-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy path.gitlab-ci.yml
More file actions
54 lines (50 loc) · 2.4 KB
/
.gitlab-ci.yml
File metadata and controls
54 lines (50 loc) · 2.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
services:
- "docker:dind"
variables:
# Set env vars, unable to use cmd substitution here, see https://gitlab.com/gitlab-org/gitlab/-/issues/17251
REGISTRY: "registry.gitlab.com"
REPO_SLUG: "${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}"
stages:
- build
- test
build-job:
stage: build
image: docker:stable
before_script:
# Set <username>/<repo> to lowercase
- LOWER_REPO_SLUG=$(echo $REPO_SLUG | tr '[:upper:]' '[:lower:]')
script:
# Build and push Docker image to registry
- echo $CI_REGISTRY_PASSWORD | docker login $REGISTRY -u $CI_REGISTRY_USER --password-stdin
- docker build --platform=linux/amd64 -t ${REGISTRY}/${LOWER_REPO_SLUG}:${CI_COMMIT_REF_NAME} .
- docker push ${REGISTRY}/${LOWER_REPO_SLUG}:${CI_COMMIT_REF_NAME}
mcode-test-job:
stage: test
image: debian:bullseye
before_script:
# Get GitLab username and set <username>/<repo> to lowercase
- GITLAB_USERNAME=forallsecure-demo
- LOWER_REPO_SLUG=mayhem-forallsecure/mcode-action-examples
script:
# Download Mayhem CLI and log in to the Mayhem server
- apt-get update && apt-get install -y curl jq
- curl --no-progress-meter -Lo mayhem-cli ${MAYHEM_URL}/cli/Linux/mayhem && chmod +x mayhem-cli
- MAYHEM_PROMPT=1 ./mayhem-cli login --url ${MAYHEM_URL} --token ${MAYHEM_TOKEN}
# Execute Mayhem run and fail if no run was executed
- run=$(./mayhem-cli --verbosity info run . --project forallsecure-demo/mcode-action-examples/${TARGET} --owner ${GITLAB_USERNAME} --image ${REGISTRY}/${LOWER_REPO_SLUG}:${CI_COMMIT_REF_NAME} --file mayhem/Mayhemfile.${TARGET} --duration 60 --branch-name ${CI_COMMIT_REF_NAME} --revision ${CI_COMMIT_SHA} --ci-url ${CI_PIPELINE_URL});
- if [ -z "${run}" ]; then exit 1; fi
# Otherwise, determine run name and wait for job to complete and artifacts to be ready
- runName=$(echo ${run} | awk -F / '{ print $(NF-1) }');
- ./mayhem-cli --verbosity info wait ${run} --fail-on-defects --owner ${GITLAB_USERNAME} --sarif sarif-${runName}.sarif --junit junit-${runName}.xml;
- status=$(./mayhem-cli --verbosity info show --owner ${GITLAB_USERNAME} --format json ${run} | jq '.[0].status')
- if [[ ${status} == *"stopped"* || ${status} == *"failed"* ]]; then exit 2; fi
parallel:
matrix:
- TARGET: ['lighttpd', 'mayhemit']
artifacts:
when: always
paths:
- 'sarif-*.sarif'
- 'junit-*.xml'
reports:
junit: 'junit-*.xml'