Update GitLab CI configuration and add the terraform file

5e06f436 · Hiba AWAD · 027fc10d · 5e06f436
Commit 5e06f436 authored 5 months ago by Hiba AWAD
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+stages:
+  - build
+  - test
+  - deploy
+
+Build:
+  stage: build
+  services:
+    - docker:dind
+  image: docker:stable
+  script:
+    ######Commented just for testing########
+    #- docker build -t test_docker .
+    #- docker run  test_docker
+    ##############################################
+    - echo "The file is already in the project"
+
+#l
+
+Tfsec:
+  stage: test
+  environment:
+    name: Security
+  script:
+    - echo "Running security tests..."
+    - wget https://github.com/aquasecurity/trivy/releases/download/v0.46.1/trivy_0.46.1_Linux-64bit.tar.gz
+    - tar zxvf  trivy_0.46.1_Linux-64bit.tar.gz 
+    - mv trivy /usr/local/bin/trivy
+    - chmod +x /usr/local/bin/trivy
+    - trivy --version
+    - trivy config ./terraform/aws.tf > trivy_report.txt
+    - |
+
+      LOW_FAILURES=$(awk '/LOW: [0-9]+/ {print $NF}' trivy_report.txt)
+      MEDIUM_FAILURES=$(awk '/MEDIUM: [0-9]+/ {print $NF}' trivy_report.txt)
+      HIGH_FAILURES=$(awk '/HIGH: [0-9]+/ {print $NF}' trivy_report.txt)
+      CRITICAL_FAILURES=$(grep -o 'CRITICAL: [0-9]*' trivy_report.txt | cut -d ' ' -f 2 | grep -v '^$')
+      echo "Number of critical failures: $CRITICAL_FAILURES"
+      if [ "$LOW_FAILURES" -gt $low ]  || [ "$MEDIUM_FAILURES" -gt $med ]  || [ "$HIGH_FAILURES" -gt $high ]  || [ "$CRITICAL_FAILURES" -gt $critical ]; then
+       echo "The failures conditions are not met."
+       trivy config ./terraform/aws.tf
+       exit 1
+      else
+        echo "All conditions are within limits"
+      fi
+  artifacts:
+    paths:
+      - trivy_report.txt
+  rules:
+    - needs:
+      - Build
+      
+  allow_failure: true
+
+Infracost:
+  stage: test
+  environment:
+    name: Cost
+  script:
+    - echo "Cost estimation..."
+    #Infracost installation
+    - wget https://github.com/infracost/infracost/releases/latest/download/infracost-linux-amd64.tar.gz
+    - tar -xzf infracost-linux-amd64.tar.gz
+    - chmod +x infracost-linux-amd64
+    - mv infracost-linux-amd64 /usr/local/bin/infracost
+    - infracost --version
+    - export INFRACOST_API_KEY=$INFRACOST_API_KEY
+    #infracost test
+
+    - infracost breakdown --path .
+    - infracost breakdown --path . > infracost_results.txt
+    - cost_with_unit=$(awk '/OVERALL TOTAL/ {print $NF}' infracost_results.txt)
+    - echo $cost_with_unit
+    - cost="${cost_with_unit#$}"
+    - echo $cost
+    - budget="$${BUDGET}"
+    - |      
+      budget="$BUDGET"  # Retrieve the budget from the CI/CD settings
+
+      # Perform a floating-point comparison using bc
+      if [ "$(echo "$cost >= $budget" | bc -l)" -eq 1 ]; then
+        difference=$(echo "$cost - $budget" | bc -l)
+        echo "Cost exceeds budget by $difference"
+        # Cancel deployment
+        exit 1
+      else
+        echo "Cost is within the budget"
+      fi
+  artifacts:
+    paths:
+      - infracost_results.txt
+  rules:
+    - needs:
+      - Tfsec
+  allow_failure: true
+
+#n
+
+Deploy:
+  stage: deploy
+  script:
+    - echo "Deploying the model...This is a fake deploy in case of all test valid"
+    - echo "Model successfully deployed."
+
+
+
+# Replaced placeholders in s-part.yml and appended to generated_gitlabci.yml
+# Replaced placeholders in i-part.yml and appended to generated_gitlabci.yml