User Tools
инструмент_gitlab
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
инструмент_gitlab [2026/03/19 09:06] val [Установка в виде контейнера] |
инструмент_gitlab [2026/04/10 17:37] (current) val [Пример CI с использованием контейнеров] |
||
|---|---|---|---|
| Line 110: | Line 110: | ||
| sudo -i | sudo -i | ||
| - | export BR=main; bash <(curl -s http://gate.corp13.un/api/v4/projects/1/repository/files/start.sh/raw?ref=$BR) | + | export BR=main; bash <(curl -s http://gate.corpX.un/api/v4/projects/1/repository/files/start.sh/raw?ref=$BR) |
| </code> | </code> | ||
| Line 298: | Line 298: | ||
| * [[https://docs.gitlab.com/runner/install/linux-manually.html|Install GitLab Runner manually on GNU/Linux]] | * [[https://docs.gitlab.com/runner/install/linux-manually.html|Install GitLab Runner manually on GNU/Linux]] | ||
| - | * [[https://val.bmstu.ru/unix/Git/gitlab-runner_amd64.deb]] (16.10.0) | + | * [[https://val.bmstu.ru/unix/Git/gitlab-runner_amd64.deb]] (17.3.1-1) |
| <code> | <code> | ||
| Line 678: | Line 678: | ||
| # - prebuildtest | # - prebuildtest | ||
| - build | - build | ||
| + | # - scan | ||
| # - test | # - test | ||
| - push | - push | ||
| Line 709: | Line 710: | ||
| --pull | --pull | ||
| --cache-from $CI_REGISTRY_IMAGE:latest | --cache-from $CI_REGISTRY_IMAGE:latest | ||
| - | --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA | + | --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA . |
| - | . | + | |
| - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA | - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA | ||
| Line 771: | Line 771: | ||
| # except: | # except: | ||
| # - tags | # - tags | ||
| + | # tags: | ||
| + | # - build | ||
| + | |||
| + | #semgrep: | ||
| + | # stage: lint | ||
| + | # image: semgrep/semgrep | ||
| + | # script: semgrep --config=auto --error | ||
| + | # variables: | ||
| + | # SEMGREP_SRC_DIRECTORY: $CI_PROJECT_DIR | ||
| + | # #https_proxy: http://gate.isp.un:3128/ | ||
| + | # #no_proxy: localhost,127.0.0.1,isp.un,corpX.un | ||
| + | # except: | ||
| + | # - tags | ||
| + | # tags: | ||
| + | # - build | ||
| + | |||
| + | #Unit test: | ||
| + | # stage: prebuildtest | ||
| + | # script: | ||
| + | # - export PYTHON_KEYRING_BACKEND=keyring.backends.null.Keyring | ||
| + | # - poetry install | ||
| + | # - poetry run python3 -m unittest | ||
| + | # except: | ||
| + | # - tags | ||
| + | # tags: | ||
| + | # - build | ||
| #Smoke test: | #Smoke test: | ||
| Line 784: | Line 810: | ||
| # - build | # - build | ||
| - | #Unit test: | + | #trivy: |
| - | # stage: prebuildtest | + | # stage: scan |
| + | # image: | ||
| + | # name: ghcr.io/aquasecurity/trivy | ||
| + | # entrypoint: [""] | ||
| + | # variables: | ||
| + | # #TRIVY_USERNAME: "$CI_REGISTRY_USER" | ||
| + | # #TRIVY_PASSWORD: "$CI_REGISTRY_PASSWORD" | ||
| + | # TRIVY_REGISTRY: "$CI_REGISTRY" | ||
| + | # TRIVY_CACHE_DIR: ".trivycache/" | ||
| # script: | # script: | ||
| - | # - export PYTHON_KEYRING_BACKEND=keyring.backends.null.Keyring | + | # - trivy image --exit-code 1 --severity HIGH --insecure $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA |
| - | # - poetry install | + | # cache: |
| - | # - poetry run python3 -m unittest | + | # paths: |
| + | # - ".trivycache/" | ||
| # except: | # except: | ||
| # - tags | # - tags | ||
| Line 812: | Line 847: | ||
| <code> | <code> | ||
| Name: test-cgi | Name: test-cgi | ||
| - | Redirect URI: http://gate.corp13.un/cgi-bin/test-cgi !!! Если URL каталога, то без финального "/" !!! | + | Redirect URI: http://gate.corpX.un/cgi-bin/test-cgi !!! Если URL каталога, то без финального "/" !!! |
| Trusted: Yes | Trusted: Yes | ||
| Confidential: Yes | Confidential: Yes | ||
инструмент_gitlab.1773900361.txt.gz · Last modified: 2026/03/19 09:06 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
