Skip to content
Snippets Groups Projects
Commit fab1adca authored by Benguria Elguezabal, Gorka's avatar Benguria Elguezabal, Gorka
Browse files

Merge remote-tracking branch 'upstream/master'

# Conflicts:
#	CHANGELOG.md
#	README.md
parents 1fa08bef 2fdfb7ee
No related branches found
No related tags found
No related merge requests found
Pipeline #169164 failed
## [4.0.1](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/node/compare/4.0.0...4.0.1) (2024-09-18)
## [4.1.1](https://gitlab.com/to-be-continuous/node/compare/4.1.0...4.1.1) (2024-12-05)
### Bug Fixes
* set node-publish default registry ([fd0f04d](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/node/commit/fd0f04d730e7b844dd6f57a77b21d913b16dd1c9))
* semgrep subdir ([8ac460c](https://gitlab.com/to-be-continuous/node/commit/8ac460c05668590b7713f05fc571fc7b3fe2f4b4))
# [4.1.0](https://gitlab.com/to-be-continuous/node/compare/4.0.3...4.1.0) (2024-11-23)
### Features
* **lint:** enforce GitLab integration ([44cc3c3](https://gitlab.com/to-be-continuous/node/commit/44cc3c30b1211f35c428edfc5e4165aaae086fbc))
## [4.0.3](https://gitlab.com/to-be-continuous/node/compare/4.0.2...4.0.3) (2024-11-02)
### Bug Fixes
* limit security reports access to developer role or higher ([3d4335f](https://gitlab.com/to-be-continuous/node/commit/3d4335fd9d46070720de57cda656c2570dd9efa2))
## [4.0.2](https://gitlab.com/to-be-continuous/node/compare/4.0.1...4.0.2) (2024-10-04)
### Bug Fixes
* **release:** support full semantic-versioning specifcation (with prerelease and build metadata) ([b031dae](https://gitlab.com/to-be-continuous/node/commit/b031dae19ccf2cd4f31066ff052efd2d8b1c7aef))
## [4.0.1](https://gitlab.com/to-be-continuous/node/compare/4.0.0...4.0.1) (2024-09-08)
......
......@@ -16,7 +16,7 @@ Add the following to your `.gitlab-ci.yml`:
```yaml
include:
# 1: include the component
- component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node@4.0.1
- component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node@4.1.1
# 2: set/override component inputs
inputs:
image: "registry.hub.docker.com/library/node:20" # ⚠ this is only an example
......@@ -31,7 +31,7 @@ Add the following to your `.gitlab-ci.yml`:
include:
# 1: include the template
- project: "to-be-continuous/node"
ref: "4.0.0"
ref: "4.1.1"
file: "/templates/gitlab-ci-node.yml"
variables:
......@@ -90,7 +90,8 @@ variables:
### `node-lint` job
The Node template features a job `node-lint` that performs Node.js source code **lint**. This job is **disabled by default**. It can be activated by setting `NODE_LINT_ENABLED`
The Node template features a `node-lint` job that performs a code analysis with [ESLint](https://eslint.org/).
This job is **disabled by default**. It can be activated by setting `NODE_LINT_ENABLED`.
It is bound to the `build` stage, and uses the following variable:
......@@ -100,7 +101,18 @@ It is bound to the `build` stage, and uses the following variable:
| `lint-args` / `NODE_LINT_ARGS` | npm [run script](https://docs.npmjs.com/cli/v8/commands/npm-run-script) arguments to execute the lint analysis <br/> yarn [run script](https://classic.yarnpkg.com/en/docs/cli/run) arguments to execute the lint analysis <br/> pnpm [run script](https://pnpm.io/cli/run) arguments to execute the lint analysis | `run lint` |
| `node-lint-job-tags` / `NODE_LINT_JOB_TAGS` | Tags to be used for selecting runners for the job | [] |
The job generates a lint report that you will find here: `NODE_PROJECT_DIR/reports/node-lint.xslint.json`.
