Add GitLab scanning, linting

0b5abde2 · Erick Hitter · 34facc21 · 0b5abde2 · 0b5abde2 · 0b5abde2
Commit 0b5abde2 authored 3 years ago by Erick Hitter
--- a/.ci-scripts/lint.sh
+++ b/.ci-scripts/lint.sh
+#!/bin/bash
+
+jq --null-input --arg yaml "$1" '.content=$yaml' \
+  | curl "https://git.ethitter.com/api/v4/ci/lint?include_merged_yaml=true" \
+    --silent \
+    --header 'Content-Type: application/json' \
+    --header "PRIVATE-TOKEN: $GITLAB_API_PAT" \
+    --data @- \
+    -o result.json
+
+echo "**********************************************************"
+echo "MERGED YAML:"
+jq --raw-output '.merged_yaml' < result.json
+
+echo "**********************************************************"
+echo "ERRORS:"
+jq '.errors' < result.json
+
+echo "**********************************************************"
+echo "WARNINGS:"
+jq '.warnings' < result.json
+
+echo "**********************************************************"
+echo "IS VALID:"
+jq '.valid' < result.json
+
+if [ "$(jq '.valid' < result.json)" = "true" ]; then
+  exit 0
+else
+  exit 1
+fi
--- a/.gitignore
+++ b/.gitignore
 .idea
 *.iml
+
+result.json
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+before_script:
+  - |
+    apt-get update
+    apt-get -y --no-install-recommends install jq
+    apt-get clean
+    rm -rf /var/lib/apt/lists/*
+
+lint:
+  stage: test
+  image: containers.ethitter.com:443/docker/images/debian:bullseye
+  script:
+    - sh ./.ci-scripts/lint.sh "$(<./plugins/default.yml)"
--- a/files/default.yml
+++ b/files/default.yml
 include:
+  - remote: https://git-cdn.e15r.co/gitlab/ci/golang/-/raw/main/files/templates/stages.yml
  - remote: https://git-cdn.e15r.co/gitlab/ci/golang/-/raw/main/files/templates/image.yml
  - remote: https://git-cdn.e15r.co/gitlab/ci/golang/-/raw/main/files/templates/variables.yml
  - remote: https://git-cdn.e15r.co/gitlab/ci/golang/-/raw/main/files/templates/cache.yml
  - remote: https://git-cdn.e15r.co/gitlab/ci/golang/-/raw/main/files/templates/stages.yml
  - remote: https://git-cdn.e15r.co/gitlab/ci/golang/-/raw/main/files/templates/before-script.yml
  - remote: https://git-cdn.e15r.co/gitlab/ci/golang/-/raw/main/files/templates/matrix.yml
+  - remote: https://git-cdn.e15r.co/gitlab/ci/golang/-/raw/main/files/templates/gitlab-tools.yml
--- a/files/templates/gitlab-tools.yml
+++ b/files/templates/gitlab-tools.yml
+include:
+  - template: Security/Dependency-Scanning.gitlab-ci.yml
+  - template: Security/License-Scanning.gitlab-ci.yml
+  - template: Security/SAST.gitlab-ci.yml
+  - template: Security/Secret-Detection.gitlab-ci.yml
+
+dependency_scanning:
+  before_script: echo ""
+  stage: security
+
+license_scanning:
+  before_script: echo ""
+  stage: security
+
+sast:
+  before_script: echo ""
+  stage: security
+
+secret_detection:
+  before_script: echo ""
+  stage: security
--- a/files/templates/stages.yml
+++ b/files/templates/stages.yml
 stages:
-  - test
+  - .pre
  - build
+  - test
+  - security
+  - deploy
+  - .post