From dc54644facb09c6facb8f61de6adeb3a535900c6 Mon Sep 17 00:00:00 2001 From: amirdamirov <36473660+amirdamirov@users.noreply.github.com> Date: Thu, 10 Feb 2022 14:29:20 +0300 Subject: [PATCH 01/12] Add .circleci/config.yml --- .circleci/config.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 .circleci/config.yml diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 0000000..37edaac --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,21 @@ +# This config is equivalent to both the '.circleci/extended/orb-free.yml' and the base '.circleci/config.yml' +version: 2.1 + +# Orbs are reusable packages of CircleCI configuration that you may share across projects, enabling you to create encapsulated, parameterized commands, jobs, and executors that can be used across multiple projects. +# See: https://circleci.com/docs/2.0/orb-intro/ +orbs: + node: circleci/node@4.7 + +# Invoke jobs via workflows +# See: https://circleci.com/docs/2.0/configuration-reference/#workflows +workflows: + sample: # This is the name of the workflow, feel free to change it to better match your workflow. + # Inside the workflow, you define the jobs you want to run. + jobs: + - node/test: + # This is the node version to use for the `cimg/node` tag + # Relevant tags can be found on the CircleCI Developer Hub + # https://circleci.com/developer/images/image/cimg/node + version: '16.10' + # If you are using yarn, change the line below from "npm" to "yarn" + pkg-manager: npm From ff5e44244f2f1091b161cc2890c0b9864c09987f Mon Sep 17 00:00:00 2001 From: amirdamirov <36473660+amirdamirov@users.noreply.github.com> Date: Thu, 10 Feb 2022 14:34:44 +0300 Subject: [PATCH 02/12] Updated config.yml --- .circleci/config.yml | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 37edaac..683e6d4 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,21 +1,23 @@ -# This config is equivalent to both the '.circleci/extended/orb-free.yml' and the base '.circleci/config.yml' version: 2.1 +executors: + my-custom-executor: + docker: + - image: cimg/base:stable + auth: + # ensure you have first added these secrets + # visit app.circleci.com/settings/project/github/amirdamirov/node_test/environment-variables + username: $DOCKER_HUB_USER + password: $DOCKER_HUB_PASSWORD +jobs: + my-job-name: -# Orbs are reusable packages of CircleCI configuration that you may share across projects, enabling you to create encapsulated, parameterized commands, jobs, and executors that can be used across multiple projects. -# See: https://circleci.com/docs/2.0/orb-intro/ -orbs: - node: circleci/node@4.7 + executor: my-custom-executor + steps: + - checkout + - run: | + # echo Hello, World! -# Invoke jobs via workflows -# See: https://circleci.com/docs/2.0/configuration-reference/#workflows workflows: - sample: # This is the name of the workflow, feel free to change it to better match your workflow. - # Inside the workflow, you define the jobs you want to run. + my-custom-workflow: jobs: - - node/test: - # This is the node version to use for the `cimg/node` tag - # Relevant tags can be found on the CircleCI Developer Hub - # https://circleci.com/developer/images/image/cimg/node - version: '16.10' - # If you are using yarn, change the line below from "npm" to "yarn" - pkg-manager: npm + - my-job-name From 36a0e4aa7c91896ffcdf0df608138b68bdfc1918 Mon Sep 17 00:00:00 2001 From: amirdamirov <36473660+amirdamirov@users.noreply.github.com> Date: Thu, 10 Feb 2022 15:46:11 +0300 Subject: [PATCH 03/12] Add .circleci/config.yml --- .circleci/config.yml | 33 ++++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 683e6d4..6554e1f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,23 +1,26 @@ +# Use the latest 2.1 version of CircleCI pipeline process engine. +# See: https://circleci.com/docs/2.0/configuration-reference version: 2.1 -executors: - my-custom-executor: + +# Define a job to be invoked later in a workflow. +# See: https://circleci.com/docs/2.0/configuration-reference/#jobs +jobs: + say-hello: + # Specify the execution environment. You can specify an image from Dockerhub or use one of our Convenience Images from CircleCI's Developer Hub. + # See: https://circleci.com/docs/2.0/configuration-reference/#docker-machine-macos-windows-executor docker: - image: cimg/base:stable - auth: - # ensure you have first added these secrets - # visit app.circleci.com/settings/project/github/amirdamirov/node_test/environment-variables - username: $DOCKER_HUB_USER - password: $DOCKER_HUB_PASSWORD -jobs: - my-job-name: - - executor: my-custom-executor + # Add steps to the job + # See: https://circleci.com/docs/2.0/configuration-reference/#steps steps: - checkout - - run: | - # echo Hello, World! + - run: + name: "Say hello" + command: "echo Hello, World!" +# Invoke jobs via workflows +# See: https://circleci.com/docs/2.0/configuration-reference/#workflows workflows: - my-custom-workflow: + say-hello-workflow: jobs: - - my-job-name + - say-hello From 05f254c95f3a3e2777f981efdb2d02bdb7900830 Mon Sep 17 00:00:00 2001 From: amirdamirov <36473660+amirdamirov@users.noreply.github.com> Date: Thu, 10 Feb 2022 16:09:40 +0300 Subject: [PATCH 04/12] Updated config.yml --- .circleci/config.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 6554e1f..5af3a45 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -17,10 +17,22 @@ jobs: - run: name: "Say hello" command: "echo Hello, World!" - + say-tello: + # Specify the execution environment. You can specify an image from Dockerhub or use one of our Convenience Images from CircleCI's Developer Hub. + # See: https://circleci.com/docs/2.0/configuration-reference/#docker-machine-macos-windows-executor + docker: + - image: cimg/base:stable + # Add steps to the job + # See: https://circleci.com/docs/2.0/configuration-reference/#steps + steps: + - checkout + - run: + name: "Say hello" + command: "echo Tello, World!" # Invoke jobs via workflows # See: https://circleci.com/docs/2.0/configuration-reference/#workflows workflows: say-hello-workflow: jobs: - say-hello + - say-tello From 0ac2b8666ef098cb066075e7a553372e12c6e43a Mon Sep 17 00:00:00 2001 From: amirdamirov <36473660+amirdamirov@users.noreply.github.com> Date: Thu, 10 Feb 2022 16:12:57 +0300 Subject: [PATCH 05/12] Updated config.yml --- .circleci/config.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 5af3a45..5f63c46 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -35,4 +35,6 @@ workflows: say-hello-workflow: jobs: - say-hello - - say-tello + - say-tello: + requires: + - say-hello From 0241eaaeec90a2929e4a468b48abff53779a86dd Mon Sep 17 00:00:00 2001 From: Amir Damirov Date: Wed, 23 Feb 2022 18:22:55 +0300 Subject: [PATCH 06/12] test ecr default --- .circleci/config.yml | 20 ++++---------------- .circleci/images/Dockerfile | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 16 deletions(-) create mode 100644 .circleci/images/Dockerfile diff --git a/.circleci/config.yml b/.circleci/config.yml index 5f63c46..197ddbe 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,36 +1,24 @@ -# Use the latest 2.1 version of CircleCI pipeline process engine. -# See: https://circleci.com/docs/2.0/configuration-reference version: 2.1 -# Define a job to be invoked later in a workflow. -# See: https://circleci.com/docs/2.0/configuration-reference/#jobs jobs: say-hello: - # Specify the execution environment. You can specify an image from Dockerhub or use one of our Convenience Images from CircleCI's Developer Hub. - # See: https://circleci.com/docs/2.0/configuration-reference/#docker-machine-macos-windows-executor - docker: - - image: cimg/base:stable - # Add steps to the job - # See: https://circleci.com/docs/2.0/configuration-reference/#steps + executor: aws-ecr/default + # docker: + # - image: cimg/base:stable steps: - checkout - run: name: "Say hello" command: "echo Hello, World!" say-tello: - # Specify the execution environment. You can specify an image from Dockerhub or use one of our Convenience Images from CircleCI's Developer Hub. - # See: https://circleci.com/docs/2.0/configuration-reference/#docker-machine-macos-windows-executor docker: - image: cimg/base:stable - # Add steps to the job - # See: https://circleci.com/docs/2.0/configuration-reference/#steps steps: - checkout - run: name: "Say hello" command: "echo Tello, World!" -# Invoke jobs via workflows -# See: https://circleci.com/docs/2.0/configuration-reference/#workflows + workflows: say-hello-workflow: jobs: diff --git a/.circleci/images/Dockerfile b/.circleci/images/Dockerfile new file mode 100644 index 0000000..435a944 --- /dev/null +++ b/.circleci/images/Dockerfile @@ -0,0 +1,36 @@ +FROM node:16-alpine + +# Install packages +RUN apk update && apk add --update --no-cache \ + git \ + bash \ + curl \ + openssh \ + python3 \ + py3-pip \ + py-cryptography \ + wget \ + curl \ + tar \ + unzip \ + ca-certificates + + +RUN apk --no-cache add openjdk11 --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community +RUN cd /opt && curl -sSl http://mirror.vorboss.net/apache/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz | tar -xz +RUN apk -U add --no-cache curl; \ + curl https://downloads.