diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 0e121cb2b77cd262d321b26f4bd315df18ad5113..08a5a641120317d538089b6c8ad0672217b8c6cd 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,8 +1,3 @@ -include: - - template: Security/License-Scanning.gitlab-ci.yml - - template: Security/SAST.gitlab-ci.yml - - template: Security/Dependency-Scanning.gitlab-ci.yml - stages: - prepare - test @@ -19,6 +14,10 @@ workflow: - if: '$CI_COMMIT_BRANCH =~ /^[\d-]+-stable(-ee)?$/' - if: '$CI_COMMIT_BRANCH =~ /^security\//' +include: + - local: .gitlab/ci/prepare.yml + - local: .gitlab/ci/test.yml + default: image: golang:1.13 tags: @@ -32,117 +31,3 @@ default: cache: paths: - .GOPATH/pkg/mod/ - -.tests: - extends: .go-mod-cache - stage: test - tags: - - gitlab-org-docker - needs: ['download deps'] - script: - - echo "Running all tests without daemonizing..." - - make test - - echo "Running just the acceptance tests daemonized (tmpdir)...." - - TEST_DAEMONIZE=tmpdir make acceptance - - echo "Running just the acceptance tests daemonized (inplace)...." - - TEST_DAEMONIZE=inplace make acceptance - artifacts: - paths: - - bin/gitlab-pages - -license_scanning: - stage: prepare - variables: - LICENSE_MANAGEMENT_SETUP_CMD: go mod vendor - rules: - - if: $CI_MERGE_REQUEST_ID - when: on_success - - if: $CI_COMMIT_BRANCH == 'master' - when: on_success - -# disable eslint-sast since html files are fixtures for testing -eslint-sast: - rules: - - when: never - -secrets-sast: - stage: prepare - rules: - - if: $CI_MERGE_REQUEST_ID - when: on_success - - if: $CI_COMMIT_BRANCH == 'master' - when: on_success - -gosec-sast: - stage: prepare - rules: - - if: $CI_MERGE_REQUEST_ID - when: on_success - - if: $CI_COMMIT_BRANCH == 'master' - when: on_success - -download deps: - extends: .go-mod-cache - stage: prepare - script: - - make deps-download - artifacts: - paths: - - go.mod - - go.sum - -cover: - extends: .go-mod-cache - stage: test - needs: ['download deps'] - script: - - make setup - - make generate-mocks - - make cover - coverage: '/total:.+\(statements\).+\d+\.\d+/' - artifacts: - paths: - - coverage.html - -code_quality: - stage: test - needs: ['download deps'] - extends: .go-mod-cache - image: golangci/golangci-lint:v1.27.0 - variables: - REPORT_FILE: gl-code-quality-report.json - LINT_FLAGS: "--color never --deadline 15m" - OUT_FORMAT: code-climate - script: - - golangci-lint run ./... --out-format ${OUT_FORMAT} ${LINT_FLAGS} | tee ${REPORT_FILE} - timeout: 15 minutes - artifacts: - reports: - codequality: ${REPORT_FILE} - paths: - - ${REPORT_FILE} - -test:1.13: - extends: .tests - image: golang:1.13 - -test:1.14: - extends: .tests - image: golang:1.14 - -race: - extends: .go-mod-cache - stage: test - tags: - - gitlab-org-docker - needs: ['download deps'] - script: - - echo "Running race detector" - - make race - -check deps: - extends: .go-mod-cache - stage: test - needs: ['download deps'] - script: - - make deps-check diff --git a/.gitlab/ci/prepare.yml b/.gitlab/ci/prepare.yml new file mode 100644 index 0000000000000000000000000000000000000000..ef438a0b64a4de66a66871e76a0f9e8ff2804501 --- /dev/null +++ b/.gitlab/ci/prepare.yml @@ -0,0 +1,50 @@ +include: + - template: Security/License-Scanning.gitlab-ci.yml + - template: Security/SAST.gitlab-ci.yml + - template: Security/Dependency-Scanning.gitlab-ci.yml + +# workflow rules are not extended by scanner jobs, need to override them manually +# TODO: remove when https://gitlab.com/gitlab-org/gitlab/-/issues/218444 is done + +.rules-for-scanners: &rules-for-scanners + stage: prepare + rules: + # For merge requests, create a pipeline. + - if: '$CI_MERGE_REQUEST_IID' + # For `master` branch, create a pipeline (this includes on schedules, pushes, merges, etc.). + - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' + # For tags, create a pipeline. + - if: '$CI_COMMIT_TAG' + # For stable, and security branches, create a pipeline. + - if: '$CI_COMMIT_BRANCH =~ /^[\d-]+-stable(-ee)?$/' + - if: '$CI_COMMIT_BRANCH =~ /^security\//' + +license_scanning: + <<: *rules-for-scanners + variables: + LICENSE_MANAGEMENT_SETUP_CMD: go mod vendor + + +dependency_scanning: + <<: *rules-for-scanners + +secrets-sast: + <<: *rules-for-scanners + +gosec-sast: + <<: *rules-for-scanners + +# disable eslint-sast since html files are fixtures for testing +eslint-sast: + rules: + - when: never + +download deps: + extends: .go-mod-cache + stage: prepare + script: + - make deps-download + artifacts: + paths: + - go.mod + - go.sum diff --git a/.gitlab/ci/test.yml b/.gitlab/ci/test.yml new file mode 100644 index 0000000000000000000000000000000000000000..8c4e757b5f77778b8ad16a816032f6fc08825811 --- /dev/null +++ b/.gitlab/ci/test.yml @@ -0,0 +1,72 @@ +.tests: + extends: .go-mod-cache + stage: test + tags: + - gitlab-org-docker + needs: ['download deps'] + script: + - echo "Running all tests without daemonizing..." + - make test + - echo "Running just the acceptance tests daemonized (tmpdir)...." + - TEST_DAEMONIZE=tmpdir make acceptance + - echo "Running just the acceptance tests daemonized (inplace)...." + - TEST_DAEMONIZE=inplace make acceptance + artifacts: + paths: + - bin/gitlab-pages + +test:1.13: + extends: .tests + image: golang:1.13 + +test:1.14: + extends: .tests + image: golang:1.14 + +race: + extends: .go-mod-cache + stage: test + needs: ['download deps'] + tags: + - gitlab-org-docker + script: + - echo "Running race detector" + - make race + +cover: + stage: test + extends: .go-mod-cache + needs: ['download deps'] + script: + - make setup + - make generate-mocks + - make cover + coverage: '/total:.+\(statements\).+\d+\.\d+/' + artifacts: + paths: + - coverage.html + +code_quality: + stage: test + extends: .go-mod-cache + needs: ['download deps'] + image: golangci/golangci-lint:v1.27.0 + variables: + REPORT_FILE: gl-code-quality-report.json + LINT_FLAGS: "--color never --deadline 15m" + OUT_FORMAT: code-climate + script: + - golangci-lint run ./... --out-format ${OUT_FORMAT} ${LINT_FLAGS} | tee ${REPORT_FILE} + timeout: 15 minutes + artifacts: + reports: + codequality: ${REPORT_FILE} + paths: + - ${REPORT_FILE} + +check deps: + stage: test + extends: .go-mod-cache + needs: ['download deps'] + script: + - make deps-check