--- include: - template: Security/SAST.gitlab-ci.yml variables: PKGDEST: $CI_PROJECT_DIR/packages PACKAGER: 'Alexandre Pujol ' stages: - lint - test - build - preprocess - deploy # Code Linter # ----------- bash: stage: lint image: koalaman/shellcheck-alpine script: - shellcheck --shell=bash PKGBUILD dists/build.sh dists/docker.sh tests/packer/init/init.sh tests/packer/src/aa-update tests/packer/init/clean.sh debian/apparmor.d.postinst debian/apparmor.d.postrm golangci-lint: stage: lint image: golangci/golangci-lint script: - golangci-lint run packer: stage: lint image: name: hashicorp/packer:latest entrypoint: [""] script: - cd tests && packer fmt --check packer/ && packer validate --syntax-only packer/ sast: stage: lint # Code test # --------- tests: stage: test image: golang coverage: '/Coverage: \d+.\d+/' script: - apt update && apt install -y rsync - cp tests/journalctl /usr/bin/journalctl - chmod 755 /usr/bin/journalctl - mkdir -p /var/log/audit/ - touch /var/log/audit/audit.log /var/log/audit/audit.log.1 - go test ./cmd/... -v -cover -coverprofile=coverage.out - go test ./pkg/... -v -cover -coverprofile=coverage.out - go tool cover -func=coverage.out # Package Build # ------------- archlinux: stage: build image: registry.gitlab.com/roddhjav/builders/archlinux script: - sudo pacman -Syu --noconfirm --noprogressbar - makepkg -s --noconfirm --noprogressbar artifacts: expire_in: 1 day paths: - $PKGDEST/* debian: stage: build image: registry.gitlab.com/roddhjav/builders/debian script: - sudo chown -R build:build /builds/ - git config --global --add safe.directory $CI_PROJECT_DIR - mkdir -p "$PKGDEST" - sudo apt-get update -q && sudo apt-get install -y config-package-dev rsync - sudo apt-get install -y -t bookworm-backports golang-go - bash dists/build.sh dpkg artifacts: expire_in: 1 day paths: - $PKGDEST/*.deb ubuntu: stage: build image: registry.gitlab.com/roddhjav/builders/ubuntu script: - sudo chown -R build:build /builds/ - git config --global --add safe.directory $CI_PROJECT_DIR - mkdir -p "$PKGDEST" - sudo apt-get update -q && sudo apt-get install -y config-package-dev rsync golang-go - bash dists/build.sh dpkg artifacts: expire_in: 1 day paths: - $PKGDEST/*.deb whonix: extends: debian variables: DISTRIBUTION: whonix before_script: - echo "\noverride_dh_auto_build:\n\tmake full" >> debian/rules opensuse: stage: build image: registry.gitlab.com/roddhjav/builders/opensuse script: - mkdir -p "$PKGDEST" - sudo zypper install -y distribution-release golang-packaging rsync - bash dists/build.sh rpm artifacts: expire_in: 1 day paths: - $PKGDEST/*.rpm # Profile Preprocessing # --------------------- preprocess-archlinux: stage: preprocess image: archlinux dependencies: - archlinux script: - pacman -Syu --noconfirm --noprogressbar apparmor - pacman -U --noconfirm --noprogressbar $PKGDEST/* - apparmor_parser --preprocess /etc/apparmor.d 1> /dev/null preprocess-debian: stage: preprocess image: debian dependencies: - debian script: - apt-get update -q - apt-get install -y apparmor apparmor-profiles - dpkg --install $PKGDEST/* - apparmor_parser --preprocess /etc/apparmor.d 1> /dev/null preprocess-ubuntu: extends: preprocess-debian image: ubuntu dependencies: - ubuntu preprocess-whonix: extends: preprocess-debian dependencies: - whonix preprocess-opensuse: stage: preprocess image: opensuse/tumbleweed dependencies: - opensuse script: - zypper install -y apparmor-profiles - rpm -i $PKGDEST/* - apparmor_parser --preprocess /etc/apparmor.d 1> /dev/null # Deploy the documentation # ------------------------ pages: stage: deploy image: python variables: GIT_STRATEGY: clone GIT_DEPTH: 0 script: - pip install -r requirements.txt - mkdocs build --strict --site-dir public artifacts: paths: - public rules: - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH