From f60ffe3525ed6371e98daa6b4eb9755374b64544 Mon Sep 17 00:00:00 2001
From: Luke Tainton <luke@tainton.uk>
Date: Sat, 20 Nov 2021 23:29:00 +0000
Subject: [PATCH] Configure SAST in `.gitlab-ci.yml`, creating this file if it
 does not already exist

---
 .gitlab-ci.yml | 90 +++++++++++++++++++++++++++-----------------------
 1 file changed, 49 insertions(+), 41 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2f2280c..d9aec9c 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,72 +1,80 @@
 stages:
-  - build
-  - upload
-  - release
+- test
+- build
+- upload
+- release
+
+sast:
+  stage: test
+include:
+- template: Security/SAST.gitlab-ci.yml
 
 build-docker:
   stage: build
   only:
-    - tags
+  - tags
   image: docker:19.03.12
   services:
-    - docker:19.03.12-dind
+  - docker:19.03.12-dind
   variables:
-    IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
+    IMAGE_TAG: "$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG"
   script:
-    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
-    - docker build -t $CI_REGISTRY_IMAGE:latest -t $IMAGE_TAG .
-    - docker build -t $IMAGE_TAG -t $CI_REGISTRY_IMAGE:latest .
-    - docker push $IMAGE_TAG
-    - docker push $CI_REGISTRY_IMAGE:latest
+  - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+  - docker build -t $CI_REGISTRY_IMAGE:latest -t $IMAGE_TAG .
+  - docker build -t $IMAGE_TAG -t $CI_REGISTRY_IMAGE:latest .
+  - docker push $IMAGE_TAG
+  - docker push $CI_REGISTRY_IMAGE:latest
 
 build-binary:
   stage: build
   only:
-    - tags
+  - tags
   image: golang:1.17.3
   before_script:
-    - cd $GOPATH/src
-    - mkdir -p gitlab.com/$CI_PROJECT_NAMESPACE
-    - cd gitlab.com/$CI_PROJECT_NAMESPACE
-    - ln -s $CI_PROJECT_DIR
-    - cd $CI_PROJECT_NAME
+  - cd $GOPATH/src
+  - mkdir -p gitlab.com/$CI_PROJECT_NAMESPACE
+  - cd gitlab.com/$CI_PROJECT_NAMESPACE
+  - ln -s $CI_PROJECT_DIR
+  - cd $CI_PROJECT_NAME
   script:
-    - CGO_ENABLED=0 GOARCH=amd64 GOOS=darwin go build -o bin/iPilot-${CI_COMMIT_TAG}-darwin-amd64
-    - CGO_ENABLED=0 GOARCH=arm64 GOOS=darwin go build -o bin/iPilot-${CI_COMMIT_TAG}-darwin-arm64
-    - CGO_ENABLED=0 GOARCH=amd64 GOOS=linux go build -o bin/iPilot-${CI_COMMIT_TAG}-linux-amd64
-    - CGO_ENABLED=0 GOARCH=amd64 GOOS=windows go build -o bin/iPilot-${CI_COMMIT_TAG}-win-amd64.exe
-    - CGO_ENABLED=0 GOARCH=386 GOOS=windows go build -o bin/iPilot-${CI_COMMIT_TAG}-win-x86.exe
+  - CGO_ENABLED=0 GOARCH=amd64 GOOS=darwin go build -o bin/iPilot-${CI_COMMIT_TAG}-darwin-amd64
+  - CGO_ENABLED=0 GOARCH=arm64 GOOS=darwin go build -o bin/iPilot-${CI_COMMIT_TAG}-darwin-arm64
+  - CGO_ENABLED=0 GOARCH=amd64 GOOS=linux go build -o bin/iPilot-${CI_COMMIT_TAG}-linux-amd64
+  - CGO_ENABLED=0 GOARCH=amd64 GOOS=windows go build -o bin/iPilot-${CI_COMMIT_TAG}-win-amd64.exe
+  - CGO_ENABLED=0 GOARCH=386 GOOS=windows go build -o bin/iPilot-${CI_COMMIT_TAG}-win-x86.exe
   artifacts:
     paths:
-      - bin/
+    - bin/
 
