test (0ce8aa13) · Commits · Gitlab / Codeclimate

.gitlab-ci.yml

0 → 100644

+164 −0

Original line number	Diff line number	Diff line
		# Heavily inspired by:
		# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml

		variables:
		# Setting this variable will affect all Security templates
		# (SAST, Dependency Scanning, ...)
		COMPONENTS_PREFIX: "codeclimate"
		COMPONENTS_LIST: >-
		codeclimate-structure, codeclimate-duplication, codeclimate-parser, codeclimate-eslint,
		codeclimate-sonar-java, codeclimate-brakeman, codeclimate-tfsec, codeclimate-rubocop,
		codeclimate-flog, codeclimate-sonar-python, codeclimate-csslint, codeclimate-golangci-lint,
		codeclimate-bundler-audit, codeclimate-standard, codeclimate-gofmt, codeclimate-rubymotion,
		codeclimate-pmd, codeclimate-phpcodesniffer, codeclimate-phpmd, codeclimate-govet,
		codeclimate-watson, codeclimate-sonar-php, codeclimate-pep8, codeclimate-golint,
		codeclimate-reek, codeclimate-editorconfig, codeclimate-grep, codeclimate-fixme,
		codeclimate-checkstyle, codeclimate-coffeelint, codeclimate-bandit, codeclimate-markdownlint,
		codeclimate-shellcheck, codeclimate-stylelint, codeclimate-tflint, codeclimate-credo,
		codeclimate-phan, codeclimate-black, codeclimate-swiftlint, codeclimate-pylint,
		codeclimate-radon, codeclimate-semgrep, codeclimate-dart, codeclimate-codenarc,
		codeclimate-tslint, codeclimate-haxe-chackstyle, codeclimate-scss-lint, codeclimate-hlint,
		codeclimate-scalastyle, codeclimate-cppcheck, codeclimate-ember-template-lint, codeclimate-sass-lint,
		codeclimate-kibit, codeclimate-haml-lint, codeclimate-luacheck, codeclimate-foodcritic,
		codeclimate-isort, codeclimate-tailor, codeclimate-apexmetrics, codeclimate-nodesecurity,
		codeclimate-protobuf, codeclimate-checks, codeclimate-git-legal, codeclimate-rustfmt,
		codeclimate-complexity-ruby, codeclimate-proselint, codeclimate-codescan, codeclimate-vint,
		codeclimate-gnu-complexity, codeclimate-apex, codeclimate-clog, codeclimate-requiresafe

		COMPONENTS_DOWNLOAD_IMAGES: "true"
		COMPONENTS_PUSH_IMAGES: "true"
		COMPONENTS_SAVE_ARTIFACTS: "false"

		COMPONENTS_COMPONENT_VERSION: "latest"

		.download_images:
		allow_failure: true
		image: ${DOCKER_IMAGE}
		only:
		refs:
		- branches
		variables:
		DOCKER_DRIVER: overlay2
		DOCKER_TLS_CERTDIR: ""
		services:
		- name: "${DIND_IMAGE}"
		command: ['--tls=false', '--host=tcp://0.0.0.0:2375']
		alias: docker
		script:
		- docker info
		- env
		- if [ -z "$COMPONENTS_IMAGE" ]; then export COMPONENTS_IMAGE=${COMPONENTS_IMAGE:-"${COMPONENTS_PREFIX}/${CI_JOB_NAME}:${COMPONENTS_COMPONENT_VERSION}"}; fi
		- docker pull --quiet ${COMPONENTS_IMAGE}
		- mkdir -p output/$(dirname ${CI_JOB_NAME})
		- \|
		if [ "$COMPONENTS_SAVE_ARTIFACTS" = "true" ]; then
		docker save ${COMPONENTS_IMAGE} \| gzip > output/${CI_JOB_NAME}_${COMPONENTS_COMPONENT_VERSION}.tar.gz
		sha256sum output/${CI_JOB_NAME}_${COMPONENTS_COMPONENT_VERSION}.tar.gz > output/${CI_JOB_NAME}_${COMPONENTS_COMPONENT_VERSION}.tar.gz.sha256sum
		fi
		- \|
		if [ "$COMPONENTS_PUSH_IMAGES" = "true" ]; then
		docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
		docker tag ${COMPONENTS_IMAGE} ${CI_REGISTRY_IMAGE}/${CI_JOB_NAME}:${COMPONENTS_COMPONENT_VERSION}
		docker push ${CI_REGISTRY_IMAGE}/${CI_JOB_NAME}:${COMPONENTS_COMPONENT_VERSION}
		fi

		artifacts:
		paths:
		- output/

		#
		# Codeclimate
		#

		codeclimate:
		extends: .download_images
		only:
		variables:
		- $COMPONENTS_DOWNLOAD_IMAGES == "true"


		codeclimate-structure:
		extends: .download_images
		only:
		variables:
		- $COMPONENTS_DOWNLOAD_IMAGES == "true" &&
		$COMPONENTS_LIST =~ /\bcodeclimate-structure\b/

		codeclimate-duplication:
		extends: .download_images
		only:
		variables:
		- $COMPONENTS_DOWNLOAD_IMAGES == "true" &&
		$COMPONENTS_LIST =~ /\bcodeclimate-duplication\b/

		codeclimate-parser:
		extends: .download_images
		only:
		variables:
		- $COMPONENTS_DOWNLOAD_IMAGES == "true" &&
		$COMPONENTS_LIST =~ /\bcodeclimate-parser\b/

		codeclimate-eslint:
		extends: .download_images
		only:
		variables:
		- $COMPONENTS_DOWNLOAD_IMAGES == "true" &&
		$COMPONENTS_LIST =~ /\bcodeclimate-eslint\b/


		codeclimate-sonar-java:
		extends: .download_images
		only:
		variables:
		- $COMPONENTS_DOWNLOAD_IMAGES == "true" &&
		$COMPONENTS_LIST =~ /\bcodeclimate-sonar-java\b/

		codeclimate-brakeman:
		extends: .download_images
		only:
		variables:
		- $COMPONENTS_DOWNLOAD_IMAGES == "true" &&
		$COMPONENTS_LIST =~ /\bcodeclimate-brakeman\b/

		codeclimate-tfsec:
		extends: .download_images
		only:
		variables:
		- $COMPONENTS_DOWNLOAD_IMAGES == "true" &&
		$COMPONENTS_LIST =~ /\bcodeclimate-tfsec\b/

		codeclimate-rubocop:
		extends: .download_images
		only:
		variables:
		- $COMPONENTS_DOWNLOAD_IMAGES == "true" &&
		$COMPONENTS_LIST =~ /\bcodeclimate-rubocop\b/


		codeclimate-flog:
		extends: .download_images
		only:
		variables:
		- $COMPONENTS_DOWNLOAD_IMAGES == "true" &&
		$COMPONENTS_LIST =~ /\bcodeclimate-flog\b/

		codeclimate-sonar-python:
		extends: .download_images
		only:
		variables:
		- $COMPONENTS_DOWNLOAD_IMAGES == "true" &&
		$COMPONENTS_LIST =~ /\bcodeclimate-sonar-python\b/

		codeclimate-csslint:
		extends: .download_images
		only:
		variables:
		- $COMPONENTS_DOWNLOAD_IMAGES == "true" &&
		$COMPONENTS_LIST =~ /\bcodeclimate-csslint\b/

		codeclimate-golangci-lint:
		extends: .download_images
		only:
		variables:
		- $COMPONENTS_DOWNLOAD_IMAGES == "true" &&
		$COMPONENTS_LIST =~ /\bcodeclimate-golangci-lint\b/