109 lines
2.1 KiB
YAML
109 lines
2.1 KiB
YAML
---
|
|
|
|
default:
|
|
image: $CI_REGISTRY_IMAGE:latest
|
|
|
|
include:
|
|
- template: Code-Quality.gitlab-ci.yml
|
|
- template: Container-Scanning.gitlab-ci.yml
|
|
- template: SAST.gitlab-ci.yml
|
|
- template: Security/Dependency-Scanning.gitlab-ci.yml
|
|
- template: Security/License-Scanning.gitlab-ci.yml
|
|
- template: Security/Secret-Detection.gitlab-ci.yml
|
|
|
|
stages:
|
|
- build
|
|
- test
|
|
- qa
|
|
- security
|
|
- release
|
|
- docker
|
|
- misc
|
|
|
|
build:
|
|
stage: build
|
|
needs: []
|
|
script:
|
|
- make
|
|
artifacts:
|
|
paths:
|
|
- terraform-provider-garage
|
|
expire_in: 1 week
|
|
|
|
test:
|
|
stage: test
|
|
needs: []
|
|
script:
|
|
- make test
|
|
|
|
pre commit:
|
|
stage: qa
|
|
needs: []
|
|
script:
|
|
- pre-commit run --all-files
|
|
|
|
code_quality:
|
|
stage: qa
|
|
needs: []
|
|
|
|
license_scanning:
|
|
stage: qa
|
|
needs: []
|
|
|
|
sast:
|
|
stage: security
|
|
needs: []
|
|
|
|
dependency_scanning:
|
|
stage: security
|
|
needs: []
|
|
|
|
secret_detection:
|
|
stage: security
|
|
needs: []
|
|
|
|
release:
|
|
stage: release
|
|
variables:
|
|
# Disable shallow cloning so that goreleaser can diff between tags to
|
|
# generate a changelog.
|
|
GIT_DEPTH: 0
|
|
script:
|
|
- gpg --import < $TERRAFORM_GPG_PRIV_KEY_FILE
|
|
- GITHUB_TOKEN= goreleaser release -f .goreleaser.gitlab.yml --rm-dist
|
|
- GITLAB_TOKEN= goreleaser release -f .goreleaser.github.yml --rm-dist
|
|
artifacts:
|
|
paths:
|
|
- dist/
|
|
expire_in: never
|
|
only:
|
|
- tags
|
|
|
|
docker build:
|
|
stage: docker
|
|
needs: []
|
|
image:
|
|
name: gcr.io/kaniko-project/executor:debug
|
|
entrypoint: [""]
|
|
before_script:
|
|
- mkdir -p /kaniko/.docker
|
|
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
|
|
script:
|
|
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA --destination $CI_REGISTRY_IMAGE:latest
|
|
|
|
code_navigation:
|
|
stage: misc
|
|
image: sourcegraph/lsif-go:v1
|
|
needs: []
|
|
script:
|
|
- lsif-go
|
|
allow_failure: true # recommended
|
|
artifacts:
|
|
reports:
|
|
lsif: dump.lsif
|
|
|
|
container_scanning:
|
|
stage: misc
|
|
needs:
|
|
- docker build
|