.gitlab-ci.yml in gitlab-styles-11.0.0 vs .gitlab-ci.yml in gitlab-styles-13.0.0

- old
+ new

@@ -1,46 +1,47 @@
+workflow:
+  rules:
+    # For merge requests, create a pipeline.
+    - if: '$CI_MERGE_REQUEST_IID'
+    # For the default branch, create a pipeline (this includes on schedules, pushes, merges, etc.).
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+    # For tags, create a pipeline.
+    - if: '$CI_COMMIT_TAG'
+
 stages:
   - test
   - deploy
 
 default:
-  image: "ruby:${RUBY_VERSION}"
   tags:
     - gitlab-org
+
+.base-ruby-job:
+  image: "ruby:${RUBY_VERSION}"
   before_script:
+    - bundle_version=$(grep -A 1 "BUNDLED WITH" Gemfile.lock | grep -oE '[[:digit:].]+')
+    - gem install bundler --version "$bundle_version" --no-document  # Bundler is not installed with the image
     - bundle --version
-    - bundle install
+    - bundle config set --local deployment 'true'
+    - bundle install -j $(nproc)
+  parallel:
+    matrix:
+      - RUBY_VERSION: ['3.1', '3.2', '3.3']
 
-variables:
-  BUNDLE_FROZEN: 'true'
-
-workflow:
-  rules:
-    # For merge requests, create a pipeline.
-    - if: '$CI_MERGE_REQUEST_IID'
-    # For the default branch, create a pipeline (this includes on schedules, pushes, merges, etc.).
-    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
-    # For tags, create a pipeline.
-    - if: '$CI_COMMIT_TAG'
-
 styles:
+  extends: .base-ruby-job
   stage: test
   script:
     - bundle exec rubocop --debug --parallel
-  parallel:
-    matrix:
-      - RUBY_VERSION: ['2.7', '3.0', '3.1', '3.2']
 
 specs:
+  extends: .base-ruby-job
   stage: test
   script:
-    # Disable simplecov for all Ruby version other than 3.0
-    - if [[ "$RUBY_VERSION" != "3.0" ]]; then export SIMPLECOV=0; fi
+    # Disable simplecov for all Ruby version other than the target Ruby version.
+    - if [[ "$RUBY_VERSION" != "3.1" ]]; then export SIMPLECOV=0; fi
     - bundle exec rspec
-  parallel:
-    matrix:
-      - RUBY_VERSION: ['2.7', '3.0', '3.1', '3.2']
   artifacts:
     name: coverage
     expire_in: 31d
     paths:
       - coverage/index.html
@@ -49,9 +50,27 @@
       coverage_report:
         coverage_format: cobertura
         path: coverage/coverage.xml
 
 include:
-  - project: 'gitlab-org/quality/pipeline-common'
-    file:
-      - '/ci/gem-release.yml'
-      - '/ci/danger-review.yml'
+  - component: gitlab.com/components/sast/sast@~latest
+  - component: gitlab.com/components/secret-detection/secret-detection@~latest
+  - component: gitlab.com/gitlab-org/components/gem-release/gem-release@~latest
+    inputs:
+      smoke_test_script: "ruby -r 'gitlab/styles' -e \"puts Gitlab::Styles::VERSION\""
+  - template: Security/Dependency-Scanning.gitlab-ci.yml
+  - component: gitlab.com/gitlab-org/components/danger-review/danger-review@~latest
+
+semgrep-sast:
+  rules:
+    - if: '$CI_MERGE_REQUEST_IID'
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+
+gemnasium-dependency_scanning:
+  rules:
+    - if: '$CI_MERGE_REQUEST_IID'
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+
+secret_detection:
+  rules:
+    - if: '$CI_MERGE_REQUEST_IID'
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'