From c001ab122d11ae60ff2364d31f7a4838fe40ba21 Mon Sep 17 00:00:00 2001 From: David Lambauer Date: Tue, 3 Dec 2019 17:34:56 +0100 Subject: [PATCH] init --- .gitignore | 2 ++ README.md | 2 ++ deployment/deployer.yaml | 11 +++++++++ deployment/pages.yaml | 11 +++++++++ laravel/phpcs.yaml | 16 +++++++++++++ laravel/phpmd.yaml | 17 ++++++++++++++ linter/json.yaml | 12 ++++++++++ linter/markdown_spellcheck.yaml | 15 ++++++++++++ linter/php7.1.yaml | 10 ++++++++ linter/php7.2.yaml | 10 ++++++++ linter/php7.3.yaml | 10 ++++++++ linter/php7.4.yaml | 10 ++++++++ linter/xml.yaml | 11 +++++++++ linter/yaml.yaml | 10 ++++++++ magento2/phpcs.yaml | 17 ++++++++++++++ static/pdepend.yaml | 17 ++++++++++++++ static/phpcpd.yaml | 16 +++++++++++++ static/phpmetrics.yaml | 16 +++++++++++++ test/security_sensiolab.yaml | 19 +++++++++++++++ test/security_zap_baseline.yaml | 41 +++++++++++++++++++++++++++++++++ test/sitespeed.yaml | 11 +++++++++ test/smoke.yaml | 12 ++++++++++ 22 files changed, 296 insertions(+) create mode 100644 .gitignore create mode 100644 README.md create mode 100644 deployment/deployer.yaml create mode 100644 deployment/pages.yaml create mode 100644 laravel/phpcs.yaml create mode 100644 laravel/phpmd.yaml create mode 100644 linter/json.yaml create mode 100644 linter/markdown_spellcheck.yaml create mode 100644 linter/php7.1.yaml create mode 100644 linter/php7.2.yaml create mode 100644 linter/php7.3.yaml create mode 100644 linter/php7.4.yaml create mode 100644 linter/xml.yaml create mode 100644 linter/yaml.yaml create mode 100644 magento2/phpcs.yaml create mode 100644 static/pdepend.yaml create mode 100644 static/phpcpd.yaml create mode 100644 static/phpmetrics.yaml create mode 100644 test/security_sensiolab.yaml create mode 100644 test/security_zap_baseline.yaml create mode 100644 test/sitespeed.yaml create mode 100644 test/smoke.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4befed3 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.DS_Store +.idea diff --git a/README.md b/README.md new file mode 100644 index 0000000..0ea453f --- /dev/null +++ b/README.md @@ -0,0 +1,2 @@ +# Gitlab Pipeline Templates + diff --git a/deployment/deployer.yaml b/deployment/deployer.yaml new file mode 100644 index 0000000..1d7c362 --- /dev/null +++ b/deployment/deployer.yaml @@ -0,0 +1,11 @@ +variables: + DEPLOYER_CONFIG: 'deployment/deploy.php' + DEPLOY_STAGE: 'staging' + +'Deplyoer': + stage: deploy + image: composer + script: + - composer create-project deployer/deployer /tmp/deployer + - cd $(dirname ${DEPLOYER_CONFIG}) + - php /tmp/deployer/bin/dep deploy --branch=$CI_COMMIT_REF_NAME $DEPLOY_STAGE diff --git a/deployment/pages.yaml b/deployment/pages.yaml new file mode 100644 index 0000000..bec6e36 --- /dev/null +++ b/deployment/pages.yaml @@ -0,0 +1,11 @@ +pages: + stage: pages + allow_failure: true + script: + - | + [[ -d reports ]] && mv reports public/ + - cp -R build/pages/* public + artifacts: + paths: + - public + expire_in: 7 days diff --git a/laravel/phpcs.yaml b/laravel/phpcs.yaml new file mode 100644 index 0000000..6c836bc --- /dev/null +++ b/laravel/phpcs.yaml @@ -0,0 +1,16 @@ +variables: + LINT_DIRS: "app/code src" # Separate multiple dirs with spaces + +'Codestyle': + stage: static + image: composer + allow_failure: true + before_script: [] + script: + - composer create-project doctrine/coding-standard /tmp/cs + - mkdir -p reports/phpcs + - php /tmp/cs/vendor/bin/phpcs --standard=Doctrine --report=full --report=reports/phpcs/ --no-cache $LINT_DIRS + artifacts: + paths: + - reports + expire_in: 30m diff --git a/laravel/phpmd.yaml b/laravel/phpmd.yaml new file mode 100644 index 0000000..f256ff9 --- /dev/null +++ b/laravel/phpmd.yaml @@ -0,0 +1,17 @@ +variables: + LINT_DIRS: "app/code src" # Separate multiple dirs with spaces + +'Mess Detection': + stage: static + image: composer + before_script: [] + allow_failure: true + script: + - composer create-project phpmd/phpmd /tmp/phpmd + - mkdir -p reports + - for dir in $LINT_DIRS; do mkdir -p reports/phpmd/${dir}; done; + - for dir in $LINT_DIRS; do php /tmp/phpmd/src/bin/phpmd $dir html cleancode,codesize,design,unusedcode --reportfile reports/${dir}/phpmd-report.html --ignore-violations-on-exit; done; + artifacts: + paths: + - reports + expire_in: 30m diff --git a/linter/json.yaml b/linter/json.yaml new file mode 100644 index 0000000..35ba9c8 --- /dev/null +++ b/linter/json.yaml @@ -0,0 +1,12 @@ +variables: + LINT_DIRS: "app/code src" # Separate multiple dirs with spaces + +'Json Linting': + stage: lint + allow_failure: true + image: pipelinecomponents/jsonlint + before_script: [] + script: + - | + find $LINT_DIRS -not -path './.git/*' -name '*.json' -type f -print0 | + parallel --will-cite -k -0 -n1 jsonlint -q diff --git a/linter/markdown_spellcheck.yaml b/linter/markdown_spellcheck.yaml new file mode 100644 index 0000000..9753652 --- /dev/null +++ b/linter/markdown_spellcheck.yaml @@ -0,0 +1,15 @@ +variables: + DOCS_DIRS: "app/code src" # Separate multiple dirs with spaces + +'Spellcheck the docs': + stage: lint + allow_failure: true + image: node:9.11.1 + before_script: [] + cache: + paths: + - node_modules/ + script: + - npm i markdown-spellcheck -g + - mdspell --en-us --ignore-acronyms --ignore-numbers --report "$DOCS_DIRS/**/*.md" + diff --git a/linter/php7.1.yaml b/linter/php7.1.yaml new file mode 100644 index 0000000..61e17b1 --- /dev/null +++ b/linter/php7.1.yaml @@ -0,0 +1,10 @@ +variables: + LINT_DIRS: "app/code src" # Separate multiple dirs with spaces + +'PHP 7.1 Linting': + stage: lint + image: php:7.1 + before_script: [] + allow_failure: false + script: + - sh -c 'if find ${LINT_DIRS} -name "*.php" -exec php -l {} 2>&1 \; | grep -v "^No syntax errors detected"; then exit 1; fi' diff --git a/linter/php7.2.yaml b/linter/php7.2.yaml new file mode 100644 index 0000000..e47d5d6 --- /dev/null +++ b/linter/php7.2.yaml @@ -0,0 +1,10 @@ +variables: + LINT_DIRS: "app/code src" # Separate multiple dirs with spaces + +'PHP 7.2 Linting': + stage: lint + image: php:7.2 + before_script: [] + allow_failure: false + script: + - sh -c 'if find ${LINT_DIRS} -name "*.php" -exec php -l {} 2>&1 \; | grep -v "^No syntax errors detected"; then exit 1; fi' diff --git a/linter/php7.3.yaml b/linter/php7.3.yaml new file mode 100644 index 0000000..f2ac1c5 --- /dev/null +++ b/linter/php7.3.yaml @@ -0,0 +1,10 @@ +variables: + LINT_DIRS: "app/code src" # Separate multiple dirs with spaces + +'PHP 7.3 Linting': + stage: lint + image: php:7.3 + before_script: [] + allow_failure: false + script: + - sh -c 'if find ${LINT_DIRS} -name "*.php" -exec php -l {} 2>&1 \; | grep -v "^No syntax errors detected"; then exit 1; fi' diff --git a/linter/php7.4.yaml b/linter/php7.4.yaml new file mode 100644 index 0000000..4cfb030 --- /dev/null +++ b/linter/php7.4.yaml @@ -0,0 +1,10 @@ +variables: + LINT_DIRS: "app/code src" # Separate multiple dirs with spaces + +'PHP 7.4 Linting': + stage: lint + image: php:7.4 + before_script: [] + allow_failure: false + script: + - sh -c 'if find ${LINT_DIRS} -name "*.php" -exec php -l {} 2>&1 \; | grep -v "^No syntax errors detected"; then exit 1; fi' diff --git a/linter/xml.yaml b/linter/xml.yaml new file mode 100644 index 0000000..1b8ac68 --- /dev/null +++ b/linter/xml.yaml @@ -0,0 +1,11 @@ +variables: + LINT_DIRS: "app/code src" # Separate multiple dirs with spaces + +'XML Linting': + stage: lint + allow_failure: true + image: composer + before_script: [] + script: + - composer create-project sclable/xml-lint /tmp/xml-lint + - for dir in $LINT_DIRS; do php /tmp/xml-lint/bin/xmllint --skip-xsd $dir; done; diff --git a/linter/yaml.yaml b/linter/yaml.yaml new file mode 100644 index 0000000..0238c09 --- /dev/null +++ b/linter/yaml.yaml @@ -0,0 +1,10 @@ +variables: + LINT_DIRS: "src app/code" # Separate multiple dirs with spaces + +'Yaml Linting': + stage: lint + allow_failure: true + before_script: [] + image: sdesbure/yamllint + script: + - for dir in $LINT_DIRS; do yamllint $LINT_DIRS $dir; done; diff --git a/magento2/phpcs.yaml b/magento2/phpcs.yaml new file mode 100644 index 0000000..dd2e080 --- /dev/null +++ b/magento2/phpcs.yaml @@ -0,0 +1,17 @@ +variables: + LINT_DIRS: "app/code src" # Separate multiple dirs with spaces + +'Codestyle': + stage: static + image: composer + allow_failure: true + before_script: [] + script: + - composer create-project magento/magento-coding-standard /tmp/meqp2 + - mkdir -p reports + - for dir in $LINT_DIRS; do mkdir -p reports/phpcs/$dir; done; + - for dir in $LINT_DIRS; do php /tmp/meqp2/vendor/bin/phpcs $dir --standard=Magento2 --severity=10 --extensions=php,phtml --report=full --report-file=reports/phpcs/${dir}/phpcs-report.log; done; + artifacts: + paths: + - reports + expire_in: 30m diff --git a/static/pdepend.yaml b/static/pdepend.yaml new file mode 100644 index 0000000..7db5dcb --- /dev/null +++ b/static/pdepend.yaml @@ -0,0 +1,17 @@ +variables: + LINT_DIRS: "src app/code" # Separate multiple dirs with spaces + +'Dependency Analyzer': + stage: static + image: composer + allow_failure: true + before_script: [] + script: + - composer create-project pdepend/pdepend /tmp/pdepend + - mkdir -p reports/pdepend + - for dir in $LINT_DIRS; do mkdir -p reports/pdepend/$dir; done; + - for dir in $LINT_DIRS; do php /tmp/pdepend/src/bin/pdepend.php --overview-pyramid=reports/pdepend/${dir}/overview-pyramid.svg --jdepend-chart=reports/pdepend/${dir}/jdepend-chart.svg $dir; done; + artifacts: + paths: + - reports + expire_in: 30m diff --git a/static/phpcpd.yaml b/static/phpcpd.yaml new file mode 100644 index 0000000..eb26d0c --- /dev/null +++ b/static/phpcpd.yaml @@ -0,0 +1,16 @@ +variables: + LINT_DIRS: "app/code src" # Separate multiple dirs with spaces + +'Copy/Paste Detection': + stage: static + image: composer + allow_failure: true + before_script: [] + script: + - composer create-project sebastian/phpcpd /tmp/phpcpd + - mkdir -p reports/phpcpd + - php /tmp/phpcpd/phpcpd --regexps-exclude="#.*Test.*#" --log-pmd=reports/phpcpd/phpcpd.xml $LINT_DIRS + artifacts: + paths: + - reports + expire_in: 30m diff --git a/static/phpmetrics.yaml b/static/phpmetrics.yaml new file mode 100644 index 0000000..87b0856 --- /dev/null +++ b/static/phpmetrics.yaml @@ -0,0 +1,16 @@ +variables: + LINT_DIRS: "app/code src" # Separate multiple dirs with spaces + +'PHP Metrics': + stage: static + allow_failure: true + image: composer + before_script: [] + script: + - composer create-project phpmetrics/phpmetrics /tmp/phpmetrics + - mkdir -p reports/phpmetrics + - php /tmp/phpmetrics/bin/phpmetrics --report-html=reports/phpmetrics $LINT_DIRS + artifacts: + paths: + - reports + expire_in: 30m diff --git a/test/security_sensiolab.yaml b/test/security_sensiolab.yaml new file mode 100644 index 0000000..bdb2d08 --- /dev/null +++ b/test/security_sensiolab.yaml @@ -0,0 +1,19 @@ +variables: + PRODUCTION_URL: 'https://example.com/override-me' + +'Security Advisories': + stage: security + allow_failure: false + dependencies: [] + before_script: [] + image: php:7.3 + only: + - master + script: + - mkdir -p reports + - curl -O https://get.sensiolabs.org/security-checker.phar + - php security-checker.phar security:check composer.lock | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" | tee reports/security_advisories.txt + artifacts: + paths: + - reports + expire_in: 30m diff --git a/test/security_zap_baseline.yaml b/test/security_zap_baseline.yaml new file mode 100644 index 0000000..4f75b75 --- /dev/null +++ b/test/security_zap_baseline.yaml @@ -0,0 +1,41 @@ +variables: + PRODUCTION_URL: "https://example.com/override-me" + +'OWASP ZAP Baseline': + stage: post-deploy + before_script: [] + image: + name: owasp/zap2docker-weekly + entrypoint: [""] + script: + - | + cat > zap.conf << EOF + 10010 IGNORE (Cookie No HttpOnly Flag) + 10011 IGNORE (Cookie Without Secure Flag) + 10012 IGNORE (Password Autocomplete in Browser) + 10015 IGNORE (Incomplete or No Cache-control and Pragma HTTP Header Set) + 10016 FAIL (Web Browser XSS Protection Not Enabled) + 10017 IGNORE (Cross-Domain JavaScript Source File Inclusion) + 10019 FAIL (Content-Type Header Missing) + 10020 FAIL (X-Frame-Options Header Scanner) + 10021 IGNORE (X-Content-Type-Options Header Missing) + 10023 FAIL (Information Disclosure - Debug Error Messages) + 10024 FAIL (Information Disclosure - Sensitive Informations in URL) + 10025 FAIL (Information Disclosure - Sensitive Information in HTTP Referrer Header) + 10026 FAIL (HTTP Parameter Override) + 10027 FAIL (Information Disclosure - Suspicious Comments) + 10032 FAIL (Viewstate Scanner) + 10040 FAIL (Secure Pages Include Mixed Content) + 10054 IGNORE (Cookie Without SameSite Attribute) + 10105 FAIL (Weak Authentication Method) + 10202 IGNORE (Absence of Anti-CSRF Tokens) + 2 FAIL (Private IP Disclosure) + 3 FAIL (Session ID in URL Rewrite) + 50001 FAIL (Script Passive Scan Rules) + 90001 FAIL (Insecure JSF ViewState) + 90011 FAIL (Charset Mismatch) + 90022 FAIL (Application Error Disclosure) + 90030 FAIL (WSDL File Passive Scanner) + 90033 FAIL (Loosely Scoped Cookie) + EOF + - zap-baseline.py -I -t $PRODUCTION_URL -u file://$(pwd)/zap.conf diff --git a/test/sitespeed.yaml b/test/sitespeed.yaml new file mode 100644 index 0000000..6235a82 --- /dev/null +++ b/test/sitespeed.yaml @@ -0,0 +1,11 @@ +variables: + SITESPEED_URL: https://example.com/override-me + +'Sitespeed': + stage: post-deploy + image: + name: sitespeedio/sitespeed.io:10.3.2 + entrypoint: [""] + before_script: [] + script: + - /start.sh $SITESPEED_URL diff --git a/test/smoke.yaml b/test/smoke.yaml new file mode 100644 index 0000000..8a44bda --- /dev/null +++ b/test/smoke.yaml @@ -0,0 +1,12 @@ +variables: + CIGAR_JSON: .cigar.json + SMOKE_TEST_BASE_URL: "https://example.com/override-me" + +'Smoke Test': + stage: post-deploy + before_script: [] + image: + name: brunty/cigar:1.12.3 + entrypoint: [""] + script: + - if [ -f $CIGAR_JSON ]; then cigar -u $SMOKE_TEST_BASE_URL -c $CIGAR_JSON; fi