├── .gitignore ├── assets └── PipelinePreview.png ├── deployment ├── pages.yaml └── deployer.yaml ├── linter ├── yaml.yaml ├── php7.1.yaml ├── php7.2.yaml ├── php7.3.yaml ├── php7.4.yaml ├── php8.0.yaml ├── php8.1.yaml ├── php8.2.yaml ├── php8.3.yaml ├── xml.yaml ├── json.yaml └── markdown_spellcheck.yaml ├── misc └── awesome-bot.yaml ├── tests ├── smoke.yaml ├── sitespeed.yaml ├── security_sensiolab.yaml └── security_zap_baseline.yaml ├── laravel ├── phpcs.yaml └── phpmd.yaml ├── static ├── phpmetrics.yaml ├── phpcpd.yaml ├── phpmd.yaml └── pdepend.yaml ├── preperation └── composer.yml ├── architecture └── deptrac.yaml ├── magento2 ├── integrity-checker.yml └── phpcs.yaml ├── post-deployment └── sentry.yml ├── LICENSE └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | .idea 3 | -------------------------------------------------------------------------------- /assets/PipelinePreview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/run-as-root/gitlab-pipeline-templates/HEAD/assets/PipelinePreview.png -------------------------------------------------------------------------------- /deployment/pages.yaml: -------------------------------------------------------------------------------- 1 | pages: 2 | stage: pages 3 | allow_failure: true 4 | script: 5 | - | 6 | [[ -d reports ]] && mv reports public/ 7 | - cp -R build/pages/* public 8 | artifacts: 9 | paths: 10 | - public 11 | expire_in: 7 days 12 | -------------------------------------------------------------------------------- /linter/yaml.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | LINT_DIRS_YAML: "src app/code" # Separate multiple dirs with spaces 3 | 4 | 'Yaml Linting': 5 | stage: '🌈 - Linting' 6 | allow_failure: true 7 | before_script: [] 8 | needs: [] 9 | image: sdesbure/yamllint 10 | script: 11 | - for dir in $LINT_DIRS_YAML; do yamllint $LINT_DIRS_YAML $dir; done; 12 | -------------------------------------------------------------------------------- /misc/awesome-bot.yaml: -------------------------------------------------------------------------------- 1 | 'Awesome Bot': 2 | stage: test 3 | allow_failure: false 4 | image: ruby:alpine 5 | before_script: [] 6 | only: 7 | changes: 8 | - "*.md" 9 | - "**/*.md" 10 | script: 11 | - gem install awesome_bot --no-format-exec 12 | - awesome_bot --files README.md --allow-dupe --skip-save-results --allow-redirect 13 | -------------------------------------------------------------------------------- /tests/smoke.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | CIGAR_JSON: .cigar.json 3 | SMOKE_TEST_BASE_URL: "https://example.com/override-me" 4 | 5 | 'Smoke Test': 6 | stage: post-deploy 7 | before_script: [] 8 | image: 9 | name: brunty/cigar:1.12.3 10 | entrypoint: [""] 11 | script: 12 | - if [ -f $CIGAR_JSON ]; then cigar -u $SMOKE_TEST_BASE_URL -c $CIGAR_JSON; fi 13 | -------------------------------------------------------------------------------- /tests/sitespeed.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | SITESPEED_URL: https://example.com/override-me 3 | 4 | 'Sitespeed': 5 | stage: post-deploy 6 | image: 7 | name: sitespeedio/sitespeed.io:10.3.2 8 | entrypoint: [""] 9 | before_script: [] 10 | script: 11 | - /start.sh $SITESPEED_URL 12 | artifacts: 13 | paths: 14 | - reports 15 | expire_in: 7 days 16 | -------------------------------------------------------------------------------- /linter/php7.1.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | LINT_DIRS_PHP: "app/code src" # Separate multiple dirs with spaces 3 | 4 | 'PHP 7.1 Linting': 5 | stage: '🌈 - Linting' 6 | image: php:7.1 7 | before_script: [] 8 | needs: [] 9 | allow_failure: false 10 | script: 11 | - sh -c 'if find ${LINT_DIRS_PHP} -name "*.php" -exec php -l {} 2>&1 \; | grep -v "^No syntax errors detected"; then exit 1; fi' 12 | -------------------------------------------------------------------------------- /linter/php7.2.