Further improve settings for extra tests from GitLab

14e6dca4 · jurgenhaas · 3cadf71f · 14e6dca4 · 14e6dca4
Commit 14e6dca4 authored 3 years ago by jurgenhaas
--- a/lakedrops.yml
+++ b/lakedrops.yml
@@ -7,13 +7,13 @@ variables:
  DISABLE_CI_TEST_INVENTORY: 1
  DISABLE_CI_TEST_PHPUNIT: 0
  DISABLE_GITLAB_CI_TESTS: 0
-  DISABLE_GITLAB_CI_TEST_BANDIT_SAST: 0
-  DISABLE_GITLAB_CI_TEST_CODE_QUALITY: 0
-  DISABLE_GITLAB_CI_TEST_ESLINT_SAST: 0
-  DISABLE_GITLAB_CI_TEST_NODEJS_SCAN_SAST: 0
-  DISABLE_GITLAB_CI_TEST_PHPCS_SECURITY_AUDIT_SAST: 0
+  DISABLE_GITLAB_CI_TEST_CODE_QUALITY: 1
+  DISABLE_GITLAB_CI_TEST_SAST_BANDIT: 1
+  DISABLE_GITLAB_CI_TEST_SAST_ESLINT: 1
+  DISABLE_GITLAB_CI_TEST_SAST_NODEJS_SCAN: 1
+  DISABLE_GITLAB_CI_TEST_SAST_PHPCS_SECURITY_AUDIT: 1
+  DISABLE_GITLAB_CI_TEST_SAST_SEMGREP: 1
  DISABLE_GITLAB_CI_TEST_SECRET_DETECTION: 0
-  DISABLE_GITLAB_CI_TEST_SEMGREP_SAST: 0
  ENVIRONMENT_NAME: ${PROJECT_NAME}/$CI_COMMIT_REF_NAME
  ENVIRONMENT_URL: https://www.example.com/$SITE_NAME
  GITLAB_DOMAIN: gitlab.lakedrops.com

--- a/tests/gitlab.yml
+++ b/tests/gitlab.yml
+# SAST: https://docs.gitlab.com/ee/user/application_security/sast/index.html
+# Customize SAST Rules: https://docs.gitlab.com/ee/user/application_security/sast/index.html#customize-rulesets
+
 include:
-  # https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml
-  # - template: Code-Quality.gitlab-ci.yml
  # See https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml
  - template: Security/SAST.gitlab-ci.yml
  # https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml
@@ -17,42 +18,25 @@ include:
    - 'Build Prod Site'

 # ==================================== Code Quality
+# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml
 Code Quality:
  <<: *test_gitlab_default
  allow_failure: true
  variables:
    GIT_STRATEGY: none
-    CODE_QUALITY_IMAGE: registry.lakedrops.com/docker/code-climate-drupal/code-climate-drupal
-    REPORT_FORMAT: html
  script:
-    - docker pull --quiet "$CODE_QUALITY_IMAGE"
-    - |
-      echo docker run --rm \
-        --env REPORT_FORMAT="${REPORT_FORMAT}" \
-        --env SOURCE_CODE="$(php /usr/local/bin/volume.php /code | cut -d: -f1)" \
-        --env TIMEOUT_SECONDS="${TIMEOUT_SECONDS}" \
-        --env CODECLIMATE_DEBUG="${CODECLIMATE_DEBUG}" \
-        --env CODECLIMATE_DEV="${CODECLIMATE_DEV}" \
-        --env REPORT_FORMAT="${REPORT_FORMAT}" \
-        --env ENGINE_MEMORY_LIMIT_BYTES="${ENGINE_MEMORY_LIMIT_BYTES}" \
-        --env CODECLIMATE_PREFIX="${CODECLIMATE_PREFIX}" \
-        --volume "$(php /usr/local/bin/volume.php /code)" \
-        --volume /var/run/docker.sock:/var/run/docker.sock \
-        "$CODE_QUALITY_IMAGE" /code
+    - docker pull --quiet registry.lakedrops.com/docker/code-climate-drupal/code-climate-drupal
    - |
      docker run --rm \
-        --env REPORT_FORMAT="${REPORT_FORMAT}" \
        --env SOURCE_CODE="$(php /usr/local/bin/volume.php /code | cut -d: -f1)" \
-        --env TIMEOUT_SECONDS="${TIMEOUT_SECONDS}" \
-        --env CODECLIMATE_DEBUG="${CODECLIMATE_DEBUG}" \
-        --env CODECLIMATE_DEV="${CODECLIMATE_DEV}" \
-        --env REPORT_FORMAT="${REPORT_FORMAT}" \
-        --env ENGINE_MEMORY_LIMIT_BYTES="${ENGINE_MEMORY_LIMIT_BYTES}" \
-        --env CODECLIMATE_PREFIX="${CODECLIMATE_PREFIX}" \
+        --env TIMEOUT_SECONDS="${TIMEOUT_SECONDS:-900}" \
+        --env CODECLIMATE_DEBUG="${CODECLIMATE_DEBUG:-0}" \
+        --env CODECLIMATE_DEV="${CODECLIMATE_DEV:+--dev}" \
+        --env REPORT_FORMAT="${REPORT_FORMAT:-json}" \
+        --env ENGINE_MEMORY_LIMIT_BYTES="${ENGINE_MEMORY_LIMIT_BYTES:-1024000000}" \
        --volume "$(php /usr/local/bin/volume.php /code)" \
        --volume /var/run/docker.sock:/var/run/docker.sock \
-        "$CODE_QUALITY_IMAGE" /code
-    - ls -lisa
+        registry.lakedrops.com/docker/code-climate-drupal/code-climate-drupal /code
  artifacts:
    name: code-quality
    paths: ['gl-code-quality-report.json']
@@ -70,7 +54,7 @@ bandit-sast:
    reports:
      sast: gl-sast-report.json
  rules:
-    - if: '$DISABLE_GITLAB_CI_TEST_BANDIT_SAST != "1"'
+    - if: '$DISABLE_GITLAB_CI_TEST_SAST_BANDIT != "1"'

 eslint-sast:
  <<: *test_gitlab_default
@@ -80,7 +64,7 @@ eslint-sast:
    reports:
      sast: gl-sast-report.json
  rules:
-    - if: '$DISABLE_GITLAB_CI_TEST_ESLINT_SAST != "1"'
+    - if: '$DISABLE_GITLAB_CI_TEST_SAST_ESLINT != "1"'

 nodejs-scan-sast:
  <<: *test_gitlab_default
@@ -90,7 +74,7 @@ nodejs-scan-sast:
    reports:
      sast: gl-sast-report.json
  rules:
-    - if: '$DISABLE_GITLAB_CI_TEST_NODEJS_SCAN_SAST != "1"'
+    - if: '$DISABLE_GITLAB_CI_TEST_SAST_NODEJS_SCAN != "1"'

 phpcs-security-audit-sast:
  <<: *test_gitlab_default
@@ -100,7 +84,7 @@ phpcs-security-audit-sast:
    reports:
      sast: gl-sast-report.json
  rules:
-    - if: '$DISABLE_GITLAB_CI_TEST_PHPCS_SECURITY_AUDIT_SAST != "1"'
+    - if: '$DISABLE_GITLAB_CI_TEST_SAST_PHPCS_SECURITY_AUDIT != "1"'

 semgrep-sast:
  <<: *test_gitlab_default
@@ -110,7 +94,7 @@ semgrep-sast:
    reports:
      sast: gl-sast-report.json
  rules:
-    - if: '$DISABLE_GITLAB_CI_TEST_SEMGREP_SAST != "1"'
+    - if: '$DISABLE_GITLAB_CI_TEST_SAST_SEMGREP != "1"'

 # ==================================== Secret Detection
 secret_detection: