Klagarge/MSE-CyberSec-DevSecOps
1
0
Fork 0
Code Issues Pull Requests Releases Activity
Files
9aa5b93e7d014d46b4e5c1f932603ca789219cd6
MSE-CyberSec-DevSecOps/.gitlab-ci.yml
Klagarge 6c56c4cf3b refactor(ci): merge some jobs on same stage 
Signed-off-by: Klagarge <remi@heredero.ch>
2025-04-15 22:00:26 +02:00

106 lines
2.5 KiB
YAML
Raw Blame History

variables:
DOCKER_IMAGE_TEST: registry.forge.hefr.ch/klagarge/mse2425-grp09/python-pdm:latest
DOCKER_IMAGE_APP: registry.forge.hefr.ch/klagarge/mse2425-grp09/devsecops-app:latest
default:
image: $DOCKER_IMAGE_TEST
stages:
- build-docker
- lint
- test
.setup_env: &setup_env
before_script:
- cd src
- cp -r /app/__pypackages__ .
- export "PYTHONPATH=/builds/Klagarge/mse2425-grp09/src:/builds/Klagarge/mse2425-grp09/src/__pypackages__/3.9/lib"
- export "PATH=/builds/Klagarge/mse2425-grp09/src/__pypackages__/3.9/bin:$PATH"
- export "FLASK_APP=app"
test job:
stage: test
<<: *setup_env
script:
# Set environment variables for the tests
- export FLASK_SECRET_KEY=$FLASK_SECRET_KEY
# launch tests
- pdm run pytest tests --cov --cov-report term --cov-report html
artifacts:
paths:
- src/htmlcov/
lint job:
stage: lint
<<: *setup_env
dependencies: []
script:
- pdm run flake8 --config=../tox.ini
allow_failure: true # Linter can fail, fixing it is for now outside of the projects scope
pages:
stage: test
dependencies:
- test job
needs: ["test job"]
script:
- mv src/htmlcov/ public/
artifacts:
paths:
- public
expire_in: 7 days
only:
- main
# This job runs only when Dockerfile changes
docker-build-test:
image: docker:latest
stage: build-docker
services:
- docker:dind
script:
- docker build -t $DOCKER_IMAGE_TEST -f Dockerfile .
- echo $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
- docker push $DOCKER_IMAGE_TEST
rules:
- if: $GITLAB_CI == 'false' # Only run in GitLab CI
when: never
- changes:
- Dockerfile
- src/pyproject.toml
- src/pdm.lock
docker-build-app:
image: docker:latest
stage: build-docker
services:
- docker:dind
script:
- docker build -t $DOCKER_IMAGE_APP -f src/Dockerfile .
- echo $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
- docker push $DOCKER_IMAGE_APP
include:
- template: Jobs/SAST.gitlab-ci.yml
dast:
stage: test
image: ghcr.io/zaproxy/zaproxy:stable
services:
- name: $DOCKER_IMAGE_APP
alias: app
script:
- echo "Waiting for the app to start on http://app:5000"
- timeout 60 bash -c 'until curl -s http://app:5000; do echo "Waiting..."; sleep 3; done'
- zap-full-scan.py -t http://app:5000 -I
gitleaks:
stage: test
image:
name: zricethezav/gitleaks:latest
entrypoint: [""]
script:
- gitleaks dir -v --redact=75 .
Reference in New Issue View Git Blame Copy Permalink