Skip to content

Commit

Permalink
[5946] add job in circleci (testing only for now)
Browse files Browse the repository at this point in the history
  • Loading branch information
Alex committed Oct 12, 2022
1 parent 6bf8bad commit a8120d5
Show file tree
Hide file tree
Showing 2 changed files with 125 additions and 57 deletions.
176 changes: 119 additions & 57 deletions .circleci/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -261,6 +261,67 @@ jobs:
fromtag=$(docker images |grep securedrop-test-focal-py3 |head -n1 |awk '{print $2}')
DOCKER_BUILD_ARGUMENTS="--cache-from securedrop-test-focal-py3:${fromtag:-latest}" securedrop/bin/dev-shell bash -c "pip3 install -U -q --upgrade pip && pip3 install -U -q --upgrade semgrep && make -C .. semgrep"
zap-vulnerability-scan:
machine:
image: ubuntu-2004:202010-01
enabled: true
environment:
DOCKER_API_VERSION: 1.23
BASE_OS: focal
parallelism: 3
steps:
- checkout
- *rebaseontarget
- *createcachedir
- *restorecache
- *loadimagelayers
- *dockerimagebuild
- *saveimagelayers
- *savecache

- run:
name: Install dependencies
command: |
sudo systemctl stop apt-daily.service
sudo systemctl kill --kill-who=all apt-daily.service
while ! (systemctl list-units --all apt-daily.service | egrep -q '(dead|failed)') do sleep 1; done
( sudo apt-get update || sudo apt-get update )
sudo apt-get install -y openjdk-17-jre-headless wget firefox
export GECKODRIVER_VER=v0.30.0
wget https://github.com/mozilla/geckodriver/releases/download/${GECKODRIVER_VER}/geckodriver-${GECKODRIVER_VER}-linux64.tar.gz -O /tmp/geckodriver.tar.gz
cd /tmp
tar -xvzf geckodriver.tar.gz
sudo install geckodriver /usr/local/bin
wget https://github.com/zaproxy/zaproxy/releases/download/v2.11.1/ZAP_2_11_1_unix.sh -O /tmp/zap_installer.sh
chmod u+x /tmp/zap_installer.sh
sudo /tmp/zap_installer.sh -q
zap.sh -cmd -addoninstall jython
cd ~/project; ls
pip3 install -r scans/requirements.txt
- run:
name: Run dev instance
command: |
fromtag=$(docker images |grep securedrop-test-focal-py3 |head -n1 |awk '{print $2}')
DOCKER_BUILD_ARGUMENTS="--cache-from securedrop-test-focal-py3:${fromtag:-latest}" make dev-detatched
background: true

- run:
name: Run zap daemon
command: zap.sh -daemon -port 8090 -config api.disablekey=true -config hud.enabled=false -config hud.enabledForDesktop=false
background: true

- run:
name: Run zap
command: |
python3 zap/scripts/sel.py
- store_test_results:
path: ~/project/jrn_report.html

- store_artifacts:
path: ~/project/src_report.html

staging-test-with-rebase:
machine:
image: ubuntu-2004:202010-01
Expand Down Expand Up @@ -310,63 +371,64 @@ workflows:
version: 2
securedrop_ci:
jobs:
- lint
- app-tests:
filters:
branches:
ignore:
- /i18n-.*/
- /update-builder-.*/
requires:
- lint
- app-page-layout-tests:
filters:
branches:
ignore:
- /i18n-.*/
- /update-builder-.*/
requires:
- lint
- admin-tests:
filters:
branches:
ignore:
- /i18n-.*/
- /update-builder-.*/
requires:
- lint
- updater-gui-tests:
filters:
branches:
ignore:
- /i18n-.*/
- /update-builder-.*/
requires:
- lint
- static-analysis-and-no-known-cves:
requires:
- lint
- staging-test-with-rebase:
filters:
branches:
# Ignore needs to be here explicitely as only clause introduced in PR #6086 might be removed afterwards.
ignore: /i18n-.*/
only: /(stg-|release\/).*/
requires:
- lint
- translation-tests:
requires:
- lint
filters:
branches:
only: /i18n-.*/
- deb-tests:
filters:
branches:
only:
- /update-builder-.*/
requires:
- lint
- zap-vulnerability-scan
# - lint
# - app-tests:
# filters:
# branches:
# ignore:
# - /i18n-.*/
# - /update-builder-.*/
# requires:
# - lint
# - app-page-layout-tests:
# filters:
# branches:
# ignore:
# - /i18n-.*/
# - /update-builder-.*/
# requires:
# - lint
# - admin-tests:
# filters:
# branches:
# ignore:
# - /i18n-.*/
# - /update-builder-.*/
# requires:
# - lint
# - updater-gui-tests:
# filters:
# branches:
# ignore:
# - /i18n-.*/
# - /update-builder-.*/
# requires:
# - lint
# - static-analysis-and-no-known-cves:
# requires:
# - lint
# - staging-test-with-rebase:
# filters:
# branches:
# # Ignore needs to be here explicitely as only clause introduced in PR #6086 might be removed afterwards.
# ignore: /i18n-.*/
# only: /(stg-|release\/).*/
# requires:
# - lint
# - translation-tests:
# requires:
# - lint
# filters:
# branches:
# only: /i18n-.*/
# - deb-tests:
# filters:
# branches:
# only:
# - /update-builder-.*/
# requires:
# - lint

nightly:
triggers:
Expand Down
6 changes: 6 additions & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -237,6 +237,12 @@ dev: ## Run the development server in a Docker container.
@echo "███ Starting development server..."
@OFFSET_PORTS='false' DOCKER_BUILD_VERBOSE='true' $(DEVSHELL) $(SDBIN)/run
@echo

.PHONY: dev-detatched
dev-detatched: ## Run the development server in a Docker container without attatching tty.
@echo "███ Starting development server..."
@OFFSET_PORTS='false' DETATCHED='true' DOCKER_BUILD_VERBOSE='true' $(DEVSHELL) $(SDBIN)/run
@echo

.PHONY: dev-tor
dev-tor: ## Run the development server with onion services in a Docker container.
Expand Down

0 comments on commit a8120d5

Please sign in to comment.