From e7e3cf2b0ffe3c23b8711b1acf5eba348780dca9 Mon Sep 17 00:00:00 2001 From: ITQ Date: Mon, 17 Nov 2025 22:43:26 +0300 Subject: [PATCH] fix: fixed default template in CI --- .gitlab-ci.yml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 303ded6..a2eaa1f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -19,7 +19,7 @@ cache: - .cache/trivy policy: pull-push -default: +.docker-job: &docker-job image: docker:28.0 services: - docker:28.0-dind @@ -37,6 +37,8 @@ default: paths: - $TRIVY_CACHE_DIR policy: pull-push + before_script: + - mkdir -p $TRIVY_CACHE_DIR script: - trivy filesystem --skip-files $TRIVY_CACHE_DIR --format cyclonedx --output fs-sbom.json . - trivy filesystem --skip-files $TRIVY_CACHE_DIR --format sarif --output gl-sast-fs-report.json . @@ -63,10 +65,14 @@ default: entrypoint: [""] variables: TRIVY_CACHE_DIR: .cache/trivy + TRIVY_USERNAME: $CI_REGISTRY_USER + TRIVY_PASSWORD: $CI_REGISTRY_PASSWORD cache: paths: - $TRIVY_CACHE_DIR policy: pull-push + before_script: + - mkdir -p $TRIVY_CACHE_DIR script: - trivy image --format cyclonedx --output image-sbom-${IMAGE_TYPE}.json $IMAGE_NAME:$CI_COMMIT_SHA - trivy image --format sarif --output gl-sast-image-${IMAGE_TYPE}-report.json $IMAGE_NAME:$CI_COMMIT_SHA @@ -101,6 +107,7 @@ default: when: on_success .build-template: &build-config + <<: *docker-job stage: build variables: DOCKER_BUILDKIT: 1 @@ -125,7 +132,8 @@ default: when: manual allow_failure: true -.run-test-template: &test-config +.test-template: &test-config + <<: *docker-job stage: test script: - apk add --no-cache docker-compose @@ -151,6 +159,9 @@ default: - ./.cov expire_in: 1 week when: always + rules: + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH + - if: $CI_PIPELINE_SOURCE == 'merge_request_event' sast-filesystem: <<: *trivy-fs-scan