compliance-app/.pipeline-config.yaml at master · olegaria/compliance-app · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
version: '1'

setup:
  image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi@sha256:d59863621d3ba1b9bd47f76950c751e842405f9c303d0d4d4298d964b664ee85
  script: |
    #!/usr/bin/env bash

    source scripts/code_setup.sh

test:
  abort_on_failure: false
  image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi@sha256:d59863621d3ba1b9bd47f76950c751e842405f9c303d0d4d4298d964b664ee85
  script: |
    #!/usr/bin/env bash

    cd ../"$(load_repo app-repo path)"
    npm install
    npm ci
    npm test

static-scan:
  dind: true
  image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi@sha256:d59863621d3ba1b9bd47f76950c751e842405f9c303d0d4d4298d964b664ee85
  script: |
    #!/usr/bin/env bash
    if [ -z "$(get_env opt-in-sonar "")" ]; then
      echo "If you want to enable this stage, add 'opt-in-sonar' parameter to your pipeline with any value." >&2
    else
      chmod 777 scripts/sonarqube/sonarqube_run
      scripts/sonarqube/sonarqube_run
    fi

containerize:
  dind: true
  image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi@sha256:d59863621d3ba1b9bd47f76950c751e842405f9c303d0d4d4298d964b664ee85
  script: |
    #!/usr/bin/env bash

    if [[ "$PIPELINE_DEBUG" == 1 ]]; then
      trap env EXIT
      env
      set -x
    fi

    source scripts/build_setup.sh
    source scripts/build.sh

deploy:
  image: icr.io/continuous-delivery/pipeline/pipeline-base-image@sha256:c1e9d5a9674a093635c386f96d35781aea7cad6cc1da86991ee1a85c854216f8
  script: |
    #!/usr/bin/env bash

    if [[ "$PIPELINE_DEBUG" == 1 ]]; then
      trap env EXIT
      env
      set -x
    fi

    source scripts/deploy_setup.sh
    source scripts/deploy.sh

sign-artifact:
  abort_on_failure: false
  image: icr.io/continuous-delivery/pipeline/image-signing:1.0.0@sha256:e9d8e354668ba3d40be2aaee08298d2aa7f0e1c8a1829cca4094ec93830e3e6a
  script: |
      #!/usr/bin/env bash
      STAGE_DIND="true"
      STAGE_ABORT_ON_FAILURE="false"
      STAGE_IMAGE_PULL_POLICY="IfNotPresent"

      source scripts/sign_image.sh

acceptance-test:
  abort_on_failure: false
  image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi@sha256:d59863621d3ba1b9bd47f76950c751e842405f9c303d0d4d4298d964b664ee85
  script: |
    #!/usr/bin/env bash
    npm install
    npm ci
    export APP_URL=$(cat ../app-url)
    npm run acceptance-test

release:
  abort_on_failure: false
  image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi@sha256:d59863621d3ba1b9bd47f76950c751e842405f9c303d0d4d4298d964b664ee85
  script: |
    #!/usr/bin/env bash

    source scripts/release.sh

scan-artifact:
  abort_on_failure: false
  image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi@sha256:d59863621d3ba1b9bd47f76950c751e842405f9c303d0d4d4298d964b664ee85
  script: |
    #!/usr/bin/env bash

    source scripts/va_scan.sh

dynamic-scan:
  dind: true
  abort_on_failure: false
  image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi@sha256:d59863621d3ba1b9bd47f76950c751e842405f9c303d0d4d4298d964b664ee85
  script: |
    #!/usr/bin/env bash
    export APP_URL=$(cat ../app-url)
    echo "APP_URL is ${APP_URL}"

    set_env "app-url" "$APP_URL"
    set_env "target-application-server-url" "$APP_URL"

    source scripts/zap/trigger_zap_scans