-
Notifications
You must be signed in to change notification settings - Fork 2
/
.gitlab-ci.yml
99 lines (86 loc) · 2.51 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
image: docker:dind
variables:
PROJECT: "agents-apigee"
# Fortify
FORTIFY_PROJECT: "10716"
FORTIFY_BUILD_ID: "agents-apigee"
FORTIFY_INCLUDE: "**/*.go"
FORTIFY_EXCLUDE: "**/*_test.go"
# Blackduck
BLACKDUCK_PROJECT_NAME: "Amplify - APIC Apigee Agents"
# SRM
SRM_PROJECT_NAME: "${BLACKDUCK_PROJECT_NAME}"
SRM_PROJECT_ID: "228"
# these needed for go workspace
GOWORK: ${CI_PROJECT_DIR}/go.work
GOFLAGS: "-mod=readonly"
########################################
# set up custom names for the pipelines of releases and nightly schedules
########################################
PIPELINE_NAME: "$CI_COMMIT_MESSAGE"
workflow:
name: "$PIPELINE_NAME"
rules:
- if: $CI_PIPELINE_SOURCE == "schedule" && $COMPONENT_TESTS_ONLY == "y"
variables:
PIPELINE_NAME: "Scheduled nightly tests"
- if: $CI_PIPELINE_SOURCE == "schedule"
variables:
PIPELINE_NAME: "Scheduled nightly CSR"
- when: always
include:
- project: "apigov/gitlabci"
ref: master
file: "/.gitlab-ci-sonar.yml"
- project: "apigov/beano_cicd"
ref: $BEANO_CICD_LATEST
# the order of these include files is important
file:
- "/gitlabci/variables.yml"
- "/gitlabci/restrictions.yml"
- "/gitlabci/jobs.yml"
- project: "scurity/gitlabci"
ref: $SCURITY_LATEST
file:
- "/.gitlab-ci-fortify.yml"
- "/.gitlab-ci-twistlock.yml"
- "/.gitlab-ci-iriusrisk.yml"
- "/.gitlab-ci-blackduck.yml"
- "/.gitlab-ci-csr.yml"
- project: "apigov/beano_cicd"
ref: $BEANO_CICD_LATEST
# the order of these include files is important
file:
- "/gitlabci/csrjobs.yml"
- "/gitlabci/csrjobsformirror.yml"
stages:
- test
- qa-test
- sonar-preview
- sonar-publish
- security-scans
- security-review
twistlock-discovery:
rules:
- !reference [.mirror-branch-csr-rules, rules]
before_script:
- apk --no-cache update && apk add make
- cd discovery && make docker-build
- export IMAGE_NAME=apigee-discovery-agent:latest
- cd ..
- echo "TL_DA=true" >> build.env
twistlock-traceability:
rules:
- !reference [.mirror-branch-csr-rules, rules]
before_script:
- apk --no-cache update && apk add make
- cd traceability && make docker-build
- export IMAGE_NAME=apigee-traceability-agent:latest
- cd ..
- echo "TL_TA=true" >> build.env
twistlock-discovery:on-schedule:
variables:
AGENT_NAME: "apigee_discovery_agent"
twistlock-traceability:on-schedule:
variables:
AGENT_NAME: "apigee_traceability_agent"