From 2498440a5ea75b1aff98213b0e4226d02e08b540 Mon Sep 17 00:00:00 2001 From: Jaime Martinez Date: Mon, 10 Aug 2020 13:43:35 +1000 Subject: Move scanners and tests into their own file Include local stage files --- .gitlab-ci.yml | 129 ++----------------------------------------------- .gitlab/ci/prepare.yml | 48 ++++++++++++++++++ .gitlab/ci/test.yml | 72 +++++++++++++++++++++++++++ 3 files changed, 124 insertions(+), 125 deletions(-) create mode 100644 .gitlab/ci/prepare.yml create mode 100644 .gitlab/ci/test.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a6098fbe..08a5a641 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,8 +1,3 @@ -include: - - template: Security/License-Scanning.gitlab-ci.yml - - template: Security/SAST.gitlab-ci.yml - - template: Security/Dependency-Scanning.gitlab-ci.yml - stages: - prepare - test @@ -19,6 +14,10 @@ workflow: - if: '$CI_COMMIT_BRANCH =~ /^[\d-]+-stable(-ee)?$/' - if: '$CI_COMMIT_BRANCH =~ /^security\//' +include: + - local: .gitlab/ci/prepare.yml + - local: .gitlab/ci/test.yml + default: image: golang:1.13 tags: @@ -32,123 +31,3 @@ default: cache: paths: - .GOPATH/pkg/mod/ - -.tests: - extends: .go-mod-cache - stage: test - tags: - - gitlab-org-docker - needs: ['download deps'] - script: - - echo "Running all tests without daemonizing..." - - make test - - echo "Running just the acceptance tests daemonized (tmpdir)...." - - TEST_DAEMONIZE=tmpdir make acceptance - - echo "Running just the acceptance tests daemonized (inplace)...." - - TEST_DAEMONIZE=inplace make acceptance - artifacts: - paths: - - bin/gitlab-pages - -license_scanning: - stage: prepare - variables: - LICENSE_MANAGEMENT_SETUP_CMD: go mod vendor - rules: - - if: $CI_MERGE_REQUEST_ID - when: on_success - - if: $CI_COMMIT_BRANCH == 'master' - when: on_success - -dependency_scanning: - stage: prepare - rules: - - if: '$CI_MERGE_REQUEST_ID' - - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' - -# disable eslint-sast since html files are fixtures for testing -eslint-sast: - rules: - - when: never - -secrets-sast: - stage: prepare - rules: - - if: $CI_MERGE_REQUEST_ID - when: on_success - - if: $CI_COMMIT_BRANCH == 'master' - when: on_success - -gosec-sast: - stage: prepare - rules: - - if: $CI_MERGE_REQUEST_ID - when: on_success - - if: $CI_COMMIT_BRANCH == 'master' - when: on_success - -download deps: - extends: .go-mod-cache - stage: prepare - script: - - make deps-download - artifacts: - paths: - - go.mod - - go.sum - -cover: - extends: .go-mod-cache - stage: test - needs: ['download deps'] - script: - - make setup - - make generate-mocks - - make cover - coverage: '/total:.+\(statements\).+\d+\.\d+/' - artifacts: - paths: - - coverage.html - -code_quality: - stage: test - needs: ['download deps'] - extends: .go-mod-cache - image: golangci/golangci-lint:v1.27.0 - variables: - REPORT_FILE: gl-code-quality-report.json - LINT_FLAGS: "--color never --deadline 15m" - OUT_FORMAT: code-climate - script: - - golangci-lint run ./... --out-format ${OUT_FORMAT} ${LINT_FLAGS} | tee ${REPORT_FILE} - timeout: 15 minutes - artifacts: - reports: - codequality: ${REPORT_FILE} - paths: - - ${REPORT_FILE} - -test:1.13: - extends: .tests - image: golang:1.13 - -test:1.14: - extends: .tests - image: golang:1.14 - -race: - extends: .go-mod-cache - stage: test - tags: - - gitlab-org-docker - needs: ['download deps'] - script: - - echo "Running race detector" - - make race - -check deps: - extends: .go-mod-cache - stage: test - needs: ['download deps'] - script: - - make deps-check diff --git a/.gitlab/ci/prepare.yml b/.gitlab/ci/prepare.yml new file mode 100644 index 00000000..33082984 --- /dev/null +++ b/.gitlab/ci/prepare.yml @@ -0,0 +1,48 @@ +include: + - template: Security/License-Scanning.gitlab-ci.yml + - template: Security/SAST.gitlab-ci.yml + - template: Security/Dependency-Scanning.gitlab-ci.yml + +# workflow rules are not extended by scanner jobs +# TODO: remove when https://gitlab.com/gitlab-org/gitlab/-/issues/218444 is done +.rules-for-scanners: + stage: prepare + rules: + # For merge requests, create a pipeline. + - if: '$CI_MERGE_REQUEST_IID' + # For `master` branch, create a pipeline (this includes on schedules, pushes, merges, etc.). + - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' + # For tags, create a pipeline. + - if: '$CI_COMMIT_TAG' + # For stable, and security branches, create a pipeline. + - if: '$CI_COMMIT_BRANCH =~ /^[\d-]+-stable(-ee)?$/' + - if: '$CI_COMMIT_BRANCH =~ /^security\//' + +license_scanning: + variables: + LICENSE_MANAGEMENT_SETUP_CMD: go mod vendor + extends: .rules-for-scanners + +dependency_scanning: + extends: .rules-for-scanners + +# disable eslint-sast since html files are fixtures for testing +eslint-sast: + rules: + - when: never + +secrets-sast: + extends: .rules-for-scanners + +gosec-sast: + extends: .rules-for-scanners + +download deps: + extends: .go-mod-cache + stage: prepare + script: + - make deps-download + artifacts: + paths: + - go.mod + - go.sum diff --git a/.gitlab/ci/test.yml b/.gitlab/ci/test.yml new file mode 100644 index 00000000..8c4e757b --- /dev/null +++ b/.gitlab/ci/test.yml @@ -0,0 +1,72 @@ +.tests: + extends: .go-mod-cache + stage: test + tags: + - gitlab-org-docker + needs: ['download deps'] + script: + - echo "Running all tests without daemonizing..." + - make test + - echo "Running just the acceptance tests daemonized (tmpdir)...." + - TEST_DAEMONIZE=tmpdir make acceptance + - echo "Running just the acceptance tests daemonized (inplace)...." + - TEST_DAEMONIZE=inplace make acceptance + artifacts: + paths: + - bin/gitlab-pages + +test:1.13: + extends: .tests + image: golang:1.13 + +test:1.14: + extends: .tests + image: golang:1.14 + +race: + extends: .go-mod-cache + stage: test + needs: ['download deps'] + tags: + - gitlab-org-docker + script: + - echo "Running race detector" + - make race + +cover: + stage: test + extends: .go-mod-cache + needs: ['download deps'] + script: + - make setup + - make generate-mocks + - make cover + coverage: '/total:.+\(statements\).+\d+\.\d+/' + artifacts: + paths: + - coverage.html + +code_quality: + stage: test + extends: .go-mod-cache + needs: ['download deps'] + image: golangci/golangci-lint:v1.27.0 + variables: + REPORT_FILE: gl-code-quality-report.json + LINT_FLAGS: "--color never --deadline 15m" + OUT_FORMAT: code-climate + script: + - golangci-lint run ./... --out-format ${OUT_FORMAT} ${LINT_FLAGS} | tee ${REPORT_FILE} + timeout: 15 minutes + artifacts: + reports: + codequality: ${REPORT_FILE} + paths: + - ${REPORT_FILE} + +check deps: + stage: test + extends: .go-mod-cache + needs: ['download deps'] + script: + - make deps-check -- cgit v1.2.3