-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
70 lines (60 loc) · 1.43 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# SPDX-License-Identifier: GPL-3.0-or-later
# Copyright (c) 2022 Association Prologin <[email protected]>
# Copyright (c) 2022 Marc 'risson' Schmitt <[email protected]>
---
stages:
- build
- qa
- security
- deploy
default:
image: python:3.10-slim
include:
- template: SAST.gitlab-ci.yml
- template: Code-Quality.gitlab-ci.yml
- template: Security/License-Scanning.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
build:
stage: build
artifacts:
paths:
- dist/*
- requirements.txt
before_script:
- pip install poetry
script:
- poetry build -n -v
after_script:
# Needed for the license scanning job
- poetry export --format requirements.txt > requirements.txt
code_quality:
stage: qa
needs: []
dependency_scanning:
stage: security
needs: []
license_scanning:
stage: security
needs: []
dependencies:
- build
sast:
stage: security
needs: []
secret_detection:
stage: security
needs: []
deploy:
stage: deploy
variables:
POETRY_HTTP_BASIC_GITLAB_USERNAME: "gitlab-ci-token"
POETRY_HTTP_BASIC_GITLAB_PASSWORD: "${CI_JOB_TOKEN}"
before_script:
- pip install poetry
- poetry config repositories.gitlab "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/pypi"
script:
- rm -f dist/*.whl
- poetry publish -n -v -r gitlab
rules:
- if: $CI_COMMIT_TAG