From 4a2d1379084c7cdbb4a7f20b322d4499f91987a3 Mon Sep 17 00:00:00 2001 From: Jaime Martinez Date: Fri, 29 May 2020 17:02:44 +1000 Subject: [PATCH 1/4] Replace sast job with Security/SAST template Use correct stage --- .gitlab-ci.yml | 25 ++++++++----------------- 1 file changed, 8 insertions(+), 17 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d40609f9..190eccac 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,8 @@ image: golang:1.13 +include: + - template: Security/SAST.gitlab-ci.yml + variables: REPO_NAME: gitlab.com/gitlab-org/labkit @@ -52,24 +55,12 @@ test_1.14: # between go versions. Since these are simply linter warnings and not # compiler issues, we only need a single version -sast: + +secrets-sast: + stage: verify + +gosec-sast: stage: verify - image: docker:stable - variables: - DOCKER_DRIVER: overlay2 - allow_failure: true - services: - - docker:stable-dind - script: - - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/') - - docker run - --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}" - --volume "$PWD:/code" - --volume /var/run/docker.sock:/var/run/docker.sock - "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code - artifacts: - reports: - sast: gl-sast-report.json # Ensure that all the changes are backwards compatible with GitLab Workhorse backwards_compat_workhorse: -- GitLab From 861d6cba0169ceca64f97179c0de00056b742573 Mon Sep 17 00:00:00 2001 From: Jaime Martinez Date: Fri, 29 May 2020 17:10:40 +1000 Subject: [PATCH 2/4] Add test stage and move tests to it Remove note about SAST scanning --- .gitlab-ci.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 190eccac..dff13720 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -8,6 +8,7 @@ variables: stages: - build + - test - verify build_1.12: @@ -31,7 +32,7 @@ build_1.14: - ./compile.sh test_1.12: - stage: verify + stage: test image: golang:1.12 variables: GO111MODULE: "on" @@ -39,13 +40,13 @@ test_1.12: - ./test.sh test_1.13: - stage: verify + stage: test image: golang:1.13 script: - ./test.sh test_1.14: - stage: verify + stage: test image: golang:1.14 script: - ./test.sh @@ -55,7 +56,6 @@ test_1.14: # between go versions. Since these are simply linter warnings and not # compiler issues, we only need a single version - secrets-sast: stage: verify -- GitLab From e26a3bcbea932a40eff8ca471ad8e0e1b08878d8 Mon Sep 17 00:00:00 2001 From: Jaime Martinez Date: Wed, 24 Jun 2020 11:15:58 +1000 Subject: [PATCH 3/4] Add note about test stage Rever tests to use verify stage. --- .gitlab-ci.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index dff13720..f4a7fd5a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -8,7 +8,7 @@ variables: stages: - build - - test + - test # test is needed by the Security/SAST.gitlab-ci.yml but it's overridden in secrets-sast and gosec-sast - verify build_1.12: @@ -32,7 +32,7 @@ build_1.14: - ./compile.sh test_1.12: - stage: test + stage: verify image: golang:1.12 variables: GO111MODULE: "on" @@ -40,13 +40,13 @@ test_1.12: - ./test.sh test_1.13: - stage: test + stage: verify image: golang:1.13 script: - ./test.sh test_1.14: - stage: test + stage: verify image: golang:1.14 script: - ./test.sh -- GitLab From 70d1943a7298e76f0f83cec3eddeff6774bf3eb7 Mon Sep 17 00:00:00 2001 From: Jaime Martinez Date: Thu, 25 Jun 2020 11:12:05 +1000 Subject: [PATCH 4/4] Only override sast stage --- .gitlab-ci.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f4a7fd5a..7dd0f0c3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -8,7 +8,6 @@ variables: stages: - build - - test # test is needed by the Security/SAST.gitlab-ci.yml but it's overridden in secrets-sast and gosec-sast - verify build_1.12: @@ -56,10 +55,7 @@ test_1.14: # between go versions. Since these are simply linter warnings and not # compiler issues, we only need a single version -secrets-sast: - stage: verify - -gosec-sast: +sast: stage: verify # Ensure that all the changes are backwards compatible with GitLab Workhorse -- GitLab