From 52116ff6c9c092664a84e74239bdbd17c23aeecc Mon Sep 17 00:00:00 2001 From: DeveloperDurp Date: Sun, 5 May 2024 10:05:11 -0500 Subject: [PATCH] update --- pipeline.yml | 38 ++++----------- pipelines/compliance.yml | 35 ++++++++++---- pipelines/docker-build.yml | 32 +++++++++++++ pipelines/go-build.yml | 17 +++++++ pipelines/golang.yml | 97 -------------------------------------- pipelines/linter.yml | 13 +++++ 6 files changed, 97 insertions(+), 135 deletions(-) create mode 100644 pipelines/docker-build.yml create mode 100644 pipelines/go-build.yml delete mode 100644 pipelines/golang.yml create mode 100644 pipelines/linter.yml diff --git a/pipeline.yml b/pipeline.yml index 467bb48..268fbc3 100644 --- a/pipeline.yml +++ b/pipeline.yml @@ -1,6 +1,7 @@ stages: - - compliance - - deploy + - build + - validate + - publish variables: GO_VERSION: "1.22" @@ -8,29 +9,10 @@ variables: SYFT_VERSION: "v1.3.0" GRYPE_VERSION: "v0.77.2" -gitlab_generic_package: - stage: deploy - needs: - - job: compliance - trigger: - include: - - project: 'developerdurp/yml' - ref: 'main' - file: - - 'pipelines/gitlab_generic_packages.yml' - rules: - - if: '$PIPELINE =~ /gitlab/' - -build_go: - stage: deploy - #needs: - # - job: compliance - trigger: - include: - - project: 'developerdurp/yml' - ref: 'main' - file: - - 'pipelines/golang.yml' - rules: - - exists: - - "go.mod" +include: + - template: Security/Secret-Detection.gitlab-ci.yml + - project: 'developerdurp/yml' + ref: 'main' + file: + - 'pipelines/go-build.yml' + - 'pipelines/linter.yml' diff --git a/pipelines/compliance.yml b/pipelines/compliance.yml index 6f1d8e5..6b9be5b 100644 --- a/pipelines/compliance.yml +++ b/pipelines/compliance.yml @@ -6,27 +6,42 @@ include: - project: 'developerdurp/yml' ref: 'main' file: + - 'jobs/version.yml' - 'jobs/sonarqube.yml' - 'jobs/golang.yml' -secret_detection: - stage: compliance +version: + extends: .version + stage: .pre rules: - - when: always + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' + +secret_detection: + stage: validate + rules: + - if: $CI_MERGE_REQUEST_IID allow_failure: false sonarqube: extends: .sonarcloud-check - stage: compliance + stage: validate allow_failure: true rules: - - if: $CI_COMMIT_REF_NAME == 'main' || $CI_PIPELINE_SOURCE == 'merge_request_event' + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID exists: - "sonar-project.properties" -golang-lint: - extends: .golang-lint - stage: compliance +generate_sbom: + extends: .generate_sbom + stage: validate rules: - - exists: - - "go.mod" + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID + +generate_cve: + extends: .generate_cve + stage: validate + needs: + - job: generate_sbom + artifacts: true + rules: + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID diff --git a/pipelines/docker-build.yml b/pipelines/docker-build.yml new file mode 100644 index 0000000..b7fb22c --- /dev/null +++ b/pipelines/docker-build.yml @@ -0,0 +1,32 @@ +include: + - project: 'developerdurp/yml' + ref: 'main' + file: + - 'jobs/docker.yml' + +docker-build: + extends: .docker_build + stage: build + needs: + - job: gobuild + artifacts: true + - job: version + optional: true + artifacts: true + rules: + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID + exists: + - "Dockerfile" + +docker-push: + extends: .docker_push_gitlab + stage: publish + needs: + - job: gobuild + artifacts: true + - job: version + artifacts: true + rules: + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' + exists: + - "Dockerfile" diff --git a/pipelines/go-build.yml b/pipelines/go-build.yml new file mode 100644 index 0000000..9fb48bf --- /dev/null +++ b/pipelines/go-build.yml @@ -0,0 +1,17 @@ +include: + - template: Security/Secret-Detection.gitlab-ci.yml + - project: 'developerdurp/yml' + ref: 'main' + file: + - 'jobs/golang.yml' + +gobuild: + variables: + GOPROXY: https://nexus.durp.info/repository/go/ + extends: .golang-build + stage: build + rules: + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID + exists: + - "go.mod" + diff --git a/pipelines/golang.yml b/pipelines/golang.yml deleted file mode 100644 index 96b657d..0000000 --- a/pipelines/golang.yml +++ /dev/null @@ -1,97 +0,0 @@ -stages: - - build - - validate - - publish - -include: - - template: Security/Secret-Detection.gitlab-ci.yml - - project: 'developerdurp/yml' - ref: 'main' - file: - - 'jobs/octopus.yml' - - 'jobs/version.yml' - - 'jobs/sonarqube.yml' - - 'jobs/golang.yml' - - 'jobs/docker.yml' - - 'jobs/codescan.yml' - -secret_detection: - stage: validate - rules: - - if: $CI_MERGE_REQUEST_IID - allow_failure: false - -sonarqube: - extends: .sonarcloud-check - stage: validate - allow_failure: true - rules: - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID - exists: - - "sonar-project.properties" - -golang-lint: - extends: .golang-lint - stage: validate - rules: - - if: $CI_MERGE_REQUEST_IID - exists: - - "go.mod" - -generate_sbom: - extends: .generate_sbom - stage: validate - rules: - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID - -generate_cve: - extends: .generate_cve - stage: validate - needs: - - job: generate_sbom - artifacts: true - rules: - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID - -version: - extends: .version - stage: .pre - rules: - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' - -gobuild: - variables: - GOPROXY: https://nexus.durp.info/repository/go/ - extends: .golang-build - stage: build - rules: - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID - exists: - - "go.mod" - -docker-build: - extends: .docker_build - stage: build - needs: - - job: gobuild - artifacts: true - - job: version - optional: true - artifacts: true - rules: - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID - exists: - - "Dockerfile" - -docker-push: - extends: .docker_push_gitlab - stage: publish - needs: - - job: gobuild - artifacts: true - - job: version - artifacts: true - rules: - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' - exists: - - "Dockerfile" diff --git a/pipelines/linter.yml b/pipelines/linter.yml new file mode 100644 index 0000000..a3fc68c --- /dev/null +++ b/pipelines/linter.yml @@ -0,0 +1,13 @@ +include: + - project: 'developerdurp/yml' + ref: 'main' + file: + - 'jobs/golang.yml' + +golang-lint: + extends: .golang-lint + stage: validate + rules: + - if: $CI_MERGE_REQUEST_IID + exists: + - "go.mod"