-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
91 lines (76 loc) · 2.24 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
image: "ruby:2.7"
include:
- template: 'Workflows/MergeRequest-Pipelines.gitlab-ci.yml'
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/License-Scanning.gitlab-ci.yml
- template: Security/SAST.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
.tests:
stage: test
cache:
paths:
- vendor/ruby
before_script:
- ruby -v # Print out ruby version for debugging
- bundle install -j $(nproc) --path vendor/ruby/$RUBY_VERSION
rubocop:
extends: .tests
script:
- bundle exec rubocop
.rspec:
extends: .tests
script:
- bundle exec rspec
rspec:mri:
extends: .rspec
image: "ruby:$RUBY_VERSION"
parallel:
matrix:
- RUBY_VERSION:
- "2.7"
- "3.0"
rspec:jruby:
extends: .rspec
image: "bitnami/jruby:latest"
variables:
RUBY_VERSION: jruby
rspec:truffleruby:
extends: .rspec
image: "flavorjones/truffleruby:latest"
variables:
RUBY_VERSION: truffleruby
danger-review:
extends: .tests
needs: []
script:
- >
if [ -z "$DANGER_GITLAB_API_TOKEN" ]; then
# Force danger to skip CI source GitLab and fallback to "local only git repo".
unset GITLAB_CI
# We need to base SHA to help danger determine the base commit for this shallow clone.
bundle exec danger dry_run --fail-on-errors=true --verbose --base="$CI_MERGE_REQUEST_DIFF_BASE_SHA"
else
bundle exec danger --fail-on-errors=true --verbose
fi
# run security jobs on MRs
# see: https://gitlab.com/gitlab-org/gitlab/-/issues/218444#note_478761991
brakeman-sast:
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
gemnasium-dependency_scanning:
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
bundler-audit-dependency_scanning:
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
license_scanning:
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
secret_detection:
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'