Skip to content
Snippets Groups Projects
Select Git revision
  • main default protected
  • renovate-core-js-3.x
  • dependabot
  • renovate-lsiobase-nginx-3.x
  • renovate-electron-20.x
  • renovate-electron-packager-16.x
  • renovate-tsparticles-2.x
7 results
Blame Permalink
.gitlab-ci.yml 21.29 KiB 
stages:
  - Tests
  - Documentation
  - Release
  - Build Release
  - Other

variables:
  project_name: "$CI_PROJECT_NAME"
  SEMANTIC_RELEASE_PACKAGE: "$CI_PROJECT_NAME"
  SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"
  SAST_EXCLUDED_ANALYZERS: ""
  SAST_EXCLUDED_PATHS: "spec, test, tests, tmp"
  SCAN_KUBERNETES_MANIFESTS: "false"
  SECRETS_ANALYZER_VERSION: "3"
  SECRET_DETECTION_EXCLUDED_PATHS: ""

services:
  - name: ghcr.io/griefed/gitlab-ci-cd:2.2.1
    alias: docker

workflow:
  rules:
    - if: '$CI_MERGE_REQUEST_EVENT_TYPE == "detached"'
      when: never
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
      when: never
    - when: always

sast:
  stage: Tests
  artifacts:
    reports:
      sast: gl-sast-report.json
  rules:
    - when: never
  variables:
    SEARCH_MAX_DEPTH: 4
  script:
    - echo "$CI_JOB_NAME is used for configuration only, and its script should not be executed"
    - exit 1

.sast-analyzer:
  extends: sast
  allow_failure: true
  # `rules` must be overridden explicitly by each child job
  # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
  script:
    - /analyzer run

eslint-sast:
  extends: .sast-analyzer
  image:
    name: "$SAST_ANALYZER_IMAGE"
  variables:
    SAST_ANALYZER_IMAGE_TAG: 2
    SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/eslint:$SAST_ANALYZER_IMAGE_TAG"
  rules:
    - if: $SAST_DISABLED
      when: never
    - if: $SAST_EXCLUDED_ANALYZERS =~ /eslint/
      when: never
    - if: $CI_COMMIT_BRANCH
      exists:
        - '**/*.html'
        - '**/*.js'
        - '**/*.jsx'
        - '**/*.ts'
        - '**/*.tsx'

Me haz all ze repositoriiiiiiiiiiiiiiiiiies