198 lines
6.2 KiB
YAML
198 lines
6.2 KiB
YAML
|
|
stages:
|
|
- chores
|
|
- validation
|
|
- build
|
|
- prepare
|
|
- test
|
|
- release
|
|
- sync
|
|
- deploy
|
|
- publish
|
|
|
|
include:
|
|
- local: $JOB_ROOT_DIR/lint/yaml.gitlab-ci.yaml
|
|
- local: $JOB_ROOT_DIR/template/automagic.gitlab-ci.yaml
|
|
|
|
- local: $JOB_ROOT_DIR/conventional_commits/.gitlab-ci.yml
|
|
- local: $JOB_ROOT_DIR/git_push_mirror/.gitlab-ci.yml
|
|
- local: $JOB_ROOT_DIR/gitlab_release/.gitlab-ci.yml
|
|
- local: $JOB_ROOT_DIR/lint/markdown.gitlab-ci.yaml
|
|
- local: $JOB_ROOT_DIR/python/.gitlab-ci.yml
|
|
- template: Security/Dependency-Scanning.gitlab-ci.yml
|
|
#- template: Security/License-Scanning.gitlab-ci.yml
|
|
|
|
|
|
variables:
|
|
JOB_ROOT_DIR: '.'
|
|
SECURE_LOG_LEVEL: debug
|
|
GIT_SUBMODULE_STRATEGY: normal
|
|
GIT_SYNC_URL: "https://$GITHUB_USERNAME_ROBOT:$GITHUB_TOKEN_ROBOT@github.com/NoFussComputing/gitlab-ci.git"
|
|
MY_PROJECT_ID: "28543717"
|
|
LICENSE_FINDER_CLI_OPTS: '--recursive'
|
|
MDLINT_PATHS: "**/*.md **/**/*.md **/**/**/*.md **/**/**/**/*.md **/**/**/**/**/**/*.md #**CHANGELOG.md #CHANGELOG.md #website-template/** #.gitlab/**"
|
|
PAGES_ENVIRONMENT_PATH: projects/gitlab-ci/
|
|
|
|
# Scanner doesn't Pickup multiple pip files. Disable and specify jobs with pip file.
|
|
gemnasium-python-dependency_scanning:
|
|
rules:
|
|
- when: never
|
|
|
|
# source: https://gitlab.com/gitlab-org/gitlab/-/blob/2f33a8cb4dcea7b875e360d4cd9e016e027d2973/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
|
|
.gemnasium-python-dependency_scanning:
|
|
extends: .ds-analyzer
|
|
image:
|
|
name: "$DS_ANALYZER_IMAGE"
|
|
variables:
|
|
# Python 3.7 not available
|
|
# DS_PYTHON_VERSION: "3.7"
|
|
# DS_ANALYZER_IMAGE is an undocumented variable used internally to allow QA to
|
|
# override the analyzer image with a custom value. This may be subject to change or
|
|
# breakage across GitLab releases.
|
|
DS_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/gemnasium-python:$DS_MAJOR_VERSION"
|
|
# Stop reporting Pipenv and Setuptools as "pip".
|
|
# See https://gitlab.com/gitlab-org/gitlab/-/issues/338252
|
|
DS_REPORT_PACKAGE_MANAGER_PIP_WHEN_PYTHON: "false"
|
|
# Can't find pillow 9.0, check python version. 3.6 only available, 3.7 not.
|
|
before_script:
