Skip to content
Snippets Groups Projects
Commit 5e06f436 authored by Hiba AWAD's avatar Hiba AWAD
Browse files

Update GitLab CI configuration and add the terraform file

parent 027fc10d
No related branches found
No related tags found
No related merge requests found
stages:
- build
- test
- deploy
Build:
stage: build
services:
- docker:dind
image: docker:stable
script:
######Commented just for testing########
#- docker build -t test_docker .
#- docker run test_docker
##############################################
- echo "The file is already in the project"
#l
Tfsec:
stage: test
environment:
name: Security
script:
- echo "Running security tests..."
- wget https://github.com/aquasecurity/trivy/releases/download/v0.46.1/trivy_0.46.1_Linux-64bit.tar.gz
- tar zxvf trivy_0.46.1_Linux-64bit.tar.gz
- mv trivy /usr/local/bin/trivy
- chmod +x /usr/local/bin/trivy
- trivy --version
- trivy config ./terraform/aws.tf > trivy_report.txt
- |
LOW_FAILURES=$(awk '/LOW: [0-9]+/ {print $NF}' trivy_report.txt)
MEDIUM_FAILURES=$(awk '/MEDIUM: [0-9]+/ {print $NF}' trivy_report.txt)
HIGH_FAILURES=$(awk '/HIGH: [0-9]+/ {print $NF}' trivy_report.txt)
CRITICAL_FAILURES=$(grep -o 'CRITICAL: [0-9]*' trivy_report.txt | cut -d ' ' -f 2 | grep -v '^$')
echo "Number of critical failures: $CRITICAL_FAILURES"
if [ "$LOW_FAILURES" -gt $low ] || [ "$MEDIUM_FAILURES" -gt $med ] || [ "$HIGH_FAILURES" -gt $high ] || [ "$CRITICAL_FAILURES" -gt $critical ]; then
echo "The failures conditions are not met."
trivy config ./terraform/aws.tf
exit 1
else
echo "All conditions are within limits"
fi
artifacts:
paths:
- trivy_report.txt
rules:
- needs:
- Build
allow_failure: true
Infracost:
stage: test
environment:
name: Cost
script:
- echo "Cost estimation..."
#Infracost installation
- wget https://github.com/infracost/infracost/releases/latest/download/infracost-linux-amd64.tar.gz
- tar -xzf infracost-linux-amd64.tar.gz
- chmod +x infracost-linux-amd64
- mv infracost-linux-amd64 /usr/local/bin/infracost
- infracost --version
- export INFRACOST_API_KEY=$INFRACOST_API_KEY
#infracost test
- infracost breakdown --path .
- infracost breakdown --path . > infracost_results.txt
- cost_with_unit=$(awk '/OVERALL TOTAL/ {print $NF}' infracost_results.txt)
- echo $cost_with_unit
- cost="${cost_with_unit#$}"
- echo $cost
- budget="$${BUDGET}"
- |
budget="$BUDGET" # Retrieve the budget from the CI/CD settings
# Perform a floating-point comparison using bc
if [ "$(echo "$cost >= $budget" | bc -l)" -eq 1 ]; then
difference=$(echo "$cost - $budget" | bc -l)
echo "Cost exceeds budget by $difference"
# Cancel deployment
exit 1
else
echo "Cost is within the budget"
fi
artifacts:
paths:
- infracost_results.txt
rules:
- needs:
- Tfsec
allow_failure: true
#n
Deploy:
stage: deploy
script:
- echo "Deploying the model...This is a fake deploy in case of all test valid"
- echo "Model successfully deployed."
# Replaced placeholders in s-part.yml and appended to generated_gitlabci.yml
# Replaced placeholders in i-part.yml and appended to generated_gitlabci.yml
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment