blob: 4686f333a5959308b85d63c0e73bb5579e1cd65a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
image: node:16.13.1
cache:
paths:
- ".yarn/cache"
stages:
- code-quality
- test
- build
- scan
default:
before_script:
- yarn install --immutable
Run linter:
stage: code-quality
script:
- yarn types
- yarn lint:ci
artifacts:
reports:
codequality: gl-codequality.json
Run static analyzer:
stage: code-quality
script:
- yarn types
- yarn typecheck:ci
Run tests:
stage: test
script:
- yarn test
# TODO: GitlabCI free runners are only for linux - need to investigate for macos and windows artifacts
Build:
stage: build
script:
- yarn compile
# TODO: Need to publish the built distributable file
artifacts:
paths:
- dist/
exclude:
- dist/builder-debug.yml
- dist/builder-effective-config.yaml
sast:
variables:
SAST_EXCLUDED_PATHS: spec, test, tests, tmp, .yarn, node_modules
SECURE_LOG_LEVEL: error
stage: scan
include:
- template: Security/SAST.gitlab-ci.yml
variables:
SAST_EXCLUDED_ANALYZERS: "semgrep" # Disabling semgrep since the scan times out in GitlabCI agents
|