2021-08-20 09:09:16 +00:00
|
|
|
.static-analysis-base:
|
|
|
|
extends:
|
|
|
|
- .default-retry
|
|
|
|
- .default-before_script
|
2021-11-01 09:13:14 +00:00
|
|
|
stage: lint
|
2021-08-20 09:09:16 +00:00
|
|
|
needs: []
|
|
|
|
variables:
|
|
|
|
SETUP_DB: "false"
|
|
|
|
ENABLE_SPRING: "1"
|
2022-04-20 18:11:54 +00:00
|
|
|
SKIP_LOG_INITIALIZER_CONNECTIONS: "1"
|
2021-08-20 09:09:16 +00:00
|
|
|
# Disable warnings in browserslist which can break on backports
|
|
|
|
# https://github.com/browserslist/browserslist/blob/a287ec6/node.js#L367-L384
|
|
|
|
BROWSERSLIST_IGNORE_OLD_DATA: "true"
|
2021-12-02 15:10:48 +00:00
|
|
|
GRAPHQL_SCHEMA_APOLLO_FILE: "tmp/tests/graphql/gitlab_schema_apollo.graphql"
|
2021-08-20 09:09:16 +00:00
|
|
|
|
|
|
|
update-static-analysis-cache:
|
|
|
|
extends:
|
|
|
|
- .static-analysis-base
|
2021-11-01 09:13:14 +00:00
|
|
|
- .rubocop-job-cache-push
|
2021-08-20 09:09:16 +00:00
|
|
|
- .shared:rules:update-cache
|
|
|
|
stage: prepare
|
|
|
|
script:
|
|
|
|
- run_timed_command "bundle exec rubocop --parallel" # For the moment we only cache `tmp/rubocop_cache` so we don't need to run all the tasks.
|
|
|
|
|
|
|
|
static-analysis:
|
|
|
|
extends:
|
|
|
|
- .static-analysis-base
|
2021-11-01 09:13:14 +00:00
|
|
|
- .static-analysis-cache
|
2021-08-20 09:09:16 +00:00
|
|
|
- .static-analysis:rules:ee-and-foss
|
2021-11-01 09:13:14 +00:00
|
|
|
parallel: 2
|
2021-08-20 09:09:16 +00:00
|
|
|
script:
|
|
|
|
- run_timed_command "retry yarn install --frozen-lockfile"
|
|
|
|
- scripts/static-analysis
|
|
|
|
|
2021-11-01 09:13:14 +00:00
|
|
|
static-analysis as-if-foss:
|
|
|
|
extends:
|
|
|
|
- static-analysis
|
|
|
|
- .static-analysis:rules:as-if-foss
|
|
|
|
- .as-if-foss
|
|
|
|
|
|
|
|
static-verification-with-database:
|
2021-10-11 03:11:46 +00:00
|
|
|
extends:
|
|
|
|
- .static-analysis-base
|
2021-11-01 09:13:14 +00:00
|
|
|
- .rubocop-job-cache
|
2021-10-11 03:11:46 +00:00
|
|
|
- .static-analysis:rules:ee-and-foss
|
|
|
|
- .use-pg12
|
|
|
|
script:
|
|
|
|
- bundle exec rake lint:static_verification_with_database
|
|
|
|
variables:
|
|
|
|
SETUP_DB: "true"
|
|
|
|
|
2021-12-02 15:10:48 +00:00
|
|
|
generate-apollo-graphl-schema:
|
|
|
|
extends:
|
|
|
|
- .static-analysis-base
|
|
|
|
- .frontend:rules:default-frontend-jobs
|
|
|
|
image:
|
2021-12-14 18:11:35 +00:00
|
|
|
name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:apollo
|
2021-12-02 15:10:48 +00:00
|
|
|
entrypoint: [""]
|
|
|
|
needs: ['graphql-schema-dump']
|
|
|
|
variables:
|
|
|
|
USE_BUNDLE_INSTALL: "false"
|
|
|
|
script:
|
|
|
|
- apollo client:download-schema --config=config/apollo.config.js ${GRAPHQL_SCHEMA_APOLLO_FILE}
|
|
|
|
artifacts:
|
|
|
|
name: graphql-schema-apollo
|
|
|
|
paths:
|
|
|
|
- "${GRAPHQL_SCHEMA_APOLLO_FILE}"
|
|
|
|
|
2021-11-01 09:13:14 +00:00
|
|
|
eslint:
|
2021-08-20 09:09:16 +00:00
|
|
|
extends:
|
2021-11-01 09:13:14 +00:00
|
|
|
- .static-analysis-base
|
|
|
|
- .yarn-cache
|
2021-12-02 15:10:48 +00:00
|
|
|
- .frontend:rules:default-frontend-jobs
|
|
|
|
needs: ['generate-apollo-graphl-schema']
|
2021-11-01 09:13:14 +00:00
|
|
|
variables:
|
|
|
|
USE_BUNDLE_INSTALL: "false"
|
|
|
|
script:
|
|
|
|
- run_timed_command "retry yarn install --frozen-lockfile"
|
2022-05-17 21:08:51 +00:00
|
|
|
- run_timed_command "yarn run lint:eslint:all"
|
2021-11-01 09:13:14 +00:00
|
|
|
|
|
|
|
eslint as-if-foss:
|
|
|
|
extends:
|
|
|
|
- eslint
|
|
|
|
- .frontend:rules:eslint-as-if-foss
|
2021-08-20 09:09:16 +00:00
|
|
|
- .as-if-foss
|
2021-11-01 09:13:14 +00:00
|
|
|
|
|
|
|
haml-lint foss:
|
|
|
|
extends:
|
|
|
|
- .static-analysis-base
|
|
|
|
- .ruby-cache
|
|
|
|
- .static-analysis:rules:ee-and-foss
|
|
|
|
script:
|
|
|
|
- run_timed_command "bin/rake 'haml_lint[app/views]'"
|
|
|
|
artifacts:
|
|
|
|
expire_in: 31d
|
|
|
|
when: always
|
|
|
|
paths:
|
|
|
|
- tmp/feature_flags/
|
|
|
|
|
|
|
|
haml-lint ee:
|
|
|
|
extends:
|
|
|
|
- "haml-lint foss"
|
|
|
|
- .static-analysis:rules:ee
|
|
|
|
script:
|
|
|
|
- run_timed_command "bin/rake 'haml_lint[ee/app/views]'"
|
|
|
|
|
|
|
|
rubocop:
|
|
|
|
extends:
|
|
|
|
- .static-analysis-base
|
|
|
|
- .rubocop-job-cache
|
|
|
|
- .static-analysis:rules:ee-and-foss
|
|
|
|
script:
|
|
|
|
- run_timed_command "bundle exec rubocop --parallel"
|
|
|
|
|
2022-05-05 03:08:53 +00:00
|
|
|
qa:metadata-lint:
|
2021-11-13 09:13:02 +00:00
|
|
|
extends:
|
|
|
|
- .static-analysis-base
|
2022-04-18 21:08:27 +00:00
|
|
|
- .static-analysis:rules:ee-and-foss-qa
|
|
|
|
before_script:
|
|
|
|
- !reference [.default-before_script, before_script]
|
|
|
|
- cd qa/
|
|
|
|
- bundle_install_script
|
2021-11-13 09:13:02 +00:00
|
|
|
script:
|
2022-04-18 21:08:27 +00:00
|
|
|
- run_timed_command "bundle exec bin/qa Test::Instance::All http://localhost:3000 --test-metadata-only"
|
|
|
|
- cd ..
|
|
|
|
- run_timed_command "./scripts/qa/testcases-check qa/tmp/test-metadata.json"
|
2022-05-05 03:08:53 +00:00
|
|
|
- run_timed_command "./scripts/qa/quarantine-types-check qa/tmp/test-metadata.json"
|
2022-04-18 21:08:27 +00:00
|
|
|
variables:
|
|
|
|
USE_BUNDLE_INSTALL: "false"
|
|
|
|
SETUP_DB: "false"
|
|
|
|
QA_EXPORT_TEST_METRICS: "false"
|
|
|
|
# Disable warnings in browserslist which can break on backports
|
|
|
|
# https://github.com/browserslist/browserslist/blob/a287ec6/node.js#L367-L384
|
|
|
|
BROWSERSLIST_IGNORE_OLD_DATA: "true"
|
|
|
|
artifacts:
|
|
|
|
expire_in: 31d
|
|
|
|
when: always
|
|
|
|
paths:
|
|
|
|
- qa/tmp/
|
2021-11-13 09:13:02 +00:00
|
|
|
|
2021-11-01 09:13:14 +00:00
|
|
|
feature-flags-usage:
|
|
|
|
extends:
|
|
|
|
- .static-analysis-base
|
|
|
|
- .rubocop-job-cache
|
|
|
|
- .static-analysis:rules:ee-and-foss
|
|
|
|
script:
|
|
|
|
# We need to disable the cache for this cop since it creates files under tmp/feature_flags/*.used,
|
|
|
|
# the cache would prevent these files from being created.
|
|
|
|
- run_timed_command "bundle exec rubocop --only Gitlab/MarkUsedFeatureFlags --cache false"
|
|
|
|
artifacts:
|
|
|
|
expire_in: 31d
|
|
|
|
when: always
|
|
|
|
paths:
|
|
|
|
- tmp/feature_flags/
|
2022-06-20 12:09:24 +00:00
|
|
|
|
|
|
|
semgrep-appsec-custom-rules:
|
|
|
|
stage: lint
|
|
|
|
extends:
|
|
|
|
- .semgrep-appsec-custom-rules:rules
|
|
|
|
image: returntocorp/semgrep
|
|
|
|
needs: []
|
|
|
|
script:
|
|
|
|
# Required to avoid a timeout https://github.com/returntocorp/semgrep/issues/5395
|
|
|
|
- git fetch origin master
|
|
|
|
# Include/exclude list isn't ideal https://github.com/returntocorp/semgrep/issues/5399
|
|
|
|
- |
|
|
|
|
semgrep ci --gitlab-sast --metrics off --config $CUSTOM_RULES_URL \
|
|
|
|
--include app --include lib --include workhorse \
|
|
|
|
--exclude '*_test.go' --exclude spec --exclude qa > gl-sast-report.json || true
|
|
|
|
variables:
|
|
|
|
CUSTOM_RULES_URL: https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/-/raw/main/appsec-pings/rules.yml
|
|
|
|
artifacts:
|
|
|
|
paths:
|
|
|
|
- gl-sast-report.json
|
|
|
|
reports:
|
|
|
|
sast: gl-sast-report.json
|
|
|
|
|
|
|
|
ping-appsec-for-sast-findings:
|
|
|
|
stage: lint
|
|
|
|
image: alpine:latest
|
|
|
|
extends:
|
|
|
|
- .ping-appsec-for-sast-findings:rules
|
|
|
|
variables:
|
|
|
|
# Project Access Token bot ID for /gitlab-com/gl-security/appsec/sast-custom-rules
|
|
|
|
BOT_USER_ID: 11727358
|
|
|
|
needs:
|
|
|
|
- semgrep-appsec-custom-rules
|
|
|
|
script:
|
|
|
|
- apk add jq curl
|
|
|
|
- scripts/process_custom_semgrep_results.sh
|