Update .gitlab-ci.yml file

2026-05-20 13:31:56 +00:00 · 2025-11-11 08:36:36 +00:00
parent 0766cfeeb2
commit d740a3e26e
1 changed files with 23 additions and 7 deletions
@@ -7,7 +7,7 @@ cache:
    - .cache

 # ============================================================
-# 🧠 Step 1: Security Scan dengan gosec (pakai Go 1.24)
+# 🧠 Step 1: Security Scan dengan gosec (tidak hentikan pipeline)
 # ============================================================
 gosec_scan:
  stage: scan
@@ -15,7 +15,8 @@ gosec_scan:
  script:
    - go install github.com/securego/gosec/v2/cmd/gosec@latest
    - echo "🔍 Menjalankan scan keamanan Go..."
-    - gosec -fmt=json -out=gosec-report.json ./...
+    # Jalankan gosec, tapi jangan hentikan pipeline walau ada temuan
+    - gosec -fmt=json -out=gosec-report.json ./... || true
    - echo "📄 Jumlah issue terdeteksi:" && cat gosec-report.json | jq '.Issues | length'
  artifacts:
    when: always
@@ -27,7 +28,7 @@ gosec_scan:
    - devops-ec2

 # ============================================================
-# 🧱 Step 2: Analisis SonarQube
+# 🧱 Step 2: Analisis SonarQube (gabung hasil gosec)
 # ============================================================
 sonarqube_analysis:
  stage: scan
@@ -35,23 +36,38 @@ sonarqube_analysis:
  script:
    - echo "🚀 Menjalankan analisis SonarQube..."
    - if [ -f "go.mod" ]; then go test ./... -coverprofile=coverage.out || true; fi
+
+    # (Opsional) ubah report JSON gosec jadi format kompatibel SonarQube Generic Issue
+    - echo "🧩 Mengonversi hasil gosec untuk SonarQube..."
+    - |
+      cat > gosec-generic-report.json <<'EOF'
+      {
+        "issues": []
+      }
+      EOF
+    - |
+      jq -r '.Issues[] | {engineId: "gosec", ruleId: .rule_id, primaryLocation: {message: .details, filePath: .file, textRange: {startLine: .line}}, type: "VULNERABILITY", severity: .severity}' gosec-report.json |
+      jq -s '{issues: .}' > gosec-generic-report.json
+
+    # Jalankan analisis SonarQube dan sertakan laporan gosec
    - sonar-scanner \
        -Dsonar.projectKey="mbu-lti-backend" \
        -Dsonar.projectName="MBU LTI Backend" \
        -Dsonar.sources="." \
        -Dsonar.host.url="https://status.mbugroup.id/sonar" \
        -Dsonar.login="sqp_97b3cb2f80ce932fb07b5641aeecc8704b76d1a7" \
+        -Dsonar.externalIssuesReportPaths="gosec-generic-report.json" \
        -Dsonar.go.coverage.reportPaths="coverage.out" \
        -Dsonar.sourceEncoding="UTF-8" \
        -Dsonar.verbose=true
-  only:
-    - devops-ec2
-  allow_failure: false
  dependencies:
    - gosec_scan
  artifacts:
    when: always
    paths:
      - .scannerwork
+      - gosec-generic-report.json
      - coverage.out
-    expire_in: 1 week
+    expire_in: 1 week
+  only:
+    - devops-ec2