apparmor.d/.gitlab-ci.yml

---

include:
  - template: Security/SAST.gitlab-ci.yml

variables:
  PKGDEST: $CI_PROJECT_DIR/packages
  PACKAGER: 'Alexandre Pujol <alexandre@pujol.io>'

stages:
  - lint
  - test
  - build
  - preprocess


# Code Linter
# -----------

bash:
  stage: lint
  image: koalaman/shellcheck-alpine
  script:
    - shellcheck --shell=bash
        PKGBUILD configure pick
        debian/apparmor.d.postinst debian/apparmor.d.postrm

golangci-lint:
  stage: lint
  image: golangci/golangci-lint
  script:
    - golangci-lint run

hadolint:
  stage: lint
  image: hadolint/hadolint:latest-alpine
  script:
    - hadolint dists/build/*/Dockerfile

sast:
  stage: lint


# Code test
# ---------

tests:
  stage: test
  image: golang
  script:
    - cp tests/journalctl /usr/bin/journalctl
    - chmod 755 /usr/bin/journalctl
    - go test ./cmd/aa-log -v -cover


# Package Build
# -------------

archlinux:
  stage: build
  image: registry.gitlab.com/archlex/packages/builders/archlinux
  script:
    - sudo pacman -Syu --noconfirm --noprogressbar lsb-release
    - makepkg -s --noconfirm --noprogressbar
  artifacts:
    expire_in: 1 day
    paths:
      - $PKGDEST/*

debian:
  stage: build
  image: registry.gitlab.com/archlex/packages/builders/debian
  script:
    - VERSION="$(date +%y.%m%d)-1"
    - mkdir -p "$PKGDEST"
    - sudo apt-get update -q && sudo apt-get install -y  golang-go lsb-release rsync
    - dch --newversion=$VERSION --urgency=medium --distribution=stable --controlmaint "Release $VERSION"
    - dpkg-buildpackage -b -d --no-sign
    - mv ../*.deb $PKGDEST/
  artifacts:
    expire_in: 1 day
    paths:
      - $PKGDEST/*.deb


# Profile Preprocessing
# ---------------------

preprocess-archlinux:
  stage: preprocess
  image: archlinux
  dependencies:
    - archlinux
  script:
    - pacman -Syu --noconfirm --noprogressbar apparmor
    - pacman -U --noconfirm --noprogressbar
        --overwrite etc/apparmor.d/tunables/global
        --overwrite etc/apparmor.d/tunables/xdg-user-dirs
        --overwrite etc/apparmor.d/abstractions/trash
        $PKGDEST/*
    - apparmor_parser --preprocess /etc/apparmor.d 1> /dev/null

preprocess-debian:
  stage: preprocess
  image: debian
  dependencies:
    - debian
  script:
    - apt-get update -q
    - apt-get install -y apparmor apparmor-profiles
    - dpkg --install $PKGDEST/*
    - apparmor_parser --preprocess /etc/apparmor.d 1> /dev/null
Add Gitlab CI. 2021-04-04 00:30:06 +02:00			`---`

Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`include:`
			`- template: Security/SAST.gitlab-ci.yml`

Add Gitlab CI. 2021-04-04 00:30:06 +02:00			`variables:`
			`PKGDEST: $CI_PROJECT_DIR/packages`
			`PACKAGER: 'Alexandre Pujol <alexandre@pujol.io>'`

			`stages:`
			`- lint`
ci: enable aa-log tests. 2021-12-05 01:21:16 +01:00			`- test`
CI: add preprocessing for Debian. 2021-09-27 20:20:27 +02:00			`- build`
Add Gitlab CI. 2021-04-04 00:30:06 +02:00			`- preprocess`


			`# Code Linter`
			`# -----------`

			`bash:`
			`stage: lint`
			`image: koalaman/shellcheck-alpine`
			`script:`
			`- shellcheck --shell=bash`
Add 'pick', a tooll to install some AppArmor profiles. 2021-12-05 20:17:53 +01:00			`PKGBUILD configure pick`
Add Gitlab CI. 2021-04-04 00:30:06 +02:00			`debian/apparmor.d.postinst debian/apparmor.d.postrm`

Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`golangci-lint:`
			`stage: lint`
			`image: golangci/golangci-lint`
			`script:`
Move go code to a more common directory. 2021-11-23 21:20:06 +01:00			`- golangci-lint run`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00
ci: add linter for dev container files. 2022-10-06 21:55:35 +02:00			`hadolint:`
			`stage: lint`
			`image: hadolint/hadolint:latest-alpine`
			`script:`
			`- hadolint dists/build/*/Dockerfile`

Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`sast:`
			`stage: lint`

Add Gitlab CI. 2021-04-04 00:30:06 +02:00
ci: enable aa-log tests. 2021-12-05 01:21:16 +01:00			`# Code test`
			`# ---------`

			`tests:`
			`stage: test`
			`image: golang`
			`script:`
test: add a dummy output for journalctl --user -b -u dbus.service -o json 2022-10-15 23:05:52 +02:00			`- cp tests/journalctl /usr/bin/journalctl`
			`- chmod 755 /usr/bin/journalctl`
ci: enable aa-log tests. 2021-12-05 01:21:16 +01:00			`- go test ./cmd/aa-log -v -cover`


Add Gitlab CI. 2021-04-04 00:30:06 +02:00			`# Package Build`
			`# -------------`

			`archlinux:`
CI: add preprocessing for Debian. 2021-09-27 20:20:27 +02:00			`stage: build`
ci: fix build image name. 2022-07-22 13:09:07 +02:00			`image: registry.gitlab.com/archlex/packages/builders/archlinux`
Add Gitlab CI. 2021-04-04 00:30:06 +02:00			`script:`
ci: add lsb-release. 2021-12-05 01:23:49 +01:00			`- sudo pacman -Syu --noconfirm --noprogressbar lsb-release`
Add Gitlab CI. 2021-04-04 00:30:06 +02:00			`- makepkg -s --noconfirm --noprogressbar`
			`artifacts:`
			`expire_in: 1 day`
			`paths:`
			`- $PKGDEST/*`

			`debian:`
CI: add preprocessing for Debian. 2021-09-27 20:20:27 +02:00			`stage: build`
Add Gitlab CI. 2021-04-04 00:30:06 +02:00			`image: registry.gitlab.com/archlex/packages/builders/debian`
			`script:`
			`- VERSION="$(date +%y.%m%d)-1"`
			`- mkdir -p "$PKGDEST"`
buid(debian): remove config-package build deps. 2022-10-16 00:14:09 +02:00			`- sudo apt-get update -q && sudo apt-get install -y golang-go lsb-release rsync`
Add Gitlab CI. 2021-04-04 00:30:06 +02:00			`- dch --newversion=$VERSION --urgency=medium --distribution=stable --controlmaint "Release $VERSION"`
			`- dpkg-buildpackage -b -d --no-sign`
			`- mv ../*.deb $PKGDEST/`
			`artifacts:`
			`expire_in: 1 day`
			`paths:`
			`- $PKGDEST/*.deb`


			`# Profile Preprocessing`
			`# ---------------------`

CI: add preprocessing for Debian. 2021-09-27 20:20:27 +02:00			`preprocess-archlinux:`
Add Gitlab CI. 2021-04-04 00:30:06 +02:00			`stage: preprocess`
			`image: archlinux`
			`dependencies:`
			`- archlinux`
			`script:`
			`- pacman -Syu --noconfirm --noprogressbar apparmor`
CI: overwrite some tunables. 2021-08-22 17:02:07 +02:00			`- pacman -U --noconfirm --noprogressbar`
			`--overwrite etc/apparmor.d/tunables/global`
			`--overwrite etc/apparmor.d/tunables/xdg-user-dirs`
build: for now lets overwrite abstractions/trash. As the upstreaming content is a goal, it will be important to have a better way to manage it. 2022-09-06 18:56:29 +02:00			`--overwrite etc/apparmor.d/abstractions/trash`
CI: overwrite some tunables. 2021-08-22 17:02:07 +02:00			`$PKGDEST/*`
Add Gitlab CI. 2021-04-04 00:30:06 +02:00			`- apparmor_parser --preprocess /etc/apparmor.d 1> /dev/null`
CI: add preprocessing for Debian. 2021-09-27 20:20:27 +02:00
			`preprocess-debian:`
			`stage: preprocess`
			`image: debian`
			`dependencies:`
			`- debian`
			`script:`
			`- apt-get update -q`
Debian: improve install method. 2021-09-27 21:24:22 +02:00			`- apt-get install -y apparmor apparmor-profiles`
CI: add preprocessing for Debian. 2021-09-27 20:20:27 +02:00			`- dpkg --install $PKGDEST/*`
			`- apparmor_parser --preprocess /etc/apparmor.d 1> /dev/null`