-
Notifications
You must be signed in to change notification settings - Fork 16
/
.gitlab-ci.yml
162 lines (157 loc) · 5.37 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
---
# Copyright (C) 2020 The ORT Project Authors
#
# Licensed under the Apache License, Version 2.0 (the 'License');
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an 'AS IS' BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
# License-Filename: LICENSE
include:
- local: 'templates/ort-scan.yml'
stages:
- ort-scan
variables:
SW_NAME:
description: |
Name of project, product or component to be scanned.
By default the name of the repository is used as shown in its clone URL.
value: ''
SW_VERSION:
description: |
Project version number or release name (use the version from package metadata, not VCS revision).
By default, the Git short SHA is used.
value: ''
VCS_TYPE:
description: |
Type of version control system.
Accepted values are 'git', 'git-repo', 'mercurial' or 'subversion'.
value: 'git'
VCS_URL:
description: |
Repository or clone URL of project to scan.
value: ''
VCS_REVISION:
description: |
SHA1 or tag to scan (do not use branch names as they can move).
If VCS_TYPE is 'git-repo', SHA1 must be unabbreviated.
Tag names must be prefixed with 'refs/tags/'.
value: ''
VCS_PATH:
description: |
Leave this field empty unless one of the following special cases applies:
1) project VCS_TYPE is git-repo - specify path to repo manifest file
(e.g. sdk.xml, note vcs-url must point to a manifest repository)
2) you require sparse checkout - specify repository sub-path to download and scan
(e.g. projects/gradle/, note sparse checkout is possible only for VCS_TYPE git, mercurial or subversion)
value: ''
ADVISORS:
description: |
Comma-separated list of security vulnerability advisors to use.
value: ''
ALLOW_DYNAMIC_VERSIONS:
description: |
Set to 'true' only if dynamic dependency versions are allowed (note version ranges specified for dependencies may cause unstable results).
This field applies only to package managers that support lock files, e.g. NPM.
value: 'true'
DB_URL:
description: |
URL for PostgreSQL database to use to cache scan-results and store file archives.
value: ''
DB_USERNAME:
description: |
Username for PostgreSQL database to use to cache scan-results and store file archives.
value: ''
DB_PASSWORD:
description: |
Username for PostgreSQL database to use to cache scan-results and store file archives.
value: ''
DB_SCHEMA:
description: |
Schema for PostgreSQL database to use to cache scan-results and store file archives.
value: ''
FAIL_ON:
description: |
Comma-separated list of ORT results that if exceeding their severity threshold will fail the action.
Accepted values are '', 'issues', 'violations' or 'issues,violations'.
If empty, then exceeding severity threshold will not fail the action.
value: ''
ORT_CLI_ARGS:
description: |
List of arguments to pass to ORT CLI, applies to all commands.
value: ''
ORT_CLI_ANALYZE_ARGS:
description: |
List of arguments to pass to ORT Analyzer CLI.
value: ''
ORT_CLI_SCAN_ARGS:
description: |
List of arguments to pass to ORT Scanner CLI.
value: ''
ORT_CLI_EVALUATE_ARGS:
description: |
List of arguments to pass to ORT Evaluator CLI.
value: ''
ORT_CLI_ADVISE_ARGS:
description: |
List of arguments to pass to ORT Advisor CLI.
value: ''
ORT_CLI_REPORT_ARGS:
description: |
List of arguments to pass to ORT Reporter CLI.
value: ''
ORT_CONFIG_REPOSITORY:
description: |
URL to ORT configuration repository to use.
value: ''
ORT_CONFIG_REVISION:
description: |
The Git revision of the ORT configuration repository to use.
value: ''
ORT_DATA_DIR_NAME:
description: |
Name of ORT directory within user home directory.
value: ''
ORT_LOG_LEVEL:
description: |
Set value to 'debug' to see additional debug output to help tracking down errors.
value: ''
ORT_YML_PATH:
description: |
Path to file containing the repository configuration.
If set, the '.ort.yml' file from the repository is ignored.
value: ''
REPORT_FORMATS:
description: |
Comma-separated list of ORT reporters to run.
value: ''
RUN:
description: |
Comma-separated list of optional workflow steps to run.
value: 'labels,analyzer,scanner,evaluator,advisor,reporter'
FF_SCRIPT_SECTIONS: 'true'
ort-scan:
image: $ORT_DOCKER_IMAGE
stage: ort-scan
extends: .ort-scan
variables:
ORT_DOCKER_IMAGE: 'ghcr.io/alliander-opensource/ort-container:latest'
before_script:
# Use HTTPS instead of SSH for Git cloning
- git config --global url.https://github.com/.insteadOf ssh://[email protected]/
rules:
- if: $CI_PIPELINE_SOURCE == 'pipeline' || $CI_PIPELINE_SOURCE == 'trigger'
- if: $CI_PIPELINE_SOURCE == 'web' && $VCS_URL && $VCS_REVISION
artifacts:
when: always
paths:
- $ORT_RESULTS_PATH
- vars.env