mirror of
https://gitea.com/mcereda/oam.git
synced 2026-02-08 21:34:25 +00:00
78 lines
2.6 KiB
YAML
78 lines
2.6 KiB
YAML
---
|
|
|
|
print-postgis-service-logs:
|
|
when: manual
|
|
variables:
|
|
CI_DEBUG_SERVICES: "true"
|
|
services:
|
|
- name: postgis/postgis:15-3.4@sha256:6a6eb58d25a331da1d2532412641330b064ffec33f294aa5a7812fe26a6ed2f3
|
|
alias: db
|
|
variables:
|
|
POSTGRES_DB: postgres
|
|
POSTGRES_USER: postgres
|
|
POSTGRES_PASSWORD: postgres
|
|
POSTGRES_HOST_AUTH_METHOD: trust
|
|
script:
|
|
- echo 'hello!!'
|
|
|
|
docker-build-image-dind:
|
|
rules:
|
|
- when: manual
|
|
variables:
|
|
BUILDER_NAME: tmp-$CI_JOB_ID
|
|
DOCKER_VERSION: '26.1.2'
|
|
GIT_DEPTH: '1'
|
|
IMAGE_NAME: $CI_PROJECT_NAME
|
|
IMAGE_TAG: $CI_COMMIT_SHORT_SHA
|
|
PLATFORM: linux/amd64
|
|
services:
|
|
- docker:$DOCKER_VERSION-dind
|
|
image: library/docker:DOCKER_VERSION-cli-alpine3.19
|
|
before_script:
|
|
- docker info
|
|
- docker buildx create --driver 'docker-container' --name "$BUILDER_NAME" --use
|
|
script:
|
|
- docker buildx build --platform "$PLATFORM" --tag "$IMAGE_NAME/$IMAGE_TAG" '.'
|
|
after_script:
|
|
- docker buildx rm "$BUILDER_NAME"
|
|
|
|
powerpipe-report:
|
|
# Strongly suggested to just create your own image for this.
|
|
# Initializing it from scratch alone takes me about 8 mins.
|
|
stage: test
|
|
rules:
|
|
- when: manual
|
|
variables:
|
|
DEBIAN_FRONTEND: noninteractive
|
|
POWERPIPE_MOD_LOCATION: /home/piper/powerpipe
|
|
POWERPIPE_TELEMETRY: none
|
|
POWERPIPE_UPDATE_CHECK: 'false'
|
|
POWERPIPE_VERSION: v0.3.0
|
|
STEAMPIPE_MOD_LOCATION: /home/piper/steampipe
|
|
STEAMPIPE_TELEMETRY: none
|
|
STEAMPIPE_UPDATE_CHECK: 'false'
|
|
STEAMPIPE_VERSION: v0.23.2
|
|
image: library/debian:12.5-slim@sha256:804194b909ef23fb995d9412c9378fb3505fe2427b70f3cc425339e48a828fca
|
|
before_script:
|
|
- |-
|
|
: "${AWS_ACCESS_KEY_ID?required}"
|
|
: "${AWS_SECRET_ACCESS_KEY?required}"
|
|
- adduser --disabled-password --gecos '' --shell '/bin/sh' 'piper'
|
|
- apt update
|
|
- apt install --assume-yes --no-install-recommends 'curl' 'ca-certificates'
|
|
- curl -fsSL -O 'https://steampipe.io/install/steampipe.sh' -O 'https://powerpipe.io/install/powerpipe.sh'
|
|
- su piper -c "mkdir -pv '$STEAMPIPE_MOD_LOCATION' '$POWERPIPE_MOD_LOCATION'"
|
|
- /bin/sh steampipe.sh "$STEAMPIPE_VERSION"
|
|
- /bin/sh powerpipe.sh "$POWERPIPE_VERSION"
|
|
- su piper -c "steampipe service start --database-listen 'local'"
|
|
script:
|
|
- su piper -c "steampipe plugin install 'aws'"
|
|
- su piper -c "powerpipe mod install 'github.com/turbot/steampipe-mod-aws-compliance'"
|
|
- su piper -c "powerpipe benchmark run 'aws_compliance.benchmark.gdpr' --export 'nunit3'"
|
|
artifacts:
|
|
when: always
|
|
expire_in: 1 week
|
|
reports:
|
|
# not a junit, so useless, but hey…
|
|
junit: "*.nunit3.xml"
|