|
|
- python --version
|
|
# Bug reported at gitlab-org/gitlab#350949.
|
|
# workaround, delete all other pip files except the one to be scanned
|
|
# Delete all existing pipfiles except the one to be scanned.
|
|
- for found_file in $(find . -type f -name 'requirements.txt'); do if [ $found_file != "./$PIP_REQUIREMENTS_FILE" ]; then echo "[DEBUG] Removing '$found_file' due to bug reported at gitlab-org/gitlab#350949"; rm -f $found_file; fi done;
|
|
rules:
|
|
- if: $DEPENDENCY_SCANNING_DISABLED
|
|
when: never
|
|
# Support passing of $PIP_REQUIREMENTS_FILE
|
|
# See https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#configuring-specific-analyzers-used-by-dependency-scanning
|
|
- if: $CI_COMMIT_BRANCH &&
|
|
$GITLAB_FEATURES =~ /\bdependency_scanning\b/ &&
|
|
$DS_DEFAULT_ANALYZERS =~ /gemnasium-python/ &&
|
|
$PIP_REQUIREMENTS_FILE &&
|
|
( $CI_PIPELINE_SOURCE == "push" || $CI_PIPELINE_SOURCE == "pipeline")
|
|
|
|
Ansible Dependencies:
|
|
extends: .gemnasium-python-dependency_scanning
|
|
variables:
|
|
PIP_REQUIREMENTS_FILE: ansible/requirements.txt
|
|
|
|
|
|
conventional_commits Dependencies:
|
|
extends: .gemnasium-python-dependency_scanning
|
|
variables:
|
|
PIP_REQUIREMENTS_FILE: conventional_commits/requirements.txt
|
|
|
|
|
|
gitlab_release Dependencies:
|
|
extends: .gemnasium-python-dependency_scanning
|
|
variables:
|
|
PIP_REQUIREMENTS_FILE: gitlab_release/requirements.txt
|
|
|
|
|
|
mkdocs Dependencies:
|
|
extends: .gemnasium-python-dependency_scanning
|
|
variables:
|
|
PIP_REQUIREMENTS_FILE: mkdocs/requirements.txt
|
|
|
|
|
|
python Dependencies:
|
|
extends: .gemnasium-python-dependency_scanning
|
|
variables:
|
|
PIP_REQUIREMENTS_FILE: python/requirements.txt
|
|
|
|
|
|
yaml_lint Dependencies:
|
|
extends: .gemnasium-python-dependency_scanning
|
|
variables:
|
|
PIP_REQUIREMENTS_FILE: lint/requirements.txt
|
|
|
|
|
|
PyLint:
|
|
extends:
|
|
- .PyLint
|
|
image: python:3.6-slim
|
|
|
|
|
|
gilab-ci.yml Lint (python 3.11):
|
|
extends:
|
|
- .Gitlab_CI.Lint.YAML
|
|
image: python:3.11-slim
|
|
|
|
|
|
Ansible_docker_os.Submodule.Deploy:
|
|
extends: .submodule_update_trigger
|
|
variables:
|
|
SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/ansible/ansible_docker_os
|
|
|
|
|
|
Ansible_playbooks.Submodule.Deploy:
|
|
extends: .submodule_update_trigger
|
|
variables:
|
|
SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/ansible/ansible_playbooks
|
|
|
|
|
|
Ansible-roles.Submodule.Deploy:
|
|
extends: .submodule_update_trigger
|
|
variables:
|
|
SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/ansible/ansible-roles
|
|
|
|
|
|
config.Submodule.Deploy:
|
|
extends: .submodule_update_trigger
|
|
variables:
|
|
SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/infrastructure/config
|
|
|
|
|
|
Docker_Mail.Submodule.Deploy:
|
|
extends: .submodule_update_trigger
|
|
variables:
|
|
SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/docker-mail
|
|
|
|
|
|
docker-buildx-qemu.Submodule.Deploy:
|
|
extends: .submodule_update_trigger
|
|
variables:
|
|
SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/docker-buildx-qemu
|
|
|
|
|
|
docker-glpi.Submodule.Deploy:
|
|
extends: .submodule_update_trigger
|
|
variables:
|
|
SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/docker-glpi
|
|
|
|
|
|
docker_management.Submodule.Deploy:
|
|
extends: .submodule_update_trigger
|
|
variables:
|
|
SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/ansible/docker_management
|
|
|
|
|
|
execution_environment.Submodule.Deploy:
|
|
extends: .submodule_update_trigger
|
|
variables:
|
|
SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/ansible/execution_environment
|
|
|
|
|
|
git_configuration.Submodule.Deploy:
|
|
extends: .submodule_update_trigger
|
|
variables:
|
|
SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/ansible/git_configuration
|
|
|
|
|
|
nodered_ldap_self_service.Submodule.Deploy:
|
|
extends: .submodule_update_trigger
|
|
variables:
|
|
SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/nodered_ldap_self_service
|
|
|
|
|
|
Ops.Submodule.Deploy:
|
|
extends: .submodule_update_trigger
|
|
variables:
|
|
SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/ops
|
|
|
|
|
|
Website.Submodule.Deploy:
|
|
extends: .submodule_update_trigger
|
|
variables:
|
|
SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/infrastructure/website
|