# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
stages:
- build
- test
sast:
stage: test
include:
- template: Security/SAST.gitlab-ci.yml
#- template: Code-Quality.gitlab-ci.yml
image: ubuntu:jammy
code_quality:
stage: test
image: docker:20.10.12
allow_failure: true
services:
- name: 'docker:20.10.12-dind'
tags:
- docker
only:
- main
- merge_requests
variables:
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
CODE_QUALITY_IMAGE: "registry.gitlab.com/gitlab-org/ci-cd/codequality:0.85.26"
needs: []
script:
- export SOURCE_CODE=$PWD
- | # this is required to avoid undesirable reset of Docker image ENV variables being set on build stage
function propagate_env_vars() {
CURRENT_ENV=$(printenv)
for VAR_NAME; do
echo $CURRENT_ENV | grep "${VAR_NAME}=" > /dev/null && echo "--env $VAR_NAME "
done
}
- docker pull --quiet "$CODE_QUALITY_IMAGE"
- |
docker run --rm \
$(propagate_env_vars \
SOURCE_CODE \
TIMEOUT_SECONDS \
CODECLIMATE_DEBUG \
CODECLIMATE_DEV \
REPORT_STDOUT \
REPORT_FORMAT \
ENGINE_MEMORY_LIMIT_BYTES \
CODECLIMATE_PREFIX \
) \
--volume "$PWD":/code \
--volume /var/run/docker.sock:/var/run/docker.sock \
"$CODE_QUALITY_IMAGE" /code
artifacts:
reports:
codequality: gl-code-quality-report.json
expire_in: 1 week
dependencies: []
rules:
- if: '$CODE_QUALITY_DISABLED'
when: never
- if: '$CI_COMMIT_TAG || $CI_COMMIT_BRANCH'
linux:build:
only:
- main
- merge_requests
stage: build
tags:
- docker
script:
- DEBIAN_FRONTEND=noninteractive apt update && apt install -y build-essential uuid-dev git libmsgpack-dev liburiparser-dev libgnutls28-dev cmake ninja-build cppcheck
- mkdir build && cd build
- cmake $CI_PROJECT_DIR -GNinja -DCMAKE_CXX_FLAGS="-fdiagnostics-color" -DUSE_CPPCHECK=TRUE -DCMAKE_BUILD_TYPE=Release -DCPACK_GENERATOR=DEB
- ninja
#cache:
# paths:
# - build/
artifacts:
name: ${CI_PROJECT_NAME}-${CI_COMMIT_SHORT_SHA}
paths:
- build/
expire_in: 1 hour
linux:test:
only:
- main
- merge_requests
stage: test
tags:
- docker
needs: ["linux:build"]
script:
- DEBIAN_FRONTEND=noninteractive apt update && apt install -y libmsgpackc2 liburiparser1 cmake
- cd build
- ctest -V --output-junit report.xml
artifacts:
when: always
reports:
junit: build/report.xml
### Windows
#windows:build:
# only:
# - main
# - merge_requests
# stage: build
# tags:
# - windows
# cache: # use artifacts instead if multiple runners available
# key: $CI_COMMIT_SHORT_SHA
# paths:
# - build/
# script:
# - Import-Module "C:/Program Files (x86)/Microsoft Visual Studio/2019/Community/Common7/Tools/Microsoft.VisualStudio.DevShell.dll"
# - Enter-VsDevShell -VsInstallPath "C:/Program Files (x86)/Microsoft Visual Studio/2019/Community/"
# - cd $CI_PROJECT_DIR
# - if (Test-Path build) { Remove-Item build/ -Recurse }
# - mkdir build
# - cd build
# - cmake -DCMAKE_GENERATOR_PLATFORM=x64 -DWITH_GNUTLS=TRUE -DGNUTLS_INCLUDE_DIR="C:/Build/bin/gnutls/lib/includes/" -DGNUTLS_LIBRARY="C:/Build/bin/gnutls/lib/libgnutls.dll.a" ..
# - '& MSBuild.exe beyond-ftl.sln -property:Configuration=Release -nr:false -maxCpuCount'
#windows:test:
# only:
# - master
# - merge_requests
# stage: test
# tags:
# - windows
# needs: ["windows:build"]
# cache: # use artifacts instead if multiple runners available
# key: $CI_COMMIT_SHORT_SHA
# paths:
# - build/
# script:
# - $env:PATH+=";C:/Shared/Deploy"
# - cd build
# - ctest -V --output-on-failure --timeout 60