ci-includes-yml/pipelines/compliance.yml

stages:
  - validate

include:
  - template: Security/Secret-Detection.gitlab-ci.yml
  - project: 'developerdurp/yml'
    ref: 'main'
    file: 
      - 'jobs/version.yml'
      - 'jobs/codescan.yml'
      - 'jobs/sonarqube.yml'
      - 'jobs/golang.yml'

version:
  extends: .version
  stage: .pre
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/'

secret_detection:
  stage: validate
  rules:
    - if: $CI_MERGE_REQUEST_IID
  allow_failure: false

sonarqube:
  extends: .sonarcloud-check
  stage: validate
  allow_failure: true
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID
      exists:
        - "sonar-project.properties"  

generate_sbom:
  extends: .generate_sbom
  stage: validate
  needs:
    - job: docker-build
      optional: true
      artifacts: true
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID

generate_cve:
  extends: .generate_cve
  stage: validate
  needs:
    - job: generate_sbom
      artifacts: true
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID
update 2023-11-25 05:17:14 -06:00			`stages:`
update 2024-05-05 10:26:28 -05:00			`- validate`
update 2023-11-25 05:17:14 -06:00
			`include:`
			`- template: Security/Secret-Detection.gitlab-ci.yml`
update 2023-11-25 05:49:12 -06:00			`- project: 'developerdurp/yml'`
			`ref: 'main'`
			`file:`
update 2024-05-05 10:05:11 -05:00			`- 'jobs/version.yml'`
update 2024-05-05 10:20:22 -05:00			`- 'jobs/codescan.yml'`
update 2023-11-25 05:49:12 -06:00			`- 'jobs/sonarqube.yml'`
			`- 'jobs/golang.yml'`
update 2023-11-25 05:17:14 -06:00
update 2024-05-05 10:05:11 -05:00			`version:`
			`extends: .version`
			`stage: .pre`
			`rules:`
			`- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH \|\| $CI_COMMIT_BRANCH =~ '/^release/'`

update 2023-11-25 05:17:14 -06:00			`secret_detection:`
update 2024-05-05 10:05:11 -05:00			`stage: validate`
update 2023-11-25 05:17:14 -06:00			`rules:`
update 2024-05-05 10:05:11 -05:00			`- if: $CI_MERGE_REQUEST_IID`
update 2023-11-25 05:17:14 -06:00			`allow_failure: false`
update 2023-11-25 05:49:12 -06:00
			`sonarqube:`
			`extends: .sonarcloud-check`
update 2024-05-05 10:05:11 -05:00			`stage: validate`
Update file compliance.yml 2024-03-21 11:34:36 +00:00			`allow_failure: true`
update 2023-11-25 05:49:12 -06:00			`rules:`
update 2024-05-05 10:05:11 -05:00			`- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH \|\| $CI_COMMIT_BRANCH =~ '/^release/' \|\| $CI_MERGE_REQUEST_IID`
update 2023-11-25 05:49:12 -06:00			`exists:`
update 2023-11-25 05:51:57 -06:00			`- "sonar-project.properties"`
update 2023-11-25 05:49:12 -06:00
update 2024-05-05 10:05:11 -05:00			`generate_sbom:`
			`extends: .generate_sbom`
			`stage: validate`
update 2024-05-05 10:59:17 -05:00			`needs:`
			`- job: docker-build`
			`optional: true`
			`artifacts: true`
update 2024-05-05 10:05:11 -05:00			`rules:`
			`- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH \|\| $CI_COMMIT_BRANCH =~ '/^release/' \|\| $CI_MERGE_REQUEST_IID`

			`generate_cve:`
			`extends: .generate_cve`
			`stage: validate`
			`needs:`
			`- job: generate_sbom`
			`artifacts: true`
update 2023-11-25 05:49:12 -06:00			`rules:`
update 2024-05-05 10:05:11 -05:00			`- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH \|\| $CI_COMMIT_BRANCH =~ '/^release/' \|\| $CI_MERGE_REQUEST_IID`