From 1b2e77090e14ae17b9fb3643eb3308456868aea2 Mon Sep 17 00:00:00 2001 From: Denys Konovalov Date: Thu, 14 Apr 2022 11:41:59 +0000 Subject: [PATCH] Configure SAST in `.gitlab-ci.yml`, creating this file if it does not already exist --- .gitlab-ci.yml | 35 +++++++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 728cf2b..0579dda 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,10 +1,13 @@ +# You can override the included template(s) by including variable overrides +# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings +# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings +# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings +# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings +# Note that environment variables can be set in several places +# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence image: registry.gitlab.com/pages/hugo/hugo_extended:latest - variables: GIT_SUBMODULE_STRATEGY: recursive - - - deploy_website: before_script: - apk add --update --no-cache git curl @@ -12,7 +15,8 @@ deploy_website: - git config --global user.email "denys.konovalov@protonmail.com" script: - hugo --gc --minify --cleanDestinationDir - - git clone --depth=1 --single-branch --branch main "https://x-access-token:$TOKEN@gitlab.cantorgymnasium.de/cantortechnik/website-build.git" /tmp/gh-pages + - git clone --depth=1 --single-branch --branch main "https://x-access-token:$TOKEN@gitlab.cantorgymnasium.de/cantortechnik/website-build.git" + /tmp/gh-pages - rm -rf /tmp/gh-pages/* - export OLD_PATH=$PWD - cp -r public/* /tmp/gh-pages @@ -27,4 +31,23 @@ deploy_website: paths: - public rules: - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH \ No newline at end of file + - if: "$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH" +stages: +- build +- test +- deploy +- review +- dast +- staging +- canary +- production +- incremental rollout 10% +- incremental rollout 25% +- incremental rollout 50% +- incremental rollout 100% +- performance +- cleanup +sast: + stage: test +include: +- template: Auto-DevOps.gitlab-ci.yml