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip > gradle.zip; \ + unzip gradle.zip; \ + rm gradle.zip; \ + apk del curl; \ + apk update && apk add --no-cache libstdc++ && rm -rf /var/cache/apk/* + +RUN apk --no-cache add --virtual builds-deps build-base python3 + +# Update NPM +RUN npm config set unsafe-perm true +RUN npm update -g + +# Install AWSCLI +RUN pip install --upgrade pip && \ + pip install --upgrade awscli \ No newline at end of file From 00f59a53c36f217b7f9960a2ef4dc5e430054a1e Mon Sep 17 00:00:00 2001 From: Amir Damirov Date: Wed, 23 Feb 2022 18:25:19 +0300 Subject: [PATCH 07/12] ecr orb added --- .circleci/config.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 197ddbe..031811c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,5 +1,8 @@ version: 2.1 +orbs: + aws-ecr: circleci/aws-ecr@6.1.0 + jobs: say-hello: executor: aws-ecr/default From 1677bef2ef251ef9544bedfaf467a3256a920355 Mon Sep 17 00:00:00 2001 From: Amir Damirov Date: Fri, 4 Mar 2022 13:09:47 +0300 Subject: [PATCH 08/12] test trivy --- .circleci/config.yml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 031811c..c91ca1a 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -6,13 +6,21 @@ orbs: jobs: say-hello: executor: aws-ecr/default - # docker: - # - image: cimg/base:stable steps: - checkout - run: - name: "Say hello" - command: "echo Hello, World!" + name: "Pull docker image" + command: "docker pull nginx" + - run: + name: "Scan docker image" + command: | + sudo apt-get install wget apt-transport-https gnupg lsb-release + wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add - + echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list + sudo apt-get update + sudo apt-get install trivy + mkdir /imagesecreport + sudo trivy image --no-progress --output /imagesecreport/scanning-report.txt nginx:latest say-tello: docker: - image: cimg/base:stable From 4169fa84cde3be32659bc9819545486dad6b87dd Mon Sep 17 00:00:00 2001 From: Amir Damirov Date: Fri, 4 Mar 2022 13:14:34 +0300 Subject: [PATCH 09/12] sudo added to command --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index c91ca1a..5de9a57 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -19,7 +19,7 @@ jobs: echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list sudo apt-get update sudo apt-get install trivy - mkdir /imagesecreport + sudo mkdir /imagesecreport sudo trivy image --no-progress --output /imagesecreport/scanning-report.txt nginx:latest say-tello: docker: From 84745608b93d38623c769ce688c64923d69b9cfb Mon Sep 17 00:00:00 2001 From: Amir Damirov Date: Fri, 4 Mar 2022 13:24:31 +0300 Subject: [PATCH 10/12] store artifact --- .circleci/config.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 5de9a57..5d2b05c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -21,6 +21,10 @@ jobs: sudo apt-get install trivy sudo mkdir /imagesecreport sudo trivy image --no-progress --output /imagesecreport/scanning-report.txt nginx:latest + - store_artifacts: + path: /imagesecreport + destination: scanning-report.txt + say-tello: docker: - image: cimg/base:stable From 683a0a913f1fa5518d59d2a1ea379380a279d752 Mon Sep 17 00:00:00 2001 From: Amir Damirov Date: Fri, 4 Mar 2022 13:38:35 +0300 Subject: [PATCH 11/12] remove no-progress --- .circleci/config.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 5d2b05c..071cc08 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -20,10 +20,9 @@ jobs: sudo apt-get update sudo apt-get install trivy sudo mkdir /imagesecreport - sudo trivy image --no-progress --output /imagesecreport/scanning-report.txt nginx:latest + sudo trivy image --output /imagesecreport/scanning-report.txt nginx:latest - store_artifacts: path: /imagesecreport - destination: scanning-report.txt say-tello: docker: From 089dbcb341ba23654c2ae0b43ca5aac591ebbcd8 Mon Sep 17 00:00:00 2001 From: Amir Damirov Date: Fri, 4 Mar 2022 13:43:32 +0300 Subject: [PATCH 12/12] format json --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 071cc08..c9b6f3f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -20,7 +20,7 @@ jobs: sudo apt-get update sudo apt-get install trivy sudo mkdir /imagesecreport - sudo trivy image --output /imagesecreport/scanning-report.txt nginx:latest + sudo trivy image --no-progress -format json --output /imagesecreport/scanning-report.txt nginx:latest - store_artifacts: path: /imagesecreport