terraform-provider-garage/.gitlab-ci.yml

---

default:
  image: $CI_REGISTRY_IMAGE:latest

include:
  - template: Code-Quality.gitlab-ci.yml
  - template: Container-Scanning.gitlab-ci.yml
  - template: SAST.gitlab-ci.yml
  - template: Security/Dependency-Scanning.gitlab-ci.yml
  - template: Security/License-Scanning.gitlab-ci.yml
  - template: Security/Secret-Detection.gitlab-ci.yml

stages:
  - build
  - test
  - qa
  - security
  - release
  - docker
  - misc

build:
  stage: build
  needs: []
  script:
    - make
  artifacts:
    paths:
      - terraform-provider-garage
    expire_in: 1 week

test:
  stage: test
  needs: []
  script:
    - make test

pre commit:
  stage: qa
  needs: []
  script:
    - pre-commit run --all-files

code_quality:
  stage: qa
  needs: []

license_scanning:
  stage: qa
  needs: []

sast:
  stage: security
  needs: []

dependency_scanning:
  stage: security
  needs: []

secret_detection:
  stage: security
  needs: []

release:
  stage: release
  variables:
    # Disable shallow cloning so that goreleaser can diff between tags to
    # generate a changelog.
    GIT_DEPTH: 0
  script:
    - gpg --import < $TERRAFORM_GPG_PRIV_KEY_FILE
    - GITHUB_TOKEN= goreleaser release -f .goreleaser.gitlab.yml --rm-dist
    - GITLAB_TOKEN= goreleaser release -f .goreleaser.github.yml --rm-dist
  artifacts:
    paths:
      - dist/
    expire_in: never
  only:
    - tags

docker build:
  stage: docker
  needs: []
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  before_script:
    - mkdir -p /kaniko/.docker
    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
  script:
    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA --destination $CI_REGISTRY_IMAGE:latest

code_navigation:
  stage: misc
  image: sourcegraph/lsif-go:v1
  needs: []
  script:
    - lsif-go
  allow_failure: true # recommended
  artifacts:
    reports:
      lsif: dump.lsif

container_scanning:
  stage: misc
  needs:
    - docker build
Initial commit Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@prologin.org> 2022-12-08 16:09:31 +00:00			`---`

			`default:`
			`image: $CI_REGISTRY_IMAGE:latest`

			`include:`
			`- template: Code-Quality.gitlab-ci.yml`
			`- template: Container-Scanning.gitlab-ci.yml`
			`- template: SAST.gitlab-ci.yml`
			`- template: Security/Dependency-Scanning.gitlab-ci.yml`
			`- template: Security/License-Scanning.gitlab-ci.yml`
			`- template: Security/Secret-Detection.gitlab-ci.yml`

			`stages:`
			`- build`
			`- test`
			`- qa`
			`- security`
			`- release`
			`- docker`
			`- misc`

			`build:`
			`stage: build`
			`needs: []`
			`script:`
			`- make`
			`artifacts:`
			`paths:`
			`- terraform-provider-garage`
			`expire_in: 1 week`

			`test:`
			`stage: test`
			`needs: []`
			`script:`
			`- make test`

			`pre commit:`
			`stage: qa`
			`needs: []`
			`script:`
			`- pre-commit run --all-files`

			`code_quality:`
			`stage: qa`
			`needs: []`

			`license_scanning:`
			`stage: qa`
			`needs: []`

			`sast:`
			`stage: security`
			`needs: []`

			`dependency_scanning:`
			`stage: security`
			`needs: []`

			`secret_detection:`
			`stage: security`
			`needs: []`

			`release:`
			`stage: release`
			`variables:`
			`# Disable shallow cloning so that goreleaser can diff between tags to`
			`# generate a changelog.`
			`GIT_DEPTH: 0`
			`script:`
			`- gpg --import < $TERRAFORM_GPG_PRIV_KEY_FILE`
			`- GITHUB_TOKEN= goreleaser release -f .goreleaser.gitlab.yml --rm-dist`
			`- GITLAB_TOKEN= goreleaser release -f .goreleaser.github.yml --rm-dist`
			`artifacts:`
			`paths:`
			`- dist/`
			`expire_in: never`
			`only:`
			`- tags`

			`docker build:`
			`stage: docker`
			`needs: []`
			`image:`
			`name: gcr.io/kaniko-project/executor:debug`
			`entrypoint: [""]`
			`before_script:`
			`- mkdir -p /kaniko/.docker`
			`- echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json`
			`script:`
			`- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA --destination $CI_REGISTRY_IMAGE:latest`

			`code_navigation:`
			`stage: misc`
			`image: sourcegraph/lsif-go:v1`
			`needs: []`
			`script:`
			`- lsif-go`
			`allow_failure: true # recommended`
			`artifacts:`
			`reports:`
			`lsif: dump.lsif`

			`container_scanning:`
			`stage: misc`
			`needs:`
			`- docker build`