From 6f01e7e3ea3e5e3c49f26ae42d0dba68141069f5 Mon Sep 17 00:00:00 2001 From: Joshua Lambert Date: Wed, 20 Dec 2017 08:03:28 -0500 Subject: Update Auto DevOps template --- vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml | 70 ++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) (limited to 'vendor') diff --git a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml index 275487071f3..c169d4eff2e 100644 --- a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml +++ b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml @@ -41,6 +41,7 @@ stages: - staging - canary - production + - performance - cleanup build: @@ -83,6 +84,21 @@ codequality: artifacts: paths: [codeclimate.json] +performance: + stage: performance + image: + name: sitespeedio/sitespeed.io:6.0.3 + entrypoint: [""] + script: + - performance + artifacts: + paths: + - performance.json + only: + refs: + - branches + kubernetes: active + sast: image: registry.gitlab.com/gitlab-org/gl-sast:latest variables: @@ -92,6 +108,19 @@ sast: - sast . artifacts: paths: [gl-sast-report.json] + +sast:image: + image: docker:latest + variables: + DOCKER_DRIVER: overlay2 + allow_failure: true + services: + - docker:dind + script: + - setup_docker + - sast_image + artifacts: + paths: [gl-sast-image-report.json] review: stage: review @@ -103,10 +132,13 @@ review: - install_tiller - create_secret - deploy + - persist_environment_url environment: name: review/$CI_COMMIT_REF_NAME url: http://$CI_PROJECT_PATH_SLUG-$CI_ENVIRONMENT_SLUG.$AUTO_DEVOPS_DOMAIN on_stop: stop_review + artifacts: + paths: [environment_url.txt] only: refs: - branches @@ -201,9 +233,12 @@ production: - create_secret - deploy - delete canary + - persist_environment_url environment: name: production url: http://$CI_PROJECT_PATH_SLUG.$AUTO_DEVOPS_DOMAIN + artifacts: + paths: [environment_url.txt] # when: manual only: refs: @@ -221,6 +256,18 @@ production: export CI_APPLICATION_TAG=$CI_COMMIT_SHA export CI_CONTAINER_NAME=ci_job_build_${CI_JOB_ID} export TILLER_NAMESPACE=$KUBE_NAMESPACE + + function sast_image() { + docker run -d --name db arminc/clair-db:latest + docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 + apk add -U wget ca-certificates + docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} + wget https://github.com/arminc/clair-scanner/releases/download/v6/clair-scanner_linux_386 + mv clair-scanner_linux_386 clair-scanner + chmod +x clair-scanner + touch clair-whitelist.yml + ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-image-report.json -l clair.log -w clair-whitelist.yml ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} || true + } function codeclimate() { cc_opts="--env CODECLIMATE_CODE="$PWD" \ @@ -415,6 +462,29 @@ production: --docker-email="$GITLAB_USER_EMAIL" \ -o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f - } + + function performance() { + export CI_ENVIRONMENT_URL=$(cat environment_url.txt) + + mkdir gitlab-exporter + wget -O gitlab-exporter/index.js https://gitlab.com/gitlab-org/gl-performance/raw/10-3/index.js + + mkdir sitespeed-results + + if [ -f .gitlab-urls.txt ] + then + sed -i -e 's@^@'"$CI_ENVIRONMENT_URL"'@' .gitlab-urls.txt + /start.sh --plugins.add gitlab-exporter --outputFolder sitespeed-results .gitlab-urls.txt + else + /start.sh --plugins.add gitlab-exporter --outputFolder sitespeed-results $CI_ENVIRONMENT_URL + fi + + mv sitespeed-results/data/performance.json performance.json + } + + function persist_environment_url() { + echo $CI_ENVIRONMENT_URL > environment_url.txt + } function delete() { track="${1-stable}" -- cgit v1.2.3 From 06175be1a646a7f9a531239079e7350847443ef1 Mon Sep 17 00:00:00 2001 From: Joshua Lambert Date: Wed, 20 Dec 2017 15:41:26 +0000 Subject: Remove SAST:Image for now. --- vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml | 25 ------------------------- 1 file changed, 25 deletions(-) (limited to 'vendor') diff --git a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml index c169d4eff2e..18910a46d11 100644 --- a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml +++ b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml @@ -108,19 +108,6 @@ sast: - sast . artifacts: paths: [gl-sast-report.json] - -sast:image: - image: docker:latest - variables: - DOCKER_DRIVER: overlay2 - allow_failure: true - services: - - docker:dind - script: - - setup_docker - - sast_image - artifacts: - paths: [gl-sast-image-report.json] review: stage: review @@ -256,18 +243,6 @@ production: export CI_APPLICATION_TAG=$CI_COMMIT_SHA export CI_CONTAINER_NAME=ci_job_build_${CI_JOB_ID} export TILLER_NAMESPACE=$KUBE_NAMESPACE - - function sast_image() { - docker run -d --name db arminc/clair-db:latest - docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 - apk add -U wget ca-certificates - docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} - wget https://github.com/arminc/clair-scanner/releases/download/v6/clair-scanner_linux_386 - mv clair-scanner_linux_386 clair-scanner - chmod +x clair-scanner - touch clair-whitelist.yml - ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-image-report.json -l clair.log -w clair-whitelist.yml ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} || true - } function codeclimate() { cc_opts="--env CODECLIMATE_CODE="$PWD" \ -- cgit v1.2.3 From 0d4548026f3060ca0a8f7aa8d8fc89838bc66130 Mon Sep 17 00:00:00 2001 From: Mayra Cabrera Date: Fri, 22 Dec 2017 17:23:43 +0000 Subject: Extend Cluster Applications to allow installation of Prometheus --- vendor/prometheus/values.yaml | 134 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 134 insertions(+) create mode 100644 vendor/prometheus/values.yaml (limited to 'vendor') diff --git a/vendor/prometheus/values.yaml b/vendor/prometheus/values.yaml new file mode 100644 index 00000000000..dd9496deb4d --- /dev/null +++ b/vendor/prometheus/values.yaml @@ -0,0 +1,134 @@ +alertmanager: | + enabled: false + +kubeStateMetrics: | + enabled: 'false' + +nodeExporter: | + enabled: 'false' + +pushgateway: | + enabled: 'false' + +serverFiles: | + alerts: '' + rules: '' + + prometheus.yml: |- + rule_files: | + - /etc/config/rules + - /etc/config/alerts + scrape_configs: | + - job_name: prometheus + static_configs: | + - targets: + - localhost:9090 + + - job_name: 'kubernetes-apiservers' + kubernetes_sd_configs: | + - role: endpoints + scheme: https + + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + relabel_configs: + - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: default;kubernetes;https + - job_name: 'kubernetes-nodes' + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: node + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: [__meta_kubernetes_node_name] + regex: (.+) + target_label: __metrics_path__ + replacement: /api/v1/nodes/${1}/proxy/metrics + + - job_name: 'kubernetes-service-endpoints' + kubernetes_sd_configs: + - role: endpoints + relabel_configs: | + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] + action: keep + regex: 'true' + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: (.+)(?::\d+);(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: kubernetes_namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: kubernetes_name + - job_name: 'prometheus-pushgateway' + honor_labels: true + kubernetes_sd_configs: | + - role: service + relabel_configs: | + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] + action: keep + regex: pushgateway + - job_name: 'kubernetes-services' + metrics_path: /probe + params: | + module: [http_2xx] + kubernetes_sd_configs: | + - role: service + relabel_configs: | + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] + action: keep + regex: 'true' + - source_labels: [__address__] + target_label: __param_target + - target_label: __address__ + replacement: blackbox + - source_labels: [__param_target] + target_label: instance + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + target_label: kubernetes_namespace + - source_labels: [__meta_kubernetes_service_name] + target_label: kubernetes_name + - job_name: 'kubernetes-pods' + kubernetes_sd_configs: + - role: pod + relabel_configs: + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] + action: keep + regex: 'true' + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: kubernetes_namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: kubernetes_pod_name -- cgit v1.2.3 From 20f79920e584f70218c78ce7a2c9c42328020031 Mon Sep 17 00:00:00 2001 From: Alessio Caiazza Date: Thu, 4 Jan 2018 10:29:16 +0100 Subject: Backport gitlab-org/gitlab-ci-yml!128 - Fix kubectl version to 1.8.6 This commit extracts `kubectl`, `helm` and `codeclimate` versions as CI variables. `kubectl` changes from latest stable version to `1.8.6`, the other two are just extracted in order to be easily updated; now we can also test tool upgrades overriding CI secret variables. --- vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'vendor') diff --git a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml index 18910a46d11..06473fba8e1 100644 --- a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml +++ b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml @@ -34,6 +34,10 @@ variables: POSTGRES_ENABLED: "true" POSTGRES_DB: $CI_ENVIRONMENT_SLUG + KUBERNETES_VERSION: 1.8.6 + HELM_VERSION: 2.6.1 + CODECLIMATE_VERSION: 0.69.0 + stages: - build - test @@ -250,8 +254,8 @@ production: --volume /var/run/docker.sock:/var/run/docker.sock \ --volume /tmp/cc:/tmp/cc" - docker run ${cc_opts} codeclimate/codeclimate:0.69.0 init - docker run ${cc_opts} codeclimate/codeclimate:0.69.0 analyze -f json > codeclimate.json + docker run ${cc_opts} "codeclimate/codeclimate:${CODECLIMATE_VERSION}" init + docker run ${cc_opts} "codeclimate/codeclimate:${CODECLIMATE_VERSION}" analyze -f json > codeclimate.json } function sast() { @@ -323,11 +327,11 @@ production: apk add glibc-2.23-r3.apk rm glibc-2.23-r3.apk - curl https://kubernetes-helm.storage.googleapis.com/helm-v2.6.1-linux-amd64.tar.gz | tar zx + curl "https://kubernetes-helm.storage.googleapis.com/helm-v${HELM_VERSION}-linux-amd64.tar.gz" | tar zx mv linux-amd64/helm /usr/bin/ helm version --client - curl -L -o /usr/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl + curl -L -o /usr/bin/kubectl "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl" chmod +x /usr/bin/kubectl kubectl version --client } -- cgit v1.2.3 From 92df3a742c05919f73fa64457794b485c93fa614 Mon Sep 17 00:00:00 2001 From: Grzegorz Bizon Date: Sat, 6 Jan 2018 09:35:34 +0100 Subject: Bump import/export version in project templates --- vendor/project_templates/express.tar.gz | Bin 5651 -> 5614 bytes vendor/project_templates/rails.tar.gz | Bin 25065 -> 25007 bytes vendor/project_templates/spring.tar.gz | Bin 50845 -> 50945 bytes 3 files changed, 0 insertions(+), 0 deletions(-) (limited to 'vendor') diff --git a/vendor/project_templates/express.tar.gz b/vendor/project_templates/express.tar.gz index 7a811e1986b..dcf5e4a0416 100644 Binary files a/vendor/project_templates/express.tar.gz and b/vendor/project_templates/express.tar.gz differ diff --git a/vendor/project_templates/rails.tar.gz b/vendor/project_templates/rails.tar.gz index 7db63ecc65f..d4856090ed9 100644 Binary files a/vendor/project_templates/rails.tar.gz and b/vendor/project_templates/rails.tar.gz differ diff --git a/vendor/project_templates/spring.tar.gz b/vendor/project_templates/spring.tar.gz index 96f51ee804c..6ee7e76f676 100644 Binary files a/vendor/project_templates/spring.tar.gz and b/vendor/project_templates/spring.tar.gz differ -- cgit v1.2.3 From 2837cc17d65e08405e96ece754f1ca0edd277e94 Mon Sep 17 00:00:00 2001 From: Luke Bennett Date: Sat, 6 Jan 2018 14:58:42 +0000 Subject: Update templates for 10.4 --- vendor/gitignore/Eagle.gitignore | 10 +++++- vendor/gitignore/Global/Eclipse.gitignore | 3 ++ vendor/gitignore/Global/JetBrains.gitignore | 1 + vendor/gitignore/Global/Matlab.gitignore | 20 ++++++------ vendor/gitignore/Go.gitignore | 1 + vendor/gitignore/Node.gitignore | 2 ++ vendor/gitignore/Rails.gitignore | 4 +++ vendor/gitignore/Umbraco.gitignore | 7 +++-- vendor/gitignore/VisualStudio.gitignore | 8 +++++ vendor/gitignore/WordPress.gitignore | 1 + vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml | 25 +++++++++++++++ vendor/gitlab-ci-yml/Mono.gitlab-ci.yml | 42 ++++++++++++++++++++++++++ vendor/gitlab-ci-yml/Rust.gitlab-ci.yml | 2 +- 13 files changed, 113 insertions(+), 13 deletions(-) create mode 100644 vendor/gitlab-ci-yml/Mono.gitlab-ci.yml (limited to 'vendor') diff --git a/vendor/gitignore/Eagle.gitignore b/vendor/gitignore/Eagle.gitignore index 9ced1260266..9afc324d6ae 100644 --- a/vendor/gitignore/Eagle.gitignore +++ b/vendor/gitignore/Eagle.gitignore @@ -4,6 +4,9 @@ *.s#? *.b#? *.l#? +*.b$? +*.s$? +*.l$? # Eagle project file # It contains a serial number and references to the file structure @@ -31,14 +34,19 @@ eagle.epf *.drl *.gpi *.pls +*.ger +*.gpi +*.xln *.drd *.drd.* +*.s#* +*.b#* + *.info *.eps # file locks introduced since 7.x *.lck - diff --git a/vendor/gitignore/Global/Eclipse.gitignore b/vendor/gitignore/Global/Eclipse.gitignore index ce1c12cdb7a..0eb8a5e8571 100644 --- a/vendor/gitignore/Global/Eclipse.gitignore +++ b/vendor/gitignore/Global/Eclipse.gitignore @@ -23,6 +23,9 @@ local.properties # CDT-specific (C/C++ Development Tooling) .cproject +# CDT- autotools +.autotools + # Java annotation processor (APT) .factorypath diff --git a/vendor/gitignore/Global/JetBrains.gitignore b/vendor/gitignore/Global/JetBrains.gitignore index 345e61ae3f2..a30eacf1d98 100644 --- a/vendor/gitignore/Global/JetBrains.gitignore +++ b/vendor/gitignore/Global/JetBrains.gitignore @@ -21,6 +21,7 @@ # CMake cmake-build-debug/ +cmake-build-release/ # Mongo Explorer plugin: .idea/**/mongoSettings.xml diff --git a/vendor/gitignore/Global/Matlab.gitignore b/vendor/gitignore/Global/Matlab.gitignore index 7996ad5058e..d87a6bdbeeb 100644 --- a/vendor/gitignore/Global/Matlab.gitignore +++ b/vendor/gitignore/Global/Matlab.gitignore @@ -1,8 +1,3 @@ -##--------------------------------------------------- -## Remove autosaves generated by the MATLAB editor -## We have git for backups! -##--------------------------------------------------- - # Windows default autosave extension *.asv @@ -12,12 +7,19 @@ # Compiled MEX binaries (all platforms) *.mex* -# Simulink Code Generation +# Packaged app and toolbox files +*.mlappinstall +*.mltbx + +# Generated helpsearch folders +helpsearch*/ + +# Simulink code generation folders slprj/ sccprj/ -# Session info -octave-workspace - # Simulink autosave extension *.autosave + +# Octave session info +octave-workspace diff --git a/vendor/gitignore/Go.gitignore b/vendor/gitignore/Go.gitignore index ea58090bd21..f1c181ec9c5 100644 --- a/vendor/gitignore/Go.gitignore +++ b/vendor/gitignore/Go.gitignore @@ -1,5 +1,6 @@ # Binaries for programs and plugins *.exe +*.exe~ *.dll *.so *.dylib diff --git a/vendor/gitignore/Node.gitignore b/vendor/gitignore/Node.gitignore index 97e28736892..d1bed128fa8 100644 --- a/vendor/gitignore/Node.gitignore +++ b/vendor/gitignore/Node.gitignore @@ -57,3 +57,5 @@ typings/ # dotenv environment variables file .env +# next.js build output +.next diff --git a/vendor/gitignore/Rails.gitignore b/vendor/gitignore/Rails.gitignore index 42aeb55000a..828ab1d556a 100644 --- a/vendor/gitignore/Rails.gitignore +++ b/vendor/gitignore/Rails.gitignore @@ -42,3 +42,7 @@ bower.json # Ignore Byebug command history file. .byebug_history + +# Ignore node_modules +node_modules/ + diff --git a/vendor/gitignore/Umbraco.gitignore b/vendor/gitignore/Umbraco.gitignore index b6b0743f62a..10fc2b4d825 100644 --- a/vendor/gitignore/Umbraco.gitignore +++ b/vendor/gitignore/Umbraco.gitignore @@ -16,8 +16,11 @@ # Don't ignore Umbraco packages (VisualStudio.gitignore mistakes this for a NuGet packages folder) # Make sure to include details from VisualStudio.gitignore BEFORE this -!**/App_Data/[Pp]ackages/ -!**/[Uu]mbraco/[Dd]eveloper/[Pp]ackages +!**/App_Data/[Pp]ackages/* +!