Merge branch '142-add-rules-to-pipelines' into 'develop'

Add rules to pipelines See merge request !207

Merge branch '142-add-rules-to-pipelines' into 'develop'
a181a3de · Felix Ohms · 0f6732b8 · 4b344d8e · a181a3de · a181a3de
Commit a181a3de authored 3 years ago by Felix Ohms
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -13,8 +13,19 @@ stages:
  - deploy
  - .post

+workflow:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_OPEN_MERGE_REQUESTS'
+      when: never
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+      when: always
+    - if: '$CI_PIPELINE_SOURCE == "push"'
+      when: always
+    - if: '$CI_PIPELINE_SOURCE == "schedule"'
+      when: always

 include:
+  - local: '/.gitlab/ci/.ruleset.yml'
  - local: '/.gitlab/ci/.build-container.yml'
  - local: '/.gitlab/ci/.code-quality-ci.yml'
  - local: '/.gitlab/ci/.security-and-compliance-ci.yml'

--- a/.gitlab/ci/.build-container.yml
+++ b/.gitlab/ci/.build-container.yml
@@ -21,7 +21,16 @@ build-testing-image:
      variables:
        TAG: develop
        BUILDARGS: -race
-    - when: always
+    - !reference [.push_event, rules]
+    - !reference [.merge_request, rules]
+  before_script:
+    # replace all slashes in the tag with hyphen, because slashes are not allowed in tags
+    - TAG=${TAG//\//-}
+    - mkdir -p /kaniko/.docker
+    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" >/kaniko/.docker/config.json
+  needs: []
+
+build-testing-image:
  script:
    - /kaniko/executor
      --cache=true

--- a/.gitlab/ci/.code-quality-ci.yml
+++ b/.gitlab/ci/.code-quality-ci.yml
@@ -9,5 +9,6 @@ code-quality:
      codequality: gl-code-quality-report.json
    paths:
      - gl-code-quality-report.json
+  rules:
+    - !reference [.merge_request, rules]
  needs: []
-  
\ No newline at end of file
--- a/.gitlab/ci/.containerlab-ci.yml
+++ b/.gitlab/ci/.containerlab-ci.yml
@@ -43,6 +43,8 @@ variables:
    name: ${CLAB_NAME}
    paths:
      - ${CLAB_NAME}.clab.yml
+  rules:
+    - !reference [.merge_request, rules]

 # JOBS
 containerlab:template:integration:
@@ -66,6 +68,9 @@ containerlab:deploy:integration:
  artifacts:
    reports:
      dotenv: ${CI_PROJECT_DIR}/build.env
+  rules:
+    - !reference [.merge_request, rules]
+


 containerlab:destroy:
@@ -84,6 +89,8 @@ containerlab:destroy:
    - docker volume rm -f ${CLAB_NAME}-volume
    - docker image rm -f ${GOSDN_IMAGE}
  allow_failure: true
+  rules:
+    - !reference [.containerlab_cleanup, rules]


 #containerlab:template:develop:

--- a/.gitlab/ci/.integration-test.yml
+++ b/.gitlab/ci/.integration-test.yml
@@ -26,6 +26,8 @@ integration-test:nucleus:
    - go test -race -v -run TestGnmi_GetIntegration
    - go test -race -v -run TestGnmi_SubscribeIntegration
    - go test -race -v -run TestGnmi_CapabilitiesIntegration
+  rules:
+    - !reference [.merge_request, rules]

 integration-test:api:
  <<: *integration-test
@@ -34,3 +36,5 @@ integration-test:api:
  script:
    - cd ./api
    - go test -race -v -run TestApiIntegration
+  rules:
+    - !reference [.merge_request, rules]
--- a/.gitlab/ci/.ruleset.yml
+++ b/.gitlab/ci/.ruleset.yml
+.push_event:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "push"'
+      when: on_success
+
+.merge_request:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+      when: on_success
+
+.containerlab_cleanup:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+      when: always
+
+.merge_request_and_changed_dependency:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+      changes:
+        - go.mod
+        - go.sum
+      when: always
+
+.nightly_pipeline:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "schedule"'
+      when: always
+
+.nightly_develop_pipeline:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "schedule"  && $CI_NIGHTLY == "develop"'
+      when: always
+
+.nightly_main_pipeline:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "schedule"  && $CI_NIGHTLY == "mainline"'
+      when: always
--- a/.gitlab/ci/.security-and-compliance-ci.yml
+++ b/.gitlab/ci/.security-and-compliance-ci.yml
@@ -16,23 +16,24 @@ include:
  - template: Security/SAST.gitlab-ci.yml
  - template: Dependency-Scanning.gitlab-ci.yml
  - template: Security/License-Scanning.gitlab-ci.yml
-#  - template: Security/Secret-Detection.gitlab-ci.yml
+  #  - template: Security/Secret-Detection.gitlab-ci.yml
  - template: Security/Container-Scanning.gitlab-ci.yml

+license_scanning:
+  rules:
+    - !reference [.merge_request_and_changed_dependency, rules]
+
 gemnasium-dependency_scanning:
-  <<: *rules
+  rules:
+    - !reference [.merge_request_and_changed_dependency, rules]

 gosec-sast:
-  <<: *rules
-
-license_scanning:
-  <<: *rules
+  rules:
+    - !reference [.nightly_pipeline, rules]

 semgrep-sast:
-  <<: *rules
-
-#secret_detection:
-#  <<: *rules
+  rules:
+    - !reference [.nightly_pipeline, rules]

 container_scanning:
  stage: analyze
@@ -44,5 +45,5 @@ container_scanning:
    DOCKER_IMAGE: "${GOSDN_IMAGE}"
    DOCKER_USER: "${CI_REGISTRY_USER}"
    DOCKER_PASSWORD: "${CI_REGISTRY_PASSWORD}"
-  needs: 
+  needs:
    - build-image
--- a/.gitlab/ci/.test.yml
+++ b/.gitlab/ci/.test.yml
@@ -21,11 +21,16 @@ unit-test:
  after_script:
    - go tool cover -func=coverage.out
  <<: *test
+  rules:
+    - !reference [.push_event, rules]
+    - !reference [.merge_request, rules]

 controller-test:
  script:
    - gotestsum --junitfile report.xml --format testname -- -race -v -run TestRun
  <<: *test
+  rules:
+    - !reference [.merge_request, rules]

 test-build:
  artifacts: