.gitlab-ci.yml 2.58 KB
Newer Older
tr's avatar
tr committed
1
---
tr's avatar
tr committed
2 3
include:
  - project: 'netlab/apps/base'
tr's avatar
tr committed
4
    file: '/gitlab-ci.build.yml'
tr's avatar
tr committed
5

tr's avatar
tr committed
6
Test Image Base:
tr's avatar
tr committed
7
  extends: .test-image
tr's avatar
tr committed
8 9 10
  image:
    name: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"
    entrypoint: ["/usr/local/bin/entrypoint"]
tr's avatar
tr committed
11
  script:
tr's avatar
tr committed
12
    - cat /etc/nginx/conf.d/default.conf
tr's avatar
tr committed
13 14
    - nginx -t 2>&1 | grep ModSecurity-nginx
    - test -x /usr/local/bin/modsec-rules-check
tr's avatar
tr committed
15
    - test -f /etc/modsecurity/coreruleset/crs-setup.conf
tr's avatar
tr committed
16

tr's avatar
tr committed
17 18
Test Image with Server Name:
  extends: .test-image
tr's avatar
tr committed
19 20 21
  image:
    name: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"
    entrypoint: ["/usr/local/bin/entrypoint"]
tr's avatar
tr committed
22 23 24
  variables:
    SERVER_NAME: "www.example.com"
  script:
tr's avatar
tr committed
25
    - cat /etc/nginx/conf.d/default.conf
tr's avatar
tr committed
26 27 28 29 30
    - nginx -t 2>&1 | grep ModSecurity-nginx
    - grep -E 'server_name.*www.example.com' /etc/nginx/conf.d/default.conf

Test Image TLS key:
  extends: .test-image
tr's avatar
tr committed
31 32 33
  image:
    name: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"
    entrypoint: ["/usr/local/bin/entrypoint"]
tr's avatar
tr committed
34 35 36 37
  variables:
    TLS_KEY: "/etc/pki/tls/private/nginx.key"
    TLS_CERT: "/etc/pki/tls/certs/nginx.pem"
  script:
tr's avatar
tr committed
38
    - cat /etc/nginx/conf.d/default.conf
tr's avatar
tr committed
39 40 41 42 43 44 45 46 47 48
    - nginx -t 2>&1 | grep ModSecurity-nginx
    - test -f /etc/pki/tls/private/nginx.key
    - test -f /etc/pki/tls/certs/nginx.pem
    - grep -E 'listen.*:443.*ssl' /etc/nginx/conf.d/default.conf
    - grep -E 'ssl.*on' /etc/nginx/conf.d/default.conf
    - grep -E 'ssl_certificate_key.*/etc/pki/tls/private/nginx.key' /etc/nginx/conf.d/default.conf
    - grep -E 'ssl_certificate.*/etc/pki/tls/certs/nginx.pem' /etc/nginx/conf.d/default.conf

Test Image Base Backend:
  extends: .test-image
tr's avatar
tr committed
49 50 51
  image:
    name: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"
    entrypoint: ["/usr/local/bin/entrypoint"]
tr's avatar
tr committed
52 53 54
  variables:
    BACKEND: "https://www.example.com/"
  script:
tr's avatar
tr committed
55
    - cat /etc/nginx/conf.d/default.conf
tr's avatar
tr committed
56 57 58 59 60 61 62 63 64 65 66 67 68
    - nginx -t 2>&1 | grep ModSecurity-nginx
    - grep -E 'proxy_ssl_ciphers' /etc/nginx/conf.d/default.conf
    - grep -E 'proxy_ssl_protocols' /etc/nginx/conf.d/default.conf
    - grep -E 'proxy_ssl_session_reuse' /etc/nginx/conf.d/default.conf
    - grep -E 'proxy_ssl_verify.*on' /etc/nginx/conf.d/default.conf
    - grep -E 'proxy_pass.*https://www.example.com/' /etc/nginx/conf.d/default.conf
    - grep -E 'proxy_request_buffering' /etc/nginx/conf.d/default.conf
    - grep -E 'proxy_buffering' /etc/nginx/conf.d/default.conf
    - grep -E 'proxy_cache_use_stale' /etc/nginx/conf.d/default.conf
    - grep -E 'proxy_read_timeout' /etc/nginx/conf.d/default.conf
    - grep -E 'proxy_connect_timeout' /etc/nginx/conf.d/default.conf
    - grep -E 'proxy_send_timeout' /etc/nginx/conf.d/default.conf

tr's avatar
tr committed
69
# vim: set ts=2 sw=2 :