Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found
Select Git revision
  • master
  • 4
  • 4.0
  • 4.0.0
  • 4.0.1
  • 4.0.2
  • 4.0.3
  • 4.1
  • 4.1.0
  • 4.1.1
  • 4.2
  • 4.2.0
  • 4.2.1
  • 4.2.2
14 results

Target

Select target project
  • smartdatalab/public/ci-cd-components/node
1 result
Select Git revision
  • master
  • 4
  • 4.0
  • 4.0.0
  • 4.0.1
  • 4.0.2
  • 4.0.3
  • 4.1
  • 4.1.0
  • 4.1.1
  • 4.2
  • 4.2.0
  • 4.2.1
  • 4.2.2
14 results
Show changes
Commits on Source (22)
......@@ -12,13 +12,12 @@ include:
inputs:
check-links-job-tags: ["docker"]
tbc-check-job-tags: ["docker"]
tbc-check-image: cicd-docker-dev.artifact.tecnalia.com/tbc-check:master
tbc-check-image: cicd-docker-dev.artifact.tecnalia.dev/tbc-check:master
gitlab-ci-lint-job-tags: ["docker"]
- component: $CI_SERVER_FQDN/$TBC_NAMESPACE/kicker/validation@master
inputs:
kicker-validation-job-tags: ["docker"]
schema-base-url: "https://git.code.tecnalia.com/api/v4/projects/smartdatalab%2Fpublic%2Fci-cd-components%2Fkicker/repository/files"
yajsv-image: "cicd-docker-dev.artifact.tecnalia.com/yajsv:latest"
schema-base-url: "https://git.code.tecnalia.dev/api/v4/projects/smartdatalab%2Fpublic%2Fci-cd-components%2Fkicker/repository/files"
- component: $CI_SERVER_FQDN/$TBC_NAMESPACE/bash/gitlab-ci-bash@master
inputs:
bash-shellcheck-job-tags: ["docker"]
......
## [4.0.1](https://git.code.tecnalia.com/smartdatalab/public/ci-cd-components/node/compare/4.0.0...4.0.1) (2024-09-18)
## [4.1.1](https://gitlab.com/to-be-continuous/node/compare/4.1.0...4.1.1) (2024-12-05)
### Bug Fixes
* set node-publish default registry ([fd0f04d](https://git.code.tecnalia.com/smartdatalab/public/ci-cd-components/node/commit/fd0f04d730e7b844dd6f57a77b21d913b16dd1c9))
* semgrep subdir ([8ac460c](https://gitlab.com/to-be-continuous/node/commit/8ac460c05668590b7713f05fc571fc7b3fe2f4b4))
# [4.1.0](https://gitlab.com/to-be-continuous/node/compare/4.0.3...4.1.0) (2024-11-23)
### Features
* **lint:** enforce GitLab integration ([44cc3c3](https://gitlab.com/to-be-continuous/node/commit/44cc3c30b1211f35c428edfc5e4165aaae086fbc))
## [4.0.3](https://gitlab.com/to-be-continuous/node/compare/4.0.2...4.0.3) (2024-11-02)
### Bug Fixes
* limit security reports access to developer role or higher ([3d4335f](https://gitlab.com/to-be-continuous/node/commit/3d4335fd9d46070720de57cda656c2570dd9efa2))
## [4.0.2](https://gitlab.com/to-be-continuous/node/compare/4.0.1...4.0.2) (2024-10-04)
### Bug Fixes
* **release:** support full semantic-versioning specifcation (with prerelease and build metadata) ([b031dae](https://gitlab.com/to-be-continuous/node/commit/b031dae19ccf2cd4f31066ff052efd2d8b1c7aef))
## [4.0.1](https://gitlab.com/to-be-continuous/node/compare/4.0.0...4.0.1) (2024-09-08)
......
......@@ -16,7 +16,7 @@ Add the following to your `.gitlab-ci.yml`:
```yaml
include:
# 1: include the component
- component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node@4.0.1
- component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node@4.1.1
# 2: set/override component inputs
inputs:
image: "registry.hub.docker.com/library/node:20" # ⚠ this is only an example
......@@ -31,7 +31,7 @@ Add the following to your `.gitlab-ci.yml`:
include:
# 1: include the template
- project: "to-be-continuous/node"
ref: "4.0.0"
ref: "4.1.1"
file: "/templates/gitlab-ci-node.yml"
variables:
......@@ -90,7 +90,8 @@ variables:
### `node-lint` job
The Node template features a job `node-lint` that performs Node.js source code **lint**. This job is **disabled by default**. It can be activated by setting `NODE_LINT_ENABLED`
The Node template features a `node-lint` job that performs a code analysis with [ESLint](https://eslint.org/).
This job is **disabled by default**. It can be activated by setting `NODE_LINT_ENABLED`.
It is bound to the `build` stage, and uses the following variable:
......@@ -100,7 +101,18 @@ It is bound to the `build` stage, and uses the following variable:
| `lint-args` / `NODE_LINT_ARGS` | npm [run script](https://docs.npmjs.com/cli/v8/commands/npm-run-script) arguments to execute the lint analysis <br/> yarn [run script](https://classic.yarnpkg.com/en/docs/cli/run) arguments to execute the lint analysis <br/> pnpm [run script](https://pnpm.io/cli/run) arguments to execute the lint analysis | `run lint` |
| `node-lint-job-tags` / `NODE_LINT_JOB_TAGS` | Tags to be used for selecting runners for the job | [] |
The job generates a lint report that you will find here: `NODE_PROJECT_DIR/reports/node-lint.xslint.json`.
In addition to a textual report in the console, this job produces the following reports, kept for one day:
| Report | Format | Usage |
|-------------------------------------------------------|----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------|
| `$NODE_PROJECT_DIR/reports/node-lint.gitlab.json` | [GitLab](https://docs.gitlab.com/ee/ci/testing/code_quality.html#eslint) | [GitLab integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscodequality) |
| `$NODE_PROJECT_DIR/reports/node-lint.xslint.json` | JSON ESLint | [SonarQube integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/importing-external-issues/external-analyzer-reports/) |
| Report | Format | Usage |
| ------------------------------------------------- | ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `$NODE_PROJECT_DIR/reports/npm-audit.native.json` | [JSON](https://docs.npmjs.com/cli/v9/commands/npm-audit#json) | [DefectDojo integration](https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/npm_audit_7_plus/)<br/>_This report is generated only if DefectDojo template is detected, if needed, you can force it with `$DEFECTDOJO_NPMAUDIT_REPORTS`_ |
### `node-build` job
......@@ -135,8 +147,8 @@ Here is the required configuration if you're using [Jest](https://jestjs.io/) as
| [jest-junit](https://github.com/jest-community/jest-junit) | Yes | `reports/node-test.xunit.xml` | [GitLab unit tests integration](https://docs.gitlab.com/ee/ci/testing/unit_test_reports.html) _(JUnit format)_ |
| istanbul [text](https://istanbul.js.org/docs/advanced/alternative-reporters/#text) | No | N/A _(stdout)_ | [GitLab MR test coverage results](https://docs.gitlab.com/ee/ci/pipelines/settings.html#merge-request-test-coverage-results) _(GitLab grabs coverage from stdout)_ |
| istanbul [cobertura](https://istanbul.js.org/docs/advanced/alternative-reporters/#cobertura) | No | `reports/cobertura-coverage.xml` | [GitLab code coverage integration](https://docs.gitlab.com/ee/ci/testing/test_coverage_visualization.html) _(Cobertura format)_ |
| [jest-sonar](https://github.com/sh33dafi/jest-sonar) | Yes | `reports/node-test.sonar.xml` | [SonarQube unit tests integration](https://docs.sonarqube.org/latest/analysis/generic-test/) _(generic SonarQube format)_ |
| istanbul [lcovonly](https://istanbul.js.org/docs/advanced/alternative-reporters/#lcovonly) | No | `reports/lcov.info` | [SonarQube code coverage integration](https://docs.sonarqube.org/latest/analysis/test-coverage/javascript-typescript-test-coverage/) _(JS/TS LCOV format)_ |
| [jest-sonar](https://github.com/sh33dafi/jest-sonar) | Yes | `reports/node-test.sonar.xml` | [SonarQube unit tests integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/generic-test-data/#generic-test-coverage) _(generic SonarQube format)_ |
| istanbul [lcovonly](https://istanbul.js.org/docs/advanced/alternative-reporters/#lcovonly) | No | `reports/lcov.info` | [SonarQube code coverage integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/) _(JS/TS LCOV format)_ |
Here is an example of a `jest.config.js` configuration file with all the above reporters configured as expected:
......@@ -182,8 +194,8 @@ Here is the required configuration if you're using [Mocha](https://mochajs.org/)
| [mocha-junit-reporter](https://github.com/michaelleeallen/mocha-junit-reporter) | Yes | `reports/node-test.xunit.xml` | [GitLab unit tests integration](https://docs.gitlab.com/ee/ci/testing/unit_test_reports.html) _(JUnit format)_ |
| istanbul [text](https://istanbul.js.org/docs/advanced/alternative-reporters/#text) | Yes (in `nyc` package) | N/A _(stdout)_ | [GitLab MR test coverage results](https://docs.gitlab.com/ee/ci/pipelines/settings.html#merge-request-test-coverage-results) _(GitLab grabs coverage from stdout)_ |
| istanbul [cobertura](https://istanbul.js.org/docs/advanced/alternative-reporters/#cobertura) | Yes (in `nyc` package) | `reports/cobertura-coverage.xml` | [GitLab code coverage integration](https://docs.gitlab.com/ee/ci/testing/test_coverage_visualization.html) _(Cobertura format)_ |
| [mocha-sonarqube-reporter](https://github.com/mmouterde/mocha-sonarqube-reporter) | Yes | `reports/node-test.sonar.xml` | [SonarQube unit tests integration](https://docs.sonarqube.org/latest/analysis/generic-test/) _(generic SonarQube format)_ |
| istanbul [lcovonly](https://istanbul.js.org/docs/advanced/alternative-reporters/#lcovonly) | Yes (in `nyc` package) | `reports/lcov.info` | [SonarQube code coverage integration](https://docs.sonarqube.org/latest/analysis/test-coverage/javascript-typescript-test-coverage/) _(JS/TS LCOV format)_ |
| [mocha-sonarqube-reporter](https://github.com/mmouterde/mocha-sonarqube-reporter) | Yes | `reports/node-test.sonar.xml` | [SonarQube unit tests integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/generic-test-data/#generic-test-coverage) _(generic SonarQube format)_ |
| istanbul [lcovonly](https://istanbul.js.org/docs/advanced/alternative-reporters/#lcovonly) | Yes (in `nyc` package) | `reports/lcov.info` | [SonarQube code coverage integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/) _(JS/TS LCOV format)_ |
:warning: Remarks:
......@@ -288,7 +300,7 @@ If you're using the SonarQube template to analyse your Node code, here are 2 sam
If using JavaScript language:
```properties
# see: https://docs.sonarqube.org/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/
# see: https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/
# set your source directory(ies) here (relative to the sonar-project.properties file)
sonar.sources=.
# exclude unwanted directories and files from being analysed
......@@ -309,7 +321,7 @@ sonar.javascript.lcov.reportPaths=reports/lcov.info
If using TypeScript language:
```properties
# see: https://docs.sonarqube.org/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/
# see: https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/
# set your source directory(ies) here (relative to the sonar-project.properties file)
sonar.sources=src
# exclude unwanted directories and files from being analysed
......@@ -329,10 +341,10 @@ sonar.typescript.lcov.reportPaths=reports/lcov.info
More info:
- [JavaScript language support](https://docs.sonarqube.org/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/)
- [TypeScript language support](https://docs.sonarqube.org/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/)
- [test coverage & execution parameters](https://docs.sonarqube.org/latest/analysis/coverage/)
- [third-party issues](https://docs.sonarqube.org/latest/analysis/external-issues/)
- [JavaScript language support](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/)
- [TypeScript language support](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/)
- [test coverage](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/test-coverage-parameters/) & [test execution](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/test-execution-parameters/) parameters
- [external analyzer reports](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/importing-external-issues/external-analyzer-reports/)
### `node-audit` job
......@@ -345,7 +357,7 @@ It is bound to the `test` stage.
| `audit-disabled` / `NODE_AUDIT_DISABLED` | Set to `true` to disable npm audit | _none_ (enabled) |
| `audit-args` / `NODE_AUDIT_ARGS` | npm [audit](https://docs.npmjs.com/cli/v8/commands/npm-audit) arguments <br/> yarn [audit](https://classic.yarnpkg.com/en/docs/cli/audit) arguments <br/> pnpm [audit](https://pnpm.io/cli/audit) arguments | `--audit-level=low` |
In addition to a textual report in the console, this job produces the following report, kept for one day:
In addition to a textual report in the console, this job produces the following report, kept for one day and only available for download by users with the Developer role or higher:
| Report | Format | Usage |
| ------------------------------------------------- | ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
......@@ -364,7 +376,7 @@ It is bound to the `test` stage.
| `outdated-args` / `NODE_OUTDATED_ARGS` | npm [outdated](https://docs.npmjs.com/cli/v8/commands/npm-outdated) arguments <br/> yarn [outdated](https://classic.yarnpkg.com/lang/en/docs/cli/outdated/) arguments <br/> pnpm [outdated](https://pnpm.io/cli/outdated) arguments | `--long` |
| `node-outdated-job-tags` / `NODE_OUTDATED_JOB_TAGS` | Tags to be used for selecting runners for the job | [] |
The job generates an outdated report that you will find here: `NODE_PROJECT_DIR/reports/npm-outdated-report.json`.
The job generates an outdated report that you will find here: `NODE_PROJECT_DIR/reports/npm-outdated-report.json`. This report is only available for download by users with the Developer role or higher
### `node-semgrep` job
......@@ -389,12 +401,12 @@ It is bound to the `test` stage, and uses the following variables:
> - the `--metrics` option is set to `off`,
> - the `--disable-version-check` option is set.
In addition to a textual report in the console, this job produces the following reports, kept for one day:
In addition to a textual report in the console, this job produces the following reports, kept for one week and only available for download by users with the Developer role or higher:
| Report | Format | Usage |
| ---------------------------------------------------- | -------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `$NODE_PROJECT_DIR/reports/node-semgrep.gitlab.json` | [GitLab's SAST format](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options) | [GitLab integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportssast) |
| `$NODE_PROJECT_DIR/reports/node-semgrep.native.json` | [Semgrep's JSON format](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options) | [DefectDojo integration](https://documentation.defectdojo.com/integrations/parsers/file/semgrep)<br/>_This report is generated only if DefectDojo template is detected_ |
| `$NODE_PROJECT_DIR/reports/node-semgrep.native.json` | [Semgrep's JSON format](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options) | [DefectDojo integration](https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/semgrep/)<br/>_This report is generated only if DefectDojo template is detected_ |
### `node-sbom` job
......@@ -488,10 +500,12 @@ In order to be able to communicate with the Vault server, the variant requires t
| Input / Variable | Description | Default value |
| ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------- |
| `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest` |
| `vault-base-url` / `VAULT_BASE_URL` | The Vault server base API url | _none_ |
| `vault-base-url` / `VAULT_BASE_URL` | The Vault server base API url | **must be defined** |
| `vault-oidc-aud` / `VAULT_OIDC_AUD` | The `aud` claim for the JWT | `$CI_SERVER_URL` |
| :lock: `VAULT_ROLE_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | **must be defined** |
| :lock: `VAULT_SECRET_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID | **must be defined** |
| :lock: `VAULT_ROLE_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | _none_ |
| :lock: `VAULT_SECRET_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID | _none_ |
By default, the variant will authentifacte using a [JWT ID token](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html). To use [AppRole](https://www.vaultproject.io/docs/auth/approle) instead the `VAULT_ROLE_ID` and `VAULT_SECRET_ID` should be defined as secret project variables.
#### Usage
......@@ -513,14 +527,13 @@ With:
```yaml
include:
# main template
- component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node@4.0.1
- component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node@4.1.1
# Vault variant
- component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node-vault@4.0.1
- component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node-vault@4.1.1
inputs:
# audience claim for JWT
vault-oidc-aud: "https://vault.acme.host"
vault-base-url: "https://vault.acme.host/v1"
# $VAULT_ROLE_ID and $VAULT_SECRET_ID defined as a secret CI/CD variable
variables:
NODE_CONFIG_SCOPED_REGISTRIES: "@public-repo:https://public.npm.registry/some/repo @my-priv-repo:https://private.npm.registry/another/repo"
......
......@@ -27,7 +27,7 @@ if [[ "$curVer" ]]; then
log_info "Bump version from \\e[33;1m${curVer}\\e[0m to \\e[33;1m${nextVer}\\e[0m (release type: $relType)..."
# replace in README
sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\/ref: \$nextVer\/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next
sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\"/ref: \"$nextVer\"/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next
mv -f README.md.next README.md
# replace in template and variants
......
......@@ -84,7 +84,7 @@
{
"id": "node-lint",
"name": "node lint",
"description": "node lint analysis",
"description": "code analysis with [ESLint](https://eslint.org/)",
"enable_with": "NODE_LINT_ENABLED",
"variables": [
{
......
......@@ -22,7 +22,7 @@ variables:
.node-base:
services:
- name: "$TBC_TRACKING_IMAGE"
command: ["--service", "node", "4.0.1"]
command: ["--service", "node", "4.1.1"]
- name: "$TBC_VAULT_IMAGE"
alias: "vault-secrets-provider"
variables:
......
......@@ -242,7 +242,7 @@ variables:
# default integration ref name (pattern)
INTEG_REF: /^develop$/
# default release tag name (pattern)
RELEASE_REF: /^v?[0-9]+\.[0-9]+\.[0-9]+$/
RELEASE_REF: /^v?[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9-\.]+)?(\+[a-zA-Z0-9-\.]+)?$/
# ==================================================
# Stages definition
......@@ -568,16 +568,6 @@ stages:
fi
}
function sonar_lint_report() {
if [[ "$SONAR_HOST_URL" ]] || [[ "$SONAR_URL" ]]
then
mkdir -p -m 777 reports
# generate eslint report in json for SonarQube
# shellcheck disable=SC2086
$NODE_MANAGER $NODE_LINT_ARGS -- --format=json --output-file=reports/node-lint.xslint.json
fi
}
function configure_publish() {
# get package scope+name, and target registry url
pkg_fullname=$(node -pe "require('./package.json').name")
......@@ -645,7 +635,7 @@ stages:
image: $NODE_IMAGE
services:
- name: "$TBC_TRACKING_IMAGE"
command: ["--service", "node", "4.0.1"]
command: ["--service", "node", "4.1.1"]
variables:
# Yarn cache (better than --cache-folder option, deprecated)
YARN_CACHE_FOLDER: "$CI_PROJECT_DIR/$NODE_PROJECT_DIR/.yarn"
......@@ -719,16 +709,35 @@ node-lint:
extends: .node-base
stage: build
script:
# generate lint report for sonar
- sonar_lint_report || true
# display lint result for console
- $NODE_MANAGER $NODE_LINT_ARGS
- mkdir -p -m 777 reports
# maybe generate ESLint report for SonarQube
- |
if [[ "$SONAR_HOST_URL" ]] || [[ "$SONAR_URL" ]]
then
# generate eslint report for SonarQube
# shellcheck disable=SC2086
log_info "SonarQube detected: producing ESLint JSON report..."
$NODE_MANAGER $NODE_LINT_ARGS -- --format=json --output-file=reports/node-lint.xslint.json || true
fi
# maybe add eslint-formatter-gitlab
- |
if ! $NODE_MANAGER list | grep eslint-formatter-gitlab > /dev/null
then
log_info "Adding eslint-formatter-gitlab to produce ESLint GitLab report..."
$NODE_MANAGER add eslint-formatter-gitlab
fi
# run ESLint with console output and GitLab report
# shellcheck disable=SC2086
- ESLINT_CODE_QUALITY_REPORT=reports/node-lint.gitlab.json $NODE_MANAGER $NODE_LINT_ARGS -- --format=gitlab
artifacts:
when: always # store artifact even if test Failed
name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
paths:
- $NODE_PROJECT_DIR/reports/node-lint.xslint.json
expire_in: 1 day
paths:
- $NODE_PROJECT_DIR/reports/node-lint.*
reports:
codequality:
- $NODE_PROJECT_DIR/reports/node-lint.gitlab.json
rules:
# exclude if $NODE_LINT_ENABLED unset
- if: '$NODE_LINT_ENABLED != "true"'
......@@ -762,6 +771,7 @@ node-audit:
paths:
- $NODE_PROJECT_DIR/reports/npm-audit.*
expire_in: 1 day
access: developer
rules:
# exclude if $NODE_AUDIT_DISABLED set
- if: '$NODE_AUDIT_DISABLED == "true"'
......@@ -787,6 +797,7 @@ node-outdated:
paths:
- $NODE_PROJECT_DIR/reports/npm-outdated.*
expire_in: 1 day
access: developer
rules:
# exclude if $NODE_OUTDATED_DISABLED set
- if: $NODE_OUTDATED_DISABLED == "true"
......@@ -808,19 +819,19 @@ node-semgrep:
dependencies: []
stage: test
before_script:
- *node-scripts
- cd $NODE_PROJECT_DIR
- mkdir -p -m 777 reports
- !reference [.node-scripts]
- mkdir -p -m 777 ${NODE_PROJECT_DIR}/reports
- setup_semgrep_rules
script:
- >-
semgrep ci ${TRACE+--verbose} ${NODE_SEMGREP_ARGS}
--gitlab-sast-output=reports/node-semgrep.gitlab.json
${DEFECTDOJO_SEMGREP_REPORTS:+--json-output=reports/node-semgrep.native.json}
semgrep ci ${TRACE+--verbose} ${NODE_SEMGREP_ARGS} --subdir ${NODE_PROJECT_DIR}
--gitlab-sast-output=${NODE_PROJECT_DIR}/reports/node-semgrep.gitlab.json
${DEFECTDOJO_SEMGREP_REPORTS:+--json-output=${NODE_PROJECT_DIR}/reports/node-semgrep.native.json}
artifacts:
name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
when: always
expire_in: 1 week
access: developer
reports:
sast: $NODE_PROJECT_DIR/reports/node-semgrep.gitlab.json
paths:
......