forked from fuzzybaz/eslint-config-base
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
140 lines (122 loc) · 2.86 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
.executor-docker: &executor-docker
tags:
- docker
.node-image: &node-image
image: node:10.16.0-alpine@sha256:07897ec27318d8e43cfc6b1762e7a28ed01479ba4927aca0cdff53c1de9ea6fd
.checkmarx-image: &checkmarx-image
image: $CI_REGISTRY/engineering-practice/checkmarx-cli:latest
.checkmarx-script: &checkmarx-script
script:
- checkmarx ${CI_PROJECT_NAME}@${CI_PROJECT_NAMESPACE}#${CI_COMMIT_REF_NAME} Engineering
.install-git: &install-git
before_script:
- apk update && apk upgrade && apk add --no-cache git
.dependency-npm: &dependency-npm
dependencies:
- npm
.dependency-unit: &dependency-unit
dependencies:
- npm
- unit
.only-branches: &only-branches
except:
- master
- tags
- triggers
.not-branches: ¬-branches
only:
- master
- tags
stages:
- build
- compliance-tests
- security-tests
- unit-tests
- quality-tests
npm:
stage: build
<<: *executor-docker
<<: *node-image
script:
- HASH="$( md5sum package.json )"
- CACHE=/tmp/${CI_PROJECT_NAME}_${HASH}.tgz
- if [ -f "$CACHE" ]; then
tar -xzf "$CACHE";
else
rm -f /tmp/${CI_PROJECT_NAME}_*.tgz &&
npm install &&
tar -czf "$CACHE" node_modules;
fi
artifacts:
name: "${CI_PROJECT_NAME}_${CI_JOB_ID}_${CI_COMMIT_SHA}"
expire_in: 30 mins
paths:
- node_modules
commitlint-branch:
stage: compliance-tests
<<: *executor-docker
<<: *node-image
<<: *install-git
<<: *dependency-npm
script:
- git fetch origin master --quiet
- git checkout master --quiet
- git reset --hard origin/master --quiet
- git checkout - --quiet
- npm run compliance:commits
<<: *only-branches
eslint:
stage: compliance-tests
<<: *executor-docker
<<: *node-image
<<: *dependency-npm
script:
- npm run compliance:lint
outdated:
stage: security-tests
<<: *executor-docker
<<: *node-image
<<: *dependency-npm
script:
- npm outdated
allow_failure: true
audit:
stage: security-tests
<<: *executor-docker
<<: *node-image
script:
- npm run security:audit
checkmarx:
stage: security-tests
<<: *executor-docker
<<: *checkmarx-image
<<: *checkmarx-script
<<: *not-branches
checkmarx-branch:
stage: security-tests
<<: *executor-docker
<<: *checkmarx-image
<<: *checkmarx-script
<<: *only-branches
when: manual
unit:
stage: unit-tests
<<: *executor-docker
<<: *node-image
<<: *dependency-npm
script:
- npm run tests:unit
artifacts:
expire_in: 30 mins
paths:
- .coverage/unit/lcov.info
coverage: /^Lines\s*:\s(\d+(?:.\d+)?%)/
sonar-scanner:
stage: quality-tests
<<: *executor-docker
image: $CI_REGISTRY/engineering-practice/sonar-scanner:latest
<<: *dependency-unit
script:
- sed -i.bak -e "s|^SF:\(.*/[[:digit:]]\{1,\}/.*/\)|SF:$( pwd )/|g" .coverage/unit/lcov.info
- sonar-scanner
<<: *not-branches