The objective of this pipeline to provide a working example of using basic security and quality checks in a Spring Boot app running on OpenShift. There are many, many tools that can be used to this end. Currently this pipeline supports the plugins identified in the CoP Spring Rest app.
This repo assumes knowledge of the OpenShift Applier and ansible in general. If you are new to applier/ansible, please see the docs which have really useful tutorials.
git clone https://github.com/redhat-cop/container-pipelines
cd container-pipelines/secure-spring-boot
- If you would like to customize the names of OpenShift projects created, edit
project-names.uml
ansible-galaxy install -r requirements.yml --roles-path=roles
oc login
ansible-playbook ci-cd-tooling.yml -i roles/labs-ci-cd/inventory/
ansible-playbook spring-boot-app.yml -i .openshift-applier/inventory/
- Navigate to the OpenShift Web console for your CI/CD project. You should see a pipeline build running automatically (once everything spins up).
See redhat-cop#72
- Running the pipeline for the first time will take ~10 minutes because all maven dependencies and NIST DB need to be downloaded. Subsequent builds will be faster. Also see redhat-cop#71
- If you have issues with Nexus certificate like seen here, then you can add the following ansible flag as a workaround:
-e nexus_validate_certs=false
.