stages: - test - deploy workflow: rules: # For merge requests, create a pipeline. - if: '$CI_MERGE_REQUEST_IID' # For `master` branch, create a pipeline (this includes on schedules, pushes, merges, etc.). - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' # For tags, create a pipeline. - if: '$CI_COMMIT_TAG' default: tags: - gitlab-org cache: key: files: - Gemfile - gitlab-dangerfiles.gemspec paths: - vendor/ruby .default-test-job: image: "ruby:${RUBY_VERSION}" stage: test needs: [] before_script: - gem install bundler - bundle install -j $(nproc) --path vendor parallel: matrix: - RUBY_VERSION: ['3.0', '3.1', '3.2'] test:rspec: extends: .default-test-job script: - bundle exec rspec test:rubocop: extends: .default-test-job script: - bundle exec rubocop -P -E . include: - component: gitlab.com/components/sast/sast@~latest - component: gitlab.com/components/secret-detection/secret-detection@~latest - component: gitlab.com/gitlab-org/components/gem-release/gem-release@~latest inputs: smoke_test_script: "ruby -r 'gitlab-dangerfiles' -e \"puts Gitlab::Dangerfiles::VERSION\"" - component: gitlab.com/gitlab-org/components/danger-review/danger-review@~latest - template: Security/Dependency-Scanning.gitlab-ci.yml # run security jobs on MRs # see: https://gitlab.com/gitlab-org/gitlab/-/issues/218444#note_478761991 brakeman-sast: rules: - if: '$CI_MERGE_REQUEST_IID' - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' gemnasium-dependency_scanning: rules: - if: '$CI_MERGE_REQUEST_IID' - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' secret_detection: rules: - if: '$CI_MERGE_REQUEST_IID' - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'