Update Auto DevOps template

032658e0 · Joshua Lambert · 130b03c2 · 032658e0
Commit 032658e0 authored 7 years ago by Joshua Lambert
--- a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml
+++ b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml
@@ -41,6 +41,7 @@ stages:
  - staging
  - canary
  - production
+  - performance
  - cleanup
  
 build:
@@ -83,6 +84,21 @@ codequality:
  artifacts:
    paths: [codeclimate.json]
  
+performance:
+  stage: performance
+  image: 
+    name: sitespeedio/sitespeed.io:6.0.3
+    entrypoint: [""]
+  script:
+    - performance
+  artifacts:
+    paths:
+    - performance.json
+  only:
+    refs:
+      - branches
+    kubernetes: active
+
 sast:
  image: registry.gitlab.com/gitlab-org/gl-sast:latest
  variables:
@@ -92,6 +108,19 @@ sast:
    - sast .
  artifacts:
    paths: [gl-sast-report.json]
+    
+sast:image:
+  image: docker:latest
+  variables:
+    DOCKER_DRIVER: overlay2
+  allow_failure: true
+  services:
+    - docker:dind
+  script:
+    - setup_docker
+    - sast_image
+  artifacts:
+    paths: [gl-sast-image-report.json]
  
 review:
  stage: review
@@ -103,10 +132,13 @@ review:
    - install_tiller
    - create_secret
    - deploy
+    - persist_environment_url
  environment:
    name: review/$CI_COMMIT_REF_NAME
    url: http://$CI_PROJECT_PATH_SLUG-$CI_ENVIRONMENT_SLUG.$AUTO_DEVOPS_DOMAIN
    on_stop: stop_review
+  artifacts:
+    paths: [environment_url.txt]
  only:
    refs:
      - branches
@@ -201,9 +233,12 @@ production:
    - create_secret
    - deploy
    - delete canary
+    - persist_environment_url
  environment:
    name: production
    url: http://$CI_PROJECT_PATH_SLUG.$AUTO_DEVOPS_DOMAIN
+  artifacts:
+    paths: [environment_url.txt]
 #  when: manual
  only:
    refs:
@@ -221,6 +256,18 @@ production:
  export CI_APPLICATION_TAG=$CI_COMMIT_SHA
  export CI_CONTAINER_NAME=ci_job_build_${CI_JOB_ID}
  export TILLER_NAMESPACE=$KUBE_NAMESPACE
+  
+  function sast_image() {
+    docker run -d --name db arminc/clair-db:latest
+    docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
+    apk add -U wget ca-certificates
+    docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG}
+    wget https://github.com/arminc/clair-scanner/releases/download/v6/clair-scanner_linux_386
+    mv clair-scanner_linux_386 clair-scanner
+    chmod +x clair-scanner
+    touch clair-whitelist.yml
+    ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-image-report.json -l clair.log -w clair-whitelist.yml ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} || true
+  }
  
  function codeclimate() {
    cc_opts="--env CODECLIMATE_CODE="$PWD" \
@@ -415,6 +462,29 @@ production:
      --docker-email="$GITLAB_USER_EMAIL" \
      -o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f -
  }
+  
+  function performance() {
+    export CI_ENVIRONMENT_URL=$(cat environment_url.txt)
+    
+    mkdir gitlab-exporter
+    wget -O gitlab-exporter/index.js https://gitlab.com/gitlab-org/gl-performance/raw/10-3/index.js
+    
+    mkdir sitespeed-results
+    
+    if [ -f .gitlab-urls.txt ]
+    then
+      sed -i -e 's@^@'"$CI_ENVIRONMENT_URL"'@' .gitlab-urls.txt
+      /start.sh --plugins.add gitlab-exporter --outputFolder sitespeed-results .gitlab-urls.txt
+    else
+      /start.sh --plugins.add gitlab-exporter --outputFolder sitespeed-results $CI_ENVIRONMENT_URL
+    fi
+    
+    mv sitespeed-results/data/performance.json performance.json
+  }
+  
+  function persist_environment_url() {
+      echo $CI_ENVIRONMENT_URL > environment_url.txt
+  }
  
  function delete() {
    track="${1-stable}"