Skip to content
Snippets Groups Projects
Select Git revision
  • b697ef3fedfbf061c462e5145bebcd6be5e5746f
  • master default protected
2 results

.gitlab-ci.yml

Blame
  • Dmytro Bogatov's avatar
    Dmytro Bogatov authored
    b697ef3f
    History
    Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    .gitlab-ci.yml 1.80 KiB
    stages:
    - test
    - build-review
    - review
    - quality-security # TODO
    - release
    
    variables:
      INDEX: "index.html"
      REPO: "templates/simple-webpage"
      AUTHPASSWORD: "example" # change to "" (empty string) to disable authentication
      # username is always "review" (without quotes)
    
    include:
    - 'https://git.dbogatov.org/templates/ci-snippets/raw/master/simple-website/before-script.yml'
    
    # - 'https://git.dbogatov.org/templates/ci-snippets/raw/master/simple-website/tidy.yml'
    # - 'https://git.dbogatov.org/templates/ci-snippets/raw/master/simple-website/blc.yml'
    
    - 'https://git.dbogatov.org/templates/ci-snippets/raw/master/simple-website/review/build-review.yml'
    
    - 'https://git.dbogatov.org/templates/ci-snippets/raw/master/simple-website/review/review.yml'
    - 'https://git.dbogatov.org/templates/ci-snippets/raw/master/simple-website/review/stop-review.yml'
    
    # - 'https://git.dbogatov.org/templates/ci-snippets/raw/master/code-quality.yml'
    # - 'https://git.dbogatov.org/templates/ci-snippets/raw/master/sast.yml'
    # - 'https://git.dbogatov.org/templates/ci-snippets/raw/master/deps-scan.yml'
    # - 'https://git.dbogatov.org/templates/ci-snippets/raw/master/container-scan.yml'
    
    - 'https://git.dbogatov.org/templates/ci-snippets/raw/master/simple-website/dockerify.yml'
    - 'https://git.dbogatov.org/templates/ci-snippets/raw/master/simple-website/pages.yml'
    
    dast:
      stage: quality-security
      image: registry.gitlab.com/gitlab-org/security-products/zaproxy
      variables:
        website: "https://review:$AUTHPASSWORD@$CI_BUILD_REF_NAME-$CI_PROJECT_NAME.review.dbogatov.org"
      allow_failure: true
      script:
        - mkdir /zap/wrk/
        - /zap/zap-baseline.py -J gl-dast-report.json -t $website || true
        - cp /zap/wrk/gl-dast-report.json .
      artifacts:
        reports:
          dast: gl-dast-report.json
      when: delayed
      start_in: 1 minutes
      tags:
      - docker