forked from garethr/snyky
-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.yml
72 lines (70 loc) · 1.7 KB
/
config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
version: 2.1
orbs:
conftest: kenfdev/conftest-orb@0.0.9
snyk: snyk/snyk@0.0.8
jobs:
python:
docker:
- image: circleci/python:3.7.4
environment:
PIPENV_VENV_IN_PROJECT: true
working_directory: ~/repo
steps:
- checkout
- restore_cache:
keys:
- deps-{{ checksum "Pipfile.lock" }}
- deps-
- run:
name: install dependencies
command: |
pipenv install --dev
- save_cache:
paths:
- .venv
key: deps-{{ checksum "Pipfile.lock" }}
- conftest/install
- run:
name: run tests
command: |
pipenv run pytest
policy:
docker:
- image: circleci/buildpack-deps:stretch
steps:
- checkout
- conftest/install
- run:
name: Test Pipfile
command: conftest test --input toml --namespace pipfile Pipfile
- run:
name: Test pytest.ini
command: conftest test --namespace pytest pytest.ini
- run:
name: Test Dockerfile
command: conftest test --namespace docker Dockerfile
security:
docker:
- image: circleci/buildpack-deps:stretch
environment:
IMAGE_NAME: garethr/snyky
steps:
- checkout
- setup_remote_docker:
version: 18.09.3
- run:
name: Build image
command: docker build --progress plain -t $IMAGE_NAME .
environment:
DOCKER_BUILDKIT: 1
- snyk/scan:
docker-image-name: $IMAGE_NAME
monitor-on-build: false
target-file: Dockerfile
workflows:
version: 2
build:
jobs:
- python
- policy
- security