From ecdbe054096b169f124d84431421a0ea7c3051ea Mon Sep 17 00:00:00 2001 From: mfeix Date: Thu, 12 Aug 2021 09:50:55 +0200 Subject: [PATCH 1/2] feat(Gradle): Add Gradle Templates --- STD-variablen-Template.gitlab-ci.yml | 18 +++++++++++-- container-publish.gitlab-ci.yml | 20 ++++++++++++++ container-scan.gitlab-ci.yml | 27 +++++++++++++++++-- .../chapters/generalInformation.adoc | 5 ++-- .../templates/gradle-build-template.adoc | 17 ++++++++++++ .../templates/gradle-test-template.adoc | 17 ++++++++++++ gradle-build-template.gitlab-ci.yml | 10 +++++++ gradle-test-template.gitlab-ci.yml | 10 +++++++ 8 files changed, 118 insertions(+), 6 deletions(-) create mode 100644 documentation/chapters/templates/gradle-build-template.adoc create mode 100644 documentation/chapters/templates/gradle-test-template.adoc create mode 100644 gradle-build-template.gitlab-ci.yml create mode 100644 gradle-test-template.gitlab-ci.yml diff --git a/STD-variablen-Template.gitlab-ci.yml b/STD-variablen-Template.gitlab-ci.yml index 8ad409a..cd74e5d 100644 --- a/STD-variablen-Template.gitlab-ci.yml +++ b/STD-variablen-Template.gitlab-ci.yml @@ -7,14 +7,22 @@ stages: - post-process - package + cache: key: "$CI_JOB_NAME" paths: + # Cache Maven - .m2/repository - - $FRONTEND_DIR/ + # Cache NPM + - $FRONTEND_DIR/dist + # Cache Gradle + - .gradle + - build variables: CI_REGISTRY: gitlab.exxcellent.de:4567 + + ##Global Variables we use in our CI scripts when using maven MAVEN_IMAGE: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-java-maven-base-image:java11-maven3.8.1_latest MAVEN_OPTS: > -Dhttps.protocols=TLSv1.2 @@ -29,5 +37,11 @@ variables: --show-version -DinstallAtEnd=true -DdeployAtEnd=true - SONAR_PROJECT_KEY: de.exxcellent.bwfps.csapp:csapp-middleware + + ##Global Variables we use in our CI scripts when using Gradle + GRADLE_OPTS: "-Dorg.gradle.daemon=false" + GRADLE_IMAGE: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-java-maven-base-image:java11-maven3.8.1_latest + # Currently we use the Maven image and use the Gradle Wrapper. This is slower but saver at the moment + + ##Some npm script use this. Its usefull for Monorepos FRONTEND_DIR: $CI_PROJECT_DIR \ No newline at end of file diff --git a/container-publish.gitlab-ci.yml b/container-publish.gitlab-ci.yml index c7ad8fb..e058d29 100644 --- a/container-publish.gitlab-ci.yml +++ b/container-publish.gitlab-ci.yml @@ -21,6 +21,26 @@ "-Djib.to.auth.username=$DOCKER_REGISTRY_USER" "-Djib.to.auth.password=$DOCKER_REGISTRY_PASSWORD" +.publish-image-jib-gradle: + image: $MAVEN_IMAGE + stage: package + rules: + - if: $CI_COMMIT_TAG + variables: + DOCKER_REGISTRY: $CI_REGISTRY_IMAGE + DOCKER_REGISTRY_USER: $CI_REGISTRY_USER + DOCKER_REGISTRY_PASSWORD: $CI_REGISTRY_PASSWORD + before_script: + - export PARSED_VERSION=$(echo $CI_COMMIT_TAG | sed -r 's/\+/_/g') # Replace + sign since this is not valid in a docker tag + - export IMAGE_NAME=$CI_REGISTRY_IMAGE:$PARSED_VERSION + script: + - echo $PARSED_VERSION + - gradlew jib + "-DskipTests" + "-Djib.to.image=$DOCKER_REGISTRY:$PARSED_VERSION" + "-Djib.to.auth.username=$DOCKER_REGISTRY_USER" + "-Djib.to.auth.password=$DOCKER_REGISTRY_PASSWORD" + .publish-image-kaniko: image: name: gcr.io/kaniko-project/executor:v1.6.0-debug diff --git a/container-scan.gitlab-ci.yml b/container-scan.gitlab-ci.yml index 93107e7..e058c43 100644 --- a/container-scan.gitlab-ci.yml +++ b/container-scan.gitlab-ci.yml @@ -2,7 +2,7 @@ image: $MAVEN_IMAGE stage: test variables: - TRIVY_VERSION: 0.18.3 + TRIVY_VERSION: 0.19.2 EXITCODE: 1 TRIVY_EXTRA_ARGS: "--no-progress --auto-refresh --ignore-unfixed" before_script: @@ -19,13 +19,36 @@ reports: junit: junit-report.xml +.scan-container-jib-gradle: + image: $GRADLE_IMAGE + stage: test + variables: + TRIVY_VERSION: 0.19.2 + EXITCODE: 1 + PROJECT_DIR: $CI_PROJECT_DIR/build + TRIVY_EXTRA_ARGS: "--no-progress --auto-refresh --ignore-unfixed" + before_script: + - export GRADLE_USER_HOME=`pwd`/.gradle + - curl -L "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" --output trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz + - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz + script: + - ./gradlew jibBuildTar -DskipTests + - ./trivy --cache-dir .trivycache/ $TRIVY_EXTRA_ARGS --exit-code 0 --cache-dir .trivycache/ --severity HIGH,CRITICAL --no-progress --format template --template "@contrib/junit.tpl" -o junit-report.xml --input $PROJECT_DIR/jib-image.tar + - ./trivy --cache-dir .trivycache/ $TRIVY_EXTRA_ARGS --exit-code $EXITCODE --cache-dir .trivycache/ --severity HIGH,CRITICAL --no-progress --input $PROJECT_DIR/jib-image.tar + cache: + paths: + - .trivycache/ + artifacts: + reports: + junit: junit-report.xml + .scan-container-kaniko: stage: test image: name: gcr.io/kaniko-project/executor:debug entrypoint: [ "" ] variables: - TRIVY_VERSION: 0.18.3 + TRIVY_VERSION: 0.19.2 PROJECT_DIR: $CI_PROJECT_DIR DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile CONTEXT_LOCATION: $CI_PROJECT_DIR diff --git a/documentation/chapters/generalInformation.adoc b/documentation/chapters/generalInformation.adoc index 4b137ee..9056a70 100644 --- a/documentation/chapters/generalInformation.adoc +++ b/documentation/chapters/generalInformation.adoc @@ -6,7 +6,8 @@ In dieser Repository sind Templates und Pipeline-Templates zu finden. Templates sind vorgefertigte Jobs die jeweils einen Use-Case abbilden sollen und direkt importiert werde können. -Da eine CI jedoch aus Pipelines besteht und Gitlab die Möglichkeit Multiprojekt- und child-Pipelines zu benutzen werden hier auch vorgefertigte bereit gestellt. Diese Pipeline-Templates bilden komplexere Use-Cases ab. +Da eine CI jedoch aus Pipelines besteht und Gitlab die Möglichkeit Multiprojekt- und child-Pipelines zu benutzen werden hier auch vorgefertigte bereit gestellt. +Diese Pipeline-Templates bilden komplexere Use-Cases ab. Pipelines sind in dem dafür vorgesehenen Pipeline Ordner zu finden. == Wie können Templates benutzt werden @@ -24,7 +25,7 @@ stages: include: - project: 'gilden/ci/gitlab-ci-templates' - ref: 'master' + ref: '1.0.0' file: - 'maven-build-template.gitlab-ci.yml' - 'maven-dependencies-template.gitlab-ci.yml' diff --git a/documentation/chapters/templates/gradle-build-template.adoc b/documentation/chapters/templates/gradle-build-template.adoc new file mode 100644 index 0000000..b78d27e --- /dev/null +++ b/documentation/chapters/templates/gradle-build-template.adoc @@ -0,0 +1,17 @@ +:sourcedir: ../../../ + += Gradle-build-template + +Diese Template läd die Dependencies herunter und das Projekt. +Die Ergebnisse werden als Artifact gespeichert. + +.Variables +|=== +|Name |Description | Default Value +|=== + +.gradle-build-template +[source,yaml] +---- +include::{sourcedir}/gradle-build-template.gitlab-ci.yml[] +---- \ No newline at end of