DeveloperDurp/yml
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
DeveloperDurp
2024-05-05 10:05:11 -05:00
parent 722d963839
commit 52116ff6c9
6 changed files with 97 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
pipeline.yml
View File

@@ -1,6 +1,7 @@
stages: stages:
- compliance - build
- deploy - validate
- publish
variables: variables:
GO_VERSION: "1.22" GO_VERSION: "1.22"
@@ -8,29 +9,10 @@ variables:
SYFT_VERSION: "v1.3.0" SYFT_VERSION: "v1.3.0"
GRYPE_VERSION: "v0.77.2" GRYPE_VERSION: "v0.77.2"
gitlab_generic_package: include:
stage: deploy - template: Security/Secret-Detection.gitlab-ci.yml
needs: - project: 'developerdurp/yml'
- job: compliance ref: 'main'
trigger: file:
include: - 'pipelines/go-build.yml'
- project: 'developerdurp/yml' - 'pipelines/linter.yml'
ref: 'main'
file:
- 'pipelines/gitlab_generic_packages.yml'
rules:
- if: '$PIPELINE =~ /gitlab/'
build_go:
stage: deploy
#needs:
# - job: compliance
trigger:
include:
- project: 'developerdurp/yml'
ref: 'main'
file:
- 'pipelines/golang.yml'
rules:
- exists:
- "go.mod"

35
pipelines/compliance.yml
View File

@@ -6,27 +6,42 @@ include:
- project: 'developerdurp/yml' - project: 'developerdurp/yml'
ref: 'main' ref: 'main'
file: file:
- 'jobs/version.yml'
- 'jobs/sonarqube.yml' - 'jobs/sonarqube.yml'
- 'jobs/golang.yml' - 'jobs/golang.yml'
secret_detection: version:
stage: compliance extends: .version
stage: .pre
rules: rules:
- when: always - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/'
secret_detection:
stage: validate
rules:
- if: $CI_MERGE_REQUEST_IID
allow_failure: false allow_failure: false
sonarqube: sonarqube:
extends: .sonarcloud-check extends: .sonarcloud-check
stage: compliance stage: validate
allow_failure: true allow_failure: true
rules: rules:
- if: $CI_COMMIT_REF_NAME == 'main' || $CI_PIPELINE_SOURCE == 'merge_request_event' - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID
exists: exists:
- "sonar-project.properties" - "sonar-project.properties"
golang-lint: generate_sbom:
extends: .golang-lint extends: .generate_sbom
stage: compliance stage: validate
rules: rules:
- exists: - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID
- "go.mod"
generate_cve:
extends: .generate_cve
stage: validate
needs:
- job: generate_sbom
artifacts: true
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID

32
pipelines/docker-build.yml Normal file
View File

@@ -0,0 +1,32 @@
include:
- project: 'developerdurp/yml'
ref: 'main'
file:
- 'jobs/docker.yml'
docker-build:
extends: .docker_build
stage: build
needs:
- job: gobuild
artifacts: true
- job: version
optional: true
artifacts: true
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID
exists:
- "Dockerfile"
docker-push:
extends: .docker_push_gitlab
stage: publish
needs:
- job: gobuild
artifacts: true
- job: version
artifacts: true
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/'
exists:
- "Dockerfile"

17
pipelines/go-build.yml Normal file
View File

@@ -0,0 +1,17 @@
include:
- template: Security/Secret-Detection.gitlab-ci.yml
- project: 'developerdurp/yml'
ref: 'main'
file:
- 'jobs/golang.yml'
gobuild:
variables:
GOPROXY: https://nexus.durp.info/repository/go/
extends: .golang-build
stage: build
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID
exists:
- "go.mod"

97
pipelines/golang.yml
View File

@@ -1,97 +0,0 @@
stages:
- build
- validate
- publish
include:
- template: Security/Secret-Detection.gitlab-ci.yml
- project: 'developerdurp/yml'
ref: 'main'
file:
- 'jobs/octopus.yml'
- 'jobs/version.yml'
- 'jobs/sonarqube.yml'
- 'jobs/golang.yml'
- 'jobs/docker.yml'
- 'jobs/codescan.yml'
secret_detection:
stage: validate
rules:
- if: $CI_MERGE_REQUEST_IID
allow_failure: false
sonarqube:
extends: .sonarcloud-check
stage: validate
allow_failure: true
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID
exists:
- "sonar-project.properties"
golang-lint:
extends: .golang-lint
stage: validate
rules:
- if: $CI_MERGE_REQUEST_IID
exists:
- "go.mod"
generate_sbom:
extends: .generate_sbom
stage: validate
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID
generate_cve:
extends: .generate_cve
stage: validate
needs:
- job: generate_sbom
artifacts: true
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID
version:
extends: .version
stage: .pre
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/'
gobuild:
variables:
GOPROXY: https://nexus.durp.info/repository/go/
extends: .golang-build
stage: build
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID
exists:
- "go.mod"
docker-build:
extends: .docker_build
stage: build
needs:
- job: gobuild
artifacts: true
- job: version
optional: true
artifacts: true
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID
exists:
- "Dockerfile"
docker-push:
extends: .docker_push_gitlab
stage: publish
needs:
- job: gobuild
artifacts: true
- job: version
artifacts: true
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/'
exists:
- "Dockerfile"

13
pipelines/linter.yml Normal file
View File

@@ -0,0 +1,13 @@
include:
- project: 'developerdurp/yml'
ref: 'main'
file:
- 'jobs/golang.yml'
golang-lint:
extends: .golang-lint
stage: validate
rules:
- if: $CI_MERGE_REQUEST_IID
exists:
- "go.mod"