This repository has been archived by the owner on Sep 9, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
.gitlab-ci.yml
157 lines (136 loc) · 4.46 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
image: dockerhub.artifactory-phx.ecd.axway.int/library/docker:20.10.6
variables:
PROJECT: "agents-webmethods"
CSR_SUPPRESSION_LIST: "/tmp/csr-suppressions/amplify-central/golang-agents-common.json"
# Fortify
FORTIFY_PROJECT: "10808"
FORTIFY_BUILD_ID: "agents-webmethods"
FORTIFY_INCLUDE: "**/*.go"
FORTIFY_EXCLUDE: "**/*_test.go"
# Blackduck
BLACKDUCK_PROJECT_NAME: "Amplify - APIC webMethods Agents"
# just to be sure we don't do vendoring
GOFLAGS: "-mod=mod"
########################################
# set up custom names for the pipelines of releases and nightly schedules
########################################
PIPELINE_NAME: "$CI_COMMIT_MESSAGE"
workflow:
name: "$PIPELINE_NAME"
rules:
- if: $CI_PIPELINE_SOURCE == "schedule" && $COMPONENT_TESTS_ONLY == "y"
variables:
PIPELINE_NAME: "Scheduled nightly tests"
- if: $CI_PIPELINE_SOURCE == "schedule"
variables:
PIPELINE_NAME: "Scheduled nightly CSR"
- when: always
stages:
- test
- qa-test
- sonar-preview
- sonar-publish
- build
- security-scans
- security-review
############################################################
# Section for included yaml files
############################################################
include:
- project: "apigov/gitlabci"
ref: master
file: "/.gitlab-ci-sonar.yml"
- project: "apigov/beano_cicd"
ref: $BEANO_CICD_LATEST
# the order of these include files is important
file:
- "/gitlabci/variables.yml"
- "/gitlabci/restrictions.yml"
- "/gitlabci/jobs.yml"
- project: "scurity/gitlabci"
ref: $SCURITY_LATEST
file:
- "/.gitlab-ci-fortify.yml"
- "/.gitlab-ci-blackduck.yml"
- "/.gitlab-ci-iriusrisk.yml"
- "/.gitlab-ci-twistlock.yml"
- "/.gitlab-ci-csr.yml"
- project: "apigov/beano_cicd"
ref: $BEANO_CICD_LATEST
# this one MUST be after the scurity jobs in order for overrides to work correctly!
file:
- "/gitlabci/csrjobs.yml"
twistlock-discovery:
extends: .twistlock
rules:
- !reference [.mirror-branch-csr-rules, rules]
before_script:
- apk --no-cache update && apk add make
- make docker-build-discovery
- export IMAGE_NAME=webmethods_discovery_agent:latest
# twistlock-traceability:
# extends: .twistlock
# rules:
# - !reference [.mirror-branch-csr-rules, rules]
# before_script:
# - apk --no-cache update && apk add make
# - make docker-build-traceability
# - export IMAGE_NAME=webmethods_traceability_agent:latest
twistlock-discovery:on-schedule:
extends: .twistlock
rules:
- !reference [.mirror-schedule-csr-rules, rules]
dependencies: []
variables:
# need to override this variable for github agents because the tag willneed the 'v' if it exists
NO_V_RELEASE_TAG_REGEX: "^v?[0-9]{1,}\\.[0-9]{1,}\\.[0-9]{1,}$"
before_script:
- !reference [.get-agent-last-tag, script]
- echo "Using the last tagged version ${LAST_TAG_VERSION}"
- export IMAGE_NAME=ghcr.io/axway/webmethods_discovery_agent:${LAST_TAG_VERSION}
- docker pull ${IMAGE_NAME}
# twistlock-traceability:on-schedule:
# extends: .twistlock
# rules:
# - !reference [.mirror-schedule-csr-rules, rules]
# dependencies: []
# before_script:
# - apk --no-cache update && apk add git
# - *get-latest-tag
# - export IMAGE_NAME=ghcr.io/axway/webmethods_traceability_agent:${LAST_TAG_VERSION}
# - docker pull ${IMAGE_NAME}
blackduck:on-schedule:
rules:
- !reference [.mirror-schedule-csr-rules, rules]
before_script:
- !reference [.get-agent-last-tag, script]
# overridden from csrjobs.yml because mirror repos like this one don't get merge events
fortify:
rules:
- !reference [.mirror-branch-csr-rules, rules]
fetch-fortify:
rules:
- !reference [.mirror-branch-csr-rules, rules]
blackduck-rapid:
rules:
- !reference [.mirror-branch-csr-rules, rules]
run-csr:
rules:
- !reference [.mirror-branch-csr-rules, rules]
####################
# CSR - overridden from csrjobs.yml to effectively not see these jobs ever. For some reason, probably multi-level
# extends and overrides, using only-never for these csr jobs doesn't work. Had to do it like this.
####################
fetch-iriusrisk:
rules:
- !reference [.only-never-rule, rules]
fetch-iriusrisk:on-schedule:
rules:
- !reference [.only-never-rule, rules]
twistlock:
rules:
- !reference [.only-never-rule, rules]
dependencies:
twistlock:on-schedule:
rules:
- !reference [.only-never-rule, rules]