In addition to a textual report in the console, this job produces the following reports, kept for one day:
| Report | Format | Usage |
|-------------------------------------------------------|----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------|
| `$NODE_PROJECT_DIR/reports/node-lint.gitlab.json` | [GitLab](https://docs.gitlab.com/ee/ci/testing/code_quality.html#eslint) | [GitLab integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscodequality) |
| `$NODE_PROJECT_DIR/reports/node-lint.xslint.json` | JSON ESLint | [SonarQube integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/importing-external-issues/external-analyzer-reports/) |
| Report | Format | Usage |
| ------------------------------------------------- | ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `$NODE_PROJECT_DIR/reports/npm-audit.native.json` | [JSON](https://docs.npmjs.com/cli/v9/commands/npm-audit#json) | [DefectDojo integration](https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/npm_audit_7_plus/)<br/>_This report is generated only if DefectDojo template is detected, if needed, you can force it with `$DEFECTDOJO_NPMAUDIT_REPORTS`_ |
### `node-build` job
......@@ -135,8 +147,8 @@ Here is the required configuration if you're using [Jest](https://jestjs.io/) as
| [jest-junit](https://github.com/jest-community/jest-junit) | Yes | `reports/node-test.xunit.xml` | [GitLab unit tests integration](https://docs.gitlab.com/ee/ci/testing/unit_test_reports.html) _(JUnit format)_ |
| istanbul [text](https://istanbul.js.org/docs/advanced/alternative-reporters/#text) | No | N/A _(stdout)_ | [GitLab MR test coverage results](https://docs.gitlab.com/ee/ci/pipelines/settings.html#merge-request-test-coverage-results) _(GitLab grabs coverage from stdout)_ |
| istanbul [cobertura](https://istanbul.js.org/docs/advanced/alternative-reporters/#cobertura) | No | `reports/cobertura-coverage.xml` | [GitLab code coverage integration](https://docs.gitlab.com/ee/ci/testing/test_coverage_visualization.html) _(Cobertura format)_ |
| [jest-sonar](https://github.com/sh33dafi/jest-sonar) | Yes | `reports/node-test.sonar.xml` | [SonarQube unit tests integration](https://docs.sonarqube.org/latest/analysis/generic-test/) _(generic SonarQube format)_ |
| istanbul [lcovonly](https://istanbul.js.org/docs/advanced/alternative-reporters/#lcovonly) | No | `reports/lcov.info` | [SonarQube code coverage integration](https://docs.sonarqube.org/latest/analysis/test-coverage/javascript-typescript-test-coverage/) _(JS/TS LCOV format)_ |
| [jest-sonar](https://github.com/sh33dafi/jest-sonar) | Yes | `reports/node-test.sonar.xml` | [SonarQube unit tests integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/generic-test-data/#generic-test-coverage) _(generic SonarQube format)_ |
| istanbul [lcovonly](https://istanbul.js.org/docs/advanced/alternative-reporters/#lcovonly) | No | `reports/lcov.info` | [SonarQube code coverage integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/) _(JS/TS LCOV format)_ |
Here is an example of a `jest.config.js` configuration file with all the above reporters configured as expected:
......@@ -182,8 +194,8 @@ Here is the required configuration if you're using [Mocha](https://mochajs.org/)
| [mocha-junit-reporter](https://github.com/michaelleeallen/mocha-junit-reporter) | Yes | `reports/node-test.xunit.xml` | [GitLab unit tests integration](https://docs.gitlab.com/ee/ci/testing/unit_test_reports.html) _(JUnit format)_ |
| istanbul [text](https://istanbul.js.org/docs/advanced/alternative-reporters/#text) | Yes (in `nyc` package) | N/A _(stdout)_ | [GitLab MR test coverage results](https://docs.gitlab.com/ee/ci/pipelines/settings.html#merge-request-test-coverage-results) _(GitLab grabs coverage from stdout)_ |
| istanbul [cobertura](https://istanbul.js.org/docs/advanced/alternative-reporters/#cobertura) | Yes (in `nyc` package) | `reports/cobertura-coverage.xml` | [GitLab code coverage integration](https://docs.gitlab.com/ee/ci/testing/test_coverage_visualization.html) _(Cobertura format)_ |
| [mocha-sonarqube-reporter](https://github.com/mmouterde/mocha-sonarqube-reporter) | Yes | `reports/node-test.sonar.xml` | [SonarQube unit tests integration](https://docs.sonarqube.org/latest/analysis/generic-test/) _(generic SonarQube format)_ |
| istanbul [lcovonly](https://istanbul.js.org/docs/advanced/alternative-reporters/#lcovonly) | Yes (in `nyc` package) | `reports/lcov.info` | [SonarQube code coverage integration](https://docs.sonarqube.org/latest/analysis/test-coverage/javascript-typescript-test-coverage/) _(JS/TS LCOV format)_ |
| [mocha-sonarqube-reporter](https://github.com/mmouterde/mocha-sonarqube-reporter) | Yes | `reports/node-test.sonar.xml` | [SonarQube unit tests integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/generic-test-data/#generic-test-coverage) _(generic SonarQube format)_ |
| istanbul [lcovonly](https://istanbul.js.org/docs/advanced/alternative-reporters/#lcovonly) | Yes (in `nyc` package) | `reports/lcov.info` | [SonarQube code coverage integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/) _(JS/TS LCOV format)_ |
:warning: Remarks:
......@@ -288,7 +300,7 @@ If you're using the SonarQube template to analyse your Node code, here are 2 sam
If using JavaScript language:
```properties
# see: https://docs.sonarqube.org/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/
# see: https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/
# set your source directory(ies) here (relative to the sonar-project.properties file)
sonar.sources=.