**/[Uu]mbraco/[Dd]eveloper/[Pp]ackages/* # ImageProcessor DiskCache **/App_Data/cache/ + +# Ignore the Models Builder models out of date flag +**/App_Data/Models/ood.flag diff --git a/vendor/gitignore/VisualStudio.gitignore b/vendor/gitignore/VisualStudio.gitignore index 6217e6c48e9..d3d5371b415 100644 --- a/vendor/gitignore/VisualStudio.gitignore +++ b/vendor/gitignore/VisualStudio.gitignore @@ -219,6 +219,10 @@ ClientBin/ *.publishsettings orleans.codegen.cs +# Including strong name files can present a security risk +# (https://github.com/github/gitignore/pull/2483#issue-259490424) +#*.snk + # Since there are multiple workflows, uncomment next line to ignore bower_components # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) #bower_components/ @@ -313,3 +317,7 @@ OpenCover/ # Azure Stream Analytics local run output ASALocalRun/ + +# MSBuild Binary and Structured Log +*.binlog + diff --git a/vendor/gitignore/WordPress.gitignore b/vendor/gitignore/WordPress.gitignore index 97923503c4c..3b181ec0cf2 100644 --- a/vendor/gitignore/WordPress.gitignore +++ b/vendor/gitignore/WordPress.gitignore @@ -7,6 +7,7 @@ wp-content/blogs.dir/ wp-content/cache/ wp-content/upgrade/ wp-content/uploads/ +wp-content/mu-plugins/ wp-content/wp-cache-config.php wp-content/plugins/hello.php diff --git a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml index 06473fba8e1..75de266369d 100644 --- a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml +++ b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml @@ -112,6 +112,19 @@ sast: - sast . artifacts: paths: [gl-sast-report.json] + +sast:container: + image: docker:latest + variables: + DOCKER_DRIVER: overlay2 + allow_failure: true + services: + - docker:dind + script: + - setup_docker + - sast_container + artifacts: + paths: [gl-sast-container-report.json] review: stage: review @@ -247,6 +260,18 @@ production: export CI_APPLICATION_TAG=$CI_COMMIT_SHA export CI_CONTAINER_NAME=ci_job_build_${CI_JOB_ID} export TILLER_NAMESPACE=$KUBE_NAMESPACE + + function sast_container() { + docker run -d --name db arminc/clair-db:latest + docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 + apk add -U wget ca-certificates + docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} + wget https://github.com/arminc/clair-scanner/releases/download/v6/clair-scanner_linux_386 + mv clair-scanner_linux_386 clair-scanner + chmod +x clair-scanner + touch clair-whitelist.yml + ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} || true + } function codeclimate() { cc_opts="--env CODECLIMATE_CODE="$PWD" \ diff --git a/vendor/gitlab-ci-yml/Mono.gitlab-ci.yml b/vendor/gitlab-ci-yml/Mono.gitlab-ci.yml new file mode 100644 index 00000000000..3585f99760f --- /dev/null +++ b/vendor/gitlab-ci-yml/Mono.gitlab-ci.yml @@ -0,0 +1,42 @@ +# This is a simple gitlab continuous integration template (compatible with the shared runner provided on gitlab.com) +# using the official mono docker image to build a visual studio project. +# +# MyProject.sln +# MyProject\ +# MyProject\ +# MyProject.csproj (console application) +# MyProject.Test\ +# MyProject.Test.csproj (test library using nuget packages "NUnit" and "NUnit.ConsoleRunner") +# +# Please find the full example project here: +# https://gitlab.com/tobiaskoch/gitlab-ci-example-mono + +# see https://hub.docker.com/_/mono/ +image: mono:latest + +stages: + - test + - deploy + +before_script: + - nuget restore -NonInteractive + +release: + stage: deploy + only: + - master + artifacts: + paths: + - build/release/MyProject.exe + script: + # The output path is relative to the position of the csproj-file + - msbuild /p:Configuration="Release" /p:Platform="Any CPU" + /p:OutputPath="./../../build/release/" "MyProject.sln" + +debug: + stage: test + script: + # The output path is relative to the position of the csproj-file + - msbuild /p:Configuration="Debug" /p:Platform="Any CPU" + /p:OutputPath="./../../build/debug/" "MyProject.sln" + - mono packages/NUnit.ConsoleRunner.3.6.0/tools/nunit3-console.exe build/debug/MyProject.Test.dll \ No newline at end of file diff --git a/vendor/gitlab-ci-yml/Rust.gitlab-ci.yml b/vendor/gitlab-ci-yml/Rust.gitlab-ci.yml index 1463161a04b..cab087c48c7 100644 --- a/vendor/gitlab-ci-yml/Rust.gitlab-ci.yml +++ b/vendor/gitlab-ci-yml/Rust.gitlab-ci.yml @@ -20,4 +20,4 @@ image: "rust:latest" test:cargo: script: - rustc --version && cargo --version # Print version info for debugging - - cargo test --verbose --jobs 1 --release # Don't parallelise to make errors more readable + - cargo test --all --verbose -- cgit v1.2.3 From 29084626fcbac7d233b3d5a4f91f8b6decc6b1d0 Mon Sep 17 00:00:00 2001 From: Luke Bennett Date: Sat, 6 Jan 2018 23:53:08 +0000 Subject: Update licenses for 10.4 --- vendor/licenses.csv | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) (limited to 'vendor') diff --git a/vendor/licenses.csv b/vendor/licenses.csv index b6a5c2f81a0..e3ccf080f74 100644 --- a/vendor/licenses.csv +++ b/vendor/licenses.csv @@ -23,7 +23,7 @@ autoprefixer-rails,6.2.3,MIT axiom-types,0.1.1,MIT babosa,1.0.2,MIT base32,0.3.2,MIT -batch-loader,1.1.1,MIT +batch-loader,1.2.1,MIT bcrypt,3.1.11,MIT bcrypt_pbkdf,1.0.0,MIT bindata,2.4.1,ruby @@ -73,8 +73,9 @@ faraday_middleware,0.11.0.1,MIT faraday_middleware-multi_json,0.0.6,MIT fast_gettext,1.4.0,"MIT,ruby" ffi,1.9.18,New BSD -flipper,0.10.2,MIT -flipper-active_record,0.10.2,MIT +flipper,0.11.0,MIT +flipper-active_record,0.11.0,MIT +flipper-active_support_cache_store,0.11.0,MIT flowdock,0.7.1,MIT fog-aliyun,0.2.0,MIT fog-aws,1.4.0,MIT @@ -92,7 +93,7 @@ gemojione,3.3.0,MIT get_process_mem,0.2.0,MIT gettext_i18n_rails,1.8.0,MIT gettext_i18n_rails_js,1.2.0,MIT -gitaly-proto,0.59.0,MIT +gitaly-proto,0.64.0,MIT github-linguist,4.7.6,MIT github-markup,1.6.1,MIT gitlab-flowdock-git-hook,1.0.1,MIT @@ -164,7 +165,7 @@ multi_xml,0.6.0,MIT multipart-post,2.0.0,MIT mustermann,1.0.0,MIT mustermann-grape,1.0.0,MIT -mysql2,0.4.5,MIT +mysql2,0.4.10,MIT net-ldap,0.16.0,MIT net-ssh,4.1.0,MIT netrc,0.11.0,MIT @@ -210,7 +211,7 @@ po_to_json,1.0.1,MIT posix-spawn,0.3.13,MIT premailer,1.10.4,New BSD