Fakultas Ilmu Komputer UI

Commit a4edca4c authored by Daya Adianto's avatar Daya Adianto
Browse files

Create the exercise specs on creating a CI pipeline

parent a7822197
# Exercise 1: CI Pipeline & GitLab SAST
You are asked to set up a CI/CD pipeline of the your group project
**individually** by forking the existing group project codebase and updating
the CI/CD configuration. As part of the exercise, you also need to prepare
your own VM on Google Cloud Platform (GCP) and explore how to use Static
Application Security Testing (SAST) on self-hosted GitLab (GitLab CSUI).
For your information when setting up the GitLab CI/CD configuration that will
be run on GitLab CSUI, the following is the overview of the CI infrastructure
in our faculty:
- We run GitLab CSUI using GitLab Enterprise Edition version 13.12.15.
- The CI server runs 8 instances of GitLab Runner version 13.12.0.
- Each instance is running as a container with limited resources (2 CPU per
container) and disabled the privileged mode. Hence, it is not possible to
run a Docker-in-Docker (DIND) type of CI job.
- Each instance shares the cache between CI jobs using [Minio](https://min.io/).
- Each instance is also limited to run single CI job at a time.
At the end of the exercise, do not forget to schedule an one-on-one meeting
with a teaching assistant to demonstrate your work.
## Tasks
1. [ ] Create a new VM on GCP and provision it with the required dependencies
for running the group project.
2. [ ] Fork the group project codebase into your own namespace on GitLab CSUI.
3. [ ] Update the GitLab CI/CD configuration in your fork so the group project
is built and deployed to your own VM instead of the group's VM.
> Alternatively, try to work as a group to update the existing GitLab CI/CD
> configuration so that each member of the group only need to perform
> **minimal changes to the CI/CD configuration file** in their fork.
> It is also possible to have a CI/CD configuration that is so flexible
> even each member does not need to modify the configuration file at all
> on their fork.
4. [ ] Make sure the group project is successfully deployed and run on your own
VM and can be accessed publicly.
5. [ ] Add the SAST job into the CI/CD pipeline of your own fork and make sure
it runs.
> Due to [an ongoing issue on running the latest SAST image](https://gitlab.com/gitlab-org/gitlab/-/issues/344022),
> pin the version of SAST analyser image to version 2.28.5.
6. [ ] Arrange an one-on-one meeting with a teaching assistant to demonstrate
your work. You are expected to be able to:
- Explain the process of setting up the deployment environment of your group
- Explain and demonstrate how to create a CI/CD pipeline on GitLab CSUI.
- Describe how to customise the SAST behaviour when running on GitLab CSUI.
- Describe and compare their experience on using SonarQube and GitLab's SAST
in performing static analysis on code quality and possible security-related
## References
- [GitLab CI/CD Reference on GitLab CSUI](https://gitlab.cs.ui.ac.id/help/ci/yaml/README.md)
- [SAST Documentation on GitLab CSUI](https://gitlab.cs.ui.ac.id/help/user/application_security/sast/index.md)
# Course Information (2021)
Course instructors:
- [Dr. Ade Azurat](https://rse.cs.ui.ac.id/?open=staff/ade)
> Responsible for the first half of the course.
- [Daya Adianto, M.Kom.](https://me.adian.to)
> Responsible for the latter half of the course.
Teaching assistants:
- Adrika Novrialdi, S.Kom.
- Samuel Tupa Febrian, S.Kom.
# Welcome to MkDocs
For full documentation visit [mkdocs.org](https://www.mkdocs.org).
## Commands
* `mkdocs new [dir-name]` - Create a new project.
* `mkdocs serve` - Start the live-reloading docs server.
* `mkdocs build` - Build the documentation site.
* `mkdocs -h` - Print help message and exit.
## Project layout
mkdocs.yml # The configuration file.
index.md # The documentation homepage.
... # Other markdown pages, images and other files.
# Home
Good day! Welcome to the website of Software Quality Assurance (SQA) course at
the Faculty of Computer Science Universitas Indonesia. At this moment, the site
only contains the exercises used in the lectures and the problem sets used
during the interview exam. We will add the course information in the future.
......@@ -2,9 +2,15 @@
site_name: Software Quality Assurance
site_description: >-
The website of Software Quality Assurance (SQA)/Penjaminan Mutu Perangkat
Lunak (PMPL) at the Faculty of Computer Science Universitas Indonesia
Lunak (PMPL) course at the Faculty of Computer Science Universitas Indonesia.
site_author: Daya Adianto
copyright: Copyright © 2021 Faculty of Computer Science Universitas Indonesia
repo_url: https://gitlab.cs.ui.ac.id/pmpl/course-site
repo_name: GitLab @ CSUI
- Home: index.md
- Year 2021:
- Course Page: 2021/index.md
- Exercise 1: 2021/ex1.md
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment