Configure Dependency Scanning in .gitlab-ci.yml, creating this file if it does not already exist

This commit is contained in:
Hector 2023-06-21 15:13:39 +00:00
parent 211a5015d0
commit 7aea489a71

View File

@ -1,31 +1,33 @@
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
stages: stages:
- test - test
- build - build
- release - release
".go_template":
.go_template:
image: golang:latest image: golang:latest
sast: sast:
stage: test stage: test
include: include:
- template: Security/SAST.gitlab-ci.yml - template: Security/SAST.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
format: format:
extends: .go_template extends: ".go_template"
stage: test stage: test
script: script:
- make check/fmt - make check/fmt
test: test:
extends: .go_template extends: ".go_template"
stage: test stage: test
script: script:
- make test - make test
build: build:
extends: .go_template extends: ".go_template"
stage: build stage: build
script: script:
- make build - make build
@ -33,28 +35,23 @@ build:
paths: paths:
- fail2ban_exporter - fail2ban_exporter
expire_in: 1 day expire_in: 1 day
release: release:
stage: release stage: release
image: docker:stable image: docker:stable
services: services:
- docker:dind - docker:dind
variables: variables:
DOCKER_REGISTRY: $CI_REGISTRY DOCKER_REGISTRY: "$CI_REGISTRY"
DOCKER_USERNAME: $CI_REGISTRY_USER DOCKER_USERNAME: "$CI_REGISTRY_USER"
DOCKER_PASSWORD: $CI_REGISTRY_PASSWORD DOCKER_PASSWORD: "$CI_REGISTRY_PASSWORD"
GIT_DEPTH: 0 GIT_DEPTH: 0
rules: rules:
- if: $CI_COMMIT_TAG =~ /^v.*$/ - if: "$CI_COMMIT_TAG =~ /^v.*$/"
script: script:
- docker run --rm --privileged \ - docker run --rm --privileged \ -v $PWD:/go/src/gitlab.com/hectorjsmith/fail2ban-prometheus-exporter
-v $PWD:/go/src/gitlab.com/hectorjsmith/fail2ban-prometheus-exporter \ \ -w /go/src/gitlab.com/hectorjsmith/fail2ban-prometheus-exporter \ -v /var/run/docker.sock:/var/run/docker.sock
-w /go/src/gitlab.com/hectorjsmith/fail2ban-prometheus-exporter \ \ -e DOCKER_USERNAME -e DOCKER_PASSWORD -e DOCKER_REGISTRY \ -e GITLAB_TOKEN
-v /var/run/docker.sock:/var/run/docker.sock \ \ goreleaser/goreleaser release --clean
-e DOCKER_USERNAME -e DOCKER_PASSWORD -e DOCKER_REGISTRY \
-e GITLAB_TOKEN \
goreleaser/goreleaser release --clean
tag images: tag images:
stage: release stage: release
image: docker:stable image: docker:stable
@ -63,8 +60,8 @@ tag images:
needs: needs:
- release - release
rules: rules:
- if: $CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+$/ - if: "$CI_COMMIT_TAG =~ /^v\\d+\\.\\d+\\.\\d+$/"
variables: variables:
IMAGE_NAME: registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter IMAGE_NAME: registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter
script: script:
- ./.gitlab-ci/tagLatestImage.sh - "./.gitlab-ci/tagLatestImage.sh"