forked from Axway/agent-sdk
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
101 lines (87 loc) · 2.78 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
##
image: docker:dind
variables:
PACKAGE_NAME: apic-agents-sdk
GIT_REPO_PATH: src/github.com/Axway # overridden from variables.yml
GIT_REPO_NAME: agent-sdk
DEPENDENCY_CHECK_FLAGS: "--scan=**/* --exclude=**/*.zip --suppression=dc-suppressions.xml" # overridden from variables.yml
# for agent trigger jobs
AWS_DISCOVERY_PROJECT_ID: 7397
V7_DISCOVERY_PROJECT_ID: 7540
AZURE_DISCOVERY_PROJECT_ID: 8585
# Fortify
FORTIFY_PROJECT: "10566"
FORTIFY_BUILD_ID: "apic_agents_sdk"
# Whitesource
WS_PROJECT_ID: "APIC_Agents_SDK"
# just to be sure we don't do vendoring
GOFLAGS: "-mod=mod"
############################################################
# Section for external includes
############################################################
include:
- project: "apigov/beano_cicd"
ref: master
# the order of these include files is important
file:
- "/gitlabci/variables.yml"
- "/gitlabci/restrictions.yml"
- "/gitlabci/jobs.yml"
- project: "scurity/gitlabci"
ref: master
file:
- "/.gitlab-ci-prepcsr.yml"
- "/.gitlab-ci-fortify.yml"
- "/.gitlab-ci-whitesource.yml"
- "/.gitlab-ci-csr.yml"
stages:
- test
- sonar
- security-scans
- security-review
- release
- update-dep
############################################################
# Section for restrictions. This is different than from
# restrictions.yml because the branch is "main", not "master"
############################################################
.only-main: &only-main
only:
- main
except:
- web
- triggers
############################################################
# Section for CSR jobs
############################################################
run-csr:
dependencies:
- fetch-fortify
- whitesource
update-csr:
dependencies:
- fetch-fortify
- whitesource:on-schedule
############################################################
# Section for triggering agent updates
############################################################
.trigger-downstream-agent:
stage: update-dep
when: manual
script:
- apk update && apk add curl ca-certificates
- echo "triggering downstream agent with SDK_SHA = ${CI_COMMIT_SHA}"
- curl --request POST --form "token=${CI_JOB_TOKEN}" --form "variables[SDK_SHA]=${CI_COMMIT_SHA}" --form ref=master ${CURL_URL_FOR_TRIGGER}/${PROJECT_ID}/trigger/pipeline
<<: *only-main
trigger-aws-apigw-discovery-agent:
before_script:
- export PROJECT_ID=${AWS_DISCOVERY_PROJECT_ID}
extends: .trigger-downstream-agent
trigger-v7-discovery-agent:
before_script:
- export PROJECT_ID=${V7_DISCOVERY_PROJECT_ID}
extends: .trigger-downstream-agent
trigger-azure-discovery-agent:
before_script:
- export PROJECT_ID=${AZURE_DISCOVERY_PROJECT_ID}
extends: .trigger-downstream-agent