mirror of
https://gitlab.com/mbugroup/lti-api.git
synced 2026-05-20 13:31:56 +00:00
kris
101 lines
2.8 KiB
YAML
101 lines
2.8 KiB
YAML
stages:
|
|
- test
|
|
- scan
|
|
|
|
cache:
|
|
paths:
|
|
- .sonar/cache
|
|
- .cache
|
|
|
|
# ======================================================
|
|
# 🧪 Step 1: Unit Test + Coverage
|
|
# ======================================================
|
|
unit_test:
|
|
stage: test
|
|
image: golang:1.23
|
|
services:
|
|
- name: redis:7-alpine
|
|
alias: redis
|
|
variables:
|
|
REDIS_HOST: redis
|
|
REDIS_PORT: 6379
|
|
script:
|
|
- echo "🧪 Menjalankan unit test..."
|
|
- go mod tidy
|
|
- go test ./... -coverprofile=coverage.out || true
|
|
- go tool cover -func=coverage.out | tail -n 1
|
|
artifacts:
|
|
when: always
|
|
paths:
|
|
- coverage.out
|
|
expire_in: 1 week
|
|
only:
|
|
- devops-ec2
|
|
|
|
# ======================================================
|
|
# 🔒 Step 2: Security Scan (Gosec)
|
|
# ======================================================
|
|
gosec_scan:
|
|
stage: scan
|
|
image: golang:1.24
|
|
script:
|
|
- apt-get update && apt-get install -y jq
|
|
- go install github.com/securego/gosec/v2/cmd/gosec@latest
|
|
- echo "🔍 Menjalankan scan keamanan dengan gosec..."
|
|
- gosec -fmt=json -out=gosec-report.json ./... || true
|
|
- echo "📄 Jumlah issue ditemukan:" && cat gosec-report.json | jq '.Issues | length'
|
|
# Konversi hasil gosec ke format SonarQube
|
|
- |
|
|
jq -r '.Issues[] | {
|
|
engineId: "gosec",
|
|
ruleId: .rule_id,
|
|
primaryLocation: {
|
|
message: .details,
|
|
filePath: .file,
|
|
textRange: {startLine: .line}
|
|
},
|
|
type: "VULNERABILITY",
|
|
severity: (if .severity == "HIGH" then "CRITICAL" elif .severity == "MEDIUM" then "MAJOR" else "MINOR" end)
|
|
}' gosec-report.json | jq -s '{issues: .}' > gosec-generic-report.json
|
|
artifacts:
|
|
when: always
|
|
paths:
|
|
- gosec-report.json
|
|
- gosec-generic-report.json
|
|
expire_in: 1 week
|
|
allow_failure: false
|
|
only:
|
|
- devops-ec2
|
|
|
|
# ======================================================
|
|
# 📊 Step 3: SonarQube Analysis
|
|
# ======================================================
|
|
sonarqube_analysis:
|
|
stage: scan
|
|
image: sonarsource/sonar-scanner-cli:latest
|
|
script:
|
|
- apk add --no-cache jq
|
|
- echo "🚀 Mengirim analisis ke SonarQube..."
|
|
- |
|
|
sonar-scanner \
|
|
-Dsonar.projectKey=mbu-lti-backend \
|
|
-Dsonar.projectName="MBU LTI Backend" \
|
|
-Dsonar.sources=. \
|
|
-Dsonar.host.url=https://status.mbugroup.id/sonar \
|
|
-Dsonar.login=sqp_57fbffb8337608c331091dd1544569df613a2d3f \
|
|
-Dsonar.go.coverage.reportPaths=coverage.out \
|
|
-Dsonar.externalIssuesReportPaths=gosec-generic-report.json \
|
|
-Dsonar.sourceEncoding=UTF-8 \
|
|
-Dsonar.verbose=true
|
|
dependencies:
|
|
- unit_test
|
|
- gosec_scan
|
|
artifacts:
|
|
when: always
|
|
paths:
|
|
- .scannerwork
|
|
- coverage.out
|
|
- gosec-generic-report.json
|
|
expire_in: 1 week
|
|
only:
|
|
- devops-ec2 |