-
Notifications
You must be signed in to change notification settings - Fork 1
/
.gitlab-ci.yml
153 lines (133 loc) · 4.27 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
image: docker:dind
variables:
PROJECT: "agents-kong"
CSR_SUPPRESSION_LIST: "/tmp/csr-suppressions/amplify-central/golang-agents-common.json"
# Fortify
FORTIFY_PROJECT: "10853"
FORTIFY_BUILD_ID: "agents-kong"
FORTIFY_INCLUDE: "**/*.go"
FORTIFY_EXCLUDE: "**/*_test.go"
# Blackduck
BLACKDUCK_PROJECT_NAME: "Amplify - APIC Kong Agents"
########################################
# set up custom names for the pipelines of releases and nightly schedules
########################################
PIPELINE_NAME: "$CI_COMMIT_MESSAGE"
workflow:
name: "$PIPELINE_NAME"
rules:
- if: $CI_PIPELINE_SOURCE == "schedule" && $COMPONENT_TESTS_ONLY == "y"
variables:
PIPELINE_NAME: "Scheduled nightly tests"
- if: $CI_PIPELINE_SOURCE == "schedule"
variables:
PIPELINE_NAME: "Scheduled nightly CSR"
- when: always
include:
- project: "apigov/gitlabci"
ref: master
file: "/.gitlab-ci-sonar.yml"
- project: "apigov/beano_cicd"
ref: $BEANO_CICD_LATEST
# the order of these include files is important
file:
- "/gitlabci/variables.yml"
- "/gitlabci/restrictions.yml"
- "/gitlabci/jobs.yml"
- project: "scurity/gitlabci"
ref: $SCURITY_LATEST
file:
- "/.gitlab-ci-fortify.yml"
- "/.gitlab-ci-twistlock.yml"
- "/.gitlab-ci-iriusrisk.yml"
- "/.gitlab-ci-blackduck.yml"
- "/.gitlab-ci-csr.yml"
- project: "apigov/beano_cicd"
ref: $BEANO_CICD_LATEST
# the order of these include files is important
file:
- "/gitlabci/csrjobs.yml"
stages:
- test
- qa-test
- sonar-preview
- sonar-publish
- security-scans
- security-review
twistlock-discovery:
extends: .twistlock
rules:
- !reference [.mirror-branch-csr-rules, rules]
before_script:
- apk --no-cache update && apk add make
- make docker-da
- export IMAGE_NAME=kong-discovery-agent:latest
twistlock-traceability:
extends: .twistlock
rules:
- !reference [.mirror-branch-csr-rules, rules]
before_script:
- apk --no-cache update && apk add make
- make docker-ta
- export IMAGE_NAME=kong-traceability-agent:latest
twistlock-discovery:on-schedule:
extends: .twistlock
rules:
- !reference [.mirror-schedule-csr-rules, rules]
dependencies: []
variables:
# need to override this variable for github agents because the tag will need the 'v' if it exists
NO_V_RELEASE_TAG_REGEX: "^v?[0-9]{1,}\\.[0-9]{1,}\\.[0-9]{1,}$"
before_script:
- !reference [.get-agent-last-tag, script]
- echo "Using the last tagged version ${LAST_TAG_VERSION}"
- export IMAGE_NAME=ghcr.io/axway/kong_discovery_agent:${LAST_TAG_VERSION}
- docker pull ${IMAGE_NAME}
twistlock-traceability:on-schedule:
extends: .twistlock
rules:
- !reference [.mirror-schedule-csr-rules, rules]
dependencies: []
variables:
# need to override this variable for github agents because the tag will need the 'v' if it exists
NO_V_RELEASE_TAG_REGEX: "^v?[0-9]{1,}\\.[0-9]{1,}\\.[0-9]{1,}$"
before_script:
- !reference [.get-agent-last-tag, script]
- echo "Using the last tagged version ${LAST_TAG_VERSION}"
- export IMAGE_NAME=ghcr.io/axway/kong_traceability_agent:${LAST_TAG_VERSION}
- docker pull ${IMAGE_NAME}
blackduck:on-schedule:
rules:
- !reference [.mirror-schedule-csr-rules, rules]
before_script:
- !reference [.get-agent-last-tag, script]
# overridden from csrjobs.yml because mirror repos like this one don't get merge events
fortify:
rules:
- !reference [.mirror-branch-csr-rules, rules]
fetch-fortify:
rules:
- !reference [.mirror-branch-csr-rules, rules]
blackduck-rapid:
rules:
- !reference [.mirror-branch-csr-rules, rules]
run-csr:
rules:
- !reference [.mirror-branch-csr-rules, rules]
####################
# CSR - overridden from csrjobs.yml to effectively not see these jobs ever. For some reason, probably multi-level
# extends and overrides, using only-never for these csr jobs doesn't work. Had to do it like this.
####################
fetch-iriusrisk:
rules:
- !reference [.only-never-rule, rules]
fetch-iriusrisk:on-schedule:
rules:
- !reference [.only-never-rule, rules]
twistlock:
rules:
- !reference [.only-never-rule, rules]
dependencies:
twistlock:on-schedule:
rules:
- !reference [.only-never-rule, rules]