Merge branch 'add/sast' into 'main'

Add GitLab's SAST pipeline See merge request !15

Merge branch 'add/sast' into 'main'
2f9b86b5 · Erick Hitter · a941b3c2 · 24dee2d3 · 2f9b86b5 · a941b3c2
Commit 2f9b86b5 authored 2 years ago by Erick Hitter
--- a/README.md
+++ b/README.md
@@ -5,4 +5,3 @@ Shared `.gitlab-ci.yml` components for WordPress.
 ## Features

 * `plugins`: PHPUnit, PHPCS, and deploys to WordPress.org.
-* `pantheon`: deploy a site to Pantheon via their git integration.
--- a/pantheon/default.yml
+++ b/pantheon/default.yml
-stages:
-  - test
-  - build
-
-variables:
-  GIT_SUBMODULE_STRATEGY: recursive
-
-test-deps:
-  stage: test
-  image: containers.ethitter.com:443/docker/images/php:7.3
-  before_script:
-    - git config --global user.email "$GIT_USER_EMAIL"
-    - git config --global user.name "$GIT_USER_NAME"
-    # TODO: add build steps here once things are converted to submodules.
-    # TODO: add Terminus to handle pushes and cache clearing.
-  script:
-    - cd ${CI_PROJECT_DIR}
-    - ls -la
-    - rm -rf ${CI_PROJECT_DIR}/.git/
-    - rm -rf ${CI_PROJECT_DIR}/.gitignore
-    - rm -rf ${CI_PROJECT_DIR}/.gitmodules
-    - rm -rf ${CI_PROJECT_DIR}/.gitlab-ci.yml
-    - rm -rf ${CI_PROJECT_DIR}/README.md
-    - rm -rf ${CI_PROJECT_DIR}/readme.txt
-    - ls -la
-
-    - git init
-    - git status -s
-    - git add -A
-    - git status -s
-    - git commit -m "Build from $CI_COMMIT_SHORT_SHA"
-    - git diff --exit-code
-    - git status -s
-    - git log -n 1
-
-git-push:
-  stage: build
-  image: containers.ethitter.com:443/docker/images/php:7.3
-  only:
-    - main
-  allow_failure: false
-  before_script:
-    - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
-    - eval $(ssh-agent -s)
-    - ssh-add <(echo "$GIT_SSH_PRIV_KEY")
-
-    - git config --global user.email "$GIT_USER_EMAIL"
-    - git config --global user.name "$GIT_USER_NAME"
-
-    - mkdir -p ~/.ssh
-    - echo "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
-    - ssh-keygen -R "$PANTHEON_GIT_HOST"
-    - ssh-keyscan -t rsa -p "$PANTHEON_GIT_HOST_PORT" "$PANTHEON_GIT_HOST" >> ~/.ssh/known_hosts
-    # TODO: add build steps here once things are converted to submodules.
-    # TODO: add Terminus to handle pushes and cache clearing.
-  script:
-    - cd ${CI_PROJECT_DIR}
-    - ls -la
-    - rm -rf ${CI_PROJECT_DIR}/.git/
-    - rm -rf ${CI_PROJECT_DIR}/.gitignore
-    - rm -rf ${CI_PROJECT_DIR}/.gitmodules
-    - rm -rf ${CI_PROJECT_DIR}/.gitlab-ci.yml
-    - rm -rf ${CI_PROJECT_DIR}/README.md
-    - rm -rf ${CI_PROJECT_DIR}/readme.txt
-    - ls -la
-
-    - git init
-    - git checkout -b "$PANTHEON_GIT_BRANCH"
-    - git remote add pantheon "$PANTHEON_GIT_REMOTE"
-    - git status -s
-    - git add -A
-    - git status -s
-    - git commit -m "Build from $CI_COMMIT_SHORT_SHA"
-    - git diff --exit-code
-    - git status -s
-    - git log -n 1
-    - git push --force pantheon "$PANTHEON_GIT_BRANCH"
--- a/plugins/default.yml
+++ b/plugins/default.yml
@@ -3,3 +3,4 @@ include:
  - remote: https://git-cdn.e15r.co/gitlab/ci/wordpress/-/raw/main/plugins/templates/cache.yml
  - remote: https://git-cdn.e15r.co/gitlab/ci/wordpress/-/raw/main/plugins/templates/before-script.yml
  - remote: https://git-cdn.e15r.co/gitlab/ci/wordpress/-/raw/main/plugins/templates/matrix.yml
+  - template: Security/SAST.gitlab-ci.yml