Configure SAST in .gitlab-ci.yml, creating this file if it does not already exist
This commit is contained in:
@@ -1,72 +1,80 @@
|
||||
stages:
|
||||
- build
|
||||
- upload
|
||||
- release
|
||||
- test
|
||||
- build
|
||||
- upload
|
||||
- release
|
||||
|
||||
sast:
|
||||
stage: test
|
||||
include:
|
||||
- template: Security/SAST.gitlab-ci.yml
|
||||
|
||||
build-docker:
|
||||
stage: build
|
||||
only:
|
||||
- tags
|
||||
- tags
|
||||
image: docker:19.03.12
|
||||
services:
|
||||
- docker:19.03.12-dind
|
||||
- docker:19.03.12-dind
|
||||
variables:
|
||||
IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
|
||||
IMAGE_TAG: "$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG"
|
||||
script:
|
||||
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
||||
- docker build -t $CI_REGISTRY_IMAGE:latest -t $IMAGE_TAG .
|
||||
- docker build -t $IMAGE_TAG -t $CI_REGISTRY_IMAGE:latest .
|
||||
- docker push $IMAGE_TAG
|
||||
- docker push $CI_REGISTRY_IMAGE:latest
|
||||
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
||||
- docker build -t $CI_REGISTRY_IMAGE:latest -t $IMAGE_TAG .
|
||||
- docker build -t $IMAGE_TAG -t $CI_REGISTRY_IMAGE:latest .
|
||||
- docker push $IMAGE_TAG
|
||||
- docker push $CI_REGISTRY_IMAGE:latest
|
||||
|
||||
build-binary:
|
||||
stage: build
|
||||
only:
|
||||
- tags
|
||||
- tags
|
||||
image: golang:1.17.3
|
||||
before_script:
|
||||
- cd $GOPATH/src
|
||||
- mkdir -p gitlab.com/$CI_PROJECT_NAMESPACE
|
||||
- cd gitlab.com/$CI_PROJECT_NAMESPACE
|
||||
- ln -s $CI_PROJECT_DIR
|
||||
- cd $CI_PROJECT_NAME
|
||||
- cd $GOPATH/src
|
||||
- mkdir -p gitlab.com/$CI_PROJECT_NAMESPACE
|
||||
- cd gitlab.com/$CI_PROJECT_NAMESPACE
|
||||
- ln -s $CI_PROJECT_DIR
|
||||
- cd $CI_PROJECT_NAME
|
||||
script:
|
||||
- CGO_ENABLED=0 GOARCH=amd64 GOOS=darwin go build -o bin/iPilot-${CI_COMMIT_TAG}-darwin-amd64
|
||||
- CGO_ENABLED=0 GOARCH=arm64 GOOS=darwin go build -o bin/iPilot-${CI_COMMIT_TAG}-darwin-arm64
|
||||
- CGO_ENABLED=0 GOARCH=amd64 GOOS=linux go build -o bin/iPilot-${CI_COMMIT_TAG}-linux-amd64
|
||||
- CGO_ENABLED=0 GOARCH=amd64 GOOS=windows go build -o bin/iPilot-${CI_COMMIT_TAG}-win-amd64.exe
|
||||
- CGO_ENABLED=0 GOARCH=386 GOOS=windows go build -o bin/iPilot-${CI_COMMIT_TAG}-win-x86.exe
|
||||
- CGO_ENABLED=0 GOARCH=amd64 GOOS=darwin go build -o bin/iPilot-${CI_COMMIT_TAG}-darwin-amd64
|
||||
- CGO_ENABLED=0 GOARCH=arm64 GOOS=darwin go build -o bin/iPilot-${CI_COMMIT_TAG}-darwin-arm64
|
||||
- CGO_ENABLED=0 GOARCH=amd64 GOOS=linux go build -o bin/iPilot-${CI_COMMIT_TAG}-linux-amd64
|
||||
- CGO_ENABLED=0 GOARCH=amd64 GOOS=windows go build -o bin/iPilot-${CI_COMMIT_TAG}-win-amd64.exe
|
||||
- CGO_ENABLED=0 GOARCH=386 GOOS=windows go build -o bin/iPilot-${CI_COMMIT_TAG}-win-x86.exe
|
||||
artifacts:
|
||||
paths:
|
||||
- bin/
|
||||
- bin/
|
||||
|
||||
upload:
|
||||
stage: upload
|
||||
image: curlimages/curl:latest
|
||||
rules:
|
||||
- if: $CI_COMMIT_TAG
|
||||
- if: "$CI_COMMIT_TAG"
|
||||
dependencies:
|
||||
- build-binary
|
||||
before_script:
|
||||
- ls
|
||||
- pwd
|
||||
- build-binary
|
||||
script:
|
||||
- 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file bin/iPilot-${CI_COMMIT_TAG}-darwin-amd64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-darwin-amd64"'
|
||||
- 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file bin/iPilot-${CI_COMMIT_TAG}-darwin-arm64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-darwin-arm64"'
|
||||
- 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file bin/iPilot-${CI_COMMIT_TAG}-linux-amd64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-linux-amd64"'
|
||||
- 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file bin/iPilot-${CI_COMMIT_TAG}-win-amd64.exe "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-win-amd64.exe"'
|
||||
- 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file bin/iPilot-${CI_COMMIT_TAG}-win-x86.exe "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-win-x86.exe"'
|
||||
- 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file bin/iPilot-${CI_COMMIT_TAG}-darwin-amd64
|
||||
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-darwin-amd64"'
|
||||
- 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file bin/iPilot-${CI_COMMIT_TAG}-darwin-arm64
|
||||
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-darwin-arm64"'
|
||||
- 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file bin/iPilot-${CI_COMMIT_TAG}-linux-amd64
|
||||
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-linux-amd64"'
|
||||
- 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file bin/iPilot-${CI_COMMIT_TAG}-win-amd64.exe
|
||||
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-win-amd64.exe"'
|
||||
- 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file bin/iPilot-${CI_COMMIT_TAG}-win-x86.exe
|
||||
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-win-x86.exe"'
|
||||
|
||||
release:
|
||||
stage: release
|
||||
image: registry.gitlab.com/gitlab-org/release-cli:v0.4.0
|
||||
rules:
|
||||
- if: $CI_COMMIT_TAG
|
||||
- if: "$CI_COMMIT_TAG"
|
||||
script:
|
||||
- |
|
||||
release-cli create --name "$CI_COMMIT_TAG" --tag-name $CI_COMMIT_TAG \
|
||||
--assets-link "{\"name\":\"iPilot-${CI_COMMIT_TAG}-darwin-amd64\",\"url\":\"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-darwin-amd64\"}" \
|
||||
--assets-link "{\"name\":\"iPilot-${CI_COMMIT_TAG}-darwin-arm64\",\"url\":\"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-darwin-arm64\"}" \
|
||||
--assets-link "{\"name\":\"iPilot-${CI_COMMIT_TAG}-linux-amd64\",\"url\":\"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-linux-amd64\"}" \
|
||||
--assets-link "{\"name\":\"iPilot-${CI_COMMIT_TAG}-win-amd64.exe\",\"url\":\"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-win-amd64.exe\"}" \
|
||||
--assets-link "{\"name\":\"iPilot-${CI_COMMIT_TAG}-win-x86.exe\",\"url\":\"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-win-x86.exe\"}"
|
||||
- |
|
||||
release-cli create --name "$CI_COMMIT_TAG" --tag-name $CI_COMMIT_TAG \
|
||||
--assets-link "{\"name\":\"iPilot-${CI_COMMIT_TAG}-darwin-amd64\",\"url\":\"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-darwin-amd64\"}" \
|
||||
--assets-link "{\"name\":\"iPilot-${CI_COMMIT_TAG}-darwin-arm64\",\"url\":\"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-darwin-arm64\"}" \
|
||||
--assets-link "{\"name\":\"iPilot-${CI_COMMIT_TAG}-linux-amd64\",\"url\":\"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-linux-amd64\"}" \
|
||||
--assets-link "{\"name\":\"iPilot-${CI_COMMIT_TAG}-win-amd64.exe\",\"url\":\"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-win-amd64.exe\"}" \
|
||||
--assets-link "{\"name\":\"iPilot-${CI_COMMIT_TAG}-win-x86.exe\",\"url\":\"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-win-x86.exe\"}"
|
||||
|
||||
Reference in New Issue
Block a user