-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy path.gitlab-ci.yml
80 lines (73 loc) · 2.03 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
stages:
- build
- test
- release
default:
image: golang:1.19
tags: [saas-linux-large-amd64]
test:
stage: build
script:
- go test -json ./... 2>&1 | ./dev/linux/go-junit-report -parser gojson > junit.xml
artifacts:
reports:
junit: junit.xml
build:
stage: build
variables:
GOOS: linux
GOARCH: amd64
script:
- CGO_ENABLED=0 go build -ldflags "-X main.version=$(git describe --tags --abbrev=0) -X main.revision=$(git rev-parse --short HEAD)" -o sarif-converter-linux main/main.go
artifacts:
name: dist
paths:
- ./sarif-converter-linux
test:convert:
stage: test
script:
- ./sarif-converter-linux --type codequality ./testing/fixture/semgrep.sarif gl-sast-report.json
- diff ./testing/fixture/actual.json gl-sast-report.json > /dev/null
artifacts:
paths:
- ./gl-sast-report.json
needs: [build]
test:sast:
image: $CI_TEMPLATE_REGISTRY_HOST/security-products/semgrep:3
stage: test
script:
- /analyzer run
- ./sarif-converter-linux --type codequality semgrep.sarif gl-code-quality-report.json
- ./sarif-converter-linux --type sast semgrep.sarif gl-sast-report.json
- ./sarif-converter-linux --type html semgrep.sarif semgrep-report.html
artifacts:
expose_as: semgrep-report-html
paths:
- semgrep-report.html
reports:
codequality: gl-code-quality-report.json
sast: gl-sast-report.json
needs: [build]
release:
image: registry.gitlab.com/gitlab-org/release-cli:latest
stage: release
script: echo Release...
release:
tag_name: '$CI_COMMIT_TAG'
description: 'TODO: write release note.'
assets:
links:
- name: sarif-converter-linux
url: $CI_PROJECT_URL/-/jobs/artifacts/$CI_COMMIT_TAG/raw/sarif-converter-linux?job=release
filepath: /bin/sarif-converter-linux
link_type: other
artifacts:
name: sarif-converter
paths:
- sarif-converter-linux
expire_in: never
dependencies: [build]
only:
- tags
include:
- template: Security/SAST.gitlab-ci.yml