Configure SAST in `.gitlab-ci.yml`, creating this file if it does not already exist

1bc791d6 · Torma Kristóf · 46904968 · 1bc791d6
Commit 1bc791d6 authored 2 years ago by Torma Kristóf
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+# You can override the included template(s) by including variable overrides
+# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
+# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
+# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
+# Note that environment variables can be set in several places
+# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
 image: python:3.11
-
-#services:
-#  - postgres:13
-
 variables:
  POSTGRES_DB: kszkepzes
-  CONTAINER_IMAGE: 'harbor.sch.bme.hu/kszk/$CI_PROJECT_NAME:$CI_COMMIT_REF_NAME'
-
+  CONTAINER_IMAGE: harbor.sch.bme.hu/kszk/$CI_PROJECT_NAME:$CI_COMMIT_REF_NAME
 cache:
-  key: '$CI_JOB_NAME-$CI_COMMIT_REF_SLUG'
+  key: "$CI_JOB_NAME-$CI_COMMIT_REF_SLUG"
  paths:
-    - .cache/pip
+  - ".cache/pip"
  - env/
-
 stages:
 - Test and Flake8
 - Docker Build
 - deploy
-
+- test
 Flake8:
  stage: Test and Flake8
  only:
  - dev
  - master
  - tags
-  tags: [kszk]
+  tags:
+  - kszk
  script:
  - python -V
  - python3 -m venv env
  - source env/bin/activate
  - pip install -r requirements/production.txt
  - flake8 --max-line-length=125 --exclude=src/kszkepzes,migrations,env
-
-# TODO write tests
-# Test:
-#   stage: Test and Flake8
-#   only:
-#     - dev
-#     - master
-#   tags: [kszk]
-#   variables:
-#     DATABASE_URL: 'postgresql://postgres:postgres@postgres:5432/$POSTGRES_DB'
-#     SECRET_KEY: 'secret'
-#     AUTHSCH_KEY: 'secret'
-#     AUTHSCH_SECRET: 'secret'
-#   script:
-#     - python -V
-#     - python3 -m venv env
-#     - source env/bin/activate
-#     - pip install -r requirements/production.txt
-#     - python src/manage.py test
-
 Docker build to KSZK registry:
  stage: Docker Build
-  tags: [kszk]
+  tags:
+  - kszk
  only:
  - tags
  image:
    name: gcr.io/kaniko-project/executor:debug
-    entrypoint: ['']
+    entrypoint:
+    - ''
  script:
-    - echo "{\"auths\":{\"harbor.sch.bme.hu\":{\"username\":\"$REGISTRY_USER\",\"password\":\"$REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
-    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CONTAINER_IMAGE
-
+  - echo "{\"auths\":{\"harbor.sch.bme.hu\":{\"username\":\"$REGISTRY_USER\",\"password\":\"$REGISTRY_PASSWORD\"}}}"
+    > /kaniko/.docker/config.json
+  - "/kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile
+    --destination $CONTAINER_IMAGE"
 Deploy to Kubernetes:
  stage: deploy
  image: alpine
-  tags: [kszk]
+  tags:
+  - kszk
  environment:
    name: master
  before_script:
@@ -79,9 +65,14 @@ Deploy to Kubernetes:
  script:
  - cd k8s
  - sed -i "s|##IMAGETAG##|${CI_COMMIT_REF_NAME}|" deployment.yml
-    # A kovetkezo ket sor egy undorito workaround a mindig valtozo init kontenerek miatt letrejovo es beakado replicasetek miatt. Pls replace, ha van jobb otlet.
-    - kubectl delete deployment --namespace=devteam-kszk-bme-hu apache-kszkepzes || true
-    - kubectl delete deployment --namespace=devteam-kszk-bme-hu kszkepzes-backend || true
+  - kubectl delete deployment --namespace=devteam-kszk-bme-hu apache-kszkepzes ||
+    true
+  - kubectl delete deployment --namespace=devteam-kszk-bme-hu kszkepzes-backend ||
+    true
  - kubectl apply -f deployment.yml
  only:
  - tags
+sast:
+  stage: test
+include:
+- template: Security/SAST.gitlab-ci.yml