Merge branch 'feature/gosec' into 'main'
Added gosec CI / MR CI See merge request Phil/goshorly!4
This commit is contained in:
commit
6b2e368b9a
1 changed files with 39 additions and 5 deletions
|
@ -1,3 +1,6 @@
|
||||||
|
variables:
|
||||||
|
REPO_NAME: git.ucode.space/Phil/goshorly
|
||||||
|
|
||||||
stages:
|
stages:
|
||||||
- test
|
- test
|
||||||
- build
|
- build
|
||||||
|
@ -5,12 +8,27 @@ stages:
|
||||||
format:
|
format:
|
||||||
image: golang:latest
|
image: golang:latest
|
||||||
stage: test
|
stage: test
|
||||||
|
before_script:
|
||||||
|
- mkdir -p $GOPATH/src/$(dirname $REPO_NAME)
|
||||||
|
- ln -svf $CI_PROJECT_DIR $GOPATH/src/$REPO_NAME
|
||||||
|
- cd $GOPATH/src/$REPO_NAME
|
||||||
script:
|
script:
|
||||||
- go fmt $(go list ./... | grep -v /vendor/)
|
- go fmt $(go list ./... | grep -v /vendor/)
|
||||||
- go vet $(go list ./... | grep -v /vendor/)
|
- go vet $(go list ./... | grep -v /vendor/)
|
||||||
- go test -race $(go list ./... | grep -v /vendor/)
|
- go test -race $(go list ./... | grep -v /vendor/)
|
||||||
|
|
||||||
docker-build:
|
gosec:
|
||||||
|
image: golang:latest
|
||||||
|
before_script:
|
||||||
|
- mkdir -p $GOPATH/src/$(dirname $REPO_NAME)
|
||||||
|
- ln -svf $CI_PROJECT_DIR $GOPATH/src/$REPO_NAME
|
||||||
|
- cd $GOPATH/src/$REPO_NAME
|
||||||
|
script:
|
||||||
|
- go install github.com/securego/gosec/v2/cmd/gosec@latest
|
||||||
|
- go get -v -d .
|
||||||
|
- gosec ./...
|
||||||
|
|
||||||
|
docker-build-prod:
|
||||||
image: docker:latest
|
image: docker:latest
|
||||||
stage: build
|
stage: build
|
||||||
services:
|
services:
|
||||||
|
@ -28,7 +46,23 @@ docker-build:
|
||||||
fi
|
fi
|
||||||
- docker build --pull -t "$CI_REGISTRY_IMAGE${tag}" .
|
- docker build --pull -t "$CI_REGISTRY_IMAGE${tag}" .
|
||||||
- docker push "$CI_REGISTRY_IMAGE${tag}"
|
- docker push "$CI_REGISTRY_IMAGE${tag}"
|
||||||
rules:
|
except:
|
||||||
- if: $CI_COMMIT_BRANCH
|
- merge_requests
|
||||||
exists:
|
|
||||||
- Dockerfile
|
docker-build-MR-dry-run:
|
||||||
|
image: docker:latest
|
||||||
|
stage: build
|
||||||
|
services:
|
||||||
|
- docker:dind
|
||||||
|
script:
|
||||||
|
- |
|
||||||
|
if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
|
||||||
|
tag=""
|
||||||
|
echo "Running on default branch '$CI_DEFAULT_BRANCH': tag = 'latest'"
|
||||||
|
else
|
||||||
|
tag=":$CI_COMMIT_REF_SLUG"
|
||||||
|
echo "Running on branch '$CI_COMMIT_BRANCH': tag = $tag"
|
||||||
|
fi
|
||||||
|
- docker build --pull -t "$CI_REGISTRY_IMAGE${tag}" .
|
||||||
|
only:
|
||||||
|
- merge_requests
|
Loading…
Reference in a new issue