gitea-admin/lti-api
1
0
Fork 0
mirror of https://gitlab.com/mbugroup/lti-api.git synced 2026-05-20 13:31:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update .gitlab-ci.yml file

Browse Source
This commit is contained in:
kris
2025-11-11 09:07:45 +00:00
parent c885fba4ef
commit b8dca3c25e
1 changed files with 2 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitlab-ci.yml
+2 -52
View File
@@ -1,68 +1,18 @@
stages: stages:
- scan - scan
cache: sonarqube_scan:
paths:
- .sonar/cache
- .cache
# ============================================================
# 🧠 Step 1: Security Scan dengan gosec (tidak hentikan pipeline)
# ============================================================
gosec_scan:
stage: scan
image: golang:1.24
script:
- apt-get update && apt-get install -y jq
- go install github.com/securego/gosec/v2/cmd/gosec@latest
- echo "🔍 Menjalankan scan keamanan Go..."
- gosec -fmt=json -out=gosec-report.json ./... || true
- echo "📄 Jumlah issue terdeteksi:" && cat gosec-report.json | jq '.Issues | length'
artifacts:
when: always
paths:
- gosec-report.json
expire_in: 1 week
allow_failure: false
only:
- devops-ec2
# ============================================================
# 🧱 Step 2: Analisis SonarQube (gabung hasil gosec)
# ============================================================
sonarqube_analysis:
stage: scan stage: scan
image: sonarsource/sonar-scanner-cli:latest image: sonarsource/sonar-scanner-cli:latest
script: script:
- apk add --no-cache jq - echo "🚀 Menjalankan analisis ke SonarQube..."
- echo "🚀 Menjalankan analisis SonarQube..."
- if [ -f "go.mod" ]; then go test ./... -coverprofile=coverage.out || true; fi
# Konversi hasil gosec ke format SonarQube Generic Issue
- echo "🧩 Mengonversi hasil gosec untuk SonarQube..."
- |
jq -r '.Issues[] | {engineId: "gosec", ruleId: .rule_id, primaryLocation: {message: .details, filePath: .file, textRange: {startLine: .line}}, type: "VULNERABILITY", severity: .severity}' gosec-report.json |
jq -s '{issues: .}' > gosec-generic-report.json
# Kirim analisis ke SonarQube
- sonar-scanner \ - sonar-scanner \
-Dsonar.projectKey="mbu-lti-backend" \ -Dsonar.projectKey="mbu-lti-backend" \
-Dsonar.projectName="MBU LTI Backend" \ -Dsonar.projectName="MBU LTI Backend" \
-Dsonar.sources="." \ -Dsonar.sources="." \
-Dsonar.host.url="https://status.mbugroup.id/sonar" \ -Dsonar.host.url="https://status.mbugroup.id/sonar" \
-Dsonar.login="sqp_57fbffb8337608c331091dd1544569df613a2d3f" \ -Dsonar.login="sqp_57fbffb8337608c331091dd1544569df613a2d3f" \
-Dsonar.externalIssuesReportPaths="gosec-generic-report.json" \
-Dsonar.go.coverage.reportPaths="coverage.out" \
-Dsonar.sourceEncoding="UTF-8" \ -Dsonar.sourceEncoding="UTF-8" \
-Dsonar.verbose=true -Dsonar.verbose=true
dependencies:
- gosec_scan
artifacts:
when: always
paths:
- .scannerwork
- gosec-generic-report.json
- coverage.out
expire_in: 1 week
only: only:
- devops-ec2 - devops-ec2