forked from signalfx/splunk-otel-java
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
59 lines (52 loc) · 1.2 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
include:
- project: 'prodsec/scp-scanning/gitlab-checkmarx'
ref: latest
file: '/templates/.sast_scan.yml'
- project: 'prodsec/whitesource'
ref: latest
file: '/templates/.whitesource.yml'
image:
name: "openjdk:11.0.11-9-jdk"
stages:
- build
- verify
- release
build:
stage: build
script:
- ./gradlew build -x :smoke-tests:test --scan --no-daemon --stacktrace
sast-scan:
stage: verify
rules:
- if: '$CI_COMMIT_REF_NAME == "main"'
extends: .sast_scan
variables:
SAST_SCANNER: "Semgrep"
# Fail build on high severity security vulnerabilities
alert_mode: "policy"
whitesource:
stage: verify
rules:
- if: '$CI_COMMIT_REF_NAME == "main"'
extends: .whitesource
variables:
ws_user_key: ${WHITESOURCE_USER_KEY}
product_id: ${WHITESOURCE_ID}
config: java-gradle-wrapper
snapshot:
stage: release
rules:
- if: '$CI_COMMIT_REF_NAME == "main"'
script:
- ./gradlew snapshot --no-daemon --stacktrace
release:
stage: release
artifacts:
paths:
- dist/
rules:
- if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+.*/'
before_script:
- ./scripts/install-release-deps.sh
script:
- ./scripts/release.sh "$CI_COMMIT_TAG"