Remove Code Climate configuration, it went into its own Docker image

Add Code Quality template Add SAST template Add Security Detection template

Remove Code Climate configuration, it went into its own Docker image
bbab6401 · jurgenhaas · f7f5cf4f · f7f5cf4f · bbab6401
Commit bbab6401 authored 3 years ago by jurgenhaas
--- a/config/codeclimate.yml
+++ b/config/codeclimate.yml
---
-version: "2"
-plugins:
-  csslint:
-    enabled: true
-  duplication:
-    enabled: true
-    config:
-      languages:
-        - javascript
-        - python
-        - php
-  eslint:
-    enabled: true
-    channel: "stable"
-  fixme:
-    enabled: true
-  phpcodesniffer:
-    enabled: true
-    config:
-      standard: "DrupalPractice"
-  phpmd:
-    enabled: true
-exclude_patterns:
-  - config/
-  - db/
-  - dist/
-  - features/
-  - "**/node_modules/"
-  - script/
-  - "**/spec/"
-  - "**/test/"
-  - "**/tests/"
-  - Tests/
-  - "**/vendor/"
-  - "**/webpack/"
-  - "**/*_test.go"
-  - "**/*.d.ts"
-  - "**/*.min.js"
-  - "**/*.min.css"
-  - "**/__tests__/"
-  - "**/__mocks__/"
--- a/lakedrops-execute.yml
+++ b/lakedrops-execute.yml
@@ -2,6 +2,12 @@ include:
  - project: 'gitlab-ci-cd/drupal'
    ref: master
    file: '/test-and-deploy.yml'
+  # https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml
+  - template: Code-Quality.gitlab-ci.yml
+  # See https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml
+  - template: Security/SAST.gitlab-ci.yml
+  # https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml
+  - template: Security/Secret-Detection.gitlab-ci.yml

 Build Prod Site:
  extends: '.build-prod'
@@ -38,3 +44,37 @@ Deploy:

 Reset Locales:
  extends: '.resetlocales'
+
+# ==================================== Code Quality
+code_quality:
+  tags:
+    - default
+  variables:
+    CODE_QUALITY_IMAGE: registry.lakedrops.com/docker/code-climate-drupal/code-climate-drupal
+  artifacts:
+    paths:
+      - gl-code-quality-report.json
+  rules:
+    - when: never
+
+# ==================================== SAST
+bandit-sast:
+  tags:
+    - default
+eslint-sast:
+  tags:
+    - default
+nodejs-scan-sast:
+  tags:
+    - default
+phpcs-security-audit-sast:
+  tags:
+    - default
+semgrep-sast:
+  tags:
+    - default
+
+# ==================================== Secret Detection
+secret_detection:
+  tags:
+    - default