forked from aws-quickstart/quickstart-ibm-liberty-eks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.one-pipeline.yaml
154 lines (141 loc) · 6.72 KB
/
.one-pipeline.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
version: "1"
setup:
image: icr.io/continuous-delivery/pipeline/pipeline-base-image:2.15
script: |
#!/usr/bin/env bash
test:
abort_on_failure: false
image: icr.io/continuous-delivery/pipeline/pipeline-base-image:2.12@sha256:ff4053b0bca784d6d105fee1d008cfb20db206011453071e86b69ca3fde706a4
script: |
#!/usr/bin/env bash
echo "in test"
PERIODIC_SCAN=$(get_env periodic-rescan)
PERIODIC_SCAN="$(echo "$PERIODIC_SCAN" | tr '[:upper:]' '[:lower:]')"
if [[ ! -z "$PERIODIC_SCAN" && "$PERIODIC_SCAN" != "false" && "$PERIODIC_SCAN" != "no" ]]; then
echo "Skipping unit-tests. This is a periodic run that is only meant to produce CVE information."
exit 0
fi
static-scan:
dind: true
image: icr.io/continuous-delivery/pipeline/pipeline-base-image:2.12@sha256:ff4053b0bca784d6d105fee1d008cfb20db206011453071e86b69ca3fde706a4
script: |
#!/usr/bin/env bash
# scan for open liberty and websphere liberty submodules?
PERIODIC_SCAN=$(get_env periodic-rescan)
PERIODIC_SCAN="$(echo "$PERIODIC_SCAN" | tr '[:upper:]' '[:lower:]')"
if [[ ! -z "$PERIODIC_SCAN" && "$PERIODIC_SCAN" != "false" && "$PERIODIC_SCAN" != "no" ]]; then
echo "Skipping unit-tests. This is a periodic run that is only meant to produce CVE information."
exit 0
fi
read -r SONAR_HOST_URL <<< "$(get_env sonarqube | jq -r '.parameters.dashboard_url' | sed 's:/*$::')"
read -r SONAR_USER <<< "$(get_env sonarqube | jq -r '.parameters.user_login')"
SONARQUBE_INSTANCE_ID=$(get_env sonarqube | jq -r '.instance_id')
read -r SONAR_PASS <<< "$(jq -r --arg sonar_instance "$SONARQUBE_INSTANCE_ID" '[.services[] | select(."service_id"=="sonarqube")][] | select(."instance_id"==$sonar_instance) | .parameters.user_password' /toolchain/toolchain.json)"
touch "$WORKSPACE"/quickstart-ibm-liberty-eks/sonar-project.properties
cat << EOF > "$WORKSPACE"/quickstart-ibm-liberty-eks/sonar-project.properties
sonar.projectKey=quickstart-ibm-liberty-eks
sonar.host.url=$SONAR_HOST_URL
sonar.sources=.
sonar.login=$SONAR_USER
sonar.password=$SONAR_PASS
sonar.c.file.suffixes=-
sonar.cpp.file.suffixes=-
sonar.objc.file.suffixes=-
EOF
chmod -x "$WORKSPACE"/quickstart-ibm-liberty-eks/sonar-project.properties
#echo "$SONAR_PASS" >> /tmp/sonarqube-token
"${ONE_PIPELINE_PATH}"/internal/sonarqube/sonarqube_run
containerize:
abort_on_failure: true
dind: true
image: icr.io/continuous-delivery/pipeline/pipeline-base-image:2.12@sha256:ff4053b0bca784d6d105fee1d008cfb20db206011453071e86b69ca3fde706a4
script: |
#!/usr/bin/env bash
if [[ ! -z "$PERIODIC_SCAN" && "$PERIODIC_SCAN" != "false" && "$PERIODIC_SCAN" != "no" ]]; then
echo "Skipping build. This is a periodic run that is only meant to produce CVE information."
exit 0
fi
echo "MEND unified agent scan"
chmod +x "${COMMONS_PATH}/whitesource/whitesource_unified_agent_scan.sh"
source "${COMMONS_PATH}/whitesource/whitesource_unified_agent_scan.sh"
sign-artifact:
abort_on_failure: false
image: icr.io/continuous-delivery/pipeline/image-signing:1.0.0@sha256:e9d8e354668ba3d40be2aaee08298d2aa7f0e1c8a1829cca4094ec93830e3e6a
script: |
#!/usr/bin/env bash
echo "sign-artifact"
PERIODIC_SCAN=$(get_env periodic-rescan)
PERIODIC_SCAN="$(echo "$PERIODIC_SCAN" | tr '[:upper:]' '[:lower:]')"
if [[ ! -z "$PERIODIC_SCAN" && "$PERIODIC_SCAN" != "false" && "$PERIODIC_SCAN" != "no" ]]; then
echo "Skipping unit-tests. This is a periodic run that is only meant to produce CVE information."
