diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 34c9e4fe574aa140b766f4c6844033df41ca4c31..4696715f702e00cc6e2dece6f0258c0621d1027b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,66 +1,67 @@ +# You can override the included template(s) by including variable overrides +# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings +# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings +# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings +# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings +# Note that environment variables can be set in several places +# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence image: gitlab.rc.uab.edu:4567/rc/packer-openstack-hpc-image:latest - variables: ANSIBLE_REMOTE_TMP: "/tmp" - OS_REGION_NAME: "bhm1" - OS_INTERFACE: "public" - OS_IDENTITY_API_VERSION: "3" - OS_AUTH_TYPE: "v3applicationcredential" - OS_AUTH_URL: "https://keystone.cloud.rc.uab.edu:5000/v3" - TF_ROOT: ${CI_PROJECT_DIR}/ - TF_VAR_internal_network: "xdmod-packer-clusternet" - TF_VAR_external_network: "xdmod-packer-dmznet" - TF_VAR_flavor: "m1.medium" - GIT_SUBMODULE_STRATEGY: "recursive" + OS_REGION_NAME: bhm1 + OS_INTERFACE: public + OS_IDENTITY_API_VERSION: '3' + OS_AUTH_TYPE: v3applicationcredential + OS_AUTH_URL: https://keystone.cloud.rc.uab.edu:5000/v3 + TF_ROOT: "${CI_PROJECT_DIR}/" + TF_VAR_internal_network: xdmod-packer-clusternet + TF_VAR_external_network: xdmod-packer-dmznet + TF_VAR_flavor: m1.medium + GIT_SUBMODULE_STRATEGY: recursive GIT_SUBMODULE_UPDATE_FLAGS: "--force" - cache: paths: - - .terraform - - .terraform.lock.hcl - - terraform.tfstate - -stages: # List of stages for jobs, and their order of execution - - validate - - build - - deploy - - cleanup - + - ".terraform" + - ".terraform.lock.hcl" + - terraform.tfstate +stages: +- validate +- build +- deploy +- cleanup tf-validate: stage: validate - tags: [build] + tags: + - build script: - - cd CRI_XCBC && git checkout dev && cd .. - - terraform --version - - terraform init - - terraform validate - - pwd - - terraform plan - - 'sed -i -E "s/(cod_deploy: ).*/\1false/" CRI_XCBC/group_vars/all' - + - cd CRI_XCBC && git checkout dev && cd .. + - terraform --version + - terraform init + - terraform validate + - pwd + - terraform plan + - 'sed -i -E "s/(cod_deploy: ).*/\1false/" CRI_XCBC/group_vars/all' tf-apply: cache: paths: - - .terraform/ + - ".terraform/" stage: build - tags: [build] + tags: + - build script: - - export BUILD_DATE=$(TZ=America/Chicago date +%Y%m%d%H%M%S) - - | - if [ -z $TF_VAR_image_ohpc ]; - then - XDMOD_IMAGES=($(openstack image list --sort-column Name --sort-descending -f value -c Name -c ID | grep -P ' xdmod-\d{14}$' | awk '{print $2}')) - export TF_VAR_image_ohpc="${XDMOD_IMAGES[0]}" - echo $TF_VAR_image_ohpc - else - echo "image_ohpc defined as ${TF_VAR_image_ohpc}" - fi - - export TF_VAR_keypair_name="os-gen-keypair-$BUILD_DATE" - - terraform apply -auto-approve || terraform destroy -auto-approve - + - export BUILD_DATE=$(TZ=America/Chicago date +%Y%m%d%H%M%S) + - "if [ -z $TF_VAR_image_ohpc ];\nthen\nXDMOD_IMAGES=($(openstack image list --sort-column + Name --sort-descending -f value -c Name -c ID | grep -P ' xdmod-\\d{14}$' | awk + '{print $2}'))\nexport TF_VAR_image_ohpc=\"${XDMOD_IMAGES[0]}\"\necho $TF_VAR_image_ohpc\nelse\necho + \"image_ohpc defined as ${TF_VAR_image_ohpc}\"\nfi \n" + - export TF_VAR_keypair_name="os-gen-keypair-$BUILD_DATE" + - terraform apply -auto-approve || terraform destroy -auto-approve clean-up: stage: cleanup - tags: [build] + tags: + - build script: - - terraform destroy -auto-approve + - terraform destroy -auto-approve when: manual +include: +- template: Security/Secret-Detection.gitlab-ci.yml