User Tools
инструмент_gitlab
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
инструмент_gitlab [2026/02/16 10:07] val [Проверка конфигурации и перезапуск] |
инструмент_gitlab [2026/04/10 17:37] (current) val [Пример CI с использованием контейнеров] |
||
|---|---|---|---|
| Line 58: | Line 58: | ||
| gitlab_rails['registry_port'] = "5050" | gitlab_rails['registry_port'] = "5050" | ||
| registry['registry_http_addr'] = "0.0.0.0:5050" | registry['registry_http_addr'] = "0.0.0.0:5050" | ||
| + | #gitlab_rails['env'] = { 'SKIP_RAISE_ON_INITIALIZE_CONNECTIONS' => 'true' } | ||
| ports: | ports: | ||
| - '443:443' | - '443:443' | ||
| Line 109: | Line 110: | ||
| sudo -i | sudo -i | ||
| - | export BR=main; bash <(curl -s http://gate.corp13.un/api/v4/projects/1/repository/files/start.sh/raw?ref=$BR) | + | export BR=main; bash <(curl -s http://gate.corpX.un/api/v4/projects/1/repository/files/start.sh/raw?ref=$BR) |
| </code> | </code> | ||
| Line 119: | Line 120: | ||
| <code> | <code> | ||
| - | kube1:~/gitlab# cat adduser.sh | + | client1$ cat adduser.sh |
| </code><code> | </code><code> | ||
| GITLAB_URL="https://gitlab.corpX.un" | GITLAB_URL="https://gitlab.corpX.un" | ||
| - | PRIVATE_TOKEN="NNNNNNNNNNNN" | + | PRIVATE_TOKEN=NNNNNNNNNNNN |
| USER_EMAIL="user1@corpX.un" | USER_EMAIL="user1@corpX.un" | ||
| Line 297: | Line 298: | ||
| * [[https://docs.gitlab.com/runner/install/linux-manually.html|Install GitLab Runner manually on GNU/Linux]] | * [[https://docs.gitlab.com/runner/install/linux-manually.html|Install GitLab Runner manually on GNU/Linux]] | ||
| - | * [[https://val.bmstu.ru/unix/Git/gitlab-runner_amd64.deb]] (16.10.0) | + | * [[https://val.bmstu.ru/unix/Git/gitlab-runner_amd64.deb]] (17.3.1-1) |
| <code> | <code> | ||
| Line 363: | Line 364: | ||
| -v /srv/gitlab-runner/config:/etc/gitlab-runner \ | -v /srv/gitlab-runner/config:/etc/gitlab-runner \ | ||
| -v /var/run/docker.sock:/var/run/docker.sock \ | -v /var/run/docker.sock:/var/run/docker.sock \ | ||
| - | gitlab/gitlab-runner:latest | + | gitlab/gitlab-runner:v18.6.2 |
| </code> | </code> | ||
| Line 371: | Line 372: | ||
| <code> | <code> | ||
| - | gate:~# docker run --rm -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner register \ | + | gate:~# docker run --rm -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner:v18.6.2 register \ |
| --non-interactive \ | --non-interactive \ | ||
| --url "http://server.corpX.un/" \ | --url "http://server.corpX.un/" \ | ||
| Line 386: | Line 387: | ||
| <code> | <code> | ||
| - | gate:~# docker run --rm -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner register \ | + | gate:~# docker run --rm -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner:v18.6.2 register \ |
| --non-interactive \ | --non-interactive \ | ||
| --url "http://server.corpX.un/" \ | --url "http://server.corpX.un/" \ | ||
| Line 402: | Line 403: | ||
| === TLS для DooD и DinD === | === TLS для DooD и DinD === | ||
| <code> | <code> | ||
| - | # cp wild.crt /srv/gitlab-runner/config/ | + | server# scp /opt/freeipa-data/etc/ipa/ca.crt client1:/srv/gitlab-runner/config/ |
| - | docker run --rm -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner register \ | + | client1# docker run --rm -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner:v18.6.2 register \ |
| ... | ... | ||
| - | --url "https://server.corpX.un/" \ | + | --url "https://gitlab.corpX.un/" \ |
| - | --tls-ca-file "/etc/gitlab-runner/wild.crt" \ | + | --tls-ca-file "/etc/gitlab-runner/ca.crt" \ |
| ... | ... | ||
| </code> | </code> | ||
| Line 677: | Line 678: | ||
| # - prebuildtest | # - prebuildtest | ||
| - build | - build | ||
| + | # - scan | ||
| # - test | # - test | ||
| - push | - push | ||
| Line 708: | Line 710: | ||
| --pull | --pull | ||
| --cache-from $CI_REGISTRY_IMAGE:latest | --cache-from $CI_REGISTRY_IMAGE:latest | ||
| - | --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA | + | --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA . |
| - | . | + | |
| - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA | - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA | ||
| Line 770: | Line 771: | ||
| # except: | # except: | ||
| # - tags | # - tags | ||
| + | # tags: | ||
| + | # - build | ||
| + | |||
| + | #semgrep: | ||
| + | # stage: lint | ||
| + | # image: semgrep/semgrep | ||
| + | # script: semgrep --config=auto --error | ||
| + | # variables: | ||
| + | # SEMGREP_SRC_DIRECTORY: $CI_PROJECT_DIR | ||
| + | # #https_proxy: http://gate.isp.un:3128/ | ||
| + | # #no_proxy: localhost,127.0.0.1,isp.un,corpX.un | ||
| + | # except: | ||
| + | # - tags | ||
| + | # tags: | ||
| + | # - build | ||
| + | |||
| + | #Unit test: | ||
| + | # stage: prebuildtest | ||
| + | # script: | ||
| + | # - export PYTHON_KEYRING_BACKEND=keyring.backends.null.Keyring | ||
| + | # - poetry install | ||
| + | # - poetry run python3 -m unittest | ||
| + | # except: | ||
| + | # - tags | ||
| + | # tags: | ||
| + | # - build | ||
| #Smoke test: | #Smoke test: | ||
| Line 780: | Line 807: | ||
| # except: | # except: | ||
| # - tags | # - tags | ||
| + | # tags: | ||
| + | # - build | ||
| - | #Unit test: | + | #trivy: |
| - | # stage: prebuildtest | + | # stage: scan |
| + | # image: | ||
| + | # name: ghcr.io/aquasecurity/trivy | ||
| + | # entrypoint: [""] | ||
| + | # variables: | ||
| + | # #TRIVY_USERNAME: "$CI_REGISTRY_USER" | ||
| + | # #TRIVY_PASSWORD: "$CI_REGISTRY_PASSWORD" | ||
| + | # TRIVY_REGISTRY: "$CI_REGISTRY" | ||
| + | # TRIVY_CACHE_DIR: ".trivycache/" | ||
| # script: | # script: | ||
| - | # - export PYTHON_KEYRING_BACKEND=keyring.backends.null.Keyring | + | # - trivy image --exit-code 1 --severity HIGH --insecure $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA |
| - | # - poetry install | + | # cache: |
| - | # - poetry run python3 -m unittest | + | # paths: |
| + | # - ".trivycache/" | ||
| # except: | # except: | ||
| # - tags | # - tags | ||
| Line 809: | Line 847: | ||
| <code> | <code> | ||
| Name: test-cgi | Name: test-cgi | ||
| - | Redirect URI: http://gate.corp13.un/cgi-bin/test-cgi !!! Если URL каталога, то без финального "/" !!! | + | Redirect URI: http://gate.corpX.un/cgi-bin/test-cgi !!! Если URL каталога, то без финального "/" !!! |
| Trusted: Yes | Trusted: Yes | ||
| Confidential: Yes | Confidential: Yes | ||
инструмент_gitlab.1771225623.txt.gz · Last modified: 2026/02/16 10:07 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
