DevOps

version: 0.1
phases:
    install:
        commands:
            - echo "Entered the install phase..."
        finally:
            - echo "This always runs even if the update or install command fails"
    pre_build:
        commands:
            - echo "Entered the pre_build phase..."
        finally:
            - echo "This always runs even if the login command fails."
    build:
        commands:
            - echo "Entered the build phase..."
            - echo "Build started on `date`"
        finally:
            - echo "This always runs even if the install command fails"
    post_build:
        on-failure: CONTINUE
        commands:
            - echo "Entered the post_build phase..."
            - echo "Build completed on `date`"
            - echo "Running FortiDevSec SAST scanner..."
            - env | grep -E "CODEBUILD_CI|CODEBUILD_BUILD_NUMBER|CODEBUILD_RESOLVED_SOURCE_VERSION" > /tmp/env
            - "docker run --pull always --rm --env-file /tmp/env --mount type=bind,source=$PWD,target=/scan registry.fortidevsec.forticloud.com/fdevsec_sast:latest"

name: sast
on:
	push:
		branches:
			- main 
jobs:
	run-container:
		runs-on:ubuntu-latest
		steps:
			-name:Checkout code 
			  uses:actions/checkout@v2
			-name:Setup JFrog CLI
			  uses:jfrog/setup-jfrog-cli@v3
			env:
				JF_UR:${{ secrets.JF_URL }}
				JF_ACCESS_TOKEN:${{ secrets.JF_ACCESS_TOKEN }}

			-name: Run Docker Container 
			run:|
				env_file=`mktemp`
				env | grep -E "JFROG_CLI_BUILD_NUMBER" > $env_file
				docker run --pull always --rm --mount type=bind,source="$(pwd)",target=/scan registry.fortidevsec.forticloud.com/fdevsec_sast:latest
				rm $env_file
			

name: dast
on:
	push:
		branches:
			- main 
jobs:
	run-container:
		runs-on:ubuntu-latest
		steps:
			-name:Checkout code 
			  uses:actions/checkout@v2
			-name:Setup JFrog CLI
			  uses:jfrog/setup-jfrog-cli@v3
			env:
				JF_UR:${{ secrets.JF_URL }}
				JF_ACCESS_TOKEN:${{ secrets.JF_ACCESS_TOKEN }}

			-name: Run Docker Container 
			run:|
				env_file=`mktemp`
				env | grep -E "JFROG_CLI_BUILD_NUMBER" > $env_file
				docker run --pull always --rm --mount type=bind,source="$(pwd)",target=/scan registry.fortidevsec.forticloud.com/fdevsec_dast:latest
				rm $env_file
			

default:
	image:docker:latest
	
include:
	-remote:"https://releases.jfrog.io/artifactory/jfrog-cli/gitlab/v2/.setup-jfrog-unix.yml"

jfrog-docker-build:
	variables:
		IMAGE_NAME:sample.jfrog.io/jfrog-gitlab-docker/jfrog-docker-example-image:$CI_PIPELINE_IID
		JFROG_CLI_BUILD_NAME:JFROG_CLI_BUILD_NAME
		JFROG_CLI_BUILD_NUMBER:$CI_PIPELINE_IID

	tags:
		-gitlab-org-docker
	services:
		-docker:dind
	script:
		-env_file=`mktemp`
		-env | grep -E "JFROG_CLI_BUILD_NUMBER" > $env_file
		-docker run --pull always --rm --env-file $env_file --mount type=bind,source="$(pwd)",target=/scan registry.fortidevsec.forticloud.com/fdevsec_sast:latest
		-rm $env_file

default:
	image:docker:latest
	
include:
	-remote:"https://releases.jfrog.io/artifactory/jfrog-cli/gitlab/v2/.setup-jfrog-unix.yml"

jfrog-docker-build:
	variables:
		IMAGE_NAME:sample.jfrog.io/jfrog-gitlab-docker/jfrog-docker-example-image:$CI_PIPELINE_IID
		JFROG_CLI_BUILD_NAME:JFROG_CLI_BUILD_NAME
		JFROG_CLI_BUILD_NUMBER:$CI_PIPELINE_IID

	tags:
		-gitlab-org-docker
	services:
		-docker:dind
	script:
		-env_file=`mktemp`
		-env | grep -E "JFROG_CLI_BUILD_NUMBER" > $env_file
		-docker run --pull always --rm --env-file $env_file --mount type=bind,source="$(pwd)",target=/scan registry.fortidevsec.forticloud.com/fdevsec_dast:latest
		-rm $env_file

pipelines:
default:
	- step :
		runs-on:
			- self.hosted 
			- linux 
		name: Build and Scan
		services:
			- docker
		script:
			- env_file=`mktemp`
			- env | grep -E "BITBUCKET_PROJECT_UUID|BITBUCKET_BUILD_NUMBER|BITBUCKET_BRANCH|BITBUCKET_COMMIT" > $env_file
			- docker run --pull always --rm --env-file $env_file -v "$(pwd)":/scan registry.fortidevsec.forticloud.com/fdevsec_sast:latest
			-rm $env_file 

pipelines:
default:
	- step :
		runs-on:
			- self.hosted 
			- linux 
		name: Build and Scan
		services:
			- docker
		script:
			- env_file=`mktemp`
			- env | grep -E "BITBUCKET_PROJECT_UUID|BITBUCKET_BUILD_NUMBER|BITBUCKET_BRANCH|BITBUCKET_COMMIT" > $env_file
			- docker run --pull always --rm --env-file $env_file -v "$(pwd)":/scan registry.fortidevsec.forticloud.com/fdevsec_dast:latest
			-rm $env_file