-
Notifications
You must be signed in to change notification settings - Fork 16
/
.gitlab-ci.yml
62 lines (57 loc) · 2.03 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
stages:
- synchronize
- test
## includes
include:
- project: 'coopengo/devops/gitlab-ci-template'
ref: master
file: '/Security/SAST.gitlab-ci.yml'
## Main
synchronize:pipeline:
stage: synchronize
image: bitnami/git
variables:
GIT_STRATEGY: none
REPOSITORY_SSH_KEY: "${SSH_KEY}"
REPOSITORY_COOPENGO_URL: "[email protected]"
before_script:
- echo "Source is $CI_PIPELINE_SOURCE"
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- ssh-keyscan -H "${CI_SERVER_HOST}" >>~/.ssh/known_hosts
- ssh-keyscan -H "github.com" >>~/.ssh/known_hosts
- echo "${REPOSITORY_SSH_KEY}" >~/.ssh/id_rsa
- chmod 400 ~/.ssh/id_rsa
- ssh-keygen -y -f ~/.ssh/id_rsa >~/.ssh/id_rsa.pub
- git config --global user.email "${GITLAB_USER_EMAIL}"
- git config --global user.name "🤖 GitLab CI/CD 🤖"
- git clone --branch "${CI_COMMIT_REF_NAME}" "${REPOSITORY_COOPENGO_URL}:${CI_PROJECT_ROOT_NAMESPACE}/${CI_PROJECT_NAME}.git" "${CI_PROJECT_DIR}"
- git fetch --all
script:
- |-
for BRANCH in $(git ls-remote --refs -h origin -l "coog-*" | cut -s -d '/' -f3 | grep -E "^(coog-[[:digit:]]{1,2}).([[:digit:]]{1,2})$" )
do
git checkout "${BRANCH}"
git checkout "origin/${CI_DEFAULT_BRANCH}" .gitlab-ci.yml
git commit -m "Merge .gitlab-ci.yml from \"${CI_DEFAULT_BRANCH}\""
done
git push --all
rules:
- if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH'
changes:
- .gitlab-ci.yml
trigger:security:test:
stage: test
image: bitnami/git
script:
- |-
for BRANCH in $(git ls-remote --head origin -l "coog-*" | cut -d '/' -f3 | grep -E '^(coog-[[:digit:]]{1,2}.[[:digit:]]{1,3})$' | sort -Vr | head -n 4)
do
curl -X POST \
--fail \
-F "token=${CI_JOB_TOKEN}" \
-F "ref=${BRANCH}" \
https://gitlab.com/api/v4/projects/${CI_PROJECT_ID}/trigger/pipeline
done
rules:
- if: '$CI_PIPELINE_SOURCE =~ /^(web|schedule)$/ && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH'