workflow: rules: &workflow_rules # For merge requests, create a pipeline. - if: '$CI_MERGE_REQUEST_IID' # For `master` branch, create a pipeline (this includes on schedules, pushes, merges, etc.). - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' # For tags, create a pipeline. - if: '$CI_COMMIT_TAG' # For stable branches, create a pipeline. - if: '$CI_COMMIT_BRANCH =~ /^[\d-]+-stable$/' default: image: golang:1.16 tags: - gitlab-org # Disable DIND for SAST because we need to execute a before_script in the gosec-sast job variables: SAST_DISABLE_DIND: "true" verify: script: - make verify changelog: script: - _support/check_changelog.sh rules: - if: '$CI_MERGE_REQUEST_IID' .test: services: - name: registry.gitlab.com/gitlab-org/build/cng/gitaly:latest # Disable the hooks so we don't have to stub the GitLab API command: ["/usr/bin/env", "GITALY_TESTING_NO_GIT_HOOKS=1", "/scripts/process-wrapper"] alias: gitaly variables: GITALY_ADDRESS: "tcp://gitaly:8075" script: - go version - apt-get update && apt-get -y install libimage-exiftool-perl - make test test using go 1.15: extends: .test image: golang:1.15 test using go 1.16: extends: .test image: golang:1.16 test:release: rules: - if: '$CI_COMMIT_TAG' script: - git describe --exact-match include: - template: Security/SAST.gitlab-ci.yml - template: Security/Dependency-Scanning.gitlab-ci.yml - template: Security/Secret-Detection.gitlab-ci.yml gosec-sast: before_script: - apk add make - make install rules: *workflow_rules gemnasium-dependency_scanning: rules: *workflow_rules secret_detection: rules: *workflow_rules code_navigation: image: golang:latest allow_failure: true script: - go get github.com/sourcegraph/lsif-go/cmd/lsif-go - lsif-go artifacts: reports: lsif: dump.lsif