premailer-rails,1.9.7,MIT -prometheus-client-mmap,0.7.0.beta43,Apache 2.0 +prometheus-client-mmap,0.7.0.beta44,Apache 2.0 public_suffix,3.0.0,MIT pyu-ruby-sasl,0.0.3.3,MIT rack,1.6.8,MIT @@ -237,11 +238,11 @@ re2,1.1.1,New BSD recaptcha,3.0.0,MIT recursive-open-struct,1.0.0,MIT redcarpet,3.4.0,MIT -redis,3.3.3,MIT +redis,3.3.5,MIT redis-actionpack,5.0.2,MIT redis-activesupport,5.0.4,MIT redis-namespace,1.5.2,MIT -redis-rack,2.0.3,MIT +redis-rack,2.0.4,MIT redis-rails,5.0.2,MIT redis-store,1.4.1,MIT representable,3.0.4,MIT @@ -273,7 +274,7 @@ select2-rails,3.5.9.3,MIT sentry-raven,2.5.3,Apache 2.0 settingslogic,2.0.9,MIT sexp_processor,4.9.0,MIT -sidekiq,5.0.4,LGPL +sidekiq,5.0.5,LGPL sidekiq-cron,0.6.0,MIT sidekiq-limit_fetch,3.4.0,MIT signet,0.7.3,Apache 2.0 -- cgit v1.2.3 From 9d7e0e49189519f2659906348507da969cfbab14 Mon Sep 17 00:00:00 2001 From: Joshua Lambert Date: Wed, 10 Jan 2018 17:28:50 -0500 Subject: Update AutoDevOps template with browser performance fix --- vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml | 30 +++++++++++++++----------- 1 file changed, 17 insertions(+), 13 deletions(-) (limited to 'vendor') diff --git a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml index 75de266369d..eec356b9f47 100644 --- a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml +++ b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml @@ -90,10 +90,14 @@ codequality: performance: stage: performance - image: - name: sitespeedio/sitespeed.io:6.0.3 - entrypoint: [""] + image: docker:latest + variables: + DOCKER_DRIVER: overlay2 + allow_failure: true + services: + - docker:dind script: + - setup_docker - performance artifacts: paths: @@ -112,7 +116,7 @@ sast: - sast . artifacts: paths: [gl-sast-report.json] - + sast:container: image: docker:latest variables: @@ -260,7 +264,7 @@ production: export CI_APPLICATION_TAG=$CI_COMMIT_SHA export CI_CONTAINER_NAME=ci_job_build_${CI_JOB_ID} export TILLER_NAMESPACE=$KUBE_NAMESPACE - + function sast_container() { docker run -d --name db arminc/clair-db:latest docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 @@ -466,26 +470,26 @@ production: --docker-email="$GITLAB_USER_EMAIL" \ -o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f - } - + function performance() { export CI_ENVIRONMENT_URL=$(cat environment_url.txt) - + mkdir gitlab-exporter wget -O gitlab-exporter/index.js https://gitlab.com/gitlab-org/gl-performance/raw/10-3/index.js - + mkdir sitespeed-results - + if [ -f .gitlab-urls.txt ] then sed -i -e 's@^@'"$CI_ENVIRONMENT_URL"'@' .gitlab-urls.txt - /start.sh --plugins.add gitlab-exporter --outputFolder sitespeed-results .gitlab-urls.txt + docker run --shm-size=1g --rm -v "$(pwd)":/sitespeed.io sitespeedio/sitespeed.io:6.0.3 --plugins.add ./gitlab-exporter --outputFolder sitespeed-results .gitlab-urls.txt else - /start.sh --plugins.add gitlab-exporter --outputFolder sitespeed-results $CI_ENVIRONMENT_URL + docker run --shm-size=1g --rm -v "$(pwd)":/sitespeed.io sitespeedio/sitespeed.io:6.0.3 --plugins.add ./gitlab-exporter --outputFolder sitespeed-results "$CI_ENVIRONMENT_URL" fi - + mv sitespeed-results/data/performance.json performance.json } - + function persist_environment_url() { echo $CI_ENVIRONMENT_URL > environment_url.txt } -- cgit v1.2.3 From 1827f398ad4bdcd348798424a2d9320d9945c641 Mon Sep 17 00:00:00 2001 From: Mayra Cabrera Date: Mon, 15 Jan 2018 16:27:58 +0000 Subject: Resolve "Managed Prometheus deployment installs a lot of extra stuff" --- vendor/prometheus/values.yaml | 69 ++++++++++++++++++++++++++++--------------- 1 file changed, 45 insertions(+), 24 deletions(-) (limited to 'vendor') diff --git a/vendor/prometheus/values.yaml b/vendor/prometheus/values.yaml index dd9496deb4d..fdc687b8980 100644 --- a/vendor/prometheus/values.yaml +++ b/vendor/prometheus/values.yaml @@ -1,32 +1,35 @@ -alertmanager: | +alertmanager: enabled: false -kubeStateMetrics: | - enabled: 'false' +kubeStateMetrics: + enabled: false -nodeExporter: | - enabled: 'false' +nodeExporter: + enabled: false -pushgateway: | - enabled: 'false' +pushgateway: + enabled: false -serverFiles: | - alerts: '' - rules: '' +serverFiles: + alerts: "" + rules: "" prometheus.yml: |- - rule_files: | + rule_files: - /etc/config/rules - /etc/config/alerts - scrape_configs: | + + scrape_configs: - job_name: prometheus - static_configs: | + static_configs: - targets: - localhost:9090 - job_name: 'kubernetes-apiservers' - kubernetes_sd_configs: | + + kubernetes_sd_configs: - role: endpoints + scheme: https tls_config: @@ -37,14 +40,17 @@ serverFiles: | - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] action: keep regex: default;kubernetes;https + - job_name: 'kubernetes-nodes' scheme: https tls_config: ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt insecure_skip_verify: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: - role: node + relabel_configs: - action: labelmap regex: __meta_kubernetes_node_label_(.+) @@ -54,14 +60,15 @@ serverFiles: | regex: (.