forked from hkc/mastoposter
41 lines
1.2 KiB
YAML
41 lines
1.2 KiB
YAML
stages:
|
|
- test
|
|
- build-image
|
|
- post-test
|
|
|
|
sast:
|
|
stage: test
|
|
include:
|
|
- template: Security/SAST.gitlab-ci.yml
|
|
- template: Security/SAST-IaC.latest.gitlab-ci.yml
|
|
- template: Security/Secret-Detection.gitlab-ci.yml
|
|
- template: Security/Container-Scanning.gitlab-ci.yml
|
|
|
|
docker-image-build:
|
|
stage: build-image
|
|
image: docker:20-git
|
|
script:
|
|
- docker build -t $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:latest .
|
|
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
|
- docker image push $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:latest
|
|
rules:
|
|
- if: $CI_COMMIT_BRANCH == "master"
|
|
exists:
|
|
- Dockerfile
|
|
changes:
|
|
- "*.py"
|
|
- Dockerfile
|
|
- requirements.txt
|
|
- .gitlab-ci.yml
|
|
|
|
container_scanning:
|
|
stage: post-test
|
|
variables:
|
|
CS_DISABLE_DEPENDENCY_LIST: "true"
|
|
CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:latest
|
|
CI_APPLICATION_REPOSITORY: $CI_REGISTRY_IMAGE/hatkidchan-mastoposter
|
|
CI_APPLICATION_TAG: "latest"
|
|
CS_DISABLE_LANGUAGE_VULNERABILITY_SCAN: "false"
|
|
CS_ANALYZER_IMAGE: "registry.gitlab.com/security-products/container-scanning/grype:5"
|
|
SECURE_LOG_LEVEL: "debug"
|