Set .gitlab-ci.yml to enable or configure SAST

2021-04-02 21:14:57 +00:00
parent 30d300c7fd
commit 11e271a368
1 changed files with 30 additions and 42 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,44 +1,29 @@
+# You can override the included template(s) by including variable overrides
+# See https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
+# Note that environment variables can be set in several places
+# See https://docs.gitlab.com/ee/ci/variables/#priority-of-environment-variables
 image: docker:18.09.7-dind
 services:
 - docker:18.09.7-dind
 variables:
  DOCKER_DRIVER: overlay
  DOCKER_HOST: tcp://localhost:2375/
-  IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
+  IMAGE_TAG: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
  FF_GITLAB_REGISTRY_HELPER_IMAGE: 1
-
 stages:
 - build
 - push_local
 - push_dockerhub
-
+- test
 before_script:
 - docker version
 - docker info
 - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
-
 build:
  stage: build
-  #  image: docker:18.09.7-dind
-  #  services:
-          #    - docker:18.09.7-dind
-      #  variables:
-      #    DOCKER_DRIVER: overlay
-      #    DOCKER_HOST: tcp://localhost:2375/
-      #    IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
-      #    FF_GITLAB_REGISTRY_HELPER_IMAGE: 1
-      #  before_script:
-      #    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
  script:
  - docker build --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA ./Docker/
  - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
-      #- docker login registry.evanrichardsonphotography.com
-      #- docker build -t registry.evanrichardsonphotography.com/erichardson/py-eagle-mqtt ./Docker/
-      #- docker push registry.evanrichardsonphotography.com/erichardson/py-eagle-mqtt
-    #- ls 
-    #- docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" ./Docker/
-    #- docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
-
 push local:
  stage: push_local
  variables:
@@ -49,13 +34,12 @@ push local:
  - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
  - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:latest
  - docker push $CI_REGISTRY_IMAGE:latest
-
 push dockerhub:
  stage: push_dockerhub
  variables:
    GIT_STRATEGY: none
-    CI_DOCKERHUB_IMAGE: "index.docker.io/evanrich/py-eagle-mqtt"
-    CI_DOCKERHUB_REGISTRY: "docker.io"
+    CI_DOCKERHUB_IMAGE: index.docker.io/evanrich/py-eagle-mqtt
+    CI_DOCKERHUB_REGISTRY: docker.io
  only:
  - master
  script:
@@ -63,3 +47,7 @@ push dockerhub:
  - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_DOCKERHUB_IMAGE:latest
  - docker login -u "$CI_DOCKERHUB_USER" -p "$CI_DOCKERHUB_PASSWORD" $CI_DOCKERHUB_REGISTRY
  - docker push $CI_DOCKERHUB_IMAGE:latest
+sast:
+  stage: test
+include:
+- template: Security/SAST.gitlab-ci.yml