apparmor.d/.gitlab-ci.yml
2023-09-19 18:35:24 +01:00

167 lines
3.6 KiB
YAML

---
include:
- template: Security/SAST.gitlab-ci.yml
variables:
PKGDEST: $CI_PROJECT_DIR/packages
PACKAGER: 'Alexandre Pujol <alexandre@pujol.io>'
stages:
- lint
- test
- build
- preprocess
- deploy
# Code Linter
# -----------
bash:
stage: lint
image: koalaman/shellcheck-alpine
script:
- shellcheck --shell=bash
PKGBUILD dists/build.sh dists/docker.sh
tests/packer/init/init.sh tests/packer/src/aa-update tests/packer/init/clean.sh
debian/apparmor.d.postinst debian/apparmor.d.postrm
golangci-lint:
stage: lint
image: golangci/golangci-lint
script:
- golangci-lint run
packer:
stage: lint
image:
name: hashicorp/packer:latest
entrypoint: [""]
script:
- cd tests &&
packer fmt --check packer/ &&
packer validate --syntax-only packer/
sast:
stage: lint
# Code test
# ---------
tests:
stage: test
image: golang
coverage: '/Coverage: \d+.\d+/'
script:
- apt update && apt install -y rsync
- cp tests/journalctl /usr/bin/journalctl
- chmod 755 /usr/bin/journalctl
- mkdir -p /var/log/audit/
- touch /var/log/audit/audit.log /var/log/audit/audit.log.1
- go test ./cmd/... -v -cover -coverprofile=coverage.out
- go test ./pkg/... -v -cover -coverprofile=coverage.out
- go tool cover -func=coverage.out
# Package Build
# -------------
archlinux:
stage: build
image: registry.gitlab.com/roddhjav/builders/archlinux
script:
- sudo pacman -Syu --noconfirm --noprogressbar
- makepkg -s --noconfirm --noprogressbar
artifacts:
expire_in: 1 day
paths:
- $PKGDEST/*
debian:
stage: build
image: registry.gitlab.com/roddhjav/builders/debian
script:
- sudo chown -R build:build /builds/
- git config --global --add safe.directory $CI_PROJECT_DIR
- VERSION="0.$(git rev-list --count HEAD)-1"
- mkdir -p "$PKGDEST"
- sudo apt-get update -q && sudo apt-get install -y config-package-dev rsync
- sudo apt-get install -y -t bullseye-backports golang-go
- dpkg-buildpackage -b -d --no-sign
- mv ../*.deb $PKGDEST/
artifacts:
expire_in: 1 day
paths:
- $PKGDEST/*.deb
ubuntu:
extends: debian
variables:
DISTRIBUTION: ubuntu
# Profile Preprocessing
# ---------------------
preprocess-archlinux:
stage: preprocess
image: archlinux
dependencies:
- archlinux
script:
- pacman -Syu --noconfirm --noprogressbar apparmor
- pacman -U --noconfirm --noprogressbar $PKGDEST/*
- apparmor_parser --preprocess /etc/apparmor.d 1> /dev/null
preprocess-debian:
stage: preprocess
image: debian
dependencies:
- debian
script:
- apt-get update -q
- apt-get install -y apparmor apparmor-profiles
- dpkg --install $PKGDEST/*
- apparmor_parser --preprocess /etc/apparmor.d 1> /dev/null
preprocess-ubuntu:
stage: preprocess
image: ubuntu
dependencies:
- ubuntu
script:
- apt-get update -q
- apt-get install -y apparmor apparmor-profiles
- dpkg --install $PKGDEST/*
- apparmor_parser --preprocess /etc/apparmor.d 1> /dev/null
preprocess-opensuse:
stage: preprocess
image: opensuse/tumbleweed
script:
- zypper install -y apparmor-profiles go git rsync util-linux findutils make
- make
- make install
- apparmor_parser --preprocess /etc/apparmor.d 1> /dev/null
# Deploy the documentation
# ------------------------
pages:
stage: deploy
image: python
variables:
GIT_STRATEGY: clone
GIT_DEPTH: 0
script:
- pip install -r requirements.txt
- mkdocs build --verbose --site-dir public
artifacts:
paths:
- public
rules:
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH