diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1602977b91dedf617f521b72fd8239e1dd31e2e3..03c016d8ed8627f9df1ba1d0ea6beadde4b2f298 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -9,70 +9,7 @@ stages: before_script: - git config --global url."https://$GO_MODULES_USER:$GO_MODULES_ACCESS_TOKEN@code.fbi.h-da.de".insteadOf "https://code.fbi.h-da.de" -code-quality-master: - image: golangci/golangci-lint:latest-alpine - stage: test - rules: - - if: $CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH - - if: $CI_DEFAULT_BRANCH - script: - # writes golangci-lint output to gl-code-quality-report.json - - golangci-lint run --config .ci/.golangci-master.yml --out-format code-climate | tee gl-code-quality-report.json - artifacts: - reports: - codequality: gl-code-quality-report.json - paths: - - gl-code-quality-report.json - - -code-quality: - image: golangci/golangci-lint:latest-alpine - stage: test - allow_failure: true - rules: - - if: $CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != $CI_DEFAULT_BRANCH - script: - # writes golangci-lint output to gl-code-quality-report.json - - golangci-lint run --config .ci/.golangci.yml --out-format code-climate | tee gl-code-quality-report.json - artifacts: - reports: - codequality: gl-code-quality-report.json - paths: - - gl-code-quality-report.json - -Documentation: - before_script: - - pwd - image: - name: pandoc/latex - entrypoint: - - '' - stage: build - rules: - - changes: - - documentation/design/*.md - script: - - cd documentation/design - - pandoc --filter pandoc-citeproc --bibliography=bibliography.bib --csl=acm-sig-proceedings.csl - --variable papersize=a4paper -s *.md -o documentation.pdf - artifacts: - paths: - - documentation/design/documentation.pdf - -sast: - variables: - SAST_ANALYZER_IMAGE_TAG: '2' - SAST_EXCLUDED_PATHS: spec, test, tests, tmp - SEARCH_MAX_DEPTH: '4' - stage: compliance - -license_scanning: - stage: compliance - -gemnasium-dependency_scanning: - stage: compliance - include: - - template: Security/SAST.gitlab-ci.yml - - template: Dependency-Scanning.gitlab-ci.yml - - template: Security/License-Scanning.gitlab-ci.yml + - local: '/build/ci/.code-quality-ci.yml' + - local: '/build/ci/.documentation-ci.yml' + - local: '/build/ci/.security-and-compliance-ci.yml' diff --git a/build/ci/.code-quality-ci.yml b/build/ci/.code-quality-ci.yml new file mode 100644 index 0000000000000000000000000000000000000000..a24ccd2615b882d7b2f0c5440fff82fa28673f2d --- /dev/null +++ b/build/ci/.code-quality-ci.yml @@ -0,0 +1,30 @@ +code-quality-master: + image: golangci/golangci-lint:latest-alpine + stage: test + rules: + - if: $CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH + - if: $CI_DEFAULT_BRANCH + script: + # writes golangci-lint output to gl-code-quality-report.json + - golangci-lint run --config build/ci/.golangci-config/.golangci-master.yml --out-format code-climate | tee gl-code-quality-report.json + artifacts: + reports: + codequality: gl-code-quality-report.json + paths: + - gl-code-quality-report.json + + +code-quality: + image: golangci/golangci-lint:latest-alpine + stage: test + allow_failure: true + rules: + - if: $CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != $CI_DEFAULT_BRANCH + script: + # writes golangci-lint output to gl-code-quality-report.json + - golangci-lint run --config build/ci/.golangci-config/.golangci.yml --out-format code-climate | tee gl-code-quality-report.json + artifacts: + reports: + codequality: gl-code-quality-report.json + paths: + - gl-code-quality-report.json diff --git a/build/ci/.documentation-ci.yml b/build/ci/.documentation-ci.yml new file mode 100644 index 0000000000000000000000000000000000000000..084f3f76bcbb1e81aee772f0b85ca9c1beb22c72 --- /dev/null +++ b/build/ci/.documentation-ci.yml @@ -0,0 +1,18 @@ +Documentation: + before_script: + - pwd + image: + name: pandoc/latex + entrypoint: + - '' + stage: build + rules: + - changes: + - documentation/design/*.md + script: + - cd documentation/design + - pandoc --filter pandoc-citeproc --bibliography=bibliography.bib --csl=acm-sig-proceedings.csl + --variable papersize=a4paper -s *.md -o documentation.pdf + artifacts: + paths: + - documentation/design/documentation.pdf diff --git a/.ci/.golangci-master.yml b/build/ci/.golangci-config/.golangci-master.yml similarity index 100% rename from .ci/.golangci-master.yml rename to build/ci/.golangci-config/.golangci-master.yml diff --git a/.ci/.golangci.yml b/build/ci/.golangci-config/.golangci.yml similarity index 100% rename from .ci/.golangci.yml rename to build/ci/.golangci-config/.golangci.yml diff --git a/.ci/.runlint.sh b/build/ci/.golangci-config/.runlint.sh similarity index 100% rename from .ci/.runlint.sh rename to build/ci/.golangci-config/.runlint.sh diff --git a/build/ci/.security-and-compliance-ci.yml b/build/ci/.security-and-compliance-ci.yml new file mode 100644 index 0000000000000000000000000000000000000000..119583ea0c3683930959cfb0ce43f284caa4cf8e --- /dev/null +++ b/build/ci/.security-and-compliance-ci.yml @@ -0,0 +1,17 @@ +sast: + variables: + SAST_ANALYZER_IMAGE_TAG: '2' + SAST_EXCLUDED_PATHS: spec, test, tests, tmp + SEARCH_MAX_DEPTH: '4' + stage: compliance + +license_scanning: + stage: compliance + +gemnasium-dependency_scanning: + stage: compliance + +include: + - template: Security/SAST.gitlab-ci.yml + - template: Dependency-Scanning.gitlab-ci.yml + - template: Security/License-Scanning.gitlab-ci.yml