blsmith/dc-deployments-automation
1
0
Fork 0
mirror of https://bitbucket.org/atlassian/dc-deployments-automation.git synced 2025-12-16 18:03:06 -06:00
Code Issues Packages Projects Releases Wiki Activity

ITPLT-4544 remove snyk scanner from pipelines

Browse Source
This commit is contained in:
Lee Goolsbee
2025-09-26 10:10:58 -05:00
parent db49f6c819
commit c94228e82f
3 changed files with 15 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
.snyk
View File

@@ -1,13 +0,0 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.14.1
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
'snyk:lic:pip:ansible:GPL-3.0':
- '*':
reason: 'Not a shipped or linked dependency, only retrieved at run-time.'
expires: 2022-03-01T00:00:00.000Z
'snyk:lic:pip:ansible-base:GPL-3.0':
- '*':
reason: 'Not a shipped or linked dependency, only retrieved at run-time.'
expires: 2022-03-01T00:00:00.000Z
patch: {}

41
bitbucket-pipelines.yml
View File

@@ -11,26 +11,16 @@ options:
definitions: definitions:
caches: caches:
ansible-collections: ansible_collections ansible-collections: ansible_collections
pre-commit: ~/.cache/pre-commit
services: services:
docker: docker:
memory: 4096 memory: 4096
pipelines: pipelines:
default: default:
- step:
name: Pre-commit
image: python:3.9
caches:
- pre-commit
script:
- apt update && apt install -y pipenv
- pipenv sync --dev
- pipenv run pre-commit run --all-files
- step: - step:
name: Pre Parallelization stage name: Pre Parallelization stage
script: script:
- echo "Running tests in 38 batches" - echo "Running tests in 39 batches"
- step: - step:
name: Check if the template is up-to-date name: Check if the template is up-to-date
@@ -115,6 +105,20 @@ pipelines:
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/bitbucket_config - cd roles/bitbucket_config
- pipenv run molecule test -s iam_elasticsearch - pipenv run molecule test -s iam_elasticsearch
- step:
name: bitbucket_mesh_config/default
caches:
- ansible-collections
- docker
- pip
services:
- docker
script:
- apt-get update && apt-get install -y rsync
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev
- cd roles/bitbucket_mesh_config
- pipenv run molecule test -s default
- step: - step:
name: confluence_config/aurora name: confluence_config/aurora
caches: caches:
@@ -578,18 +582,3 @@ pipelines:
- cd roles/product_startup - cd roles/product_startup
- pipenv run molecule test -s synchrony - pipenv run molecule test -s synchrony
- step:
name: Run Snyk security scan
caches:
- docker
- pip
- node
services:
- docker
script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev
- apt-get update && apt-get install -y npm
- npm install -g snyk
- snyk auth $SNYK_TOKEN
- pipenv run snyk monitor --severity-threshold=high --project-name=dc-deployments-automation

16
pipeline_generator/templates/bitbucket-pipelines.yml.j2
View File

@@ -51,19 +51,3 @@ pipelines:
- cd roles/{{ spath.parts[2] }} - cd roles/{{ spath.parts[2] }}
- pipenv run molecule test -s {{ spath.parts[4] }} - pipenv run molecule test -s {{ spath.parts[4] }}
{% endfor %} {% endfor %}
- step:
name: Run Snyk security scan
caches:
- docker
- pip
- node
services:
- docker
script:
- export ANSIBLE_CONFIG=./ansible.cfg
- ./bin/install-ansible --dev
- apt-get update && apt-get install -y npm
- npm install -g snyk
- snyk auth $SNYK_TOKEN
- pipenv run snyk monitor --severity-threshold=high --project-name=dc-deployments-automation