-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbuildspec_old.yml
62 lines (56 loc) · 3.19 KB
/
buildspec_old.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
version: 0.2
phases:
install:
runtime-versions:
nodejs: 16
java: corretto17
python: 3.10
commands:
- echo "Installing dependencies"
- python3 -m venv env >/dev/null
- chmod +x ./env/bin/activate >/dev/null
- pip install --upgrade pip --disable-pip-version-check >/dev/null
- pip install pylint==2.11.1 >/dev/null
- pip install pylint-json2html==0.4.0 >/dev/null
- pip install -r requirements.txt >/dev/null
- sudo apt-get install jq >/dev/null
#- sudo apt-get install -y bsdmainutils
- pip install tabulate >/dev/null
# - sudo apt-get install bash-builtins
- sudo apt-get update >/dev/null
- java --version
pre_build:
commands:
- echo "Running Pylint static code analysis"
- which pylint >/dev/null
- pylint --output-format=json --fail-under=0 $CODEBUILD_SRC_DIR/contacts/*.py $CODEBUILD_SRC_DIR/*.py $CODEBUILD_SRC_DIR/accounts/*.py $CODEBUILD_SRC_DIR/autozone/*.py $CODEBUILD_SRC_DIR/cars/*.py > pylint_report.json || true
- pylint-json2html -f json -o pylint_report.html pylint_report.json >/dev/null
- echo "Static code analysis report generated"
- cat pylint_report.json | jq -r '.[] | [ .module, .type, .message ] | @tsv' | sed 's/[[:space:]]\{2,\}/ /g' | (echo -e "Module\tType\tMessage" && python -c "import sys, tabulate; print(tabulate.tabulate([line.strip().split('\t') for line in sys.stdin]))")
#- cat pylint_report.json | jq
- echo 'THIS pre_build STAGE MIGHT BE SUCCEDED. PLEASE CHECK CODE BUILD LOGS FOR STATIC CODE ANALYSIS'
#- aws s3 cp pylint_report.html s3://codepipeline-eu-west-2-613623979028/x21171203-devsecops-/static-code-analysis/pylint_report.html --debug
#- wget http://www-eu.apache.org/dist/maven/maven-3/3.5.4/binaries/apache-maven-3.5.4-bin.tar.gz >/dev/null
#- tar xzf apache-maven-3.5.4-bin.tar.gz >/dev/null
#- ln -s apache-maven-3.5.4 maven >/dev/null
- wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.8.0.2856-linux.zip >/dev/null
- unzip ./sonar-scanner-cli-4.8.0.2856-linux.zip >/dev/null
- export PATH=$PATH:/sonar-scanner-cli-4.8.0.2856-linux.zip/bin/ >/dev/null
build:
commands:
- echo "Running Django migrations"
- python manage.py migrate --traceback >/dev/null
- echo "Collecting static files"
- python manage.py collectstatic --noinput >/dev/null
- echo "Running CodeSecurity Analysis"
- ./sonar-scanner-4.8.0.2856-linux/bin/sonar-scanner -Dsonar.login=4664f57ab1fafea7f3859310bce1fae7f8867d21 -Dsonar.organization=devsecopsautozone -Dsonar.projectKey=devsecopsautozone -Dsonar.sources=*.py -Dsonar.host.url=https://sonarcloud.io -DgeneratePom=true
# - -Dsonar.sources=$CODEBUILD_SRC_DIR/contacts,$CODEBUILD_SRC_DIR/accounts,$CODEBUILD_SRC_DIR/autozone,$CODEBUILD_SRC_DIR/cars
# -Dsonar.sources=.
- sleep 5
- curl https://sonarcloud.io/api/qualitygates/project_status?projectKey=devsecopsautozone >result.json
- cat result.json
- if [ $(jq -r '.projectStatus.status' result.json) = ERROR ] ; then $CODEBUILD_BUILD_SUCCEEDING -eq 0 ;fi
artifacts:
files:
- '**/*'
#