87 lines
2.1 KiB
YAML
87 lines
2.1 KiB
YAML
# You can override the included template(s) by including variable overrides
|
|
# SAST customization: https://docs.gitlab.com/user/application_security/sast/#available-cicd-variables
|
|
# Secret Detection customization: https://docs.gitlab.com/user/application_security/secret_detection/pipeline/configure/
|
|
# Dependency Scanning customization: https://docs.gitlab.com/user/application_security/dependency_scanning/#customizing-analyzer-behavior
|
|
# Container Scanning customization: https://docs.gitlab.com/user/application_security/container_scanning/#customizing-analyzer-behavior
|
|
# Note that environment variables can be set in several places
|
|
# See https://docs.gitlab.com/ci/variables/#cicd-variable-precedence
|
|
default:
|
|
image: python:3.12-slim
|
|
|
|
cache:
|
|
key:
|
|
files:
|
|
- pyproject.toml
|
|
paths:
|
|
- .cache/pip
|
|
- .venv/
|
|
|
|
stages:
|
|
- install
|
|
- check
|
|
- test
|
|
- secret-detection
|
|
|
|
sast:
|
|
stage: test
|
|
|
|
include:
|
|
- template: Security/SAST.gitlab-ci.yml
|
|
- template: Security/Secret-Detection.gitlab-ci.yml
|
|
|
|
variables:
|
|
SECRET_DETECTION_ENABLED: "true"
|
|
PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
|
|
POETRY_VERSION: "1.8.3"
|
|
POETRY_VIRTUALENVS_IN_PROJECT: "true"
|
|
|
|
secret_detection:
|
|
stage: secret-detection
|
|
|
|
install:
|
|
stage: install
|
|
script:
|
|
- apt-get update -qq && apt-get install -y -qq build-essential libcap-dev
|
|
- pip install poetry==$POETRY_VERSION
|
|
- poetry install --no-interaction
|
|
artifacts:
|
|
paths:
|
|
- .venv/
|
|
expire_in: 1 hour
|
|
|
|
black:
|
|
stage: check
|
|
needs: [install]
|
|
script:
|
|
- pip install poetry==$POETRY_VERSION
|
|
- poetry run black --check src/ tests/
|
|
|
|
ruff:
|
|
stage: check
|
|
needs: [install]
|
|
script:
|
|
- pip install poetry==$POETRY_VERSION
|
|
- poetry run ruff check src/ tests/
|
|
|
|
mypy:
|
|
stage: check
|
|
needs: [install]
|
|
script:
|
|
- pip install poetry==$POETRY_VERSION
|
|
- poetry run mypy src/
|
|
|
|
pytest:
|
|
stage: test
|
|
needs: [install]
|
|
script:
|
|
- pip install poetry==$POETRY_VERSION
|
|
- poetry run pytest
|
|
coverage: '/TOTAL.*\s+(\d+%)$/'
|
|
artifacts:
|
|
reports:
|
|
coverage_report:
|
|
coverage_format: cobertura
|
|
path: coverage.xml
|
|
when: always
|
|
expire_in: 7 days
|