file diff --git a/documentation/chapters/templates/gradle-test-template.adoc b/documentation/chapters/templates/gradle-test-template.adoc new file mode 100644 index 0000000..b192c09 --- /dev/null +++ b/documentation/chapters/templates/gradle-test-template.adoc @@ -0,0 +1,17 @@ +:sourcedir: ../../../ + += Gradle-test-template + +Dieses Template startet den Test Task in gradle. +Die Ergebnisse werden als Artifact gespeichert. + +.Variables +|=== +|Name |Description | Default Value +|=== + +.gradle-build-template +[source,yaml] +---- +include::{sourcedir}/gradle-test-template.gitlab-ci.yml[] +---- \ No newline at end of file diff --git a/gradle-build-template.gitlab-ci.yml b/gradle-build-template.gitlab-ci.yml new file mode 100644 index 0000000..ac944ef --- /dev/null +++ b/gradle-build-template.gitlab-ci.yml @@ -0,0 +1,10 @@ +.gradle-build: + stage: build + image: $GRADLE_IMAGE + script: + - "./gradlew --build-cache clean assemble" + artifacts: + expire_in: 2 weeks + when: on_success + paths: + - "**/build" \ No newline at end of file diff --git a/gradle-test-template.gitlab-ci.yml b/gradle-test-template.gitlab-ci.yml new file mode 100644 index 0000000..9115033 --- /dev/null +++ b/gradle-test-template.gitlab-ci.yml @@ -0,0 +1,10 @@ +.gradle-test: + image: $GRADLE_IMAGE + stage: test + script: + - "./gradlew --build-cache test" + artifacts: + expire_in: 2 weeks + reports: + junit: + - "**/build/test-results/**/TEST-*.xml" From d3dc92659d601ed99d4a5dcfef83f922678123d8 Mon Sep 17 00:00:00 2001 From: mfeix Date: Mon, 16 Aug 2021 11:26:46 +0200 Subject: [PATCH 2/2] feat(Gradle): Corrections from Merg request review. Added Documentation Correct Image to Jib --- container-publish.gitlab-ci.yml | 2 +- documentation/document.adoc | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/container-publish.gitlab-ci.yml b/container-publish.gitlab-ci.yml index e058d29..f1b53ec 100644 --- a/container-publish.gitlab-ci.yml +++ b/container-publish.gitlab-ci.yml @@ -22,7 +22,7 @@ "-Djib.to.auth.password=$DOCKER_REGISTRY_PASSWORD" .publish-image-jib-gradle: - image: $MAVEN_IMAGE + image: $GRADLE_IMAGE stage: package rules: - if: $CI_COMMIT_TAG diff --git a/documentation/document.adoc b/documentation/document.adoc index 34b91ee..07d96a5 100644 --- a/documentation/document.adoc +++ b/documentation/document.adoc @@ -41,7 +41,6 @@ include::chapters/templates/container-scan.adoc[leveloffset=2] include::chapters/templates/docker-compose-validate.adoc[leveloffset=2] include::chapters/templates/docker-compose-deploy.adoc[leveloffset=2] - == Versionierungs Templates Im folgende sind erweiterte Templates zu finden für das https://gitlab.exxcellent.de/gilden/ci/exxcellent-increase-version-tool[Increase-Version-Tool] der CI Gilde. @@ -71,6 +70,14 @@ include::chapters/templates/maven-dependencies-template.adoc[leveloffset=2] include::chapters/templates/maven-build-template.adoc[leveloffset=2] include::chapters/templates/maven-verify-template.adoc[leveloffset=2] +== Gradle Templates + +Aktuell gehen wir davon das der Gradle Wrapper in dem Projekt vorhanden ist. +Sollte dieser noch nicht vorhanden sein kann er mit dem Befehl `gradle wrapper` erstellt werden. + +include::chapters/templates/gradle-build-template.adoc[leveloffset=2] +include::chapters/templates/gradle-test-template.adoc[leveloffset=2] + == weitere Gilden-Tools include::chapters/templates/tool-sonar7.adoc[leveloffset=2]