Merge branch 'fix-merge-train' into 'develop'

Fix merge train See merge request !211

Merge branch 'fix-merge-train' into 'develop'
0f6732b8 · Neil-Jocelyn Schark · 75bacde2 · 105e4fe9 · 0f6732b8 · 0f6732b8
Commit 0f6732b8 authored 3 years ago by Neil-Jocelyn Schark
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -5,19 +5,14 @@ variables:
  GOLANG_VERSION: "1.16"

 stages:
-  - .pre
  - build
  - test
+  - analyze
  - apply
  - integration-test
  - deploy
  - .post

-workflow:
-  rules:
-    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
-      when: never
-    - when: always

 include:
  - local: '/.gitlab/ci/.build-container.yml'

--- a/.gitlab/ci/.build-container.yml
+++ b/.gitlab/ci/.build-container.yml
@@ -5,6 +5,14 @@
    entrypoint: [ "" ]
  variables:
    TAG: $CI_COMMIT_BRANCH
+  before_script:
+      # replace all slashes in the tag with hyphen, because slashes are not allowed in tags
+    - TAG=${TAG//\//-}
+    - mkdir -p /kaniko/.docker
+    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"},\"$CI_DEPENDENCY_PROXY_SERVER\":{\"username\":\"$CI_DEPENDENCY_PROXY_USER\",\"password\":\"$CI_DEPENDENCY_PROXY_TOKEN\"}}}" > /kaniko/.docker/config.json
+  needs: []
+
+build-testing-image:
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
      variables:
@@ -14,14 +22,6 @@
        TAG: develop
        BUILDARGS: -race
    - when: always
-  before_script:
-      # replace all slashes in the tag with hyphen, because slashes are not allowed in tags
-    - TAG=${TAG//\//-}
-    - mkdir -p /kaniko/.docker
-    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" >/kaniko/.docker/config.json
-  needs: []
-
-build-testing-image:
  script:
    - /kaniko/executor
      --cache=true
@@ -29,11 +29,23 @@ build-testing-image:
      --dockerfile "Dockerfile"
      --build-arg "GOLANG_VERSION=$GOLANG_VERSION"
      --build-arg "BUILDARGS=$BUILDARGS"
+      --build-arg "GITLAB_PROXY=${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/"
      --destination "$GOSDN_TESTING_IMAGE"
      --target "installer"
  <<: *build

 build-image:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE != "merge_request_event"'
+      when: never
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+      variables:
+        TAG: latest
+    - if: $CI_COMMIT_BRANCH == "develop"
+      variables:
+        TAG: develop
+        BUILDARGS: -race
+    - when: always
  script:
    - /kaniko/executor
      --cache=true
@@ -41,6 +53,9 @@ build-image:
      --dockerfile "Dockerfile"
      --build-arg "GOLANG_VERSION=$GOLANG_VERSION"
      --build-arg "BUILDARGS=$BUILDARGS"
+      --build-arg "GITLAB_PROXY=${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/"
      --destination "$GOSDN_IMAGE"
      --destination "$CI_REGISTRY_IMAGE:$TAG"
  <<: *build
+
+      #--build-arg "GITLAB_PROXY=${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/"
--- a/.gitlab/ci/.code-quality-ci.yml
+++ b/.gitlab/ci/.code-quality-ci.yml
 code-quality:
-  image: golangci/golangci-lint:latest-alpine
-  stage: test
+  image: ${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/golangci/golangci-lint:latest-alpine
+  stage: analyze
  script:
    # writes golangci-lint output to gl-code-quality-report.json
    - golangci-lint run --config .gitlab/ci/.golangci-config/.golangci.yml --out-format code-climate | tee gl-code-quality-report.json

--- a/.gitlab/ci/.containerlab-ci.yml
+++ b/.gitlab/ci/.containerlab-ci.yml
@@ -5,6 +5,10 @@ variables:
 # Templates for Job Types
 .containerlab_deploy: &containerlab_deploy
  stage: apply
+  rules:
+    - if: '$CI_PIPELINE_SOURCE != "merge_request_event"'
+      when: never
+    - when: on_success
  tags:
    - shell
  before_script:
@@ -16,8 +20,12 @@ variables:
    - docker pull ${CEOS_IMAGE}

 .containerlab_template: &containerlab_template
-  image: alpine:latest
+  image: ${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/alpine:latest
  stage: build
+  rules:
+    - if: '$CI_PIPELINE_SOURCE != "merge_request_event"'
+      when: never
+    - when: on_success
  before_script:
    - export PATH="${PATH}:${CI_PROJECT_DIR}/.gitlab/ci/scripts"
    - firstOctet=$(generate_octet.sh $CI_COMMIT_SHA)
@@ -61,6 +69,10 @@ containerlab:deploy:integration:


 containerlab:destroy:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE != "merge_request_event"'
+      when: never
+    - when: always
  stage: .post
  tags:
    - shell
@@ -72,7 +84,6 @@ containerlab:destroy:
    - docker volume rm -f ${CLAB_NAME}-volume
    - docker image rm -f ${GOSDN_IMAGE}
  allow_failure: true
-  when: always


 #containerlab:template:develop:

--- a/.gitlab/ci/.deploy-k8s.yml
+++ b/.gitlab/ci/.deploy-k8s.yml
 build:k8s-bot:
  stage: build
-  image: golang:$GOLANG_VERSION
+  image: ${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/golang:$GOLANG_VERSION
  rules:
    - if: $CI_COMMIT_BRANCH == "develop"
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
@@ -14,7 +14,7 @@ build:k8s-bot:

 .deploy: &deploy
  image: 
-    name: bitnami/kubectl:latest
+    name: ${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/bitnami/kubectl:latest
    entrypoint: [""]
  before_script:
    - echo "override global before script"

--- a/.gitlab/ci/.integration-test.yml
+++ b/.gitlab/ci/.integration-test.yml
 .integration-test: &integration-test
  image: $GOSDN_TESTING_IMAGE
  stage: integration-test
+  rules:
+    - if: '$CI_PIPELINE_SOURCE != "merge_request_event"'
+      when: never
+    - when: on_success
  needs:
    - job: "containerlab:deploy:integration"
  tags:

--- a/.gitlab/ci/.security-and-compliance-ci.yml
+++ b/.gitlab/ci/.security-and-compliance-ci.yml
+.rules: &rules
+  stage: analyze
+  rules:
+    - if: '$CI_PIPELINE_SOURCE != "merge_request_event"'
+      when: never
+    - when: always
+  needs: []
+
 sast:
  variables:
    SAST_ANALYZER_IMAGE_TAG: '2'
@@ -8,3 +16,33 @@ include:
  - template: Security/SAST.gitlab-ci.yml
  - template: Dependency-Scanning.gitlab-ci.yml
  - template: Security/License-Scanning.gitlab-ci.yml
+#  - template: Security/Secret-Detection.gitlab-ci.yml
+  - template: Security/Container-Scanning.gitlab-ci.yml
+
+gemnasium-dependency_scanning:
+  <<: *rules
+
+gosec-sast:
+  <<: *rules
+
+license_scanning:
+  <<: *rules
+
+semgrep-sast:
+  <<: *rules
+
+#secret_detection:
+#  <<: *rules
+
+container_scanning:
+  stage: analyze
+  rules:
+    - if: '$CI_PIPELINE_SOURCE != "merge_request_event"'
+      when: never
+    - when: always
+  variables:
+    DOCKER_IMAGE: "${GOSDN_IMAGE}"
+    DOCKER_USER: "${CI_REGISTRY_USER}"
+    DOCKER_PASSWORD: "${CI_REGISTRY_PASSWORD}"
+  needs: 
+    - build-image
--- a/.gitlab/ci/.test.yml
+++ b/.gitlab/ci/.test.yml
 .test: &test
  image: $GOSDN_TESTING_IMAGE
  stage: test
+  rules:
+    - when: on_success
  variables:
    GOSDN_LOG: "nolog"
    GOSDN_CHANGE_TIMEOUT: "100ms"
@@ -24,3 +26,10 @@ controller-test:
  script:
    - gotestsum --junitfile report.xml --format testname -- -race -v -run TestRun
  <<: *test
+
+test-build:
+  artifacts:
+    when: never
+  script:
+    - GOOS=linux go build $BUILDARGS ./cmd/gosdn
+  <<: *test
--- a/.gitlab/ci/.uml-autogen-ci.yml
+++ b/.gitlab/ci/.uml-autogen-ci.yml
 goplantuml:
-    image: golang:$GOLANG_VERSION
+    image: ${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/golang:$GOLANG_VERSION
    stage: .post
    only:
        - develop

--- a/Dockerfile
+++ b/Dockerfile
 ARG GOLANG_VERSION=1.16
 ARG BUILDARGS
+ARG $GITLAB_PROXY

-FROM golang:$GOLANG_VERSION-buster AS installer
+FROM ${GITLAB_PROXY}golang:$GOLANG_VERSION-buster AS installer

 WORKDIR /src/gosdn
 COPY go.* ./
@@ -13,7 +14,7 @@ COPY . ./

 RUN GOOS=linux go build $BUILDARGS ./cmd/gosdn

-FROM debian:bullseye
+FROM ${GITLAB_PROXY}debian:bullseye
 EXPOSE 8080
 EXPOSE 55055
 COPY --from=builder /src/gosdn/gosdn .