# You can override the included template(s) by including variable overrides # SAST customization: https://docs.gitlab.com/user/application_security/sast/#available-cicd-variables # Secret Detection customization: https://docs.gitlab.com/user/application_security/secret_detection/pipeline/configure/ # Dependency Scanning customization: https://docs.gitlab.com/user/application_security/dependency_scanning/#customizing-analyzer-behavior # Container Scanning customization: https://docs.gitlab.com/user/application_security/container_scanning/#customizing-analyzer-behavior # Note that environment variables can be set in several places # See https://docs.gitlab.com/ci/variables/#cicd-variable-precedence default: image: python:3.12-slim cache: key: files: - pyproject.toml paths: - .cache/pip - .venv/ stages: - install - check - test - secret-detection sast: stage: test include: - template: Security/SAST.gitlab-ci.yml - template: Security/Secret-Detection.gitlab-ci.yml variables: SECRET_DETECTION_ENABLED: "true" PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip" POETRY_VERSION: "1.8.3" POETRY_VIRTUALENVS_IN_PROJECT: "true" secret_detection: stage: secret-detection install: stage: install script: - apt-get update -qq && apt-get install -y -qq build-essential libcap-dev - pip install poetry==$POETRY_VERSION - poetry install --no-interaction artifacts: paths: - .venv/ expire_in: 1 hour black: stage: check needs: [install] script: - pip install poetry==$POETRY_VERSION - poetry run black --check src/ tests/ ruff: stage: check needs: [install] script: - pip install poetry==$POETRY_VERSION - poetry run ruff check src/ tests/ mypy: stage: check needs: [install] script: - pip install poetry==$POETRY_VERSION - poetry run mypy src/ pytest: stage: test needs: [install] script: - pip install poetry==$POETRY_VERSION - poetry run pytest coverage: '/TOTAL.*\s+(\d+%)$/' artifacts: reports: coverage_report: coverage_format: cobertura path: coverage.xml when: always expire_in: 7 days