gitlab.com/gitlab-org/labkit@v1.21.0/.gitlab-ci.yml (about)

     1  default:
     2    image: golang:1.20
     3    tags:
     4      - gitlab-org
     5  
     6  include:
     7    - template: Security/SAST.gitlab-ci.yml
     8    - template: Security/Dependency-Scanning.gitlab-ci.yml
     9    - template: 'Workflows/MergeRequest-Pipelines.gitlab-ci.yml'
    10  
    11  variables:
    12    REPO_NAME: gitlab.com/gitlab-org/labkit
    13    GO_SEMANTIC_RELEASE_VERSION: 2.12.0
    14    SAST_EXCLUDED_ANALYZERS: "eslint,gosec,nodejs-scan"
    15  
    16    # Note, GOLANGCI_LINT_VERSION should match .tool-versions!
    17    GOLANGCI_LINT_VERSION: 1.41.1
    18  
    19  .go-version-matrix:
    20    parallel:
    21      matrix:
    22        - GO_VERSION: ["1.18", "1.19", "1.20"]
    23  
    24  backwards_compat:
    25    image: registry.gitlab.com/gitlab-org/gitlab-build-images/debian-bullseye-golang-1.20-rust-1.65:git-2.36
    26    parallel:
    27      matrix:
    28        - REPO_AND_DIR:
    29          - https://gitlab.com/gitlab-org/gitaly.git
    30          - https://gitlab.com/gitlab-org/container-registry.git
    31          - https://gitlab.com/gitlab-org/gitlab-shell.git
    32          - https://gitlab.com/gitlab-org/gitlab-pages.git
    33          - https://gitlab.com/gitlab-org/gitlab.git workhorse
    34    stage: verify
    35    script:
    36      - ./backwards_compat.sh ${REPO_AND_DIR}
    37  
    38  stages:
    39    - build
    40    - verify
    41    - release
    42  
    43  build:
    44    image: golang:${GO_VERSION}-alpine
    45    extends: .go-version-matrix
    46    stage: build
    47    before_script:
    48      - apk add --no-cache git
    49    script:
    50      - ./compile.sh
    51  
    52  test:
    53    extends: .go-version-matrix
    54    image: golang:${GO_VERSION}
    55    stage: verify
    56    script:
    57      - ./test.sh
    58  
    59  test-fips:
    60    image: registry.gitlab.com/gitlab-org/gitlab-runner/go-fips:1.18
    61    stage: verify
    62    variables:
    63      REQUIRED_BUILD_TAGS: fips
    64      CGO_ENABLED: 1
    65    script:
    66      - ./test.sh
    67  
    68  # The verify step should always use the same version of Go as devs are
    69  # likely to be developing with to avoid issues with changes in these tools
    70  # between go versions. Since these are simply linter warnings and not
    71  # compiler issues, we only need a single version
    72  
    73  sast:
    74    stage: verify
    75  
    76  dependency_scanning:
    77    stage: verify
    78  
    79  mod tidy:
    80    stage: verify
    81    script:
    82      - ./tidy.sh
    83  
    84  shellcheck:
    85    image:
    86      name: koalaman/shellcheck-alpine:latest
    87    stage: verify
    88    rules:
    89      - changes:
    90        - "**/*.sh"
    91    script:
    92      - shellcheck -s sh -S style $(ls *.sh | grep -v downstream)
    93  
    94  lint:
    95    image:
    96      name: golangci/golangci-lint:v${GOLANGCI_LINT_VERSION}-alpine
    97      entrypoint: ["/bin/sh", "-c"]
    98    # git must be installed for golangci-lint's --new-from-rev flag to work.
    99    before_script:
   100    - apk add --no-cache git jq
   101    stage: verify
   102    script:
   103      - ./lint.sh
   104    artifacts:
   105      reports:
   106        codequality: gl-code-quality-report.json
   107      paths:
   108        - gl-code-quality-report.json
   109  
   110  commitlint:
   111    stage: verify
   112    image: node:14-alpine3.12
   113    before_script:
   114    - apk add --no-cache git
   115    - npm install
   116    script:
   117    - npx commitlint --from ${CI_MERGE_REQUEST_DIFF_BASE_SHA} --to HEAD --verbose
   118    rules:
   119    - if: $CI_MERGE_REQUEST_IID
   120  
   121  release:
   122    image: node:14
   123    stage: release
   124    rules:
   125      - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
   126        when: manual
   127    script:
   128      - npm install
   129      - $(npm bin)/semantic-release