Update .gitlab-ci.yml file

.gitlab-ci.yml

@@ -1,69 +1,56 @@
 stages:
-  - deploy
+  - scan
 
-deploy-dev:
+cache:
-  stage: deploy
+  paths:
-  image: alpine:3.20
+    - .sonar/cache
-  variables:
+    - .cache
-    DEPLOY_APP: "LTI-MBUGROUP"
-
-  before_script:
-    - echo "🧰 Installing dependencies..."
-    - apk update && apk add --no-cache openssh git curl
-    - mkdir -p ~/.ssh
-    - echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
-    - chmod 600 ~/.ssh/id_rsa
-    - eval $(ssh-agent -s)
-    - ssh-add ~/.ssh/id_rsa
-    - ssh-keyscan -H "$SERVER_IP" >> ~/.ssh/known_hosts
 
+# ============================================================
+# 🧠 Step 1: Security Scan dengan gosec
+# ============================================================
+gosec_scan:
+  stage: scan
+  image: golang:1.23
   script:
-    - echo "🚀 Deploying latest code to $SERVER_USER@$SERVER_IP"
+    - go install github.com/securego/gosec/v2/cmd/gosec@latest
-    - >
+    - echo "🔍 Menjalankan scan keamanan Go..."
-      if ssh -o StrictHostKeyChecking=no "$SERVER_USER@$SERVER_IP" "
+    - gosec -fmt=json -out=gosec-report.json ./...
-        cd /home/devops/docker/deployment/development/lti-api &&
+    - cat gosec-report.json | jq '.Issues | length'
-        git fetch origin development &&
+  artifacts:
-        git reset --hard origin/development &&
+    when: always
-        docker compose restart dev-api-lti || docker compose up -d dev-api-lti
+    paths:
-      "; then
+      - gosec-report.json
-        STATUS='success';
+    expire_in: 1 week
-      else
+  allow_failure: false
-        STATUS='failed';
-      fi;
-
-      RUN_URL="${CI_PROJECT_URL}/-/pipelines/${CI_PIPELINE_ID}";
-
-      if [ "$STATUS" = "success" ]; then
-        COLOR=3066993;
-        TITLE="✅ Deployment API Succeeded";
-        DESC="Deployment job on branch \`${CI_COMMIT_REF_NAME}\` completed successfully.";
-      else
-        COLOR=15158332;
-        TITLE="❌ Deployment API Failed Gaes";
-        DESC="Deployment job on branch \`${CI_COMMIT_REF_NAME}\` failed.";
-      fi;
-
-      echo "{
-        \"username\": \"CI Bot\",
-        \"embeds\": [{
-          \"title\": \"$TITLE\",
-          \"description\": \"$DESC\",
-          \"color\": $COLOR,
-          \"fields\": [
-            {\"name\": \"Repository\", \"value\": \"${CI_PROJECT_PATH}\", \"inline\": true},
-            {\"name\": \"Actor\", \"value\": \"${GITLAB_USER_LOGIN}\", \"inline\": true},
-            {\"name\": \"Commit\", \"value\": \"${CI_COMMIT_SHA}\", \"inline\": false},
-            {\"name\": \"Pipeline\", \"value\": \"[Open run](${RUN_URL})\", \"inline\": false}
-          ]
-        }]
-      }" > payload.json;
-
-      echo "📡 Sending notification to Discord...";
-      curl -sS -H "Content-Type: application/json" \
-        -d @payload.json "$DISCORD_WEBHOOK_URL";
-
   only:
-    - development
+    - merge_requests
+    - branches
 
-  environment:
+# ============================================================
-    name: development
+# 🧱 Step 2: Analisis SonarQube
+# ============================================================
+sonarqube_analysis:
+  stage: scan
+  image: sonarsource/sonar-scanner-cli:latest
+  script:
+    - echo "🚀 Menjalankan analisis SonarQube..."
+    - sonar-scanner \
+        -Dsonar.projectKey="mbu-lti-backend" \
+        -Dsonar.projectName="MBU LTI Backend" \
+        -Dsonar.sources="." \
+        -Dsonar.host.url="https://status.mbugroup.id/sonar" \
+        -Dsonar.login="sqp_97b3cb2f80ce932fb07b5641aeecc8704b76d1a7" \
+        -Dsonar.sourceEncoding="UTF-8" \
+        -Dsonar.verbose=true
+  only:
+    - merge_requests
+    - branches
+  allow_failure: false
+  dependencies:
+    - gosec_scan
+  artifacts:
+    when: always
+    paths:
+      - .scannerwork
+    expire_in: 1 week