mirror of
https://gitlab.com/mbugroup/lti-api.git
synced 2026-05-20 13:31:56 +00:00
kris
57 lines
1.6 KiB
YAML
57 lines
1.6 KiB
YAML
stages:
|
|
- scan
|
|
|
|
cache:
|
|
paths:
|
|
- .sonar/cache
|
|
- .cache
|
|
|
|
# ============================================================
|
|
# 🧠 Step 1: Security Scan dengan gosec (pakai Go 1.24)
|
|
# ============================================================
|
|
gosec_scan:
|
|
stage: scan
|
|
image: golang:1.24
|
|
script:
|
|
- go install github.com/securego/gosec/v2/cmd/gosec@latest
|
|
- echo "🔍 Menjalankan scan keamanan Go..."
|
|
- gosec -fmt=json -out=gosec-report.json ./...
|
|
- echo "📄 Jumlah issue terdeteksi:" && cat gosec-report.json | jq '.Issues | length'
|
|
artifacts:
|
|
when: always
|
|
paths:
|
|
- gosec-report.json
|
|
expire_in: 1 week
|
|
allow_failure: false
|
|
only:
|
|
- devops-ec2
|
|
|
|
# ============================================================
|
|
# 🧱 Step 2: Analisis SonarQube
|
|
# ============================================================
|
|
sonarqube_analysis:
|
|
stage: scan
|
|
image: sonarsource/sonar-scanner-cli:latest
|
|
script:
|
|
- echo "🚀 Menjalankan analisis SonarQube..."
|
|
- if [ -f "go.mod" ]; then go test ./... -coverprofile=coverage.out || true; fi
|
|
- sonar-scanner \
|
|
-Dsonar.projectKey="mbu-lti-backend" \
|
|
-Dsonar.projectName="MBU LTI Backend" \
|
|
-Dsonar.sources="." \
|
|
-Dsonar.host.url="https://status.mbugroup.id/sonar" \
|
|
-Dsonar.login="sqp_97b3cb2f80ce932fb07b5641aeecc8704b76d1a7" \
|
|
-Dsonar.go.coverage.reportPaths="coverage.out" \
|
|
-Dsonar.sourceEncoding="UTF-8" \
|
|
-Dsonar.verbose=true
|
|
only:
|
|
- devops-ec2
|
|
allow_failure: false
|
|
dependencies:
|
|
- gosec_scan
|
|
artifacts:
|
|
when: always
|
|
paths:
|
|
- .scannerwork
|
|
- coverage.out
|
|
expire_in: 1 week |