From 5d029b85c03444edadf720e71fcd029efe39076e Mon Sep 17 00:00:00 2001 From: Tristan Date: Fri, 12 May 2023 12:59:26 +0200 Subject: [PATCH 01/58] chore: create nginx.conf --- nginx/config/default/nginx.conf | 178 ++++++++++++++++++++++++++++++++ 1 file changed, 178 insertions(+) create mode 100644 nginx/config/default/nginx.conf diff --git a/nginx/config/default/nginx.conf b/nginx/config/default/nginx.conf new file mode 100644 index 0000000..1c3d24c --- /dev/null +++ b/nginx/config/default/nginx.conf @@ -0,0 +1,178 @@ +#load_module modules/ngx_http_modsecurity_module.so; + +user nginx; +daemon off; +pid /tmp/nginx-tmp/nginx.pid; +error_log stderr notice; +include /etc/nginx/modules-enabled/*.conf; + +worker_processes auto; +worker_rlimit_nofile 65535; + +events { + # multi_accept: on; # use when: lots of connections, no reuseport. + worker_connections 65535; + use epoll; +} + +http { + # Nginx WAF with ModSecurity, using OWASP CoreRuleSet as default github.com/coreruleset/coreruleset + #modsecurity on; + #modsecurity_rules_file /etc/nginx/modsec/main.conf; + # Use our request ids instead of generating them within ModSecurity + #modsecurity_transaction_id "$http_x_request_id"; + + real_ip_header X-Forwarded-For; + real_ip_recursive on; + + charset utf-8; + sendfile on; + tcp_nopush on; + tcp_nodelay on; + server_tokens off; + server_name_in_redirect on; + + log_not_found off; + types_hash_max_size 2048; + types_hash_bucket_size 64; + variables_hash_max_size 2048; + variables_hash_bucket_size 64; + # server_names_hash_bucket_size 64; + + client_max_body_size 2M; + client_body_buffer_size 256k; + client_body_in_file_only off; + + client_body_temp_path "/tmp/nginx-tmp/client_body" 1 2; + proxy_temp_path "/tmp/nginx-tmp/proxy_temp" 1 2; + fastcgi_temp_path "/tmp/nginx-tmp/fastcgi_temp" 1 2; + scgi_temp_path "/tmp/nginx-tmp/scgi_temp" 1 2; + uwsgi_temp_path "/tmp/nginx-tmp/uwsgi_temp" 1 2; + + log_format main '$time_iso8601 - $remote_addr - "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'; + access_log /dev/stdout main; + + # Disable autoindex and symlink traversal by default. + autoindex off; + disable_symlinks on; + + # MIME + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # SSL Settings + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + # Gzip + gzip on; + # gzip_vary on; + # gzip_proxied any; + gzip_comp_level 1; + gzip_min_length 2048; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + gzip_types text/plain text/css text/xml application/json application/javascript application/xml application/rss+xml application/atom+xml image/svg+xml; + + # Security headers + # add_header Content-Security-Policy "default-src 'self'"; + # add_header Cross-Origin-Embedder-Policy "require-corp"; + # add_header Cross-Origin-Opener-Policy "same-origin"; + # add_header Cross-Origin-Resource-Policy "same-origin"; + # add_header X-Content-Type-Options "nosniff"; + # add_header X-DNS-Prefetch-Control "on"; + # add_header X-Download-Options "noopen"; + # add_header X-Frame-Options "SAMEORIGIN"; + # add_header X-XSS-Protection "0"; + + map $status $status_text { + 400 'Bad Request'; + 401 'Unauthorized'; + 402 'Payment Required'; + 403 'Forbidden'; + 404 'Not Found'; + 405 'Method Not Allowed'; + 406 'Not Acceptable'; + 407 'Proxy Authentication Required'; + 408 'Request Timeout'; + 409 'Conflict'; + 410 'Gone'; + 411 'Length Required'; + 412 'Precondition Failed'; + 413 'Payload Too Large'; + 414 'URI Too Long'; + 415 'Unsupported Media Type'; + 416 'Range Not Satisfiable'; + 417 'Expectation Failed'; + 418 'I\'m a teapot'; + 421 'Misdirected Request'; + 422 'Unprocessable Entity'; + 423 'Locked'; + 424 'Failed Dependency'; + 425 'Too Early'; + 426 'Upgrade Required'; + 428 'Precondition Required'; + 429 'Too Many Requests'; + 431 'Request Header Fields Too Large'; + 451 'Unavailable For Legal Reasons'; + 500 'Internal Server Error'; + 501 'Not Implemented'; + 502 'Bad Gateway'; + 503 'Service Unavailable'; + 504 'Gateway Timeout'; + 505 'HTTP Version Not Supported'; + 506 'Variant Also Negotiates'; + 507 'Insufficient Storage'; + 508 'Loop Detected'; + 510 'Not Extended'; + 511 'Network Authentication Required'; + default 'Unknown Error'; + } + + map $status $status_description { + 400 'The server cannot or will not process the request due to something that is perceived to be a client error'; + 401 'The client must authenticate itself to get the requested response'; + 402 'The request cannot be processed until the client makes a payment'; + 403 'The client does not have access rights to the content'; + 404 'The server can not find the requested resource'; + 405 'The request method is known by the server but is not supported by the target resource'; + 406 'The server cannot produce a response matching the list of acceptable values defined in the request\'s proactive content negotiation headers'; + 407 'The request has not been applied because it lacks valid authentication credentials for a proxy server that is between the browser and the server that can access the requested resource'; + 408 'The server would like to shut down this connection'; + 409 'Request conflict with the current state of the target resource'; + 410 'The requested content has been permanently deleted from server'; + 411 'The server rejected the request because the Content-Length header field is not defined and the server requires it'; + 412 'The client has indicated preconditions in its headers which the server does not meet'; + 413 'The request entity is larger than limits defined by server'; + 414 'The URI requested by the client is longer than the server is willing to interpret'; + 415 'The media format of the requested data is not supported by the server'; + 416 'The range specified by the Range header field in the request cannot be fulfilled'; + 417 'The expectation indicated by the Expect request header field cannot be met by the server'; + 418 'The server refuses the attempt to brew coffee with a teapot'; + 421 'The request was directed at a server that is not able to produce a response'; + 422 'The request was well-formed but was unable to be followed due to semantic errors'; + 423 'The resource that is being accessed is locked'; + 424 'The request failed due to failure of a previous request'; + 425 'the server is unwilling to risk processing a request that might be replayed'; + 426 'The server refuses to perform the request using the current protocol but might be willing to do so after the client upgrades to a different protocol'; + 428 'The origin server requires the request to be conditional'; + 429 'The user has sent too many requests in a given amount of time'; + 431 'The server is unwilling to process the request because its header fields are too large'; + 451 'The user agent requested a resource that cannot legally be provided'; + 500 'The server has encountered a situation it does not know how to handle'; + 501 'The request method is not supported by the server and cannot be handled'; + 502 'The server, while working as a gateway to get a response needed to handle the request, got an invalid response'; + 503 'The server is not ready to handle the request. Common causes are a server that is down for maintenance or that is overloaded'; + 504 'The server is acting as a gateway and cannot get a response in time'; + 505 'The HTTP version used in the request is not supported by the server'; + 506 'The server has an internal configuration error: the chosen variant resource is configured to engage in transparent content negotiation itself, and is therefore not a proper end point in the negotiation process'; + 507 'The method could not be performed on the resource because the server is unable to store the representation needed to successfully complete the request'; + 508 'The server detected an infinite loop while processing the request'; + 510 'Further extensions to the request are required for the server to fulfill it'; + 511 'The client needs to authenticate to gain network access'; + default 'It\'s an error'; + } + + # Load configs + include /etc/nginx/config/*.conf; +} \ No newline at end of file -- GitLab From e94daa58621360187bfb667ffdd99f77104a444c Mon Sep 17 00:00:00 2001 From: Tristan Date: Fri, 12 May 2023 12:59:45 +0200 Subject: [PATCH 02/58] chore: create default.conf --- nginx/config/default/default.conf | 47 +++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 nginx/config/default/default.conf diff --git a/nginx/config/default/default.conf b/nginx/config/default/default.conf new file mode 100644 index 0000000..83f6a6e --- /dev/null +++ b/nginx/config/default/default.conf @@ -0,0 +1,47 @@ +server { + listen *:8080 default_server reuseport; # Cannot be a privileged port (like 80 or 443) as the master process is not root. + server_name _; + + location / { + return 444; + } +} + +server { + listen *:8080; + server_name localhost; + + /root /usr/share/nginx/html; + + error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 /error.html; + + location /error.html { + internal; + ssi on; + auth_basic off; + alias /usr/share/nginx/html/error.html; + } + + # Deny . files not part of a path containing .well-known + location ~ /\.(?!well-known) { + deny all; + } + + # Default to denying paths not explicitly whitelisted + location / { + deny all; + } + + location = / {} + location = /index.html {} + location = /robots.txt {} + location = /security.txt {} + location = /favicon.ico {} + # Nginx Metrics Endpoint + location = /.nginx/metrics { + access_log off; + stub_status on; + deny all; + allow 127.0.0.1; + } +} \ No newline at end of file -- GitLab From 4f354b2d56c2d8b2ef933923d75f9c142b4e7cb0 Mon Sep 17 00:00:00 2001 From: Tristan Date: Fri, 12 May 2023 13:00:14 +0200 Subject: [PATCH 03/58] chore: create example config --- nginx/config/templates/example.conf | 39 +++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 nginx/config/templates/example.conf diff --git a/nginx/config/templates/example.conf b/nginx/config/templates/example.conf new file mode 100644 index 0000000..f6f5543 --- /dev/null +++ b/nginx/config/templates/example.conf @@ -0,0 +1,39 @@ +server { + listen *:8080; # Cannot be a privileged port (like 80 or 443) as the master process is not root + server_name _; + + /root /usr/share/nginx/html; + + error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 /error.html; + + location /error.html { + internal; + ssi on; + auth_basic off; + alias /usr/share/nginx/html/error.html; + } + + # Non-exhaustive header list + add_header Expect-CT "enforce, max-age: 604800" always; + add_header Via "$server_protocol nginx-mainline-example" always; + add_header X-Frame-Options "DENY" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + + # Deny . files not part of a path containing .well-known + location ~ /\.(?!well-known) { + deny all; + } + + # Default to denying paths not explicitly whitelisted + location / { + deny all; + } + + location = / {} + location = /index.html {} + location = /robots.txt {} + location = /security.txt {} + location = /favicon.ico {} + +} \ No newline at end of file -- GitLab From 34cb0f62b4d8e47557940811e4d1ff452977393b Mon Sep 17 00:00:00 2001 From: Tristan Date: Fri, 12 May 2023 13:00:39 +0200 Subject: [PATCH 04/58] feat: create default html page --- nginx/www/html/50x.html | 50 +++++++++++++++++++++++++++++++++++++ nginx/www/html/index.html | 49 ++++++++++++++++++++++++++++++++++++ nginx/www/html/robots.txt | 2 ++ nginx/www/html/security.txt | 11 ++++++++ 4 files changed, 112 insertions(+) create mode 100644 nginx/www/html/50x.html create mode 100644 nginx/www/html/index.html create mode 100644 nginx/www/html/robots.txt create mode 100644 nginx/www/html/security.txt diff --git a/nginx/www/html/50x.html b/nginx/www/html/50x.html new file mode 100644 index 0000000..435f1c1 --- /dev/null +++ b/nginx/www/html/50x.html @@ -0,0 +1,50 @@ + + + + Error + + + + + + +
+

An error occurred. That's all we know.

+

Sorry, the page you are looking for is currently unavailable. Please try again later. This is the default error page.

+
+ + \ No newline at end of file diff --git a/nginx/www/html/index.html b/nginx/www/html/index.html new file mode 100644 index 0000000..022cec7 --- /dev/null +++ b/nginx/www/html/index.html @@ -0,0 +1,49 @@ + + + + Welcome to nginx! + + + + + + + +

Welcome to nginx!

+

If you see this page, the nginx web server deployment is successfully installed and working.

+

Please create a config for your site in the /etc/nginx/config folder to disable the welcome page.

+

For online documentation and installation help please refer to the Git repository: GitLab or these mirrors: git.tnet.moe, GitHub. +
+ + \ No newline at end of file diff --git a/nginx/www/html/robots.txt b/nginx/www/html/robots.txt new file mode 100644 index 0000000..77470cb --- /dev/null +++ b/nginx/www/html/robots.txt @@ -0,0 +1,2 @@ +User-agent: * +Disallow: / \ No newline at end of file diff --git a/nginx/www/html/security.txt b/nginx/www/html/security.txt new file mode 100644 index 0000000..ffb31dd --- /dev/null +++ b/nginx/www/html/security.txt @@ -0,0 +1,11 @@ +# Updated-At: 2023-05-11T03:11:00.000Z +Contact: mailto:security@tnet.moe +Contact: mailto:oss@tnet.moe +Expires: 2024-01-01T00:01:00.000Z +Encryption: https://security.tnet.moe/encryption/pgp-key.txt +Acknowledgments: https://security.tnet.moe/acknowledgments +Preferred-Languages: en +Canonical: https://security.tnet.moe/security.txt +Policy: https://security.tnet.moe/policy +Policy: https://security.tnet.moe/policy.txt +Hiring: https://security.tnet.moe/jobs \ No newline at end of file -- GitLab From 776b45c39b59598150fa2f05effcb2488740956b Mon Sep 17 00:00:00 2001 From: Tristan Date: Fri, 12 May 2023 13:02:50 +0200 Subject: [PATCH 05/58] feat: create dynamic error page --- nginx/www/error/error.html | 103 +++++++++++++++++++++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100644 nginx/www/error/error.html diff --git a/nginx/www/error/error.html b/nginx/www/error/error.html new file mode 100644 index 0000000..e1b37c4 --- /dev/null +++ b/nginx/www/error/error.html @@ -0,0 +1,103 @@ + + + + + + <!--# echo var="status_code" default="Error" --> - <!--# echo var="host" default="" --> + + + + +

+

: . That's an error.

+

. That's all we know.

+
+
+
+

Debug information (click to copy)

+

/

+
+ + \ No newline at end of file -- GitLab From 254b0139992dd8c1971e0f37c5d09c3fef2eb7b1 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sat, 13 May 2023 22:38:59 +0200 Subject: [PATCH 06/58] build(Docker): create debian Dockerfile --- images/nginx/debian/Dockerfile | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 images/nginx/debian/Dockerfile diff --git a/images/nginx/debian/Dockerfile b/images/nginx/debian/Dockerfile new file mode 100644 index 0000000..6930257 --- /dev/null +++ b/images/nginx/debian/Dockerfile @@ -0,0 +1,20 @@ +ARG NGINX_VERSION +ARG NGINX_BRANCH +FROM nginxinc/nginx-unprivileged:${NGINX_VERSION}-${NGINX_BRANCH}-bullseye + +LABEL maintainer="TNET OSS " + +ARG NGINX_VERSION +ENV IMAGE_VERSION="$NGINX_VERSION" +LABEL version="$NGINX_VERSION" + +# Modify default nginx. +RUN ["rm -rf", "/etc/nginx/nginx.conf", "/etc/nginx/conf.d", "/usr/share/nginx/html"] +COPY ["../nginx/nginx.conf", "/etc/nginx/nginx.conf"] +COPY ["../nginx/config/config", "/etc/nginx/config"] +COPY ["../nginx/www/welcome.html", "/usr/share/nginx/html/index.html"] +COPY ["../nginx/www/", "/usr/share/nginx/html/security.txt", "/usr/share/nginx/html/robots.txt"] + +STOPSIGNAL SIGQUIT +USER nginx +CMD ["nginx", "-g", "daemon off;"] \ No newline at end of file -- GitLab From e030082474b756033577dc4f9449babb23e624a8 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sat, 13 May 2023 22:59:31 +0200 Subject: [PATCH 07/58] chore(ci): create gitlab ci config --- .gitlab-ci.yml | 29 +++++++++++ images/nginx/nginx.gitlab-ci.yml | 88 ++++++++++++++++++++++++++++++++ 2 files changed, 117 insertions(+) create mode 100644 .gitlab-ci.yml create mode 100644 images/nginx/nginx.gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..f012491 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,29 @@ +#IMPORTANT: DOCKERFILE_PATH is not needed because we cd into each subdirectory build. This also means Dockerfile +# commands that reference local files (e.g. COPY) must use relative paths to the same directory where the Dockerfile +# is stored. + +variables: + DEBIAN_DISTRO: debian + NGINX_STABLE_VERSION: "1.24" + NGINX_MAINLINE_VERSION: "1.23.4" + NGINX_STABLE_BRANCH: stable + NGINX_MAINLINE_BRANCH: mainline + +.nginx: &nginx + trigger: + include: 'images/nginx/nginx.gitlab-ci.yml' + strategy: depend + +Debian Nginx Stable: + <<: *nginx + variables: + DISTRO: ${DEBIAN_DISTRO} + NGINX_VERSION: ${NGINX_STABLE_VERSION} + NGINX_BRANCH: ${NGINX_STABLE_BRANCH} + +Debian Nginx Mainline: + <<: *nginx + variables: + DISTRO: ${DEBIAN_DISTRO} + NGINX_VERSION: ${NGINX_MAINLINE_VERSION} + NGINX_BRANCH: ${NGINX_MAINLINE_BRANCH} diff --git a/images/nginx/nginx.gitlab-ci.yml b/images/nginx/nginx.gitlab-ci.yml new file mode 100644 index 0000000..4501fa1 --- /dev/null +++ b/images/nginx/nginx.gitlab-ci.yml @@ -0,0 +1,88 @@ +stages: + - build + - test + - publish + - dast + +.docker_build: &docker_build + image: docker:latest + stage: build + services: + - docker:dind + tags: + - docker + before_script: + - docker info + - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTR} + - export BASE_TAG="build-${CI_COMMIT_REF_NAME}-${CI_PIPELINE_CREATED_AT}-${NGINX_VERSION}-${NGINX_BRANCH}" + script: + - docker build . -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} -f ./images/${DISTRO}/Dockerfile \ + --build-arg NGINX_VERSION=${NGINX_VERSION} \ + --build-arg NGINX_BRANCH=${NGINX_BRANCH} + - docker push ${CI_REGISTRY_IMAGE}:${BASE_TAG} + +.docker_publish: &docker_push + image: docker:latest + stage: publish + services: + - docker:dind + tags: + - docker + dependencies: + - build + before_script: + - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTRY} + - export IMAGE=${CI_REGISTRY_IMAGE}:${BASE_TAG} + - docker pull ${IMAGE} + +Docker Build: + <<: *docker_build + +Docker Publish: + <<: *docker_publish + only: + - main + script: + - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_BRANCH}-${DISTRO} + - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO} + - docker push $CI_REGISTRY_IMAGE --all-tags + +Docker Publish Stable Tags: + <<: *docker_publish + only: + - main + rules: + - if: ${DISTRO} == "debian" + - if: ${NGINX_BRANCH} == "stable" + script: + - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:nginx + - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION} + - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_BRANCH} + - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${DISTRO} + - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION}-${NGINX_BRANCH} + - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION}-${DISTRO} + - docker push $CI_REGISTRY_IMAGE --all-tags + +Docker Publish Mainline Tags: + <<: *docker_publish + only: + - main + rules: + - if: ${DISTRO} == "debian" + - if: ${NGINX_BRANCH} == "mainline" + script: + - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_BRANCH} + - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION}-${NGINX_BRANCH} + - docker push $CI_REGISTRY_IMAGE --all-tags + +include: + - template: Jobs/Code-Quality.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml + - template: Jobs/Code-Intelligence.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Code-Intelligence.gitlab-ci.yml + - template: Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml + - template: Jobs/Browser-Performance-Testing.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.gitlab-ci.yml + - template: Security/DAST.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml + - template: Jobs/Container-Scanning.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml + - template: Jobs/Dependency-Scanning.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml + - template: Jobs/License-Scanning.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml + - template: Jobs/SAST.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml + - template: Jobs/Secret-Detection.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml \ No newline at end of file -- GitLab From c02e45abfeb9c6838a7109bc3ddad455f58d955c Mon Sep 17 00:00:00 2001 From: Tristan Date: Sat, 13 May 2023 23:09:14 +0200 Subject: [PATCH 08/58] fix(ci): fix yaml syntax error --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f012491..d7d5ca2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -11,7 +11,7 @@ variables: .nginx: &nginx trigger: - include: 'images/nginx/nginx.gitlab-ci.yml' + include: '/images/nginx/nginx.gitlab-ci.yml' strategy: depend Debian Nginx Stable: -- GitLab From e4afb33f9205a8980350afbe36666a64a736fcac Mon Sep 17 00:00:00 2001 From: Tristan Date: Sat, 13 May 2023 23:14:45 +0200 Subject: [PATCH 09/58] fix(ci): try 2; make it an array? --- .gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d7d5ca2..925be3e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -11,7 +11,8 @@ variables: .nginx: &nginx trigger: - include: '/images/nginx/nginx.gitlab-ci.yml' + include: + - '/images/nginx/nginx.gitlab-ci.yml' strategy: depend Debian Nginx Stable: -- GitLab From fcd8cbe95ed4db814788e3fbeaa3d0daf07c8bcf Mon Sep 17 00:00:00 2001 From: Tristan Date: Sat, 13 May 2023 23:41:47 +0200 Subject: [PATCH 10/58] chore(ci): shouldn't be an array --- .gitlab-ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 925be3e..3e05e7f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -10,9 +10,11 @@ variables: NGINX_MAINLINE_BRANCH: mainline .nginx: &nginx + trigger: + include: '/images/nginx/nginx.gitlab-ci.yml' + strategy: depend trigger: include: - - '/images/nginx/nginx.gitlab-ci.yml' strategy: depend Debian Nginx Stable: -- GitLab From ebdb393abfcc1a377971432dc16bc10d0df292af Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 00:05:21 +0200 Subject: [PATCH 11/58] chore(ci): remove duplicate trigger --- .gitlab-ci.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3e05e7f..d7d5ca2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -13,9 +13,6 @@ variables: trigger: include: '/images/nginx/nginx.gitlab-ci.yml' strategy: depend - trigger: - include: - strategy: depend Debian Nginx Stable: <<: *nginx -- GitLab From 82ec8cfcadf50897fb3a324781de7b37f1054bd3 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 00:29:49 +0200 Subject: [PATCH 12/58] fix(ci): try 3; no anchor? --- .gitlab-ci.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d7d5ca2..ab9e2c8 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -9,20 +9,19 @@ variables: NGINX_STABLE_BRANCH: stable NGINX_MAINLINE_BRANCH: mainline -.nginx: &nginx +Debian Nginx Stable: trigger: include: '/images/nginx/nginx.gitlab-ci.yml' strategy: depend - -Debian Nginx Stable: - <<: *nginx variables: DISTRO: ${DEBIAN_DISTRO} NGINX_VERSION: ${NGINX_STABLE_VERSION} NGINX_BRANCH: ${NGINX_STABLE_BRANCH} Debian Nginx Mainline: - <<: *nginx + trigger: + include: '/images/nginx/nginx.gitlab-ci.yml' + strategy: depend variables: DISTRO: ${DEBIAN_DISTRO} NGINX_VERSION: ${NGINX_MAINLINE_VERSION} -- GitLab From 4540c4e1ee704af70e579a9dca8d65a3c445b83d Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 00:32:24 +0200 Subject: [PATCH 13/58] fix(ci): try 4; no dir depth? --- .gitlab-ci.yml | 4 ++-- images/nginx/nginx.gitlab-ci.yml => nginx.gitlab-ci.yml | 0 2 files changed, 2 insertions(+), 2 deletions(-) rename images/nginx/nginx.gitlab-ci.yml => nginx.gitlab-ci.yml (100%) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ab9e2c8..99d6013 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -11,7 +11,7 @@ variables: Debian Nginx Stable: trigger: - include: '/images/nginx/nginx.gitlab-ci.yml' + include: 'nginx.gitlab-ci.yml' strategy: depend variables: DISTRO: ${DEBIAN_DISTRO} @@ -20,7 +20,7 @@ Debian Nginx Stable: Debian Nginx Mainline: trigger: - include: '/images/nginx/nginx.gitlab-ci.yml' + include: 'nginx.gitlab-ci.yml' strategy: depend variables: DISTRO: ${DEBIAN_DISTRO} diff --git a/images/nginx/nginx.gitlab-ci.yml b/nginx.gitlab-ci.yml similarity index 100% rename from images/nginx/nginx.gitlab-ci.yml rename to nginx.gitlab-ci.yml -- GitLab From 08fc056354875e0d757e0c6d408c4ebf8e26ac82 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 00:33:19 +0200 Subject: [PATCH 14/58] Revert "fix(ci): try 4; no dir depth?" This reverts commit 4540c4e1ee704af70e579a9dca8d65a3c445b83d. --- .gitlab-ci.yml | 4 ++-- nginx.gitlab-ci.yml => images/nginx/nginx.gitlab-ci.yml | 0 2 files changed, 2 insertions(+), 2 deletions(-) rename nginx.gitlab-ci.yml => images/nginx/nginx.gitlab-ci.yml (100%) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 99d6013..ab9e2c8 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -11,7 +11,7 @@ variables: Debian Nginx Stable: trigger: - include: 'nginx.gitlab-ci.yml' + include: '/images/nginx/nginx.gitlab-ci.yml' strategy: depend variables: DISTRO: ${DEBIAN_DISTRO} @@ -20,7 +20,7 @@ Debian Nginx Stable: Debian Nginx Mainline: trigger: - include: 'nginx.gitlab-ci.yml' + include: '/images/nginx/nginx.gitlab-ci.yml' strategy: depend variables: DISTRO: ${DEBIAN_DISTRO} diff --git a/nginx.gitlab-ci.yml b/images/nginx/nginx.gitlab-ci.yml similarity index 100% rename from nginx.gitlab-ci.yml rename to images/nginx/nginx.gitlab-ci.yml -- GitLab From ac0bc1b54c75384c9b986c1195743ebcf153cb28 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 00:37:44 +0200 Subject: [PATCH 15/58] fix(ci): fix yml syntax error --- images/nginx/nginx.gitlab-ci.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/images/nginx/nginx.gitlab-ci.yml b/images/nginx/nginx.gitlab-ci.yml index 4501fa1..46cdb0d 100644 --- a/images/nginx/nginx.gitlab-ci.yml +++ b/images/nginx/nginx.gitlab-ci.yml @@ -16,9 +16,7 @@ stages: - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTR} - export BASE_TAG="build-${CI_COMMIT_REF_NAME}-${CI_PIPELINE_CREATED_AT}-${NGINX_VERSION}-${NGINX_BRANCH}" script: - - docker build . -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} -f ./images/${DISTRO}/Dockerfile \ - --build-arg NGINX_VERSION=${NGINX_VERSION} \ - --build-arg NGINX_BRANCH=${NGINX_BRANCH} + - docker build . -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} -f ./images/${DISTRO}/Dockerfile --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} - docker push ${CI_REGISTRY_IMAGE}:${BASE_TAG} .docker_publish: &docker_push -- GitLab From e441237c9562210cbd5e49c524d6ad0403d4b950 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 00:40:39 +0200 Subject: [PATCH 16/58] Revert "fix(ci): try 3; no anchor?" This reverts commit 82ec8cfcadf50897fb3a324781de7b37f1054bd3. --- .gitlab-ci.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ab9e2c8..d7d5ca2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -9,19 +9,20 @@ variables: NGINX_STABLE_BRANCH: stable NGINX_MAINLINE_BRANCH: mainline -Debian Nginx Stable: +.nginx: &nginx trigger: include: '/images/nginx/nginx.gitlab-ci.yml' strategy: depend + +Debian Nginx Stable: + <<: *nginx variables: DISTRO: ${DEBIAN_DISTRO} NGINX_VERSION: ${NGINX_STABLE_VERSION} NGINX_BRANCH: ${NGINX_STABLE_BRANCH} Debian Nginx Mainline: - trigger: - include: '/images/nginx/nginx.gitlab-ci.yml' - strategy: depend + <<: *nginx variables: DISTRO: ${DEBIAN_DISTRO} NGINX_VERSION: ${NGINX_MAINLINE_VERSION} -- GitLab From 17db13c424eacc41f305ef4edc62ed6a4f503b50 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 01:08:39 +0200 Subject: [PATCH 17/58] fic(ci): fix yml sytax error. fr this time... --- images/nginx/nginx.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/nginx/nginx.gitlab-ci.yml b/images/nginx/nginx.gitlab-ci.yml index 46cdb0d..e0c4383 100644 --- a/images/nginx/nginx.gitlab-ci.yml +++ b/images/nginx/nginx.gitlab-ci.yml @@ -19,7 +19,7 @@ stages: - docker build . -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} -f ./images/${DISTRO}/Dockerfile --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} - docker push ${CI_REGISTRY_IMAGE}:${BASE_TAG} -.docker_publish: &docker_push +.docker_publish: &docker_publish image: docker:latest stage: publish services: -- GitLab From b716b72d55776b141160683af5e716853efb8692 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 01:55:08 +0200 Subject: [PATCH 18/58] fix(ci): fix rules yml syntax error --- images/nginx/nginx.gitlab-ci.yml | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/images/nginx/nginx.gitlab-ci.yml b/images/nginx/nginx.gitlab-ci.yml index e0c4383..e679607 100644 --- a/images/nginx/nginx.gitlab-ci.yml +++ b/images/nginx/nginx.gitlab-ci.yml @@ -47,11 +47,10 @@ Docker Publish: Docker Publish Stable Tags: <<: *docker_publish - only: - - main rules: - - if: ${DISTRO} == "debian" - - if: ${NGINX_BRANCH} == "stable" + - if: $CI_COMMIT_REF_NAME == "main" + - if: $DISTRO == "debian" + - if: $NGINX_BRANCH == "stable" script: - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:nginx - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION} @@ -63,11 +62,10 @@ Docker Publish Stable Tags: Docker Publish Mainline Tags: <<: *docker_publish - only: - - main rules: - - if: ${DISTRO} == "debian" - - if: ${NGINX_BRANCH} == "mainline" + - if: $CI_COMMIT_REF_NAME == "main" + - if: $DISTRO == "debian" + - if: $NGINX_BRANCH == "mainline" script: - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_BRANCH} - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION}-${NGINX_BRANCH} @@ -76,7 +74,6 @@ Docker Publish Mainline Tags: include: - template: Jobs/Code-Quality.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml - template: Jobs/Code-Intelligence.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Code-Intelligence.gitlab-ci.yml - - template: Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml - template: Jobs/Browser-Performance-Testing.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.gitlab-ci.yml - template: Security/DAST.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml - template: Jobs/Container-Scanning.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml -- GitLab From 97ab32b975ea9e867d0b6ad57fe2dd769fa644f9 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 01:55:38 +0200 Subject: [PATCH 19/58] chore(ci): fix docker image base image --- images/nginx/nginx.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/nginx/nginx.gitlab-ci.yml b/images/nginx/nginx.gitlab-ci.yml index e679607..992b990 100644 --- a/images/nginx/nginx.gitlab-ci.yml +++ b/images/nginx/nginx.gitlab-ci.yml @@ -14,7 +14,7 @@ stages: before_script: - docker info - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTR} - - export BASE_TAG="build-${CI_COMMIT_REF_NAME}-${CI_PIPELINE_CREATED_AT}-${NGINX_VERSION}-${NGINX_BRANCH}" + - export BASE_TAG="build-${CI_COMMIT_REF_NAME}-${CI_PIPELINE_CREATED_AT}-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO}" script: - docker build . -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} -f ./images/${DISTRO}/Dockerfile --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} - docker push ${CI_REGISTRY_IMAGE}:${BASE_TAG} -- GitLab From a60c5af3988a1ffe377e0df016250e0c6874f093 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 01:56:15 +0200 Subject: [PATCH 20/58] chore(ci): fix templates --- images/nginx/nginx.gitlab-ci.yml | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/images/nginx/nginx.gitlab-ci.yml b/images/nginx/nginx.gitlab-ci.yml index 992b990..d1b61e1 100644 --- a/images/nginx/nginx.gitlab-ci.yml +++ b/images/nginx/nginx.gitlab-ci.yml @@ -3,6 +3,7 @@ stages: - test - publish - dast + - performance .docker_build: &docker_build image: docker:latest @@ -27,7 +28,7 @@ stages: tags: - docker dependencies: - - build + - Docker Build before_script: - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTRY} - export IMAGE=${CI_REGISTRY_IMAGE}:${BASE_TAG} @@ -80,4 +81,29 @@ include: - template: Jobs/Dependency-Scanning.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml - template: Jobs/License-Scanning.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml - template: Jobs/SAST.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml - - template: Jobs/Secret-Detection.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml \ No newline at end of file + - template: Jobs/Secret-Detection.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml + +browser_performance: + needs: + - Docker Build + variables: + URL: http://nginx:8080 + services: # use services to link your app container to the dast job + - name: ${CI_REGISTRY_IMAGE}:${BASE_TAG} + alias: nginx + +dast: + dependencies: [] + needs: + - Docker Build + variables: + DAST_WEBSITE: http://nginx:8080 + DAST_FULL_SCAN_ENABLED: "true" # do a full scan + DAST_BROWSER_SCAN: "true" # use the browser-based GitLab DAST crawler + services: # use services to link your app container to the dast job + - name: ${CI_REGISTRY_IMAGE}:${BASE_TAG} + alias: nginx + +container_scanning: + variables: + CS_IMAGE: $CI_REGISTRY_IMAGE:build-${CI_COMMIT_REF_NAME}-${CI_PIPELINE_CREATED_AT}-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO} \ No newline at end of file -- GitLab From e5938d49fc490471608f50064a021cd3bb28ab29 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 02:07:51 +0200 Subject: [PATCH 21/58] chore(ci): fix docker registry login --- images/nginx/nginx.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/images/nginx/nginx.gitlab-ci.yml b/images/nginx/nginx.gitlab-ci.yml index d1b61e1..de3c131 100644 --- a/images/nginx/nginx.gitlab-ci.yml +++ b/images/nginx/nginx.gitlab-ci.yml @@ -14,7 +14,7 @@ stages: - docker before_script: - docker info - - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTR} + - docker login -u "${CI_REGISTRY_USER}" --password-stdin "${CI_REGISTRY_PASSWORD}" ${CI_REGISTR} - export BASE_TAG="build-${CI_COMMIT_REF_NAME}-${CI_PIPELINE_CREATED_AT}-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO}" script: - docker build . -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} -f ./images/${DISTRO}/Dockerfile --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} @@ -30,7 +30,7 @@ stages: dependencies: - Docker Build before_script: - - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTRY} + - docker login -u "${CI_REGISTRY_USER}" --password-stdin "${CI_REGISTRY_PASSWORD}" ${CI_REGISTRY} - export IMAGE=${CI_REGISTRY_IMAGE}:${BASE_TAG} - docker pull ${IMAGE} -- GitLab From 46ce9e8c726dc05afaa9c1455bc58bcd1029b6bd Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 02:09:57 +0200 Subject: [PATCH 22/58] Revert "chore(ci): fix docker registry login" This reverts commit e5938d49fc490471608f50064a021cd3bb28ab29. --- images/nginx/nginx.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/images/nginx/nginx.gitlab-ci.yml b/images/nginx/nginx.gitlab-ci.yml index de3c131..d1b61e1 100644 --- a/images/nginx/nginx.gitlab-ci.yml +++ b/images/nginx/nginx.gitlab-ci.yml @@ -14,7 +14,7 @@ stages: - docker before_script: - docker info - - docker login -u "${CI_REGISTRY_USER}" --password-stdin "${CI_REGISTRY_PASSWORD}" ${CI_REGISTR} + - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTR} - export BASE_TAG="build-${CI_COMMIT_REF_NAME}-${CI_PIPELINE_CREATED_AT}-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO}" script: - docker build . -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} -f ./images/${DISTRO}/Dockerfile --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} @@ -30,7 +30,7 @@ stages: dependencies: - Docker Build before_script: - - docker login -u "${CI_REGISTRY_USER}" --password-stdin "${CI_REGISTRY_PASSWORD}" ${CI_REGISTRY} + - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTRY} - export IMAGE=${CI_REGISTRY_IMAGE}:${BASE_TAG} - docker pull ${IMAGE} -- GitLab From f98d76bcc4551c4209ed007fc29e0ae255124d54 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 02:11:44 +0200 Subject: [PATCH 23/58] fix(ci): fix docker login --- images/nginx/nginx.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/images/nginx/nginx.gitlab-ci.yml b/images/nginx/nginx.gitlab-ci.yml index d1b61e1..fe5554b 100644 --- a/images/nginx/nginx.gitlab-ci.yml +++ b/images/nginx/nginx.gitlab-ci.yml @@ -14,7 +14,7 @@ stages: - docker before_script: - docker info - - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTR} + - docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTR} - export BASE_TAG="build-${CI_COMMIT_REF_NAME}-${CI_PIPELINE_CREATED_AT}-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO}" script: - docker build . -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} -f ./images/${DISTRO}/Dockerfile --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} @@ -30,7 +30,7 @@ stages: dependencies: - Docker Build before_script: - - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTRY} + - docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY} - export IMAGE=${CI_REGISTRY_IMAGE}:${BASE_TAG} - docker pull ${IMAGE} -- GitLab From 8ce6f9ffec3441ca242a14147bb937c1dfdef977 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 02:13:44 +0200 Subject: [PATCH 24/58] Revert "fix(ci): fix docker login" This reverts commit f98d76bcc4551c4209ed007fc29e0ae255124d54. --- images/nginx/nginx.