forked from rlarkin01/gl-test-java-gradle-master
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
92 lines (78 loc) · 2.15 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
image: docker-ro.laputa.veracode.io/agora/buildbox:latest
# include:
# - https://gitlab.laputa.veracode.io/sms/laputa-utils/raw/master/tag-master.yml
variables:
GRADLE_OPTS: '-Dorg.gradle.daemon=false'
stages:
- test
- build
- lint
- greenlight
- build_package
- static scan
- deploy_test
before_script:
- chmod +x gradlew
- curl https://gitlab.laputa.veracode.io/sms/laputa-utils/raw/18.8.3/configure-aws.sh | sh
unit test:
stage: test
script: ./gradlew test
build:
stage: build
artifacts:
name: build-output
paths:
- build
expire_in: 2 months
script: ./gradlew clean build
code quality:
stage: lint
script: echo "running lint"
# do a greenlight scan using the latest released ZIP
greenlight scan:
stage: greenlight
dependencies:
- build
artifacts:
name: greenlight-results
paths:
- results.json
expire_in: 2 months
when: always
script:
- curl -O https://downloads.veracode.com/securityscan/gl-scanner-java-LATEST.zip
- unzip gl-scanner-java-LATEST.zip gl-scanner-java.jar
- java -jar gl-scanner-java.jar
--api_id "${VERACODE_API_ID}"
--api_secret_key "${VERACODE_API_SECRET}"
--project_name "${CI_PROJECT_NAME}"
--project_url "${CI_PROJECT_URL}"
--project_ref "${CI_COMMIT_REF_NAME}"
package jar:
stage: build_package
artifacts:
name: ${CI_PROJECT_NAME}_${CI_COMMIT_REF_NAME}_${CI_COMMIT_SHA}_build
paths:
- build/
expire_in: 1 week
script: ./gradlew clean jar plainJar
only:
- tags
static scan:
stage: static scan
dependencies:
- package jar
script:
- curl -O https://tools.veracode.com/integrations/API-Wrappers/Java/bin/VeracodeJavaAPI.zip
- unzip VeracodeJavaAPI.zip VeracodeJavaAPI.jar
- java -jar VeracodeJavaAPI.jar -vid ${VERACODE_API_ID} -vkey ${VERACODE_API_SECRET}
-action UploadAndScan -appname ${CI_PROJECT_NAME} -createprofile true -autoscan true
-filepath build/libs/gl-scanner-java.jar -version ${CI_COMMIT_TAG}
only:
- tags
allow_failure: true
Deploy and Test on Tag:
stage: deploy_test
only:
- tags
script: echo "Creating stage, deploying and test"