From 73604acf8463e1ba5ab83591f6d9e14ab1fa8cd8 Mon Sep 17 00:00:00 2001
From: Dmytro Bogatov <dmytro@dbogatov.org>
Date: Fri, 26 Jun 2020 22:21:35 -0400
Subject: [PATCH] Update template.
---
.gitlab-ci.yml | 84 +++++++++++++++++---------------------------------
1 file changed, 29 insertions(+), 55 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 9a5e242..f8bf139 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,3 +1,9 @@
+default:
+ image: dbogatov/docker-images:alpine-extras-latest
+ retry: 2
+ tags:
+ - docker
+
stages:
- pre-build
- build
@@ -13,7 +19,7 @@ variables:
# username is always "review" (without quotes)
DOCKER_TLS_CERTDIR: ""
- CI_REF: &ref 74e4459e1240030af23e4b0ff46085fc2158a9b2
+ CI_REF: &ref af5b1dc8b8e1d8229e204c37eda52257382a703f
include:
# BUILD
@@ -40,11 +46,6 @@ include:
ref: *ref
# TEST
- # # https://git.dbogatov.org/templates/ci-snippets/-/blob/master/simple-website/blc.yml
- # - project: "templates/ci-snippets"
- # file: "simple-website/blc.yml"
- # ref: *ref
-
# https://git.dbogatov.org/templates/ci-snippets/-/blob/master/simple-website/bli.yml
- project: "templates/ci-snippets"
file: "simple-website/bli.yml"
@@ -55,6 +56,26 @@ include:
file: "simple-website/tidy.yml"
ref: *ref
+ # https://git.dbogatov.org/templates/ci-snippets/-/blob/master/quality-security/sast.yml
+ - project: "templates/ci-snippets"
+ file: "quality-security/sast.yml"
+ ref: *ref
+
+ # https://git.dbogatov.org/templates/ci-snippets/-/blob/master/quality-security/performance.yml
+ - project: "templates/ci-snippets"
+ file: "quality-security/performance.yml"
+ ref: *ref
+
+ # https://git.dbogatov.org/templates/ci-snippets/-/blob/master/quality-security/dast.yml
+ - project: "templates/ci-snippets"
+ file: "quality-security/dast.yml"
+ ref: *ref
+
+ # https://git.dbogatov.org/templates/ci-snippets/-/blob/master/quality-security/accessibility.yml
+ - project: "templates/ci-snippets"
+ file: "quality-security/accessibility.yml"
+ ref: *ref
+
# RELEASE
# https://git.dbogatov.org/templates/ci-snippets/-/blob/master/simple-website/release-docker.yml
- project: "templates/ci-snippets"
@@ -72,57 +93,10 @@ include:
file: "trigger-websites-deploy.yml"
ref: *ref
- - template: Verify/Browser-Performance.gitlab-ci.yml
-
- - template: DAST.gitlab-ci.yml
-
-performance:
- stage: test
- variables:
- GIT_STRATEGY: none
- SITESPEED_OPTIONS: -n 1 -d 2 --visualMetrics false --video false
- URL: https://$CI_BUILD_REF_NAME-$CI_PROJECT_NAME.review.dbogatov.org/
- rules:
- - when: manual
- allow_failure: true
- tags:
- - docker
-
dast:
- stage: test
variables:
- DAST_WEBSITE: https://$CI_BUILD_REF_NAME-$CI_PROJECT_NAME.review.dbogatov.org
DAST_FULL_SCAN_ENABLED: "true"
- rules:
- - when: manual
- allow_failure: true
- tags:
- - docker
-# https://gitlab.com/gitlab-org/gitlab/-/raw/master/lib/gitlab/ci/templates/Verify/Accessibility.gitlab-ci.yml
-accessibility:
- stage: test
- image: node
+secrets-sast:
variables:
- GIT_STRATEGY: none
- a11y_urls: https://$CI_BUILD_REF_NAME-$CI_PROJECT_NAME.review.dbogatov.org
- script:
- - wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - && \
- - echo "deb http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google.list && \
- - apt-get update && \
- - apt-get install -y google-chrome-stable && \
- - rm -rf /var/lib/apt/lists/*
- - npm install pa11y@5.3.0 pa11y-reporter-html@1.0.0
- - 'echo { \"chromeLaunchConfig\": { \"args\": [\"--no-sandbox\"] }, \"includeWarnings\": true, \"reporter\": \"html\" } > pa11y.json'
- - "./node_modules/.bin/pa11y $a11y_urls > accessibility.html || true"
- - test -f accessibility.html
- allow_failure: true
- artifacts:
- when: always
- expose_as: "accessibility"
- paths: ["accessibility.html"]
- rules:
- - when: manual
- allow_failure: true
- tags:
- - docker
+ SAST_GITLEAKS_HISTORIC_SCAN: "true"
--
GitLab