 upload:
   stage: upload
   image: curlimages/curl:latest
   rules:
-    - if: $CI_COMMIT_TAG
+  - if: "$CI_COMMIT_TAG"
   dependencies:
-    - build-binary
-  before_script:
-    - ls
-    - pwd
+  - build-binary
   script:
-    - 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file bin/iPilot-${CI_COMMIT_TAG}-darwin-amd64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-darwin-amd64"'
-    - 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file bin/iPilot-${CI_COMMIT_TAG}-darwin-arm64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-darwin-arm64"'
-    - 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file bin/iPilot-${CI_COMMIT_TAG}-linux-amd64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-linux-amd64"'
-    - 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file bin/iPilot-${CI_COMMIT_TAG}-win-amd64.exe "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-win-amd64.exe"'
-    - 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file bin/iPilot-${CI_COMMIT_TAG}-win-x86.exe "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-win-x86.exe"'
+  - 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file bin/iPilot-${CI_COMMIT_TAG}-darwin-amd64
+    "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-darwin-amd64"'
+  - 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file bin/iPilot-${CI_COMMIT_TAG}-darwin-arm64
+    "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-darwin-arm64"'
+  - 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file bin/iPilot-${CI_COMMIT_TAG}-linux-amd64
+    "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-linux-amd64"'
+  - 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file bin/iPilot-${CI_COMMIT_TAG}-win-amd64.exe
+    "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-win-amd64.exe"'
+  - 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file bin/iPilot-${CI_COMMIT_TAG}-win-x86.exe
+    "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-win-x86.exe"'
 
 release:
   stage: release
   image: registry.gitlab.com/gitlab-org/release-cli:v0.4.0
   rules:
-    - if: $CI_COMMIT_TAG
+  - if: "$CI_COMMIT_TAG"
   script:
-    - |
-      release-cli create --name "$CI_COMMIT_TAG" --tag-name $CI_COMMIT_TAG \
-        --assets-link "{\"name\":\"iPilot-${CI_COMMIT_TAG}-darwin-amd64\",\"url\":\"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-darwin-amd64\"}" \
-        --assets-link "{\"name\":\"iPilot-${CI_COMMIT_TAG}-darwin-arm64\",\"url\":\"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-darwin-arm64\"}" \
-        --assets-link "{\"name\":\"iPilot-${CI_COMMIT_TAG}-linux-amd64\",\"url\":\"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-linux-amd64\"}" \
-        --assets-link "{\"name\":\"iPilot-${CI_COMMIT_TAG}-win-amd64.exe\",\"url\":\"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-win-amd64.exe\"}" \
-        --assets-link "{\"name\":\"iPilot-${CI_COMMIT_TAG}-win-x86.exe\",\"url\":\"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-win-x86.exe\"}"
+  - |
+    release-cli create --name "$CI_COMMIT_TAG" --tag-name $CI_COMMIT_TAG \
+      --assets-link "{\"name\":\"iPilot-${CI_COMMIT_TAG}-darwin-amd64\",\"url\":\"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-darwin-amd64\"}" \
+      --assets-link "{\"name\":\"iPilot-${CI_COMMIT_TAG}-darwin-arm64\",\"url\":\"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-darwin-arm64\"}" \
+      --assets-link "{\"name\":\"iPilot-${CI_COMMIT_TAG}-linux-amd64\",\"url\":\"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-linux-amd64\"}" \
+      --assets-link "{\"name\":\"iPilot-${CI_COMMIT_TAG}-win-amd64.exe\",\"url\":\"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-win-amd64.exe\"}" \
+      --assets-link "{\"name\":\"iPilot-${CI_COMMIT_TAG}-win-x86.exe\",\"url\":\"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/iPilot/${CI_COMMIT_TAG}/iPilot-${CI_COMMIT_TAG}-win-x86.exe\"}"