misty.cafe/mistykey
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Revert "another attempt to fix SAST rules"

Browse source 
This reverts commit 8a0b64a265.
This commit is contained in:
Hazelnoot 2025-09-26 23:06:36 -04:00
parent 8a0b64a265
commit 2ca73ea8a9
1 changed files with 7 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

25
.gitlab-ci.yml
View file

@ -31,7 +31,8 @@ variables:
AST_ENABLE_MR_PIPELINES: 'true'
.common: &common
# Only run in MR pipelines *or* push to develop/stable
# "only" has been removed, so we use rules.
# This runs in MR pipelines *or* push to develop/stable
rules:
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
- if: $CI_PIPELINE_SOURCE == 'push' && ($CI_COMMIT_BRANCH == 'develop' || $CI_COMMIT_BRANCH == 'stable')
@ -212,29 +213,17 @@ merge_image_manifests:
--target ${CI_REGISTRY_IMAGE}:${REGISTRY_PUSH_TAG}
.sast_common: &sast_common
<<: *common
stage: test
# SAST tools only support x64
tags:
- amd64
# Only run in MR pipelines *or* push to develop/stable.
# This is the same as in common, but inverted to always include "when: never".
rules:
- if: $CI_PIPELINE_SOURCE != 'merge_request_event' && $CI_PIPELINE_SOURCE != 'push'
when: never
- if: $CI_PIPELINE_SOURCE == 'push' && $CI_COMMIT_BRANCH != 'develop' && $CI_COMMIT_BRANCH != 'stable'
when: never
# https://docs.gitlab.com/user/application_security/container_scanning/#scanning-archives-built-in-a-previous-job
# https://docs.gitlab.com/user/application_security/detect/security_configuration/#error-chosen-stage-test-does-not-exist
container_scanning:
<<: *sast_common
# Only run when pushing to stable, develop, or tags.
# This is the same as in deploy, but inverted to always include "when: never".
rules:
- if: $CI_PIPELINE_SOURCE != 'push'
when: never
- if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != 'develop' && $CI_COMMIT_BRANCH != 'stable'
when: never
<<: *deploy_common
variables:
AST_ENABLE_MR_PIPELINES: 'false'
CS_IMAGE: ${CI_REGISTRY_IMAGE}:${REGISTRY_PUSH_TAG}
@ -242,11 +231,11 @@ container_scanning:
- job: merge_image_manifests
artifacts: true
dependency_scanning:
dependency-scanning:
<<: *sast_common
sast:
<<: *sast_common
#sast:
# <<: *sast_common
gitlab-advanced-sast:
<<: *sast_common