-
Notifications
You must be signed in to change notification settings - Fork 4
/
.gitlab-ci.yml
80 lines (75 loc) · 2.26 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
stages:
- test
- security
unit_test:
image: python:3.6.6
stage: test
only:
- branches
- tags
- merge_requests
variables:
PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
cache:
paths:
- .cache/pip
- venv/
before_script:
- apt update && apt install -y zip
script:
- pip install virtualenv
- virtualenv venv
- source venv/bin/activate
- pip install -r requirements.txt
- cd src
- python manage.py test
after_script:
- zip -r veracode.zip src/
artifacts:
paths:
- veracode.zip
srcclr_scan:
image: python:3.6.6
stage: security
only:
- branches
- tags
- merge_requests
script: curl -sSL https://download.sourceclear.com/ci.sh | bash
allow_failure: true
veracode_static_policy:
image: ctcampbellcom/veracode-tools:centos
stage: security
only:
refs:
- master
variables:
- $VERACODE
script:
- java -jar /veracode/veracode-wrapper.jar -vid $VERACODE_ID -vkey $VERACODE_KEY
-action UploadAndScan -appname "$CI_PROJECT_NAME" -createprofile false
-filepath veracode.zip -version "commit $CI_COMMIT_SHORT_SHA pipeline $CI_PIPELINE_ID job $CI_JOB_ID"
allow_failure: true
veracode_static_sandbox:
image: ctcampbellcom/veracode-tools:centos
stage: security
only:
variables:
- $VERACODE
except:
- master
script:
- java -jar /veracode/veracode-wrapper.jar -vid $VERACODE_ID -vkey $VERACODE_KEY
-action UploadAndScan -appname "$CI_PROJECT_NAME" -createprofile false
-sandboxname $CI_COMMIT_REF_NAME -createsandbox true
-filepath veracode.zip -version "commit $CI_COMMIT_SHORT_SHA pipeline $CI_PIPELINE_ID job $CI_JOB_ID"
allow_failure: true
check_veracode_policy_status:
image: ctcampbellcom/veracode-tools:centos
stage: security
only:
- merge_requests
script:
- java -jar /veracode/veracode-wrapper.jar -vid $VERACODE_ID -vkey $VERACODE_KEY
-action passfail -appname "$CI_PROJECT_NAME" -sandboxname $CI_COMMIT_REF_NAME | ack --passthru '"Pass"'
allow_failure: true