From 08c53927deb4bc9602ea08eee7d3baeee6d11086 Mon Sep 17 00:00:00 2001 From: Miles Smith Date: Sun, 2 Jan 2022 18:33:18 -0800 Subject: [PATCH 1/8] chore: ci fixes --- .gitlab-ci.yml | 3 +++ README.md | 3 +++ 2 files changed, 6 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 9b53332..1b594fc 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -31,6 +31,9 @@ Build: stage: build before_script: *gopre needs: [] + rules: + - if: $CI_MERGE_REQUEST_EVENT_TYPE == 'merge_train' || $CI_MERGE_REQUEST_EVENT_TYPE == 'merged_result' + when: always script: - mkdir -p $GOPATH/src/$(dirname $REPO_NAME) - ln -svf $CI_PROJECT_DIR $GOPATH/src/$REPO_NAME diff --git a/README.md b/README.md index 765c078..4d1dec4 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,8 @@ # EDA Core +[![pipeline status](https://gitlab.com/elite-data-agency/core/badges/main/pipeline.svg)](https://gitlab.com/elite-data-agency/core/-/commits/main) +[![coverage report](https://gitlab.com/elite-data-agency/core/badges/main/coverage.svg)](https://gitlab.com/elite-data-agency/core/-/commits/main) + The core of EDA is the data ingestion and projection methods. This system consumes data from multiple sources and projects them into various formats and datastores for later consumption. -- GitLab From 5a0b77b4e37803f20b8f4513bae143763bb5d03a Mon Sep 17 00:00:00 2001 From: Miles Smith Date: Sun, 2 Jan 2022 18:34:26 -0800 Subject: [PATCH 2/8] chore: ci fixes --- .gitlab-ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1b594fc..72986d7 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -17,6 +17,9 @@ stages: Test: stage: test needs: [] + rules: + - if: $CI_MERGE_REQUEST_EVENT_TYPE == 'merge_train' || $CI_MERGE_REQUEST_EVENT_TYPE == 'merged_result' + when: always before_script: &gopre - mkdir -p $GOPATH/src/$(dirname $REPO_NAME) - ln -svf $CI_PROJECT_DIR $GOPATH/src/$REPO_NAME -- GitLab From 1a467308d20a0ec5091ae2d624e50a6e885ffdf3 Mon Sep 17 00:00:00 2001 From: Miles Smith Date: Sun, 2 Jan 2022 18:39:10 -0800 Subject: [PATCH 3/8] feat(ci): enable security features --- .gitlab-ci.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 72986d7..d6dc540 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -8,6 +8,12 @@ image: golang:1.17 variables: REPO_NAME: gitlab.com/elite-data-agency/core +include: + - template: Security/SAST.gitlab-ci.yml + - template: Security/Dependency-Scanning.gitlab-ci.yml + - template: Security/Container-Scanning.gitlab-ci.yml + - template: Security/Secret-Detection.gitlab-ci.yml + stages: - test - build -- GitLab From 81068258f409f0f00f1c60befc906fa1ada88e8f Mon Sep 17 00:00:00 2001 From: Miles Smith Date: Sun, 2 Jan 2022 18:43:07 -0800 Subject: [PATCH 4/8] fix(ci): Added license scanning --- .gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d6dc540..2e3cde1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -13,6 +13,7 @@ include: - template: Security/Dependency-Scanning.gitlab-ci.yml - template: Security/Container-Scanning.gitlab-ci.yml - template: Security/Secret-Detection.gitlab-ci.yml + - template: Security/License-Scanning.gitlab-ci.yml stages: - test -- GitLab From 9351409617575f6005756b5329a92d374da6b887 Mon Sep 17 00:00:00 2001 From: Miles Smith Date: Sun, 2 Jan 2022 18:57:14 -0800 Subject: [PATCH 5/8] chore(ci): reorganized ci jobs --- .gitlab-ci.yml | 39 +++++++++++++++++++++++++++++++++------ 1 file changed, 33 insertions(+), 6 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2e3cde1..11c2357 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -14,6 +14,7 @@ include: - template: Security/Container-Scanning.gitlab-ci.yml - template: Security/Secret-Detection.gitlab-ci.yml - template: Security/License-Scanning.gitlab-ci.yml + - template: Kaniko.gitlab-ci.yml stages: - test @@ -21,12 +22,40 @@ stages: - deploy - release -Test: +# Overrides for templates + +semgrep-sast: stage: test - needs: [] - rules: + rules: &merge_requests - if: $CI_MERGE_REQUEST_EVENT_TYPE == 'merge_train' || $CI_MERGE_REQUEST_EVENT_TYPE == 'merged_result' when: always + +gosec-sast: + stage: test + rules: *merge_requests + +secret_detection: + stage: test + rules: *merge_requests + +gemnasium-dependency_scanning: + stage: test + rules: *merge_requests + +license_scanning: + stage: test + rules: *merge_requests + +container_scanning: + stage: test + rules: *merge_requests + + + +Test: + stage: test + needs: [] + rules: *merge_requests before_script: &gopre - mkdir -p $GOPATH/src/$(dirname $REPO_NAME) - ln -svf $CI_PROJECT_DIR $GOPATH/src/$REPO_NAME @@ -41,9 +70,7 @@ Build: stage: build before_script: *gopre needs: [] - rules: - - if: $CI_MERGE_REQUEST_EVENT_TYPE == 'merge_train' || $CI_MERGE_REQUEST_EVENT_TYPE == 'merged_result' - when: always + rules: *merge_requests script: - mkdir -p $GOPATH/src/$(dirname $REPO_NAME) - ln -svf $CI_PROJECT_DIR $GOPATH/src/$REPO_NAME -- GitLab From 527e8c48a6f1706c4a9bdf52ed2d4426d2095da2 Mon Sep 17 00:00:00 2001 From: Miles Smith Date: Sun, 2 Jan 2022 19:05:15 -0800 Subject: [PATCH 6/8] fix(ci): updated ci orders --- .gitlab-ci.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 11c2357..dec2b2d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -17,8 +17,8 @@ include: - template: Kaniko.gitlab-ci.yml stages: - - test - build + - test - deploy - release @@ -30,6 +30,9 @@ semgrep-sast: - if: $CI_MERGE_REQUEST_EVENT_TYPE == 'merge_train' || $CI_MERGE_REQUEST_EVENT_TYPE == 'merged_result' when: always +kaniko-build: + rules: *merge_requests + gosec-sast: stage: test rules: *merge_requests -- GitLab From 96f950f718f1be69238b4020d33021c3dd0c14c5 Mon Sep 17 00:00:00 2001 From: Miles Smith Date: Sun, 2 Jan 2022 19:57:33 -0800 Subject: [PATCH 7/8] fix(ci): Updated CI for docker builds --- .gitlab-ci.yml | 52 ++++++++++++++++++++++++++++---------------------- 1 file changed, 29 insertions(+), 23 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index dec2b2d..28d9ddb 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -14,7 +14,6 @@ include: - template: Security/Container-Scanning.gitlab-ci.yml - template: Security/Secret-Detection.gitlab-ci.yml - template: Security/License-Scanning.gitlab-ci.yml - - template: Kaniko.gitlab-ci.yml stages: - build @@ -30,9 +29,6 @@ semgrep-sast: - if: $CI_MERGE_REQUEST_EVENT_TYPE == 'merge_train' || $CI_MERGE_REQUEST_EVENT_TYPE == 'merged_result' when: always -kaniko-build: - rules: *merge_requests - gosec-sast: stage: test rules: *merge_requests @@ -52,10 +48,36 @@ license_scanning: container_scanning: stage: test rules: *merge_requests + variables: + DOCKER_IMAGE: $CI_REGISTRY_IMAGE +kaniko-build: + stage: build + rules: + - if: $CI_MERGE_REQUEST_EVENT_TYPE == 'merge_train' || $CI_MERGE_REQUEST_EVENT_TYPE == 'merged_result' + variables: + DOCKER_IMAGE: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA + when: always + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH + variables: + DOCKER_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA + - if: $CI_COMMIT_TAG + variables: + DOCKER_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG + image: + name: gcr.io/kaniko-project/executor:debug + entrypoint: [""] + script: + - mkdir -p /kaniko/.docker + - echo "{\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json + - >- + /kaniko/executor + --context "${CI_PROJECT_DIR}" + --dockerfile "${CI_PROJECT_DIR}/Dockerfile" + --destination "${DOCKER_IMAGE}" -Test: +test: stage: test needs: [] rules: *merge_requests @@ -69,7 +91,7 @@ Test: - go vet $(go list ./... | grep -v /vendor/) - go test -race $(go list ./... | grep -v /vendor/) -Build: +build: stage: build before_script: *gopre needs: [] @@ -84,23 +106,7 @@ Build: paths: - 'bin/*' -Docker Image: - stage: build - image: - name: gcr.io/kaniko-project/executor:debug - entrypoint: [""] - script: - - mkdir -p /kaniko/.docker - - echo "{\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json - - >- - /kaniko/executor - --context "${CI_PROJECT_DIR}" - --dockerfile "${CI_PROJECT_DIR}/Dockerfile" - --destination "${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}" - rules: - - if: $CI_COMMIT_TAG - -Release: +release: image: node:16 stage: release rules: -- GitLab From 86a35ee7cfe9f90a393fa7e5da54ace8924ebd39 Mon Sep 17 00:00:00 2001 From: Miles Smith Date: Sun, 2 Jan 2022 20:04:49 -0800 Subject: [PATCH 8/8] fix(ci): Updated CI for docker builds --- .gitlab-ci.yml | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 28d9ddb..591c410 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -47,12 +47,22 @@ license_scanning: container_scanning: stage: test - rules: *merge_requests - variables: - DOCKER_IMAGE: $CI_REGISTRY_IMAGE + rules: + - if: $CI_MERGE_REQUEST_EVENT_TYPE == 'merge_train' || $CI_MERGE_REQUEST_EVENT_TYPE == 'merged_result' + variables: + DOCKER_IMAGE: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA + when: always + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH + variables: + DOCKER_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA + when: always + - if: $CI_COMMIT_TAG + variables: + DOCKER_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG + when: always -kaniko-build: +container-build: stage: build rules: - if: $CI_MERGE_REQUEST_EVENT_TYPE == 'merge_train' || $CI_MERGE_REQUEST_EVENT_TYPE == 'merged_result' @@ -62,9 +72,11 @@ kaniko-build: - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH variables: DOCKER_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA + when: always - if: $CI_COMMIT_TAG variables: DOCKER_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG + when: always image: name: gcr.io/kaniko-project/executor:debug entrypoint: [""] -- GitLab