workflow: rules: # For merge requests, create a pipeline. - if: '$CI_MERGE_REQUEST_IID' # For the default branch, create a pipeline (this includes on schedules, pushes, merges, etc.). - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' # For tags, create a pipeline. - if: '$CI_COMMIT_TAG' stages: - test - deploy default: tags: - gitlab-org .base-ruby-job: image: "ruby:${RUBY_VERSION}" before_script: - bundle_version=$(grep -A 1 "BUNDLED WITH" Gemfile.lock | grep -oE '[[:digit:].]+') - gem install bundler --version "$bundle_version" --no-document # Bundler is not installed with the image - bundle --version - bundle config set --local deployment 'true' - bundle install -j $(nproc) parallel: matrix: - RUBY_VERSION: ['3.1', '3.2', '3.3'] styles: extends: .base-ruby-job stage: test script: - bundle exec rubocop --debug --parallel specs: extends: .base-ruby-job stage: test script: # Disable simplecov for all Ruby version other than the target Ruby version. - if [[ "$RUBY_VERSION" != "3.1" ]]; then export SIMPLECOV=0; fi - bundle exec rspec artifacts: name: coverage expire_in: 31d paths: - coverage/index.html - coverage/assets/ reports: coverage_report: coverage_format: cobertura path: coverage/coverage.xml include: - component: gitlab.com/components/sast/sast@~latest - component: gitlab.com/components/secret-detection/secret-detection@~latest - component: gitlab.com/gitlab-org/components/gem-release/gem-release@~latest inputs: smoke_test_script: "ruby -r 'gitlab/styles' -e \"puts Gitlab::Styles::VERSION\"" - template: Security/Dependency-Scanning.gitlab-ci.yml - component: gitlab.com/gitlab-org/components/danger-review/danger-review@~latest semgrep-sast: rules: - if: '$CI_MERGE_REQUEST_IID' - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' gemnasium-dependency_scanning: rules: - if: '$CI_MERGE_REQUEST_IID' - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' secret_detection: rules: - if: '$CI_MERGE_REQUEST_IID' - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'