forked from openscanhub/openscanhub
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
128 lines (121 loc) · 6.04 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
### Sequence 1 ###
lint:
needs: []
tags:
- shared
image: "quay.io/fedora/fedora:37"
before_script:
- dnf install -y pre-commit make git-core
script:
- git remote -v | grep -q 'covscan.*covscan/covscan' || git remote add covscan https://gitlab.cee.redhat.com/covscan/covscan
- GIT_SSL_NO_VERIFY=true git fetch covscan
- GIT_SSL_NO_VERIFY=true make lint REPO=covscan
### Sequence 2 ###
django-unit-tests:
tags:
- covscan-ci-runner
artifacts:
expose_as: "Django Unit Tests Coverage"
paths:
- htmlcov/
before_script:
- git clone --depth 1 https://github.com/release-engineering/kobo.git
- containers/scripts/init-db.sh --force --minimal
- podman exec -it db psql -c 'ALTER USER openscanhub CREATEDB;'
script:
- podman exec -it osh-hub /usr/bin/coverage-3.6 run --omit="*site-packages*,*kobo*," osh/hub/manage.py test -v 3 || exit 1
- podman exec -it osh-hub /usr/bin/coverage-3.6 html
after_script:
- podman-compose logs db
- podman-compose logs osh-hub
# must specify the containers as podman-compose down has no idea the client hasn't been prepared
- podman-compose down db osh-hub osh-worker
### Sequence 3 ###
integration-tests:
tags:
- covscan-ci-runner
artifacts:
expose_as: "Integration Tests Coverage"
paths:
- htmlcov/
before_script:
- git clone --depth 1 https://github.com/release-engineering/kobo.git
script:
- sed -i "s/RUN_TASKS_IN_FOREGROUND = 0/RUN_TASKS_IN_FOREGROUND = 1/g" osh/worker/worker-local.conf
- containers/scripts/generate_integration_test_coverage.sh --force
after_script:
- podman-compose down
### Sequence 4 ###
build-rpms-on-copr-and-test:
needs: []
tags:
- gitlab-ci-build-on-copr
before_script:
# guard job sequence
- dnf install --refresh -y python3-pip
- python3 -m pip install setuptools
# actual job starts
- mkdir -p ~/.config
- echo "[copr-cli]" > ~/.config/rhcopr
- echo -n "username = " >> ~/.config/rhcopr
- echo "$COPR_CLI_USERNAME" | base64 --decode >> ~/.config/rhcopr
- echo -n "token = " >> ~/.config/rhcopr
- echo "$COPR_CLI_TOKEN" | base64 --decode >> ~/.config/rhcopr
- echo -n "login = " >> ~/.config/rhcopr
- echo "$COPR_CLI_LOGIN" | base64 --decode >> ~/.config/rhcopr
- echo -n "copr_url = " >> ~/.config/rhcopr
- echo "$COPR_CLI_COPR_URL" | base64 --decode >> ~/.config/rhcopr
# We are making lots of tweaks in configurations while setting up this job, which may cause
# issues with SELinux. Keep SELinux in permissive mode and fix any SELinux warnings before
# enabling it in future.
- setenforce 0
- dnf remove -y $(rpm -qa | grep -i "covscan\|osh")
# Remove stale files from previous jobs to avoid conflicts with newer tasks
# https://gitlab.cee.redhat.com/covscan/covscan/-/merge_requests/358#note_6640916
- rm -rf /var/lib/osh/hub/{upload,tasks,worker}
- systemctl status
script:
- (cd /etc/yum.repos.d/ && curl -O https://copr.devel.redhat.com/coprs/kdudka/mock/repo/epel-8/kdudka-mock-epel-8.repo)
- dnf install -y findutils git make openssl python36 python3-dnf-plugins-core python3-setuptools rpm-build postgresql-server brewkoji
- dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
- dnf copr enable @copr/copr -y
- dnf copr enable copr.devel.redhat.com/rhcopr-project/toolset -y
- dnf copr enable redhat/kdudka/covscan-testing -y
- dnf install -y rhcopr
- make srpm
- (set -o pipefail; rhcopr build gitlab-ci-build-on-copr *.src.rpm | tee rhcopr-build.log)
- copr_url=$(grep "https://copr.*coprs/build/" rhcopr-build.log)
- build_id=$(basename $copr_url)
- rhcopr download-build $build_id -r epel-8-x86_64
- dnf install -y --allowerasing $(ls epel-8-x86_64/*.rpm | grep -v "stage\|prod\|src")
- systemctl stop httpd postgresql
# setup openscanhub settings
- cp osh/hub/settings_local.ci.py /usr/lib/python3.6/site-packages/osh/hub/settings_local.py
# setup postgresql
- mv -fvT --backup=numbered /var/lib/pgsql/data/ /root/pgsql-data
- postgresql-setup --initdb
- sed -e 's|ident$|md5|' -i /var/lib/pgsql/data/pg_hba.conf
- systemctl start postgresql
- scripts/setup_db.sh
# csmock user is required to run builds
- adduser csmock -G mock || true
# Enable below line if SELinux is in restrictive mode
# setsebool -P httpd_can_network_connect 1
# Set up self signed certificate before starting httpd
- (cd /etc/httpd/conf && openssl req -newkey rsa:4096 -nodes -keyout localhost.key -x509 -sha256 -days 365 -addext "subjectAltName = DNS:localhost, DNS:localhost, DNS:127.0.0.1" -subj "/C=CZ/ST=/L=/O=Red Hat/OU=Plumbers/CN=localhost" -out localhost.crt)
- cp /etc/httpd/conf/localhost.crt /etc/pki/ca-trust/source/anchors/ && update-ca-trust
- cp osh/hub/osh-hub-httpd.conf /etc/httpd/conf.d/osh-hub-httpd.conf
# Handle migration from `covscanhub-httpd.conf` to `osh-hub-httpd.conf`
# Remove stale `/etc/httpd/conf.d/covscanhub-httpd.conf` file if it exists
# https://gitlab.cee.redhat.com/covscan/covscan/-/merge_requests/216
- rm -f /etc/httpd/conf.d/covscanhub-httpd.conf
- touch /var/log/osh/hub/hub.log && chown apache:apache /var/log/osh/hub/hub.log
- systemctl start httpd osh-worker
# Enable below lines if firewall is enabled
# firewall-cmd --zone=public --add-port=80/tcp --permanent
# firewall-cmd --zone=public --add-port=443/tcp --permanent
# firewall-cmd --reload
- sed -i "s|http://osh-hub:8000|https://localhost/osh|g" osh/client/client-local.conf
- OSH_CLIENT_CONFIG_FILE=osh/client/client-local.conf /usr/bin/osh-cli mock-build --config=fedora-37-x86_64 --brew-build units-2.21-5.fc37
- OSH_CLIENT_CONFIG_FILE=osh/client/client-local.conf /usr/bin/osh-cli task-info 1 | grep "is_failed = False"
- osh/hub/scripts/osh-xmlrpc-client.py --hub "https://localhost/osh/xmlrpc/kerbauth/" --username=user --password=xxxxxx create-scan -b python-six-1.3.0-4.el7 -t python-six-1.9.0-2.el7 --et-scan-id=1 --release=RHEL-7.2.0 --owner=admin --advisory-id=1