include: - template: Code-Quality.gitlab-ci.yml - template: Security/SAST.gitlab-ci.yml - template: Security/Dependency-Scanning.gitlab-ci.yml - template: Security/Secret-Detection.gitlab-ci.yml variables: DOCKER_VERSION: "20.10.3" workflow: rules: &workflow_rules # For merge requests, create a pipeline. - if: '$CI_MERGE_REQUEST_IID' # For `main` branch, create a pipeline (this includes on schedules, pushes, merges, etc.). - if: '$CI_COMMIT_BRANCH == "main"' # For tags, create a pipeline. - if: '$CI_COMMIT_TAG' default: image: golang:1.14 tags: - gitlab-org .use-docker-in-docker: image: docker:${DOCKER_VERSION} services: - docker:${DOCKER_VERSION}-dind tags: # See https://gitlab.com/gitlab-com/www-gitlab-com/-/issues/7019 for tag descriptions - gitlab-org-docker .test: variables: GITALY_CONNECTION_INFO: '{"address":"tcp://gitaly:8075", "storage":"default"}' before_script: # Set up the environment to run integration tests (still written in Ruby) - apt-get update -qq && apt-get install -y ruby ruby-dev - ruby -v - export PATH=~/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/go/bin - gem install --force --bindir /usr/local/bin bundler -v 2.1.4 - bundle install # Now set up to run the Golang tests - make build - cp config.yml.example config.yml - go version - which go services: - name: registry.gitlab.com/gitlab-org/build/cng/gitaly:latest # Disable the hooks so we don't have to stub the GitLab API command: ["bash", "-c", "mkdir -p /home/git/repositories && rm -rf /srv/gitlab-shell/hooks/* && exec /usr/bin/env GITALY_TESTING_NO_GIT_HOOKS=1 /scripts/process-wrapper"] alias: gitaly script: - make verify test go:1.16: extends: .test image: golang:1.16 after_script: - make coverage coverage: '/\d+.\d+%/' go:1.17: extends: .test image: golang:1.17 after_script: - make coverage coverage: '/\d+.\d+%/' race: extends: .test image: golang:1.17 script: - make test_golang_race code_quality: extends: .use-docker-in-docker rules: *workflow_rules code_navigation: image: sourcegraph/lsif-go:v1.3.1 allow_failure: true script: - lsif-go artifacts: reports: lsif: dump.lsif # SAST gosec-sast: rules: *workflow_rules # Dependency Scanning gemnasium-dependency_scanning: rules: *workflow_rules bundler-audit-dependency_scanning: rules: *workflow_rules # Secret Detection secret_detection: rules: *workflow_rules