# exclude unwanted directories and files from being analysed
......@@ -309,7 +321,7 @@ sonar.javascript.lcov.reportPaths=reports/lcov.info
If using TypeScript language:
```properties
# see: https://docs.sonarqube.org/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/
# see: https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/
# set your source directory(ies) here (relative to the sonar-project.properties file)
sonar.sources=src
# exclude unwanted directories and files from being analysed
......@@ -329,10 +341,10 @@ sonar.typescript.lcov.reportPaths=reports/lcov.info
More info:
- [JavaScript language support](https://docs.sonarqube.org/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/)
- [TypeScript language support](https://docs.sonarqube.org/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/)
- [test coverage & execution parameters](https://docs.sonarqube.org/latest/analysis/coverage/)
- [third-party issues](https://docs.sonarqube.org/latest/analysis/external-issues/)
- [JavaScript language support](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/)
- [TypeScript language support](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/)
- [test coverage](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/test-coverage-parameters/) & [test execution](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/test-execution-parameters/) parameters
- [external analyzer reports](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/importing-external-issues/external-analyzer-reports/)
### `node-audit` job
......@@ -345,7 +357,7 @@ It is bound to the `test` stage.
| `audit-disabled` / `NODE_AUDIT_DISABLED` | Set to `true` to disable npm audit | _none_ (enabled) |
| `audit-args` / `NODE_AUDIT_ARGS` | npm [audit](https://docs.npmjs.com/cli/v8/commands/npm-audit) arguments <br/> yarn [audit](https://classic.yarnpkg.com/en/docs/cli/audit) arguments <br/> pnpm [audit](https://pnpm.io/cli/audit) arguments | `--audit-level=low` |
In addition to a textual report in the console, this job produces the following report, kept for one day:
In addition to a textual report in the console, this job produces the following report, kept for one day and only available for download by users with the Developer role or higher:
| Report | Format | Usage |
| ------------------------------------------------- | ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
......@@ -364,7 +376,7 @@ It is bound to the `test` stage.
| `outdated-args` / `NODE_OUTDATED_ARGS` | npm [outdated](https://docs.npmjs.com/cli/v8/commands/npm-outdated) arguments <br/> yarn [outdated](https://classic.yarnpkg.com/lang/en/docs/cli/outdated/) arguments <br/> pnpm [outdated](https://pnpm.io/cli/outdated) arguments | `--long` |
| `node-outdated-job-tags` / `NODE_OUTDATED_JOB_TAGS` | Tags to be used for selecting runners for the job | [] |
The job generates an outdated report that you will find here: `NODE_PROJECT_DIR/reports/npm-outdated-report.json`.
The job generates an outdated report that you will find here: `NODE_PROJECT_DIR/reports/npm-outdated-report.json`. This report is only available for download by users with the Developer role or higher
### `node-semgrep` job
......@@ -389,12 +401,12 @@ It is bound to the `test` stage, and uses the following variables:
> - the `--metrics` option is set to `off`,
> - the `--disable-version-check` option is set.
In addition to a textual report in the console, this job produces the following reports, kept for one day:
In addition to a textual report in the console, this job produces the following reports, kept for one week and only available for download by users with the Developer role or higher:
| Report | Format | Usage |
| ---------------------------------------------------- | -------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `$NODE_PROJECT_DIR/reports/node-semgrep.gitlab.json` | [GitLab's SAST format](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options) | [GitLab integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportssast) |
| `$NODE_PROJECT_DIR/reports/node-semgrep.native.json` | [Semgrep's JSON format](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options) | [DefectDojo integration](https://documentation.defectdojo.com/integrations/parsers/file/semgrep)<br/>_This report is generated only if DefectDojo template is detected_ |
| `$NODE_PROJECT_DIR/reports/node-semgrep.native.json` | [Semgrep's JSON format](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options) | [DefectDojo integration](https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/semgrep/)<br/>_This report is generated only if DefectDojo template is detected_ |
### `node-sbom` job
......@@ -488,10 +500,12 @@ In order to be able to communicate with the Vault server, the variant requires t
| Input / Variable | Description | Default value |
| ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------- |
| `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest` |
| `vault-base-url` / `VAULT_BASE_URL` | The Vault server base API url | _none_ |
| `vault-base-url` / `VAULT_BASE_URL` | The Vault server base API url | **must be defined** |
| `vault-oidc-aud` / `VAULT_OIDC_AUD` | The `aud` claim for the JWT | `$CI_SERVER_URL` |
| :lock: `VAULT_ROLE_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | **must be defined** |
| :lock: `VAULT_SECRET_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID | **must be defined** |
| :lock: `VAULT_ROLE_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | _none_ |
| :lock: `VAULT_SECRET_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID | _none_ |
By default, the variant will authentifacte using a [JWT ID token](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html). To use [AppRole](https://www.vaultproject.io/docs/auth/approle) instead the `VAULT_ROLE_ID` and `VAULT_SECRET_ID` should be defined as secret project variables.
#### Usage
......@@ -513,14 +527,13 @@ With:
```yaml
include:
# main template
- component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node@4.0.1
- component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node@4.1.1
# Vault variant
- component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node-vault@4.0.1
- component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node-vault@4.1.1
inputs:
# audience claim for JWT
vault-oidc-aud: "https://vault.acme.host"
vault-base-url: "https://vault.acme.host/v1"
# $VAULT_ROLE_ID and $VAULT_SECRET_ID defined as a secret CI/CD variable
variables:
NODE_CONFIG_SCOPED_REGISTRIES: "@public-repo:https://public.npm.registry/some/repo @my-priv-repo:https://private.npm.registry/another/repo"
......
......@@ -27,7 +27,7 @@ if [[ "$curVer" ]]; then
log_info "Bump version from \\e[33;1m${curVer}\\e[0m to \\e[33;1m${nextVer}\\e[0m (release type: $relType)..."
# replace in README
sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\/ref: \$nextVer\/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next
sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\"/ref: \"$nextVer\"/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next
mv -f README.md.next README.md
# replace in template and variants
......
......@@ -84,7 +84,7 @@
{
"id": "node-lint",
"name": "node lint",
"description": "node lint analysis",
"description": "code analysis with [ESLint](https://eslint.org/)",
"enable_with": "NODE_LINT_ENABLED",
"variables": [
{
......
......@@ -22,7 +22,7 @@ variables:
.node-base:
services:
- name: "$TBC_TRACKING_IMAGE"
command: ["--service", "node", "4.0.1"]
command: ["--service", "node", "4.1.1"]
- name: "$TBC_VAULT_IMAGE"
alias: "vault-secrets-provider"
variables:
......
......@@ -242,7 +242,7 @@ variables:
# default integration ref name (pattern)
INTEG_REF: /^develop$/
# default release tag name (pattern)
RELEASE_REF: /^v?[0-9]+\.[0-9]+\.[0-9]+$/
RELEASE_REF: /^v?[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9-\.]+)?(\+[a-zA-Z0-9-\.]+)?$/
# ==================================================
# Stages definition
......@@ -568,16 +568,6 @@ stages:
fi
}
function sonar_lint_report() {
if [[ "$SONAR_HOST_URL" ]] || [[ "$SONAR_URL" ]]
then
mkdir -p -m 777 reports
# generate eslint report in json for SonarQube
# shellcheck disable=SC2086
$NODE_MANAGER $NODE_LINT_ARGS -- --format=json --output-file=reports/node-lint.xslint.json
fi
}
function configure_publish() {
# get package scope+name, and target registry url
pkg_fullname=$(node -pe "require('./package.json').name")
......@@ -645,7 +635,7 @@ stages:
image: $NODE_IMAGE
services:
- name: "$TBC_TRACKING_IMAGE"
command: ["--service", "node", "4.0.1"]
command: ["--service", "node", "4.1.1"]
variables:
# Yarn cache (better than --cache-folder option, deprecated)
YARN_CACHE_FOLDER: "$CI_PROJECT_DIR/$NODE_PROJECT_DIR/.yarn"
......@@ -719,16 +709,35 @@ node-lint:
extends: .node-base
stage: build
script:
# generate lint report for sonar
- sonar_lint_report || true
# display lint result for console
- $NODE_MANAGER $NODE_LINT_ARGS
- mkdir -p -m 777 reports
# maybe generate ESLint report for SonarQube
- |
if [[ "$SONAR_HOST_URL" ]] || [[ "$SONAR_URL" ]]
then
# generate eslint report for SonarQube
# shellcheck disable=SC2086
log_info "SonarQube detected: producing ESLint JSON report..."
$NODE_MANAGER $NODE_LINT_ARGS -- --format=json --output-file=reports/node-lint.xslint.json || true
fi
# maybe add eslint-formatter-gitlab
- |
if ! $NODE_MANAGER list | grep eslint-formatter-gitlab > /dev/null
then
log_info "Adding eslint-formatter-gitlab to produce ESLint GitLab report..."
$NODE_MANAGER add eslint-formatter-gitlab
fi
# run ESLint with console output and GitLab report
# shellcheck disable=SC2086
- ESLINT_CODE_QUALITY_REPORT=reports/node-lint.gitlab.json $NODE_MANAGER $NODE_LINT_ARGS -- --format=gitlab
artifacts:
when: always # store artifact even if test Failed
name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
paths:
- $NODE_PROJECT_DIR/reports/node-lint.xslint.json
expire_in: 1 day
paths:
- $NODE_PROJECT_DIR/reports/node-lint.*
reports:
codequality:
- $NODE_PROJECT_DIR/reports/node-lint.gitlab.json
rules:
# exclude if $NODE_LINT_ENABLED unset
- if: '$NODE_LINT_ENABLED != "true"'
......@@ -762,6 +771,7 @@ node-audit:
paths:
- $NODE_PROJECT_DIR/reports/npm-audit.*
expire_in: 1 day
access: developer
rules:
# exclude if $NODE_AUDIT_DISABLED set
- if: '$NODE_AUDIT_DISABLED == "true"'
......@@ -787,6 +797,7 @@ node-outdated:
paths:
- $NODE_PROJECT_DIR/reports/npm-outdated.*
expire_in: 1 day
access: developer
rules:
# exclude if $NODE_OUTDATED_DISABLED set
- if: $NODE_OUTDATED_DISABLED == "true"
......@@ -808,19 +819,19 @@ node-semgrep:
dependencies: []
stage: test
before_script:
- *node-scripts
- cd $NODE_PROJECT_DIR
- mkdir -p -m 777 reports
- !reference [.node-scripts]
- mkdir -p -m 777 ${NODE_PROJECT_DIR}/reports
- setup_semgrep_rules
script:
- >-
semgrep ci ${TRACE+--verbose} ${NODE_SEMGREP_ARGS}
--gitlab-sast-output=reports/node-semgrep.gitlab.json
${DEFECTDOJO_SEMGREP_REPORTS:+--json-output=reports/node-semgrep.native.json}
semgrep ci ${TRACE+--verbose} ${NODE_SEMGREP_ARGS} --subdir ${NODE_PROJECT_DIR}
--gitlab-sast-output=${NODE_PROJECT_DIR}/reports/node-semgrep.gitlab.json
${DEFECTDOJO_SEMGREP_REPORTS:+--json-output=${NODE_PROJECT_DIR}/reports/node-semgrep.native.json}
artifacts:
name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
when: always
expire_in: 1 week
access: developer
reports:
sast: $NODE_PROJECT_DIR/reports/node-semgrep.gitlab.json
paths:
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment