Skip to content

Exercise 1: CI Pipeline & GitLab SAST

You are asked to set up a CI/CD pipeline of the your group project individually by forking the existing group project codebase and updating the CI/CD configuration. As part of the exercise, you also need to prepare your own VM on GCP and explore how to use SAST on a self-hosted GitLab (i.e. GitLab CSUI).

For your information when setting up the GitLab CI/CD configuration that will be run on GitLab CSUI, the following is the overview of the CI infrastructure in our faculty:

  • We run GitLab CSUI using GitLab Enterprise Edition version 13.12.15.
  • The CI server runs 8 instances of GitLab Runner version 13.12.0.
  • Each instance is running as a container with limited resources (2 CPU per container) and the privileged mode disabled. Hence, it is not possible to run a Docker-in-Docker (DIND) type of CI job.
  • Each instance shares the cache between CI jobs using Minio.
  • Each instance is also limited to run single CI job at a time.

At the end of the exercise, do not forget to schedule an one-on-one meeting with a teaching assistant to demonstrate your work.

Tasks

  1. Create a new VM on GCP and provision it with the required dependencies for running the group project.
  2. Fork the group project codebase into your own namespace on GitLab CSUI.
  3. Update the GitLab CI/CD configuration in your fork so the group project is built and deployed to your own VM instead of the group's VM.

    Alternatively, try to work as a group to update the existing GitLab CI/CD configuration so that each member of the group only need to perform minimal changes to the CI/CD configuration file in their fork. It is also possible to have a CI/CD configuration that is so flexible even each member does not need to modify the configuration file at all on their fork.

  4. Make sure the group project is successfully deployed and run on your own VM and can be accessed publicly.
  5. Add the SAST job into the CI/CD pipeline of your own fork and make sure it runs.

    Due to an ongoing issue on running the latest SAST image, pin the version of SAST analyser image to version 2.28.5 in the CI/CD configuration file.

  6. Arrange an one-on-one meeting with a teaching assistant to demonstrate your work. You are expected to be able to:
    • Explain the process of setting up the deployment environment of your group project.
    • Explain and demonstrate how to create a CI/CD pipeline on GitLab CSUI.
    • Describe how to customise the SAST behaviour when running on GitLab CSUI.
    • Describe and compare their experience on using SonarQube and GitLab's SAST in performing static analysis on code quality and possible security-related issues.

Deliverables

At the end of this exercise, you are required to prepare the following artifacts:

  • A fork repository of the group project in your own namespace on GitLab CSUI.
  • An updated GitLab CI/CD configuration, i.e. .gitlab-ci.yml, in the fork repository.
  • An example of working pipeline in the fork repository that shows the CI/CD pipeline successfully build, test, and deploy the application.
  • An URL to the application that is built and deployed from your fork. It is OK to simply use the public IP address of the VM that running your application. Make sure the URL is accessible when conducting demo with the TA.

The due date of this exercise is: 17 November 2021, 21:00 UTC+7. Please ensure any updates to the fork repository related to this exercise were made and pushed before the due date.

References

Last update: 2021-11-17 10:24:53
Created: 2021-11-10 09:23:57