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/images/nginx/nginx.gitlab-ci.yml b/images/nginx/nginx.gitlab-ci.yml index fe5554b..d1b61e1 100644 --- a/images/nginx/nginx.gitlab-ci.yml +++ b/images/nginx/nginx.gitlab-ci.yml @@ -14,7 +14,7 @@ stages: - docker before_script: - docker info - - docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTR} + - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTR} - export BASE_TAG="build-${CI_COMMIT_REF_NAME}-${CI_PIPELINE_CREATED_AT}-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO}" script: - docker build . -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} -f ./images/${DISTRO}/Dockerfile --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} @@ -30,7 +30,7 @@ stages: dependencies: - Docker Build before_script: - - docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY} + - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTRY} - export IMAGE=${CI_REGISTRY_IMAGE}:${BASE_TAG} - docker pull ${IMAGE} -- GitLab From 809aeff6eac756a4712e0f2f3457e5dcf234be77 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 02:17:02 +0200 Subject: [PATCH 25/58] fix(ci): fix variables --- .gitlab-ci.yml | 12 +++++----- images/nginx/nginx.gitlab-ci.yml | 40 ++++++++++++++++---------------- 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d7d5ca2..73f869d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -17,13 +17,13 @@ variables: Debian Nginx Stable: <<: *nginx variables: - DISTRO: ${DEBIAN_DISTRO} - NGINX_VERSION: ${NGINX_STABLE_VERSION} - NGINX_BRANCH: ${NGINX_STABLE_BRANCH} + DISTRO: $DEBIAN_DISTRO + NGINX_VERSION: $NGINX_STABLE_VERSION + NGINX_BRANCH: $NGINX_STABLE_BRANCH Debian Nginx Mainline: <<: *nginx variables: - DISTRO: ${DEBIAN_DISTRO} - NGINX_VERSION: ${NGINX_MAINLINE_VERSION} - NGINX_BRANCH: ${NGINX_MAINLINE_BRANCH} + DISTRO: $DEBIAN_DISTRO + NGINX_VERSION: $NGINX_MAINLINE_VERSION + NGINX_BRANCH: $NGINX_MAINLINE_BRANCH diff --git a/images/nginx/nginx.gitlab-ci.yml b/images/nginx/nginx.gitlab-ci.yml index d1b61e1..f96f675 100644 --- a/images/nginx/nginx.gitlab-ci.yml +++ b/images/nginx/nginx.gitlab-ci.yml @@ -14,11 +14,11 @@ stages: - docker before_script: - docker info - - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTR} - - export BASE_TAG="build-${CI_COMMIT_REF_NAME}-${CI_PIPELINE_CREATED_AT}-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO}" + - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTR + - export BASE_TAG="build-$CI_COMMIT_REF_NAME-$CI_PIPELINE_CREATED_AT-$NGINX_VERSION-$NGINX_BRANCH-$DISTRO" script: - - docker build . -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} -f ./images/${DISTRO}/Dockerfile --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} - - docker push ${CI_REGISTRY_IMAGE}:${BASE_TAG} + - docker build . -t $CI_REGISTRY_IMAGE:$BASE_TAG -f ./images/$DISTRO/Dockerfile --build-arg NGINX_VERSION=$NGINX_VERSION --build-arg NGINX_BRANCH=$NGINX_BRANCH + - docker push $CI_REGISTRY_IMAGE:$BASE_TAG .docker_publish: &docker_publish image: docker:latest @@ -30,9 +30,9 @@ stages: dependencies: - Docker Build before_script: - - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTRY} - - export IMAGE=${CI_REGISTRY_IMAGE}:${BASE_TAG} - - docker pull ${IMAGE} + - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY + - export IMAGE=$CI_REGISTRY_IMAGE:$BASE_TAG + - docker pull $IMAGE Docker Build: <<: *docker_build @@ -42,8 +42,8 @@ Docker Publish: only: - main script: - - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_BRANCH}-${DISTRO} - - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO} + - docker tag $IMAGE $CI_REGISTRY_IMAGE:$NGINX_BRANCH-$DISTRO + - docker tag $IMAGE $CI_REGISTRY_IMAGE:$NGINX_VERSION-$NGINX_BRANCH-$DISTRO - docker push $CI_REGISTRY_IMAGE --all-tags Docker Publish Stable Tags: @@ -53,12 +53,12 @@ Docker Publish Stable Tags: - if: $DISTRO == "debian" - if: $NGINX_BRANCH == "stable" script: - - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:nginx - - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION} - - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_BRANCH} - - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${DISTRO} - - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION}-${NGINX_BRANCH} - - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION}-${DISTRO} + - docker tag $IMAGE $CI_REGISTRY_IMAGE:nginx + - docker tag $IMAGE $CI_REGISTRY_IMAGE:$NGINX_VERSION + - docker tag $IMAGE $CI_REGISTRY_IMAGE:$NGINX_BRANCH + - docker tag $IMAGE $CI_REGISTRY_IMAGE:$DISTRO + - docker tag $IMAGE $CI_REGISTRY_IMAGE:$NGINX_VERSION-$NGINX_BRANCH + - docker tag $IMAGE $CI_REGISTRY_IMAGE:$NGINX_VERSION-$DISTRO - docker push $CI_REGISTRY_IMAGE --all-tags Docker Publish Mainline Tags: @@ -68,8 +68,8 @@ Docker Publish Mainline Tags: - if: $DISTRO == "debian" - if: $NGINX_BRANCH == "mainline" script: - - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_BRANCH} - - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION}-${NGINX_BRANCH} + - docker tag $IMAGE $CI_REGISTRY_IMAGE:$NGINX_BRANCH + - docker tag $IMAGE $CI_REGISTRY_IMAGE:$NGINX_VERSION-$NGINX_BRANCH - docker push $CI_REGISTRY_IMAGE --all-tags include: @@ -89,7 +89,7 @@ browser_performance: variables: URL: http://nginx:8080 services: # use services to link your app container to the dast job - - name: ${CI_REGISTRY_IMAGE}:${BASE_TAG} + - name: $CI_REGISTRY_IMAGE:$BASE_TAG alias: nginx dast: @@ -101,9 +101,9 @@ dast: DAST_FULL_SCAN_ENABLED: "true" # do a full scan DAST_BROWSER_SCAN: "true" # use the browser-based GitLab DAST crawler services: # use services to link your app container to the dast job - - name: ${CI_REGISTRY_IMAGE}:${BASE_TAG} + - name: $CI_REGISTRY_IMAGE:$BASE_TAG alias: nginx container_scanning: variables: - CS_IMAGE: $CI_REGISTRY_IMAGE:build-${CI_COMMIT_REF_NAME}-${CI_PIPELINE_CREATED_AT}-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO} \ No newline at end of file + CS_IMAGE: $CI_REGISTRY_IMAGE:build-$CI_COMMIT_REF_NAME-$CI_PIPELINE_CREATED_AT-$NGINX_VERSION-$NGINX_BRANCH-$DISTRO \ No newline at end of file -- GitLab From 8479b835b2b1a89ba6a7eb4cb3d5586e8edf2896 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 02:19:22 +0200 Subject: [PATCH 26/58] Revert "fix(ci): fix variables" This reverts commit 809aeff6eac756a4712e0f2f3457e5dcf234be77. --- .gitlab-ci.yml | 12 +++++----- images/nginx/nginx.gitlab-ci.yml | 40 ++++++++++++++++---------------- 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 73f869d..d7d5ca2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -17,13 +17,13 @@ variables: Debian Nginx Stable: <<: *nginx variables: - DISTRO: $DEBIAN_DISTRO - NGINX_VERSION: $NGINX_STABLE_VERSION - NGINX_BRANCH: $NGINX_STABLE_BRANCH + DISTRO: ${DEBIAN_DISTRO} + NGINX_VERSION: ${NGINX_STABLE_VERSION} + NGINX_BRANCH: ${NGINX_STABLE_BRANCH} Debian Nginx Mainline: <<: *nginx variables: - DISTRO: $DEBIAN_DISTRO - NGINX_VERSION: $NGINX_MAINLINE_VERSION - NGINX_BRANCH: $NGINX_MAINLINE_BRANCH + DISTRO: ${DEBIAN_DISTRO} + NGINX_VERSION: ${NGINX_MAINLINE_VERSION} + NGINX_BRANCH: ${NGINX_MAINLINE_BRANCH} diff --git a/images/nginx/nginx.gitlab-ci.yml b/images/nginx/nginx.gitlab-ci.yml index f96f675..d1b61e1 100644 --- a/images/nginx/nginx.gitlab-ci.yml +++ b/images/nginx/nginx.gitlab-ci.yml @@ -14,11 +14,11 @@ stages: - docker before_script: - docker info - - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTR - - export BASE_TAG="build-$CI_COMMIT_REF_NAME-$CI_PIPELINE_CREATED_AT-$NGINX_VERSION-$NGINX_BRANCH-$DISTRO" + - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTR} + - export BASE_TAG="build-${CI_COMMIT_REF_NAME}-${CI_PIPELINE_CREATED_AT}-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO}" script: - - docker build . -t $CI_REGISTRY_IMAGE:$BASE_TAG -f ./images/$DISTRO/Dockerfile --build-arg NGINX_VERSION=$NGINX_VERSION --build-arg NGINX_BRANCH=$NGINX_BRANCH - - docker push $CI_REGISTRY_IMAGE:$BASE_TAG + - docker build . -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} -f ./images/${DISTRO}/Dockerfile --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} + - docker push ${CI_REGISTRY_IMAGE}:${BASE_TAG} .docker_publish: &docker_publish image: docker:latest @@ -30,9 +30,9 @@ stages: dependencies: - Docker Build before_script: - - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY - - export IMAGE=$CI_REGISTRY_IMAGE:$BASE_TAG - - docker pull $IMAGE + - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTRY} + - export IMAGE=${CI_REGISTRY_IMAGE}:${BASE_TAG} + - docker pull ${IMAGE} Docker Build: <<: *docker_build @@ -42,8 +42,8 @@ Docker Publish: only: - main script: - - docker tag $IMAGE $CI_REGISTRY_IMAGE:$NGINX_BRANCH-$DISTRO - - docker tag $IMAGE $CI_REGISTRY_IMAGE:$NGINX_VERSION-$NGINX_BRANCH-$DISTRO + - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_BRANCH}-${DISTRO} + - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO} - docker push $CI_REGISTRY_IMAGE --all-tags Docker Publish Stable Tags: @@ -53,12 +53,12 @@ Docker Publish Stable Tags: - if: $DISTRO == "debian" - if: $NGINX_BRANCH == "stable" script: - - docker tag $IMAGE $CI_REGISTRY_IMAGE:nginx - - docker tag $IMAGE $CI_REGISTRY_IMAGE:$NGINX_VERSION - - docker tag $IMAGE $CI_REGISTRY_IMAGE:$NGINX_BRANCH - - docker tag $IMAGE $CI_REGISTRY_IMAGE:$DISTRO - - docker tag $IMAGE $CI_REGISTRY_IMAGE:$NGINX_VERSION-$NGINX_BRANCH - - docker tag $IMAGE $CI_REGISTRY_IMAGE:$NGINX_VERSION-$DISTRO + - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:nginx + - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION} + - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_BRANCH} + - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${DISTRO} + - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION}-${NGINX_BRANCH} + - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION}-${DISTRO} - docker push $CI_REGISTRY_IMAGE --all-tags Docker Publish Mainline Tags: @@ -68,8 +68,8 @@ Docker Publish Mainline Tags: - if: $DISTRO == "debian" - if: $NGINX_BRANCH == "mainline" script: - - docker tag $IMAGE $CI_REGISTRY_IMAGE:$NGINX_BRANCH - - docker tag $IMAGE $CI_REGISTRY_IMAGE:$NGINX_VERSION-$NGINX_BRANCH + - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_BRANCH} + - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION}-${NGINX_BRANCH} - docker push $CI_REGISTRY_IMAGE --all-tags include: @@ -89,7 +89,7 @@ browser_performance: variables: URL: http://nginx:8080 services: # use services to link your app container to the dast job - - name: $CI_REGISTRY_IMAGE:$BASE_TAG + - name: ${CI_REGISTRY_IMAGE}:${BASE_TAG} alias: nginx dast: @@ -101,9 +101,9 @@ dast: DAST_FULL_SCAN_ENABLED: "true" # do a full scan DAST_BROWSER_SCAN: "true" # use the browser-based GitLab DAST crawler services: # use services to link your app container to the dast job - - name: $CI_REGISTRY_IMAGE:$BASE_TAG + - name: ${CI_REGISTRY_IMAGE}:${BASE_TAG} alias: nginx container_scanning: variables: - CS_IMAGE: $CI_REGISTRY_IMAGE:build-$CI_COMMIT_REF_NAME-$CI_PIPELINE_CREATED_AT-$NGINX_VERSION-$NGINX_BRANCH-$DISTRO \ No newline at end of file + CS_IMAGE: $CI_REGISTRY_IMAGE:build-${CI_COMMIT_REF_NAME}-${CI_PIPELINE_CREATED_AT}-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO} \ No newline at end of file -- GitLab From f2fbdbdd7aa6491f5108c4306abb51efa8c25411 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 02:19:58 +0200 Subject: [PATCH 27/58] chore(ci): fix docker login registry var --- images/nginx/nginx.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/nginx/nginx.gitlab-ci.yml b/images/nginx/nginx.gitlab-ci.yml index d1b61e1..29cacad 100644 --- a/images/nginx/nginx.gitlab-ci.yml +++ b/images/nginx/nginx.gitlab-ci.yml @@ -14,7 +14,7 @@ stages: - docker before_script: - docker info - - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTR} + - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTRY} - export BASE_TAG="build-${CI_COMMIT_REF_NAME}-${CI_PIPELINE_CREATED_AT}-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO}" script: - docker build . -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} -f ./images/${DISTRO}/Dockerfile --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} -- GitLab From 0b50a496ff53665f5bce9790ebdb74cea1b874b5 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 02:25:05 +0200 Subject: [PATCH 28/58] chore(ci): fix image BASE_TAG --- images/nginx/nginx.gitlab-ci.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/images/nginx/nginx.gitlab-ci.yml b/images/nginx/nginx.gitlab-ci.yml index 29cacad..6a8f228 100644 --- a/images/nginx/nginx.gitlab-ci.yml +++ b/images/nginx/nginx.gitlab-ci.yml @@ -1,3 +1,6 @@ +variables: + BASE_TAG: build-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}-$(echo ${CI_PIPELINE_CREATED_AT} | cut -d "T" -f1)-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO} + stages: - build - test @@ -15,7 +18,6 @@ stages: before_script: - docker info - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTRY} - - export BASE_TAG="build-${CI_COMMIT_REF_NAME}-${CI_PIPELINE_CREATED_AT}-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO}" script: - docker build . -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} -f ./images/${DISTRO}/Dockerfile --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} - docker push ${CI_REGISTRY_IMAGE}:${BASE_TAG} @@ -106,4 +108,4 @@ dast: container_scanning: variables: - CS_IMAGE: $CI_REGISTRY_IMAGE:build-${CI_COMMIT_REF_NAME}-${CI_PIPELINE_CREATED_AT}-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO} \ No newline at end of file + CS_IMAGE: ${BASE_TAG} \ No newline at end of file -- GitLab From ba1c0e267886764db1cd260730c49bbcd15a28ff Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 04:15:20 +0200 Subject: [PATCH 29/58] chore(ci): try fixing unknown flag -d error --- images/nginx/nginx.gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/images/nginx/nginx.gitlab-ci.yml b/images/nginx/nginx.gitlab-ci.yml index 6a8f228..64350bd 100644 --- a/images/nginx/nginx.gitlab-ci.yml +++ b/images/nginx/nginx.gitlab-ci.yml @@ -18,6 +18,7 @@ stages: before_script: - docker info - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTRY} + - export BASE_TAG="build-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}-$(echo ${CI_PIPELINE_CREATED_AT} | cut -d "T" -f1)-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO}" script: - docker build . -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} -f ./images/${DISTRO}/Dockerfile --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} - docker push ${CI_REGISTRY_IMAGE}:${BASE_TAG} -- GitLab From 2be2f6e4ddb540bfecd7872bcf0a35bc402bbac7 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 04:17:41 +0200 Subject: [PATCH 30/58] chore(ci): fix Dockerfile path --- images/nginx/nginx.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/nginx/nginx.gitlab-ci.yml b/images/nginx/nginx.gitlab-ci.yml index 64350bd..2af14dd 100644 --- a/images/nginx/nginx.gitlab-ci.yml +++ b/images/nginx/nginx.gitlab-ci.yml @@ -20,7 +20,7 @@ stages: - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTRY} - export BASE_TAG="build-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}-$(echo ${CI_PIPELINE_CREATED_AT} | cut -d "T" -f1)-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO}" script: - - docker build . -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} -f ./images/${DISTRO}/Dockerfile --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} + - docker build . -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} -f ./${DISTRO}/Dockerfile --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} - docker push ${CI_REGISTRY_IMAGE}:${BASE_TAG} .docker_publish: &docker_publish -- GitLab From 2e7b349cd70453bce21d398d5741be1a2c1e9e04 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 04:20:28 +0200 Subject: [PATCH 31/58] chore(ci): fix Dockerfile path --- images/nginx/nginx.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/nginx/nginx.gitlab-ci.yml b/images/nginx/nginx.gitlab-ci.yml index 2af14dd..9286c69 100644 --- a/images/nginx/nginx.gitlab-ci.yml +++ b/images/nginx/nginx.gitlab-ci.yml @@ -20,7 +20,7 @@ stages: - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTRY} - export BASE_TAG="build-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}-$(echo ${CI_PIPELINE_CREATED_AT} | cut -d "T" -f1)-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO}" script: - - docker build . -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} -f ./${DISTRO}/Dockerfile --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} + - docker build . -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} -f /images/nginx/${DISTRO}/Dockerfile --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} - docker push ${CI_REGISTRY_IMAGE}:${BASE_TAG} .docker_publish: &docker_publish -- GitLab From 77be4ec4316a4ac17ff9357843761ef90e82181c Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 12:29:02 +0200 Subject: [PATCH 32/58] chore(ci): try 3; build path? --- images/nginx/nginx.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/nginx/nginx.gitlab-ci.yml b/images/nginx/nginx.gitlab-ci.yml index 9286c69..b8ee8fb 100644 --- a/images/nginx/nginx.gitlab-ci.yml +++ b/images/nginx/nginx.gitlab-ci.yml @@ -20,7 +20,7 @@ stages: - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTRY} - export BASE_TAG="build-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}-$(echo ${CI_PIPELINE_CREATED_AT} | cut -d "T" -f1)-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO}" script: - - docker build . -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} -f /images/nginx/${DISTRO}/Dockerfile --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} + - docker build -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} ./images/nginx/${DISTRO} - docker push ${CI_REGISTRY_IMAGE}:${BASE_TAG} .docker_publish: &docker_publish -- GitLab From 41d20988346962fa14d2c8aebf332e56cf201361 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 12:45:47 +0200 Subject: [PATCH 33/58] chore(ci): try 4; move ci file? --- .gitlab-ci.yml | 2 +- images/nginx/nginx.gitlab-ci.yml => nginx.gitlab-ci.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) rename images/nginx/nginx.gitlab-ci.yml => nginx.gitlab-ci.yml (95%) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d7d5ca2..83c94cd 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -11,7 +11,7 @@ variables: .nginx: &nginx trigger: - include: '/images/nginx/nginx.gitlab-ci.yml' + include: 'nginx.gitlab-ci.yml' strategy: depend Debian Nginx Stable: diff --git a/images/nginx/nginx.gitlab-ci.yml b/nginx.gitlab-ci.yml similarity index 95% rename from images/nginx/nginx.gitlab-ci.yml rename to nginx.gitlab-ci.yml index b8ee8fb..93b2751 100644 --- a/images/nginx/nginx.gitlab-ci.yml +++ b/nginx.gitlab-ci.yml @@ -1,5 +1,5 @@ -variables: - BASE_TAG: build-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}-$(echo ${CI_PIPELINE_CREATED_AT} | cut -d "T" -f1)-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO} +#variables: + #BASE_TAG: build-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}-$(echo ${CI_PIPELINE_CREATED_AT} | cut -c 1-10 - | sort -ru)-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO} stages: - build @@ -20,7 +20,7 @@ stages: - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTRY} - export BASE_TAG="build-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}-$(echo ${CI_PIPELINE_CREATED_AT} | cut -d "T" -f1)-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO}" script: - - docker build -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} ./images/nginx/${DISTRO} + - docker build -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} /images/nginx/${DISTRO} - docker push ${CI_REGISTRY_IMAGE}:${BASE_TAG} .docker_publish: &docker_publish -- GitLab From d3f668f4a58b280d80a178acb656ea96cb76a3d7 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 13:25:19 +0200 Subject: [PATCH 34/58] chore(ci): ls --- nginx.gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/nginx.gitlab-ci.yml b/nginx.gitlab-ci.yml index 93b2751..35df8f8 100644 --- a/nginx.gitlab-ci.yml +++ b/nginx.gitlab-ci.yml @@ -20,6 +20,7 @@ stages: - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTRY} - export BASE_TAG="build-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}-$(echo ${CI_PIPELINE_CREATED_AT} | cut -d "T" -f1)-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO}" script: + - echo ls ${DIR} - docker build -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} /images/nginx/${DISTRO} - docker push ${CI_REGISTRY_IMAGE}:${BASE_TAG} -- GitLab From 199f80ac03c9e96cc74251bdb8fcbd60e68296b5 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 13:46:04 +0200 Subject: [PATCH 35/58] chore(ci): try 6; path? --- nginx.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx.gitlab-ci.yml b/nginx.gitlab-ci.yml index 35df8f8..2c79f2c 100644 --- a/nginx.gitlab-ci.yml +++ b/nginx.gitlab-ci.yml @@ -21,7 +21,7 @@ stages: - export BASE_TAG="build-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}-$(echo ${CI_PIPELINE_CREATED_AT} | cut -d "T" -f1)-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO}" script: - echo ls ${DIR} - - docker build -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} /images/nginx/${DISTRO} + - docker build -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} -f images/nginx/${DISTRO}/Dockerfile --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} . - docker push ${CI_REGISTRY_IMAGE}:${BASE_TAG} .docker_publish: &docker_publish -- GitLab From 654e389309c1f55c08a1e93570a0a95941b1e025 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 13:46:15 +0200 Subject: [PATCH 36/58] chore(ci): echo --- nginx.gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nginx.gitlab-ci.yml b/nginx.gitlab-ci.yml index 2c79f2c..a7356e1 100644 --- a/nginx.gitlab-ci.yml +++ b/nginx.gitlab-ci.yml @@ -20,6 +20,8 @@ stages: - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTRY} - export BASE_TAG="build-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}-$(echo ${CI_PIPELINE_CREATED_AT} | cut -d "T" -f1)-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO}" script: + - echo $CI_PROJECT_DIR + - echo ls - echo ls ${DIR} - docker build -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} -f images/nginx/${DISTRO}/Dockerfile --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} . - docker push ${CI_REGISTRY_IMAGE}:${BASE_TAG} -- GitLab From 9490769137abc49554f9050998d255d3ff958b4b Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 13:46:45 +0200 Subject: [PATCH 37/58] chore(ci): remove variables --- nginx.gitlab-ci.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/nginx.gitlab-ci.yml b/nginx.gitlab-ci.yml index a7356e1..4a047e0 100644 --- a/nginx.gitlab-ci.yml +++ b/nginx.gitlab-ci.yml @@ -1,6 +1,3 @@ -#variables: - #BASE_TAG: build-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}-$(echo ${CI_PIPELINE_CREATED_AT} | cut -c 1-10 - | sort -ru)-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO} - stages: - build - test -- GitLab From a1d25556aa49e9cac7fa48a253c7ade340fd2d44 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 13:48:53 +0200 Subject: [PATCH 38/58] chore(ci): remove debug cmds --- nginx.gitlab-ci.