Commit e139fa06 authored by Cyril L'Orphelin's avatar Cyril L'Orphelin
Browse files

Set .gitlab-ci.yml to enable or configure SAST

parent e3d4dac6
# You can override the included template(s) by including variable overrides
# See https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#priority-of-environment-variables
image: ccin2p3/php7.3-fpm:latest
before_script:
# - cp test_php.ini /usr/local/etc/php/php.ini
#take the other security file for test
# Set up php.ini
- docker-php-ext-install pdo_mysql
- echo "date.timezone=Europe/Paris" > /usr/local/etc/php/conf.d/timezone.ini
- echo "memory_limit=8G" > /usr/local/etc/php/conf.d/memory.ini
- echo "opcache.enable_cli=1" > /usr/local/etc/php/conf.d/opcache.ini
- echo "opcache.revalidate_freq=500" >> /usr/local/etc/php/conf.d/opcache.ini
- echo "opcache.memory_consumption=128" >> /usr/local/etc/php/conf.d/opcache.ini
- echo "opcache.interned_strings_buffer=8" >> /usr/local/etc/php/conf.d/opcache.ini
- echo "opcache.max_accelerated_files=4000" >> /usr/local/etc/php/conf.d/opcache.ini
- echo "opcache.fast_shutdown=1" >> /usr/local/etc/php/conf.d/opcache.ini
- rm -f /usr/local/etc/php/conf.d/xdebug.ini
- echo "${PARAMETERS}" > app/config/parameters.yml
# Install composer
- curl -sS https://getcomposer.org/installer | php
# Install all project dependencies
- php composer.phar global require hirak/prestissimo
- php composer.phar clear-cache
- php composer.phar install --dev
- docker-php-ext-install pdo_mysql
- echo "date.timezone=Europe/Paris" > /usr/local/etc/php/conf.d/timezone.ini
- echo "memory_limit=8G" > /usr/local/etc/php/conf.d/memory.ini
- echo "opcache.enable_cli=1" > /usr/local/etc/php/conf.d/opcache.ini
- echo "opcache.revalidate_freq=500" >> /usr/local/etc/php/conf.d/opcache.ini
- echo "opcache.memory_consumption=128" >> /usr/local/etc/php/conf.d/opcache.ini
- echo "opcache.interned_strings_buffer=8" >> /usr/local/etc/php/conf.d/opcache.ini
- echo "opcache.max_accelerated_files=4000" >> /usr/local/etc/php/conf.d/opcache.ini
- echo "opcache.fast_shutdown=1" >> /usr/local/etc/php/conf.d/opcache.ini
- rm -f /usr/local/etc/php/conf.d/xdebug.ini
- echo "${PARAMETERS}" > app/config/parameters.yml
- curl -sS https://getcomposer.org/installer | php
- php composer.phar global require hirak/prestissimo
- php composer.phar clear-cache
- php composer.phar install --dev
stages:
- tests
- deploy
- tests
- deploy
- test
job_tests:
stage: tests
only:
- develop
- develop
script:
- echo "${security_yml}" > app/config/security.yml
- php vendor/phpunit/phpunit/phpunit --configuration phpunit.xml.dist --coverage-text
- sed -n '/system-out/!p' logfile.xml > logfile.xml
# - /sonar-scanner-2.8/bin/sonar-scanner -Dsonar.host.url=${SONAR_HOST_URL} -Dsonar.login=${SONAR_LOGIN_TOKEN} -Dsonar.projectVersion=${CI_BUILD_REF}
- echo "${security_yml}" > app/config/security.yml
- php vendor/phpunit/phpunit/phpunit --configuration phpunit.xml.dist --coverage-text
- sed -n '/system-out/!p' logfile.xml > logfile.xml
job_deploy:
stage: deploy
only:
- develop
- develop
script:
- mkdir ~/.ssh
- echo "${PRIVATE_KEY}" > ~/.ssh/id_rsa
- echo "${index_php}" > web/index.php
- chmod 600 ~/.ssh/id_rsa
- echo "${PARAMETERS}" > app/config/parameters.yml
- echo "${discovery_html_twig}" > vendor/lightsaml/sp-bundle/src/LightSaml/SpBundle/Resources/views/discovery.html.twig
- echo "${security_aai_yml}" > app/config/security.yml
- rsync -az --delete -e "ssh -i ~/.ssh/id_rsa -o 'StrictHostKeyChecking no'" . operrtal@operations-portal.in2p3.fr:/www/NEXT/sf3
\ No newline at end of file
- mkdir ~/.ssh
- echo "${PRIVATE_KEY}" > ~/.ssh/id_rsa
- echo "${index_php}" > web/index.php
- chmod 600 ~/.ssh/id_rsa
- echo "${PARAMETERS}" > app/config/parameters.yml
- echo "${discovery_html_twig}" > vendor/lightsaml/sp-bundle/src/LightSaml/SpBundle/Resources/views/discovery.html.twig
- echo "${security_aai_yml}" > app/config/security.yml
- rsync -az --delete -e "ssh -i ~/.ssh/id_rsa -o 'StrictHostKeyChecking no'" . operrtal@operations-portal.in2p3.fr:/www/NEXT/sf3
sast:
stage: test
include:
- template: Security/SAST.gitlab-ci.yml
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment