Merge branch 'ci-enable-security-jobs' into 'master'

Enable security-related jobs in CI See merge request gitlab-org/gitlab-exporter!122

Merge branch 'ci-enable-security-jobs' into 'master'
Enable security-related jobs in CI See merge request gitlab-org/gitlab-exporter!122
d8966ff5 · Ahmad Sherif · c0e2f044 · e43cf30e · d8966ff5
Commit d8966ff5 authored Nov 18, 2020 by Ahmad Sherif
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 11 deletions

.gitlab-ci.yml .gitlab-ci.yml +23 -11

No files found.
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+include:
+  - template: Security/DAST.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml
+  - template: Security/Container-Scanning.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml
+  - template: Security/Dependency-Scanning.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
+  - template: Security/License-Scanning.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml
+  - template: Security/SAST.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
+  - template: Security/Secret-Detection.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab-foss/-/blob/master/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml
+
 default:
  image: "ruby:2.3"
-  before_script:
-    - git config --global user.email "bot@gitlab.com"
-    - git config --global user.name "Bot User"
-    - bundle install -j $(nproc) --path vendor
  cache:
    paths:
      - vendor
  tags:
    - gitlab-org

+.before_scripts: &before_scripts
+  - git config --global user.email "bot@gitlab.com"
+  - git config --global user.name "Bot User"
+  - bundle install -j $(nproc) --path vendor
+
 workflow:
-  rules:
+  rules: &workflow_rules
    # For merge requests, create a pipeline.
    - if: '$CI_MERGE_REQUEST_IID'
    # For `master` branch, create a pipeline (this includes on schedules, pushes, merges, etc.).
@@ -22,15 +31,18 @@ workflow:
 rspec:
  script:
    - bundle exec rspec spec -f d -c
+  before_script: *before_scripts

 rubocop:
  script:
    - bundle exec rubocop
+  before_script: *before_scripts

-include:
-  - template: Security/DAST.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml
-  - template: Security/Container-Scanning.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml
-  - template: Security/Dependency-Scanning.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
-  - template: Security/License-Scanning.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml
-  - template: Security/SAST.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
+license_scanning:
+  rules: *workflow_rules
+
+gemnasium-dependency_scanning:
+  rules: *workflow_rules

+secret_detection:
+  rules: *workflow_rules