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/nginx.gitlab-ci.yml b/nginx.gitlab-ci.yml index 4a047e0..976b6a3 100644 --- a/nginx.gitlab-ci.yml +++ b/nginx.gitlab-ci.yml @@ -17,9 +17,6 @@ stages: - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTRY} - export BASE_TAG="build-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}-$(echo ${CI_PIPELINE_CREATED_AT} | cut -d "T" -f1)-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO}" script: - - echo $CI_PROJECT_DIR - - echo ls - - echo ls ${DIR} - docker build -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} -f images/nginx/${DISTRO}/Dockerfile --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} . - docker push ${CI_REGISTRY_IMAGE}:${BASE_TAG} -- GitLab From f7ac67e15496ff546a1f6d2ccc51af0b6e7c56c6 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 13:53:30 +0200 Subject: [PATCH 39/58] build(Docker): fix nginx image version --- images/nginx/debian/Dockerfile | 3 +-- nginx.gitlab-ci.yml | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/images/nginx/debian/Dockerfile b/images/nginx/debian/Dockerfile index 6930257..40c3616 100644 --- a/images/nginx/debian/Dockerfile +++ b/images/nginx/debian/Dockerfile @@ -1,6 +1,5 @@ ARG NGINX_VERSION -ARG NGINX_BRANCH -FROM nginxinc/nginx-unprivileged:${NGINX_VERSION}-${NGINX_BRANCH}-bullseye +FROM nginxinc/nginx-unprivileged:${NGINX_VERSION}-bullseye LABEL maintainer="TNET OSS " diff --git a/nginx.gitlab-ci.yml b/nginx.gitlab-ci.yml index 976b6a3..dfce67a 100644 --- a/nginx.gitlab-ci.yml +++ b/nginx.gitlab-ci.yml @@ -17,7 +17,7 @@ stages: - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTRY} - export BASE_TAG="build-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}-$(echo ${CI_PIPELINE_CREATED_AT} | cut -d "T" -f1)-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO}" script: - - docker build -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} -f images/nginx/${DISTRO}/Dockerfile --build-arg NGINX_VERSION=${NGINX_VERSION} --build-arg NGINX_BRANCH=${NGINX_BRANCH} . + - docker build -t ${CI_REGISTRY_IMAGE}:${BASE_TAG} -f images/nginx/${DISTRO}/Dockerfile --build-arg NGINX_VERSION=${NGINX_VERSION} . - docker push ${CI_REGISTRY_IMAGE}:${BASE_TAG} .docker_publish: &docker_publish -- GitLab From aaaea9fa2f2bcb0d75e8a0e5900023d7bc651a52 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 13:53:46 +0200 Subject: [PATCH 40/58] build(ci): fix www copy cmd --- images/nginx/debian/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/nginx/debian/Dockerfile b/images/nginx/debian/Dockerfile index 40c3616..ddde867 100644 --- a/images/nginx/debian/Dockerfile +++ b/images/nginx/debian/Dockerfile @@ -12,7 +12,7 @@ RUN ["rm -rf", "/etc/nginx/nginx.conf", "/etc/nginx/conf.d", "/usr/share/nginx/h COPY ["../nginx/nginx.conf", "/etc/nginx/nginx.conf"] COPY ["../nginx/config/config", "/etc/nginx/config"] COPY ["../nginx/www/welcome.html", "/usr/share/nginx/html/index.html"] -COPY ["../nginx/www/", "/usr/share/nginx/html/security.txt", "/usr/share/nginx/html/robots.txt"] +COPY ["../nginx/www/security.txt", "../nginx/www/robots.txt", "/usr/share/nginx/html/"] STOPSIGNAL SIGQUIT USER nginx -- GitLab From 0a2cdf24c3ba4ea5b40e06a56e16316b366bc36c Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 14 May 2023 20:29:09 +0200 Subject: [PATCH 41/58] chore(ci): fix copy action --- images/nginx/debian/Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/images/nginx/debian/Dockerfile b/images/nginx/debian/Dockerfile index ddde867..0d73ef8 100644 --- a/images/nginx/debian/Dockerfile +++ b/images/nginx/debian/Dockerfile @@ -11,8 +11,7 @@ LABEL version="$NGINX_VERSION" RUN ["rm -rf", "/etc/nginx/nginx.conf", "/etc/nginx/conf.d", "/usr/share/nginx/html"] COPY ["../nginx/nginx.conf", "/etc/nginx/nginx.conf"] COPY ["../nginx/config/config", "/etc/nginx/config"] -COPY ["../nginx/www/welcome.html", "/usr/share/nginx/html/index.html"] -COPY ["../nginx/www/security.txt", "../nginx/www/robots.txt", "/usr/share/nginx/html/"] +COPY ["../nginx/www/", "/usr/share/nginx/html/"] STOPSIGNAL SIGQUIT USER nginx -- GitLab From 81b13e9526cef1fbaa08d6061c3a281650f11955 Mon Sep 17 00:00:00 2001 From: Tristan Date: Mon, 15 May 2023 09:44:20 +0200 Subject: [PATCH 42/58] chore(ci): fix copy cmds --- images/nginx/debian/Dockerfile | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/images/nginx/debian/Dockerfile b/images/nginx/debian/Dockerfile index 0d73ef8..1be02ef 100644 --- a/images/nginx/debian/Dockerfile +++ b/images/nginx/debian/Dockerfile @@ -6,12 +6,14 @@ LABEL maintainer="TNET OSS " ARG NGINX_VERSION ENV IMAGE_VERSION="$NGINX_VERSION" LABEL version="$NGINX_VERSION" +ARG DISTRO +ENV DISTRO="${DISTRO}" # Modify default nginx. RUN ["rm -rf", "/etc/nginx/nginx.conf", "/etc/nginx/conf.d", "/usr/share/nginx/html"] -COPY ["../nginx/nginx.conf", "/etc/nginx/nginx.conf"] -COPY ["../nginx/config/config", "/etc/nginx/config"] -COPY ["../nginx/www/", "/usr/share/nginx/html/"] +COPY ["/nginx/nginx.conf", "/etc/nginx/nginx.conf"] +COPY ["/nginx/config/default", "/etc/nginx/config"] +COPY ["/nginx/www/", "/usr/share/nginx/html/"] STOPSIGNAL SIGQUIT USER nginx -- GitLab From 810f3f903b956d136db0300479ac495f161522d7 Mon Sep 17 00:00:00 2001 From: Tristan Date: Mon, 15 May 2023 09:47:18 +0200 Subject: [PATCH 43/58] chore(ci): fix copy cmds again --- images/nginx/debian/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/images/nginx/debian/Dockerfile b/images/nginx/debian/Dockerfile index 1be02ef..b367b07 100644 --- a/images/nginx/debian/Dockerfile +++ b/images/nginx/debian/Dockerfile @@ -11,8 +11,8 @@ ENV DISTRO="${DISTRO}" # Modify default nginx. RUN ["rm -rf", "/etc/nginx/nginx.conf", "/etc/nginx/conf.d", "/usr/share/nginx/html"] -COPY ["/nginx/nginx.conf", "/etc/nginx/nginx.conf"] -COPY ["/nginx/config/default", "/etc/nginx/config"] +COPY ["/nginx/config/default/nginx.conf", "/etc/nginx/nginx.conf"] +COPY ["/nginx/config/default/default.conf", "/etc/nginx/config/default.conf"] COPY ["/nginx/www/", "/usr/share/nginx/html/"] STOPSIGNAL SIGQUIT -- GitLab From b06256a0cbdc87f0f4f1df1798bbc1b65257a5d3 Mon Sep 17 00:00:00 2001 From: Tristan Date: Mon, 15 May 2023 10:50:08 +0200 Subject: [PATCH 44/58] chore(ci): fix stuff --- images/nginx/debian/Dockerfile | 10 ++++++++-- nginx/config/default/default.conf | 2 +- nginx/config/default/nginx.conf | 16 ++++++++-------- 3 files changed, 17 insertions(+), 11 deletions(-) diff --git a/images/nginx/debian/Dockerfile b/images/nginx/debian/Dockerfile index b367b07..ebbff39 100644 --- a/images/nginx/debian/Dockerfile +++ b/images/nginx/debian/Dockerfile @@ -1,5 +1,7 @@ ARG NGINX_VERSION -FROM nginxinc/nginx-unprivileged:${NGINX_VERSION}-bullseye +FROM debian:bullseye-slim as debian + +FROM nginxinc/nginx-unprivileged:${NGINX_VERSION}-bullseye as nginx LABEL maintainer="TNET OSS " @@ -9,8 +11,12 @@ LABEL version="$NGINX_VERSION" ARG DISTRO ENV DISTRO="${DISTRO}" +# copy rm executable file +COPY --from=debian ["/bin/rm", "./rm"] + +USER root # Modify default nginx. -RUN ["rm -rf", "/etc/nginx/nginx.conf", "/etc/nginx/conf.d", "/usr/share/nginx/html"] +RUN ["rm", "-r", "/etc/nginx/nginx.conf", "/etc/nginx/conf.d", "/usr/share/nginx/html"] COPY ["/nginx/config/default/nginx.conf", "/etc/nginx/nginx.conf"] COPY ["/nginx/config/default/default.conf", "/etc/nginx/config/default.conf"] COPY ["/nginx/www/", "/usr/share/nginx/html/"] diff --git a/nginx/config/default/default.conf b/nginx/config/default/default.conf index 83f6a6e..b70e497 100644 --- a/nginx/config/default/default.conf +++ b/nginx/config/default/default.conf @@ -11,7 +11,7 @@ server { listen *:8080; server_name localhost; - /root /usr/share/nginx/html; + root /usr/share/nginx/html; error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 /error.html; diff --git a/nginx/config/default/nginx.conf b/nginx/config/default/nginx.conf index 1c3d24c..77fa2a3 100644 --- a/nginx/config/default/nginx.conf +++ b/nginx/config/default/nginx.conf @@ -1,8 +1,8 @@ #load_module modules/ngx_http_modsecurity_module.so; -user nginx; -daemon off; -pid /tmp/nginx-tmp/nginx.pid; +#user nginx; +#daemon off; +pid /tmp/nginx/nginx.pid; error_log stderr notice; include /etc/nginx/modules-enabled/*.conf; @@ -43,11 +43,11 @@ http { client_body_buffer_size 256k; client_body_in_file_only off; - client_body_temp_path "/tmp/nginx-tmp/client_body" 1 2; - proxy_temp_path "/tmp/nginx-tmp/proxy_temp" 1 2; - fastcgi_temp_path "/tmp/nginx-tmp/fastcgi_temp" 1 2; - scgi_temp_path "/tmp/nginx-tmp/scgi_temp" 1 2; - uwsgi_temp_path "/tmp/nginx-tmp/uwsgi_temp" 1 2; + client_body_temp_path "/tmp/nginx/client_body" 1 2; + proxy_temp_path "/tmp/nginx/proxy_temp" 1 2; + fastcgi_temp_path "/tmp/nginx/fastcgi_temp" 1 2; + scgi_temp_path "/tmp/nginx/scgi_temp" 1 2; + uwsgi_temp_path "/tmp/nginx/uwsgi_temp" 1 2; log_format main '$time_iso8601 - $remote_addr - "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'; access_log /dev/stdout main; -- GitLab From 5db9fb469a058eb14aba44015db31ac862923ce2 Mon Sep 17 00:00:00 2001 From: Tristan Date: Mon, 15 May 2023 11:40:23 +0200 Subject: [PATCH 45/58] chore(ci): fix publish image tag --- nginx.gitlab-ci.yml | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/nginx.gitlab-ci.yml b/nginx.gitlab-ci.yml index dfce67a..67fa6f1 100644 --- a/nginx.gitlab-ci.yml +++ b/nginx.gitlab-ci.yml @@ -31,7 +31,6 @@ stages: - Docker Build before_script: - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTRY} - - export IMAGE=${CI_REGISTRY_IMAGE}:${BASE_TAG} - docker pull ${IMAGE} Docker Build: @@ -42,8 +41,8 @@ Docker Publish: only: - main script: - - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_BRANCH}-${DISTRO} - - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO} + - docker tag ${CI_REGISTRY_IMAGE}:${BASE_TAG} ${CI_REGISTRY_IMAGE}:${NGINX_BRANCH}-${DISTRO} + - docker tag ${CI_REGISTRY_IMAGE}:${BASE_TAG} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO} - docker push $CI_REGISTRY_IMAGE --all-tags Docker Publish Stable Tags: @@ -53,12 +52,12 @@ Docker Publish Stable Tags: - if: $DISTRO == "debian" - if: $NGINX_BRANCH == "stable" script: - - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:nginx - - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION} - - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_BRANCH} - - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${DISTRO} - - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION}-${NGINX_BRANCH} - - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION}-${DISTRO} + - docker tag ${CI_REGISTRY_IMAGE}:${BASE_TAG} ${CI_REGISTRY_IMAGE}:nginx + - docker tag ${CI_REGISTRY_IMAGE}:${BASE_TAG} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION} + - docker tag ${CI_REGISTRY_IMAGE}:${BASE_TAG} ${CI_REGISTRY_IMAGE}:${NGINX_BRANCH} + - docker tag ${CI_REGISTRY_IMAGE}:${BASE_TAG} ${CI_REGISTRY_IMAGE}:${DISTRO} + - docker tag ${CI_REGISTRY_IMAGE}:${BASE_TAG} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION}-${NGINX_BRANCH} + - docker tag ${CI_REGISTRY_IMAGE}:${BASE_TAG} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION}-${DISTRO} - docker push $CI_REGISTRY_IMAGE --all-tags Docker Publish Mainline Tags: @@ -68,8 +67,8 @@ Docker Publish Mainline Tags: - if: $DISTRO == "debian" - if: $NGINX_BRANCH == "mainline" script: - - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_BRANCH} - - docker tag ${IMAGE} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION}-${NGINX_BRANCH} + - docker tag ${CI_REGISTRY_IMAGE}:${BASE_TAG} ${CI_REGISTRY_IMAGE}:${NGINX_BRANCH} + - docker tag ${CI_REGISTRY_IMAGE}:${BASE_TAG} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION}-${NGINX_BRANCH} - docker push $CI_REGISTRY_IMAGE --all-tags include: -- GitLab From 638219ab319df696151fdac3a9a78163dcfba6ef Mon Sep 17 00:00:00 2001 From: Tristan Date: Mon, 15 May 2023 11:40:44 +0200 Subject: [PATCH 46/58] chore(ci): fix container_scanning image --- nginx.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx.gitlab-ci.yml b/nginx.gitlab-ci.yml index 67fa6f1..f197812 100644 --- a/nginx.gitlab-ci.yml +++ b/nginx.gitlab-ci.yml @@ -105,4 +105,4 @@ dast: container_scanning: variables: - CS_IMAGE: ${BASE_TAG} \ No newline at end of file + CS_IMAGE: ${CI_REGISTRY_IMAGE}:${BASE_TAG} \ No newline at end of file -- GitLab From 2f0b17281d8bf58fb0a166cb2853c62d4baa67ba Mon Sep 17 00:00:00 2001 From: Tristan Date: Mon, 15 May 2023 11:44:16 +0200 Subject: [PATCH 47/58] chore(ci): fix container_scanning job --- nginx.gitlab-ci.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/nginx.gitlab-ci.yml b/nginx.gitlab-ci.yml index f197812..6cc6821 100644 --- a/nginx.gitlab-ci.yml +++ b/nginx.gitlab-ci.yml @@ -1,3 +1,6 @@ +variables: + CS_IMAGE: build-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}-$(echo ${CI_PIPELINE_CREATED_AT} | cut -d "T" -f1)-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO} + stages: - build - test @@ -101,8 +104,4 @@ dast: DAST_BROWSER_SCAN: "true" # use the browser-based GitLab DAST crawler services: # use services to link your app container to the dast job - name: ${CI_REGISTRY_IMAGE}:${BASE_TAG} - alias: nginx - -container_scanning: - variables: - CS_IMAGE: ${CI_REGISTRY_IMAGE}:${BASE_TAG} \ No newline at end of file + alias: nginx \ No newline at end of file -- GitLab From 9fb7de54aec3009f6720364b83655a4aaf174d03 Mon Sep 17 00:00:00 2001 From: Tristan Date: Mon, 15 May 2023 11:49:54 +0200 Subject: [PATCH 48/58] chore(ci): fix pull cmd --- nginx.gitlab-ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nginx.gitlab-ci.yml b/nginx.gitlab-ci.yml index 6cc6821..7f911e4 100644 --- a/nginx.gitlab-ci.yml +++ b/nginx.gitlab-ci.yml @@ -30,11 +30,13 @@ stages: - docker:dind tags: - docker + needs: + - Docker Build dependencies: - Docker Build before_script: - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTRY} - - docker pull ${IMAGE} + - docker pull ${IMAGE}${CI_REGISTRY_IMAGE}:${BASE_TAG} Docker Build: <<: *docker_build -- GitLab From c3f68f7339ffff2744bbf81d77097ed0a081adbb Mon Sep 17 00:00:00 2001 From: Tristan Date: Mon, 15 May 2023 11:56:05 +0200 Subject: [PATCH 49/58] chore(ci): fix pull cmd (again) --- nginx.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx.gitlab-ci.yml b/nginx.gitlab-ci.yml index 7f911e4..daf3e83 100644 --- a/nginx.gitlab-ci.yml +++ b/nginx.gitlab-ci.yml @@ -36,7 +36,7 @@ stages: - Docker Build before_script: - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTRY} - - docker pull ${IMAGE}${CI_REGISTRY_IMAGE}:${BASE_TAG} + - docker pull ${CI_REGISTRY_IMAGE}:${BASE_TAG} Docker Build: <<: *docker_build -- GitLab From 0d0e905d1d27a3af34a5792794adecd3598bacc0 Mon Sep 17 00:00:00 2001 From: Tristan Date: Mon, 15 May 2023 12:08:19 +0200 Subject: [PATCH 50/58] chore(ci): try fixing CS_IMAGE var --- nginx.gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nginx.gitlab-ci.yml b/nginx.gitlab-ci.yml index daf3e83..c430ffd 100644 --- a/nginx.gitlab-ci.yml +++ b/nginx.gitlab-ci.yml @@ -1,5 +1,6 @@ variables: - CS_IMAGE: build-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}-$(echo ${CI_PIPELINE_CREATED_AT} | cut -d "T" -f1)-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO} + BASE_IMAGE: build-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}-$(echo ${CI_PIPELINE_CREATED_AT} | cut -d "T" -f1)-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO} + CS_IMAGE: ${BASE_IMAGE} stages: - build -- GitLab From 8e439d6b3b5233217a917b633cd703ff7d5504fe Mon Sep 17 00:00:00 2001 From: Tristan Date: Mon, 15 May 2023 12:08:38 +0200 Subject: [PATCH 51/58] chore(ci): fix publish BASE_TAG var --- nginx.gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/nginx.gitlab-ci.yml b/nginx.gitlab-ci.yml index c430ffd..b46a90c 100644 --- a/nginx.gitlab-ci.yml +++ b/nginx.gitlab-ci.yml @@ -37,6 +37,7 @@ stages: - Docker Build before_script: - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" ${CI_REGISTRY} + - export BASE_TAG="build-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}-$(echo ${CI_PIPELINE_CREATED_AT} | cut -d "T" -f1)-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO}" - docker pull ${CI_REGISTRY_IMAGE}:${BASE_TAG} Docker Build: -- GitLab From d0bee4f3a89061ec98631e4f6b1707458aba09cf Mon Sep 17 00:00:00 2001 From: Tristan Date: Mon, 15 May 2023 12:21:05 +0200 Subject: [PATCH 52/58] chore(ci): try fixing container_scanning --- nginx.gitlab-ci.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/nginx.gitlab-ci.yml b/nginx.gitlab-ci.yml index b46a90c..3d4bf60 100644 --- a/nginx.gitlab-ci.yml +++ b/nginx.gitlab-ci.yml @@ -1,7 +1,3 @@ -variables: - BASE_IMAGE: build-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}-$(echo ${CI_PIPELINE_CREATED_AT} | cut -d "T" -f1)-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO} - CS_IMAGE: ${BASE_IMAGE} - stages: - build - test @@ -108,4 +104,10 @@ dast: DAST_BROWSER_SCAN: "true" # use the browser-based GitLab DAST crawler services: # use services to link your app container to the dast job - name: ${CI_REGISTRY_IMAGE}:${BASE_TAG} - alias: nginx \ No newline at end of file + alias: nginx + +container_scanning: + needs: + - Docker Build + variables: + CS_IMAGE: build-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}-$(echo ${CI_PIPELINE_CREATED_AT} | cut -d "T" -f1)-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO} \ No newline at end of file -- GitLab From 2c7f7c77bacd47933b5b8458e482fc7e825eb458 Mon Sep 17 00:00:00 2001 From: Tristan Date: Mon, 15 May 2023 12:21:24 +0200 Subject: [PATCH 53/58] chore(ci): try fixing publish jobs --- nginx.gitlab-ci.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/nginx.gitlab-ci.yml b/nginx.gitlab-ci.yml index 3d4bf60..379ac1f 100644 --- a/nginx.gitlab-ci.yml +++ b/nginx.gitlab-ci.yml @@ -51,9 +51,12 @@ Docker Publish: Docker Publish Stable Tags: <<: *docker_publish rules: - - if: $CI_COMMIT_REF_NAME == "main" + - if: $CI_COMMIT_BRANCH == "main" + when: on_success - if: $DISTRO == "debian" + when: on_success - if: $NGINX_BRANCH == "stable" + when: on_success script: - docker tag ${CI_REGISTRY_IMAGE}:${BASE_TAG} ${CI_REGISTRY_IMAGE}:nginx - docker tag ${CI_REGISTRY_IMAGE}:${BASE_TAG} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION} @@ -66,9 +69,12 @@ Docker Publish Stable Tags: Docker Publish Mainline Tags: <<: *docker_publish rules: - - if: $CI_COMMIT_REF_NAME == "main" + - if: $CI_COMMIT_BRANCH == "main" + when: on_success - if: $DISTRO == "debian" + when: on_success - if: $NGINX_BRANCH == "mainline" + when: on_success script: - docker tag ${CI_REGISTRY_IMAGE}:${BASE_TAG} ${CI_REGISTRY_IMAGE}:${NGINX_BRANCH} - docker tag ${CI_REGISTRY_IMAGE}:${BASE_TAG} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION}-${NGINX_BRANCH} -- GitLab From 9512185491519a6d8e90403cae96b582710d03a9 Mon Sep 17 00:00:00 2001 From: Tristan Date: Mon, 15 May 2023 13:10:04 +0200 Subject: [PATCH 54/58] chore(ci): fix publish job rules --- nginx.gitlab-ci.yml | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/nginx.gitlab-ci.yml b/nginx.gitlab-ci.yml index 379ac1f..4e522a6 100644 --- a/nginx.gitlab-ci.yml +++ b/nginx.gitlab-ci.yml @@ -51,12 +51,7 @@ Docker Publish: Docker Publish Stable Tags: <<: *docker_publish rules: - - if: $CI_COMMIT_BRANCH == "main" - when: on_success - - if: $DISTRO == "debian" - when: on_success - - if: $NGINX_BRANCH == "stable" - when: on_success + - if: '$CI_COMMIT_BRANCH == "main" && $DISTRO == "debian" && $NGINX_BRANCH == "stable"' script: - docker tag ${CI_REGISTRY_IMAGE}:${BASE_TAG} ${CI_REGISTRY_IMAGE}:nginx - docker tag ${CI_REGISTRY_IMAGE}:${BASE_TAG} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION} @@ -69,12 +64,7 @@ Docker Publish Stable Tags: Docker Publish Mainline Tags: <<: *docker_publish rules: - - if: $CI_COMMIT_BRANCH == "main" - when: on_success - - if: $DISTRO == "debian" - when: on_success - - if: $NGINX_BRANCH == "mainline" - when: on_success + - if: '$CI_COMMIT_BRANCH == "main" && $DISTRO == "debian" && $NGINX_BRANCH == "mainline"' script: - docker tag ${CI_REGISTRY_IMAGE}:${BASE_TAG} ${CI_REGISTRY_IMAGE}:${NGINX_BRANCH} - docker tag ${CI_REGISTRY_IMAGE}:${BASE_TAG} ${CI_REGISTRY_IMAGE}:${NGINX_VERSION}-${NGINX_BRANCH} -- GitLab From f7e882ccfd0cc856cff8af77dc462f81c5eeef31 Mon Sep 17 00:00:00 2001 From: Tristan Date: Mon, 15 May 2023 13:24:46 +0200 Subject: [PATCH 55/58] chore(ci): try fixing container scanning CS_IMAGE --- nginx.gitlab-ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nginx.gitlab-ci.yml b/nginx.gitlab-ci.yml index 4e522a6..7259274 100644 --- a/nginx.gitlab-ci.yml +++ b/nginx.gitlab-ci.yml @@ -105,5 +105,7 @@ dast: container_scanning: needs: - Docker Build + before_script: + - export BASE_TAG=build-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}-$(echo ${CI_PIPELINE_CREATED_AT} | cut -d "T" -f1)-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO} variables: - CS_IMAGE: build-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}-$(echo ${CI_PIPELINE_CREATED_AT} | cut -d "T" -f1)-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO} \ No newline at end of file + CS_IMAGE: ${BASE_TAG} \ No newline at end of file -- GitLab From fb1c0ea65ff6487642ba10b025a9c4aa094ebfdd Mon Sep 17 00:00:00 2001 From: Tristan Date: Mon, 15 May 2023 13:41:19 +0200 Subject: [PATCH 56/58] chore(ci): set container scanning Dockerfile path --- nginx.gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nginx.gitlab-ci.yml b/nginx.gitlab-ci.yml index 7259274..eee5595 100644 --- a/nginx.gitlab-ci.yml +++ b/nginx.gitlab-ci.yml @@ -108,4 +108,5 @@ container_scanning: before_script: - export BASE_TAG=build-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}-$(echo ${CI_PIPELINE_CREATED_AT} | cut -d "T" -f1)-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO} variables: - CS_IMAGE: ${BASE_TAG} \ No newline at end of file + CS_IMAGE: ${BASE_TAG} + CS_DOCKERFILE_PATH: /images/nginx/${DISTRO}/Dockerfile \ No newline at end of file -- GitLab From e0e76e45508789789d6ff9503c8118e8be773c4f Mon Sep 17 00:00:00 2001 From: Tristan Date: Mon, 15 May 2023 13:45:06 +0200 Subject: [PATCH 57/58] chore(ci): I give up; disable container scanning --- nginx.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx.gitlab-ci.yml b/nginx.gitlab-ci.yml index eee5595..90d46fb 100644 --- a/nginx.gitlab-ci.yml +++ b/nginx.gitlab-ci.yml @@ -75,7 +75,7 @@ include: - template: Jobs/Code-Intelligence.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Code-Intelligence.gitlab-ci.yml - template: Jobs/Browser-Performance-Testing.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.gitlab-ci.yml - template: Security/DAST.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml - - template: Jobs/Container-Scanning.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml + # - template: Jobs/Container-Scanning.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml - template: Jobs/Dependency-Scanning.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml - template: Jobs/License-Scanning.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml - template: Jobs/SAST.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml -- GitLab From 0ac3bc23309a54e4c5d6162cd04429e78971433e Mon Sep 17 00:00:00 2001 From: Tristan Date: Mon, 15 May 2023 13:48:53 +0200 Subject: [PATCH 58/58] chore(ci): remove container scanning (again) --- nginx.gitlab-ci.yml | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/nginx.gitlab-ci.yml b/nginx.gitlab-ci.yml index 90d46fb..147dda4 100644 --- a/nginx.gitlab-ci.yml +++ b/nginx.gitlab-ci.yml @@ -75,7 +75,6 @@ include: - template: Jobs/Code-Intelligence.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Code-Intelligence.gitlab-ci.yml - template: Jobs/Browser-Performance-Testing.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.gitlab-ci.yml - template: Security/DAST.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml - # - template: Jobs/Container-Scanning.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml - template: Jobs/Dependency-Scanning.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml - template: Jobs/License-Scanning.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml - template: Jobs/SAST.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml @@ -100,13 +99,4 @@ dast: DAST_BROWSER_SCAN: "true" # use the browser-based GitLab DAST crawler services: # use services to link your app container to the dast job - name: ${CI_REGISTRY_IMAGE}:${BASE_TAG} - alias: nginx - -container_scanning: - needs: - - Docker Build - before_script: - - export BASE_TAG=build-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}-$(echo ${CI_PIPELINE_CREATED_AT} | cut -d "T" -f1)-${NGINX_VERSION}-${NGINX_BRANCH}-${DISTRO} - variables: - CS_IMAGE: ${BASE_TAG} - CS_DOCKERFILE_PATH: /images/nginx/${DISTRO}/Dockerfile \ No newline at end of file + alias: nginx \ No newline at end of file -- GitLab