ci: render

Rendered by https://gitlab.com/developerdurp/yml/-/pipelines/1353690986

job-templates.tpl.yml

@@ -11,29 +11,20 @@ workflow:
 
 render-job-templates-yml:
   stage: render
-  image:  registry.durp.info/debian:bullseye-slim
+  image: registry.internal.durp.info/debian:bullseye-slim
   script:
     - ./scripts/install-curl.sh
     - ./scripts/install-git.sh
     - ./scripts/install-yq.sh
     - ./scripts/render-job-templates.sh
     - ./scripts/commit-and-push-changes.sh
-  rules:
-    - if: $CI_COMMIT_BRANCH
-      changes:
-        - .gitlab-ci.yml
-        - scripts/**
-        - templates/**        
-        - job-templates.yml
-        - job-templates.tpl.yml
 
 render-pipelines-to-branch:
   stage: render
+  image: registry.internal.durp.info/debian:bullseye-slim
   script:
     - ./scripts/install-curl.sh
     - ./scripts/install-git.sh
     - ./scripts/install-yq.sh  
     - ./scripts/render-pipelines-branch.sh
     - ./scripts/commit-and-push-changes.sh
-  rules:
-    - if: $CI_COMMIT_BRANCH =~ /^release*/

job-templates.yml

@@ -12,7 +12,7 @@ workflow:
     - if: '$CI_COMMIT_BRANCH && $CI_SCRIPTS_SKIP_PIPELINE != "true"'
 render-job-templates-yml:
   stage: render
-  image: registry.durp.info/debian:bullseye-slim
+  image: registry.internal.durp.info/debian:bullseye-slim
   script:
     # Begin of install-curl.sh
     - |
@@ -31,7 +31,7 @@ render-job-templates-yml:
     # End of install-yq.sh
 
     # Begin of render-job-templates.sh
-    - "# render job-templates.yml from job-templates.tpl.yml\nset -euo pipefail\nfor script in scripts/*.sh; do\n  awk -v script_name=\"$(basename \"$script\")\" '\n  NR==1 && /^#!/ {printf(\"# Begin of %s\\n\",script_name); next}   # strip shebang in first line, print head comment\n  /^\\s*$/ {next}         # strip any newlines or whitespace\n  /^#%%MULTILINE_YAML_START$/ { print \"- |\"; multiline=1; next } # detect start of multiline yaml block, print \"- |\" into output yml\n  /^#%%MULTILINE_YAML_END$/ { multiline=0; next }                # detect end   of multiline yaml block\n  multiline==1 {printf(\"  %s\\n\",$0)}                             # print indented script of multiline yaml block\n  multiline==0 {printf(\"- !!str %s\\n\",$0)}                       # not in multiline yaml, just print with \"- !!str\" (explicit yaml tag to avoid any quoting)\n  END { printf(\"# End of %s\\n\",script_name) }                    # print trailing comment\n  ' \"$script\" >\"$script.yml\"\ndone\n# start with copy and then edit in place using yq -i\ncat <<EOF >job-templates.yml\n### WARNING ###\n### THIS FILE IS RENDERED! DO NOT EDIT! ANY CHANGE WILL BE REVERTED BY RENDERING PIPELINE\n### Edit the template file job-templates.tpl.yml instead!\nEOF\ncat job-templates.tpl.yml >> job-templates.yml\n# shellcheck disable=SC2016 # \"unquoted $ warning\"\n./yq -i '(.[] | select(keys | .[] | select(tag == \"!!str\") | test(\"^(before_|after_|)script$\")) | .\"*script\") ref $scripts\n       | ($scripts | .. | select(. == \"./scripts/*.sh\")) |= (load(. + \".yml\") | .[] style=\"\")\n       | ($scripts | .[] | select(type == \"!reference\")) |= ([.] | . style=\"flow\")\n       | ($scripts | select(type == \"!!seq\")) |= flatten(1)\n       | explode .\n        ' job-templates.yml\nfor template in templates/*.tpl.yml\n  do \n    export pipeline=$(basename $template | sed \"s/.tpl//\")\n    cat $template > jobs/$pipeline \n    ./yq -i '(.[] | select(keys | .[] | select(tag == \"!!str\") | test(\"^(before_|after_|)script$\")) | .\"*script\") ref $scripts\n    | ($scripts | .. | select(. == \"./scripts/*.sh\")) |= (load(. + \".yml\") | .[] style=\"\")\n    | ($scripts | .[] | select(type == \"!reference\")) |= ([.] | . style=\"flow\")\n    | ($scripts | select(type == \"!!seq\")) |= flatten(1)\n    | explode .\n    ' jobs/$pipeline\ndone\n"
+    - "# render job-templates.yml from job-templates.tpl.yml\nset -euo pipefail\nfor pwsh in  $(find ./scripts -name '*.ps1'); do\n  script=$(cat $pwsh)\n  sh_file=\"${pwsh%.ps1}.sh\"\n     \n  # Escape double quotes and dollar signs\n  script=\"${script//\\\"/\\\\\\\"}\"\n  script=\"${script//\\$/\\\\\\$}\"\n  pwsh_command=\"pwsh -c \\\"$script\\\"\"\n  echo '#!/usr/bin/env bash' > \"$sh_file\"\n  echo '#%%MULTILINE_YAML_START' >> \"$sh_file\"\n  echo \"$pwsh_command\" >> \"$sh_file\"\ndone\nfor script in $(find ./scripts -name '*.sh'); do\n  awk -v script_name=\"$(basename \"$script\")\" '\n  NR==1 && /^#!/ {printf(\"# Begin of %s\\n\",script_name); next}   # strip shebang in first line, print head comment\n  /^\\s*$/ {next}         # strip any newlines or whitespace\n  /^#%%MULTILINE_YAML_START$/ { print \"- |\"; multiline=1; next } # detect start of multiline yaml block, print \"- |\" into output yml\n  /^#%%MULTILINE_YAML_END$/ { multiline=0; next }                # detect end   of multiline yaml block\n  multiline==1 {printf(\"  %s\\n\",$0)}                             # print indented script of multiline yaml block\n  multiline==0 {printf(\"- !!str %s\\n\",$0)}                       # not in multiline yaml, just print with \"- !!str\" (explicit yaml tag to avoid any quoting)\n  END { printf(\"# End of %s\\n\",script_name) }                    # print trailing comment\n  ' \"$script\" >\"$script.yml\"\ndone\n# start with copy and then edit in place using yq -i\ncat <<EOF >job-templates.yml\n### WARNING ###\n### THIS FILE IS RENDERED! DO NOT EDIT! ANY CHANGE WILL BE REVERTED BY RENDERING PIPELINE\n### Edit the template file job-templates.tpl.yml instead!\nEOF\ncat job-templates.tpl.yml >> job-templates.yml\n# shellcheck disable=SC2016 # \"unquoted $ warning\"\n./yq -i '(.[] | select(keys | .[] | select(tag == \"!!str\") | test(\"^(before_|after_|)script$\")) | .\"*script\") ref $scripts\n       | ($scripts | .. | select(. == \"./scripts/*.sh\")) |= (load(. + \".yml\") | .[] style=\"\")\n       | ($scripts | .[] | select(type == \"!reference\")) |= ([.] | . style=\"flow\")\n       | ($scripts | select(type == \"!!seq\")) |= flatten(1)\n       | explode .\n        ' job-templates.yml\nfor template in templates/*.tpl.yml\n  do \n    export pipeline=$(basename $template | sed \"s/.tpl//\")\n    cat $template > jobs/$pipeline \n    ./yq -i '(.[] | select(keys | .[] | select(tag == \"!!str\") | test(\"^(before_|after_|)script$\")) | .\"*script\") ref $scripts\n    | ($scripts | .. | select(. == \"./scripts/*.sh\")) |= (load(. + \".yml\") | .[] style=\"\")\n    | ($scripts | .[] | select(type == \"!reference\")) |= ([.] | . style=\"flow\")\n    | ($scripts | select(type == \"!!seq\")) |= flatten(1)\n    | explode .\n    ' jobs/$pipeline\ndone\n"
     # End of render-job-templates.sh
 
     # Begin of commit-and-push-changes.sh
@@ -47,16 +47,9 @@ render-job-templates-yml:
       git push -o ci.variable="CI_SCRIPTS_SKIP_PIPELINE=true" "https://oauth2:${GITLAB_TOKEN}@${CI_SERVER_HOST}/${CI_PROJECT_PATH}.git" "HEAD:$CI_COMMIT_BRANCH"
       curl --silent --fail --request POST --form token="$CI_JOB_TOKEN" --form ref="$CI_COMMIT_BRANCH" "$CI_API_V4_URL/projects/$CI_PROJECT_ID/trigger/pipeline" >/dev/null
     # End of commit-and-push-changes.sh
-  rules:
-    - if: $CI_COMMIT_BRANCH
-      changes:
-        - .gitlab-ci.yml
-        - scripts/**
-        - templates/**
-        - job-templates.yml
-        - job-templates.tpl.yml
 render-pipelines-to-branch:
   stage: render
+  image: registry.internal.durp.info/debian:bullseye-slim
   script:
     # Begin of install-curl.sh
     - |
@@ -91,5 +84,3 @@ render-pipelines-to-branch:
       git push -o ci.variable="CI_SCRIPTS_SKIP_PIPELINE=true" "https://oauth2:${GITLAB_TOKEN}@${CI_SERVER_HOST}/${CI_PROJECT_PATH}.git" "HEAD:$CI_COMMIT_BRANCH"
       curl --silent --fail --request POST --form token="$CI_JOB_TOKEN" --form ref="$CI_COMMIT_BRANCH" "$CI_API_V4_URL/projects/$CI_PROJECT_ID/trigger/pipeline" >/dev/null
     # End of commit-and-push-changes.sh
-  rules:
-    - if: $CI_COMMIT_BRANCH =~ /^release*/

jobs/codescan.yml

@@ -0,0 +1,58 @@
+.generate_sbom:
+  image: registry.internal.durp.info/nixos/nix:latest
+  script:
+    # Begin of syft-install.sh
+    - |
+      #Syft install
+      nix-env -iA nixpkgs.syft
+    # End of syft-install.sh
+
+    # Begin of syft-mkdir.sh
+    - |
+      #mkdir for syft files
+      mkdir $CI_PROJECT_DIR/syft
+    # End of syft-mkdir.sh
+
+    # Begin of syft-go.sh
+    - |
+      #Syft scan for go
+      if [ -f "go.mod" ]; then
+          syft go.mod -o cyclonedx-json=syft/${CI_PROJECT_NAME}.sbom.json
+      fi
+    # End of syft-go.sh
+
+    # Begin of syft-docker.sh
+    - |
+      #Syft scan for docker
+      for i in packages/*.tar.gz;
+      do filename=${i%.*.*.*.tar.gz};
+        filename="$(basename -- "$filename")"
+        syft $i -o cyclonedx-json=syft/$filename.docker.sbom.json;
+      done
+    # End of syft-docker.sh
+  artifacts:
+    expire_in: 1 hour
+    paths:
+      - $CI_PROJECT_DIR/syft
+.generate_cve:
+  image: registry.internal.durp.info/nixos/nix:latest
+  script:
+    # Begin of grype-install.sh
+    - |
+      #Syft install
+      nix-env -iA nixpkgs.grype
+    # End of grype-install.sh
+
+    # Begin of grype.sh
+    - |
+      #grype scan sboms
+      for i in syft/*.sbom.json;
+      do filename=${i%*.sbom.json};
+        filename=${filename##/};
+        grype $i -o json --file $filename.cve.json;
+      done
+    # End of grype.sh
+  artifacts:
+    expire_in: 1 hour
+    paths:
+      - $CI_PROJECT_DIR/syft

jobs/docker.yml

@@ -1,5 +1,5 @@
 .docker-build-container:
-  image: registry.durp.info/docker:20.10.17
+  image: registry.internal.durp.info/docker:20.10.17
   variables:
     DOCKER_DRIVER: overlay2
     DOCKER_TLS_CERTDIR: ""
@@ -21,3 +21,64 @@
       docker push "$CI_REGISTRY/$CI_PROJECT_PATH:latest"
       docker push "$CI_REGISTRY/$CI_PROJECT_PATH:$VERSION"
     # End of docker-build.sh
+.docker_build:
+  image: registry.internal.durp.info/docker:20.10.17
+  variables:
+    DOCKER_DRIVER: overlay2
+    DOCKER_TLS_CERTDIR: ""
+    DOCKER_HOST: tcp://127.0.0.1:2375/
+  services:
+    - name: docker:dind
+      entrypoint: ["dockerd-entrypoint.sh", "--tls=false"]
+  script:
+    # Begin of version.sh
+    - |
+      #check for Version variable
+      if [ -z "${VERSION}" ]; then
+          # If not, assign a default value
+          VERSION=$CI_COMMIT_SHORT_SHA
+      fi
+    # End of version.sh
+
+    # Begin of build.sh
+    - |
+      #Build Docker Container
+      mkdir $CI_PROJECT_DIR/packages
+      containername=$(echo "$PROJECT_NAME" | awk '{print tolower($0)}')
+      docker build -t $containername .
+      docker save -o $CI_PROJECT_DIR/packages/$containername.$VERSION.tar.gz $containername
+    # End of build.sh
+  artifacts:
+    expire_in: 1 hour
+    paths:
+      - $CI_PROJECT_DIR/packages
+.docker_push_gitlab:
+  image: registry.internal.durp.info/docker:20.10.17
+  variables:
+    DOCKER_DRIVER: overlay2
+    DOCKER_TLS_CERTDIR: ""
+    DOCKER_HOST: tcp://127.0.0.1:2375/
+  services:
+    - name: docker:dind
+      entrypoint: ["dockerd-entrypoint.sh", "--tls=false"]
+  script:
+    # Begin of login.sh
+    - |
+      #Docker Login
+      docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY/$CI_PROJECT_PATH
+    # End of login.sh
+
+    # Begin of push-gitlab.sh
+    - |
+      #Push container to gitlab
+      containername=$(echo "$PROJECT_NAME" | awk '{print tolower($0)}')
+      if echo "$VERSION" | grep -Eq '^[0-9]+(\.[0-9]+)*$'; then
+        tag="latest"
+      else
+        tag="dev"
+      fi
+      docker import $CI_PROJECT_DIR/packages/$containername.$VERSION.tar.gz $CI_REGISTRY/$CI_PROJECT_PATH:$VERSION
+      docker import $CI_PROJECT_DIR/packages/$containername.$VERSION.tar.gz $CI_REGISTRY/$CI_PROJECT_PATH:$tag
+      docker push "$CI_REGISTRY/$CI_PROJECT_PATH:$VERSION"
+      docker push "$CI_REGISTRY/$CI_PROJECT_PATH:$tag"
+    # End of push-gitlab.sh

jobs/gitlab.yml

@@ -0,0 +1,80 @@
+.gitlab-move-files:
+  image: registry.internal.durp.info/debian:latest
+  script:
+    # Begin of movefiles.sh
+    - |
+      #move files to output
+      mkdir $CI_PROJECT_DIR/output
+      for i in $(echo $PROJECT_NAME | tr ";" "\n");
+        do mkdir $CI_PROJECT_DIR/output/$i;
+        cp -r $CI_PROJECT_DIR/$i $CI_PROJECT_DIR/output/;
+        done
+    # End of movefiles.sh
+  artifacts:
+    expire_in: 1 hour
+    paths:
+      - $CI_PROJECT_DIR/output
+.gitlab-deploy:
+  stage: deploy
+  image: mcr.microsoft.com/powershell:latest
+  script:
+    # Begin of update-chart.sh
+    - |
+      pwsh -c "Install-Module -Name powershell-yaml -Confirm:\$false -Force
+      \$template = (Invoke-RestMethod -Headers @{ 'PRIVATE-TOKEN'= \$ENV:GITLAB_TOKEN } -Uri \"https://gitlab.com/api/v4/projects/45028985/repository/files/durpapi%2FChart.yaml/raw?ref=main\") | ConvertFrom-Yaml
+      \$template.version = \$ENV:VERSION
+      \$body = @{
+        branch = \"main\"
+        commit_message = \"Update Chart\"
+        content = \"\$(\$template | convertto-yaml)\"
+      } | ConvertTo-Json
+      Invoke-RestMethod -Headers @{ 'PRIVATE-TOKEN'= \$ENV:GITLAB_TOKEN } -ContentType \"application/json\" -Method Put -body \$body -Uri \"https://gitlab.com/api/v4/projects/45028985/repository/files/durpapi%2FChart.yaml\""
+    # End of update-chart.sh
+  environment:
+    name: production
+    url: https://api.durp.info/goapi
+  rules:
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/'
+      when: manual
+  needs:
+    - job: version
+      artifacts: true
+.generate-config:
+  stage: build
+  needs:
+    - job: version
+      artifacts: true
+  script:
+    # Begin of create-environment.sh
+    - |
+      #test deployment
+      echo "
+      $VERSION:
+        stage: deploy
+        image: mcr.microsoft.com/powershell:latest
+        script:
+      " >> generated-config.yml
+      echo '
+          - |
+            pwsh -c "Install-Module -Name powershell-yaml -Confirm:\$false -Force
+            \$template = (Invoke-RestMethod -Headers @{ \"PRIVATE-TOKEN\"= \$ENV:GITLAB_TOKEN } -Uri \"\$ENV:CI_API_V4_URL/projects/\$ENV:GITLAB_PROJECT_ID/repository/files/\$ENV:GITLAB_CHART_PATH/raw?ref=\$ENV:ENVIRONMENT\") | ConvertFrom-Yaml
+            \$template.version = \$ENV:VERSION
+            \$body = @{
+              branch = \"\$ENV:ENVIRONMENT\"
+              commit_message = \"Update Chart\"
+              content = \"\$(\$template | convertto-yaml)\"
+            } | ConvertTo-Json
+            Invoke-RestMethod -Headers @{ \"PRIVATE-TOKEN\"= \$ENV:GITLAB_TOKEN } -ContentType \"application/json\" -Method Put -body \$body -Uri \"\$ENV:CI_API_V4_URL/projects/\$ENV:GITLAB_PROJECT_ID/repository/files/\$ENV:GITLAB_CHART_PATH\""
+        needs:
+          - pipeline: $PARENT_PIPELINE_ID
+            job: version
+      ' >> generated-config.yml
+      echo "
+        environment:
+          name: $ENVIRONMENT
+      " >> generated-config.yml
+    # End of create-environment.sh
+  artifacts:
+    expire_in: never
+    paths:
+      - generated-config.yml

jobs/golang.yml

@@ -1,19 +1,20 @@
-.golang-build-api:
+.golang-build:
   variables:
-    GOPROXY: https://nexus.durp.info/repository/go/
+  #GOPROXY: https://nexus.durp.info/repository/go/
-  image: registry.durp.info/golang:1.20
+  image: registry.internal.durp.info/golang:${GO_VERSION}
   script:
-    # Begin of golang-build-api.sh
+    # Begin of golang-build.sh
-    - "#Build golang api\nexport GOPATH=/go\nexport PATH=$PATH:$GOPATH/bin\nmkdir output\ngo install \ngo install github.com/swaggo/swag/cmd/swag@v1.8.12 \nswag init\nCGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o ./output/main .\n"
+    - "#Build golang project\nexport GOPATH=/go\nexport PATH=$PATH:$GOPATH/bin\nmkdir output\n#go install \ngo mod download\n# Check if go.mod contains \"swag\"\nif grep -q \"swag\" go.mod; then\n    echo \"Found 'swag' in go.mod. Running swag init...\"\n    go install github.com/swaggo/swag/cmd/swag@latest\n    swag init --parseDependency\nfi\nCGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o ./output/main .\n"
-    # End of golang-build-api.sh
+    # End of golang-build.sh
   artifacts:
     expire_in: 1 hour
     paths:
       - $CI_PROJECT_DIR/output
 .golang-lint:
   variables:
-    GOPROXY: https://nexus.durp.info/repository/go/
+    #GOPROXY: https://nexus.durp.info/repository/go/
-  image: registry.durp.info/golangci/golangci-lint:latest
+    CGO_ENABLED: 0
+  image: registry.internal.durp.info/golangci/golangci-lint:${GOLANGCI_LINT_VERISON}
   script:
     # Begin of golang-lint.sh
     - |

jobs/helm.yml

@@ -1,12 +1,6 @@
-.helm-createchart:
+.helm-build:
-  image: registry.durp.info/dtzar/helm-kubectl
+  image: registry.internal.durp.info/dtzar/helm-kubectl
   script:
-    # Begin of helm-addrepo.sh
-    - |
-      #Helm repo add
-      helm repo add --username gitlab-ci-token --password ${CI_JOB_TOKEN} ${CI_PROJECT_NAME} ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable
-    # End of helm-addrepo.sh
-
     # Begin of helm-package.sh
     - |
       #Helm Package
@@ -17,6 +11,18 @@
         fi
       done
     # End of helm-package.sh
+  artifacts:
+    expire_in: 1 hour
+    paths:
+      - $CI_PROJECT_DIR/packages
+.helm-push:
+  image: registry.internal.durp.info/dtzar/helm-kubectl
+  script:
+    # Begin of helm-addrepo.sh
+    - |
+      #Helm repo add
+      helm repo add --username gitlab-ci-token --password ${CI_JOB_TOKEN} ${CI_PROJECT_NAME} ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable
+    # End of helm-addrepo.sh
 
     # Begin of helm-push.sh
     - "#Helm Push    \n    \nhelm plugin install https://github.com/chartmuseum/helm-push\nfor chart in packages/*; do\n    helm cm-push ./$chart ${CI_PROJECT_NAME}\ndone\n"

jobs/nuget.yml

@@ -0,0 +1,11 @@
+.nuget_push:
+  image: registry.internal.durp.info/dotnet/core/sdk:latest
+  script:
+    # Begin of push.sh
+    - |
+      #Nuget Push
+      dotnet nuget add source "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/nuget/index.json" --name gitlab --username gitlab-ci-token --password $CI_JOB_TOKEN --store-password-in-clear-text
+      for i in $(echo $PROJECT_NAME | tr ";" "\n");
+        do dotnet nuget push "${CI_PROJECT_DIR}/packages/$i.$VERSION.nupkg" --source gitlab;
+      done
+    # End of push.sh

jobs/octopus.yml

@@ -0,0 +1,24 @@
+.octo_package:
+  image: registry.internal.durp.info/octopusdeploy/octo:latest
+  script:
+    # Begin of pack.sh
+    - |
+      #Package with octopus
+      mkdir $CI_PROJECT_DIR/packages
+      for dir in ./output/*/;
+      do dir=${dir%*/};
+          dir=${dir##*/};
+          dotnet /octo/octo.dll pack --id=$dir --version=$VERSION --outFolder=$CI_PROJECT_DIR/packages --basePath=$CI_PROJECT_DIR/output/$dir;
+      done
+    # End of pack.sh
+  artifacts:
+    paths:
+      - $CI_PROJECT_DIR/packages
+.octo_release:
+  image: registry.internal.durp.info/octopusdeploy/octo:latest
+  script:
+    # Begin of create_release.sh
+    - |
+      #Octopus Create Release
+      dotnet /octo/octo.dll create-release --project=$OCTO_PROJECT_NAME --releaseNumber=$VERSION --server=https://octopus.internal.durp.info/ --apiKey=$OCTOAPI --packagesFolder=$CI_PROJECT_DIR/packages --gitRef main
+    # End of create_release.sh

jobs/sonarqube.yml

@@ -3,7 +3,7 @@
     SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache
     GIT_DEPTH: "0" # Tells git to fetch all the branches of the project, required by the analysis task
   image:
-    name: registry.durp.info/sonarsource/sonar-scanner-cli:latest
+    name: registry.internal.durp.info/sonarsource/sonar-scanner-cli:latest
     entrypoint: [""]
   cache:
     key: "${CI_JOB_NAME}"

jobs/terraform.yml

@@ -0,0 +1,83 @@
+.terraform_fmt:
+  script:
+    # Begin of cd-workdir.sh
+    - |
+      #change directory
+      cd $WORKDIR
+    # End of cd-workdir.sh
+
+    # Begin of fmt.sh
+    - |
+      #Terraform fmt
+      tofu fmt -diff -check -write=false
+    # End of fmt.sh
+.terraform_validate:
+  script:
+    # Begin of cd-workdir.sh
+    - |
+      #change directory
+      cd $WORKDIR
+    # End of cd-workdir.sh
+
+    # Begin of init.sh
+    - "#Terraform init    \ntofu init -reconfigure -backend-config=\"address=${GITLAB_TF_ADDRESS}\" -backend-config=\"lock_address=${GITLAB_TF_ADDRESS}/lock\" -backend-config=\"unlock_address=${GITLAB_TF_ADDRESS}/lock\" -backend-config=\"username=gitlab-ci-token\" -backend-config=\"password=${CI_JOB_TOKEN}\" -backend-config=\"lock_method=POST\" -backend-config=\"unlock_method=DELETE\" -backend-config=\"retry_wait_min=5\"  \n"
+    # End of init.sh
+
+    # Begin of validate.sh
+    - "#Terraform validate\ntofu validate    \n"
+    # End of validate.sh
+.terraform_plan:
+  variables:
+    PLAN: plan.tfplan
+    JSON_PLAN_FILE: tfplan.json
+  script:
+    # Begin of cd-workdir.sh
+    - |
+      #change directory
+      cd $WORKDIR
+    # End of cd-workdir.sh
+
+    # Begin of init.sh
+    - "#Terraform init    \ntofu init -reconfigure -backend-config=\"address=${GITLAB_TF_ADDRESS}\" -backend-config=\"lock_address=${GITLAB_TF_ADDRESS}/lock\" -backend-config=\"unlock_address=${GITLAB_TF_ADDRESS}/lock\" -backend-config=\"username=gitlab-ci-token\" -backend-config=\"password=${CI_JOB_TOKEN}\" -backend-config=\"lock_method=POST\" -backend-config=\"unlock_method=DELETE\" -backend-config=\"retry_wait_min=5\"  \n"
+    # End of init.sh
+
+    # Begin of plan.sh
+    - "#Terraform plan    \napk add --update curl jq \nalias convert_report=\"jq -r '([.resource_changes[].change.actions?]|flatten)|{\\\"create\\\":(map(select(.==\\\"create\\\"))|length),\\\"update\\\":(map(select(.==\\\"update\\\"))|length),\\\"delete\\\":(map(select(.==\\\"delete\\\"))|length)}'\"\ntofu plan -out=$PLAN $ARGUMENTS\ntofu show --json $PLAN | jq -r '([.resource_changes[].change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}' > $JSON_PLAN_FILE\n"
+    # End of plan.sh
+  artifacts:
+    reports:
+      terraform: $WORKDIR/$JSON_PLAN_FILE
+.terraform_apply:
+  script:
+    # Begin of cd-workdir.sh
+    - |
+      #change directory
+      cd $WORKDIR
+    # End of cd-workdir.sh
+
+    # Begin of init.sh
+    - "#Terraform init    \ntofu init -reconfigure -backend-config=\"address=${GITLAB_TF_ADDRESS}\" -backend-config=\"lock_address=${GITLAB_TF_ADDRESS}/lock\" -backend-config=\"unlock_address=${GITLAB_TF_ADDRESS}/lock\" -backend-config=\"username=gitlab-ci-token\" -backend-config=\"password=${CI_JOB_TOKEN}\" -backend-config=\"lock_method=POST\" -backend-config=\"unlock_method=DELETE\" -backend-config=\"retry_wait_min=5\"  \n"
+    # End of init.sh
+
+    # Begin of apply.sh
+    - |
+      #Terraform validate
+      tofu apply -auto-approve $ARGUMENTS
+    # End of apply.sh
+.terraform_destroy:
+  script:
+    # Begin of cd-workdir.sh
+    - |
+      #change directory
+      cd $WORKDIR
+    # End of cd-workdir.sh
+
+    # Begin of init.sh
+    - "#Terraform init    \ntofu init -reconfigure -backend-config=\"address=${GITLAB_TF_ADDRESS}\" -backend-config=\"lock_address=${GITLAB_TF_ADDRESS}/lock\" -backend-config=\"unlock_address=${GITLAB_TF_ADDRESS}/lock\" -backend-config=\"username=gitlab-ci-token\" -backend-config=\"password=${CI_JOB_TOKEN}\" -backend-config=\"lock_method=POST\" -backend-config=\"unlock_method=DELETE\" -backend-config=\"retry_wait_min=5\"  \n"
+    # End of init.sh
+
+    # Begin of destroy.sh
+    - |
+      #Terraform validate
+      tofu destroy -auto-approve $ARGUMENTS
+    # End of destroy.sh

jobs/version.yml

@@ -1,9 +1,9 @@
 .version:
-  image: registry.durp.info/gittools/gitversion:5.12.0
+  image: registry.internal.durp.info/gittools/gitversion:5.12.0
   variables:
     GIT_DEPTH: "0"
   script:
-    # Begin of version-number.sh
+    # Begin of version.sh
     - |
       #Check for configuration
       echo "mode: ContinuousDeployment
@@ -37,7 +37,8 @@
       version=$(/tools/dotnet-gitversion /showvariable NuGetVersionV2)
       echo "VERSION=$version" >> version.env
       cat version.env
-    # End of version-number.sh
+    # End of version.sh
   artifacts:
+    expire_in: never
     reports:
       dotenv: version.env

pipeline.yml

@@ -0,0 +1,21 @@
+stages:
+  - deploy
+
+variables:
+  GO_VERSION: "1.22"
+  GOLANGCI_LINT_VERISON: "v1.58.0"
+  UPLOAD_PACKAGE: "false"
+
+build_go:
+  stage: deploy
+  allow_failure: false
+  trigger: 
+    include: 
+    - project: 'developerdurp/yml'
+      ref: 'main'
+      file:
+        - 'pipelines/go-build.yml'
+    strategy: depend
+  rules:
+    - exists:
+      - "go.mod"  

pipelines/docker-build-generic.yml

@@ -0,0 +1,47 @@
+stages:
+  - build
+  - package
+  - publish
+
+include:
+  - template: Security/Secret-Detection.gitlab-ci.yml
+  - project: 'developerdurp/yml'
+    ref: 'main'
+    file: 
+      - 'jobs/docker.yml'
+      - 'jobs/version.yml'
+
+secret_detection:
+  stage: .pre
+  rules:
+    - when: always
+  allow_failure: false
+
+version:
+  extends: .version
+  stage: .pre
+  rules:
+    - when: always
+
+build_container: 
+  extends: .docker-build-container
+  stage: build
+  artifacts:
+    paths:
+     - $CI_PROJECT_DIR/packages
+  needs: 
+    - job: version
+      artifacts: true
+
+#publish_container:
+#  extends: .docker_push_gitlab
+#  stage: publish
+#  needs: 
+#    - job: version
+#      artifacts: true
+#    - job: build_container
+#      artifacts: true
+#  rules:
+#    - if: $CI_COMMIT_BRANCH =~ '/^release/'
+#    - if: $CI_COMMIT_BRANCH =~ 'main'
+#    - when: never

pipelines/gitlab_generic_packages.yml

@@ -0,0 +1,63 @@
+stages:
+  - build
+  - package
+  - publish
+
+include:
+  - project: 'developerdurp/yml'
+    ref: 'main'
+    file: 
+      - 'jobs/octopus.yml'
+      - 'jobs/version.yml'
+      - 'jobs/nuget.yml'
+      - 'jobs/gitlab.yml'
+
+version:
+  extends: .version
+  stage: .pre
+  rules:
+    - when: always
+
+build: 
+  extends: .gitlab-move-files 
+  stage: build
+
+package:
+  extends: .octo_package
+  stage: package
+  needs: 
+    - job: build
+      artifacts: true
+    - job: version
+      artifacts: true
+  rules:
+    - if: $CI_COMMIT_BRANCH =~ '/^release/'
+    - if: $CI_COMMIT_BRANCH =~ 'main'
+    - when: never
+
+upload:
+  extends: .nuget_push
+  stage: package
+  needs: 
+    - job: version
+      artifacts: true
+    - job: package
+      artifacts: true
+  rules:
+    - if: $CI_COMMIT_BRANCH =~ '/^release/'
+    - if: $CI_COMMIT_BRANCH =~ 'main'
+    - when: never
+
+publish:
+  extends: .octo_release
+  stage: publish
+  needs: 
+    - job: package
+      artifacts: true
+    - job: version
+      artifacts: true
+    - job: upload
+  rules:
+    - if: $CI_COMMIT_BRANCH =~ '/^release/'
+    - if: $CI_COMMIT_BRANCH =~ 'main'
+    - when: never

pipelines/go-build.yml

@@ -0,0 +1,61 @@
+stages:
+  - build
+  - validate
+  - publish 
+
+include:
+  - template: Security/Secret-Detection.gitlab-ci.yml
+  - project: 'developerdurp/yml'
+    ref: 'main'
+    file: 
+      - 'jobs/golang.yml'
+      - 'jobs/golang.yml'
+      - 'jobs/docker.yml'
+      - 'rules/rules.yml'
+      - 'pipelines/templates/security.yml'
+
+golang-lint:
+  extends: .golang-lint
+  stage: validate
+  rules:
+    - !reference [.mr_only_rules, rules]
+
+docker-build:
+  extends: .docker-build-container
+  stage: build
+  needs:
+    - job: gobuild
+      artifacts: true
+    - pipeline: $PARENT_PIPELINE_ID
+      job: version
+  rules:
+    - !reference [.docker_rules, rules]
+
+gobuild:
+  variables:
+    GOPROXY: https://nexus.durp.info/repository/go/
+  extends: .golang-build
+  stage: build
+  rules:
+    - !reference [.default_mr_rules, rules]
+
+      #docker-build:
+      #  extends: .docker_build
+      #  stage: build
+      #  needs:
+      #    - job: gobuild
+      #      artifacts: true
+      #    - pipeline: $PARENT_PIPELINE_ID
+      #      job: version
+      #  rules:
+      #    - !reference [.docker_rules, rules]
+      #docker-push:
+      #  extends: .docker_push_gitlab
+      #  stage: publish
+      #  needs:
+      #    - job: docker-build
+      #      artifacts: true
+      #    - pipeline: $PARENT_PIPELINE_ID
+      #      job: version
+      #  rules:
+      #    - !reference [.docker_publish_rules, rules]

pipelines/golang.yml

@@ -1,56 +0,0 @@
-stages:
-  - build
-  - package
-  - publish 
-
-include:
-  - project: 'developerdurp/yml'
-    ref: 'release/1.0.0'
-    file: 
-      - 'jobs/version.yml'
-      - 'jobs/sonarqube.yml'
-      - 'jobs/golang.yml'
-      - 'jobs/docker.yml'
-      - 'jobs/helm.yml'
-
-version:
-  extends: .version
-  stage: .pre
-  rules:
-    - if: $CI_COMMIT_REF_NAME == 'main'
-
-sonarqube:
-  extends: .sonarcloud-check
-  stage: .pre
-  rules:
-    - if: $CI_COMMIT_REF_NAME == 'main' || $CI_PIPELINE_SOURCE == 'merge_request_event'
-
-golang-lint:
-  extends: .golang-lint
-  stage: .pre
-
-gobuild:
-  extends: .golang-build-api
-  stage: build
-
-docker:
-  extends: .docker-build-container
-  stage: publish
-  needs:
-    - job: gobuild
-      artifacts: true
-    - job: version
-      artifacts: true        
-  rules:
-    - if: $CI_COMMIT_REF_NAME == 'main'
-
-helm:
-  extends: .helm-createchart
-  stage: publish
-  needs:
-    - job: gobuild
-      artifacts: false
-    - job: version
-      artifacts: true      
-  rules:
-    - if: $CI_COMMIT_REF_NAME == 'main'

pipelines/helm.yml

@@ -0,0 +1,39 @@
+stages:
+  - build  
+  - publish 
+
+include:
+  - project: 'developerdurp/yml'
+    ref: 'main'
+    file: 
+      - 'jobs/version.yml'
+      - 'jobs/helm.yml'
+
+version:
+  extends: .version
+  stage: .pre
+  rules:
+    - if: $CI_COMMIT_REF_NAME == 'main'
+    - if: $CI_COMMIT_BRANCH =~ '/^release/'
+
+helm-build:
+  extends: .helm-build
+  stage: build
+  needs:
+    - job: version
+      artifacts: true      
+  rules:
+    - if: $CI_COMMIT_REF_NAME == 'main'
+    - if: $CI_COMMIT_BRANCH =~ '/^release/'
+
+helm-push:
+  extends: .helm-push
+  stage: publish
+  needs:
+    - job: helm-build
+      artifacts: true
+    - job: version
+      artifacts: true      
+  rules:
+    - if: $CI_COMMIT_REF_NAME == 'main'
+    - if: $CI_COMMIT_BRANCH =~ '/^release/'

pipelines/octo-templates.yml

@@ -0,0 +1,25 @@
+stages:
+  - package
+  - publish 
+
+include:
+  - project: 'developerdurp/yml'
+    ref: 'main'
+    file: 
+      - 'jobs/version.yml'
+      - 'jobs/octopus.yml'
+
+
+version:
+  extends: .version
+  stage: .pre
+  rules:
+    - if: $CI_COMMIT_REF_NAME == 'main'
+
+pack:
+  variables:
+    WORKDIR: $CI_PROJECT_DIR
+  extends: .octo_package
+  stage: package
+  rules:
+    - if: $CI_COMMIT_REF_NAME == 'main'

pipelines/templates/security.yml

@@ -0,0 +1,43 @@
+stages:
+  - build
+
+include:
+  - template: Security/Secret-Detection.gitlab-ci.yml
+  - project: 'developerdurp/yml'
+    ref: 'main'
+    file: 
+      - 'jobs/codescan.yml'
+      - 'jobs/sonarqube.yml'
+      - 'rules/rules.yml'
+
+secret_detection:
+  stage: validate
+  rules:
+    - !reference [.mr_only_rules, rules]
+  allow_failure: false
+
+generate_sbom:
+  extends: .generate_sbom
+  stage: build
+  needs:
+    - job: docker-build
+      optional: true
+      artifacts: true
+  rules:
+    - !reference [.mr_only_rules, rules]
+
+generate_cve:
+  extends: .generate_cve
+  stage: build
+  needs:
+    - job: generate_sbom
+      artifacts: true
+  rules:
+    - !reference [.mr_only_rules, rules]
+
+sonarqube:
+  extends: .sonarcloud-check
+  stage: validate
+  allow_failure: true
+  rules:
+    - !reference [.sonarqube_rules, rules]

pipelines/terraform-gitlab.yml

@@ -0,0 +1,37 @@
+stages:
+  - plan
+  - apply
+  - destroy
+
+variables:
+  WORKDIR: $CI_PROJECT_DIR/.tf
+  GITLAB_TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/gitlab
+  TF_VAR_GITLAB_PROJECT_ID: $CI_PROJECT_ID
+  TF_VAR_GITLAB_PROJECT_NAME: $CI_PROJECT_NAME
+  TF_VAR_GITLAB_TOKEN: $CI_JOB_TOKEN
+
+image:
+  name: registry.durp.info/hashicorp/terraform:light
+  #name: hashicorp/terraform:light
+  entrypoint: [""]
+
+include:
+  - project: 'developerdurp/yml'
+    ref: 'main'
+    file: 
+      - 'jobs/terraform.yml'
+
+format:
+  stage: .pre
+  allow_failure: false
+  extends: .terraform_fmt
+
+validate:
+  stage: .pre
+  allow_failure: false
+  extends: .terraform_validate
+
+apply:
+  stage: apply
+  allow_failure: false
+  extends: .terraform_apply

pipelines/terraform.yml

@@ -0,0 +1,94 @@
+stages:
+  - plan
+  - apply
+  - destroy
+
+variables:
+  WORKDIR: $CI_PROJECT_DIR/terraform
+  GITLAB_TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${ENVIRONMENT_NAME}  
+
+image:
+  name: registry.internal.durp.info/opentofu/opentofu:latest
+  entrypoint: [""]
+
+include:
+  - project: 'developerdurp/yml'
+    ref: 'main'
+    file: 
+      - 'jobs/terraform.yml'
+
+format:
+  stage: .pre
+  allow_failure: false
+  extends: .terraform_fmt
+
+validate:
+  stage: .pre
+  allow_failure: false
+  extends: .terraform_validate
+    
+plan-development:
+  stage: plan
+  environment:
+    name: development
+  variables:
+    ENVIRONMENT_NAME: dev
+  allow_failure: false
+  extends: .terraform_plan
+  needs: ["validate","format"]
+
+plan-production:
+  stage: plan
+  environment:
+    name: production
+  variables:
+    ENVIRONMENT_NAME: prd
+  allow_failure: false
+  extends: .terraform_plan
+  needs: ["validate","format"]  
+
+apply-development:
+  stage: apply
+  environment:
+    name: development
+  variables:
+    ENVIRONMENT_NAME: dev
+  allow_failure: false
+  extends: .terraform_apply   
+  rules:
+    - when: manual
+
+apply-production:
+  stage: apply
+  environment:
+    name: production
+  variables:
+    ENVIRONMENT_NAME: prd
+  allow_failure: false
+  extends: .terraform_apply   
+  rules:
+    - when: manual        
+
+destroy-development:
+  stage: destroy
+  environment:
+    name: development
+  variables:
+    ENVIRONMENT_NAME: dev
+  allow_failure: false
+  extends: .terraform_destroy  
+  needs: ["apply-development"]
+  rules:       
+    - when: manual
+
+destroy-production:
+  stage: destroy
+  environment:
+    name: production
+  variables:
+    ENVIRONMENT_NAME: prd
+  allow_failure: false
+  extends: .terraform_destroy  
+  needs: ["apply-production"]
+  rules:       
+    - when: manual       

rules/rules.yml

@@ -0,0 +1,47 @@
+.default_rules:
+  rules:
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH 
+    - if: $CI_COMMIT_BRANCH =~ '/^release/'
+
+.sonarqube_rules:
+  rules:
+    - if: $CI_MERGE_REQUEST_IID
+      exists:
+        - "sonar-project.properties"  
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH 
+      exists:
+        - "sonar-project.properties"  
+    - if: $CI_COMMIT_BRANCH =~ '/^release/'
+      exists:
+        - "sonar-project.properties"  
+
+.default_mr_rules:
+  rules:
+    - if: $CI_MERGE_REQUEST_IID
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH 
+    - if: $CI_COMMIT_BRANCH =~ '/^release/'
+
+.mr_only_rules:
+  rules:
+    - if: $CI_MERGE_REQUEST_IID
+
+.docker_rules:
+  rules:
+    - if: $CI_MERGE_REQUEST_IID
+      exists:
+        - "Dockerfile"  
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH 
+      exists:
+        - "Dockerfile"  
+    - if: $CI_COMMIT_BRANCH =~ '/^release/'
+      exists:
+        - "Dockerfile"  
+
+.docker_publish_rules:
+  rules:
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH 
+      exists:
+        - "Dockerfile"  
+    - if: $CI_COMMIT_BRANCH =~ '/^release/'
+      exists:
+        - "Dockerfile"  

scripts/cd-workdir.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+#change directory
+cd $WORKDIR

scripts/checkvariable/version.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+#check for Version variable
+
+if [ -z "${VERSION}" ]; then
+    # If not, assign a default value
+    VERSION=$CI_COMMIT_SHORT_SHA
+fi
+

scripts/docker/build.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+#Build Docker Container
+mkdir $CI_PROJECT_DIR/packages
+containername=$(echo "$PROJECT_NAME" | awk '{print tolower($0)}')
+
+docker build -t $containername .
+docker save -o $CI_PROJECT_DIR/packages/$containername.$VERSION.tar.gz $containername

scripts/docker/login.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+#Docker Login
+docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY/$CI_PROJECT_PATH

scripts/docker/push-gitlab.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+#Push container to gitlab
+containername=$(echo "$PROJECT_NAME" | awk '{print tolower($0)}')
+
+if echo "$VERSION" | grep -Eq '^[0-9]+(\.[0-9]+)*$'; then
+  tag="latest"
+else
+  tag="dev"
+fi
+
+docker import $CI_PROJECT_DIR/packages/$containername.$VERSION.tar.gz $CI_REGISTRY/$CI_PROJECT_PATH:$VERSION
+docker import $CI_PROJECT_DIR/packages/$containername.$VERSION.tar.gz $CI_REGISTRY/$CI_PROJECT_PATH:$tag
+
+docker push "$CI_REGISTRY/$CI_PROJECT_PATH:$VERSION"
+docker push "$CI_REGISTRY/$CI_PROJECT_PATH:$tag"

scripts/gitlab/create-environment.sh

@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+#test deployment
+
+echo "
+$VERSION:
+  stage: deploy
+  image: mcr.microsoft.com/powershell:latest
+  script:
+" >> generated-config.yml
+
+echo '
+    - |
+      pwsh -c "Install-Module -Name powershell-yaml -Confirm:\$false -Force
+      \$template = (Invoke-RestMethod -Headers @{ \"PRIVATE-TOKEN\"= \$ENV:GITLAB_TOKEN } -Uri \"\$ENV:CI_API_V4_URL/projects/\$ENV:GITLAB_PROJECT_ID/repository/files/\$ENV:GITLAB_CHART_PATH/raw?ref=\$ENV:ENVIRONMENT\") | ConvertFrom-Yaml
+      \$template.version = \$ENV:VERSION
+      \$body = @{
+        branch = \"\$ENV:ENVIRONMENT\"
+        commit_message = \"Update Chart\"
+        content = \"\$(\$template | convertto-yaml)\"
+      } | ConvertTo-Json
+      Invoke-RestMethod -Headers @{ \"PRIVATE-TOKEN\"= \$ENV:GITLAB_TOKEN } -ContentType \"application/json\" -Method Put -body \$body -Uri \"\$ENV:CI_API_V4_URL/projects/\$ENV:GITLAB_PROJECT_ID/repository/files/\$ENV:GITLAB_CHART_PATH\""
+  needs:
+    - pipeline: $PARENT_PIPELINE_ID
+      job: version
+' >> generated-config.yml
+
+echo "
+  environment:
+    name: $ENVIRONMENT
+" >> generated-config.yml

scripts/gitlab/movefiles.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+#move files to output
+mkdir $CI_PROJECT_DIR/output
+for i in $(echo $PROJECT_NAME | tr ";" "\n");
+  do mkdir $CI_PROJECT_DIR/output/$i;
+  cp -r $CI_PROJECT_DIR/$i $CI_PROJECT_DIR/output/;
+  done

scripts/gitlab/update-chart.ps1

@@ -0,0 +1,12 @@
+Install-Module -Name powershell-yaml -Confirm:$false -Force
+
+$template = (Invoke-RestMethod -Headers @{ 'PRIVATE-TOKEN'= $ENV:GITLAB_TOKEN } -Uri "https://gitlab.com/api/v4/projects/45028985/repository/files/durpapi%2FChart.yaml/raw?ref=main") | ConvertFrom-Yaml
+$template.version = $ENV:VERSION
+
+$body = @{
+  branch = "main"
+  commit_message = "Update Chart"
+  content = "$($template | convertto-yaml)"
+} | ConvertTo-Json
+
+Invoke-RestMethod -Headers @{ 'PRIVATE-TOKEN'= $ENV:GITLAB_TOKEN } -ContentType "application/json" -Method Put -body $body -Uri "https://gitlab.com/api/v4/projects/45028985/repository/files/durpapi%2FChart.yaml"

scripts/gitlab/update-chart.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+pwsh -c "Install-Module -Name powershell-yaml -Confirm:\$false -Force
+
+\$template = (Invoke-RestMethod -Headers @{ 'PRIVATE-TOKEN'= \$ENV:GITLAB_TOKEN } -Uri \"https://gitlab.com/api/v4/projects/45028985/repository/files/durpapi%2FChart.yaml/raw?ref=main\") | ConvertFrom-Yaml
+\$template.version = \$ENV:VERSION
+
+\$body = @{
+  branch = \"main\"
+  commit_message = \"Update Chart\"
+  content = \"\$(\$template | convertto-yaml)\"
+} | ConvertTo-Json
+
+Invoke-RestMethod -Headers @{ 'PRIVATE-TOKEN'= \$ENV:GITLAB_TOKEN } -ContentType \"application/json\" -Method Put -body \$body -Uri \"https://gitlab.com/api/v4/projects/45028985/repository/files/durpapi%2FChart.yaml\""

scripts/golang-build-api.sh

@@ -1,13 +0,0 @@
-#!/usr/bin/env bash
-#%%MULTILINE_YAML_START
-#Build golang api
-export GOPATH=/go
-export PATH=$PATH:$GOPATH/bin
-
-mkdir output
-
-go install 
-go install github.com/swaggo/swag/cmd/swag@v1.8.12 
-swag init
-
-CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o ./output/main .

scripts/golang-build.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+#Build golang project
+export GOPATH=/go
+export PATH=$PATH:$GOPATH/bin
+
+mkdir output
+
+#go install 
+go mod download
+
+# Check if go.mod contains "swag"
+if grep -q "swag" go.mod; then
+    echo "Found 'swag' in go.mod. Running swag init..."
+    go install github.com/swaggo/swag/cmd/swag@latest
+    swag init --parseDependency
+fi
+
+CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o ./output/main .

scripts/helm-login.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+#Helm login
+
+helm registry login ${CI_REGISTRY} -u gitlab-ci-token -p ${CI_JOB_TOKEN}

scripts/nuget/push.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+#Nuget Push
+dotnet nuget add source "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/nuget/index.json" --name gitlab --username gitlab-ci-token --password $CI_JOB_TOKEN --store-password-in-clear-text
+for i in $(echo $PROJECT_NAME | tr ";" "\n");
+  do dotnet nuget push "${CI_PROJECT_DIR}/packages/$i.$VERSION.nupkg" --source gitlab;
+done

scripts/octopus/create_release.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+#Octopus Create Release
+dotnet /octo/octo.dll create-release --project=$OCTO_PROJECT_NAME --releaseNumber=$VERSION --server=https://octopus.internal.durp.info/ --apiKey=$OCTOAPI --packagesFolder=$CI_PROJECT_DIR/packages --gitRef main
+
+

scripts/octopus/pack.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+#Package with octopus
+mkdir $CI_PROJECT_DIR/packages
+
+for dir in ./output/*/;
+do dir=${dir%*/};
+    dir=${dir##*/};
+    dotnet /octo/octo.dll pack --id=$dir --version=$VERSION --outFolder=$CI_PROJECT_DIR/packages --basePath=$CI_PROJECT_DIR/output/$dir;
+done

scripts/render-job-templates.sh

@@ -2,7 +2,24 @@
 #%%MULTILINE_YAML_START
 # render job-templates.yml from job-templates.tpl.yml
 set -euo pipefail
-for script in scripts/*.sh; do
+for pwsh in  $(find ./scripts -name '*.ps1'); do
+  script=$(cat $pwsh)
+  sh_file="${pwsh%.ps1}.sh"
+     
+  # Escape double quotes and dollar signs
+  script="${script//\"/\\\"}"
+  script="${script//\$/\\\$}"
+
+  pwsh_command="pwsh -c \"$script\""
+
+  echo '#!/usr/bin/env bash' > "$sh_file"
+  echo '#%%MULTILINE_YAML_START' >> "$sh_file"
+  echo "$pwsh_command" >> "$sh_file"
+done
+
+
+
+for script in $(find ./scripts -name '*.sh'); do
   awk -v script_name="$(basename "$script")" '
   NR==1 && /^#!/ {printf("# Begin of %s\n",script_name); next}   # strip shebang in first line, print head comment
   /^\s*$/ {next}         # strip any newlines or whitespace

scripts/scanner/grype-install.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+#Syft install
+nix-env -iA nixpkgs.grype

scripts/scanner/grype.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+#grype scan sboms
+
+for i in syft/*.sbom.json;
+do filename=${i%*.sbom.json};
+  filename=${filename##/};
+  grype $i -o json --file $filename.cve.json;
+done

scripts/scanner/syft-docker.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+#Syft scan for docker
+
+for i in packages/*.tar.gz;
+do filename=${i%.*.*.*.tar.gz};
+  filename="$(basename -- "$filename")"
+  syft $i -o cyclonedx-json=syft/$filename.docker.sbom.json;
+done

scripts/scanner/syft-go.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+#Syft scan for go
+
+if [ -f "go.mod" ]; then
+    syft go.mod -o cyclonedx-json=syft/${CI_PROJECT_NAME}.sbom.json
+fi

scripts/scanner/syft-install.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+#Syft install
+nix-env -iA nixpkgs.syft

scripts/scanner/syft-mkdir.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+#mkdir for syft files
+
+mkdir $CI_PROJECT_DIR/syft

scripts/terraform/apply.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+#Terraform validate
+tofu apply -auto-approve $ARGUMENTS

scripts/terraform/destroy.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+#Terraform validate
+tofu destroy -auto-approve $ARGUMENTS

scripts/terraform/fmt.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+#Terraform fmt
+tofu fmt -diff -check -write=false

scripts/terraform/init.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+#Terraform init    
+tofu init -reconfigure -backend-config="address=${GITLAB_TF_ADDRESS}" -backend-config="lock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="unlock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="username=gitlab-ci-token" -backend-config="password=${CI_JOB_TOKEN}" -backend-config="lock_method=POST" -backend-config="unlock_method=DELETE" -backend-config="retry_wait_min=5"  

scripts/terraform/plan.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+#Terraform plan    
+apk add --update curl jq 
+alias convert_report="jq -r '([.resource_changes[].change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'"
+tofu plan -out=$PLAN $ARGUMENTS
+tofu show --json $PLAN | jq -r '([.resource_changes[].change.actions?]|flatten)|{"create":(map(select(.=="create"))|length),"update":(map(select(.=="update"))|length),"delete":(map(select(.=="delete"))|length)}' > $JSON_PLAN_FILE

scripts/terraform/validate.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+#Terraform validate
+tofu validate    

templates/codescan.tpl.yml

@@ -0,0 +1,21 @@
+.generate_sbom:
+  image: registry.internal.durp.info/nixos/nix:latest
+  script:
+    - ./scripts/scanner/syft-install.sh
+    - ./scripts/scanner/syft-mkdir.sh
+    - ./scripts/scanner/syft-go.sh
+    - ./scripts/scanner/syft-docker.sh
+  artifacts:
+    expire_in: 1 hour
+    paths:
+      - $CI_PROJECT_DIR/syft
+
+.generate_cve:
+  image: registry.internal.durp.info/nixos/nix:latest
+  script:
+    - ./scripts/scanner/grype-install.sh
+    - ./scripts/scanner/grype.sh
+  artifacts:
+    expire_in: 1 hour
+    paths:
+      - $CI_PROJECT_DIR/syft

templates/docker.tpl.yml

@@ -1,5 +1,5 @@
 .docker-build-container:
-  image: registry.durp.info/docker:20.10.17
+  image: registry.internal.durp.info/docker:20.10.17
   variables:
     DOCKER_DRIVER: overlay2
     DOCKER_TLS_CERTDIR: ""
@@ -11,3 +11,33 @@
     - ./scripts/docker-login.sh
     - ./scripts/docker-build.sh
        
+
+.docker_build:
+  image: registry.internal.durp.info/docker:20.10.17
+  variables:
+    DOCKER_DRIVER: overlay2
+    DOCKER_TLS_CERTDIR: ""
+    DOCKER_HOST: tcp://127.0.0.1:2375/
+  services:
+    - name: docker:dind
+      entrypoint: ["dockerd-entrypoint.sh", "--tls=false"]
+  script:
+    - ./scripts/checkvariable/version.sh
+    - ./scripts/docker/build.sh
+  artifacts:
+    expire_in: 1 hour
+    paths:
+      - $CI_PROJECT_DIR/packages
+
+.docker_push_gitlab:
+  image: registry.internal.durp.info/docker:20.10.17
+  variables:
+    DOCKER_DRIVER: overlay2
+    DOCKER_TLS_CERTDIR: ""
+    DOCKER_HOST: tcp://127.0.0.1:2375/
+  services:
+    - name: docker:dind
+      entrypoint: ["dockerd-entrypoint.sh", "--tls=false"]
+  script:
+    - ./scripts/docker/login.sh
+    - ./scripts/docker/push-gitlab.sh

templates/gitlab.tpl.yml

@@ -0,0 +1,35 @@
+.gitlab-move-files:
+  image: registry.internal.durp.info/debian:latest
+  script:
+    - ./scripts/gitlab/movefiles.sh
+  artifacts:
+    expire_in: 1 hour
+    paths:
+     - $CI_PROJECT_DIR/output
+
+.gitlab-deploy:
+  stage: deploy
+  image: mcr.microsoft.com/powershell:latest
+  script:
+    - ./scripts/gitlab/update-chart.sh
+  environment:
+    name: production
+    url: https://api.durp.info/goapi
+  rules:
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/'
+      when: manual
+  needs: 
+    - job: version
+      artifacts: true
+
+.generate-config:
+  stage: build
+  needs:
+    - job: version
+      artifacts: true
+  script:
+    - ./scripts/gitlab/create-environment.sh
+  artifacts:
+    expire_in: never
+    paths:
+      - generated-config.yml

templates/golang.tpl.yml

@@ -1,9 +1,9 @@
-.golang-build-api:
+.golang-build:
   variables:
-    GOPROXY: https://nexus.durp.info/repository/go/
+    #GOPROXY: https://nexus.durp.info/repository/go/
-  image: registry.durp.info/golang:1.20
+  image: registry.internal.durp.info/golang:${GO_VERSION}
   script:
-    - ./scripts/golang-build-api.sh
+    - ./scripts/golang-build.sh
   artifacts:
     expire_in: 1 hour
     paths:
@@ -11,7 +11,8 @@
 
 .golang-lint:
   variables:
-    GOPROXY: https://nexus.durp.info/repository/go/
+    #GOPROXY: https://nexus.durp.info/repository/go/
-  image: registry.durp.info/golangci/golangci-lint:latest
+    CGO_ENABLED: 0
+  image: registry.internal.durp.info/golangci/golangci-lint:${GOLANGCI_LINT_VERISON}
   script:
     - ./scripts/golang-lint.sh

templates/helm.tpl.yml

@@ -1,6 +1,14 @@
-.helm-createchart:
+.helm-build:
-  image: registry.durp.info/dtzar/helm-kubectl
+  image: registry.internal.durp.info/dtzar/helm-kubectl
+  script:
+    - ./scripts/helm-package.sh
+  artifacts:
+    expire_in: 1 hour
+    paths:
+      - $CI_PROJECT_DIR/packages        
+
+.helm-push:
+  image: registry.internal.durp.info/dtzar/helm-kubectl
   script:
     - ./scripts/helm-addrepo.sh
-    - ./scripts/helm-package.sh
     - ./scripts/helm-push.sh

templates/nuget.tpl.yml

@@ -0,0 +1,4 @@
+.nuget_push:
+  image: registry.internal.durp.info/dotnet/core/sdk:latest
+  script:
+    - ./scripts/nuget/push.sh

templates/octopus.tpl.yml

@@ -0,0 +1,12 @@
+.octo_package:
+  image: registry.internal.durp.info/octopusdeploy/octo:latest
+  script: 
+    - ./scripts/octopus/pack.sh
+  artifacts:
+    paths:
+    - $CI_PROJECT_DIR/packages
+
+.octo_release:
+  image: registry.internal.durp.info/octopusdeploy/octo:latest
+  script: 
+    - ./scripts/octopus/create_release.sh

templates/sonarqube.tpl.yml

@@ -3,7 +3,7 @@
     SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"  # Defines the location of the analysis task cache
     GIT_DEPTH: "0"  # Tells git to fetch all the branches of the project, required by the analysis task
   image:
-    name: registry.durp.info/sonarsource/sonar-scanner-cli:latest
+    name: registry.internal.durp.info/sonarsource/sonar-scanner-cli:latest
     entrypoint: [""]
   cache:
     key: "${CI_JOB_NAME}"

templates/terraform.tpl.yml

@@ -0,0 +1,35 @@
+.terraform_fmt:
+  script:
+    - ./scripts/cd-workdir.sh
+    - ./scripts/terraform/fmt.sh
+
+.terraform_validate:
+  script:
+    - ./scripts/cd-workdir.sh
+    - ./scripts/terraform/init.sh
+    - ./scripts/terraform/validate.sh
+    
+.terraform_plan:
+  variables:
+    PLAN: plan.tfplan
+    JSON_PLAN_FILE: tfplan.json
+  script:
+    - ./scripts/cd-workdir.sh
+    - ./scripts/terraform/init.sh
+    - ./scripts/terraform/plan.sh
+  artifacts:
+    reports:
+      terraform: $WORKDIR/$JSON_PLAN_FILE
+
+
+.terraform_apply:
+  script:
+    - ./scripts/cd-workdir.sh
+    - ./scripts/terraform/init.sh
+    - ./scripts/terraform/apply.sh
+
+.terraform_destroy:
+  script:
+    - ./scripts/cd-workdir.sh
+    - ./scripts/terraform/init.sh
+    - ./scripts/terraform/destroy.sh

templates/version.tpl.yml

@@ -1,9 +1,10 @@
 .version:
-  image: registry.durp.info/gittools/gitversion:5.12.0
+  image: registry.internal.durp.info/gittools/gitversion:5.12.0
   variables:
     GIT_DEPTH: "0"
   script:
-    - ./scripts/version-number.sh
+    - ./scripts/gitversion/version.sh
   artifacts:
+    expire_in: never
     reports:
       dotenv: version.env