Skip to content

Instantly share code, notes, and snippets.

@deekayen

deekayen/.gitlab-ci.yml

Created December 16, 2019 21:25
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save deekayen/8a117197cdd4fcec0df2b02258961060 to your computer and use it in GitHub Desktop.
Save deekayen/8a117197cdd4fcec0df2b02258961060 to your computer and use it in GitHub Desktop.
Download ZIP
Example Gitlab runner CI configuration file that would do Ansible linting and secret discovery.
Raw
.gitlab-ci.yml
---
ansible-lint:
tags:
- ansible
script:
- ansible-lint --version
- git ls-files | grep yml | xargs ansible-lint --exclude=/home/gitlab-runner/.ansible/roles
ansible-review:
tags:
- ansible
script:
- ansible-review --version
- git ls-files | grep yml | grep -v vars | xargs ansible-review -q
gitleaks:
tags:
- docker
before_script:
- docker pull zricethezav/gitleaks
script:
- docker run --rm --name=gitleaks_$CI_COMMIT_SHORT_SHA -v $CI_PROJECT_DIR:/code/ zricethezav/gitleaks -v --repo-path=/code
syntax-check:
tags:
- ansible
script:
- ansible-galaxy --version
- ansible-playbook --version
- ansible-galaxy install --force -r roles/requirements.yml
- ls -1 *.yml | xargs ansible-playbook --syntax-check --list-tasks -i 127.0.0.1,
trufflehog:
tags:
- docker
before_script:
- docker pull cloudkats/trufflehog
script:
- docker run --rm --name=trufflehog_$CI_COMMIT_SHORT_SHA -v $CI_PROJECT_DIR:/code/ cloudkats/trufflehog trufflehog file:///code/
yamllint:
tags:
- ansible
script:
- yamllint --version
- yamllint .
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment