff --git a/pipelines/update-version-pipeline.gitlab-ci.yml b/pipelines/update-version-pipeline.gitlab-ci.yml deleted file mode 100644 index 174b433..0000000 --- a/pipelines/update-version-pipeline.gitlab-ci.yml +++ /dev/null @@ -1,19 +0,0 @@ -stages: - - set-version - - push-tag-and-version - -include: - - local: 'set-version-template.gitlab-ci.yml' - - local: 'push-tag-and-version-template.gitlab-ci.yml' - -variables: - BUMP_VERSION: "major" - -increase-version: - stage: set-version - extends: .set-version - -push-tag-and-version: - stage: push-tag-and-version - extends: .push-tag-and-version - diff --git a/pipelines/update-version.gitlab-ci.yml b/pipelines/update-version.gitlab-ci.yml new file mode 100644 index 0000000..ca2d94a --- /dev/null +++ b/pipelines/update-version.gitlab-ci.yml @@ -0,0 +1,48 @@ +stages: + - set-version + - push-tag + +include: + - local: 'templates/releasing/set-version.gitlab-ci.yml' + +variables: + BUMP_VERSION: "major" + +increase-version: + extends: .set-version + +push-tag-and-branch: + stage: push-tag + image: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-ssh-tool:1.4.0 + rules: + - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH + - if: $CI_COMMIT_REF_NAME == 'Templates2.0' + before_script: + - setup-ssh + - echo $VERSION + - pull + script: + - git checkout -b RELEASE-$VERSION + - git push origin RELEASE-$VERSION $VERSION + +#I would like to use this. +#I think this could be more stable in the long run +#But it is not working: https://github.com/jdalrymple/gitbeaker/issues/2398 +#push-tag-and-branch: +# stage: push-tag +# image: node:lts-buster-slim +# variables: +# GITLAB_HOST: $CI_SERVER_URL +# CI_DEBUG_TRACE: "true" +# rules: +# - if: $CI_COMMIT_REF_NAME == 'Templates2.0' +# script: +# - echo "Create version $VERSION" +# - npm -g install @gitbeaker/cli +# - > +# NODE_EXTRA_CA_CERTS=$CI_SERVER_TLS_CA_FILE gitbeaker branches create +# --project-id $CI_PROJECT_ID +# --branch-name RELEASE-$VERSION +# --ref $CI_COMMIT_SHA +# --gb-job-token="$CI_JOB_TOKEN" +# - NODE_EXTRA_CA_CERTS=$CI_SERVER_TLS_CA_FILE gitbeaker tag create --project-id $CI_PROJECT_ID --tag-name $VERSION --ref $CI_COMMIT_SHA \ No newline at end of file diff --git a/release-template.gitlab-ci.yml b/release-template.gitlab-ci.yml deleted file mode 100644 index 229cd48..0000000 --- a/release-template.gitlab-ci.yml +++ /dev/null @@ -1,13 +0,0 @@ -.release-template: - stage: release - rules: - - if: '$CI_PIPELINE_SOURCE == "pipeline"' - when: never - - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH - when: manual - - when: never - variables: - PARENT_PIPELINE_ID: $CI_PIPELINE_ID - trigger: - include: release.gitlab-ci.yml - strategy: depend diff --git a/release.gitlab-ci.yml b/release.gitlab-ci.yml new file mode 100644 index 0000000..5ed7a80 --- /dev/null +++ b/release.gitlab-ci.yml @@ -0,0 +1,13 @@ +include: + - local: 'templates/releasing/set-version.gitlab-ci.yml' + - local: 'templates/releasing/release.gitlab-ci.yml' + +stages: + - set-version + +increase-version: + extends: .set-version + before_script: + - setup-ssh + variables: + TAG: "true" \ No newline at end of file diff --git a/ansible.gitlab-ci.yml b/templates/IaC/ansible.gitlab-ci.yml similarity index 100% rename from ansible.gitlab-ci.yml rename to templates/IaC/ansible.gitlab-ci.yml diff --git