forked from CTFd/CTFd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
228 lines (210 loc) · 5.27 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
stages:
- dependencies
- lint
- test
- sast
- containerize
variables:
POSTGRES_HOST_AUTH_METHOD: trust
POSTGRES_DB: ctfd
POSTGRES_PASSWORD: password
AWS_ACCESS_KEY_ID: AKIAIOSFODNN7EXAMPLE
AWS_SECRET_ACCESS_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
MYSQL_ROOT_PASSWORD: password
PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
YARN_CACHE_FOLDER: "$CI_PROJECT_DIR/.cache/yarn"
SAST_EXCLUDED_PATHS: "spec, test, tests, tmp, populate.py"
include:
- template: Security/SAST.gitlab-ci.yml
python dependencies:
stage: dependencies
image: nikolaik/python-nodejs:python3.9-nodejs18
script:
- pip install virtualenv
- virtualenv venv
- source venv/bin/activate
- python -m pip install --upgrade pip
- python -m pip install -r development.txt
artifacts:
name: Python virtual environment
paths:
- venv
expire_in: 24 hours
cache:
- key: pip-cache
paths:
- "$PIP_CACHE_DIR"
- key: yarn-cache
paths:
- "$YARN_CACHE_FOLDER"
node dependencies:
stage: dependencies
image: nikolaik/python-nodejs:python3.9-nodejs18
script:
- yarn install --non-interactive
artifacts:
name: Node modules
paths:
- node_modules
expire_in: 24 hours
lint dockerfile:
stage: lint
image: hadolint/hadolint:latest-debian
needs: []
script:
- mkdir -p reports
- hadolint -f gitlab_codeclimate Dockerfile > reports/hadolint-$(md5sum Dockerfile | cut -d" " -f1).json
lint docker-compose:
stage: lint
image: python:3.9.13-bullseye
needs: []
script:
- python -m pip install docker-compose==1.26.0
- docker-compose -f docker-compose.yml config
flake8:
stage: lint
image: nikolaik/python-nodejs:python3.9-nodejs18
dependencies:
- python dependencies
needs:
- python dependencies
script:
- source venv/bin/activate
- flake8 --ignore=E402,E501,E712,W503,E203 --exclude=CTFd/uploads CTFd/ migrations/ tests/
black:
stage: lint
image: nikolaik/python-nodejs:python3.9-nodejs18
dependencies:
- python dependencies
needs:
- python dependencies
script:
- source venv/bin/activate
- black --check --diff --exclude=CTFd/uploads --exclude=node_modules .
yarn lint:
stage: lint
image: nikolaik/python-nodejs:python3.9-nodejs18
dependencies:
- node dependencies
needs:
- node dependencies
script:
- yarn lint
prettier:
stage: lint
image: nikolaik/python-nodejs:python3.9-nodejs18
dependencies:
- node dependencies
needs:
- node dependencies
script:
- yarn global add prettier@1.17.0
- prettier --check 'CTFd/themes/**/assets/**/*'
- prettier --check '**/*.md'
.pytest:
stage: test
image: nikolaik/python-nodejs:python3.9-nodejs18
dependencies:
- python dependencies
needs:
- python dependencies
- node dependencies
- flake8
- black
script:
- source venv/bin/activate
- rm -f /etc/boto.cfg
- |
pytest -rf --cov=CTFd --cov-context=test --cov-report=xml:reports/coverage/${DB_DRIVER}pytest.xml \
--junitxml=reports/tests/pytest.xml \
--ignore-glob="**/node_modules/" \
--ignore=node_modules/ \
-W ignore::sqlalchemy.exc.SADeprecationWarning \
-W ignore::sqlalchemy.exc.SAWarning \
-n auto
artifacts:
reports:
coverage_report:
coverage_format: cobertura
path: "reports/coverage/*.xml"
junit: "reports/tests/*.xml"
postgres:
extends: .pytest
timeout: 24 hours
services:
- redis:latest
- postgres:latest
variables:
TESTING_DATABASE_URL: postgres://postgres:password@postgres:5432/ctfd
DB_DRIVER: "postgres"
when: manual
mysql:
extends: .pytest
timeout: 24 hours
services:
- mysql:5.7
- redis:latest
variables:
TESTING_DATABASE_URL: mysql+pymysql://root:password@mysql:3306/ctfd
DB_DRIVER: "mysql"
when: manual
sqlite:
extends: .pytest
timeout: 15 minutes
services:
- mysql:5.7
- redis:latest
variables:
TESTING_DATABASE_URL: 'sqlite://'
DB_DRIVER: "sqlite"
bandit:
image: nikolaik/python-nodejs:python3.9-nodejs18
dependencies:
- python dependencies
needs:
- python dependencies
- flake8
- black
script:
- source venv/bin/activate
- bandit -r CTFd -x CTFd/uploads --skip B105,B322
yarn verify:
image: nikolaik/python-nodejs:python3.9-nodejs18
dependencies:
- node dependencies
needs:
- node dependencies
- yarn lint
- prettier
script:
- yarn verify
sast:
dependencies:
- python dependencies
- node dependencies
needs:
- python dependencies
- node dependencies
containerize:
stage: containerize
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
needs:
- sqlite
- lint dockerfile
- bandit
- yarn verify
script:
- |
if [[ "${CI_COMMIT_BRANCH}" != "${CI_DEFAULT_BRANCH}" ]];
then
SUFFIX="/${CI_COMMIT_REF_SLUG}"
fi
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
- >-
/kaniko/executor
--context "${CI_PROJECT_DIR}"
--dockerfile "${CI_PROJECT_DIR}/Dockerfile"
--destination "${CI_REGISTRY_IMAGE}${SUFFIX}:${CI_COMMIT_TAG}"