Merge branch 'add-cicd-pipeline' into 'main'

Add basic CI/CD functionality See merge request !6

Merge branch 'add-cicd-pipeline' into 'main'
aac4c10c · Mick Veldhuis · 147c0546 · 05c320e7 · aac4c10c · aac4c10c
Commit aac4c10c authored 7 months ago by Mick Veldhuis
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+default:
+  image: 
+    name: $CI_REGISTRY_IMAGE/ci-build-runner:$CI_COMMIT_REF_SLUG
+    pull_policy: [always]
+workflow:
+  rules:
+    # Do not create (detached) pipelines on merge request events
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+      when: never
+    - when: always
+stages:
+  - prepare
+  - test
+include:
+  - template: Security/SAST.gitlab-ci.yml
+  - template: Security/Dependency-Scanning.gitlab-ci.yml
+  - template: Security/Secret-Detection.gitlab-ci.yml
+# Prepare image to run ci on
+trigger_prepare:
+  stage: prepare
+  trigger:
+    strategy: depend
+    include: .prepare.gitlab-ci.yml
+sast:
+  variables:
+    SAST_EXCLUDED_ANALYZERS: brakeman, kubesec, nodejs-scan, phpcs-security-audit,
+      pmd-apex, sobelow, spotbugs
+  stage: test
+# Validate the top-level workflow(s) and their input(s)
+validate:
+  stage: test
+  needs: ["trigger_prepare"]
+  script:
+    - cwltool --validate workflows/pipeline.cwl tests/pipeline_input.json
--- a/.prepare.gitlab-ci.yml
+++ b/.prepare.gitlab-ci.yml
+stages:
+  - build
+build_ci_runner_image:
+  stage: build
+  image: docker
+  tags:
+    - dind
+  script:
+    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    - |
+      if docker pull $CI_REGISTRY_IMAGE/ci-build-runner:$CI_COMMIT_REF_SLUG; then
+        docker build --cache-from $CI_REGISTRY_IMAGE/ci-build-runner:$CI_COMMIT_REF_SLUG --tag $CI_REGISTRY_IMAGE/ci-build-runner:$CI_COMMIT_REF_SLUG docker/ci-runner
+      else
+        docker pull $CI_REGISTRY_IMAGE/ci-build-runner:latest || true
+        docker build --cache-from $CI_REGISTRY_IMAGE/ci-build-runner:latest --tag $CI_REGISTRY_IMAGE/ci-build-runner:$CI_COMMIT_REF_SLUG docker/ci-runner
+      fi
+    - docker push $CI_REGISTRY_IMAGE/ci-build-runner:$CI_COMMIT_REF_SLUG  # push the image
+    - |
+      if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
+        docker image tag $CI_REGISTRY_IMAGE/ci-build-runner:$CI_COMMIT_REF_SLUG $CI_REGISTRY_IMAGE/ci-build-runner:latest
+        docker push $CI_REGISTRY_IMAGE/ci-build-runner:latest
+      fi
--- a/docker/ci-runner/Dockerfile
+++ b/docker/ci-runner/Dockerfile
+FROM ubuntu:22.04
+# This Docker image contains the bare necessities to 
+# validate the project's CWL scripts.
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y \
+    wget \
+    python3 \
+    && \
+    rm -rf /var/lib/apt/lists/*
+RUN wget -q https://bootstrap.pypa.io/get-pip.py && \
+    python3 get-pip.py
+RUN python3 -m pip install --no-cache-dir --upgrade \
+    nodejs-wheel \
+    cwltool
+RUN node --version
+RUN cwltool --version