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | LINT_DIRS_PHP: "app/code src" # Separate multiple dirs with spaces 3 | 4 | 'PHP 7.2 Linting': 5 | stage: '🌈 - Linting' 6 | image: php:7.2 7 | before_script: [] 8 | needs: [] 9 | allow_failure: false 10 | script: 11 | - sh -c 'if find ${LINT_DIRS_PHP} -name "*.php" -exec php -l {} 2>&1 \; | grep -v "^No syntax errors detected"; then exit 1; fi' 12 | -------------------------------------------------------------------------------- /linter/php7.3.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | LINT_DIRS_PHP: "app/code src" # Separate multiple dirs with spaces 3 | 4 | 'PHP 7.3 Linting': 5 | stage: '🌈 - Linting' 6 | image: php:7.3 7 | before_script: [] 8 | needs: [] 9 | allow_failure: false 10 | script: 11 | - sh -c 'if find ${LINT_DIRS_PHP} -name "*.php" -exec php -l {} 2>&1 \; | grep -v "^No syntax errors detected"; then exit 1; fi' 12 | -------------------------------------------------------------------------------- /linter/php7.4.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | LINT_DIRS_PHP: "app/code src" # Separate multiple dirs with spaces 3 | 4 | 'PHP 7.4 Linting': 5 | stage: '🌈 - Linting' 6 | image: php:7.4 7 | before_script: [] 8 | needs: [] 9 | allow_failure: false 10 | script: 11 | - sh -c 'if find ${LINT_DIRS_PHP} -name "*.php" -exec php -l {} 2>&1 \; | grep -v "^No syntax errors detected"; then exit 1; fi' 12 | -------------------------------------------------------------------------------- /linter/php8.0.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | LINT_DIRS_PHP: "app/code src" # Separate multiple dirs with spaces 3 | 4 | 'PHP 8.0 Linting': 5 | stage: '🌈 - Linting' 6 | image: php:8.0-cli 7 | before_script: [] 8 | needs: [] 9 | allow_failure: false 10 | script: 11 | - sh -c 'if find ${LINT_DIRS_PHP} -name "*.php" -exec php -l {} 2>&1 \; | grep -v "^No syntax errors detected"; then exit 1; fi' 12 | -------------------------------------------------------------------------------- /linter/php8.1.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | LINT_DIRS_PHP: "app/code src" # Separate multiple dirs with spaces 3 | 4 | 'PHP 8.1 Linting': 5 | stage: '🌈 - Linting' 6 | image: php:8.1-cli 7 | before_script: [] 8 | needs: [] 9 | allow_failure: false 10 | script: 11 | - sh -c 'if find ${LINT_DIRS_PHP} -name "*.php" -exec php -l {} 2>&1 \; | grep -v "^No syntax errors detected"; then exit 1; fi' 12 | -------------------------------------------------------------------------------- /linter/php8.2.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | LINT_DIRS_PHP: "app/code src" # Separate multiple dirs with spaces 3 | 4 | 'PHP 8.2 Linting': 5 | stage: '🌈 - Linting' 6 | image: php:8.2-cli 7 | before_script: [] 8 | needs: [] 9 | allow_failure: false 10 | script: 11 | - sh -c 'if find ${LINT_DIRS_PHP} -name "*.php" -exec php -l {} 2>&1 \; | grep -v "^No syntax errors detected"; then exit 1; fi' 12 | -------------------------------------------------------------------------------- /linter/php8.3.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | LINT_DIRS_PHP: "app/code src" # Separate multiple dirs with spaces 3 | 4 | 'PHP 8.3 Linting': 5 | stage: '🌈 - Linting' 6 | image: php:8.3-cli 7 | before_script: [] 8 | needs: [] 9 | allow_failure: false 10 | script: 11 | - sh -c 'if find ${LINT_DIRS_PHP} -name "*.php" -exec php -l {} 2>&1 \; | grep -v "^No syntax errors detected"; then exit 1; fi' 12 | -------------------------------------------------------------------------------- /linter/xml.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | LINT_DIRS_XML: "app/code src" # Separate multiple dirs with spaces 3 | 4 | 'XML Linting': 5 | stage: '🌈 - Linting' 6 | allow_failure: true 7 | image: composer 8 | needs: [] 9 | before_script: [] 10 | script: 11 | - composer create-project sclable/xml-lint /tmp/xml-lint 12 | - for dir in $LINT_DIRS_XML; do php /tmp/xml-lint/bin/xmllint --skip-xsd $dir; done; 13 | -------------------------------------------------------------------------------- /linter/json.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | LINT_DIRS_JSON: "app/code src" # Separate multiple dirs with spaces 3 | 4 | 'Json Linting': 5 | stage: '🌈 - Linting' 6 | allow_failure: true 7 | image: pipelinecomponents/jsonlint 8 | before_script: [] 9 | needs: [] 10 | script: 11 | - | 12 | find $LINT_DIRS_JSON -not -path './.git/*' -name '*.json' -type f -print0 | 13 | parallel --will-cite -k -0 -n1 jsonlint -q 14 | -------------------------------------------------------------------------------- /linter/markdown_spellcheck.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | LINT_DIRS_MARKDOWN: "app/code src" # Separate multiple dirs with spaces 3 | 4 | 'Spellcheck the docs': 5 | stage: '🌈 - Linting' 6 | allow_failure: true 7 | image: node:9.11.1 8 | before_script: [] 9 | needs: [] 10 | cache: 11 | paths: 12 | - node_modules/ 13 | script: 14 | - npm i markdown-spellcheck -g 15 | - mdspell --en-us --ignore-acronyms --ignore-numbers --report "$LINT_DIRS_MARKDOWN/**/*.md" 16 | 17 | -------------------------------------------------------------------------------- /laravel/phpcs.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | LINT_PHPCS_DIRS: "app/code src" # Separate multiple dirs with spaces 3 | PHPCS_RULESET: "" 4 | 5 | 'Codestyle': 6 | stage: static 7 | image: composer 8 | before_script: [] 9 | script: 10 | - composer create-project slevomat/coding-standard /tmp/cs 11 | - mkdir -p reports/phpcs 12 | - php /tmp/cs/bin/phpcs --standard=${PHPCS_RULESET} --report=full --report=reports/phpcs/ --no-cache $LINT_PHPCS_DIRS 13 | artifacts: 14 | paths: 15 | - reports 16 | expire_in: 30m 17 | -------------------------------------------------------------------------------- /deployment/deployer.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | DEPLOYER_CONFIG: 'deployment/deploy.php' 3 | DEPLOY_STAGE: 'staging' 4 | PRIVATE_SSH_DEPLOYMENT_KEY: '' 5 | 6 | 'Deplyoer': 7 | stage: '🚀 - Deployment' 8 | image: deployphp/deployer:7 9 | before_script: 10 | - mkdir -p ~/.ssh 11 | - eval $(ssh-agent -s) 12 | - echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts 13 | - chmod 644 ~/.ssh/known_hosts 14 | - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null 15 | script: 16 | - dep deploy --file ${DEPLOYER_CONFIG} --branch=$CI_COMMIT_REF_NAME $DEPLOY_STAGE 17 | -------------------------------------------------------------------------------- /static/phpmetrics.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | LINT_DIRS: "app/code src" # Separate multiple dirs with spaces 3 | 4 | 'PHP Metrics': 5 | stage: static 6 | allow_failure: false 7 | image: composer 8 | before_script: [] 9 | needs: [] 10 | only: 11 | changes: 12 | - "*.php" 13 | - "**/*.php" 14 | script: 15 | - composer create-project phpmetrics/phpmetrics /tmp/phpmetrics 16 | - mkdir -p reports/phpmetrics 17 | - php /tmp/phpmetrics/bin/phpmetrics --report-html=reports/phpmetrics $LINT_DIRS 18 | artifacts: 19 | paths: 20 | - reports 21 | expire_in: 30m 22 | -------------------------------------------------------------------------------- /static/phpcpd.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | LINT_DIRS: "app/code src" # Separate multiple dirs with spaces 3 | 4 | 'Copy/Paste Detection': 5 | stage: static 6 | image: composer 7 | allow_failure: true 8 | before_script: [] 9 | needs: [] 10 | only: 11 | changes: 12 | - "*.php" 13 | - "**/*.php" 14 | script: 15 | - composer create-project sebastian/phpcpd /tmp/phpcpd 16 | - mkdir -p reports/phpcpd 17 | - php /tmp/phpcpd/phpcpd --regexps-exclude="#.*Test.*#" --log-pmd=reports/phpcpd/phpcpd.xml $LINT_DIRS 18 | artifacts: 19 | paths: 20 | - reports 21 | expire_in: 30m 22 | -------------------------------------------------------------------------------- /preperation/composer.yml: -------------------------------------------------------------------------------- 1 | # This stage sets up composer's cache and installs the project once. 2 | 3 | variables: 4 | COMPOSER_CACHE_DIR: $CI_PROJECT_DIR/.composer 5 | COMPOSER_BIN: 'composer2' 6 | 7 | .composer_cache: 8 | cache: 9 | key: ${CI_PROJECT_ID} 10 | paths: 11 | - .composer 12 | 13 | .composer_cache_pull: 14 | cache: 15 | policy: pull 16 | key: ${CI_PROJECT_ID} 17 | paths: 18 | - .composer 19 | 20 | '📦 - Preparation': 21 | stage: '📦 - Preparation' 22 | extends: .composer_cache 23 | script: 24 | - $COMPOSER_BIN --version 25 | - $COMPOSER_BIN install --prefer-dist 26 | -------------------------------------------------------------------------------- /static/phpmd.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | LINT_PHPMD_DIRS: "src app/code" # Separate multiple dirs with spaces 3 | PHPMD_RULESET: "phpmd-ruleset.xml" # Path to the PHPMD Ruleset 4 | 5 | 'Mess Detection': 6 | stage: static 7 | image: composer 8 | needs: [] 9 | before_script: [] 10 | script: 11 | - composer create-project phpmd/phpmd /tmp/phpmd 12 | - mkdir -p reports/phpmd 13 | - for dir in $LINT_PHPMD_DIRS; do mkdir -p reports/phpmd/$dir; done; 14 | - for dir in $LINT_PHPMD_DIRS; do php /tmp/phpmd/src/bin/phpmd $dir text $PHPMD_RULESET; done; 15 | artifacts: 16 | paths: 17 | - reports 18 | expire_in: 30m 19 | -------------------------------------------------------------------------------- /architecture/deptrac.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | LINT_DIRS: "app/code src" # Separate multiple dirs with spaces 3 | 4 | 'DepTrac': 5 | stage: '🏰 - Static Tests' 6 | image: composer 7 | before_script: [] 8 | only: 9 | changes: 10 | - "*.php" 11 | - "**/*.php" 12 | allow_failure: true 13 | script: 14 | - composer create-project qossmic/deptrac-shim /tmp/deptrac 15 | - mkdir -p reports 16 | - for dir in $LINT_DIRS; do mkdir -p reports/deptrac/${dir}; done; 17 | - for dir in $LINT_DIRS; do php /tmp/deptrac/deptrac analyse $dir; done; 18 | artifacts: 19 | paths: 20 | - reports 21 | expire_in: 30m 22 | -------------------------------------------------------------------------------- /magento2/integrity-checker.yml: -------------------------------------------------------------------------------- 1 | variables: 2 | INTEGRITY_CHECKER_DIR: "/tmp/integrity-checker" 3 | INTEGRITY_CHECKER_BIN: "${INTEGRITY_CHECKER_DIR}/bin/dependencies" 4 | MAGENTO_DIR: "." 5 | INTEGRITY_CHECKER_DIR_TO_ANALYZE: "app/code/*" 6 | 7 | '🧙‍ - Integrity Check': 8 | stage: '🏰 - Static Tests' 9 | image: composer 10 | allow_failure: false 11 | script: 12 | - git fetch -vp # fetch branch refs so changed files can be compiled 13 | - composer create-project run_as_root/integrity-checker ${INTEGRITY_CHECKER_DIR} --stability=dev --remove-vcs 14 | - $INTEGRITY_CHECKER_BIN $MAGENTO_DIR $INTEGRITY_CHECKER_DIR_TO_ANALYZE 15 | artifacts: 16 | expire_in: 30m 17 | -------------------------------------------------------------------------------- /tests/security_sensiolab.