[epiphany/set-sast-config-1] Set .gitlab-ci.yml to enable or configure SAST
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [epiphany/set-sast-config-1] Set .gitlab-ci.yml to enable or configure SAST
- Date: Thu, 1 Apr 2021 19:29:46 +0000 (UTC)
commit f646ec381507948b18b510fa53d721e8add0581e
Author: Michael Catanzaro <mcatanzaro gnome org>
Date: Thu Apr 1 19:29:45 2021 +0000
Set .gitlab-ci.yml to enable or configure SAST
.gitlab-ci.yml | 84 +++++++++++++++++++++++++++++++---------------------------
1 file changed, 45 insertions(+), 39 deletions(-)
---
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e3cd3364a..f6c59bc8d 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,64 +1,70 @@
-include: 'https://gitlab.gnome.org/GNOME/citemplates/raw/master/flatpak/flatpak_ci_initiative.yml'
-
+# You can override the included template(s) by including variable overrides
+# See https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
+# Note that environment variables can be set in several places
+# See https://docs.gitlab.com/ee/ci/variables/#priority-of-environment-variables
+include:
+- https://gitlab.gnome.org/GNOME/citemplates/raw/master/flatpak/flatpak_ci_initiative.yml
+- template: Security/SAST.gitlab-ci.yml
cache:
paths:
- - _ccache/
-
+ - _ccache/
variables:
- BUNDLE: 'epiphany-git.flatpak'
- MANIFEST_PATH: 'org.gnome.Epiphany.json'
- RUNTIME_REPO: 'https://nightly.gnome.org/gnome-nightly.flatpakrepo'
- FLATPAK_MODULE: 'epiphany'
- APP_ID: 'org.gnome.Epiphany.Devel'
- ESLINT_LOG: "eslint-report.txt"
-
+ BUNDLE: epiphany-git.flatpak
+ MANIFEST_PATH: org.gnome.Epiphany.json
+ RUNTIME_REPO: https://nightly.gnome.org/gnome-nightly.flatpakrepo
+ FLATPAK_MODULE: epiphany
+ APP_ID: org.gnome.Epiphany.Devel
+ ESLINT_LOG: eslint-report.txt
stages:
- - test
-
+- test
check-code-style:
- stage: .pre
+ stage: ".pre"
image: alpine:latest
interruptible: true
before_script:
- - apk update && apk add uncrustify bash python3 nodejs nodejs-npm
- - npm install -g eslint
+ - apk update && apk add uncrustify bash python3 nodejs nodejs-npm
+ - npm install -g eslint
script:
- - bash data/check-code-style
- - eslint -o eslint-report.txt --no-color embed/web-process-extension/resources/js/ || { cat $ESLINT_LOG;
false; }
+ - bash data/check-code-style
+ - eslint -o eslint-report.txt --no-color embed/web-process-extension/resources/js/
+ || { cat $ESLINT_LOG; false; }
artifacts:
paths:
- - ${ESLINT_LOG}
+ - "${ESLINT_LOG}"
when: on_failure
-
flatpak:
- extends: '.flatpak'
+ extends: ".flatpak"
variables:
- CONFIG_OPTS: '-Dprofile=Devel -Dunit_tests=enabled --werror -Dgsb_api_key=${GSB_API_KEY}
-Denable_gsb=true'
+ CONFIG_OPTS: "-Dprofile=Devel -Dunit_tests=enabled --werror -Dgsb_api_key=${GSB_API_KEY}
+ -Denable_gsb=true"
except:
- - master
-
+ - master
flatpak master:
- extends: '.flatpak'
+ extends: ".flatpak"
variables:
- CONFIG_OPTS: '-Dtech_preview=true -Dprofile=Devel -Dgsb_api_key=${GSB_API_KEY} -Denable_gsb=true'
+ CONFIG_OPTS: "-Dtech_preview=true -Dprofile=Devel -Dgsb_api_key=${GSB_API_KEY}
+ -Denable_gsb=true"
only:
- - master
-
+ - master
flatpak scanbuild:
- extends: '.flatpak'
+ extends: ".flatpak"
variables:
- CONFIG_OPTS: '-Dprofile=Devel -Dunit_tests=enabled --werror'
+ CONFIG_OPTS: "-Dprofile=Devel -Dunit_tests=enabled --werror"
script:
- - flatpak-builder --user --disable-rofiles-fuse --stop-at=${FLATPAK_MODULE} flatpak_app ${MANIFEST_PATH}
- - flatpak build flatpak_app meson --prefix=/app ${CONFIG_OPTS} _build
- - flatpak build flatpak_app ninja -C _build scan-build
- - bash -c 'if [[ -n "$(ls -A _build/meson-logs/scanbuild/)" ]]; then echo "Scan build log found,
assuming defects exist"; exit 1; fi'
+ - flatpak-builder --user --disable-rofiles-fuse --stop-at=${FLATPAK_MODULE} flatpak_app
+ ${MANIFEST_PATH}
+ - flatpak build flatpak_app meson --prefix=/app ${CONFIG_OPTS} _build
+ - flatpak build flatpak_app ninja -C _build scan-build
+ - bash -c 'if [[ -n "$(ls -A _build/meson-logs/scanbuild/)" ]]; then echo "Scan
+ build log found, assuming defects exist"; exit 1; fi'
artifacts:
when: on_failure
paths:
- - _build/meson-logs/scanbuild
-
+ - _build/meson-logs/scanbuild
nightly:
- extends: '.publish_nightly'
- stage: .post
- dependencies: ['flatpak master']
+ extends: ".publish_nightly"
+ stage: ".post"
+ dependencies:
+ - flatpak master
+sast:
+ stage: test
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
