feat(ci): add Dockerfile and update CI configuration for DAST
Signed-off-by: Klagarge <remi@heredero.ch>
This commit is contained in:
@@ -1,14 +1,18 @@
|
||||
variables:
|
||||
DOCKER_IMAGE: registry.forge.hefr.ch/klagarge/mse2425-grp09/python-pdm:latest
|
||||
DOCKER_IMAGE_TEST: registry.forge.hefr.ch/klagarge/mse2425-grp09/python-pdm:latest
|
||||
DOCKER_IMAGE_APP: registry.forge.hefr.ch/klagarge/mse2425-grp09/devsecops-app:latest
|
||||
APP_PORT: 5000
|
||||
TARGET_URL: "http://app:${APP_PORT}"
|
||||
|
||||
default:
|
||||
image: $DOCKER_IMAGE
|
||||
image: $DOCKER_IMAGE_TEST
|
||||
|
||||
stages:
|
||||
- build-docker
|
||||
- build-docker-test
|
||||
- build-docker-app
|
||||
- lint
|
||||
- test
|
||||
- dast job
|
||||
- dast
|
||||
|
||||
.setup_env: &setup_env
|
||||
before_script:
|
||||
@@ -55,15 +59,15 @@ pages:
|
||||
- main
|
||||
|
||||
# This job runs only when Dockerfile changes
|
||||
docker-build:
|
||||
docker-build-test:
|
||||
image: docker:latest
|
||||
stage: build-docker
|
||||
stage: build-docker-test
|
||||
services:
|
||||
- docker:dind
|
||||
script:
|
||||
- docker build -t $DOCKER_IMAGE -f Dockerfile .
|
||||
- docker build -t $DOCKER_IMAGE_TEST -f Dockerfile .
|
||||
- echo $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
|
||||
- docker push $DOCKER_IMAGE
|
||||
- docker push $DOCKER_IMAGE_TEST
|
||||
rules:
|
||||
- if: $GITLAB_CI == 'false' # Only run in GitLab CI
|
||||
when: never
|
||||
@@ -72,13 +76,37 @@ docker-build:
|
||||
- src/pyproject.toml
|
||||
- src/pdm.lock
|
||||
|
||||
docker-build-app:
|
||||
image: docker:latest
|
||||
stage: build-docker-app
|
||||
services:
|
||||
- docker:dind
|
||||
script:
|
||||
- docker build -t $DOCKER_IMAGE_APP -f src/Dockerfile .
|
||||
- echo $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
|
||||
- docker push $DOCKER_IMAGE_APP
|
||||
|
||||
include:
|
||||
- template: Jobs/SAST.gitlab-ci.yml
|
||||
- template: DAST.gitlab-ci.yml
|
||||
# - template: DAST.gitlab-ci.yml
|
||||
|
||||
dast:
|
||||
stage: dast job
|
||||
dast_configuration:
|
||||
site_profile: "dast-site-profile-devsecops-mse"
|
||||
scanner_profile: "dast-scanner-profile-devsecops-mse"
|
||||
#dast-ci:
|
||||
# stage: dast
|
||||
# dast_configuration:
|
||||
# site_profile: "dast-site-profile-devsecops-mse"
|
||||
# scanner_profile: "dast-scanner-profile-devsecops-mse"
|
||||
#services:
|
||||
# - name: $DOCKER_IMAGE_APP
|
||||
# alias: app
|
||||
|
||||
dast-local:
|
||||
stage: dast
|
||||
image: ghcr.io/zaproxy/zaproxy:stable
|
||||
services:
|
||||
- name: $DOCKER_IMAGE_APP
|
||||
alias: app
|
||||
script:
|
||||
- echo "Waiting for the app to start on http://app:5000"
|
||||
- timeout 60 bash -c 'until curl -s http://app:5000; do echo "Waiting..."; sleep 3; done'
|
||||
- zap-full-scan.py -t http://app:5000 -I
|
||||
allow_failure: true # Allow failure for DAST job (because GitLab is not well configured and network didn't work)
|
||||
Reference in New Issue
Block a user