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | PRODUCTION_URL: 'https://example.com/override-me' 3 | 4 | 'Security Advisories': 5 | stage: static 6 | allow_failure: false 7 | dependencies: [] 8 | before_script: [] 9 | image: php:7.3 10 | only: 11 | refs: 12 | - master 13 | changes: 14 | - composer.lock 15 | - composer.json 16 | script: 17 | - mkdir -p reports 18 | - curl -O https://get.sensiolabs.org/security-checker.phar 19 | - php security-checker.phar security:check composer.lock | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" | tee reports/security_advisories.txt 20 | artifacts: 21 | paths: 22 | - reports 23 | expire_in: 30m 24 | -------------------------------------------------------------------------------- /laravel/phpmd.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | LINT_DIRS: "app/code src" # Separate multiple dirs with spaces 3 | 4 | 'Mess Detection': 5 | stage: static 6 | image: composer 7 | before_script: [] 8 | only: 9 | changes: 10 | - "*.php" 11 | - "**/*.php" 12 | allow_failure: true 13 | script: 14 | - composer create-project phpmd/phpmd /tmp/phpmd 15 | - mkdir -p reports 16 | - for dir in $LINT_DIRS; do mkdir -p reports/phpmd/${dir}; done; 17 | - for dir in $LINT_DIRS; do php /tmp/phpmd/src/bin/phpmd $dir html cleancode,codesize,design,unusedcode --reportfile reports/${dir}/phpmd-report.html --ignore-violations-on-exit; done; 18 | artifacts: 19 | paths: 20 | - reports 21 | expire_in: 30m 22 | -------------------------------------------------------------------------------- /magento2/phpcs.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | LINT_DIRS: "app/code src" # Separate multiple dirs with spaces 3 | 4 | 'Codestyle': 5 | stage: static 6 | image: composer 7 | allow_failure: true 8 | before_script: [] 9 | only: 10 | changes: 11 | - "*.php" 12 | - "**/*.php" 13 | script: 14 | - composer create-project magento/magento-coding-standard /tmp/meqp2 15 | - mkdir -p reports 16 | - for dir in $LINT_DIRS; do mkdir -p reports/phpcs/$dir; done; 17 | - for dir in $LINT_DIRS; do php /tmp/meqp2/vendor/bin/phpcs $dir --standard=Magento2 --severity=10 --extensions=php,phtml --report=full --report-file=reports/phpcs/${dir}/phpcs-report.log; done; 18 | artifacts: 19 | paths: 20 | - reports 21 | expire_in: 30m 22 | -------------------------------------------------------------------------------- /static/pdepend.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | LINT_DIRS: "src app/code" # Separate multiple dirs with spaces 3 | 4 | 'Dependency Analyzer': 5 | stage: static 6 | image: composer 7 | allow_failure: true 8 | before_script: [] 9 | needs: [] 10 | only: 11 | changes: 12 | - "*.php" 13 | - "**/*.php" 14 | script: 15 | - composer create-project pdepend/pdepend /tmp/pdepend 16 | - mkdir -p reports/pdepend 17 | - for dir in $LINT_DIRS; do mkdir -p reports/pdepend/$dir; done; 18 | - for dir in $LINT_DIRS; do php /tmp/pdepend/src/bin/pdepend.php --overview-pyramid=reports/pdepend/${dir}/overview-pyramid.svg --jdepend-chart=reports/pdepend/${dir}/jdepend-chart.svg $dir; done; 19 | artifacts: 20 | paths: 21 | - reports 22 | expire_in: 30m 23 | -------------------------------------------------------------------------------- /post-deployment/sentry.yml: -------------------------------------------------------------------------------- 1 | variables: 2 | SENTRY_ORG: 'sentry_org_example' 3 | SENTRY_PROJECT: 'sentry_project_example' 4 | SENTRY_AUTH_TOKEN: 'sentry_auth_token_example' 5 | 6 | '👁 - Sentry Release': 7 | image: getsentry/sentry-cli:latest 8 | stage: '☕️ - Post Deployment' 9 | before_script: 10 | # install & start ssh-agent 11 | - which ssh-agent || ( apk --update add openssh-client ) 12 | - eval $(ssh-agent -s) 13 | # add ssh-key to ssh-agent 14 | - echo "$CI_GIT_PUSH_TOKEN" | base64 -d | ssh-add - > /dev/null 15 | script: 16 | - apk add git 17 | - git fetch -vp # fetch branch refs so changed files can be compiled 18 | - sentry-cli releases new --finalize $CI_COMMIT_TAG 19 | - sentry-cli releases set-commits $CI_COMMIT_TAG --auto 20 | - sentry-cli releases deploys $CI_COMMIT_TAG new --env production 21 | only: 22 | - tags 23 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 run_as_root 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /tests/security_zap_baseline.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | PRODUCTION_URL: "https://example.com/override-me" 3 | 4 | 'OWASP ZAP Baseline': 5 | stage: post-deploy 6 | before_script: [] 7 | image: 8 | name: owasp/zap2docker-weekly 9 | entrypoint: [""] 10 | script: 11 | - | 12 | cat > zap.conf << EOF 13 | 10010 IGNORE (Cookie No HttpOnly Flag) 14 | 10011 IGNORE (Cookie Without Secure Flag) 15 | 10012 IGNORE (Password Autocomplete in Browser) 16 | 10015 IGNORE (Incomplete or No Cache-control and Pragma HTTP Header Set) 17 | 10016 FAIL (Web Browser XSS Protection Not Enabled) 18 | 10017 IGNORE (Cross-Domain JavaScript Source File Inclusion) 19 | 10019 FAIL (Content-Type Header Missing) 20 | 10020 FAIL (X-Frame-Options Header Scanner) 21 | 10021 IGNORE (X-Content-Type-Options Header Missing) 22 | 10023 FAIL (Information Disclosure - Debug Error Messages) 23 | 10024 FAIL (Information Disclosure - Sensitive Informations in URL) 24 | 10025 FAIL (Information Disclosure - Sensitive Information in HTTP Referrer Header) 25 | 10026 FAIL (HTTP Parameter Override) 26 | 10027 FAIL (Information Disclosure - Suspicious Comments) 27 | 10032 FAIL (Viewstate Scanner) 28 | 10040 FAIL (Secure Pages Include Mixed Content) 29 | 10054 IGNORE (Cookie Without SameSite Attribute) 30 | 10105 FAIL (Weak Authentication Method) 31 | 10202 IGNORE (Absence of Anti-CSRF Tokens) 32 | 2 FAIL (Private IP Disclosure) 33 | 3 FAIL (Session ID in URL Rewrite) 34 | 50001 FAIL (Script Passive Scan Rules) 35 | 90001 FAIL (Insecure JSF ViewState) 36 | 90011 FAIL (Charset Mismatch) 37 | 90022 FAIL (Application Error Disclosure) 38 | 90030 FAIL (WSDL File Passive Scanner) 39 | 90033 FAIL (Loosely Scoped Cookie) 40 | EOF 41 | - zap-baseline.py -I -t $PRODUCTION_URL -u file://$(pwd)/zap.conf 42 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Gitlab Pipeline Templates 2 | 3 | This Repository is a collection of useful reusable GitLab-Ci Step-Templates. No need to add the same CI-Steps into your 4 | projects over and over again. Simply use the 5 | [GitLab Include Feature](https://docs.gitlab.com/ee/ci/yaml/README.html#include) and the steps that you think are 6 | necessary for your specific project. 7 | 8 | ## Default Stages 9 | 10 | Unfortunately, GitLab requires adding stages manually to the `.gitlab-ci.yaml`. This means, that it is not possible to 11 | use a pipeline step without having the stage specified. We provide a set of pre-defined stages that you might want to 12 | use as well. 13 | 14 | - 📦 - Preparation 15 | - 🌈 - Linting 16 | - 🏰 - Static Tests 17 | - 🏛 - Architecture 18 | - 🦄 - Automated Testing 19 | - 📄 - Documentation 20 | - 🧱 - Pre Deployment 21 | - 🚀 - Deployment 22 | - ☕️ - Post Deployment 23 | 24 | ### 📦 - Preparation 25 | 26 | The preparation stage runs at the beginning and usually takes care of tasks that have to be done in all steps. We use 27 | this to cache composer, install a project, seed a database or similar things. 28 | 29 | The following steps are included in this stage. 30 | 31 | - [Composer Setup](/preperation/composer.yml) - setting up a composer cache and perform a composer install 32 | 33 | ### 🌈 - Linting 34 | 35 | we try to follow the aspect of **Fail fast, fail loud**. Linters are usually the fastest CI steps as there is no logic 36 | included but simple syntax checks. Linting Steps can be `failable` and should only run when the specific file type was 37 | changed in the last commit or when the previous built failed. 38 | 39 | The following linters are provisioned already: 40 | 41 | - [JSON](/linter/json.yaml) - Performs Syntax Checks of the file type `.json`. 42 | - [Markdown Spellcheck](/linter/markdown_spellcheck.yaml) - Performs Syntax Checks of the file type `.md`. 43 | - [XML](/linter/xml.yaml) - Performs Syntax Checks of the file type `.xml`. 44 | - [YAML](/linter/yaml.yaml) - Performs Syntax Checks of the file type `.yaml`. 45 | - [PHP 7.1](/linter/php7.1.yaml) - Performs Syntax Checks of the file type `.php`. 46 | - [PHP 7.2](/linter/php7.2.yaml) - Performs Syntax Checks of the file type `.php`. 47 | - [PHP 7.3](/linter/php7.3.yaml) - Performs Syntax Checks of the file type `.php`. 48 | - [PHP 7.4](/linter/php7.4.yaml) - Performs Syntax Checks of the file type `.php`. 49 | - [PHP 8.0](/linter/php8.0.yaml) - Performs Syntax Checks of the file type `.php`. 50 | - [PHP 8.1](/linter/php8.1.yaml) - Performs Syntax Checks of the file type `.php`. 51 | - [PHP 8.2](/linter/php8.2.yaml) - Performs Syntax Checks of the file type `.php`. 52 | - [PHP 8.3](/linter/php8.3.yaml) - Performs Syntax Checks of the file type `.php`. 53 | 54 | ### 🏰 - Static Tests 55 | 56 | Static tests run against a given codebase without booting the application itself. Static tests only check the source 57 | code, try to find issues in it and report them. No application code is executed in this stage. 58 | 59 | Depending on the tests that you want to run, static tests can be very fast or very slow/heavy in their execution. If 60 | pipeline minutes are capped, you should try to add only the ones that are the most effective for you. 61 | 62 | - [PDepend](/static/pdepend.yaml) 63 | - [PHP Copy/Paste Detector](/static/phpcpd.yaml) 64 | - [PHP Mess Detector](/static/phpmd.yaml) 65 | 66 | ### 🏛 - Architecture 67 | 68 | The Architecture stage is meant to be a stage where static tests can happen, but with a different focus. Where tools as 69 | `phpmd` or `phpstan` check the content of given files, there are also static tool that work on a different level. 70 | `deptrac` for example checks how classes interact with each other and validates a given ruleset to block certain 71 | interactions. If, for example, you don't want to send E-Mails from your Controller, then `deptrac` can prevent such code 72 | whereas `phpmd` couldn't care less. Think of this stage as a `We want to built software this way` stage. 73 | 74 | - [PHP Metrics](/static/phpmetrics.yaml) - `PHP Metrics` collects a bunch of KPIs and presents them in a nice HTML UI. 75 | - [deptrac](/architecture/deptrac.yaml) - `deptrac` validates your software architecture against a given ruleset. 76 | 77 | ### 🦄 - Automated Testing 78 | 79 | This stage is where the magic happens. In here, your actual application should be tested. There are different types of 80 | automated tests. Unit- and Integration-Tests are the popular ones. We can also have Frontend Tests, A/B Tests, 81 | Screenshot Tests and so on. This is the stage, where the application under test is running and can be tested against. 82 | 83 | There are pre-built templates for the following test scenarios: 84 | 85 | - [Unit Tests]() - Runs `PHP Unit` against a given ruleset. 86 | - [Integration Tests]() - Runs `PHP Unit` against a given ruleset. _Usually, this ruleset differs from the Unit-Test one._ 87 | 88 | ### 📄 - Documentation 89 | 90 | Many project lack when it comes to documentation. If documentation is part of your codebase, developers usually have a 91 | better time actually writing it. This stage is meant for two things. Firstly, render given files into a documentation 92 | and secondly checking the content of given files. 93 | 94 | ### 🧱 - Pre Deployment 95 | 96 | Deployments can be complex and might involve manual tasks to execute before the code actually gets pushed to the server. 97 | Maybe you want to pre-build/compile/transpile the whole codebase and push an artefact. Maybe you want to do a database 98 | backup beforehand. All these things belong in this stage. 99 | 100 | ### 🚀 - Deployment 101 | 102 | The Deployment stage is meant for a single or multiple deployment steps. Upload code to your server, restart specific 103 | services or clear a CDNs cache. 104 | 105 | ### ☕️ - Post Deployment 106 | 107 | After a Deployment is done, there are often cases where you want to test something again the deployed system. Perform a 108 | security test, generate the latest Sitespeed data, fire some smoke tests or inform other systems that a new version is 109 | available. 110 | 111 | ![Pipeline Preview](/assets/PipelinePreview.png) 112 | 113 | ## Adding a Step to your GitLab Pipeline 114 | 115 | Use the following snippet to add xml linting to your project: 116 | 117 | ```yaml 118 | stages: 119 | - lint 120 | 121 | include: 122 | - remote: 'https://raw.githubusercontent.com/run-as-root/gitlab-pipeline-templates/master/linter/xml.yaml' 123 | ``` 124 | 125 | ## Configure a Step 126 | 127 | Initially the steps were created for Laravel and Magento 2 Projects, so most of the default values in the `VARIABLES` are preconfigured for either Laravel or Magento 2. 128 | It will be necessary for some cases to configure the step with variables. 129 | 130 | The following example shows how you can configure the Smoke Test made with [Cigar](https://github.com/Brunty/cigar): 131 | 132 | ```yaml 133 | variables: 134 | SMOKE_TEST_BASE_URL: "https://example.com/overwritten" 135 | 136 | stages: 137 | - post-deploy 138 | 139 | include: 140 | - remote: 'https://raw.githubusercontent.com/run-as-root/gitlab-pipeline-templates/master/test/smoke.yaml' 141 | ``` 142 | 143 | ## Step Overview 144 | 145 | All the steps that are included in this repository are supposed to be plug and play steps, so no additional config should be required. Of course, some checks do more than you might want. If so, you can configure them via environment variables. 146 | 147 | ### Magento 2 Integrity Checker 148 | 149 | This step is a static test to find all missing dependency declarations in the `composer.json` and `module.xml` files of your code. 150 | 151 | ```yaml 152 | include: 153 | - remote: 'https://raw.githubusercontent.com/run-as-root/gitlab-pipeline-templates/master/magento2/integrity-checker.yml' 154 | ``` 155 | 156 | ### Deployment Sentry Release 157 | 158 | This step is a deployment step that creates release and deployment in Sentry service and sends release's commits information. 159 | 160 | ```yaml 161 | include: 162 | - remote: 'https://raw.githubusercontent.com/run-as-root/gitlab-pipeline-templates/master/deployment/sentry.yml' 163 | ``` 164 | 165 | --------------------------------------------------------------------------------