.gitlab-ci.yml

image: docker:latest

stages:
  - test
  - scan

services:
  - docker:dind

variables:
  DOCKER_HOST: "tcp://docker:2375"
  DOCKER_TLS_CERTDIR: ""
  DOCKER_DRIVER: overlay2
  CONTAINER_RELEASE_IMAGE: beo1975/ronja-server:latest

scan-code:
  stage: .pre
  image:
    name: "zricethezav/gitleaks:latest"
    entrypoint: [""]
  script:
    - gitleaks detect --verbose --redact --no-git --source="$CI_PROJECT_DIR"
  rules:
    - if: $CI_PIPELINE_SOURCE != "schedule"
  tags:
    - docker

scan-image:
  stage: scan
  image:
    name: "aquasec/trivy:latest"
    entrypoint: [""]
  script:
    - trivy i --no-progress --ignore-unfixed --clear-cache --exit-code 1 $CONTAINER_RELEASE_IMAGE
  rules:
    - if: $CI_PIPELINE_SOURCE == "schedule"
  tags:
    - docker

scan-vulnerabilities:
  stage: .pre
  image:
    name: "aquasec/trivy:latest"
    entrypoint: [""]
  script:
    - trivy fs --no-progress --ignore-unfixed --exit-code 0 $CI_PROJECT_DIR
  allow_failure: true
  rules:
    - if: $CI_PIPELINE_SOURCE != "schedule"
  tags:
    - docker

test-code:
  image: eclipse-temurin:21.0.5_11-jdk-jammy
  stage: test
  script:
    - chmod +x gradlew
    - ./gradlew jacocoTestReport
    - cat build/reports/jacoco/test/html/index.html
  coverage: "/Total.*?([0-9]{1,3})%/"
  rules:
    - if: $CI_PIPELINE_SOURCE != "schedule"
  tags:
    - gitlab-org-docker