Configure SAST in `.gitlab-ci.yml`, creating this file if it does not already exist
parent
aa4cb3f9a8
commit
a95ec6b3d2
@ -1,75 +1,46 @@
|
|||||||
# This file is a template, and might need editing before it works on your project.
|
# You can override the included template(s) by including variable overrides
|
||||||
# Official language image. Look for the different tagged releases at:
|
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
|
||||||
# https://hub.docker.com/r/library/python/tags/
|
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
|
||||||
|
# Note that environment variables can be set in several places
|
||||||
|
# See https://docs.gitlab.com/ee/ci/variables/#priority-of-environment-variables
|
||||||
image: python:3.9.6
|
image: python:3.9.6
|
||||||
stages:
|
stages:
|
||||||
- test
|
- test
|
||||||
- run
|
- run
|
||||||
- package
|
- package
|
||||||
# Change pip's cache directory to be inside the project directory since we can
|
|
||||||
# only cache local items.
|
|
||||||
variables:
|
variables:
|
||||||
PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
|
PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
|
||||||
|
|
||||||
# Pip's cache doesn't store the python packages
|
|
||||||
# https://pip.pypa.io/en/stable/reference/pip_install/#caching
|
|
||||||
#
|
|
||||||
# If you want to also cache the installed packages, you have to install
|
|
||||||
# them in a virtualenv and cache it as well.
|
|
||||||
cache:
|
cache:
|
||||||
paths:
|
paths:
|
||||||
- .cache/pip
|
- ".cache/pip"
|
||||||
- venv/
|
- venv/
|
||||||
|
|
||||||
#before_script:
|
|
||||||
# - python -V # Print out python version for debugging
|
|
||||||
# - pip install virtualenv
|
|
||||||
# - virtualenv venv
|
|
||||||
# - source venv/bin/activate
|
|
||||||
# - pip install -r requirements.txt
|
|
||||||
|
|
||||||
test:
|
test:
|
||||||
stage: test
|
stage: test
|
||||||
script:
|
script:
|
||||||
- echo "TEST"
|
- echo "TEST"
|
||||||
# - python setup.py test
|
|
||||||
# - pip install tox flake8 # you can also use tox
|
|
||||||
# - tox -e py36,flake8
|
|
||||||
|
|
||||||
run:
|
run:
|
||||||
stage: run
|
stage: run
|
||||||
script:
|
script:
|
||||||
- python -V # Print out python version for debugging
|
- python -V
|
||||||
- pip install virtualenv
|
- pip install virtualenv
|
||||||
- virtualenv venv
|
- virtualenv venv
|
||||||
- source venv/bin/activate
|
- source venv/bin/activate
|
||||||
- pip install -r requirements.txt
|
- pip install -r requirements.txt
|
||||||
- python test.py
|
- python test.py
|
||||||
|
|
||||||
|
|
||||||
docker:
|
docker:
|
||||||
tags:
|
tags:
|
||||||
- shell
|
- shell
|
||||||
stage: package
|
stage: package
|
||||||
only:
|
only:
|
||||||
- master
|
- master
|
||||||
script:
|
script:
|
||||||
- echo "package docker"
|
- echo "package docker"
|
||||||
- docker info
|
- docker info
|
||||||
- docker login -u echo0821 -p Lkq2mapp565688 registry.hub.docker.com
|
- docker login -u echo0821 -p Lkq2mapp565688 registry.hub.docker.com
|
||||||
- docker build -t registry.hub.docker.com/echo0821/web-methodology:latest .
|
- docker build -t registry.hub.docker.com/echo0821/web-methodology:latest .
|
||||||
- docker push registry.hub.docker.com/echo0821/web-methodology:latest
|
- docker push registry.hub.docker.com/echo0821/web-methodology:latest
|
||||||
- docker rmi registry.hub.docker.com/echo0821/web-methodology
|
- docker rmi registry.hub.docker.com/echo0821/web-methodology
|
||||||
# - docker tag registry.hub.docker.com/echo0821/web-project:latest registry.heroku.com/comp3019j-web-dev/web
|
sast:
|
||||||
# - docker push registry.heroku.com/comp3019j-web-dev/web
|
stage: test
|
||||||
|
include:
|
||||||
# pages:
|
- template: Security/SAST.gitlab-ci.yml
|
||||||
# script:
|
|
||||||
# - pip install sphinx sphinx-rtd-theme
|
|
||||||
# - cd doc ; make html
|
|
||||||
# - mv build/html/ ../public/
|
|
||||||
# artifacts:
|
|
||||||
# paths:
|
|
||||||
# - public
|
|
||||||
# rules:
|
|
||||||
# - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
|
||||||
|
Loading…
Reference in New Issue