gitea-admin/lti-api
1
0
Fork 0
mirror of https://gitlab.com/mbugroup/lti-api.git synced 2026-05-24 23:35:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update .gitlab-ci.yml file

Browse Source
This commit is contained in:
kris
2025-11-11 09:18:02 +00:00
parent c8052f4cb5
commit d940580152
1 changed files with 78 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitlab-ci.yml
+78 -2
View File
@@ -1,11 +1,75 @@
stages: stages:
- test
- scan - scan
sonarqube_scan: cache:
paths:
- .sonar/cache
- .cache
# ======================================================
# 🧪 Step 1: Unit Test + Coverage
# ======================================================
unit_test:
stage: test
image: golang:1.24
script:
- echo "🧪 Menjalankan unit test..."
- go mod tidy
- go test ./... -coverprofile=coverage.out
- go tool cover -func=coverage.out | tail -n 1
artifacts:
when: always
paths:
- coverage.out
expire_in: 1 week
only:
- devops-ec2
# ======================================================
# 🔒 Step 2: Security Scan (Gosec)
# ======================================================
gosec_scan:
stage: scan
image: golang:1.24
script:
- apt-get update && apt-get install -y jq
- go install github.com/securego/gosec/v2/cmd/gosec@latest
- echo "🔍 Menjalankan scan keamanan dengan gosec..."
- gosec -fmt=json -out=gosec-report.json ./... || true
- echo "📄 Jumlah issue ditemukan:" && cat gosec-report.json | jq '.Issues | length'
# Konversi hasil gosec ke format SonarQube
- |
jq -r '.Issues[] | {
engineId: "gosec",
ruleId: .rule_id,
primaryLocation: {
message: .details,
filePath: .file,
textRange: {startLine: .line}
},
type: "VULNERABILITY",
severity: (if .severity == "HIGH" then "CRITICAL" elif .severity == "MEDIUM" then "MAJOR" else "MINOR" end)
}' gosec-report.json | jq -s '{issues: .}' > gosec-generic-report.json
artifacts:
when: always
paths:
- gosec-report.json
- gosec-generic-report.json
expire_in: 1 week
allow_failure: false
only:
- devops-ec2
# ======================================================
# 📊 Step 3: SonarQube Analysis
# ======================================================
sonarqube_analysis:
stage: scan stage: scan
image: sonarsource/sonar-scanner-cli:latest image: sonarsource/sonar-scanner-cli:latest
script: script:
- echo "🚀 Menjalankan analisis ke SonarQube..." - apk add --no-cache jq
- echo "🚀 Mengirim analisis ke SonarQube..."
- | - |
sonar-scanner \ sonar-scanner \
-Dsonar.projectKey=mbu-lti-backend \ -Dsonar.projectKey=mbu-lti-backend \
@@ -13,7 +77,19 @@ sonarqube_scan:
-Dsonar.sources=. \ -Dsonar.sources=. \
-Dsonar.host.url=https://status.mbugroup.id/sonar \ -Dsonar.host.url=https://status.mbugroup.id/sonar \
-Dsonar.login=sqp_57fbffb8337608c331091dd1544569df613a2d3f \ -Dsonar.login=sqp_57fbffb8337608c331091dd1544569df613a2d3f \
-Dsonar.go.coverage.reportPaths=coverage.out \
-Dsonar.externalIssuesReportPaths=gosec-generic-report.json \
-Dsonar.sourceEncoding=UTF-8 \ -Dsonar.sourceEncoding=UTF-8 \
-Dsonar.verbose=true -Dsonar.verbose=true
dependencies:
- unit_test
- gosec_scan
artifacts:
when: always
paths:
- .scannerwork
- coverage.out
- gosec-generic-report.json
expire_in: 1 week
only: only:
- devops-ec2 - devops-ec2