Initial commit

*

!scripts

 No newline at end of file

stages:

  - package

  - test-package

  - deploy

docker-build-dev:

  stage: package

  image: redmic/docker-gitlab

  variables:

    DOCKER_DRIVER: overlay2

  services:

    - docker:dind

  only:

    - branches

  except:

    - master

  script:

    - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}

    - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}-latest .

    - docker push ${CI_REGISTRY_IMAGE}

docker-build-pro:

  stage: package

  image: redmic/docker-gitlab

  variables:

    DOCKER_DRIVER: overlay2

  services:

    - docker:dind

  only:

    - master

  script:

    - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}

    - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:latest .

    - docker push ${CI_REGISTRY_IMAGE}

container_scanning:

  stage: test-package

  image: docker:stable

  variables:

    DOCKER_DRIVER: overlay2

  allow_failure: true

  services:

    - docker:stable-dind

  only:

    - branches

  except:

    - master

  script:

    - docker run -d --name db arminc/clair-db:latest

    - docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1

    - apk add -U wget ca-certificates

    - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}

    - docker pull ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}

    - wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64

    - mv clair-scanner_linux_amd64 clair-scanner

    - chmod +x clair-scanner

    - touch clair-whitelist.yml

    - ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} || true

  artifacts:

    paths: [gl-sast-container-report.json]

deploy-backup-dev:

  stage: deploy

  image: redmic/docker-gitlab

  variables:

    DOCKER_DRIVER: overlay2

    SSH_REMOTE: ${DEV_SSH_REMOTE}

    SERVICE: ${CI_PROJECT_NAME}

    IMAGE_TAG: ${CI_COMMIT_SHA}

    COMPOSE_FILE: docker-compose.tmpl.yml:docker-compose.dev.yml

  services:

    - docker:dind

  script:

    - >

      deploy.sh DOCKER_ENV_CI_REGISTRY_IMAGE=${DOCKER_ENV_CI_REGISTRY_IMAGE} COMPOSE_FILE=${COMPOSE_FILE}

      POSTGRES_USER=${POSTGRES_USER} POSTGRES_PASSWORD=${POSTGRES_PASSWORD}

      POSTGRES_HOSTNAME=${POSTGRES_HOSTNAME} BUCKET_BACKUP_DB=${BUCKET_BACKUP_DB}

      AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}

  environment:

    name: dev

  only:

    - dev

  when: manual

FROM alpine:3.7

ENV POSTGRES_PORT="5432" \

	POSTGRES_HOSTNAME="postgresql-master" \

	POSTGRES_USER="postgres" \

	POSTGRES_PASSWORD="password" \

	POSTGRES_PASS_FILE='/root/.pgpass' \

	POSTGRES_DUMP_PATH="/tmp/backup" \

	AWS_DEFAULT_REGION="eu-west-1" \

	AWS_OUTPUT="json"

COPY scripts /usr/local/bin

RUN apk add --no-cache postgresql-client \

 			python3 \

			bash && \

	pip3 install --no-cache-dir --upgrade awscli && \

	rm -rf /var/cache/apk/* && \

	mkdir -p $POSTGRES_DUMP_PATH && \

	chmod +x /usr/local/bin/*.sh

ENTRYPOINT ["docker-entrypoint.sh"]

 No newline at end of file

version: '3.5'

services:

  backup-db:

    container_name: backup-db

    restart: on-failure:3