diff options
author | Evan Read <eread@gitlab.com> | 2022-06-30 04:28:33 +0300 |
---|---|---|
committer | Evan Read <eread@gitlab.com> | 2022-06-30 04:28:33 +0300 |
commit | b8a934542a896c2bfc179edd537c006d40fb79a9 (patch) | |
tree | 6ecc4b0550161517ecb0bd0f0f8dfff823cbf9fd | |
parent | 02852b07b9da4c77321d2f10e0b5f8e435da429f (diff) | |
parent | ad78f97e8e8daea5563c31c94f810b03d2a10e85 (diff) |
Merge branch 'split-up-pipeline-config-2' into 'main'
Move tests and scans to separate config files
See merge request gitlab-org/gitlab-docs!2880
-rw-r--r-- | .gitlab-ci.yml | 246 | ||||
-rw-r--r-- | .gitlab/ci/security.gitlab-ci.yml | 46 | ||||
-rw-r--r-- | .gitlab/ci/test.gitlab-ci.yml | 209 |
3 files changed, 255 insertions, 246 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f9eb5696..747132b3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -232,208 +232,6 @@ compile_dev: - .rules_dev - .build_base -############################################### -# Test the website # -############################################### - -# -# Test the links in the global nav -# -test_global_nav_links: - image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.16-ruby-2.7.6-0bc327a4 - extends: - - .rules_site_tests - - .cache_gem - stage: test - script: - # Only check files in top-level directories. This means a much faster and less repetitive check of global navigation links. - - echo " all:" >> nanoc.yaml - - echo " exclude_files:" >> nanoc.yaml - - echo " - '\/(ee|runner|omnibus|charts|operator)\/.*\/.*'" >> nanoc.yaml - - "parallel time bundle exec nanoc check ::: internal_links internal_anchors" - -# -# Check the redirect file for duplicates -# -check_duplicate_redirects: - image: busybox - extends: - - .rules_site_tests - needs: [] - before_script: [] - stage: test - script: - - grep -Ir " - from:" content/_data/redirects.yaml | sort | uniq -d | tee output.txt - - exit $(cat output.txt | wc -l) - -# -# Check for index.html in navigation.yaml -# -check_index_html: - image: busybox - extends: - - .rules_site_tests - needs: [] - before_script: [] - stage: test - script: - # Check for index.html in navigation.yaml and write the output in output.txt - - grep -Ir "/index.html" content/_data/navigation.yaml | sed -e '/^#/d' | tee output.txt - - | - echo "***************************************************************************" - echo "* If this job failed, it is because a navbar entry is using 'index.html'. *" - echo "* Link to just '/' instead, For example 'ee/user/' *" - echo "***************************************************************************" - - exit $(cat output.txt | wc -l) - -# -# Run rspec tests -# -rspec: - extends: - - .rules_site_tests - - .cache_gem_yarn - needs: [] - stage: test - script: - - yarn install --cache-folder .yarn-cache - - make rspec-tests - -# -# Run JavaScript tests -# -jest: - extends: - - .rules_site_tests - - .cache_yarn - - .yarn - needs: [] - stage: test - script: - - make jest-tests - -# -# Lint JavaScript -# -js_lint: - extends: - - .rules_site_tests - - .cache_yarn - - .yarn - needs: [] - stage: test - script: - - make eslint-tests - - make prettier-tests - -# -# Lint SCSS -# -stylelint: - extends: - - .rules_site_tests - - .cache_yarn - - .yarn - needs: [] - stage: test - script: - - make stylelint-tests - -# -# Yamllint of *.yml for .gitlab-ci.yml. -# This uses rules from project root `.yamllint`. -# -yaml_lint: - extends: - - .rules_site_tests - needs: [] - stage: test - image: sdesbure/yamllint:latest - before_script: [] - script: - - yamllint .gitlab-ci.yml content/_data - -# -# Run markdownlint tests -# -markdownlint: - extends: - - .rules_site_tests - - .cache_yarn - - .yarn - needs: [] - stage: test - script: - - make markdownlint-tests - -# -# Check for broken external links -# -test_external_links: - extends: - - .cache_gem - - .rules_chores - stage: test - script: - - bundle exec nanoc check external_links - -# -# Run markdownlint to find EOL whitespace to clean up -# -test_EOL_whitespace: - extends: - - .rules_chores - - .cache_gem - stage: test - image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.16-ruby-2.7.6-0bc327a4 - needs: [] - before_script: [] - dependencies: [] - script: - - yarn global add markdownlint-cli@$MARKDOWNLINT_VERSION - - apk add jq - - bundle config set --local deployment true # Install dependencies into ./vendor/ruby - - bundle install - - bundle exec rake setup_git default - - markdownlint --config tasks/whitespace_task.yml '../gitlab/doc/**/*.md' '../gitlab-runner/doc/**/*.md' '../omnibus-gitlab/doc/**/*.md' '../charts-gitlab/doc/**/*.md' '../gitlab-operator/doc/**/*.md' - -test_unlinked_images: - extends: - - .rules_chores - - .cache_gem - stage: test - image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.16-ruby-2.7.6-0bc327a4 - needs: [] - before_script: [] - dependencies: [] - script: - - apk add jq - - bundle config set --local deployment true # Install dependencies into ./vendor/ruby - - bundle install - - bundle exec rake setup_git default - - cp tasks/unlinked-images.sh ../gitlab/unlinked-images.sh - - cp tasks/unlinked-images.sh ../charts-gitlab/unlinked-images.sh - - cp tasks/unlinked-images.sh ../omnibus-gitlab/unlinked-images.sh - - cp tasks/unlinked-images.sh ../gitlab-runner/unlinked-images.sh - - cd ../omnibus-gitlab - - ./unlinked-images.sh doc - - cd ../charts-gitlab - - ./unlinked-images.sh doc - - cd ../gitlab-runner - - ./unlinked-images.sh docs - - cd ../gitlab - - ./unlinked-images.sh doc - - -lint_dockerfiles: - extends: - - .rules_site_tests - image: hadolint/hadolint:latest-alpine - needs: [] - before_script: [] - dependencies: [] - script: - - hadolint latest.Dockerfile .gitpod.Dockerfile **/*.Dockerfile ############################################### # Review Apps # @@ -584,47 +382,3 @@ pages: paths: - public expire_in: 1d - -############################################### -# Security # -############################################### - -# -# Override Security scanning defaults to ensure specific scanners work in this pipeline -# -.security-scanning-overrides: - stage: security - dependencies: [] - needs: [] - before_script: [] - -# -# Dependency scanning job overrides -# -gemnasium-dependency_scanning: - extends: - - .ds-analyzer - - .security-scanning-overrides - -# -# SAST job overrides -# -brakeman-sast: - extends: - - .sast-analyzer - - .security-scanning-overrides - -nodejs-scan-sast: - extends: - - .sast-analyzer - - .security-scanning-overrides - -semgrep-sast: - extends: - - .sast-analyzer - - .security-scanning-overrides - -# eslint-sast scans html too, so run after html files are generated -eslint-sast: - stage: security - before_script: [] diff --git a/.gitlab/ci/security.gitlab-ci.yml b/.gitlab/ci/security.gitlab-ci.yml new file mode 100644 index 00000000..10da5487 --- /dev/null +++ b/.gitlab/ci/security.gitlab-ci.yml @@ -0,0 +1,46 @@ +############################################### +# Security # +############################################### + +# +# Security templates included in ../../.gitlab-ci.yml: +# +# - Security/Dependency-Scanning.gitlab-ci.yml +# - Security/SAST.gitlab-ci.yml +# +# Defaults are overridden below. + +# +# Override Security scanning defaults to ensure specific scanners work in this pipeline +# +.security-scanning-overrides: + stage: security + dependencies: [] + needs: [] + before_script: [] + +# +# Dependency scanning job overrides +# +gemnasium-dependency_scanning: + extends: + - .ds-analyzer + - .security-scanning-overrides + +# +# SAST job overrides +# +brakeman-sast: + extends: + - .sast-analyzer + - .security-scanning-overrides + +nodejs-scan-sast: + extends: + - .sast-analyzer + - .security-scanning-overrides + +semgrep-sast: + extends: + - .sast-analyzer + - .security-scanning-overrides diff --git a/.gitlab/ci/test.gitlab-ci.yml b/.gitlab/ci/test.gitlab-ci.yml new file mode 100644 index 00000000..779c1c36 --- /dev/null +++ b/.gitlab/ci/test.gitlab-ci.yml @@ -0,0 +1,209 @@ +############################################### +# Test the website # +############################################### + +# +# Test the links in the global nav +# +test_global_nav_links: + image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.16-ruby-2.7.6-0bc327a4 + extends: + - .rules_site_tests + - .cache_gem + stage: test + script: + # Only check files in top-level directories. This means a much faster and less repetitive check of global navigation links. + - echo " all:" >> nanoc.yaml + - echo " exclude_files:" >> nanoc.yaml + - echo " - '\/(ee|runner|omnibus|charts|operator)\/.*\/.*'" >> nanoc.yaml + - "parallel time bundle exec nanoc check ::: internal_links internal_anchors" + +# +# Check the redirect file for duplicates +# +check_duplicate_redirects: + image: busybox + extends: + - .rules_site_tests + needs: [] + before_script: [] + stage: test + script: + - grep -Ir " - from:" content/_data/redirects.yaml | sort | uniq -d | tee output.txt + - exit $(cat output.txt | wc -l) + +# +# Check for index.html in navigation.yaml +# +check_index_html: + image: busybox + extends: + - .rules_site_tests + needs: [] + before_script: [] + stage: test + script: + # Check for index.html in navigation.yaml and write the output in output.txt + - grep -Ir "/index.html" content/_data/navigation.yaml | sed -e '/^#/d' | tee output.txt + - | + echo "***************************************************************************" + echo "* If this job failed, it is because a navbar entry is using 'index.html'. *" + echo "* Link to just '/' instead, For example 'ee/user/' *" + echo "***************************************************************************" + - exit $(cat output.txt | wc -l) + +# +# Run rspec tests +# +rspec: + extends: + - .rules_site_tests + - .cache_gem_yarn + needs: [] + stage: test + script: + - yarn install --cache-folder .yarn-cache + - make rspec-tests + +# +# Run JavaScript tests +# +jest: + extends: + - .rules_site_tests + - .cache_yarn + - .yarn + needs: [] + stage: test + script: + - make jest-tests + +# +# Lint JavaScript +# +js_lint: + extends: + - .rules_site_tests + - .cache_yarn + - .yarn + needs: [] + stage: test + script: + - make eslint-tests + - make prettier-tests + +# +# Lint SCSS +# +stylelint: + extends: + - .rules_site_tests + - .cache_yarn + - .yarn + needs: [] + stage: test + script: + - make stylelint-tests + +# +# Yamllint of *.yml for .gitlab-ci.yml. +# This uses rules from project root `.yamllint`. +# +yaml_lint: + extends: + - .rules_site_tests + needs: [] + stage: test + image: sdesbure/yamllint:latest + before_script: [] + script: + - yamllint .gitlab-ci.yml content/_data + +# +# Run markdownlint tests +# +markdownlint: + extends: + - .rules_site_tests + - .cache_yarn + - .yarn + needs: [] + stage: test + script: + - make markdownlint-tests + +# +# Check for broken external links +# +test_external_links: + extends: + - .cache_gem + - .rules_chores + stage: test + script: + - bundle exec nanoc check external_links + +# +# Run markdownlint to find EOL whitespace to clean up +# +test_EOL_whitespace: + extends: + - .rules_chores + - .cache_gem + stage: test + image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.16-ruby-2.7.6-0bc327a4 + needs: [] + before_script: [] + dependencies: [] + script: + - yarn global add markdownlint-cli@$MARKDOWNLINT_VERSION + - apk add jq + - bundle config set --local deployment true # Install dependencies into ./vendor/ruby + - bundle install + - bundle exec rake setup_git default + - markdownlint --config tasks/whitespace_task.yml '../gitlab/doc/**/*.md' '../gitlab-runner/doc/**/*.md' '../omnibus-gitlab/doc/**/*.md' '../charts-gitlab/doc/**/*.md' '../gitlab-operator/doc/**/*.md' + +test_unlinked_images: + extends: + - .rules_chores + - .cache_gem + stage: test + image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.16-ruby-2.7.6-0bc327a4 + needs: [] + before_script: [] + dependencies: [] + script: + - apk add jq + - bundle config set --local deployment true # Install dependencies into ./vendor/ruby + - bundle install + - bundle exec rake setup_git default + - cp tasks/unlinked-images.sh ../gitlab/unlinked-images.sh + - cp tasks/unlinked-images.sh ../charts-gitlab/unlinked-images.sh + - cp tasks/unlinked-images.sh ../omnibus-gitlab/unlinked-images.sh + - cp tasks/unlinked-images.sh ../gitlab-runner/unlinked-images.sh + - cd ../omnibus-gitlab + - ./unlinked-images.sh doc + - cd ../charts-gitlab + - ./unlinked-images.sh doc + - cd ../gitlab-runner + - ./unlinked-images.sh docs + - cd ../gitlab + - ./unlinked-images.sh doc + +lint_dockerfiles: + extends: + - .rules_site_tests + image: hadolint/hadolint:latest-alpine + needs: [] + before_script: [] + dependencies: [] + script: + - hadolint latest.Dockerfile .gitpod.Dockerfile **/*.Dockerfile + +# +# eslint-sast scans html too, so run in security stage after html files are generated +# + +eslint-sast: + stage: security + before_script: [] |