From ca56f95db46c5af4e385e4c883000e5728e33c04 Mon Sep 17 00:00:00 2001 From: Hazelnoot Date: Fri, 26 Sep 2025 21:14:09 -0400 Subject: [PATCH] fix rule filters for SAST tests --- .gitlab-ci.yml | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 61e4f6f23b..5eb7ee5e6c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -12,12 +12,20 @@ include: # https://docs.gitlab.com/user/application_security/dependency_scanning/experiment_libbehave_dependency/ - component: $CI_SERVER_FQDN/TransFem-org/libbehave/libbehave@v0.2.4 +.common: &common + # "only" has been removed, so we use rules. + # This runs in MR pipelines *or* push to develop/stable + rules: + - if: $CI_PIPELINE_SOURCE == 'merge_request_event' + - if: $CI_PIPELINE_SOURCE == 'push' && ($CI_COMMIT_BRANCH == 'develop' || $CI_COMMIT_BRANCH == 'stable') + # Cache node_modules and share build artifacts for the pipeline. # This shares the same cache definition, but it's the only place that actually *pushes* to the cache. # https://docs.gitlab.com/ci/caching/ # https://github.com/pnpm/pnpm/issues/1174#issuecomment-996719439 # https://github.com/pnpm/pnpm/issues/1174#issuecomment-1641267133 build: &build + <<: *common stage: build image: name: docker.io/node:22 @@ -74,13 +82,9 @@ build: &build - packages/misskey-reversi/built/ policy: pull-push when: on_success - # "only" has been removed, so we use rules. - # This runs in MR pipelines *or* push to develop/stable - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - - if: $CI_PIPELINE_SOURCE == 'push' && ($CI_COMMIT_BRANCH == 'develop' || $CI_COMMIT_BRANCH == 'stable') .test_common: &test_common + <<: *common <<: *build stage: test script: [] @@ -204,6 +208,7 @@ merge_image_manifests: --target ${CI_REGISTRY_IMAGE}:${REGISTRY_PUSH_TAG} .sast_common: &sast_common + <<: *common stage: test # SAST tools only support x64 tags: