Skip to content

feat: add support for GitLab CI environment#38

Merged
maxrake merged 2 commits into
mainfrom
gitlab
May 19, 2022
Merged

feat: add support for GitLab CI environment#38
maxrake merged 2 commits into
mainfrom
gitlab

Conversation

@maxrake
Copy link
Copy Markdown
Contributor

@maxrake maxrake commented May 19, 2022
edited
Loading

The phylum Python package has been updated to offer the ability to analyze lockfile changes within the GitLab CI/CD environment. Merge requests (MRs) can be analyzed and annotated automatically when they include changes to a lockfile.

The core logic and annotation strategy came from existing Phylum implementations:

  • The phylum-dev/phylum-analyze-pr-action repository is the current working implementation for GitHub
  • The phylum-dev/GitLabCI-Phylum-Analyze-MR repository is the current implementation for GitLab
  • The intent was to replicate as much as what was already available...but in an extensible way
    • There were a few deviations and licenses taken where it seemed prudent
  • Make use of the package's ability to download and install the latest released Phylum CLI
  • No other external GitLab-based dependencies were used
    • Functionality was added to the package itself to do what was needed in the form of direct system/app and API calls

The best bet for learning about the functionality added here is to start with the README.md and docs/gitlab_ci.md documentation files. The code in this PR has been exposed as a Docker image and pushed to the phylumio/phylum-ci:gitlab tag. That image can be used to test locally or with your own GitLab private repository. In fact, it can be used now, for any customer that is hot to get started (CC: @furi0us333)

Closes #31

Checklist

  • Does this PR have an associated issue (i.e., closes #<issueNum> in description above)?
  • Have you ensured that you have met the expected acceptance criteria?
  • Have you created sufficient tests?
    • Not yet...and won't be in this PR
    • Extensive manual local testing was performed with a personal GitLab private repository
    • Unit and functional tests were skipped for now in the name of expediency (I know, I know...)
    • Integration level tests will be tackled in a separate issue and will make use of the phylum-dev/TestGitLabWorkflow repo
  • Have you updated all affected documentation?
  • Remove the temporary gitlab tag from Docker Hub after this PR is merged and a new release cut

@maxrake maxrake requested a review from kylewillmon May 19, 2022 02:46
@maxrake maxrake requested a review from a team as a code owner May 19, 2022 02:46
@maxrake maxrake self-assigned this May 19, 2022
@maxrake
Copy link
Copy Markdown
Contributor Author

maxrake commented May 19, 2022

Some screenshots from a sampling of the manual testing performed:

image

---

image

---

image

---

maxrake
maxrake commented May 19, 2022
View reviewed changes
Comment thread docs/gitlab_ci.md Outdated
maxrake
maxrake commented May 19, 2022
View reviewed changes
Comment thread docs/gitlab_ci.md
maxrake
maxrake commented May 19, 2022
View reviewed changes
Comment thread src/phylum/ci/ci_gitlab.py
kylewillmon
kylewillmon previously approved these changes May 19, 2022
View reviewed changes
Comment thread docs/gitlab_ci.md Outdated
@maxrake maxrake requested a review from kylewillmon May 19, 2022 17:32
@maxrake maxrake merged commit 732daea into main May 19, 2022
@maxrake maxrake deleted the gitlab branch May 19, 2022 21:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@kylewillmon kylewillmon kylewillmon approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@maxrake maxrake

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add support for Gitlab MRs

2 participants

@maxrake @kylewillmon