File: .gitlab-ci.yml

package info (click to toggle)
ruby-declarative-policy 1.1.0-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, forky, sid, trixie
  • size: 264 kB
  • sloc: ruby: 1,020; makefile: 4
file content (91 lines) | stat: -rw-r--r-- 2,297 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
 
image: "ruby:2.7"

include:
  - template: 'Workflows/MergeRequest-Pipelines.gitlab-ci.yml'
  - template: Security/Dependency-Scanning.gitlab-ci.yml
  - template: Security/License-Scanning.gitlab-ci.yml
  - template: Security/SAST.gitlab-ci.yml
  - template: Security/Secret-Detection.gitlab-ci.yml

.tests:
  stage: test
  cache:
    paths:
      - vendor/ruby
  before_script:
    - ruby -v  # Print out ruby version for debugging
    - bundle install -j $(nproc) --path vendor/ruby/$RUBY_VERSION

rubocop:
  extends: .tests
  script:
    - bundle exec rubocop

.rspec:
  extends: .tests
  script:
    - bundle exec rspec

rspec:mri:
  extends: .rspec
  image: "ruby:$RUBY_VERSION"
  parallel:
    matrix:
      - RUBY_VERSION:
        - "2.7"
        - "3.0"

rspec:jruby:
  extends: .rspec
  image: "bitnami/jruby:latest"
  variables:
    RUBY_VERSION: jruby

rspec:truffleruby:
  extends: .rspec
  image: "flavorjones/truffleruby:latest"
  variables:
    RUBY_VERSION: truffleruby

danger-review:
  extends: .tests
  needs: []
  script:
    - >
      if [ -z "$DANGER_GITLAB_API_TOKEN" ]; then
        # Force danger to skip CI source GitLab and fallback to "local only git repo".
        unset GITLAB_CI
        # We need to base SHA to help danger determine the base commit for this shallow clone.
        bundle exec danger dry_run --fail-on-errors=true --verbose --base="$CI_MERGE_REQUEST_DIFF_BASE_SHA"
      else
        bundle exec danger --fail-on-errors=true --verbose
      fi

# run security jobs on MRs
# see: https://gitlab.com/gitlab-org/gitlab/-/issues/218444#note_478761991

brakeman-sast:
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'

gemnasium-dependency_scanning:
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'

bundler-audit-dependency_scanning:
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'

license_scanning:
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'

secret_detection:
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'