+) target_label: __metrics_path__ replacement: /api/v1/nodes/${1}/proxy/metrics - - job_name: 'kubernetes-service-endpoints' + kubernetes_sd_configs: - role: endpoints - relabel_configs: | + + relabel_configs: - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] action: keep - regex: 'true' + regex: true - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] action: replace target_label: __scheme__ @@ -83,24 +90,30 @@ serverFiles: | - source_labels: [__meta_kubernetes_service_name] action: replace target_label: kubernetes_name + - job_name: 'prometheus-pushgateway' honor_labels: true - kubernetes_sd_configs: | + + kubernetes_sd_configs: - role: service - relabel_configs: | + + relabel_configs: - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] action: keep regex: pushgateway - job_name: 'kubernetes-services' + metrics_path: /probe - params: | + params: module: [http_2xx] - kubernetes_sd_configs: | + + kubernetes_sd_configs: - role: service - relabel_configs: | + + relabel_configs: - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] action: keep - regex: 'true' + regex: true - source_labels: [__address__] target_label: __param_target - target_label: __address__ @@ -113,17 +126,25 @@ serverFiles: | target_label: kubernetes_namespace - source_labels: [__meta_kubernetes_service_name] target_label: kubernetes_name + - job_name: 'kubernetes-pods' + kubernetes_sd_configs: - role: pod + relabel_configs: - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] action: keep - regex: 'true' + regex: true - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] action: replace target_label: __metrics_path__ regex: (.+) + - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + action: replace + regex: (.+):(?:\d+);(\d+) + replacement: ${1}:${2} + target_label: __address__ - action: labelmap regex: __meta_kubernetes_pod_label_(.+) - source_labels: [__meta_kubernetes_namespace] -- cgit v1.2.3 From 15e6278eb7eb0e3c8a4f4f546e4149dca4613d7b Mon Sep 17 00:00:00 2001 From: Joshua Lambert Date: Mon, 8 Jan 2018 23:08:46 -0500 Subject: Update prometheus.yml to reflect current Omnibus version --- vendor/prometheus/values.yaml | 200 +++++++++++++++++------------------------- 1 file changed, 81 insertions(+), 119 deletions(-) (limited to 'vendor') diff --git a/vendor/prometheus/values.yaml b/vendor/prometheus/values.yaml index fdc687b8980..5249449c7f8 100644 --- a/vendor/prometheus/values.yaml +++ b/vendor/prometheus/values.yaml @@ -18,138 +18,100 @@ serverFiles: rule_files: - /etc/config/rules - /etc/config/alerts - scrape_configs: - job_name: prometheus static_configs: - targets: - localhost:9090 - - - job_name: 'kubernetes-apiservers' - - kubernetes_sd_configs: - - role: endpoints - + - job_name: kubernetes-cadvisor scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" insecure_skip_verify: true - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + bearer_token_file: "/var/run/secrets/kubernetes.io/serviceaccount/token" + kubernetes_sd_configs: + - role: node + api_server: https://kubernetes.default.svc:443 + tls_config: + ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" + bearer_token_file: "/var/run/secrets/kubernetes.io/serviceaccount/token" relabel_configs: - - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: default;kubernetes;https - - - job_name: 'kubernetes-nodes' + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: + - __meta_kubernetes_node_name + regex: "(.+)" + target_label: __metrics_path__ + replacement: "/api/v1/nodes/${1}/proxy/metrics/cadvisor" + metric_relabel_configs: + - source_labels: + - pod_name + target_label: environment + regex: "(.+)-.+-.+" + - job_name: kubernetes-nodes scheme: https tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" insecure_skip_verify: true - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - + bearer_token_file: "/var/run/secrets/kubernetes.io/serviceaccount/token" kubernetes_sd_configs: - - role: node - + - role: node + api_server: https://kubernetes.default.svc:443 + tls_config: + ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" + bearer_token_file: "/var/run/secrets/kubernetes.io/serviceaccount/token" relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics - - job_name: 'kubernetes-service-endpoints' - - kubernetes_sd_configs: - - role: endpoints - - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ - regex: (https?) - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] - action: replace - target_label: __address__ - regex: (.+)(?::\d+);(\d+) - replacement: $1:$2 - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_service_name] - action: replace - target_label: kubernetes_name - - - job_name: 'prometheus-pushgateway' - honor_labels: true - - kubernetes_sd_configs: - - role: service - - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] - action: keep - regex: pushgateway - - job_name: 'kubernetes-services' - - metrics_path: /probe - params: - module: [http_2xx] - - kubernetes_sd_configs: - - role: service - - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] - action: keep - regex: true - - source_labels: [__address__] - target_label: __param_target - - target_label: __address__ - replacement: blackbox - - source_labels: [__param_target] - target_label: instance - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_service_name] - target_label: kubernetes_name - - - job_name: 'kubernetes-pods' - + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: + - __meta_kubernetes_node_name + regex: "(.+)" + target_label: __metrics_path__ + replacement: "/api/v1/nodes/${1}/proxy/metrics" + metric_relabel_configs: + - source_labels: + - pod_name + target_label: environment + regex: "(.+)-.+-.+" + - job_name: kubernetes-pods + tls_config: + ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" + insecure_skip_verify: true + bearer_token_file: "/var/run/secrets/kubernetes.io/serviceaccount/token" kubernetes_sd_configs: - - role: pod - + - role: pod + api_server: https://kubernetes.default.svc:443 + tls_config: + ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" + bearer_token_file: "/var/run/secrets/kubernetes.io/serviceaccount/token" relabel_configs: - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: (.