diff options
author | Antenore Gatta <antenore@simbiosi.org> | 2020-11-27 19:20:45 +0300 |
---|---|---|
committer | Antenore Gatta <antenore@simbiosi.org> | 2020-11-27 19:20:45 +0300 |
commit | 6e885f7045ae5b43d62ef77bb35f3cb293f19c2c (patch) | |
tree | 8ee4cfe8f088fc91ff8e0d6440499305e084c3f2 /.gitlab-ci.yml | |
parent | c88fc6c0968bdce2b87775ed602623d6af7a2991 (diff) |
Set .gitlab-ci.yml to enable or configure SAST
Diffstat (limited to '.gitlab-ci.yml')
-rw-r--r-- | .gitlab-ci.yml | 195 |
1 files changed, 84 insertions, 111 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5f056cfe5..e617d420d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,161 +1,134 @@ ---- +# You can override the included template(s) by including variable overrides +# See https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings +# Note that environment variables can be set in several places +# See https://docs.gitlab.com/ee/ci/variables/#priority-of-environment-variables image: registry.gitlab.com/remmina/remmina/ubuntu:18.04 - stages: - - build -# - flatpak_build - +- build +- test variables: GIT_SUBMODULE_STRATEGY: recursive BUILD_FOLDER: build - DEB_PPA: "ppa:remmina-ppa-team/remmina-next" - FREERDP_DAILY_PPA: "ppa:remmina-ppa-team/freerdp-daily" - DOCKER_IMAGE: "ubuntu:bionic" + DEB_PPA: ppa:remmina-ppa-team/remmina-next + FREERDP_DAILY_PPA: ppa:remmina-ppa-team/freerdp-daily + DOCKER_IMAGE: ubuntu:bionic CMAKE_BUILD_OPTIONS: "-DCMAKE_BUILD_TYPE=Release -DWITH_APPINDICATOR=on -DWITH_FREERDP3=OFF" FLATPAK_ARCH: x86_64 - before_script: - - mkdir -p .flatpak-builder/cache - -#raspbian:test: -# services: -# - docker:dind -# tags: -# - arm -# image: raspbian/stretch -# stage: build -# before_script: -# - apt-get update -qq -# -# script: -# - mkdir $BUILD_FOLDER -# - cmake -B$BUILD_FOLDER -H. $CMAKE_BUILD_OPTIONS -# - make VERBOSE=1 -C $BUILD_FOLDER -# only: -# - web - -# TODO: We should create a job for each distro and test the compile correcthly -# but _only_ if triggered at certain conditions (releases, tag, etc) -# http://docs.gitlab.com/ee/ci/yaml/README.html#only-and-except-simplified -# This is an example for Ubuntu +- mkdir -p .flatpak-builder/cache ubuntu:devel: - # image: ubuntu:devel - # stage: cross_environment stage: build before_script: - - apt-get update -qq - - apt-get install -y -qq libpcre2-8-0 libpcre2-dev - + - apt-get update -qq + - apt-get install -y -qq libpcre2-8-0 libpcre2-dev script: - - mkdir $BUILD_FOLDER - - cmake -B$BUILD_FOLDER -H. $CMAKE_BUILD_OPTIONS - - make VERBOSE=1 -C $BUILD_FOLDER + - mkdir $BUILD_FOLDER + - cmake -B$BUILD_FOLDER -H. $CMAKE_BUILD_OPTIONS + - make VERBOSE=1 -C $BUILD_FOLDER only: refs: - - master - - tags - - merge_requests - - web - - schedules - + - master + - tags + - merge_requests + - web + - schedules appimage:build: - # image: ubuntu:devel - # stage: cross_environment image: registry.gitlab.com/remmina/remmina/ubuntu:18.04 stage: build before_script: - - apt-get update -qq - - apt-get install -y -qq libpcre2-8-0 libpcre2-dev wget - + - apt-get update -qq + - apt-get install -y -qq libpcre2-8-0 libpcre2-dev wget script: - - mkdir $BUILD_FOLDER - - cmake -B$BUILD_FOLDER -H. $CMAKE_BUILD_OPTIONS -DCMAKE_INSTALL_PREFIX=/usr - - make VERBOSE=1 -C $BUILD_FOLDER - - make VERBOSE=1 -C $BUILD_FOLDER install DESTDIR=AppDir - # Temporary using old binaries as there's an opened bug https://github.com/linuxdeploy/linuxdeploy/issues/143 - #- wget https://github.com/linuxdeploy/linuxdeploy/releases/download/continuous/linuxdeploy-x86_64.AppImage --directory-prefix=$BUILD_FOLDER/ - - wget -c https://artifacts.assassinate-you.net/artifactory/list/linuxdeploy/travis-456/linuxdeploy-x86_64.AppImage --directory-prefix=$BUILD_FOLDER/ - - wget -c https://github.com/linuxdeploy/linuxdeploy-plugin-appimage/releases/download/continuous/linuxdeploy-plugin-appimage-x86_64.AppImage --directory-prefix=$BUILD_FOLDER/ - - wget -c https://raw.githubusercontent.com/linuxdeploy/linuxdeploy-plugin-gtk/master/linuxdeploy-plugin-gtk.sh --directory-prefix=$BUILD_FOLDER/ - - chmod +x $BUILD_FOLDER/*AppImage $BUILD_FOLDER/*sh - - export OUTPUT="Remmina-x86_64.AppImage" - - cd $BUILD_FOLDER && ./linuxdeploy-x86_64.AppImage --appimage-extract - - mv squashfs-root/ linuxdeploy/ - - export