Sha256: 1749509305fca4f6b34b7436f313d52421e84f0b482e3431662aba48b259feed
Contents?: true
Size: 1.88 KB
Versions: 5
Compression:
Stored size: 1.88 KB
Contents
stages:
- test
- deploy
workflow:
rules:
# For merge requests, create a pipeline.
- if: '$CI_MERGE_REQUEST_IID'
# For `master` branch, create a pipeline (this includes on schedules, pushes, merges, etc.).
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
# For tags, create a pipeline.
- if: '$CI_COMMIT_TAG'
.default:
image: ruby:2.7
tags:
- gitlab-org
before_script:
- gem install bundler
- bundle install -j $(nproc) --path vendor
cache:
key:
files:
- Gemfile
- gitlab-dangerfiles.gemspec
paths:
- vendor/ruby
- Gemfile.lock
policy: pull
danger-review:
extends: .default
stage: test
script:
- bundle exec danger --fail-on-errors=true --verbose
test:rspec:
extends: .default
stage: test
script:
- bundle exec rspec
test:rufo:
extends: .default
stage: test
script:
- bundle exec rufo --check .
include:
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/License-Scanning.gitlab-ci.yml
- template: Security/SAST.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
- project: 'gitlab-org/quality/pipeline-common'
file: '/ci/gem-release.yml'
# run security jobs on MRs
# see: https://gitlab.com/gitlab-org/gitlab/-/issues/218444#note_478761991
brakeman-sast:
rules:
- if: '$CI_MERGE_REQUEST_IID'
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
gemnasium-dependency_scanning:
rules:
- if: '$CI_MERGE_REQUEST_IID'
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
bundler-audit-dependency_scanning:
rules:
- if: '$CI_MERGE_REQUEST_IID'
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
license_scanning:
rules:
- if: '$CI_MERGE_REQUEST_IID'
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
secret_detection:
rules:
- if: '$CI_MERGE_REQUEST_IID'
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
Version data entries
5 entries across 5 versions & 1 rubygems