From 8f4f9c6ed34b1552ed3b0f4eb3ffd97dd20fd836 Mon Sep 17 00:00:00 2001
From: Igor Witz <igor.witz@etu.utc.fr>
Date: Wed, 29 May 2019 15:34:55 +0200
Subject: [PATCH] Update decrypt-secrets.sh, .gitlab-ci.yml,
pica-etherpad/clair-whitelist.yml files
---
.gitlab-ci.yml | 6 ++++--
decrypt-secrets.sh | 1 -
pica-etherpad/clair-whitelist.yml | 2 +-
3 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index a7b0430e..54c492ad 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -151,10 +151,11 @@ deployment-test:
- echo "$DEV_DOCKER_CA_CERT" > $DOCKER_CERT_PATH/ca.pem
- echo "$DEV_DOCKER_CLIENT_CERT" > $DOCKER_CERT_PATH/cert.pem
- echo "$DEV_DOCKER_CLIENT_KEY" > $DOCKER_CERT_PATH/key.pem
- script:
+ - if [[ -d "$MODIFIED_IMAGE/secrets" ]]; then ./decrypt-secrets.sh; done
- echo $REGISTRY_PASSWORD | docker login $REGISTRY -u $REGISTRY_USERNAME --password-stdin
- docker pull $REGISTRY/ci-builds/$CI_COMMIT_SHA:latest
- docker tag $REGISTRY/ci-builds/$CI_COMMIT_SHA:latest $MODIFIED_IMAGE_FULL
+ script:
- cd $MODIFIED_IMAGE
- sed -i -e s/picasoft.net/test.picasoft.net/g docker-compose.yml
- if [[ $(docker container ls --format "{{.Names}}" | grep $CONTAINER_NAME) ]]; then docker stop $CONTAINER_NAME | xargs docker rm; fi
@@ -190,10 +191,11 @@ deployment-prod:
- echo "$DOCKER_CA_CERT_VARIABLE" > $DOCKER_CERT_PATH/ca.pem
- echo "$DOCKER_CLIENT_CERT_VARIABLE" > $DOCKER_CERT_PATH/cert.pem
- echo "$DOCKER_CLIENT_KEY_VARIABLE" > $DOCKER_CERT_PATH/key.pem
- script:
+ - if [[ -d "$MODIFIED_IMAGE/secrets" ]]; then ./decrypt-secrets.sh; done
- echo $REGISTRY_PASSWORD | docker login $REGISTRY -u $REGISTRY_USERNAME --password-stdin
- docker pull $REGISTRY/ci-builds/$CI_COMMIT_SHA:latest
- docker tag $REGISTRY/ci-builds/$CI_COMMIT_SHA:latest $MODIFIED_IMAGE_FULL
+ script:
- cd $MODIFIED_IMAGE
- if [[ $(docker container ls --format "{{.Names}}" | grep $CONTAINER_NAME) ]]; then docker stop $CONTAINER_NAME | xargs docker rm; fi
- docker-compose up -d --force-recreate --remove-orphans $CONTAINER_NAME
diff --git a/decrypt-secrets.sh b/decrypt-secrets.sh
index f5081cc7..eaa4d9a3 100644
--- a/decrypt-secrets.sh
+++ b/decrypt-secrets.sh
@@ -19,7 +19,6 @@ echo $SECRETS_PATH
for container_secrets_folder in $SECRETS_PATH/*;
do
CONTAINER_NAME=$(basename $container_secrets_folder)
- echo "decrypt loop"
for encrypted_secret in $container_secrets_folder/*;
do
SECRET_NAME=$(basename $encrypted_secret)
diff --git a/pica-etherpad/clair-whitelist.yml b/pica-etherpad/clair-whitelist.yml
index 4fafe750..3e2f6a71 100644
--- a/pica-etherpad/clair-whitelist.yml
+++ b/pica-etherpad/clair-whitelist.yml
@@ -20,4 +20,4 @@ generalwhitelist:
CVE-2017-12424: shadow -> Pas de contre mesure
CVE-2018-6954: systemd -> Pas de contre mesure
CVE-2018-15686: systemd -> Pas de contre mesure
- CVE-2018-6797: Perl est une dépendance du client mysql et la version non vulnérable dans stretch n'a pas été backportée -> Pas de contre-mesure
\ No newline at end of file
+ CVE-2018-6797: Perl est une dépendance du client mysql et la version non vulnérable dans stretch n'a pas été backportée -> Pas de contre-mesure
\ No newline at end of file
--
GitLab