reduce ci duplications

2021-02-10 16:04:56 +01:00 · 2021-02-10 16:04:56 +01:00 · 2516c03058
commit 2516c03058
parent 2b2def54b7
1 changed files with 39 additions and 41 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,41 +1,46 @@
-image: node:lts-buster
-
 stages:
  - test
  - package
+  - security
  - upload

-cache:
-  key: ${CI_COMMIT_REF_SLUG}
-  paths:
-    - node_modules/
-
-default:
+.cljs-job: &cljs
+  image: node:lts-buster
+  cache:
+    key: ${CI_COMMIT_REF_SLUG}
+    paths:
+      - node_modules/
  before_script:
    - apt update && apt -qqy install openjdk-11-jre-headless
    - npm install
    - npm install -g --save-dev shadow-cljs

+.js-job: &js-upload
+  image: node:lts-buster
+  cache:
+    key: ${CI_COMMIT_REF_SLUG}
+    paths:
+      - node_modules/
+  before_script:
+    - echo _auth=$NPM_PUBLSH_KEY >> .npmrc
+    - echo email=$NPM_PUBLSH_MAIL >> .npmrc
+    - echo always-auth=true >> .npmrc
+    - mkdir -p target/npm-build/mastodon_bot
+    - cp target/mastodon-bot.js target/npm-build/mastodon_bot/
+    - cp target/mastodon-bot.js.sha256 target/npm-build/mastodon_bot/
+    - cp target/mastodon-bot.js.sha512 target/npm-build/mastodon_bot/
+    - cp package.json target/npm-build/mastodon_bot/
+    - cp README.md target/npm-build/mastodon_bot/
+
 build:
+  <<: *cljs
  stage: test
  script:
    - shadow-cljs compile test

-sast:
-  variables:
-    SAST_EXCLUDED_ANALYZERS:
-      bandit, brakeman, flawfinder, gosec, kubesec, phpcs-security-audit,
-      pmd-apex, security-code-scan, sobelow, spotbugs
-  stage: test
-  before_script:
-  - echo "scan security"
-include:
-  - template: Security/SAST.gitlab-ci.yml
-
 package:
+  <<: *cljs
  stage: package
-  rules:
-    - if: '$CI_COMMIT_BRANCH == "master"'
  artifacts:
    paths:
      - target/
@ -45,38 +50,31 @@ package:
    - sha256sum target/mastodon-bot.js > target/mastodon-bot.js.sha256
    - sha512sum target/mastodon-bot.js > target/mastodon-bot.js.sha512

+sast:
+  variables:
+    SAST_EXCLUDED_ANALYZERS:
+      bandit, brakeman, flawfinder, gosec, kubesec, phpcs-security-audit,
+      pmd-apex, security-code-scan, sobelow, spotbugs
+  stage: security
+  before_script:
+    - mkdir -p builds && cp -r target/ builds/
+include:
+  - template: Security/SAST.gitlab-ci.yml
+
 upload-prerelease:
+  <<: *js-upload
  stage: upload
  rules:
    - if: '$CI_COMMIT_BRANCH == "master" && $CI_COMMIT_TAG == null'
-  before_script:
-    - echo _auth=$NPM_PUBLSH_KEY >> .npmrc
-    - echo email=$NPM_PUBLSH_MAIL >> .npmrc
-    - echo always-auth=true >> .npmrc
  script:
-    - mkdir -p target/npm-build/mastodon_bot
-    - cp target/mastodon-bot.js target/npm-build/mastodon_bot/
-    - cp target/mastodon-bot.js.sha256 target/npm-build/mastodon_bot/
-    - cp target/mastodon-bot.js.sha512 target/npm-build/mastodon_bot/
-    - cp package.json target/npm-build/mastodon_bot/
-    - cp README.md target/npm-build/mastodon_bot/
    - npm version --no-git-tag-version prerelease
    - npm publish ./target/npm-build/mastodon_bot --access public

 upload-release:
+  <<: *js-upload
  stage: upload
  rules:
    - if: '$CI_COMMIT_BRANCH == "master" && $CI_COMMIT_TAG != null'
-  before_script:
-    - echo _auth=$NPM_PUBLSH_KEY >> .npmrc
-    - echo email=$NPM_PUBLSH_MAIL >> .npmrc
-    - echo always-auth=true >> .npmrc
  script:
-    - mkdir -p target/npm-build/mastodon_bot
-    - cp target/mastodon-bot.js target/npm-build/mastodon_bot/
-    - cp target/mastodon-bot.js.sha256 target/npm-build/mastodon_bot/
-    - cp target/mastodon-bot.js.sha512 target/npm-build/mastodon_bot/
-    - cp package.json target/npm-build/mastodon_bot/
-    - cp README.md target/npm-build/mastodon_bot/
    - npm version --no-git-tag-version $CI_COMMIT_TAG
    - npm publish ./target/npm-build/mastodon_bot --access public