Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
stages:
- pulling_repo
- secrets_in_repo
- linting_code
- linting_docker
variables:
GITLAB_API: "https://labs.etsi.org/api/v4"
CI_JOB_TOKEN: $CI_JOB_TOKEN
pulling_repo:
stage: pulling_repo
script:
- git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git
tags:
- shell
secrets_in_repo:
stage: secrets_in_repo
script:
- pip install trufflehog
- trufflehog capif --exclude_paths cicd/exclusions --max_depth=5
needs: ["pulling_repo"]
tags:
- shell
# define the process to do linting code: Sonarque, ruff?
linting_code:
stage: linting_code
script:
- echo "ruff checks"
needs: ["secrets_in_repo"]
tags:
- shell
linting_docker:
stage: linting_docker
image: hadolint/hadolint:latest-debian
script:
- find . -name 'capif/services/Dockerfile*' -exec hadolint --no-fail -f gitlab_codeclimate {} + > docker-lint.json
# - hadolint services/capif-client/Dockerfile
# - hadolint services/nginx/Dockerfile
# - hadolint services/register/Dockerfile
artifacts:
name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
when: always
reports:
codequality:
- docker-lint.json
interruptible: true
needs: ["linting_code"]
tags:
- shell