HTWK/htwkalender
1
1
Fork 0
mirror of https://gitlab.dit.htwk-leipzig.de/htwk-software/htwkalender.git synced 2025-07-16 09:38:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

Configure SAST in .gitlab-ci.yml, creating this file if it does not already exist

Browse Source
This commit is contained in:
Elmar Kresse
2025-04-23 12:04:02 +02:00
parent 132c5f74d6
commit 6441fd5340
1 changed files with 54 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

120
.gitlab-ci.yml
View File

@ -1,114 +1,102 @@
#Calendar implementation for the HTWK Leipzig timetable. Evaluation and display of the individual dates in iCal format. # You can override the included template(s) by including variable overrides
#Copyright (C) 2024 HTWKalender support@htwkalender.de # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/pipeline/#customization
#This program is free software: you can redistribute it and/or modify # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
#it under the terms of the GNU Affero General Public License as published by # Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
#the Free Software Foundation, either version 3 of the License, or # Note that environment variables can be set in several places
#(at your option) any later version. # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
#GNU Affero General Public License for more details.
#You should have received a copy of the GNU Affero General Public License
#along with this program. If not, see <https://www.gnu.org/licenses/>.
stages: stages:
- lint - lint
- sonarqube-check - sonarqube-check
- test - test
- build - build
- package - package
- deploy - deploy
lint-frontend: lint-frontend:
image: node:lts image: node:lts
stage: lint stage: lint
script: script:
- cd frontend - cd frontend
- npm i - npm i
- npm run lint-no-fix - npm run lint-no-fix
rules: rules:
- changes: - changes:
- frontend/**/* - frontend/**/*
lint-data-manager: lint-data-manager:
stage: lint stage: lint
image: golangci/golangci-lint:latest image: golangci/golangci-lint:latest
script: script:
- cd services/data-manager - cd services/data-manager
- go mod download - go mod download
- golangci-lint --version - golangci-lint --version
- golangci-lint run -v --skip-dirs=migrations --timeout=5m - golangci-lint run -v --skip-dirs=migrations --timeout=5m
rules: rules:
- changes: - changes:
- services/data-manager/**/* - services/data-manager/**/*
lint-ical: lint-ical:
stage: lint stage: lint
image: golangci/golangci-lint:latest image: golangci/golangci-lint:latest
script: script:
- cd services/ical - cd services/ical
- go mod download - go mod download
- golangci-lint --version - golangci-lint --version
- golangci-lint run -v --skip-dirs=migrations --timeout=5m - golangci-lint run -v --skip-dirs=migrations --timeout=5m
rules: rules:
- changes: - changes:
- services/ical/**/* - services/ical/**/*
sonarqube-data-manager: sonarqube-data-manager:
stage: sonarqube-check stage: sonarqube-check
tags: tags:
- imn - imn
image: image:
name: sonarsource/sonar-scanner-cli:5.0 name: sonarsource/sonar-scanner-cli:5.0
entrypoint: entrypoint:
- '' - ''
variables: variables:
SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"
GIT_DEPTH: '0' GIT_DEPTH: '0'
cache: cache:
key: "${CI_JOB_NAME}" key: "${CI_JOB_NAME}"
paths: paths:
- ".sonar/cache" - ".sonar/cache"
script: script:
- cd services/data-manager - cd services/data-manager
- sonar-scanner - sonar-scanner
allow_failure: true allow_failure: true
rules: rules:
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"' - if: $CI_PIPELINE_SOURCE == "merge_request_event"
- if: '$CI_COMMIT_REF_NAME == "master" || $CI_COMMIT_REF_NAME == "main" || $CI_COMMIT_REF_NAME == "develop"' - if: $CI_COMMIT_REF_NAME == "master" || $CI_COMMIT_REF_NAME == "main" || $CI_COMMIT_REF_NAME
== "develop"
test-data-manager: test-data-manager:
image: golang:alpine image: golang:alpine
stage: test stage: test
script: script:
- cd services/data-manager - cd services/data-manager
- go test -v ./... - go test -v ./...
rules: rules:
- changes: - changes:
- services/data-manager/**/* - services/data-manager/**/*
test-ical: test-ical:
image: golang:alpine image: golang:alpine
stage: test stage: test
script: script:
- cd services/ical - cd services/ical
- go test -v ./... - go test -v ./...
rules: rules:
- changes: - changes:
- services/ical/**/* - services/ical/**/*
test-frontend: test-frontend:
image: node:lts image: node:lts
stage: test stage: test
script: script:
- cd frontend - cd frontend
- npm i - npm i
- npm run test - npm run test
dependencies: dependencies:
- lint-frontend - lint-frontend
include: include:
- local: 'charts/ci-build-deploy.yml' - local: charts/ci-build-deploy.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml - template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/SAST.gitlab-ci.yml
sast:
stage: test