add: some variables were missing for container analysis

fix: ooops, container scanning should be past building
add: basic ci docker image building, deepsource sast
2022-09-30 05:00:41 +03:00 · 2022-09-30 04:49:36 +03:00 · 2022-09-30 04:08:24 +03:00 · 2022-09-30 02:23:18 +03:00
4 changed files with 75 additions and 2 deletions
--- a/.deepsource.toml
+++ b/.deepsource.toml
@ -0,0 +1,23 @@
+version = 1
+
+[[analyzers]]
+name = "test-coverage"
+enabled = true
+
+[[analyzers]]
+name = "python"
+enabled = true
+
+  [analyzers.meta]
+  runtime_version = "3.x.x"
+
+[[analyzers]]
+name = "secrets"
+enabled = true
+
+[[analyzers]]
+name = "docker"
+enabled = true
+
+  [analyzers.meta]
+  dockerfile_paths = ["Dockerfile"]
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1,5 @@
+.git
+.gitignore
+config.ini
+README.md
+TODO
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -0,0 +1,40 @@
+stages:
+  - test
+  - build-image
+  - post-test
+
+sast:
+  stage: test
+include:
+- template: Security/SAST.gitlab-ci.yml
+- template: Security/SAST-IaC.latest.gitlab-ci.yml
+- template: Security/Secret-Detection.gitlab-ci.yml
+- template: Security/Container-Scanning.gitlab-ci.yml
+
+docker-image-build:
+  stage: build-image
+  image: docker:20-git
+  script:
+    - docker build -t $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:latest .
+    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    - docker image push $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:latest
+  rules:
+  - if: $CI_COMMIT_BRANCH == "master"
+    exists:
+    - Dockerfile
+    changes:
+    - "*.py"
+    - Dockerfile
+    - requirements.txt
+    - .gitlab-ci.yml
+
+container_scanning:
+  stage: post-test
+  variables:
+    CS_DISABLE_DEPENDENCY_LIST: "true"
+    CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:latest
+    CI_APPLICATION_REPOSITORY: $CI_REGISTRY_IMAGE/hatkidchan-mastoposter
+    CI_APPLICATION_TAG: "latest"
+    CS_DISABLE_LANGUAGE_VULNERABILITY_SCAN: "false"
+    CS_ANALYZER_IMAGE: "registry.gitlab.com/security-products/container-scanning/grype:5"
+    SECURE_LOG_LEVEL: "debug"
--- a/9
+++ b/9
@ -1,6 +1,11 @@
 FROM python:3.10-alpine
-COPY . /app
+
 WORKDIR /app
-RUN pip install -r /app/requirements.txt
+
+COPY requirements.txt /app/requirements.txt
+
+RUN pip install -r /app/requirements.txt && rm /app/requirements.txt
+
+COPY . /app

 CMD ["python3", "-m", "mastoposter", "/config.ini"]
Author	SHA1	Message	Date
Vladimir (vapronva)	5a519505fa	add: some variables were missing for container analysis	2022-09-30 05:00:41 +03:00
Vladimir (vapronva)	2d67f6b0c8	fix: ooops, container scanning should be past building	2022-09-30 04:49:36 +03:00
Vladimir (vapronva)	91685a06e4	add: basic ci docker image building, deepsource sast	2022-09-30 04:08:24 +03:00
Vladimir (vapronva)	80a3d9c89d	add: `dockerignore`; change: df layers handling (🤓)	2022-09-30 02:23:18 +03:00