Skip to content

Commit bc997e0

Browse files
LeoComandiniLeoComandini
committed
Merge branch '260224-sats_secretdetection'
2 parents e35eaa6 + b05f55f commit bc997e0

File tree

1 file changed

+52
-0
lines changed

1 file changed

+52
-0
lines changed

.gitlab-ci.yml

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,21 @@ variables:
33
DOCKER_DRIVER: overlay2
44
DOCKER_HOST: tcp://localhost:2375
55
DOCKER_TLS_CERTDIR: ""
6+
GITLAB_ADVANCED_SAST_ENABLED: "true"
7+
SECURE_LOG_LEVEL: "info"
8+
SECRET_DETECTION_ENABLED: "true"
9+
DS_GRADLE_RESOLUTION_POLICY: "none"
10+
11+
include:
12+
- template: Security/SAST.gitlab-ci.yml
13+
- template: Security/Secret-Detection.gitlab-ci.yml
14+
- template: Security/Dependency-Scanning.gitlab-ci.yml
15+
16+
stages:
17+
- security
18+
- test
19+
- build
20+
- deploy
621

722
.base:
823
image: xenoky/lwk-builder@sha256:ccc64ed4333a28fe4e882fcb024d3732d98b0e6621641665aba6fe8c726eaafd
@@ -20,26 +35,42 @@ variables:
2035
- cp /usr/local/cargo/bin/waterfalls /bin/waterfalls_b8818e1
2136

2237

38+
sast:
39+
stage: security
40+
needs: []
41+
42+
dependency_scanning:
43+
stage: security
44+
needs: []
45+
46+
secret_detection:
47+
stage: security
48+
needs: []
49+
2350
fmt_clippy:
51+
stage: test
2452
extends: .base
2553
script:
2654
- cp ./context/env.sh / && cd / && . ./env.sh && cd -
2755
- cargo fmt --check
2856
- cargo clippy --all-targets -- -D warnings
2957

3058
test_clean:
59+
stage: test
3160
image: rust:1.75
3261
script:
3362
- cargo build
3463

3564
test_wollet:
65+
stage: test
3666
extends: .base
3767
script:
3868
- docker pull xenoky/local-jade-emulator:1.0.27
3969
- cp ./context/env.sh / && cd / && . ./env.sh && cd -
4070
- cargo test -p lwk_wollet -p lwk_signer
4171

4272
test_jade:
73+
stage: test
4374
extends: .base
4475
variables:
4576
TMPDIR: ${CI_PROJECT_DIR} # otherwise issue with the docker
@@ -49,11 +80,13 @@ test_jade:
4980
- cargo test -p lwk_jade
5081

5182
test_ledger:
83+
stage: test
5284
extends: .base
5385
script:
5486
- cargo test -p lwk_ledger --features asyncr
5587

5688
test_serial:
89+
stage: test
5790
extends: .base
5891
variables:
5992
script:
@@ -62,28 +95,33 @@ test_serial:
6295

6396
# run tests for minor crates all together
6497
test_minor:
98+
stage: test
6599
extends: .base
66100
script:
67101
- cargo test -p lwk_tiny_jrpc -p lwk_app -p lwk_containers -p lwk_common -p lwk_hwi -p lwk_rpc_model -p lwk_signer
68102

69103
test_cli:
104+
stage: test
70105
extends: .base
71106
script:
72107
- cp ./context/env.sh / && cd / && . ./env.sh && cd -
73108
- cargo test -p lwk_cli
74109

75110
test_simplicity:
111+
stage: test
76112
extends: .base
77113
script:
78114
- cp ./context/env.sh / && cd / && . ./env.sh && cd -
79115
- cargo test -p lwk_simplicity
80116

81117
unit_tests:
118+
stage: test
82119
extends: .base
83120
script:
84121
- cargo nextest run --lib --profile unit # ensure unit tests don't take more than a sec each
85122

86123
test_coverage:
124+
stage: test
87125
extends: .base
88126
variables:
89127
RUSTFLAGS: "-C instrument-coverage"
@@ -112,6 +150,7 @@ test_coverage:
112150
junit: target/nextest/ci/junit.xml
113151

114152
build_cli:
153+
stage: build
115154
extends: .base
116155
only:
117156
- master@liquid/lwk
@@ -124,11 +163,13 @@ build_cli:
124163
expire_in: 14 days
125164

126165
audit:
166+
stage: test
127167
extends: .base
128168
script:
129169
- cargo audit --deny yanked
130170

131171
doc:
172+
stage: build
132173
extends: .base
133174
variables:
134175
RUSTDOCFLAGS: "-D warnings --cfg docsrs"
@@ -151,11 +192,13 @@ doc:
151192
- cargo +nightly doc --no-deps -p lwk_bindings --features foreign_bindings
152193

153194
examples:
195+
stage: test
154196
extends: .base
155197
script:
156198
- cargo run --example list_transactions
157199

158200
bindings:
201+
stage: build
159202
extends: .base
160203
variables:
161204
JAVA_OPTS: "-Xmx2g"
@@ -164,6 +207,7 @@ bindings:
164207
- cargo test -p lwk_bindings --features foreign_bindings
165208

166209
csharp:
210+
stage: build
167211
extends: .base
168212
script:
169213
- cargo build --release -p lwk_bindings
@@ -180,6 +224,7 @@ csharp:
180224
- csharp
181225

182226
cpp:
227+
stage: build
183228
extends: .base
184229
script:
185230
- cargo build --release -p lwk_bindings
@@ -199,6 +244,7 @@ cpp:
199244
- cpp
200245

201246
just:
247+
stage: test
202248
extends: .base
203249
variables:
204250
JAVA_OPTS: "-Xmx2g"
@@ -209,6 +255,7 @@ just:
209255
- just kotlin # kotlin-android would require cargo-ndk and various targets, tested on github which produce the kotlin package
210256

211257
wasm:
258+
stage: build
212259
extends: .base
213260
variables:
214261
RUSTFLAGS: "--cfg=web_sys_unstable_apis"
@@ -234,6 +281,7 @@ wasm:
234281
- lwk_wasm/pkg
235282

236283
.nix:
284+
stage: build
237285
image: xenoky/lwk-nix-builder@sha256:65e7e1999ec3eba96f804a30fd8d1ef6d9842d99a61fb02bf4147dee7d53b9dc
238286
variables:
239287
EXP_FEAT: --extra-experimental-features nix-command --extra-experimental-features flakes
@@ -244,6 +292,7 @@ wasm:
244292
- (! grep ERROR log)
245293

246294
boltz_chain:
295+
stage: test
247296
extends: .base
248297
script:
249298
- cd lwk_boltz
@@ -253,6 +302,7 @@ boltz_chain:
253302
- just test-chain
254303

255304
boltz_mrh:
305+
stage: test
256306
extends: .base
257307
script:
258308
- cd lwk_boltz
@@ -262,6 +312,7 @@ boltz_mrh:
262312
- just test-mrh
263313

264314
boltz_reverse:
315+
stage: test
265316
extends: .base
266317
script:
267318
- cd lwk_boltz
@@ -271,6 +322,7 @@ boltz_reverse:
271322
- just test-reverse
272323

273324
boltz_submarine:
325+
stage: test
274326
extends: .base
275327
script:
276328
- cd lwk_boltz

0 commit comments

Comments
 (0)