Create the exercise specs on creating a CI pipeline

a4edca4c · Daya Adianto · a7822197 · a4edca4c · a4edca4c · a4edca4c
Commit a4edca4c authored Nov 10, 2021 by Daya Adianto
--- a/docs/2021/ex1.md
+++ b/docs/2021/ex1.md
+# Exercise 1: CI Pipeline & GitLab SAST
+
+You are asked to set up a CI/CD pipeline of the your group project
+**individually** by forking the existing group project codebase and updating
+the CI/CD configuration. As part of the exercise, you also need to prepare
+your own VM on Google Cloud Platform (GCP) and explore how to use Static
+Application Security Testing (SAST) on self-hosted GitLab (GitLab CSUI).
+
+For your information when setting up the GitLab CI/CD configuration that will
+be run on GitLab CSUI, the following is the overview of the CI infrastructure
+in our faculty:
+
+- We run GitLab CSUI using GitLab Enterprise Edition version 13.12.15.
+- The CI server runs 8 instances of GitLab Runner version 13.12.0.
+  - Each instance is running as a container with limited resources (2 CPU per
+    container) and disabled the privileged mode. Hence, it is not possible to
+    run a Docker-in-Docker (DIND) type of CI job.
+  - Each instance shares the cache between CI jobs using [Minio](https://min.io/).
+  - Each instance is also limited to run single CI job at a time.
+
+At the end of the exercise, do not forget to schedule an one-on-one meeting
+with a teaching assistant to demonstrate your work.
+
+## Tasks
+
+1. [ ] Create a new VM on GCP and provision it with the required dependencies
+   for running the group project.
+2. [ ] Fork the group project codebase into your own namespace on GitLab CSUI.
+3. [ ] Update the GitLab CI/CD configuration in your fork so the group project
+   is built and deployed to your own VM instead of the group's VM.
+   > Alternatively, try to work as a group to update the existing GitLab CI/CD
+   > configuration so that each member of the group only need to perform
+   > **minimal changes to the CI/CD configuration file** in their fork.
+   > It is also possible to have a CI/CD configuration that is so flexible
+   > even each member does not need to modify the configuration file at all
+   > on their fork.
+4. [ ] Make sure the group project is successfully deployed and run on your own
+   VM and can be accessed publicly.
+5. [ ] Add the SAST job into the CI/CD pipeline of your own fork and make sure
+   it runs.
+   > Due to [an ongoing issue on running the latest SAST image](https://gitlab.com/gitlab-org/gitlab/-/issues/344022),
+   > pin the version of SAST analyser image to version 2.28.5.
+6. [ ] Arrange an one-on-one meeting with a teaching assistant to demonstrate
+   your work. You are expected to be able to:
+    - Explain the process of setting up the deployment environment of your group
+      project.
+    - Explain and demonstrate how to create a CI/CD pipeline on GitLab CSUI.
+    - Describe how to customise the SAST behaviour when running on GitLab CSUI.
+    - Describe and compare their experience on using SonarQube and GitLab's SAST
+      in performing static analysis on code quality and possible security-related
+      issues.
+
+## References
+
+- [GitLab CI/CD Reference on GitLab CSUI](https://gitlab.cs.ui.ac.id/help/ci/yaml/README.md)
+- [SAST Documentation on GitLab CSUI](https://gitlab.cs.ui.ac.id/help/user/application_security/sast/index.md)
--- a/docs/2021/index.md
+++ b/docs/2021/index.md
+# Course Information (2021)
+
+Course instructors:
+
+- [Dr. Ade Azurat](https://rse.cs.ui.ac.id/?open=staff/ade)
+  > Responsible for the first half of the course.
+- [Daya Adianto, M.Kom.](https://me.adian.to)
+  > Responsible for the latter half of the course.
+
+Teaching assistants:
+
+- Adrika Novrialdi, S.Kom.
+- Samuel Tupa Febrian, S.Kom.
--- a/docs/index.md
+++ b/docs/index.md
-# Welcome to MkDocs
-
-For full documentation visit [mkdocs.org](https://www.mkdocs.org).
-
-## Commands
-
-* `mkdocs new [dir-name]` - Create a new project.
-* `mkdocs serve` - Start the live-reloading docs server.
-* `mkdocs build` - Build the documentation site.
-* `mkdocs -h` - Print help message and exit.
-
-## Project layout
-
-    mkdocs.yml    # The configuration file.
-    docs/
-        index.md  # The documentation homepage.
-        ...       # Other markdown pages, images and other files.
+# Home
+
+Good day! Welcome to the website of Software Quality Assurance (SQA) course at
+the Faculty of Computer Science Universitas Indonesia. At this moment, the site
+only contains the exercises used in the lectures and the problem sets used
+during the interview exam. We will add the course information in the future.
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -2,9 +2,15 @@
 site_name: Software Quality Assurance
 site_description: >-
  The website of Software Quality Assurance (SQA)/Penjaminan Mutu Perangkat
-  Lunak (PMPL) at the Faculty of Computer Science Universitas Indonesia
+  Lunak (PMPL) course at the Faculty of Computer Science Universitas Indonesia.
 site_author: Daya Adianto
 copyright: Copyright &copy; 2021 Faculty of Computer Science Universitas Indonesia

 repo_url: https://gitlab.cs.ui.ac.id/pmpl/course-site
 repo_name: GitLab @ CSUI
+
+nav:
+  - Home: index.md
+  - Year 2021:
+    - Course Page: 2021/index.md
+    - Exercise 1: 2021/ex1.md