From 872806d47ae5638c20031cedd419a550b113c2e0 Mon Sep 17 00:00:00 2001 From: DeveloperDurp Date: Sun, 5 May 2024 14:26:39 -0500 Subject: [PATCH] update --- pipeline.yml | 1 + pipelines/compliance.yml | 30 --------------- pipelines/docker-build.yml | 36 ------------------ pipelines/go-build.yml | 75 ++++++++++++++++++++++++++++++++++++-- pipelines/linter.yml | 16 -------- pipelines/security.yml | 27 -------------- rules/rules.yml | 35 ++++++++++++++++-- 7 files changed, 104 insertions(+), 116 deletions(-) delete mode 100644 pipelines/compliance.yml delete mode 100644 pipelines/docker-build.yml delete mode 100644 pipelines/linter.yml delete mode 100644 pipelines/security.yml diff --git a/pipeline.yml b/pipeline.yml index 0368c65..0c23341 100644 --- a/pipeline.yml +++ b/pipeline.yml @@ -4,6 +4,7 @@ stages: variables: GO_VERSION: "1.22" GOLANGCI_LINT_VERISON: "v1.58.0" + UPLOAD_PACKAGE: "false" build_go: stage: deploy diff --git a/pipelines/compliance.yml b/pipelines/compliance.yml deleted file mode 100644 index 44b81fd..0000000 --- a/pipelines/compliance.yml +++ /dev/null @@ -1,30 +0,0 @@ -stages: - - validate - -include: - - template: Security/Secret-Detection.gitlab-ci.yml - - project: 'developerdurp/yml' - ref: 'main' - file: - - 'jobs/version.yml' - - 'jobs/sonarqube.yml' - - 'jobs/golang.yml' - -version: - extends: .version - stage: .pre - rules: - - !reference [.default_rules, rules] - -secret_detection: - stage: validate - rules: - - !reference [.mr_only_rules, rules] - allow_failure: false - -sonarqube: - extends: .sonarcloud-check - stage: validate - allow_failure: true - rules: - - !reference [.sonarqube_rules, rules] diff --git a/pipelines/docker-build.yml b/pipelines/docker-build.yml deleted file mode 100644 index 883324f..0000000 --- a/pipelines/docker-build.yml +++ /dev/null @@ -1,36 +0,0 @@ -stages: - - build - - publish - -include: - - project: 'developerdurp/yml' - ref: 'main' - file: - - 'jobs/docker.yml' - -docker-build: - extends: .docker_build - stage: build - needs: - - job: gobuild - artifacts: true - - job: version - optional: true - artifacts: true - rules: - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID - exists: - - "Dockerfile" - -docker-push: - extends: .docker_push_gitlab - stage: publish - needs: - - job: gobuild - artifacts: true - - job: version - artifacts: true - rules: - - if: $CI_PIPELINE_SOURCE == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' - exists: - - "Dockerfile" diff --git a/pipelines/go-build.yml b/pipelines/go-build.yml index da99028..88adcd4 100644 --- a/pipelines/go-build.yml +++ b/pipelines/go-build.yml @@ -9,12 +9,69 @@ include: ref: 'main' file: - 'jobs/golang.yml' - - 'pipelines/compliance.yml' - - 'pipelines/docker-build.yml' - - 'pipelines/linter.yml' - - 'pipelines/security.yml' + - 'jobs/version.yml' + - 'jobs/sonarqube.yml' + - 'jobs/golang.yml' + - 'jobs/docker.yml' + - 'jobs/codescan.yml' - 'rules/rules.yml' +generate_sbom: + extends: .generate_sbom + stage: build + needs: + - job: docker-build + optional: true + artifacts: true + rules: + - !reference [.default_mr_rules, rules] + +generate_cve: + extends: .generate_cve + stage: build + needs: + - job: generate_sbom + artifacts: true + rules: + - !reference [.default_mr_rules, rules] + +version: + extends: .version + stage: .pre + rules: + - !reference [.default_rules, rules] + +secret_detection: + stage: validate + rules: + - !reference [.mr_only_rules, rules] + allow_failure: false + +sonarqube: + extends: .sonarcloud-check + stage: validate + allow_failure: true + rules: + - !reference [.sonarqube_rules, rules] + +golang-lint: + extends: .golang-lint + stage: validate + rules: + - !reference [.mr_only_rules, rules] + +docker-build: + extends: .docker_build + stage: build + needs: + - job: gobuild + artifacts: true + - job: version + optional: true + artifacts: true + rules: + - !reference [.docker_rules, rules] + gobuild: variables: GOPROXY: https://nexus.durp.info/repository/go/ @@ -23,3 +80,13 @@ gobuild: rules: - !reference [.default_mr_rules, rules] +docker-push: + extends: .docker_push_gitlab + stage: publish + needs: + - job: gobuild + artifacts: true + - job: version + artifacts: true + rules: + - !reference [.docker_publish_rules, rules] diff --git a/pipelines/linter.yml b/pipelines/linter.yml deleted file mode 100644 index 14a3621..0000000 --- a/pipelines/linter.yml +++ /dev/null @@ -1,16 +0,0 @@ -stages: - - validate - -include: - - project: 'developerdurp/yml' - ref: 'main' - file: - - 'jobs/golang.yml' - -golang-lint: - extends: .golang-lint - stage: validate - rules: - - if: $CI_MERGE_REQUEST_IID - exists: - - "go.mod" diff --git a/pipelines/security.yml b/pipelines/security.yml deleted file mode 100644 index b85bae0..0000000 --- a/pipelines/security.yml +++ /dev/null @@ -1,27 +0,0 @@ -stages: - - build - -include: - - project: 'developerdurp/yml' - ref: 'main' - file: - - 'jobs/codescan.yml' - -generate_sbom: - extends: .generate_sbom - stage: build - needs: - - job: docker-build - optional: true - artifacts: true - rules: - - !reference [.default_mr_rules, rules] - -generate_cve: - extends: .generate_cve - stage: build - needs: - - job: generate_sbom - artifacts: true - rules: - - !reference [.default_mr_rules, rules] diff --git a/rules/rules.yml b/rules/rules.yml index 3efb6fd..46addc5 100644 --- a/rules/rules.yml +++ b/rules/rules.yml @@ -1,17 +1,46 @@ .default_rules: rules: - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' + - if: $CI_PIPELINE_SOURCE == "push" && $CI_PIPELINE_SOURCE == $CI_DEFAULT_BRANCH + - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH =~ '/^release/' .sonarqube_rules: rules: - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID + - if: $CI_MERGE_REQUEST_IID + exists: + - "sonar-project.properties" + - if: $CI_PIPELINE_SOURCE == "push" && $CI_PIPELINE_SOURCE == $CI_DEFAULT_BRANCH + exists: + - "sonar-project.properties" + - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH =~ '/^release/' exists: - "sonar-project.properties" .default_mr_rules: rules: - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID + - if: $CI_MERGE_REQUEST_IID + - if: $CI_PIPELINE_SOURCE == "push" && $CI_PIPELINE_SOURCE == $CI_DEFAULT_BRANCH + - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH =~ '/^release/' .mr_only_rules: rules: - if: $CI_MERGE_REQUEST_IID + +.docker_rules: + rules: + - if: $CI_MERGE_REQUEST_IID + exists: + - "Dockerfile" + - if: $CI_PIPELINE_SOURCE == "push" && $CI_PIPELINE_SOURCE == $CI_DEFAULT_BRANCH + exists: + - "Dockerfile" + - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH =~ '/^release/' + exists: + - "Dockerfile" + +.docker_publish_rules: + - if: $CI_PIPELINE_SOURCE == "push" && $CI_PIPELINE_SOURCE == $CI_DEFAULT_BRANCH + exists: + - "Dockerfile" + - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH =~ '/^release/' + exists: + - "Dockerfile"