Sample YAML files for CI/CD Integration

Note: Refer the sample YAML files given in this section and configure them accordingly for other CICD tools with the help of your Devops Engineers.

Sample Linux Executable YAML File

stages:
  - pqc-scan
variables:
  GIT_DEPTH: "0"  #Full clone depth to include .git directory.
pqc_code_scan:
  stage: pqc-scan
  image: ubuntu:latest
  before_script:
    # Prerequisite: Agent binary, `config.ini`, and `secret.key`
    # Prerequisite: Provide executable permission  to agent.
    - chmod +x ./code-scan-agent
    # Prerequisite: Prepare output + log directories.
    - mkdir -p scan-output scan-logs
  script:
    # Single mandatory execution step: runs the scan agent with required arguments. Provide the location of source code in argument --input-folder which was checkout or cloned.
    - ./code-scan-agent \
        --input-folder /path/to/source-directory" \
        --output-folder scan-output \
        --config /path/to/config.ini \
        --log-dir scan-logs \
        --key s/path/to/secret.key
  artifacts:
    paths:
      - scan-output
      - scan-logs
    expire_in: 1 week

Sample Docker Executable YAML File

stages:
  - pqc-scan

variables:
  GIT_DEPTH: "0"  # Full clone depth to include .git directory.

pqc_code_scan:
  stage: pqc-scan
  image: ubuntu:latest
  before_script:
    # Prerequisite: Agent image, `config.ini`, and `secret.key` .
    - docker load -i code-scan-agent-image-v1.0.0.tar.gz
    # Prerequisite: Prepare output + log directories.
    - mkdir -p output-folder log-folder
  script:
    # Single mandatory execution step: runs the scan agent with required arguments. Provide the location of source code in argument --input-folder which was checked out or cloned.
    - |
      docker run --rm \
        -v "/path/to/input-folder:/input-folder-name" \
        -v "/path/to/output-folder:/output-folder" \
        -v "/path/to/config.ini:/config.ini" \
        -v "/path/to/secret.key:/secret.key" \
        -v "/path/to/log-folder:/logs" \
        code-scan-agent:v1.0.0 \
        --input-folder /input-folder-name \
        --output-folder /output-folder \
        --log-dir /logs \
        --config /config.ini \
        --key /secret.key
  artifacts:
    paths:
      - output-folder
      - log-folder
    expire_in: 1 week

Sample Windows Executable YAML File

stages:
    - trigger-pqc-assessment

code-scan-windows:
  stage: trigger-pqc-assessment  
  tags:
    - pqc_runner_windows_11
  
  variables:
    GIT_DEPTH: "0"
    GIT_STRATEGY: fetch
    GIT_CHECKOUT: "true"

  before_script:
    - cd "$env:CI_PROJECT_DIR"
     # Checkout actual branch name
    - git checkout "$env:CI_COMMIT_REF_NAME"
    - Get-ChildItem -Force
    - New-Item -ItemType Directory -Force -Path "$env:CI_PROJECT_DIR\output-folder", "$env:CI_PROJECT_DIR\logs"

  script:
    - echo "Running code scan agent..."
    - 'C:\code-scan-agent\code-scan-agent.exe --input-folder "$env:CI_PROJECT_DIR" --output-folder "$env:CI_PROJECT_DIR\output-folder" --config "C:\code-scan-agent\config.ini" --key "C:\code-scan-agent\secret.key" --log-dir "$env:CI_PROJECT_DIR\logs"'


  artifacts:
    paths:
      - output-folder
      - logs 
    expire_in: 1 week