forked from wapiti-scanner/wapiti
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
102 lines (97 loc) · 3.26 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
stages:
- code_style
- tests
- update
variables:
PYTHON_10_IMAGE: "docker.io/library/python:3.10-slim-bullseye"
PYTHON_11_IMAGE: "docker.io/library/python:3.11-slim-bullseye"
ACCESS_TOKEN_NAME: "gitlab-ci-token"
check_coding_style:
stage: code_style
image: $PYTHON_10_IMAGE
tags:
- docker-wapiti
rules:
- if: |
$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH ||
$CI_PIPELINE_SOURCE == "merge_request_event"
changes:
- '**/*.py'
before_script:
- python -m pip install --upgrade pip
- pip install -e .
- pip install "pylint==2.12.2"
- pip install "pylint-ignore==2022.1025"
script:
- pylint-ignore --rcfile=.pylintrc wapitiCore
test-python:
stage: tests
tags:
- docker-wapiti
rules:
- if: |
$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH ||
$CI_PIPELINE_SOURCE == "merge_request_event"
parallel:
matrix:
- PYTHON_IMAGE: [$PYTHON_10_IMAGE, $PYTHON_11_IMAGE]
image: $PYTHON_IMAGE
before_script:
- python -c "import sys; print(sys.version)"
- apt-get update
- apt-get install php-cli php-xml sslscan -y --no-install-recommends
- python -m pip install --upgrade pip
- pip install -U setuptools
- pip3 install .[test]
script:
- pytest --cov --cov-report term --cov-report xml:coverage.xml
coverage: '/(?i)total.*? (100(?:\.0+)?\%|[1-9]?\d(?:\.\d+)?\%)$/'
artifacts:
reports:
coverage_report:
coverage_format: cobertura
path: coverage.xml
test-build-docker:
stage: tests
tags:
- shell-wapiti
rules:
- if: |
$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH ||
$CI_PIPELINE_SOURCE == "merge_request_event"
script:
- docker build .
update_hash :
stage: update
tags:
- docker-wapiti
rules:
- if: '$UPDATE_HASH == "true"'
image: $IMAGE_UPDATE_HASH
before_script:
- apt update && apt install -y git curl grep
script:
- git clone https://$ACCESS_TOKEN_NAME:$ACCESS_TOKEN@$PROJECT_URL/wapiti.git
- cd ./wapiti/wapitiCore/data/attacks/
- BRANCH_NAME=cms_update_`date +'%Y_%m_%d'`
- git switch -c $BRANCH_NAME
- curl -Lo "collected_data.db" https://github.com/Cyberwatch/HashThePlanet/releases/download/latest/hashtheplanet.db
- python3 update_hash_files.py --db ./collected_data.db --source-file ./src_cms_files/
- git add ./*.json
- |
if git diff --cached --quiet
then
exit 0
else
git config --global user.email "$COMMITER_MAIL"
git config --global user.name "$COMMITER_NAME"
git commit -m "AUTO-COMMIT: Update CMS hash `date +'%Y-%m-%d'`"
git push --set-upstream origin $BRANCH_NAME
curl -X POST --header "Private-Token: $ACCESS_TOKEN" \
"https://$GITLAB_URL/api/v4/projects/$CI_PROJECT_ID/merge_requests" \
--data "source_branch=$BRANCH_NAME" \
--data "target_branch=master" \
--data "title=Update hash files for CMS module" \
--data "description=This MR is generated automatically by the CI JOB "update_hash". It allows us to update hash files for CMS module."\
--data "remove_source_branch=true"
fi