-
Notifications
You must be signed in to change notification settings - Fork 13
/
.gitlab-ci.yml
121 lines (103 loc) · 3.12 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
###
image: docker:dind
variables:
GIT_REPO_PATH: src/github.com/Axway # overridden from variables.yml
GIT_REPO_NAME: agent-sdk
# for agent trigger jobs
AWS_DISCOVERY_PROJECT_ID: 7397
V7_DISCOVERY_PROJECT_ID: 7540
AZURE_DISCOVERY_PROJECT_ID: 8585
# Fortify
FORTIFY_PROJECT: "10566"
FORTIFY_BUILD_ID: "apic_agents_sdk"
FORTIFY_INCLUDE: "**/*.go"
FORTIFY_EXCLUDE: "**/*_test.go"
# Blackduck
BLACKDUCK_PROJECT_NAME: "Amplify - APIC Agent SDK"
# SRM
SRM_PROJECT_NAME: "$BLACKDUCK_PROJECT_NAME"
SRM_PROJECT_ID: "225"
# just to be sure we don't do vendoring
GOFLAGS: "-mod=mod"
############################################################
# Section for external includes
############################################################
include:
- project: "apigov/gitlabci"
ref: master
file: "/.gitlab-ci-sonar.yml"
- project: "apigov/beano_cicd"
ref: $BEANO_CICD_LATEST
# the order of these include files is important
file:
- "/gitlabci/variables.yml"
- "/gitlabci/restrictions.yml"
- "/gitlabci/jobs.yml"
- project: "scurity/gitlabci"
ref: $SCURITY_LATEST
file:
- "/.gitlab-ci-fortify.yml"
- "/.gitlab-ci-twistlock.yml"
- "/.gitlab-ci-iriusrisk.yml"
- "/.gitlab-ci-blackduck.yml"
- "/.gitlab-ci-csr.yml"
- project: "apigov/beano_cicd"
ref: $BEANO_CICD_LATEST
# this one MUST be after the scurity jobs in order for overrides to work correctly!
file:
- "/gitlabci/csrjobs.yml"
- "/gitlabci/csrjobsformirror.yml"
stages:
- test
- qa-test
- sonar-preview
- sonar-publish
- security-scans
- security-review
- update-dep
############################################################
# Section for triggering agent updates
############################################################
.trigger-downstream-agent:
stage: update-dep
when: manual
script:
- apk update && apk add curl ca-certificates
- echo "triggering downstream agent with SDK_SHA = ${CI_COMMIT_SHA}"
- curl --request POST --form "token=${CI_JOB_TOKEN}" --form "variables[SDK_SHA]=${CI_COMMIT_SHA}" --form ref=master ${CURL_URL_FOR_TRIGGER}/${PROJECT_ID}/trigger/pipeline
extends: .only-default-branch
except:
refs:
- schedules
trigger-aws-apigw-discovery-agent:
before_script:
- export PROJECT_ID=${AWS_DISCOVERY_PROJECT_ID}
extends: .trigger-downstream-agent
trigger-v7-discovery-agent:
before_script:
- export PROJECT_ID=${V7_DISCOVERY_PROJECT_ID}
extends: .trigger-downstream-agent
trigger-azure-discovery-agent:
before_script:
- export PROJECT_ID=${AZURE_DISCOVERY_PROJECT_ID}
extends: .trigger-downstream-agent
twistlock-discovery:on-schedule:
rules:
- !reference [.only-never-rule, rules]
twistlock-traceability:on-schedule:
rules:
- !reference [.only-never-rule, rules]
upload-files-to-srm:
rules:
- !reference [.only-never-rule, rules]
upload-files-to-srm:on-schedule:
rules:
- !reference [.only-never-rule, rules]
# For these 2, override the 'needs' from base
run-csr:
needs:
- fetch-fortify
update-csr:
needs:
- fetch-fortify:on-schedule
- fetch-third-party:on-schedule