π€ Imagine a place where no matter what language or technology you use, you can find a ready-made template to configure your pipeline π€©
This is why R2Devops hub exists. Join the movement, and together, let's stop reinventing the wheel in CI/CD.
Each jobs of the hub can be used independently or to create fully customized pipelines. You can use them for any kind of software and deployment type. Each job can be customized through configuration.
- π Find jobs to use in your pipeline in Jobs index
- π Understand how to use the hub in Documentation
- π Add your own job using the Contributing guide
This mono-repo contains several parts:
- templates' sources (structure is described in documentation)
- Documentation of the hub
- Tools used in hub pipeline to check templates
- Template R2 files, that defines template metadata
.
βββ docs # Documentation sources
βββ jobs # Folder containing templates sources
βΒ Β βββ ...
βββ mkdocs.yml # Documentation configuration
βββ Pipfile # Pipenv dependency file to build doc
βββ Pipfile.lock
βββ tools # Folder containing tools
βββ ...
- Follow the Contributing guide
As prerequisites, you need to install following dependencies on your system:
python3
pipenv
- Clone the repository locally
git clone git@gitlab.com:r2devops/hub.git
cd hub
- Install requirements
Documentation is built using Mkdocs and Material for Mkdocs{:target="_blank"}.
pipenv install
- Launch Mkdocs
You can launch mkdocs in order to create a local web server with hot reload to see your updates in live:
pipenv run mkdocs serve
- See your update in live at https://localhost:8000
This file aims to explain all jobs used on the CI/CD pipeline.
There are several jobs used on the CI/CD pipeline. The following list shows all jobs and their purpose. The jobs are executed in the order they are listed.
-
ci_linter
This jobs use the CI lint API to validate the configuration of each jobs.yaml file. -
job_image_scan
Runs only on merge request. This job uses trivy to scan images listed in template files that have been modified. It checks that the image doesn't have any vulnerability. -
code_spell
This job uses codespell to check the spelling of the code. It checks that the code doesn't have any spelling mistake. -
links_checker
This job ensures all links are valid in the documentation.
A scheduled pipeline is triggered at 8 pm each day to launch a full antivirus scan on each jobs. This pipeline triggers 4 jobs :
refresh_job_av_database
Refresh antivirus definition's withfreshclam
command. See the [english documentation(https://help.ubuntu.com/community/ClamAV)(english) or french documentation for more information.generate_job_av
This job is only trigger when a branch is being merged or on a schedule pipeline. Iterates over the jobs to get their image and write a .gitlab-ci.yml that can run a child pipeline in order to use ClamAV for virus detection. The generated .gitlab-ci.yml is launched in the next job.child_job_av
It is launched by the previous job and scan the docker image and warn if they are know virus listed in the database.job_image_scan_schedule
This job scans every image of the hub and warn if they are know vulnerability.
1.job_gitlab_labels
This job retrieve all labels in the project and see if each job has it's own label. If not, it creates it and assign it to the job.
release
This job is like a swiss knife βοΈ and performs many action.
First, it creates a new release within GitLab and print theCHANGELOG
of the created/updated job in the release description.
Then, it sends a discord notification to the#updates
channel.
For python
tools:
- Pylint note >= 9
- Usage of logging
- Usage of argparse when args are required
Format
must be used instead of%s
or string concatenation with+
- Docstring format compliant with Google styleguide
Each tools have their own Pipfile
in their folder to manage their
dependencies. You must install pipenv
to work on them:
pip install pipenv