UNCLASSIFIED

Commits (3)
build:
stage: build
tags:
- ironbank-plugins-isolated
dependencies:
- import artifacts
- load scripts
- plugins manifest
- import-artifacts
- load-scripts
- plugins-manifest
variables:
ARTIFACT_DIR: "${ARTIFACT_STORAGE}/build"
script:
......
import artifacts:
stage: import artifacts
tags:
- ironbank-plugins
import-artifacts:
stage: import-artifacts
dependencies:
- load scripts
- load-scripts
# - preflight
variables:
ARTIFACT_DIR: "${ARTIFACT_STORAGE}/import-artifacts"
......
.preflight:
stage: preflight
tags:
- ironbank-plugins
folder structure:
folder-structure:
extends: .preflight
variables:
ARTIFACT_DIR: "${ARTIFACT_STORAGE}/folder_structure"
......@@ -17,7 +15,7 @@ folder structure:
dotenv: "${ARTIFACT_DIR}/build_source.env"
# Comment out until schema is in place
plugins manifest:
plugins-manifest:
extends: .preflight
variables:
ARTIFACT_DIR: "${ARTIFACT_STORAGE}/preflight"
......
.preprocess:
stage: .pre
tags:
- ironbank-plugins
except:
refs:
- tags
......
......@@ -2,7 +2,7 @@ include:
- local: stages/preprocess/base.yaml
# clone templates repo as an artifact so it can be used with other jobs
load scripts:
load-scripts:
extends: .preprocess
cache: {}
script:
......
......@@ -3,7 +3,5 @@
# todo: uncomment for prod
# only:
# - master
tags:
- ironbank-plugins
include:
- local: /stages/publish/upload_to_s3.yaml
upload to s3:
upload-to-s3:
extends: .publish
resource_group: s3_phase
variables:
......@@ -9,10 +9,10 @@ upload to s3:
BASE_BUCKET_DIRECTORY: testing/plugins-scan-reports
REPORT_TAR_NAME: "${PLUGIN_NAME}-${REPORT_DATE}_plugin_scan_result.tar.gz"
dependencies:
- load scripts
- load-scripts
- build
- anchore scan
- report generation
- plugins manifest
- anchore-scan
- report-generation
- plugins-manifest
script:
- '"${PIPELINE_REPO_DIR}/stages/publish/upload-to-s3-run.sh"'
report generation:
stage: report generation
tags:
- ironbank-plugins
report-generation:
stage: report-generation
dependencies:
- load scripts
- plugins manifest
- anchore scan
- load-scripts
- plugins-manifest
- anchore-scan
- build
variables:
# Put generated csv report in the scan-results folder
......
......@@ -19,13 +19,13 @@
# IMAGE_ID=<id> python3 anchore_scan.py
#
anchore scan:
anchore-scan:
extends: .scanning
image: "${BASE_REGISTRY}/anchore/cli/cli:0.8.2"
stage: scanning
# Load in the IMG_VERSION variable from load scripts env
dependencies:
- load scripts
- load-scripts
- build
variables:
# put all scan outputs in the scan-results folder
......
#scanning:
.scanning:
stage: scanning
tags:
- ironbank-plugins
include:
- local: stages/scanning/anchore.yaml
......@@ -16,7 +16,7 @@ stages:
# download artifacts
# Requirements:
# - executor image with Python 3.x installed
- import artifacts
- import-artifacts
### build stage
# build image with plugin files inside
......@@ -27,7 +27,7 @@ stages:
- scanning
### create report output
- report generation
- report-generation
### publish stage
# publish artifacts to ibfe
......