From 4b344d8e637fe3ac3d7ad48b2f7ebecad29ce2ed Mon Sep 17 00:00:00 2001
From: Felix Ohms <felix.ohms@stud.h-da.de>
Date: Mon, 29 Nov 2021 13:08:38 +0000
Subject: [PATCH] Add rules to pipelines

---
 .gitlab-ci.yml                             | 11 +++++++
 .gitlab/ci/.build-container.yml            | 11 ++++++-
 .gitlab/ci/.code-quality-ci.yml            |  3 +-
 .gitlab/ci/.containerlab-ci.yml            |  7 ++++
 .gitlab/ci/.integration-test.yml           |  4 +++
 .gitlab/ci/.ruleset.yml                    | 37 ++++++++++++++++++++++
 .gitlab/ci/.security-and-compliance-ci.yml | 23 +++++++-------
 .gitlab/ci/.test.yml                       |  5 +++
 8 files changed, 88 insertions(+), 13 deletions(-)
 create mode 100644 .gitlab/ci/.ruleset.yml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index a6e281c4f..022e37b10 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -13,8 +13,19 @@ stages:
   - deploy
   - .post
 
+workflow:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_OPEN_MERGE_REQUESTS'
+      when: never
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+      when: always
+    - if: '$CI_PIPELINE_SOURCE == "push"'
+      when: always
+    - if: '$CI_PIPELINE_SOURCE == "schedule"'
+      when: always
 
 include:
+  - local: '/.gitlab/ci/.ruleset.yml'
   - local: '/.gitlab/ci/.build-container.yml'
   - local: '/.gitlab/ci/.code-quality-ci.yml'
   - local: '/.gitlab/ci/.security-and-compliance-ci.yml'
diff --git a/.gitlab/ci/.build-container.yml b/.gitlab/ci/.build-container.yml
index 189e34f47..80fa497ed 100644
--- a/.gitlab/ci/.build-container.yml
+++ b/.gitlab/ci/.build-container.yml
@@ -21,7 +21,16 @@ build-testing-image:
       variables:
         TAG: develop
         BUILDARGS: -race
-    - when: always
+    - !reference [.push_event, rules]
+    - !reference [.merge_request, rules]
+  before_script:
+    # replace all slashes in the tag with hyphen, because slashes are not allowed in tags
+    - TAG=${TAG//\//-}
+    - mkdir -p /kaniko/.docker
+    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" >/kaniko/.docker/config.json
+  needs: []
+
+build-testing-image:
   script:
     - /kaniko/executor
       --cache=true
diff --git a/.gitlab/ci/.code-quality-ci.yml b/.gitlab/ci/.code-quality-ci.yml
index 3910d884c..bc283cf53 100644
--- a/.gitlab/ci/.code-quality-ci.yml
+++ b/.gitlab/ci/.code-quality-ci.yml
@@ -9,5 +9,6 @@ code-quality:
       codequality: gl-code-quality-report.json
     paths:
       - gl-code-quality-report.json
+  rules:
+    - !reference [.merge_request, rules]
   needs: []
-  
\ No newline at end of file
diff --git a/.gitlab/ci/.containerlab-ci.yml b/.gitlab/ci/.containerlab-ci.yml
index f3a06f8ad..3fde1f9e8 100644
--- a/.gitlab/ci/.containerlab-ci.yml
+++ b/.gitlab/ci/.containerlab-ci.yml
@@ -43,6 +43,8 @@ variables:
     name: ${CLAB_NAME}
     paths:
       - ${CLAB_NAME}.clab.yml
+  rules:
+    - !reference [.merge_request, rules]
 
 # JOBS
 containerlab:template:integration:
@@ -66,6 +68,9 @@ containerlab:deploy:integration:
   artifacts:
     reports:
       dotenv: ${CI_PROJECT_DIR}/build.env
+  rules:
+    - !reference [.merge_request, rules]
+
 
 
 containerlab:destroy:
@@ -84,6 +89,8 @@ containerlab:destroy:
     - docker volume rm -f ${CLAB_NAME}-volume
     - docker image rm -f ${GOSDN_IMAGE}
   allow_failure: true
+  rules:
+    - !reference [.containerlab_cleanup, rules]
 
 
 #containerlab:template:develop:
diff --git a/.gitlab/ci/.integration-test.yml b/.gitlab/ci/.integration-test.yml
index dc80d9815..cf304933e 100644
--- a/.gitlab/ci/.integration-test.yml
+++ b/.gitlab/ci/.integration-test.yml
@@ -26,6 +26,8 @@ integration-test:nucleus:
     - go test -race -v -run TestGnmi_GetIntegration
     - go test -race -v -run TestGnmi_SubscribeIntegration
     - go test -race -v -run TestGnmi_CapabilitiesIntegration
+  rules:
+    - !reference [.merge_request, rules]
 
 integration-test:api:
   <<: *integration-test
@@ -34,3 +36,5 @@ integration-test:api:
   script:
     - cd ./api
     - go test -race -v -run TestApiIntegration
+  rules:
+    - !reference [.merge_request, rules]
diff --git a/.gitlab/ci/.ruleset.yml b/.gitlab/ci/.ruleset.yml
new file mode 100644
index 000000000..9fbb10f0f
--- /dev/null
+++ b/.gitlab/ci/.ruleset.yml
@@ -0,0 +1,37 @@
+.push_event:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "push"'
+      when: on_success
+
+.merge_request:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+      when: on_success
+
+.containerlab_cleanup:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+      when: always
+
+.merge_request_and_changed_dependency:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+      changes:
+        - go.mod
+        - go.sum
+      when: always
+
+.nightly_pipeline:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "schedule"'
+      when: always
+
+.nightly_develop_pipeline:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "schedule"  && $CI_NIGHTLY == "develop"'
+      when: always
+
+.nightly_main_pipeline:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "schedule"  && $CI_NIGHTLY == "mainline"'
+      when: always
diff --git a/.gitlab/ci/.security-and-compliance-ci.yml b/.gitlab/ci/.security-and-compliance-ci.yml
index a42c6695e..6157fbe9f 100644
--- a/.gitlab/ci/.security-and-compliance-ci.yml
+++ b/.gitlab/ci/.security-and-compliance-ci.yml
@@ -16,23 +16,24 @@ include:
   - template: Security/SAST.gitlab-ci.yml
   - template: Dependency-Scanning.gitlab-ci.yml
   - template: Security/License-Scanning.gitlab-ci.yml
-#  - template: Security/Secret-Detection.gitlab-ci.yml
+  #  - template: Security/Secret-Detection.gitlab-ci.yml
   - template: Security/Container-Scanning.gitlab-ci.yml
 
+license_scanning:
+  rules:
+    - !reference [.merge_request_and_changed_dependency, rules]
+
 gemnasium-dependency_scanning:
-  <<: *rules
+  rules:
+    - !reference [.merge_request_and_changed_dependency, rules]
 
 gosec-sast:
-  <<: *rules
-
-license_scanning:
-  <<: *rules
+  rules:
+    - !reference [.nightly_pipeline, rules]
 
 semgrep-sast:
-  <<: *rules
-
-#secret_detection:
-#  <<: *rules
+  rules:
+    - !reference [.nightly_pipeline, rules]
 
 container_scanning:
   stage: analyze
@@ -44,5 +45,5 @@ container_scanning:
     DOCKER_IMAGE: "${GOSDN_IMAGE}"
     DOCKER_USER: "${CI_REGISTRY_USER}"
     DOCKER_PASSWORD: "${CI_REGISTRY_PASSWORD}"
-  needs: 
+  needs:
     - build-image
diff --git a/.gitlab/ci/.test.yml b/.gitlab/ci/.test.yml
index 762da8357..738560c40 100644
--- a/.gitlab/ci/.test.yml
+++ b/.gitlab/ci/.test.yml
@@ -21,11 +21,16 @@ unit-test:
   after_script:
     - go tool cover -func=coverage.out
   <<: *test
+  rules:
+    - !reference [.push_event, rules]
+    - !reference [.merge_request, rules]
 
 controller-test:
   script:
     - gotestsum --junitfile report.xml --format testname -- -race -v -run TestRun
   <<: *test
+  rules:
+    - !reference [.merge_request, rules]
 
 test-build:
   artifacts:
-- 
GitLab