exit 0
fi
deploy:
abort_on_failure: true
image: icr.io/continuous-delivery/pipeline/pipeline-base-image:2.12@sha256:ff4053b0bca784d6d105fee1d008cfb20db206011453071e86b69ca3fde706a4
script: |
#!/usr/bin/env bash
echo "in deploy"
PERIODIC_SCAN=$(get_env periodic-rescan)
PERIODIC_SCAN="$(echo "$PERIODIC_SCAN" | tr '[:upper:]' '[:lower:]')"
if [[ ! -z "$PERIODIC_SCAN" && "$PERIODIC_SCAN" != "false" && "$PERIODIC_SCAN" != "no" ]]; then
echo "Skipping unit-tests. This is a periodic run that is only meant to produce CVE information."
exit 0
fi
dynamic-scan:
abort_on_failure: true
image: icr.io/continuous-delivery/pipeline/pipeline-base-image:2.12@sha256:ff4053b0bca784d6d105fee1d008cfb20db206011453071e86b69ca3fde706a4
script: |
#!/usr/bin/env bash
echo "in dyn scan"
PERIODIC_SCAN=$(get_env periodic-rescan)
PERIODIC_SCAN="$(echo "$PERIODIC_SCAN" | tr '[:upper:]' '[:lower:]')"
if [[ ! -z "$PERIODIC_SCAN" && "$PERIODIC_SCAN" != "false" && "$PERIODIC_SCAN" != "no" ]]; then
echo "Skipping unit-tests. This is a periodic run that is only meant to produce CVE information."
exit 0
fi
acceptance-test:
abort_on_failure: true
image: icr.io/continuous-delivery/pipeline/pipeline-base-image:2.12@sha256:ff4053b0bca784d6d105fee1d008cfb20db206011453071e86b69ca3fde706a4
script: |
#!/usr/bin/env bash
echo "in setup"
PERIODIC_SCAN=$(get_env periodic-rescan)
PERIODIC_SCAN="$(echo "$PERIODIC_SCAN" | tr '[:upper:]' '[:lower:]')"
if [[ ! -z "$PERIODIC_SCAN" && "$PERIODIC_SCAN" != "false" && "$PERIODIC_SCAN" != "no" ]]; then
echo "Skipping unit-tests. This is a periodic run that is only meant to produce CVE information."
exit 0
fi
scan-artifact:
abort_on_failure: false
image: icr.io/continuous-delivery/pipeline/pipeline-base-image:2.15
script: |
#!/usr/bin/env bash
export PIPELINE_PASSWORD=$(get_env ibmcloud-api-key)
# ========== Security Scanner ==========
#./scripts/pipeline/ci_to_secure_pipeline_scan.sh
release:
abort_on_failure: false
dind: true
image: icr.io/continuous-delivery/pipeline/pipeline-base-image:2.12@sha256:ff4053b0bca784d6d105fee1d008cfb20db206011453071e86b69ca3fde706a4
script: |
#!/usr/bin/env bash
PERIODIC_SCAN=$(get_env periodic-rescan)
PERIODIC_SCAN="$(echo "$PERIODIC_SCAN" | tr '[:upper:]' '[:lower:]')"
if [[ ! -z "$PERIODIC_SCAN" && "$PERIODIC_SCAN" != "false" && "$PERIODIC_SCAN" != "no" ]]; then
echo "Skipping unit-tests. This is a periodic run that is only meant to produce CVE information."
exit 0
fi
owasp-zap-api:
dind: true
abort_on_failure: true
image: icr.io/continuous-delivery/pipeline/pipeline-base-image:2.12@sha256:ff4053b0bca784d6d105fee1d008cfb20db206011453071e86b69ca3fde706a4
script: |
#!/usr/bin/env bash
echo "in owasp"
PERIODIC_SCAN=$(get_env periodic-rescan)
PERIODIC_SCAN="$(echo "$PERIODIC_SCAN" | tr '[:upper:]' '[:lower:]')"
if [[ ! -z "$PERIODIC_SCAN" && "$PERIODIC_SCAN" != "false" && "$PERIODIC_SCAN" != "no" ]]; then
echo "Skipping unit-tests. This is a periodic run that is only meant to produce CVE information."
exit 0
fi