Update .gitlab-ci.yml

.gitlab-ci.yml

@@ -1,8 +1,83 @@
-include:
-  - project: 'devops/devops-tools'
-    ref: security
-    file: '/templates/.gitlab-ci-template.yml'
+# include:
+#   - project: 'devops/devops-tools'
+#     ref: security
+#     file: '/templates/.gitlab-ci-template.yml'
 
 variables:
   SAST_EXCLUDED_PATHS: "frontend/src/assets/private/**"
-  CI_IS_DEPLOY_OLD: "true"
+  DOCKER_DRIVER: overlay2
+  REGISTRY_URL: "eu.gcr.io"
+  DOCKER_HOST: tcp://docker:2375
+  DOCKER_TLS_CERTDIR: ""
+  PROJECT_NAME: "taxfix-central"
+  # CI_REGISTRY_IMAGE: "eu.gcr.io/taxfix-central/gitlab-security"
+
+services:
+  - docker:19.03.5-dind
+
+stages:
+  - build
+  - test
+
+before_script:
+    - mkdir -p ./creds
+    - echo $SERVICEACCOUNT | base64 -d > ./creds/sa.json
+    - gcloud auth activate-service-account --key-file=./creds/sa.json --project=$PROJECT_NAME
+    - gcloud components install docker-credential-gcr --quiet
+    - gcloud auth configure-docker --quiet
+    - |
+          echo " Release tag -  $CI_COMMIT_TAG"
+          CI_COMMIT_TAG=${CI_COMMIT_TAG/v/} 
+          export RELEASE_VERSION=$CI_COMMIT_TAG
+          if [ -z "$RELEASE_VERSION" ]
+          then
+            IMAGE_TAG=sha.${CI_COMMIT_SHA}
+          else
+            IMAGE_TAG=$RELEASE_VERSION-sha.${CI_COMMIT_SHA}
+          fi
+    - export IMAGE_TAG=$IMAGE_TAG
+    - export REGISTRY_IMAGE=${REGISTRY_URL}/$PROJECT_NAME/${CI_PROJECT_NAME}:$IMAGE_TAG
+    - export REGISTRY_IMAGE_LATEST=${REGISTRY_URL}/$PROJECT_NAME/${CI_PROJECT_NAME}:latest 
+    - export DOCKER_IMAGE=$REGISTRY_IMAGE_LATEST
+
+
+build:
+  variables:
+    DOCKER_TLS_CERTDIR: ""
+  stage: build
+  image: eu.gcr.io/taxfix-central/gitlab/container-scanning:2
+  services:
+    - docker:19.03.5-dind
+  script:
+    - | 
+        if [ -z "$BUILD_SCRIPT" ]
+        then
+              echo "\$BUILD_SCRIPT is empty"
+              docker build  -t $REGISTRY_IMAGE --build-arg NPM_TOKEN=$NPM_TOKEN  .
+        else
+              echo "\$BUILD_SCRIPT is NOT empty"
+              bash $BUILD_SCRIPT
+        fi
+
+
+
+include:
+  - template: Container-Scanning.gitlab-ci.yml  
+container_scanning:
+  image: eu.gcr.io/taxfix-central/gitlab/container-scanning:2
+  variables:
+    CLAIR_OUTPUT: High
+    KLAR_TRACE: "true"
+    CLAIR_TRACE: "true"
+    DOCKER_TLS_CERTDIR: ""
+  services:
+    - docker:19.03.5-dind
+    - name: $CLAIR_DB_IMAGE
+      alias: clair-vulnerabilities-db
+
+  environment:
+    name: integration
+
+
+
+  # test2

Dockerfile

@@ -1,33 +1,38 @@
-FROM node:12 as installer
-COPY . /juice-shop
-WORKDIR /juice-shop
-RUN npm install --production --unsafe-perm
-RUN npm dedupe
-RUN rm -rf frontend/node_modules
+# FROM node:12 as installer
+# COPY . /juice-shop
+# WORKDIR /juice-shop
+# RUN npm install --production --unsafe-perm
+# RUN npm dedupe
+# RUN rm -rf frontend/node_modules
+
+# FROM node:12-alpine
+# ARG BUILD_DATE
+# ARG VCS_REF
+# LABEL maintainer="Bjoern Kimminich <[email protected]>" \
+#     org.opencontainers.image.title="OWASP Juice Shop" \
+#     org.opencontainers.image.description="Probably the most modern and sophisticated insecure web application" \
+#     org.opencontainers.image.authors="Bjoern Kimminich <[email protected]>" \
+#     org.opencontainers.image.vendor="Open Web Application Security Project" \
+#     org.opencontainers.image.documentation="https://help.owasp-juice.shop" \
+#     org.opencontainers.image.licenses="MIT" \
+#     org.opencontainers.image.version="11.1.3" \
+#     org.opencontainers.image.url="https://owasp-juice.shop" \
+#     org.opencontainers.image.source="https://github.com/bkimminich/juice-shop" \
+#     org.opencontainers.image.revision=$VCS_REF \
+#     org.opencontainers.image.created=$BUILD_DATE
+# WORKDIR /juice-shop
+# RUN addgroup juicer && \
+#     adduser -D -G juicer juicer
+# COPY --from=installer --chown=juicer /juice-shop .
+# RUN mkdir logs && \
+#     chown -R juicer logs && \
+#     chgrp -R 0 ftp/ frontend/dist/ logs/ data/ i18n/ && \
+#     chmod -R g=u ftp/ frontend/dist/ logs/ data/ i18n/
+# USER juicer
+# EXPOSE 3000
+# CMD ["npm", "start"]
+
+FROM imiell/bad-dockerfile:latest
+
+COPY README.md .
 
-FROM node:12-alpine
-ARG BUILD_DATE
-ARG VCS_REF
-LABEL maintainer="Bjoern Kimminich <[email protected]>" \
-    org.opencontainers.image.title="OWASP Juice Shop" \
-    org.opencontainers.image.description="Probably the most modern and sophisticated insecure web application" \
-    org.opencontainers.image.authors="Bjoern Kimminich <[email protected]>" \
-    org.opencontainers.image.vendor="Open Web Application Security Project" \
-    org.opencontainers.image.documentation="https://help.owasp-juice.shop" \
-    org.opencontainers.image.licenses="MIT" \
-    org.opencontainers.image.version="11.1.3" \
-    org.opencontainers.image.url="https://owasp-juice.shop" \
-    org.opencontainers.image.source="https://github.com/bkimminich/juice-shop" \
-    org.opencontainers.image.revision=$VCS_REF \
-    org.opencontainers.image.created=$BUILD_DATE
-WORKDIR /juice-shop
-RUN addgroup juicer && \
-    adduser -D -G juicer juicer
-COPY --from=installer --chown=juicer /juice-shop .
-RUN mkdir logs && \
-    chown -R juicer logs && \
-    chgrp -R 0 ftp/ frontend/dist/ logs/ data/ i18n/ && \
-    chmod -R g=u ftp/ frontend/dist/ logs/ data/ i18n/
-USER juicer
-EXPOSE 3000
-CMD ["npm", "start"]