Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Trace:
инструмент_gitlab

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
инструмент_gitlab [2026/03/18 19:07]
val [Пример CI с использованием контейнеров] 		инструмент_gitlab [2026/04/10 17:37] (current)
val [Пример CI с использованием контейнеров]
Line 110: Line 110:
 sudo -i sudo -i
  
-export BR=main; bash <(curl -s http://​gate.corp13.un/​api/​v4/​projects/​1/​repository/​files/​start.sh/​raw?​ref=$BR)+export BR=main; bash <(curl -s http://​gate.corpX.un/​api/​v4/​projects/​1/​repository/​files/​start.sh/​raw?​ref=$BR)
 </​code>​ </​code>​
  
Line 298: Line 298:
  
   * [[https://​docs.gitlab.com/​runner/​install/​linux-manually.html|Install GitLab Runner manually on GNU/Linux]]   * [[https://​docs.gitlab.com/​runner/​install/​linux-manually.html|Install GitLab Runner manually on GNU/Linux]]
-  * [[https://​val.bmstu.ru/​unix/​Git/​gitlab-runner_amd64.deb]] (16.10.0+  * [[https://​val.bmstu.ru/​unix/​Git/​gitlab-runner_amd64.deb]] (17.3.1-1
  
 <​code>​ <​code>​
Line 364: Line 364:
   -v /​srv/​gitlab-runner/​config:/​etc/​gitlab-runner \   -v /​srv/​gitlab-runner/​config:/​etc/​gitlab-runner \
   -v /​var/​run/​docker.sock:/​var/​run/​docker.sock \   -v /​var/​run/​docker.sock:/​var/​run/​docker.sock \
-  gitlab/​gitlab-runner:​latest+  gitlab/​gitlab-runner:​v18.6.2
 </​code>​ </​code>​
  
Line 372: Line 372:
  
 <​code>​ <​code>​
-gate:~# docker run --rm -v /​srv/​gitlab-runner/​config:/​etc/​gitlab-runner gitlab/​gitlab-runner register \+gate:~# docker run --rm -v /​srv/​gitlab-runner/​config:/​etc/​gitlab-runner gitlab/​gitlab-runner:​v18.6.2 ​register \
   --non-interactive \   --non-interactive \
   --url "​http://​server.corpX.un/"​ \   --url "​http://​server.corpX.un/"​ \
Line 387: Line 387:
  
 <​code>​ <​code>​
-gate:~# docker run --rm -v /​srv/​gitlab-runner/​config:/​etc/​gitlab-runner gitlab/​gitlab-runner register \+gate:~# docker run --rm -v /​srv/​gitlab-runner/​config:/​etc/​gitlab-runner gitlab/​gitlab-runner:​v18.6.2 ​register \
   --non-interactive \   --non-interactive \
   --url "​http://​server.corpX.un/"​ \   --url "​http://​server.corpX.un/"​ \
Line 403: Line 403:
 === TLS для DooD и DinD === === TLS для DooD и DinD ===
 <​code>​ <​code>​
-cp wild.crt /​srv/​gitlab-runner/​config/​+serverscp /​opt/​freeipa-data/​etc/​ipa/​ca.crt client1:/​srv/​gitlab-runner/​config/​
  
-docker run --rm -v /​srv/​gitlab-runner/​config:/​etc/​gitlab-runner gitlab/​gitlab-runner register \+client1# ​docker run --rm -v /​srv/​gitlab-runner/​config:/​etc/​gitlab-runner gitlab/​gitlab-runner:​v18.6.2 ​register \
 ... ...
-  --url "​https://​server.corpX.un/"​ \ +  --url "​https://​gitlab.corpX.un/"​ \ 
-  --tls-ca-file "/​etc/​gitlab-runner/​wild.crt" \+  --tls-ca-file "/​etc/​gitlab-runner/​ca.crt" \
 ... ...
 </​code>​ </​code>​
Line 678: Line 678:
 #  - prebuildtest #  - prebuildtest
   - build   - build
 +#  - scan
 #  - test #  - test
   - push   - push
Line 709: Line 710:
       --pull       --pull
       --cache-from $CI_REGISTRY_IMAGE:​latest       --cache-from $CI_REGISTRY_IMAGE:​latest
-      --tag $CI_REGISTRY_IMAGE:​$CI_COMMIT_SHA +      --tag $CI_REGISTRY_IMAGE:​$CI_COMMIT_SHA .
-      ​.+
     - docker push $CI_REGISTRY_IMAGE:​$CI_COMMIT_SHA     - docker push $CI_REGISTRY_IMAGE:​$CI_COMMIT_SHA
  
Line 771: Line 771:
 #  except: #  except:
 #    - tags #    - tags
 +#  tags:
 +#    - build
 +
 +#semgrep:
 +#  stage: lint
 +#  image: semgrep/​semgrep
 +#  script: semgrep --config=auto --error
 +#  variables:
 +#    SEMGREP_SRC_DIRECTORY:​ $CI_PROJECT_DIR
 +#    #​https_proxy:​ http://​gate.isp.un:​3128/​
 +#    #no_proxy: localhost,​127.0.0.1,​isp.un,​corpX.un
 +#  except:
 +#    - tags
 +#  tags:
 +#    - build
 +
 +#Unit test:
 +#  stage: prebuildtest
 +#  script:
 +#    - export PYTHON_KEYRING_BACKEND=keyring.backends.null.Keyring
 +#    - poetry install
 +#    - poetry run python3 -m unittest
 +#  except:
 +#    - tags
 +#  tags:
 +#    - build
  
 #Smoke test: #Smoke test:
Line 784: Line 810:
 #    - build #    - build
  
-#Unit test+#trivy
-#  stage: ​prebuildtest+#  stage: ​scan 
 +#  image: 
 +#    name: ghcr.io/​aquasecurity/​trivy 
 +#    entrypoint: [""​]  
 +#  variables:​ 
 +#    #​TRIVY_USERNAME:​ "​$CI_REGISTRY_USER"​ 
 +#    #​TRIVY_PASSWORD:​ "​$CI_REGISTRY_PASSWORD"​ 
 +#    TRIVY_REGISTRY:​ "​$CI_REGISTRY"​ 
 +#    TRIVY_CACHE_DIR:​ "​.trivycache/"​
 #  script: #  script:
-#    - export PYTHON_KEYRING_BACKEND=keyring.backends.null.Keyring +#    - trivy image --exit-code 1 --severity HIGH --insecure $CI_REGISTRY_IMAGE:​$CI_COMMIT_SHA 
-   - poetry install + ​cache:​ 
-#    - poetry run python3 -m unittest+#    ​paths: 
 +#      ​"​.trivycache/"​
 #  except: #  except:
 #    - tags #    - tags
Line 812: Line 847:
 <​code>​ <​code>​
 Name: test-cgi Name: test-cgi
-Redirect URI: http://​gate.corp13.un/​cgi-bin/​test-cgi ​ !!! Если URL каталога,​ то без финального "/"​ !!!+Redirect URI: http://​gate.corpX.un/​cgi-bin/​test-cgi ​ !!! Если URL каталога,​ то без финального "/"​ !!!
 Trusted: Yes Trusted: Yes
 Confidential:​ Yes Confidential:​ Yes
инструмент_gitlab.1773850036.txt.gz · Last modified: 2026/03/18 19:07 by val

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki