yml/pipelines/compliance.yml

stages:
  - compliance

include:
  - template: Security/Secret-Detection.gitlab-ci.yml
  - project: 'developerdurp/yml'
    ref: 'main'
    file: 
      - 'jobs/version.yml'
      - 'jobs/sonarqube.yml'
      - 'jobs/golang.yml'

version:
  extends: .version
  stage: .pre
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/'

secret_detection:
  stage: validate
  rules:
    - if: $CI_MERGE_REQUEST_IID
  allow_failure: false

sonarqube:
  extends: .sonarcloud-check
  stage: validate
  allow_failure: true
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID
      exists:
        - "sonar-project.properties"  

generate_sbom:
  extends: .generate_sbom
  stage: validate
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID

generate_cve:
  extends: .generate_cve
  stage: validate
  needs:
    - job: generate_sbom
      artifacts: true
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID