Monday, June 9, 2025

CI/CD (2) - Continous Integration - Gitlab + SonarCube + Docker + Trivy + AWS ECR

 

 


 s

First set was to create runner. Runner is responsible to process CI/CD pipeline.        I set up my runner on AWS EC2. This combination help me to develop my cloud experience. 

Gitlab provide guide, how set up Runner.

 

Code from step first, we execute in CLI. It can be AWS CLI online or like in my case connection via SSH to EC2. 

gitlab-runner register  --url https://gitlab.com  --token glrt-LfsxSFEZFplfIKamMA4g4G86MQpwOjE1d3hlcgp0OjMKdTpndDVwchg.01.1j0snqv31

Each project can some or different runners. In Project, next in Project Setting, in tab CI/CD,  we can find assigned Runner.

 


 On project main page, we have link to pipeline history. 


 

When we click "History" button, whole pipeline is visible in graphical representation." 

When we open "Job" Tab, each step in pipeline is shown with details.


 Additionally, in each step, we are able to see logs.


 During set up of pipeline, is needed to point file which will has information, about pipeline. 

 


 In each stage, I defined necessary commands. YML file structure is very  transparent. In YML, it can call shell commands, pull Docker images and define Git braches, which will be used in CI/CD pipeline. Moreover, adding tags can control pipeline.   

SonarCube code analysis:

 

Sonarcube Cloud was used to perform analysis. See results below.


Docker build logs:

 

Trivy is a simple and Comprehensive Vulnerability Scanner for Containers. Trivy report show, where and which vulnerability(CVE) are present in app and when they were fixed.


AWS ECR, prove useful information for pipeline:
To log in to AWS, I created in IAM identity and assigned to necessary permissions.
Than I create Access Key and Secret Access Key for CICD-gitlab user.
 After passing AWS credential I was able to create AWS ECR repository.

 




 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 

Tips and Trics

After I reboot my EC2 instance, I has problem to run pipeline. I found solution listed below. After I run all command below, I was able to execute Pipeline in Runner. 

Run in terminal

If you did not started gitlab-runner yet

gitlab-runner start

system-mode execution

sudo gitlab-runner run

user-mode execution

gitlab-runner run 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
Gitlab Instalation Docs: 

 # Download the binary for your system
sudo curl -L --output /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64

# Give it permission to execute
sudo chmod +x /usr/local/bin/gitlab-runner

# Create a GitLab Runner user
sudo useradd --comment 'GitLab Runner' --create-home gitlab-runner --shell /bin/bash

# Install and run as a service
sudo gitlab-runner install --user=gitlab-runner --working-directory=/home/gitlab-runner
sudo gitlab-runner start

-
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

K8s cluster - bash install

     In my homelab, I testes another method of installation of Kubernetes. Average time of installation of Kubernetes via Ansible was 15 min...

  • Kubespray Homelab
            In the past I broke my K3s homelab more than few times. To set up K3s cluster again it was not complicated. I want to automate proce...
  • K9s install
      K9s K9s is a terminal based UI to interact with your Kubernetes clusters. The aim of this project is to make it easier to navigate, obser...
  • K3s HA + Cllium homelab set up - Updated
             Today I would like to document my base set up for my homelab. I try serveral Linux distros RHEL, Ubuntu, Fedora combined with K8s, ...