forked from roddhjav/pass-audit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
138 lines (109 loc) · 2.28 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
---
include:
- template: Security/SAST.gitlab-ci.yml
stages:
- lint
- tests
- dist
- deploy
variables:
PASS_VERSION: 1.7.3
# Dependencies definitions
# ------------------------
.pass: &pass
- wget https://git.zx2c4.com/password-store/snapshot/password-store-$PASS_VERSION.tar.xz
- tar -xf password-store-$PASS_VERSION.tar.xz
- make --directory=password-store-$PASS_VERSION install
.script:
script:
- pip3 install green coverage requests zxcvbn
- make tests
- make
- make install
- cd ~
- pass audit --help
.tests:
extends: .script
stage: tests
before_script:
- apt-get update -q && apt-get install -y make pass python3-pip grep
.distribution:
extends: .script
stage: dist
only:
- tags
- web
# Jobs definitions
# ----------------
# Code Linter
bash:
stage: lint
image: koalaman/shellcheck-alpine
script:
- shellcheck --shell=bash audit.bash
prospector:
stage: lint
image: python:latest
allow_failure: True
before_script:
- pip install prospector[with_everything] requests zxcvbn
script:
- make lint
sast:
stage: lint
# Code tests
python 3.10:
image: python:3.10
extends: .tests
coverage: '/\d+\%\s*$/'
artifacts:
expire_in: 2 days
paths:
- htmlcov/
python 3.9:
image: python:3.9
extends: .tests
python 3.8:
image: python:3.8
extends: .tests
python 3.7:
image: python:3.7
extends: .tests
python 3.6:
image: python:3.6
extends: .tests
# Distribution tests
archlinux:
image: archlinux
extends: .distribution
before_script:
- pacman -Syu --noconfirm --noprogressbar make python-pip which grep pass
ubuntu:
image: ubuntu
extends: .distribution
before_script:
- apt-get update -q && apt-get install -y make pass python3-pip grep
debian:
image: debian
extends: .distribution
before_script:
- apt-get update -q && apt-get install -y make pass python3-pip grep wget
- *pass
fedora:
image: fedora
extends: .distribution
before_script:
- dnf -y install --setopt=install_weak_deps=False make gpg pass python-setuptools python3-pip grep which
# Code coverage deployment
pages:
stage: deploy
dependencies:
- python 3.10
script:
- mv htmlcov/ public/
artifacts:
expire_in: 1 day
paths:
- public
only:
- master