Gitlab AutoDevOps
Gitlab AutodevOps is a pre-configured CI/CD pipeline and eliminates the complexities of software delivery without manually creating CI/CD pipeline.
Background On Known Challenges:
We are manually doing the whole setup, such as creating a project on Sonar, updating the permissions, and creating a GitLab-ci.yml file for a pipeline. This entire process is time-consuming.
Developers approach the DevOps team to create a pipeline and ask for sonarqube project permissions.
Sometimes developers unknowingly commit secrets like passwords and token keys in the repo.
Benefits:
Every project repository integrated with Sonarqube
We don’t need to manually create a yml file in the newly created repository to connect it with sonarqube and manually create a project at sonarqube until we need to deploy that project through the pipeline.
We have project framework detection checks in AutoDevOps.
We don’t need to update permissions on sonarqube manually.
Detecting and blocking hardcoded secrets/tokens git repos.
AutoDevops works on every commit on any branches
Features we are using:
Examine code language
Create a sonarqube project and update user’s permissions on the project using sonarqube APIs
Auto Sonar code quality scanning
Detecting and preventing hardcoded secrets like passwords, API keys, and tokens in a git repository.
Stages we are using:
Sonar:
For creating a project on the sonarqube server, updating user permission on that project, and code quality scanning. We are using templates for Node, Magento, and Mobile projects.
Gitleaks(Secret Detection): Ref: https://gitleaks.io/index.html
For scanner for git repositories, files, and directories. These secrets include passwords, API keys, tokens, private keys, or file extensions like .pem, and id_rsa. Gitleaks not only scanned your latest source code but also scans the entire history identifying any secrets committed to your branch.
Workflow:
New Repo Created: When a new project is created on GitLab and AutoDevOps will be pre-enabled for that project.
Code Pushed in this Repo: A auto-DevOps will come into action and start the pipeline flow
Gitlab Pipeline Flow: It has two jobs as mentioned below
Auto DevOps framework detection: Create the same project on sonarqube with the same project name as Gitlab, then detect the code framework and assign the admin permissions to that dept PM/TL on that project. Soanr code scanning will start after completing the above process.
Auto DevOps secret detection: If Autodevops secret detection found any secret in the code a job failed
Template | NodeJs | Magento | Mobile(Android, Flutter) |
File Detection Rule | package.json | composer.json | build.gradle, pubspec.yaml |
Sonar Project Creation | Automatic | Automatic | Automatic |
Sonar Project Permission | Web Group | Magento Group | Mobile Group |
AutoDevops | Yes | Yes | Yes |
Sonar-Scanner | Automatic | Automatic | Automatic |
New Project Creation:
We utilise pre-configured templates to create new repositories efficiently. These templates come with pre-created branches, Merge Request templates, a basic repository wiki, and user permissions already set up. By using these templates, we ensure consistent structures and configurations across our repositories, saving time and effort in the setup process.