-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
149 lines (125 loc) · 6.15 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
stages:
- chores
- validation
- build
- prepare
- test
- release
- sync
- deploy
- publish
include:
- local: $JOB_ROOT_DIR/lint/yaml.gitlab-ci.yaml
- local: $JOB_ROOT_DIR/template/automagic.gitlab-ci.yaml
- local: $JOB_ROOT_DIR/conventional_commits/.gitlab-ci.yml
- local: $JOB_ROOT_DIR/git_push_mirror/.gitlab-ci.yml
- local: $JOB_ROOT_DIR/gitlab_release/.gitlab-ci.yml
- local: $JOB_ROOT_DIR/lint/markdown.gitlab-ci.yaml
- local: $JOB_ROOT_DIR/python/.gitlab-ci.yml
# - local: $JOB_ROOT_DIR/test/.gitlab-ci.yml
- local: $JOB_ROOT_DIR/ansible/collection/ci-test.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
#- template: Security/License-Scanning.gitlab-ci.yml
variables:
JOB_ROOT_DIR: '.'
SECURE_LOG_LEVEL: debug
GIT_SUBMODULE_STRATEGY: normal
GIT_SYNC_URL: "https://$GITHUB_USERNAME_ROBOT:[email protected]/NoFussComputing/gitlab-ci.git"
MY_PROJECT_ID: "28543717"
LICENSE_FINDER_CLI_OPTS: '--recursive'
MDLINT_PATHS: "**/*.md **/**/*.md **/**/**/*.md **/**/**/**/*.md **/**/**/**/**/**/*.md #**CHANGELOG.md #CHANGELOG.md #website-template/** #.gitlab/**"
PAGES_ENVIRONMENT_PATH: projects/gitlab-ci/
# Scanner doesn't Pickup multiple pip files. Disable and specify jobs with pip file.
gemnasium-python-dependency_scanning:
rules:
- when: never
# source: https://gitlab.com/gitlab-org/gitlab/-/blob/2f33a8cb4dcea7b875e360d4cd9e016e027d2973/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
.gemnasium-python-dependency_scanning:
extends: .ds-analyzer
image:
name: "$DS_ANALYZER_IMAGE"
variables:
# Python 3.7 not available
# DS_PYTHON_VERSION: "3.7"
# DS_ANALYZER_IMAGE is an undocumented variable used internally to allow QA to
# override the analyzer image with a custom value. This may be subject to change or
# breakage across GitLab releases.
DS_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/gemnasium-python:$DS_MAJOR_VERSION"
# Stop reporting Pipenv and Setuptools as "pip".
# See https://gitlab.com/gitlab-org/gitlab/-/issues/338252
DS_REPORT_PACKAGE_MANAGER_PIP_WHEN_PYTHON: "false"
# Can't find pillow 9.0, check python version. 3.6 only available, 3.7 not.
before_script:
- python --version
# Bug reported at gitlab-org/gitlab#350949.
# workaround, delete all other pip files except the one to be scanned
# Delete all existing pipfiles except the one to be scanned.
- for found_file in $(find . -type f -name 'requirements.txt'); do if [ $found_file != "./$PIP_REQUIREMENTS_FILE" ]; then echo "[DEBUG] Removing '$found_file' due to bug reported at gitlab-org/gitlab#350949"; rm -f $found_file; fi done;
rules:
- if: $DEPENDENCY_SCANNING_DISABLED
when: never
# Support passing of $PIP_REQUIREMENTS_FILE
# See https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#configuring-specific-analyzers-used-by-dependency-scanning
- if: $CI_COMMIT_BRANCH &&
$GITLAB_FEATURES =~ /\bdependency_scanning\b/ &&
$DS_DEFAULT_ANALYZERS =~ /gemnasium-python/ &&
$PIP_REQUIREMENTS_FILE &&
( $CI_PIPELINE_SOURCE == "push" || $CI_PIPELINE_SOURCE == "pipeline")
Ansible Dependencies:
extends: .gemnasium-python-dependency_scanning
variables:
PIP_REQUIREMENTS_FILE: ansible/requirements.txt
conventional_commits Dependencies:
extends: .gemnasium-python-dependency_scanning
variables:
PIP_REQUIREMENTS_FILE: conventional_commits/requirements.txt
gitlab_release Dependencies:
extends: .gemnasium-python-dependency_scanning
variables:
PIP_REQUIREMENTS_FILE: gitlab_release/requirements.txt
mkdocs Dependencies:
extends: .gemnasium-python-dependency_scanning
variables:
PIP_REQUIREMENTS_FILE: mkdocs/requirements.txt
python Dependencies:
extends: .gemnasium-python-dependency_scanning
variables:
PIP_REQUIREMENTS_FILE: python/requirements.txt
yaml_lint Dependencies:
extends: .gemnasium-python-dependency_scanning
variables:
PIP_REQUIREMENTS_FILE: lint/requirements.txt
PyLint:
extends:
- .PyLint
image: python:3.6-slim
gilab-ci.yml Lint (python 3.11):
extends:
- .Gitlab_CI.Lint.YAML
image: python:3.11-slim
Update Sub Repo:
extends: .submodule_update_trigger
parallel:
matrix:
- SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/ops
- SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/infrastructure/configuration-management/itil_runbooks
- SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/infrastructure/website
- SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/ansible/ansible_playbooks
- SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/ansible/ansible-roles
- SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/ansible/ansible_docker_os
- SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/ansible/ansible_test
- SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/ansible/collections/ci-test
- SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/ansible/collections/firewall
- SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/ansible/collections/kubernetes
- SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/ansible/collections/phpipam_scan_agent
- SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/ansible/common
- SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/ansible/docker_management
- SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/ansible/execution_environment
- SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/ansible/git_configuration
- SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/ansible/homeassistant
- SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/ansible/nfc_glpi
- SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/docker-bind
- SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/docker-mail
- SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/docker-buildx-qemu
- SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/docker-glpi
- SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/kubernetes_monitoring