-
Notifications
You must be signed in to change notification settings - Fork 4
/
.gitlab-ci.yml
108 lines (93 loc) · 2.09 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
---
default:
image: $CI_REGISTRY_IMAGE:latest
include:
- template: Code-Quality.gitlab-ci.yml
- template: Container-Scanning.gitlab-ci.yml
- template: SAST.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/License-Scanning.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
stages:
- build
- test
- qa
- security
- release
- docker
- misc
build:
stage: build
needs: []
script:
- make
artifacts:
paths:
- terraform-provider-garage
expire_in: 1 week
test:
stage: test
needs: []
script:
- make test
pre commit:
stage: qa
needs: []
script:
- pre-commit run --all-files
code_quality:
stage: qa
needs: []
license_scanning:
stage: qa
needs: []
sast:
stage: security
needs: []
dependency_scanning:
stage: security
needs: []
secret_detection:
stage: security
needs: []
release:
stage: release
variables:
# Disable shallow cloning so that goreleaser can diff between tags to
# generate a changelog.
GIT_DEPTH: 0
script:
- gpg --import < $TERRAFORM_GPG_PRIV_KEY_FILE
- GITHUB_TOKEN= goreleaser release -f .goreleaser.gitlab.yml --rm-dist
- GITLAB_TOKEN= goreleaser release -f .goreleaser.github.yml --rm-dist
artifacts:
paths:
- dist/
expire_in: never
only:
- tags
docker build:
stage: docker
needs: []
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
before_script:
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
script:
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA --destination $CI_REGISTRY_IMAGE:latest
code_navigation:
stage: misc
image: sourcegraph/lsif-go:v1
needs: []
script:
- lsif-go
allow_failure: true # recommended
artifacts:
reports:
lsif: dump.lsif
container_scanning:
stage: misc
needs:
- docker build