+):(?:\d+);(\d+) - replacement: ${1}:${2} - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: kubernetes_pod_name + - source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_scrape + action: keep + regex: 'true' + - source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_path + action: replace + target_label: __metrics_path__ + regex: "(.+)" + - source_labels: + - __address__ + - __meta_kubernetes_pod_annotation_prometheus_io_port + action: replace + regex: "([^:]+)(?::[0-9]+)?;([0-9]+)" + replacement: "$1:$2" + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: + - __meta_kubernetes_namespace + action: replace + target_label: kubernetes_namespace + - source_labels: + - __meta_kubernetes_pod_name + action: replace + target_label: kubernetes_pod_name -- cgit v1.2.3 From 4a38b8a1608023cb65b1595d1cb1590fabcfb5f4 Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Fri, 19 Jan 2018 09:41:26 +0100 Subject: Update Auto DevOps template [ci skip] --- vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml | 42 ++++++++++++++++++++++++-- 1 file changed, 40 insertions(+), 2 deletions(-) (limited to 'vendor') diff --git a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml index eec356b9f47..5ebad58e171 100644 --- a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml +++ b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml @@ -42,6 +42,7 @@ stages: - build - test - review + - dast - staging - canary - production @@ -130,6 +131,23 @@ sast:container: artifacts: paths: [gl-sast-container-report.json] +dast: + stage: dast + allow_failure: true + image: owasp/zap2docker-stable + variables: + POSTGRES_DB: "false" + script: + - dast + artifacts: + paths: [gl-dast-report.json] + only: + refs: + - branches + kubernetes: active + except: + - master + review: stage: review script: @@ -270,8 +288,8 @@ production: docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 apk add -U wget ca-certificates docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} - wget https://github.com/arminc/clair-scanner/releases/download/v6/clair-scanner_linux_386 - mv clair-scanner_linux_386 clair-scanner + wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 + mv clair-scanner_linux_amd64 clair-scanner chmod +x clair-scanner touch clair-whitelist.yml ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} || true @@ -327,6 +345,12 @@ production: replicas="$new_replicas" fi + if [[ "$CI_PROJECT_VISIBILITY" != "public" ]]; then + secret_name='gitlab-registry' + else + secret_name='' + fi + helm upgrade --install \ --wait \ --set service.enabled="$service_enabled" \ @@ -334,6 +358,7 @@ production: --set image.repository="$CI_APPLICATION_REPOSITORY" \ --set image.tag="$CI_APPLICATION_TAG" \ --set image.pullPolicy=IfNotPresent \ + --set image.secrets[0].name="$secret_name" \ --set application.track="$track" \ --set application.database_url="$DATABASE_URL" \ --set service.url="$CI_ENVIRONMENT_URL" \ @@ -462,6 +487,11 @@ production: } function create_secret() { + echo "Create secret..." + if [[ "$CI_PROJECT_VISIBILITY" == "public" ]]; then + return + fi + kubectl create secret -n "$KUBE_NAMESPACE" \ docker-registry gitlab-registry \ --docker-server="$CI_REGISTRY" \ @@ -471,6 +501,14 @@ production: -o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f - } + function dast() { + export CI_ENVIRONMENT_URL=$(cat environment_url.txt) + + mkdir /zap/wrk/ + /zap/zap-baseline.py -J gl-dast-report.json -t "$CI_ENVIRONMENT_URL" || true + cp /zap/wrk/gl-dast-report.json . + } + function performance() { export CI_ENVIRONMENT_URL=$(cat environment_url.txt) -- cgit v1.2.3 From 6e9412a0e77049a4c4987bbbc579628ecad89371 Mon Sep 17 00:00:00 2001 From: bikebilly Date: Tue, 23 Jan 2018 09:42:33 +0100 Subject: Vendor 10.4 Auto DevOps template --- vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'vendor') diff --git a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml index 5ebad58e171..a7cd2bc972c 100644 --- a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml +++ b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml @@ -345,12 +345,6 @@ production: replicas="$new_replicas" fi - if [[ "$CI_PROJECT_VISIBILITY" != "public" ]]; then - secret_name='gitlab-registry' - else - secret_name='' - fi - helm upgrade --install \ --wait \ --set service.enabled="$service_enabled" \ @@ -358,7 +352,6 @@ production: --set image.repository="$CI_APPLICATION_REPOSITORY" \ --set image.tag="$CI_APPLICATION_TAG" \ --set image.pullPolicy=IfNotPresent \ - --set image.secrets[0].name="$secret_name" \ --set application.track="$track" \ --set application.database_url="$DATABASE_URL" \ --set service.url="$CI_ENVIRONMENT_URL" \ @@ -488,9 +481,6 @@ production: function create_secret() { echo "Create secret..." - if [[ "$CI_PROJECT_VISIBILITY" == "public" ]]; then - return - fi kubectl create secret -n "$KUBE_NAMESPACE" \ docker-registry gitlab-registry \ -- cgit v1.2.3 From 0cad8d6437a0c418f4fa9c42315c981fa6a4006c Mon Sep 17 00:00:00 2001 From: Joshua Lambert Date: Mon, 5 Feb 2018 12:44:15 +0000 Subject: Adapt config to support Prometheus 2.1 --- vendor/prometheus/values.yaml | 174 +++++++++++++++++++++++------------------- 1 file changed, 97 insertions(+), 77 deletions(-) (limited to 'vendor') diff --git a/vendor/prometheus/values.yaml b/vendor/prometheus/values.yaml index 5249449c7f8..db967514be7 100644 --- a/vendor/prometheus/values.yaml +++ b/vendor/prometheus/values.yaml @@ -2,7 +2,7 @@ alertmanager: enabled: false kubeStateMetrics: - enabled: false + enabled: true nodeExporter: enabled: false @@ -10,11 +10,15 @@ nodeExporter: pushgateway: enabled: false +server: + image: + tag: v2.1.0 + serverFiles: - alerts: "" - rules: "" + alerts: {} + rules: {} - prometheus.yml: |- + prometheus.yml: rule_files: - /etc/config/rules - /etc/config/alerts @@ -26,92 +30,108 @@ serverFiles: - job_name: kubernetes-cadvisor scheme: https tls_config: - ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt insecure_skip_verify: true - bearer_token_file: "/var/run/secrets/kubernetes.io/serviceaccount/token" + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token kubernetes_sd_configs: - - role: node - api_server: https://kubernetes.default.svc:443 - tls_config: - ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" - bearer_token_file: "/var/run/secrets/kubernetes.io/serviceaccount/token" + - role: node relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: - - __meta_kubernetes_node_name - regex: "(.+)" - target_label: __metrics_path__ - replacement: "/api/v1/nodes/${1}/proxy/metrics/cadvisor" + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: + - __meta_kubernetes_node_name + regex: "(.+)" + target_label: __metrics_path__ + replacement: "/api/v1/nodes/${1}/proxy/metrics/cadvisor" metric_relabel_configs: - - source_labels: - - pod_name - target_label: environment - regex: "(.+)-.+-.+" + - source_labels: + - pod_name + target_label: environment + regex: "(.+)-.+-.+" + - job_name: 'kubernetes-service-endpoints' + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: (.+)(?::\d+);(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: kubernetes_namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: kubernetes_name - job_name: kubernetes-nodes scheme: https tls_config: - ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt insecure_skip_verify: true - bearer_token_file: "/var/run/secrets/kubernetes.io/serviceaccount/token" + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token kubernetes_sd_configs: - - role: node - api_server: https://kubernetes.default.svc:443 - tls_config: - ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" - bearer_token_file: "/var/run/secrets/kubernetes.io/serviceaccount/token" + - role: node relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: - - __meta_kubernetes_node_name - regex: "(.+)" - target_label: __metrics_path__ - replacement: "/api/v1/nodes/${1}/proxy/metrics" + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: + - __meta_kubernetes_node_name + regex: "(.+)" + target_label: __metrics_path__ + replacement: "/api/v1/nodes/${1}/proxy/metrics" metric_relabel_configs: - - source_labels: - - pod_name - target_label: environment - regex: "(.+)-.+-.+" + - source_labels: + - pod_name + target_label: environment + regex: "(.+)-.+-.+" - job_name: kubernetes-pods tls_config: - ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt insecure_skip_verify: true - bearer_token_file: "/var/run/secrets/kubernetes.io/serviceaccount/token" + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token kubernetes_sd_configs: - - role: pod - api_server: https://kubernetes.default.svc:443 - tls_config: - ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" - bearer_token_file: "/var/run/secrets/kubernetes.io/serviceaccount/token" + - role: pod relabel_configs: - - source_labels: - - __meta_kubernetes_pod_annotation_prometheus_io_scrape - action: keep - regex: 'true' - - source_labels: - - __meta_kubernetes_pod_annotation_prometheus_io_path - action: replace - target_label: __metrics_path__ - regex: "(.+)" - - source_labels: - - __address__ - - __meta_kubernetes_pod_annotation_prometheus_io_port - action: replace - regex: "([^:]+)(?::[0-9]+)?;([0-9]+)" - replacement: "$1:$2" - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: - - __meta_kubernetes_namespace - action: replace - target_label: kubernetes_namespace - - source_labels: - - __meta_kubernetes_pod_name - action: replace - target_label: kubernetes_pod_name + - source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_scrape + action: keep + regex: 'true' + - source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_path + action: replace + target_label: __metrics_path__ + regex: "(.+)" + - source_labels: + - __address__ + - __meta_kubernetes_pod_annotation_prometheus_io_port + action: replace + regex: "([^:]+)(?::[0-9]+)?;([0-9]+)" + replacement: "$1:$2" + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: + - __meta_kubernetes_namespace + action: replace + target_label: kubernetes_namespace + - source_labels: + - __meta_kubernetes_pod_name + action: replace + target_label: kubernetes_pod_name -- cgit v1.2.3 From 1f912880dbf6337718611edbd9c2fb52c5639476 Mon Sep 17 00:00:00 2001 From: Joshua Lambert Date: Mon, 5 Feb 2018 12:46:31 +0000 Subject: Enable Prometheus metrics for deployed Ingresses --- vendor/ingress/values.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 vendor/ingress/values.yaml (limited to 'vendor') diff --git a/vendor/ingress/values.yaml b/vendor/ingress/values.yaml new file mode 100644 index 00000000000..cdb7da77e86 --- /dev/null +++ b/vendor/ingress/values.yaml @@ -0,0 +1,8 @@ +controller: + image: + tag: "0.10.2" + repository: "quay.io/kubernetes-ingress-controller/nginx-ingress-controller" + stats.enabled: true + podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "10254" -- cgit v1.2.3