UPDATE_INFORMATION="gh-releases-zsync|AppImage|appimaged|continuous|appimaged*$ARCH*.AppImage.zsync" - - export SIGN=1 - - export VERBOSE=1 - - linuxdeploy/AppRun --appdir AppDir --plugin gtk --output appimage - # - linuxdeploy/AppRun --appdir AppDir --output appimage - + - mkdir $BUILD_FOLDER + - cmake -B$BUILD_FOLDER -H. $CMAKE_BUILD_OPTIONS -DCMAKE_INSTALL_PREFIX=/usr + - make VERBOSE=1 -C $BUILD_FOLDER + - make VERBOSE=1 -C $BUILD_FOLDER install DESTDIR=AppDir + - wget -c https://artifacts.assassinate-you.net/artifactory/list/linuxdeploy/travis-456/linuxdeploy-x86_64.AppImage + --directory-prefix=$BUILD_FOLDER/ + - wget -c https://github.com/linuxdeploy/linuxdeploy-plugin-appimage/releases/download/continuous/linuxdeploy-plugin-appimage-x86_64.AppImage + --directory-prefix=$BUILD_FOLDER/ + - wget -c https://raw.githubusercontent.com/linuxdeploy/linuxdeploy-plugin-gtk/master/linuxdeploy-plugin-gtk.sh + --directory-prefix=$BUILD_FOLDER/ + - chmod +x $BUILD_FOLDER/*AppImage $BUILD_FOLDER/*sh + - export OUTPUT="Remmina-x86_64.AppImage" + - cd $BUILD_FOLDER && ./linuxdeploy-x86_64.AppImage --appimage-extract + - mv squashfs-root/ linuxdeploy/ + - export UPDATE_INFORMATION="gh-releases-zsync|AppImage|appimaged|continuous|appimaged*$ARCH*.AppImage.zsync" + - export SIGN=1 + - export VERBOSE=1 + - linuxdeploy/AppRun --appdir AppDir --plugin gtk --output appimage artifacts: - name: "Remmina-x86_64.AppImage" - expose_as: "Download AppImage" + name: Remmina-x86_64.AppImage + expose_as: Download AppImage paths: - - build/Remmina-x86_64.AppImage + - build/Remmina-x86_64.AppImage expire_in: 7 days only: refs: - web - schedules - flatpak:test: image: registry.gitlab.com/remmina/remmina/ubuntu:18.04 stage: build variables: - BUNDLE: "remmina-dev.flatpak" - FLATPAK_PPA: "ppa:alexlarsson/flatpak" - FLATHUB_REPO: "https://flathub.org/repo/flathub.flatpakrepo" + BUNDLE: remmina-dev.flatpak + FLATPAK_PPA: ppa:alexlarsson/flatpak + FLATHUB_REPO: https://flathub.org/repo/flathub.flatpakrepo before_script: - - apt-get update -qq - - add-apt-repository $FLATPAK_PPA -y - - apt-get update -qq - - apt-get install -y -qq flatpak-builder flatpak build-essential git-core - - flatpak --user remote-add --if-not-exists flathub $FLATHUB_REPO + - apt-get update -qq + - add-apt-repository $FLATPAK_PPA -y + - apt-get update -qq + - apt-get install -y -qq flatpak-builder flatpak build-essential git-core + - flatpak --user remote-add --if-not-exists flathub $FLATHUB_REPO script: - - /bin/sh -xe ./flatpak/flatpak-build.sh + - "/bin/sh -xe ./flatpak/flatpak-build.sh" artifacts: - expose_as: "Download the flatpak" + expose_as: Download the flatpak paths: - - flatpak/remmina-dev.flatpak + - flatpak/remmina-dev.flatpak expire_in: 7 days cache: paths: - - flatpak/.flatpak-builder/cache - - flatpak/.flatpak-builder/downloads - - flatpak/.flatpak-builder/git + - flatpak/.flatpak-builder/cache + - flatpak/.flatpak-builder/downloads + - flatpak/.flatpak-builder/git only: - - merge_requests - - tags - - web - - schedules - + - merge_requests + - tags + - web + - schedules snap:build: image: ubuntudesktop/gnome-3-28-1804 stage: build script: - - export LC_ALL=C.UTF-8 - - export LANG=C.UTF-8 - - export SNAP_ARCH=amd64 - - export SNAPCRAFT_BUILD_INFO=1 - - apt-get -y update - - snapcraft --destructive-mode - - | - if [ "$CI_COMMIT_REF_NAME" = "master" ]; then - echo $SNAPCRAFT_LOGIN | snapcraft login --with - - snapcraft push remmina*.snap --release edge - snapcraft logout - fi + - export LC_ALL=C.UTF-8 + - export LANG=C.UTF-8 + - export SNAP_ARCH=amd64 + - export SNAPCRAFT_BUILD_INFO=1 + - apt-get -y update + - snapcraft --destructive-mode + - | + if [ "$CI_COMMIT_REF_NAME" = "master" ]; then + echo $SNAPCRAFT_LOGIN | snapcraft login --with - + snapcraft push remmina*.snap --release edge + snapcraft logout + fi allow_failure: false artifacts: - paths: ['./*.snap'] + paths: + - "./*.snap" expire_in: 10 days only: refs: - - tags - - merge_requests - - web - - schedules + - tags + - merge_requests + - web + - schedules trigger_build: stage: build script: - - "curl -X POST -F token=$CITOKEN -F ref=master https://gitlab.com/api/v4/projects/10530342/trigger/pipeline" + - curl -X POST -F token=$CITOKEN -F ref=master https://gitlab.com/api/v4/projects/10530342/trigger/pipeline +sast: + stage: test +include: +- template: Security/SAST.gitlab-ci.yml |