Steampunk Spotter

How to Use Steampunk Spotter in GitLab CI/CD

July 7, 2023 - Words by  The Spotter team - 4 min read

Card image caption

You can use Steampunk Spotter in many diverse ways and integrate it with your favorite tools. In this blog post, we look at how to use Spotter with GitLab CI/CD. We will demonstrate how you can use it to scan Ansible content within your GitLab repository.

Create a new Git repository on GitLab

First, you open GitLab and create a new Git repository. To create a new project, click on “New project” and select “Create blank project,” then name the repository “spotter-gitlab-ci” and choose to initialize it with a README file while keeping it private.

Create a new YAML file with the test playbook

Now you can create a new Ansible Playbook that you want to scan with Spotter. To add a new file, click on the plus icon and select “New file,” then name the YAML file “playbook.yaml,” and paste the playbook into the file.

You can use the sample playbook provided or replace it with your own content. Here’s an example:

- name: Sample playbook 
  hosts: localhost 

    - name: Create a new Sensu Go user 
        password: "{{ lookup('env', 'SENSU_USER_PASSWORD') }}" 

    - name: Get the payload from the API 
        url: "/some-url" 
        method: GET 
        user: "username1" 

Commit the changes, and you’re done.

Configure the API token authentication

To authenticate Spotter in CI/CD, open the Spotter app and go to the user settings, click on “API tokens” to generate a new token named “gitlab,” then copy the generated API token.

Return to your GitLab repository, access the settings, navigate to “CI/CD,” search for “Variables,” and choose “Add variable.” Name it “SPOTTER_API_TOKEN” and paste the API token into the field.

Configure and run the CI/CD

Now that we have a GitLab project with our playbook, we need to configure CI/CD to scan Ansible content with Spotter.

To set up CI/CD in your repository, create a new YAML file that must be named “.gitlab-ci.yml,” for GitLab CI/CD to automatically detect it.

You can use the sample playbook provided or replace it with your own content. Here’s an example:

  stage: test 
    entrypoint: [""] 
    - spotter scan --upload-values --upload-metadata --ansible-version 2.14 --format junit_xml --output report.xml .
    when: always 
      junit: report.xml 

In this configuration, we have one test stage where we will scan our playbook. We use the latest Spotter CLI Docker image and authenticate to the CLI using the API token generated in the Spotter App’s user settings. The script section runs the spotter scan command, specifying options such as scanning Ansible module parameter values and metadata, targeting Ansible version 2.14, and generating JUnit XML reports for GitLab CI/CD.

Commit the changes and observe if the CI/CD pipeline starts running.

Scan result

You can view the scan results once the CI/CD pipeline starts running. To review the running CI/CD pipeline, check its status. If the pipeline fails, click “Tests” and navigate to the “spotter-scan” job. There, you will find a summary of the scan results, which include errors, warnings, and hints. For further details, explore the individual check results.

Gear up for success: harness Steampunk Spotter’s magic in GitLab CI/CD

It is effortless to integrate Spotter into your GitLab CI/CD pipeline. Our step-by-step guide walks you through the process, starting from creating a new repository to configuring and running CI/CD with Spotter’s advanced features. You can customize your scanning experience with Spotter’s flexible configuration options. Set your desired Ansible version, skip and enforce checks, and view the results in your preferred format.

Scan, explore, and conquer! The path to flawless Ansible content awaits you with Steampunk Spotter. Try Spotter out and begin your Spotter journey today.