a/docker-compose-deploy.gitlab-ci.yml b/templates/IaC/docker-compose.gitlab-ci.yml similarity index 89% rename from docker-compose-deploy.gitlab-ci.yml rename to templates/IaC/docker-compose.gitlab-ci.yml index bd6983b..40df723 100644 --- a/docker-compose-deploy.gitlab-ci.yml +++ b/templates/IaC/docker-compose.gitlab-ci.yml @@ -26,3 +26,9 @@ script: - if [[ -n "$SCP_SOURCE" && -n "$SCP_DESTINATION" ]]; then scp -rp $SCP_SOURCE $SSH_USER@$SSH_URL:$SCP_DESTINATION; fi - DOCKER_HOST=ssh://$SSH_USER@$SSH_URL docker-compose $COMPOSE_EXTRA_ARGS up -d --remove-orphans + +.docker-compose-validate: + image: docker/compose:alpine-1.29.1 + stage: verify + script: + - docker-compose $COMPOSE_EXTRA_ARGS config diff --git a/ssh-transfer-data-template.gitlab-ci.yml b/templates/IaC/ssh-transfer-data.gitlab-ci.yml similarity index 100% rename from ssh-transfer-data-template.gitlab-ci.yml rename to templates/IaC/ssh-transfer-data.gitlab-ci.yml diff --git a/templates/common/common-ci-variablen.gitlab-ci.yml b/templates/common/common-ci-variablen.gitlab-ci.yml new file mode 100644 index 0000000..ac1bf81 --- /dev/null +++ b/templates/common/common-ci-variablen.gitlab-ci.yml @@ -0,0 +1,71 @@ +stages: + - dependencies + - build + - test + - documentation + - post-process + - send-mail + - release + + +cache: + key: "$CI_JOB_NAME" + paths: + # Cache Maven + - .m2/repository + # Cache NPM + - $FRONTEND_DIR/dist + # Cache Gradle + - .gradle + - build + +variables: + + ##NPM / Node Settings + NODE_IMAGE: + value: node:16-alpine3.15 + description: The node image that will be used from the CI. + + ##Global Variables we use in our CI scripts when using maven + MAVEN_IMAGE: + value: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-java-maven-base-image:java11-maven3.8.3_latest + description: The Maven image that will be used from the CI. + + MAVEN_OPTS: + value: > + -Dhttps.protocols=TLSv1.2 + -Dmaven.repo.local=$CI_PROJECT_DIR/.m2/repository + -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN + -Dorg.slf4j.simpleLogger.showDateTime=true + -Djava.awt.headless=true + description: "Additional options that are passed to Maven for faster/stable execution" + + MAVEN_CLI_OPTS: + value: > + --batch-mode + --errors + --fail-at-end + --show-version + -DinstallAtEnd=true + -DdeployAtEnd=true + description: "Additional options that are passed to Maven for faster/stable execution" + + ##Global Variables we use in our CI scripts when using Gradle + GRADLE_OPTS: + value: "-Dorg.gradle.daemon=false" + description: "Additional options that are passed to gradle for faster/stable execution" + + GRADLE_IMAGE: + value: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-java-maven-base-image:java11-maven3.8.3_latest + description: "Default Image to use in Gradle Jobs" + # Currently, we use the Maven image and use the Gradle Wrapper. This is slower but more compatible to your gradle scripts. + # Please Update your Gradle Wrapper from time to time. Use Renovate to automat that task. + + ##Set default directories for frontend and backend templates + FRONTEND_DIR: + value: $CI_PROJECT_DIR + description: "Default directories for the Frontend when having a frontend and a backend within your repo" + + BACKEND_DIR: + value: $CI_PROJECT_DIR + description: "Default directories for the Backend when having a frontend and a backend within your repo" diff --git a/templates/container/container-build.gitlab-ci.yml b/templates/container/container-build.gitlab-ci.yml new file mode 100644 index 0000000..33a776d --- /dev/null +++ b/templates/container/container-build.gitlab-ci.yml @@ -0,0 +1,37 @@ +.container-build-common: + stage: build + variables: + CONTEXT_LOCATION: $CI_PROJECT_DIR + EXTRA_ARGS: "" + artifacts: + paths: + - image.tar + +.container-build-jib-maven: + extends: .container-build-common + image: $MAVEN_IMAGE + script: + - cd $CONTEXT_LOCATION + - mvn $MAVEN_CLI_OPTS jib:buildTar -DskipTests $EXTRA_ARGS + +.container-build-jib-gradle: + extends: .container-build-common + image: $GRADLE_IMAGE + variables: + EXTRA_ARGS: $GRADLE_EXTRA_ARGS + script: + - cd $CONTEXT_LOCATION + - ./gradlew $GRADLE_CLI_OPTS jibBuildTar -DskipTests $EXTRA_ARGS + +.container-build-kaniko: + extends: .container-build-common + image: + name: gcr.io/kaniko-project/executor:v1.8.0-debug + entrypoint: [ "" ] + variables: + DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile + REGISTRY_MIRROR: --registry-mirror nexus.corp.exxcellent.de:18000 --skip-tls-verify-registry nexus.corp.exxcellent.de:18000 --skip-tls-verify + script: + - mkdir -p /kaniko/.docker + - echo "{\"auths\":{\"$DOCKER_REGISTRY\":{\"username\":\"$DOCKER_REGISTRY_USER\",\"password\":\"$DOCKER_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json + - /kaniko/executor --context $CONTEXT_LOCATION --dockerfile $DOCKERFILE_LOCATION --no-push --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA $EXTRA_ARGS $REGISTRY_MIRROR --tarPath image.tar diff --git a/templates/container/container-publish.gitlab-ci.yml b/templates/container/container-publish.gitlab-ci.yml new file mode 100644 index 0000000..b249aba --- /dev/null +++ b/templates/container/container-publish.gitlab-ci.yml @@ -0,0 +1,28 @@ +.container-publish: + stage: release + image: + name: quay.io/containers/skopeo:v1.5.2 + entrypoint: [ "" ] + variables: + CONTAINER_REGISTRY: $CI_REGISTRY_IMAGE + CONTAINER_REGISTRY_USER: $CI_REGISTRY_USER + CONTAINER_REGISTRY_PASSWORD: $CI_REGISTRY_PASSWORD + EXTRA_PATH: "" + rules: + - if: $CI_COMMIT_TAG + variables: + IMAGE_TAG: $CI_COMMIT_TAG + - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH + variables: + IMAGE_TAG: $CI_COMMIT_SHORT_SHA + EXTRA_PATH: "/snapshot" + - if: $CI_COMMIT_REF_NAME ~= "feat" + variables: + IMAGE_TAG: $CI_COMMIT_SHORT_SHA + EXTRA_PATH: "/feat/$CI_COMMIT_REF_NAME" + - when: never + script: + - skopeo login --username $CONTAINER_REGISTRY_USER --password $CONTAINER_REGISTRY_PASSWORD $CONTAINER_REGISTRY --tls-verify=false + - skopeo copy "docker-archive:image.tar" "docker://${CONTAINER_REGISTRY}${EXTRA_PATH}:${IMAGE_TAG}" --dest-tls-verify=false + +#TODO wir müssen noch den aktuell Tag bekommen damit wir den setzen können. (in default oder feat ausgeführt wird) \ No newline at end of file diff --git a/templates/container/container-scan.gitlab-ci.yml b/templates/container/container-scan.gitlab-ci.yml new file mode 100644 index 0000000..9fcf095 --- /dev/null +++ b/templates/container/container-scan.gitlab-ci.yml @@ -0,0 +1,19 @@ +.container-scan-trivy: + image: + name: docker.io/aquasec/trivy:0.24.2 + entrypoint: [ "" ] + stage: verify + variables: + IMAGE_PATH: $CI_PROJECT_DIR/image.tar + EXITCODE: 1 + TRIVY_EXTRA_ARGS: "--no-progress --ignore-unfixed --severity HIGH,CRITICAL --input image.tar" + cache: + paths: + - .trivycache/ + artifacts: + reports: + junit: junit-report.xml + script: + # Builds report and puts it in the default workdir $CI_PROJECT_DIR, so artifacts: can take it from there + - trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code 0 --format template --template "/contrib/junit.tpl" -o junit-report.xml + - trivy --cache-dir .trivycache/ image --timeout 15m $TRIVY_EXTRA_ARGS --exit-code $EXITCODE \ No newline at end of file diff --git a/tool-documentation.gitlab-ci.yml b/templates/documentations/documentation.gitlab-ci.yml similarity index 73% rename from tool-documentation.gitlab-ci.yml rename to templates/documentations/documentation.gitlab-ci.yml index 1b43490..362bf3d 100644 --- a/tool-documentation.gitlab-ci.yml +++ b/templates/documentations/documentation.gitlab-ci.yml @@ -1,4 +1,4 @@ -.documentation-tool-template: +.documentation-tool-common: image: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-documentation-tool:1.6.1 variables: REV_NUMBER: $CI_COMMIT_SHORT_SHA @@ -12,21 +12,23 @@ - generate --type html - generate --type pdf -.check_confluence_validity-template: - extends: .documentation-tool-template - stage: generate-docs +.documentation-ckeck-confluence-validity: + extends: .documentation-tool-common + stage: verify + needs: [] variables: OUTPUT_DIR: merge_requests - script: - - check-validity artifacts: paths: [ merge_requests/ ] rules: - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' + - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH + script: + - check-validity -.pages-template: - extends: .documentation-tool-template - stage: generate-docs +.documentation-publish: + extends: .documentation-tool-common + stage: documentation variables: OUTPUT_DIR: public script: diff --git a/gradle-build-template.gitlab-ci.yml b/templates/java/gradle/gradle-build.gitlab-ci.yml similarity index 51% rename from gradle-build-template.gitlab-ci.yml rename to templates/java/gradle/gradle-build.gitlab-ci.yml index 9cd44e8..4bec052 100644 --- a/gradle-build-template.gitlab-ci.yml +++ b/templates/java/gradle/gradle-build.gitlab-ci.yml @@ -2,7 +2,8 @@ stage: build image: $GRADLE_IMAGE script: - - "./gradlew --build-cache clean assemble $GRADLE_CLI_OPTS" + # todo increase version like maven set. OR Define Gradle skript to use ENV + - "./gradlew --build-cache assemble $GRADLE_CLI_OPTS" artifacts: expire_in: 2 weeks when: on_success diff --git a/templates/java/gradle/gradle-database-diff.gitlab-ci.yml b/templates/java/gradle/gradle-database-diff.gitlab-ci.yml new file mode 100644 index 0000000..194230c --- /dev/null +++ b/templates/java/gradle/gradle-database-diff.gitlab-ci.yml @@ -0,0 +1,13 @@ +include: + local: "templates/java/java-common-db.gitlab-ci.yml" + +.gradle-database-diff: + extends: + - .database-diff-common + image: $GRADLE_IMAGE + variables: + GRADLE_EXTRA_OPTS: "" + PATH_TO_DIFF: "build/db-diff.xml" + script: + - ./gradlew liquibase:update liquibase:diff $GRADLE_EXTRA_OPTS + diff --git a/gradle-test-template.gitlab-ci.yml b/templates/java/gradle/gradle-test.gitlab-ci.yml similarity index 92% rename from gradle-test-template.gitlab-ci.yml rename to templates/java/gradle/gradle-test.gitlab-ci.yml index ca83ff4..c1cb1e2 100644 --- a/gradle-test-template.gitlab-ci.yml +++ b/templates/java/gradle/gradle-test.gitlab-ci.yml @@ -1,6 +1,6 @@ .gradle-test: image: $GRADLE_IMAGE - stage: test + stage: verify script: - "./gradlew --build-cache test $GRADLE_CLI_OPTS" artifacts: diff --git a/templates/java/java-common-db.gitlab-ci.yml b/templates/java/java-common-db.gitlab-ci.yml new file mode 100644 index 0000000..ed3f9ba --- /dev/null +++ b/templates/java/java-common-db.gitlab-ci.yml @@ -0,0 +1,13 @@ +.database-diff-common: + stage: verify + artifacts: + when: on_failure + expire_in: 2 weeks + paths: + - $PATH_TO_DIFF + after_script: + - > + if grep -x '' $PATH_TO_DIFF; + then printf 'Found no Difference in DB-Diff.\n'; exit 0; + else printf 'DB-Diff has Found changes.\n'; exit 1; + fi diff --git a/maven-build-template.gitlab-ci.yml b/templates/java/maven/maven-build.gitlab-ci.yml similarity index 52% rename from maven-build-template.gitlab-ci.yml rename to templates/java/maven/maven-build.gitlab-ci.yml index 59c9c60..8887e24 100644 --- a/maven-build-template.gitlab-ci.yml +++ b/templates/java/maven/maven-build.gitlab-ci.yml @@ -1,6 +1,11 @@ .maven-build: stage: build image: $MAVEN_IMAGE + before_script: + - > + if [ "$CI_COMMIT_TAG" != "" ]; then + mvn $MVN_EXTRA_ARGS $MAVEN_CLI_OPTS versions:set -DnewVersion=$CI_COMMIT_TAG -DgenerateBackupPoms=false + fi script: - mvn $MAVEN_CLI_OPTS package -DskipTests artifacts: diff --git a/templates/java/maven/maven-database-diff.gitlab-ci.yml b/templates/java/maven/maven-database-diff.gitlab-ci.yml new file mode 100644 index 0000000..b6487ad --- /dev/null +++ b/templates/java/maven/maven-database-diff.gitlab-ci.yml @@ -0,0 +1,12 @@ +include: + local: "templates/java/java-common-db.gitlab-ci.yml" + +.maven-database-diff: + extends: + - .database-diff-common + image: $MAVEN_IMAGE + variables: + MAVEN_EXTRA_OPTS: "" + PATH_TO_DIFF: "target/db-diff.xml" + script: + - mvn compile liquibase:update liquibase:diff $MAVEN_EXTRA_OPTS diff --git a/maven-dependencies-template.gitlab-ci.yml b/templates/java/maven/maven-dependencies.gitlab-ci.yml similarity index 100% rename from maven-dependencies-template.gitlab-ci.yml rename to templates/java/maven/maven-dependencies.gitlab-ci.yml diff --git a/maven-verify-template.gitlab-ci.yml b/templates/java/maven/maven-verify.gitlab-ci.yml similarity index 93% rename from maven-verify-template.gitlab-ci.yml rename to templates/java/maven/maven-verify.gitlab-ci.yml index db37363..1208c67 100644 --- a/maven-verify-template.gitlab-ci.yml +++ b/templates/java/maven/maven-verify.gitlab-ci.yml @@ -1,6 +1,6 @@ .maven-test: image: $MAVEN_IMAGE - stage: test + stage: verify script: - mvn $MAVEN_CLI_OPTS verify artifacts: diff --git a/npm-build-template.gitlab-ci.yml b/templates/npm/npm-build.gitlab-ci.yml similarity index 50% rename from npm-build-template.gitlab-ci.yml rename to templates/npm/npm-build.gitlab-ci.yml index faa159c..f0d9f17 100644 --- a/npm-build-template.gitlab-ci.yml +++ b/templates/npm/npm-build.gitlab-ci.yml @@ -1,6 +1,13 @@ .npm-build: image: $NODE_IMAGE stage: build + before_script: + #Todo this needs Testing!! + - > + if [ "$CI_COMMIT_TAG" != "" ]; then + npm --no-git-tag-version version from-git + fi + #Testing END script: - npm install - npm run build diff --git a/npm-dependencies-template.gitlab-ci.yml b/templates/npm/npm-dependencies.gitlab-ci.yml similarity index 100% rename from npm-dependencies-template.gitlab-ci.yml rename to templates/npm/npm-dependencies.gitlab-ci.yml diff --git a/npm-lint-template.gitlab-ci.yml b/templates/npm/npm-lint.gitlab-ci.yml similarity index 93% rename from npm-lint-template.gitlab-ci.yml rename to templates/npm/npm-lint.gitlab-ci.yml index f9562b2..dccfd49 100644 --- a/npm-lint-template.gitlab-ci.yml +++ b/templates/npm/npm-lint.gitlab-ci.yml @@ -1,6 +1,6 @@ .npm-lint: image: $NODE_IMAGE - stage: test + stage: verify before_script: script: - npm install -g eslint diff --git a/npm-test-template.gitlab-ci.yml b/templates/npm/npm-test.gitlab-ci.yml similarity index 89% rename from npm-test-template.gitlab-ci.yml rename to templates/npm/npm-test.gitlab-ci.yml index 34d4948..f97a62b 100644 --- a/npm-test-template.gitlab-ci.yml +++ b/templates/npm/npm-test.gitlab-ci.yml @@ -1,6 +1,6 @@ .npm-test: image: $NODE_IMAGE - stage: test + stage: verify before_script: - npm install -g rimraf karma script: diff --git a/mail-template.gitlab-ci.yml b/templates/releasing/mail.gitlab-ci.yml similarity index 94% rename from mail-template.gitlab-ci.yml rename to templates/releasing/mail.gitlab-ci.yml index 318e944..1a749f5 100644 --- a/mail-template.gitlab-ci.yml +++ b/templates/releasing/mail.gitlab-ci.yml @@ -1,4 +1,4 @@ -.send-mail: +.mail-send: image: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-mail-tool:1.1.0 stage: send-mail variables: diff --git a/push-tag-and-version-template.gitlab-ci.yml b/templates/releasing/push-tag-and-version.gitlab-ci.yml similarity index 84% rename from push-tag-and-version-template.gitlab-ci.yml rename to templates/releasing/push-tag-and-version.gitlab-ci.yml index a04a546..9b9afe1 100644 --- a/push-tag-and-version-template.gitlab-ci.yml +++ b/templates/releasing/push-tag-and-version.gitlab-ci.yml @@ -8,8 +8,10 @@ before_script: - setup-ssh script: - - export VERSION="0.0.0" - - "[ -f ./$ARTIFACT ] && export VERSION=$(cat ./$ARTIFACT)" + - | + if [ -z ${VERSION+x} ]; then + [ -f ./$ARTIFACT ] && export VERSION=$(cat ./$ARTIFACT); + fi - echo $VERSION - pull - echo $VERSION > $ARTIFACT @@ -20,3 +22,4 @@ mvn $MVN_EXTRA_ARGS $MAVEN_CLI_OPTS package fi - push $VERSION + diff --git a/templates/releasing/release-gitlab.gitlab-ci.yml b/templates/releasing/release-gitlab.gitlab-ci.yml new file mode 100644 index 0000000..f144885 --- /dev/null +++ b/templates/releasing/release-gitlab.gitlab-ci.yml @@ -0,0 +1,15 @@ +.release-create-gitlab: + stage: release + image: registry.gitlab.com/gitlab-org/release-cli:v0.11.0 + rules: + - if: $CI_COMMIT_TAG + script: + - echo "running release_job" + - echo $DESCRIPTION + variables: + ADDITIONAL_CA_CERT_BUNDLE: $CI_SERVER_TLS_CA_FILE + release: + name: 'Release $CI_COMMIT_TAG' + description: "$DESCRIPTION" + tag_name: '$CI_COMMIT_TAG' + ref: '$CI_COMMIT_TAG' diff --git a/templates/releasing/release.gitlab-ci.yml b/templates/releasing/release.gitlab-ci.yml new file mode 100644 index 0000000..f93d284 --- /dev/null +++ b/templates/releasing/release.gitlab-ci.yml @@ -0,0 +1,33 @@ +.release-common: + stage: release + variables: + PARENT_PIPELINE_ID: $CI_PIPELINE_ID + trigger: + include: release.gitlab-ci.yml + strategy: depend + +.release-default: + extends: .release-common + rules: + # Do not create Release Job when the job was triggered in a manual job + # This is so depending triggers can run successfully. + - if: '$CI_PIPELINE_SOURCE == "pipeline"' + when: never + - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH + when: manual + - if: $CI_COMMIT_REF_NAME == 'Templates2.0' + when: manual + #Do not make releases available in TAG CIs + - if: $CI_COMMIT_TAG + when: never + - when: never + +.release-release-branch: + extends: .release-common + rules: + - if: $CI_COMMIT_REF_NAME =~ 'RELEASE' + when: manual + #Do not make releases available in TAG CIs + - if: $CI_COMMIT_TAG + when: never + - when: never diff --git a/set-version-template.gitlab-ci.yml b/templates/releasing/set-version.gitlab-ci.yml similarity index 67% rename from set-version-template.gitlab-ci.yml rename to templates/releasing/set-version.gitlab-ci.yml index bff6dc6..8d88049 100644 --- a/set-version-template.gitlab-ci.yml +++ b/templates/releasing/set-version.gitlab-ci.yml @@ -4,12 +4,15 @@ variables: BUMP_VERSION: "major" PREFIX: "" - OUTPUT: version + OUTPUT: "version.env" SIMPLIFY: "false" TAG: "false" MODE: "next_version" script: - increase-version + - echo "VERSION=$(cat $OUTPUT)" > $OUTPUT + - cat $OUTPUT artifacts: - paths: - - $OUTPUT + reports: + dotenv: + - $OUTPUT diff --git a/templates/static-analysis/license.gitlab-ci.yml b/templates/static-analysis/license.gitlab-ci.yml new file mode 100644 index 0000000..dc04fd8 --- /dev/null +++ b/templates/static-analysis/license.gitlab-ci.yml @@ -0,0 +1,11 @@ +.license-license: + stage: verify + rules: + - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH + - if: $CI_COMMIT_REF_NAME =~ "RELEASE" + - if: $CI_COMMIT_REF_NAME == "Templates2.0" + - when: never + needs: [] + trigger: + include: license.gitlab-ci.yml + strategy: depend \ No newline at end of file diff --git a/repo-cve-scan.gitlab-ci.yml b/templates/static-analysis/repo-cve-scan-trivy.gitlab-ci.yml similarity index 95% rename from repo-cve-scan.gitlab-ci.yml rename to templates/static-analysis/repo-cve-scan-trivy.gitlab-ci.yml index f1b5dd3..e0b6bc6 100644 --- a/repo-cve-scan.gitlab-ci.yml +++ b/templates/static-analysis/repo-cve-scan-trivy.gitlab-ci.yml @@ -1,13 +1,13 @@ -.repo_cve_scan: +.repo-cve-scan-trivy: image: name: docker.io/aquasec/trivy:0.25.1 entrypoint: [ "" ] - stage: test + stage: verify needs: [] variables: + SCAN_PATH: "." EXITCODE: 1 TRIVY_EXTRA_ARGS: "--no-progress --ignore-unfixed --severity HIGH,CRITICAL" - SCAN_PATH: "." cache: paths: - .trivycache/ diff --git a/tool-sonar7.gitlab-ci.yml b/templates/static-analysis/sonar.gitlab-ci.yml similarity index 96% rename from tool-sonar7.gitlab-ci.yml rename to templates/static-analysis/sonar.gitlab-ci.yml index c5fbc24..3e4b881 100644 --- a/tool-sonar7.gitlab-ci.yml +++ b/templates/static-analysis/sonar.gitlab-ci.yml @@ -1,5 +1,5 @@ .sonar-template-common: - stage: test + stage: verify variables: SONAR_HOST_URL: http://sonar7.exxcellent.de/sonar7 SONAR_PROJECT_KEY: "" @@ -9,7 +9,7 @@ SONAR_QUERY_MAX_ATTEMPTS_BUILD_BREAKER: "30" SONAR_QUERY_INTERVAL_BUILD_BREAKER: "10000" -.sonar-template: +.sonar-maven: extends: .sonar-template-common image: $MAVEN_IMAGE script: @@ -23,7 +23,7 @@ "-Dsonar.buildbreaker.queryMaxAttempts=$SONAR_QUERY_MAX_ATTEMPTS_BUILD_BREAKER" "-Dsonar.buildbreaker.queryInterval=$SONAR_QUERY_INTERVAL_BUILD_BREAKER" -.sonar-template-gradle: +.sonar-gradle: extends: .sonar-template-common image: $GRADLE_IMAGE script: