fix: fixed default template in CI

.gitlab-ci.yml

@@ -19,7 +19,7 @@ cache:
     - .cache/trivy
   policy: pull-push
 
-default:
+.docker-job: &docker-job
   image: docker:28.0
   services:
     - docker:28.0-dind
@@ -37,6 +37,8 @@ default:
     paths:
       - $TRIVY_CACHE_DIR
     policy: pull-push
+  before_script:
+    - mkdir -p $TRIVY_CACHE_DIR
   script:
     - trivy filesystem --skip-files $TRIVY_CACHE_DIR --format cyclonedx --output fs-sbom.json .
     - trivy filesystem --skip-files $TRIVY_CACHE_DIR --format sarif --output gl-sast-fs-report.json .
@@ -63,10 +65,14 @@ default:
     entrypoint: [""]
   variables:
     TRIVY_CACHE_DIR: .cache/trivy
+    TRIVY_USERNAME: $CI_REGISTRY_USER
+    TRIVY_PASSWORD: $CI_REGISTRY_PASSWORD
   cache:
     paths:
       - $TRIVY_CACHE_DIR
     policy: pull-push
+  before_script:
+    - mkdir -p $TRIVY_CACHE_DIR
   script:
     - trivy image --format cyclonedx --output image-sbom-${IMAGE_TYPE}.json $IMAGE_NAME:$CI_COMMIT_SHA
     - trivy image --format sarif --output gl-sast-image-${IMAGE_TYPE}-report.json $IMAGE_NAME:$CI_COMMIT_SHA
@@ -101,6 +107,7 @@ default:
       when: on_success
 
 .build-template: &build-config
+  <<: *docker-job
   stage: build
   variables:
     DOCKER_BUILDKIT: 1
@@ -125,7 +132,8 @@ default:
       when: manual
       allow_failure: true
 
-.run-test-template: &test-config
+.test-template: &test-config
+  <<: *docker-job
   stage: test
   script:
     - apk add --no-cache docker-compose
@@ -151,6 +159,9 @@ default:
       - ./.cov
     expire_in: 1 week
     when: always
+  rules:
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
 
 sast-filesystem:
   <<: *trivy-fs-scan