--- include: - template: Security/SAST.gitlab-ci.yml variables: PKGDEST: $CI_PROJECT_DIR/packages PACKAGER: 'Alexandre Pujol ' stages: - lint - test - build - preprocess - deploy # Code Linter # ----------- bash: stage: lint image: koalaman/shellcheck-alpine script: - shellcheck --shell=bash PKGBUILD configure dists/build.sh tests/packer/src/init.sh tests/packer/src/aa-update tests/packer/init/clean.sh debian/apparmor.d.postinst debian/apparmor.d.postrm golangci-lint: stage: lint image: golangci/golangci-lint script: - golangci-lint run sast: stage: lint # Code test # --------- tests: stage: test image: golang coverage: '/Coverage: \d+.\d+/' script: - cp tests/journalctl /usr/bin/journalctl - chmod 755 /usr/bin/journalctl - mkdir -p /var/log/audit/ - touch /var/log/audit/audit.log /var/log/audit/audit.log.1 - go test ./cmd/... ./pkg/... -v -cover -coverprofile=coverage.out - go tool cover -func=coverage.out # Package Build # ------------- archlinux: stage: build image: registry.gitlab.com/roddhjav/builders/archlinux script: - sudo pacman -Syu --noconfirm --noprogressbar lsb-release - makepkg -s --noconfirm --noprogressbar artifacts: expire_in: 1 day paths: - $PKGDEST/* debian: stage: build image: registry.gitlab.com/roddhjav/builders/debian script: - git config --global --add safe.directory $CI_PROJECT_DIR - VERSION="0.$(git rev-list --count HEAD)-1" - mkdir -p "$PKGDEST" - sudo apt-get update -q && sudo apt-get install -y lsb-release config-package-dev rsync - sudo apt-get install -y -t bullseye-backports golang-go - dch --newversion=$VERSION --urgency=medium --distribution=stable --controlmaint "Release $VERSION" - dpkg-buildpackage -b -d --no-sign - mv ../*.deb $PKGDEST/ artifacts: expire_in: 1 day paths: - $PKGDEST/*.deb ubuntu: extends: debian variables: DIST: ubuntu # Profile Preprocessing # --------------------- preprocess-archlinux: stage: preprocess image: archlinux dependencies: - archlinux script: - pacman -Syu --noconfirm --noprogressbar apparmor - pacman -U --noconfirm --noprogressbar $PKGDEST/* - apparmor_parser --preprocess /etc/apparmor.d 1> /dev/null preprocess-debian: stage: preprocess image: debian dependencies: - debian script: - apt-get update -q - apt-get install -y apparmor apparmor-profiles - dpkg --install $PKGDEST/* - apparmor_parser --preprocess /etc/apparmor.d 1> /dev/null preprocess-ubuntu: stage: preprocess image: ubuntu dependencies: - ubuntu script: - apt-get update -q - apt-get install -y apparmor apparmor-profiles - dpkg --install $PKGDEST/* - apparmor_parser --preprocess /etc/apparmor.d 1> /dev/null preprocess-opensuse: stage: preprocess image: opensuse/tumbleweed script: - zypper install -y apparmor-profiles go git rsync lsb-release util-linux findutils make - ./configure --complain - make - make install - apparmor_parser --preprocess /etc/apparmor.d 1> /dev/null # Deploy the documentation # ------------------------ pages: stage: deploy image: python script: - pip install -r requirements.txt - mkdocs build --verbose --site-dir public artifacts: paths: - public rules: - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH