10.5 Update the .gitignore, .gitlab-ci.yml, and Dockerfile templates

vendor/gitignore/Android.gitignore

@@ -54,3 +54,10 @@ google-services.json
 freeline.py
 freeline/
 freeline_project_description.json
+
+# fastlane
+fastlane/report.xml
+fastlane/Preview.html
+fastlane/screenshots
+fastlane/test_output
+fastlane/readme.md

vendor/gitignore/Dart.gitignore

@@ -1,6 +1,7 @@
 # See https://www.dartlang.org/tools/private-files.html
 
 # Files and directories created by pub
+.dart_tool/
 .packages
 .pub/
 build/

vendor/gitignore/Global/JetBrains.gitignore

@@ -1,4 +1,4 @@
-# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and WebStorm
 # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
 
 # User-specific stuff:
@@ -9,7 +9,6 @@
 # Sensitive or high-churn files:
 .idea/**/dataSources/
 .idea/**/dataSources.ids
-.idea/**/dataSources.xml
 .idea/**/dataSources.local.xml
 .idea/**/sqlDataSources.xml
 .idea/**/dynamic.xml

vendor/gitignore/Python.gitignore

@@ -45,6 +45,7 @@ nosetests.xml
 coverage.xml
 *.cover
 .hypothesis/
+.pytest_cache/
 
 # Translations
 *.mo

vendor/gitignore/ROS.gitignore

@@ -13,6 +13,8 @@ msg/*Feedback.msg
 msg/*Goal.msg
 msg/*Result.msg
 msg/_*.py
+build_isolated/
+devel_isolated/
 
 # Generated by dynamic reconfigure
 *.cfgc

vendor/gitignore/TeX.gitignore

@@ -10,6 +10,7 @@
 *.fot
 *.cb
 *.cb2
+.*.lb
 
 ## Intermediate documents:
 *.dvi

vendor/gitignore/VisualStudio.gitignore

@@ -237,6 +237,7 @@ _UpgradeReport_Files/
 Backup*/
 UpgradeLog*.XML
 UpgradeLog*.htm
+ServiceFabricBackup/
 
 # SQL Server files
 *.mdf

vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml

@@ -110,12 +110,15 @@ performance:
     kubernetes: active
 
 sast:
-  image: registry.gitlab.com/gitlab-org/gl-sast:latest
+  image: docker:latest
   variables:
-    POSTGRES_DB: "false"
+    DOCKER_DRIVER: overlay2
   allow_failure: true
+  services:
+    - docker:dind
   script:
-    - sast .
+    - setup_docker
+    - sast
   artifacts:
     paths: [gl-sast-report.json]
 
@@ -285,6 +288,12 @@ production:
   export TILLER_NAMESPACE=$KUBE_NAMESPACE
 
   function sast_container() {
+    if [[ -n "$CI_REGISTRY_USER" ]]; then
+      echo "Logging to GitLab Container Registry with CI credentials..."
+      docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
+      echo ""
+    fi
+
     docker run -d --name db arminc/clair-db:latest
     docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
     apk add -U wget ca-certificates
@@ -309,7 +318,12 @@ production:
   function sast() {
     case "$CI_SERVER_VERSION" in
       *-ee)
-        /app/bin/run "$@"
+        # Extract "MAJOR.MINOR" from CI_SERVER_VERSION and generate "MAJOR-MINOR-stable"
+        SAST_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
+
+        docker run --volume "$PWD:/code" \
+                   --volume /var/run/docker.sock:/var/run/docker.sock \
+                   "registry.gitlab.com/gitlab-org/security-products/sast:$SAST_VERSION" /app/bin/run /code
         ;;
       *)
         echo "GitLab EE is required"
@@ -346,6 +360,12 @@ production:
       replicas="$new_replicas"
     fi
 
+    if [[ "$CI_PROJECT_VISIBILITY" != "public" ]]; then
+      secret_name='gitlab-registry'
+    else
+      secret_name=''
+    fi
+
     helm upgrade --install \
       --wait \
       --set service.enabled="$service_enabled" \
@@ -353,6 +373,7 @@ production:
       --set image.repository="$CI_APPLICATION_REPOSITORY" \
       --set image.tag="$CI_APPLICATION_TAG" \
       --set image.pullPolicy=IfNotPresent \
+      --set image.secrets[0].name="$secret_name" \
       --set application.track="$track" \
       --set application.database_url="$DATABASE_URL" \
       --set service.url="$CI_ENVIRONMENT_URL" \
@@ -482,6 +503,9 @@ production:
 
   function create_secret() {
     echo "Create secret..."
+    if [[ "$CI_PROJECT_VISIBILITY" == "public" ]]; then
+      return
+    fi
 
     kubectl create secret -n "$KUBE_NAMESPACE" \
       docker-registry gitlab-registry \