Merge branch 'add-ci-yaml-file' into 'main'

Add .gitlab-ci.yml See merge request gitlab-components/container-scanning!2

Merge branch 'add-ci-yaml-file' into 'main'
Add .gitlab-ci.yml See merge request gitlab-components/container-scanning!2
7d80b55a · Fabio Pitino · 85d6ba3c · b9b3381a · 7d80b55a · 7d80b55a
Commit 7d80b55a authored 1 year ago by Fabio Pitino
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+include:
+  - component: gitlab.com/$CI_PROJECT_PATH/job@$CI_COMMIT_SHA
+    inputs:
+      force_run: true
+
+stages: [test, release]
+
+ensure-job-added:
+  image: badouralix/curl-jq
+  script:
+    - |
+      route="https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs"
+      count=`curl --silent $route | jq 'map(select(.name | contains("container_scanning"))) | length'`
+      if [ "$count" != "1" ]; then
+        exit 1
+      fi
+  rules:
+    # add to merge request but not branch pipeline for merge request.
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_OPEN_MERGE_REQUESTS
+      when: never
+    - if: $CI_COMMIT_BRANCH # the container_scanning job is only added in branch/MR pipelines.
+
+# Ensure that a project description exists, because it will be important to display
+# the resource in the catalog.
+check-description:
+  image: badouralix/curl-jq
+  script:
+    - |
+      route="https://gitlab.com/api/v4/projects/$CI_PROJECT_ID"
+      desc=`curl --silent $route | jq '.description'`
+      if [ "$desc" = "null" ]; then
+        echo "Description not set. Please set a projet description"
+        exit 1
+      else
+        echo "Description set"
+      fi
+  rules:
+    # add to merge request but not branch pipeline for merge request.
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_OPEN_MERGE_REQUESTS
+      when: never
+    - if: $CI_COMMIT_BRANCH # the container_scanning job is only added in branch/MR pipelines.
+    - if: $CI_COMMIT_TAG
+
+# Ensure that a `README.md` exists in the root directory as it represents the
+# documentation for the whole components repository.
+check-readme:
+  image: busybox
+  script: ls README.md || (echo "Please add a README.md file" && exit 1)
+  rules:
+    # add to merge request but not branch pipeline for merge request.
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_OPEN_MERGE_REQUESTS
+      when: never
+    - if: $CI_COMMIT_BRANCH # the container_scanning job is only added in branch/MR pipelines.
+    - if: $CI_COMMIT_TAG
+
+# If we are tagging a release with a specific convention ("v" + number) and all
+# previous checks succeeded, we proceed with creating a release automatically.
+create-release:
+  stage: release
+  image: registry.gitlab.com/gitlab-org/release-cli:latest
+  rules:
+    - if: $CI_COMMIT_TAG =~ /\d+/
+  script: echo "Creating release $CI_COMMIT_TAG"
+  release:
+    tag_name: $CI_COMMIT_TAG
+    description: "Release $CI_COMMIT_TAG of components repository $CI_PROJECT_PATH"
+
--- a/templates/job.yml
+++ b/templates/job.yml
@@ -5,7 +5,8 @@ spec:
    image:
      default: $CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5
    force_run:
-      default: 'false'
+      type: boolean
+      default: false

 ---

@@ -24,7 +25,7 @@ container_scanning:
  script:
    - gtcs scan
  rules:
-    - if: $[[ inputs.force_run ]] == 'false' && ($CONTAINER_SCANNING_DISABLED == 'true' || $CONTAINER_SCANNING_DISABLED == '1')
+    - if: '"$[[ inputs.force_run ]]" == "false"' # && ($CONTAINER_SCANNING_DISABLED == "true" || $CONTAINER_SCANNING_DISABLED == "1")'
      when: never

    # Add the job to merge request pipelines if there's an open merge request.