-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
57 lines (52 loc) · 1.07 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
---
include:
- template: Jobs/Secret-Detection.gitlab-ci.yml
stages:
- secret_check
- main_pipeline
secret_detection:
stage: secret_check
allow_failure: false
artifacts:
paths:
- .pipeline.yml
- gl-secret-detection-report.json
reports:
secret_detection: gl-secret-detection-report.json
expire_in: 1 day
tags:
- deploy
rules:
when: always
#This job fails when secrets are detected in the repo.
validate_secret:
stage: secret_check
allow_failure: false
needs:
- secret_detection
script:
- apk add jq
- export VULNERABILTIES=$(jq .vulnerabilities[0] gl-secret-detection-report.json)
- |
if [ "$VULNERABILTIES" != "null" ]
then
exit 1
fi
tags:
- deploy
rules:
when: always
main:
stage: main_pipeline
needs:
- secret_detection
allow_failure: false
trigger:
include:
- artifact: .pipeline.yml
job: secret_detection
strategy: depend
rules:
- if: "$CI_MERGE_REQUEST_IID"
- if: "$CI_COMMIT_TAG"
- if: "$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH"