durfy/ci-includes-yml
1
0
Fork 0
mirror of https://gitlab.durp.info/durfy/ci-includes/yml.git synced 2026-05-07 07:50:30 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

update

Browse source
This commit is contained in:
DeveloperDurp 2024-05-06 06:15:47 -05:00
parent 919aa63a77
commit 945ac257a1
3 changed files with 46 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

34
pipelines/go-build.yml
View file

@ -10,30 +10,11 @@ include:
file:
- 'jobs/golang.yml'
- 'jobs/version.yml'
- 'jobs/sonarqube.yml'
- 'jobs/golang.yml'
- 'jobs/docker.yml'
- 'jobs/codescan.yml'
- 'rules/rules.yml'
- 'pipelines/templates/security'
generate_sbom:
extends: .generate_sbom
stage: build
needs:
- job: docker-build
optional: true
artifacts: true
rules:
- !reference [.mr_only_rules, rules]
generate_cve:
extends: .generate_cve
stage: build
needs:
- job: generate_sbom
artifacts: true
rules:
- !reference [.mr_only_rules, rules]
version:
extends: .version
@ -41,19 +22,6 @@ version:
rules:
- !reference [.default_rules, rules]
secret_detection:
stage: validate
rules:
- !reference [.mr_only_rules, rules]
allow_failure: false
sonarqube:
extends: .sonarcloud-check
stage: validate
allow_failure: true
rules:
- !reference [.sonarqube_rules, rules]
golang-lint:
extends: .golang-lint
stage: validate

43
pipelines/templates/security.yml Normal file
View file

@ -0,0 +1,43 @@
stages:
- build
include:
- template: Security/Secret-Detection.gitlab-ci.yml
- project: 'developerdurp/yml'
ref: 'main'
file:
- 'jobs/codescan.yml'
- 'jobs/sonarqube.yml'
- 'rules/rules.yml'
secret_detection:
stage: validate
rules:
- !reference [.mr_only_rules, rules]
allow_failure: false
generate_sbom:
extends: .generate_sbom
stage: build
needs:
- job: docker-build
optional: true
artifacts: true
rules:
- !reference [.mr_only_rules, rules]
generate_cve:
extends: .generate_cve
stage: build
needs:
- job: generate_sbom
artifacts: true
rules:
- !reference [.mr_only_rules, rules]
sonarqube:
extends: .sonarcloud-check
stage: validate
allow_failure: true
rules:
- !reference [.sonarqube_rules, rules]

4
scripts/scanner/syft-docker.sh
View file

@ -3,8 +3,8 @@
#Syft scan for docker
for i in packages/*.tar.gz;
do filename=${i%.*.tar.gz};
do filename=${i%.*.*.*.tar.gz};
filename="$(basename -- "$filename")"
syft $i -o cyclonedx-json=syft/$filename.docker.sbom.json;
done
${version%.*.*.*.tar.gz}