aboutsummaryrefslogtreecommitdiffstats
path: root/.gitlab-ci.yml
blob: 4686f333a5959308b85d63c0e73bb5579e1cd65a (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
image: node:16.13.1
cache:
  paths:
    - ".yarn/cache"
stages:
  - code-quality
  - test
  - build
  - scan

default:
  before_script:
    - yarn install --immutable

Run linter:
  stage: code-quality
  script:
    - yarn types
    - yarn lint:ci
  artifacts:
    reports:
      codequality: gl-codequality.json

Run static analyzer:
  stage: code-quality
  script:
    - yarn types
    - yarn typecheck:ci

Run tests:
  stage: test
  script:
    - yarn test

# TODO: GitlabCI free runners are only for linux - need to investigate for macos and windows artifacts
Build:
  stage: build
  script:
    - yarn compile
    # TODO: Need to publish the built distributable file
  artifacts:
    paths:
      - dist/
    exclude:
      - dist/builder-debug.yml
      - dist/builder-effective-config.yaml

sast:
  variables:
    SAST_EXCLUDED_PATHS: spec, test, tests, tmp, .yarn, node_modules
    SECURE_LOG_LEVEL: error
  stage: scan

include:
  - template: Security/SAST.gitlab-ci.yml
variables:
  SAST_EXCLUDED_ANALYZERS: "semgrep"  # Disabling semgrep since the scan times out in GitlabCI agents