Mirrored_Repos/crafty-4
1
0
Fork 0
mirror of https://gitlab.com/crafty-controller/crafty-4.git synced 2024-08-30 18:23:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add Dependancy, SAST, Container, Secret Scanning

Browse Source
This commit is contained in:
Iain Powrie 2022-05-25 00:52:00 +00:00
parent 7ca7232829
commit d386244e86
1 changed files with 35 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
.gitlab-ci.yml
View File

@ -5,6 +5,7 @@
--- ---
stages: stages:
- lint - lint
- test
- prod-deployment - prod-deployment
- dev-deployment - dev-deployment
@ -16,7 +17,7 @@ yamllint:
stage: lint stage: lint
image: registry.gitlab.com/pipeline-components/yamllint:latest image: registry.gitlab.com/pipeline-components/yamllint:latest
tags: tags:
- "docker" - docker
rules: rules:
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"' - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
- if: "$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS" - if: "$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS"
@ -28,7 +29,7 @@ jsonlint:
stage: lint stage: lint
image: registry.gitlab.com/pipeline-components/jsonlint:latest image: registry.gitlab.com/pipeline-components/jsonlint:latest
tags: tags:
- "docker" - docker
rules: rules:
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"' - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
- if: "$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS" - if: "$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS"
@ -42,7 +43,7 @@ black:
stage: lint stage: lint
image: registry.gitlab.com/pipeline-components/black:latest image: registry.gitlab.com/pipeline-components/black:latest
tags: tags:
- "docker" - docker
rules: rules:
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"' - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
- if: "$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS" - if: "$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS"
@ -54,7 +55,7 @@ pylint:
stage: lint stage: lint
image: registry.gitlab.com/pipeline-components/pylint:latest image: registry.gitlab.com/pipeline-components/pylint:latest
tags: tags:
- "docker" - docker
rules: rules:
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"' - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
- if: "$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS" - if: "$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS"
@ -84,7 +85,7 @@ docker-build-dev:
- name: docker:dind - name: docker:dind
stage: dev-deployment stage: dev-deployment
tags: tags:
- "docker_priv" - docker_priv
rules: rules:
- if: $CI_COMMIT_BRANCH == 'dev' - if: $CI_COMMIT_BRANCH == 'dev'
environment: environment:
@ -139,7 +140,7 @@ docker-build-prod:
- name: docker:dind - name: docker:dind
stage: prod-deployment stage: prod-deployment
tags: tags:
- "docker_priv" - docker_priv
rules: rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
environment: environment:
@ -269,3 +270,31 @@ win-prod-build:
- .\crafty_commander.exe - .\crafty_commander.exe
exclude: exclude:
- app\classes\**\* - app\classes\**\*
sast:
variables:
SAST_EXCLUDED_PATHS: spec, test, tests, tmp, migrations, vendors
SAST_BANDIT_EXCLUDED_PATHS: "'*/migrations/*, */vendors/*'"
SAST_EXCLUDED_ANALYZERS: semgrep
stage: test
tags:
- docker
secret_detection:
variables:
SECRET_DETECTION_EXCLUDED_PATHS: migrations, vendors
tags:
- docker
gemnasium-dependency_scanning:
tags:
- docker
gemnasium-python-dependency_scanning:
tags:
- docker
include:
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/SAST.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml