-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy path.gitlab-ci.yml
56 lines (52 loc) · 1.82 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
stages:
- prepare-ci-image
- prepare
- build
- test
- verify
- deploy
variables:
REGISTRY_URL: "registry.planning.nl"
REGISTRY_IMAGE: "registry.planning.nl/emulating-k8s/emulating-k8s"
CI_IMAGE: "$REGISTRY_IMAGE/build-image-$CI_COMMIT_REF_SLUG"
VK_IMAGE: "$REGISTRY_IMAGE/apatelet-$CI_COMMIT_REF_SLUG"
CP_IMAGE: "$REGISTRY_IMAGE/controlplane-$CI_COMMIT_REF_SLUG"
GOPATH: "$CI_PROJECT_DIR/.go"
DS_EXCLUDED_PATHS: ".go" # Exclude the caching dir from scans (doesn't work for now, https://gitlab.com/gitlab-org/gitlab/-/issues/10030)
SAST_EXCLUDED_PATHS: ".go" # Exclude the caching dir from scans (doesn't work for now, https://gitlab.com/gitlab-org/gitlab/-/issues/10030)
# Taken from the following minus kubesec (because SCAN_KUBERNETES_MANIFESTS was somehow always set to true)
# https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml#L15
SAST_DEFAULT_ANALYZERS: "brakeman, gosec, flawfinder, security-code-scan, secrets, sobelow"
DOCKER_BUILDKIT: 1
prepare-ci-image:
stage: prepare-ci-image
image: docker:latest
only:
changes:
- ci/build-image/Dockerfile
- .gitlab-ci.yml
services:
- docker:dind
before_script:
- docker login -u "$REGISTRY_USER" -p "$REGISTRY_PASSWORD" $REGISTRY_URL
- cd ./ci/build-image
script:
- docker pull "$CI_IMAGE" || true
- docker build --cache-from $CI_IMAGE -t "$CI_IMAGE" .
- docker push "$CI_IMAGE"
default:
image: $CI_IMAGE
before_script:
- mkdir -p .go
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
- .go/pkg/mod/
# Include all other ci files
include:
- template: Dependency-Scanning.gitlab-ci.yml
- template: License-Scanning.gitlab-ci.yml
- template: SAST.gitlab-ci.yml
- local: ci/build.gitlab-ci.yml
- local: ci/test.gitlab-ci.yml
- local: ci/sa.gitlab-ci.yml