update

2024-05-05 14:26:39 -05:00
parent deb92dc15a
commit 872806d47a
7 changed files with 104 additions and 116 deletions
--- a/pipeline.yml
+++ b/pipeline.yml
@@ -4,6 +4,7 @@ stages:
 variables:
  GO_VERSION: "1.22"
  GOLANGCI_LINT_VERISON: "v1.58.0"
+  UPLOAD_PACKAGE: "false"

 build_go:
  stage: deploy
--- a/pipelines/compliance.yml
+++ b/pipelines/compliance.yml
@@ -1,30 +0,0 @@
-stages:
-  - validate
-
-include:
-  - template: Security/Secret-Detection.gitlab-ci.yml
-  - project: 'developerdurp/yml'
-    ref: 'main'
-    file: 
-      - 'jobs/version.yml'
-      - 'jobs/sonarqube.yml'
-      - 'jobs/golang.yml'
-
-version:
-  extends: .version
-  stage: .pre
-  rules:
-    - !reference [.default_rules, rules]
-
-secret_detection:
-  stage: validate
-  rules:
-    - !reference [.mr_only_rules, rules]
-  allow_failure: false
-
-sonarqube:
-  extends: .sonarcloud-check
-  stage: validate
-  allow_failure: true
-  rules:
-    - !reference [.sonarqube_rules, rules]
--- a/pipelines/docker-build.yml
+++ b/pipelines/docker-build.yml
@@ -1,36 +0,0 @@
-stages:
-  - build
-  - publish
-
-include:
-  - project: 'developerdurp/yml'
-    ref: 'main'
-    file: 
-      - 'jobs/docker.yml'
-
-docker-build:
-  extends: .docker_build
-  stage: build
-  needs:
-    - job: gobuild
-      artifacts: true
-    - job: version
-      optional: true
-      artifacts: true        
-  rules:
-    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID
-      exists:
-      - "Dockerfile"  
-
-docker-push:
-  extends: .docker_push_gitlab
-  stage: publish
-  needs:
-    - job: gobuild
-      artifacts: true
-    - job: version
-      artifacts: true        
-  rules:
-    - if: $CI_PIPELINE_SOURCE == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/'
-      exists:
-        - "Dockerfile"  
--- a/pipelines/go-build.yml
+++ b/pipelines/go-build.yml
@@ -9,12 +9,69 @@ include:
    ref: 'main'
    file: 
      - 'jobs/golang.yml'
-      - 'pipelines/compliance.yml'
-      - 'pipelines/docker-build.yml'
-      - 'pipelines/linter.yml'
-      - 'pipelines/security.yml'
+      - 'jobs/version.yml'
+      - 'jobs/sonarqube.yml'
+      - 'jobs/golang.yml'
+      - 'jobs/docker.yml'
+      - 'jobs/codescan.yml'
      - 'rules/rules.yml'

+generate_sbom:
+  extends: .generate_sbom
+  stage: build
+  needs:
+    - job: docker-build
+      optional: true
+      artifacts: true
+  rules:
+    - !reference [.default_mr_rules, rules]
+
+generate_cve:
+  extends: .generate_cve
+  stage: build
+  needs:
+    - job: generate_sbom
+      artifacts: true
+  rules:
+    - !reference [.default_mr_rules, rules]
+
+version:
+  extends: .version
+  stage: .pre
+  rules:
+    - !reference [.default_rules, rules]
+
+secret_detection:
+  stage: validate
+  rules:
+    - !reference [.mr_only_rules, rules]
+  allow_failure: false
+
+sonarqube:
+  extends: .sonarcloud-check
+  stage: validate
+  allow_failure: true
+  rules:
+    - !reference [.sonarqube_rules, rules]
+
+golang-lint:
+  extends: .golang-lint
+  stage: validate
+  rules:
+    - !reference [.mr_only_rules, rules]
+
+docker-build:
+  extends: .docker_build
+  stage: build
+  needs:
+    - job: gobuild
+      artifacts: true
+    - job: version
+      optional: true
+      artifacts: true        
+  rules:
+    - !reference [.docker_rules, rules]
+
 gobuild:
  variables:
    GOPROXY: https://nexus.durp.info/repository/go/
@@ -23,3 +80,13 @@ gobuild:
  rules:
    - !reference [.default_mr_rules, rules]

+docker-push:
+  extends: .docker_push_gitlab
+  stage: publish
+  needs:
+    - job: gobuild
+      artifacts: true
+    - job: version
+      artifacts: true        
+  rules:
+    - !reference [.docker_publish_rules, rules]
--- a/pipelines/linter.yml
+++ b/pipelines/linter.yml
@@ -1,16 +0,0 @@
-stages:
-  - validate
-
-include:
-  - project: 'developerdurp/yml'
-    ref: 'main'
-    file: 
-      - 'jobs/golang.yml'
-
-golang-lint:
-  extends: .golang-lint
-  stage: validate
-  rules:
-    - if: $CI_MERGE_REQUEST_IID
-      exists:
-        - "go.mod"  
--- a/pipelines/security.yml
+++ b/pipelines/security.yml
@@ -1,27 +0,0 @@
-stages:
-  - build
-
-include:
-  - project: 'developerdurp/yml'
-    ref: 'main'
-    file: 
-      - 'jobs/codescan.yml'
-
-generate_sbom:
-  extends: .generate_sbom
-  stage: build
-  needs:
-    - job: docker-build
-      optional: true
-      artifacts: true
-  rules:
-    - !reference [.default_mr_rules, rules]
-
-generate_cve:
-  extends: .generate_cve
-  stage: build
-  needs:
-    - job: generate_sbom
-      artifacts: true
-  rules:
-    - !reference [.default_mr_rules, rules]
--- a/rules/rules.yml
+++ b/rules/rules.yml
@@ -1,17 +1,46 @@
 .default_rules:
  rules:
-    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/'
+    - if: $CI_PIPELINE_SOURCE == "push" && $CI_PIPELINE_SOURCE == $CI_DEFAULT_BRANCH 
+    - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH =~ '/^release/'

 .sonarqube_rules:
  rules:
-    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID
+    - if: $CI_MERGE_REQUEST_IID
+      exists:
+        - "sonar-project.properties"  
+    - if: $CI_PIPELINE_SOURCE == "push" && $CI_PIPELINE_SOURCE == $CI_DEFAULT_BRANCH 
+      exists:
+        - "sonar-project.properties"  
+    - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH =~ '/^release/'
      exists:
        - "sonar-project.properties"  

 .default_mr_rules:
  rules:
-    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID
+    - if: $CI_MERGE_REQUEST_IID
+    - if: $CI_PIPELINE_SOURCE == "push" && $CI_PIPELINE_SOURCE == $CI_DEFAULT_BRANCH 
+    - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH =~ '/^release/'

 .mr_only_rules:
  rules:
    - if: $CI_MERGE_REQUEST_IID
+
+.docker_rules:
+  rules:
+    - if: $CI_MERGE_REQUEST_IID
+      exists:
+        - "Dockerfile"  
+    - if: $CI_PIPELINE_SOURCE == "push" && $CI_PIPELINE_SOURCE == $CI_DEFAULT_BRANCH 
+      exists:
+        - "Dockerfile"  
+    - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH =~ '/^release/'
+      exists:
+        - "Dockerfile"  
+
+.docker_publish_rules:
+    - if: $CI_PIPELINE_SOURCE == "push" && $CI_PIPELINE_SOURCE == $CI_DEFAULT_BRANCH 
+      exists:
+        - "Dockerfile"  
+    - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH =~ '/^release/'
+      exists:
+        - "Dockerfile"