debian-mirror-gitlab/.gitlab/ci/static-analysis.gitlab-ci.yml

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

220 lines
6.8 KiB
YAML
Raw Normal View History

2021-11-11 11:23:49 +05:30
.static-analysis-base:
extends:
- .default-retry
- .default-before_script
2021-12-11 22:18:48 +05:30
stage: lint
2021-11-11 11:23:49 +05:30
needs: []
variables:
SETUP_DB: "false"
ENABLE_SPRING: "1"
# Disable warnings in browserslist which can break on backports
# https://github.com/browserslist/browserslist/blob/a287ec6/node.js#L367-L384
BROWSERSLIST_IGNORE_OLD_DATA: "true"
2022-01-26 12:08:38 +05:30
GRAPHQL_SCHEMA_APOLLO_FILE: "tmp/tests/graphql/gitlab_schema_apollo.graphql"
2021-11-11 11:23:49 +05:30
update-static-analysis-cache:
extends:
- .static-analysis-base
2021-12-11 22:18:48 +05:30
- .rubocop-job-cache-push
2021-11-11 11:23:49 +05:30
- .shared:rules:update-cache
stage: prepare
script:
2022-10-11 01:57:18 +05:30
# Silence cop offenses for rules with "grace period".
# This will notify Slack if offenses were silenced.
# For the moment we only cache `tmp/rubocop_cache` so we don't need to run all the tasks.
2023-03-04 22:38:38 +05:30
- run_timed_command "fail_on_warnings bundle exec rake rubocop:check:graceful"
2021-11-11 11:23:49 +05:30
static-analysis:
extends:
- .static-analysis-base
2021-12-11 22:18:48 +05:30
- .static-analysis-cache
2022-10-11 01:57:18 +05:30
- .static-analysis:rules:static-analysis
2021-12-11 22:18:48 +05:30
parallel: 2
2021-11-11 11:23:49 +05:30
script:
2022-11-25 23:54:43 +05:30
- yarn_install_script
2023-03-17 16:20:25 +05:30
- fail_on_warnings scripts/static-analysis
2021-11-11 11:23:49 +05:30
2021-12-11 22:18:48 +05:30
static-analysis as-if-foss:
extends:
- static-analysis
2022-10-11 01:57:18 +05:30
- .static-analysis:rules:static-analysis-as-if-foss
2021-12-11 22:18:48 +05:30
- .as-if-foss
static-verification-with-database:
2021-11-18 22:05:49 +05:30
extends:
- .static-analysis-base
2021-12-11 22:18:48 +05:30
- .rubocop-job-cache
2022-10-11 01:57:18 +05:30
- .static-analysis:rules:static-verification-with-database
2023-06-20 00:43:36 +05:30
- .use-pg13
2021-11-18 22:05:49 +05:30
script:
- bundle exec rake lint:static_verification_with_database
variables:
SETUP_DB: "true"
2022-08-13 15:12:31 +05:30
generate-apollo-graphql-schema:
2022-01-26 12:08:38 +05:30
extends:
- .static-analysis-base
- .frontend:rules:default-frontend-jobs
image:
name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:apollo
entrypoint: [""]
needs: ['graphql-schema-dump']
variables:
USE_BUNDLE_INSTALL: "false"
script:
- apollo client:download-schema --config=config/apollo.config.js ${GRAPHQL_SCHEMA_APOLLO_FILE}
artifacts:
name: graphql-schema-apollo
paths:
- "${GRAPHQL_SCHEMA_APOLLO_FILE}"
2022-08-13 15:12:31 +05:30
generate-apollo-graphql-schema as-if-foss:
extends:
- generate-apollo-graphql-schema
- .frontend:rules:eslint-as-if-foss
- .as-if-foss
needs: ['graphql-schema-dump as-if-foss']
2021-12-11 22:18:48 +05:30
eslint:
2021-11-11 11:23:49 +05:30
extends:
2021-12-11 22:18:48 +05:30
- .static-analysis-base
- .yarn-cache
2022-01-26 12:08:38 +05:30
- .frontend:rules:default-frontend-jobs
2022-08-13 15:12:31 +05:30
needs: ['generate-apollo-graphql-schema']
2021-12-11 22:18:48 +05:30
variables:
USE_BUNDLE_INSTALL: "false"
script:
2022-11-25 23:54:43 +05:30
- yarn_install_script
2022-07-16 23:28:13 +05:30
- run_timed_command "yarn run lint:eslint:all"
2021-12-11 22:18:48 +05:30
eslint as-if-foss:
extends:
- eslint
- .frontend:rules:eslint-as-if-foss
2021-11-11 11:23:49 +05:30
- .as-if-foss
2022-08-13 15:12:31 +05:30
needs: ['generate-apollo-graphql-schema as-if-foss']
2021-12-11 22:18:48 +05:30
2022-10-11 01:57:18 +05:30
haml-lint:
2021-12-11 22:18:48 +05:30
extends:
- .static-analysis-base
- .ruby-cache
2022-10-11 01:57:18 +05:30
- .static-analysis:rules:haml-lint
2021-12-11 22:18:48 +05:30
script:
2022-10-11 01:57:18 +05:30
- run_timed_command "bundle exec haml-lint --parallel app/views"
2021-12-11 22:18:48 +05:30
artifacts:
expire_in: 31d
when: always
paths:
- tmp/feature_flags/
haml-lint ee:
extends:
2022-10-11 01:57:18 +05:30
- "haml-lint"
- .static-analysis:rules:haml-lint-ee
2021-12-11 22:18:48 +05:30
script:
2022-10-11 01:57:18 +05:30
- run_timed_command "bundle exec haml-lint --parallel ee/app/views"
2021-12-11 22:18:48 +05:30
rubocop:
extends:
- .static-analysis-base
- .rubocop-job-cache
2022-10-11 01:57:18 +05:30
- .static-analysis:rules:rubocop
needs:
- job: detect-tests
optional: true
2023-01-13 00:05:48 +05:30
variables:
RUBOCOP_TARGET_FILES: "tmp/rubocop_target_files.txt"
2021-12-11 22:18:48 +05:30
script:
2022-10-11 01:57:18 +05:30
- |
# For non-merge request, or when RUN_ALL_RUBOCOP is 'true', run all RuboCop rules
if [ -z "${CI_MERGE_REQUEST_IID}" ] || [ "${RUN_ALL_RUBOCOP}" == "true" ]; then
# Silence cop offenses for rules with "grace period".
# We won't notify Slack if offenses were silenced to avoid frequent messages.
# Job `update-static-analysis-cache` takes care of Slack notifications every 2 hours.
unset CI_SLACK_WEBHOOK_URL
2023-03-04 22:38:38 +05:30
run_timed_command "fail_on_warnings bundle exec rake rubocop:check:graceful"
2022-10-11 01:57:18 +05:30
else
2023-01-13 00:05:48 +05:30
cat "${RSPEC_CHANGED_FILES_PATH}" | ruby -e 'print $stdin.read.split(" ").select { |f| File.exist?(f) }.join(" ")' > "$RUBOCOP_TARGET_FILES"
# Skip running RuboCop if there's no target files
if [ -s "${RUBOCOP_TARGET_FILES}" ]; then
2023-03-04 22:38:38 +05:30
run_timed_command "fail_on_warnings bundle exec rubocop --parallel --force-exclusion $(cat ${RUBOCOP_TARGET_FILES})"
2023-01-13 00:05:48 +05:30
else
echoinfo "Nothing interesting changed for RuboCop. Skipping."
fi
2022-10-11 01:57:18 +05:30
fi
2021-12-11 22:18:48 +05:30
2022-07-16 23:28:13 +05:30
qa:metadata-lint:
2021-12-11 22:18:48 +05:30
extends:
- .static-analysis-base
2022-10-11 01:57:18 +05:30
- .static-analysis:rules:qa:metadata-lint
2022-06-21 17:19:12 +05:30
before_script:
- !reference [.default-before_script, before_script]
- cd qa/
- bundle_install_script
2021-12-11 22:18:48 +05:30
script:
2022-06-21 17:19:12 +05:30
- run_timed_command "bundle exec bin/qa Test::Instance::All http://localhost:3000 --test-metadata-only"
- cd ..
- run_timed_command "./scripts/qa/testcases-check qa/tmp/test-metadata.json"
2022-07-16 23:28:13 +05:30
- run_timed_command "./scripts/qa/quarantine-types-check qa/tmp/test-metadata.json"
2022-06-21 17:19:12 +05:30
variables:
USE_BUNDLE_INSTALL: "false"
SETUP_DB: "false"
QA_EXPORT_TEST_METRICS: "false"
# Disable warnings in browserslist which can break on backports
# https://github.com/browserslist/browserslist/blob/a287ec6/node.js#L367-L384
BROWSERSLIST_IGNORE_OLD_DATA: "true"
artifacts:
expire_in: 31d
when: always
paths:
- qa/tmp/
2021-12-11 22:18:48 +05:30
feature-flags-usage:
extends:
- .static-analysis-base
- .rubocop-job-cache
2022-10-11 01:57:18 +05:30
- .static-analysis:rules:rubocop
2021-12-11 22:18:48 +05:30
script:
# We need to disable the cache for this cop since it creates files under tmp/feature_flags/*.used,
# the cache would prevent these files from being created.
2023-03-04 22:38:38 +05:30
- run_timed_command "fail_on_warnings bundle exec rubocop --only Gitlab/MarkUsedFeatureFlags --cache false"
2021-12-11 22:18:48 +05:30
artifacts:
expire_in: 31d
when: always
paths:
- tmp/feature_flags/
2023-04-23 21:23:45 +05:30
semgrep-appsec-custom-rules:
stage: lint
extends:
- .semgrep-appsec-custom-rules:rules
image: returntocorp/semgrep
needs: []
script:
# Required to avoid a timeout https://github.com/returntocorp/semgrep/issues/5395
- git fetch origin master
# Include/exclude list isn't ideal https://github.com/returntocorp/semgrep/issues/5399
- |
semgrep ci --gitlab-sast --metrics off --config $CUSTOM_RULES_URL \
--include app --include lib --include workhorse \
--exclude '*_test.go' --exclude spec --exclude qa > gl-sast-report.json || true
variables:
CUSTOM_RULES_URL: https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/-/raw/main/appsec-pings/rules.yml
artifacts:
paths:
- gl-sast-report.json
ping-appsec-for-sast-findings:
stage: lint
image: alpine:latest
extends:
- .ping-appsec-for-sast-findings:rules
variables:
# Project Access Token bot ID for /gitlab-com/gl-security/appsec/sast-custom-rules
BOT_USER_ID: 13559989
needs:
- semgrep-appsec-custom-rules
script:
- apk add jq curl
- scripts/process_custom_semgrep_results.sh