stages: - test - package - security - upload .cljs-job: &cljs image: node:lts-buster cache: key: ${CI_COMMIT_REF_SLUG} paths: - node_modules/ before_script: - apt update && apt -qqy install openjdk-11-jre-headless - npm install - npm install -g --save-dev shadow-cljs .js-job: &js-upload image: node:lts-buster cache: key: ${CI_COMMIT_REF_SLUG} paths: - node_modules/ before_script: - echo _auth=$NPM_PUBLSH_KEY >> .npmrc - echo email=$NPM_PUBLSH_MAIL >> .npmrc - echo always-auth=true >> .npmrc - mkdir -p target/npm-build/mastodon_bot - cp target/mastodon-bot.js target/npm-build/mastodon_bot/ - cp target/mastodon-bot.js.sha256 target/npm-build/mastodon_bot/ - cp target/mastodon-bot.js.sha512 target/npm-build/mastodon_bot/ - cp package.json target/npm-build/mastodon_bot/ - cp README.md target/npm-build/mastodon_bot/ build: <<: *cljs stage: test script: - shadow-cljs compile test package: <<: *cljs stage: package artifacts: paths: - target/ script: - shadow-cljs compile app - chmod a+x target/mastodon-bot.js - sha256sum target/mastodon-bot.js > target/mastodon-bot.js.sha256 - sha512sum target/mastodon-bot.js > target/mastodon-bot.js.sha512 sast: variables: SAST_EXCLUDED_ANALYZERS: bandit, brakeman, flawfinder, gosec, kubesec, phpcs-security-audit, pmd-apex, security-code-scan, sobelow, spotbugs stage: security before_script: - mkdir -p builds && cp -r target/ builds/ include: - template: Security/SAST.gitlab-ci.yml upload-prerelease: <<: *js-upload stage: upload rules: - if: '$CI_COMMIT_BRANCH == "master" && $CI_COMMIT_TAG == null' script: - npm version --no-git-tag-version prerelease - npm publish ./target/npm-build/mastodon_bot --access public upload-release: <<: *js-upload stage: upload rules: - if: '$CI_COMMIT_BRANCH == "master" && $CI_COMMIT_TAG != null' script: - npm version --no-git-tag-version $CI_COMMIT_TAG - npm publish ./target/npm-build/mastodon_bot --access public