feat: initial template version

### STS ###

.apt_generated

.classpath

.factorypath

.project

.settings

.springBeans

.sts4-cache

### IntelliJ IDEA ###

.idea

*.iws

*.iml

*.ipr

### NetBeans ###

/nbproject/private/

/build/

/nbbuild/

/dist/

/nbdist/

/.nb-gradle/

 No newline at end of file

include:

  - project: 'to-be-continuous/tools/gitlab-ci'

    ref: 'master'

    file: '/templates/validation.yml'

  - project: 'to-be-continuous/kicker'

    ref: 'master'

    file: '/templates/validation.yml'

  - project: 'to-be-continuous/bash'

    ref: '1.0.0'

    file: 'templates/gitlab-ci-bash.yml'

  - project: 'to-be-continuous/semantic-release'

    ref: '2.0.2'

    file: '/templates/gitlab-ci-semrel.yml' 

stages:

  - build

  - publish

variables:

  GITLAB_CI_FILES: "templates/gitlab-ci-mobsf.yml"

  BASH_SHELLCHECK_FILES: "*.sh"

# extract the Bash script from template (for ShellCheck job)

extract-script:

  stage: .pre

  script:

    - echo "#!/bin/bash" > script.sh

    - sed -n '/BEGSCRIPT/,/ENDSCRIPT/p' "$GITLAB_CI_FILES" | sed 's/^  //' >> script.sh

    - export LC_ALL=C.UTF-8

  artifacts:

    when: always

    name: extracted template script

    expire_in: 1h

    paths:

      - script.sh

semantic-release:

  rules:

    # on production branch(es): auto if SEMREL_AUTO_RELEASE_ENABLED

    - if: '$TMPL_RELEASE_ENABLED == "true" && $CI_COMMIT_REF_NAME =~ $PROD_REF'

plugins: [

  "@semantic-release/commit-analyzer",

  "@semantic-release/release-notes-generator",

  "@semantic-release/gitlab",

  "@semantic-release/changelog",

  [

    "@semantic-release/exec",

    {

      "prepareCmd": "./bumpversion.sh \"${lastRelease.version}\" \"${nextRelease.version}\" \"${nextRelease.type}\""

    }

  ],

  [

    "@semantic-release/git",

    {

      "assets": ["*.md", "templates/*.yml"]

    }

  ]

]

branches:

  - "master"

tagFormat: "${version}"

# GitLab CI template Skeleton

# GitLab CI template for MobSF

This is a skeleton project for starting a new _to be continuous_ template.

This project implements a generic GitLab CI template for [MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF).

You shall fork it when you want to start developing a new template.

MobSF is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Based on the kind of template (build, analyse, hosting, acceptance, ...), you should start working from one of the available `initial-xxx` branches, that each implement basic stuff.

## Usage

In order to include this template in your project, add the following to your `gitlab-ci.yml`:

```yaml

include:

  - project: 'to-be-continuous/mobsf'

    ref: '1.0.0'

    file: '/templates/gitlab-ci-mobsf.yml'

```

## Global configuration

The MobSF template uses some global configuration used throughout all jobs.

| Name                     | description                                                 | default value                                  |

| ------------------------ | ----------------------------------------------------------- | ---------------------------------------------- |

| `MOBSF_CLIENT_IMAGE`     | The Docker image used to send requests to the MobSF server  | `kekel87/alpine-curl-jq-bash-coreutils:latest` |

| `MOBSF_SERVER_URL`       | URL of MobSF server                                         | _(none)_                                       |

| :lock: `MOBSF_API_KEY`   | API key of the MobSF server                                 | _(none)_                                       |

## Jobs

### `mobsf-app-scan` job

This job uploads the packaged mobile application (APK or IPA) to the MobSF server, requests a scan and gets the report.

It is bound to the `package-test` stage, and uses the following variables:

| Name                      | description                               | default value                  |

| ------------------------- | ----------------------------------------- | ------------------------------ |

| `MOBSF_APP_FILE`          | Application package file (APK or IPA)     | _(none)_                       |

### Secrets management

Here are some advices about your **secrets** (variables marked with a :lock:):

1. Manage them as [project or group CI/CD variables](https://docs.gitlab.com/ee/ci/variables/#create-a-custom-variable-in-the-ui):

    * [**masked**](https://docs.gitlab.com/ee/ci/variables/#mask-a-custom-variable) to prevent them from being inadvertently

      displayed in your job logs,

    * [**protected**](https://docs.gitlab.com/ee/ci/variables/#protect-a-custom-variable) if you want to secure some secrets

      you don't want everyone in the project to have access to (for instance production secrets).

2. In case a secret contains [characters that prevent it from being masked](https://docs.gitlab.com/ee/ci/variables/#masked-variable-requirements), 

  simply define its value as the [Base64](https://en.wikipedia.org/wiki/Base64) encoded value prefixed with `@b64@`:

  it will then be possible to mask it and the template will automatically decode it prior to using it.

3. Don't forget to escape special characters (ex: `$` -> `$$`).

#!/usr/bin/env bash

function log_info() {

  >&2 echo -e "[\\e[1;94mINFO\\e[0m] $*"

}

function log_warn() {

  >&2 echo -e "[\\e[1;93mWARN\\e[0m] $*"

}

function log_error() {

  >&2 echo -e "[\\e[1;91mERROR\\e[0m] $*"

}

# check number of arguments

if [[ "$#" -le 2 ]]; then

  log_error "Missing arguments"

  log_error "Usage: $0 <current version> <next version>"

  exit 1

fi

curVer=$1

nextVer=$2

relType=$3

if [[ "$curVer" ]]; then

  log_info "Bump version from \\e[33;1m${curVer}\\e[0m to \\e[33;1m${nextVer}\\e[0m (release type: $relType)..."

  # replace in README

  sed -e "s/ref: '$curVer'/ref: '$nextVer'/" README.md > README.md.next

  mv -f README.md.next README.md

  # replace in template and variants

  for tmpl in templates/*.yml

  do

    sed -e "s/\"$curVer\"/\"$nextVer\"/" "$tmpl" > "$tmpl.next"

    mv -f "$tmpl.next" "$tmpl"

  done

else

  log_info "Bump version to \\e[33;1m${nextVer}\\e[0m (release type: $relType): this is the first release (skip)..."

fi