Newer
Older
stages:
- pulling_repo
- secrets_in_repo
- linting_code
- linting_docker
variables:
GITLAB_API: "https://labs.etsi.org/api/v4"
CI_JOB_TOKEN: $CI_JOB_TOKEN
.common: &common
only:
- merge_requests
except:
variables:
- $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "staging"
tags:
- shell
pulling_repo:
stage: pulling_repo
script:
- git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git
secrets_in_repo:
stage: secrets_in_repo
script:
- pip install trufflehog
- trufflehog capif --exclude_paths cicd/exclusions --max_depth=5
needs: ["pulling_repo"]
# define the process to do linting code: Sonarque, ruff?
linting_code:
stage: linting_code
script:
- echo "ruff checks"
needs: ["secrets_in_repo"]
linting_docker:
stage: linting_docker
image: hadolint/hadolint:latest-debian
script:
- find . -name 'capif/services/Dockerfile*' -exec hadolint --no-fail -f gitlab_codeclimate {} + > docker-lint.json
# - hadolint services/capif-client/Dockerfile
# - hadolint services/nginx/Dockerfile
# - hadolint services/register/Dockerfile
artifacts:
name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
when: always
reports:
codequality:
- docker-lint.json
interruptible: true
needs: ["linting_code"]