Code owners
Assign users and groups as approvers for specific file changes. Learn more.
.gitlab-ci.yml 1.95 KiB
include:
# Security scanning
- template: Security/SAST.gitlab-ci.yml
- template: Security/SAST-IaC.latest.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
image: maven:3-amazoncorretto-8
variables:
# This will suppress any download for dependencies and plugins or upload messages which would clutter the console log.
# `showDateTime` will show the passed time in milliseconds. You need to specify `--batch-mode` to make this work.
MAVEN_OPTS: "-Dmaven.repo.local=.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true"
# As of Maven 3.3.0 instead of this you may define these options in `.mvn/maven.config` so the same config is used
# when running from the command line.
# `installAtEnd` and `deployAtEnd`are only effective with recent version of the corresponding plugins.
MAVEN_CLI_OPTS: "--settings .m2/settings.xml --batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true"
# Cache downloaded dependencies and plugins between builds.
# To keep cache across branches add 'key: "$CI_JOB_REF_NAME"'
cache:
paths:
- .m2/repository
default:
tags:
- aws
- docker
stages:
- build
- test
- deploy
build_jar:
stage: build
cache:
paths:
- .m2/repository
script:
- mvn $MAVEN_CLI_OPTS clean verify
artifacts:
paths:
- .m2/
- "*/target"
expire_in: 1 week
secret_detection:
needs: []
semgrep-sast:
needs: []
gemnasium-maven-dependency_scanning:
variables:
DS_JAVA_VERSION: 8
needs:
- build_jar
spotbugs-sast:
tags:
needs:
- build_jar
variables:
SAST_JAVA_VERSION: 8
MAVEN_REPO_PATH: $CI_PROJECT_DIR/.m2/repository
COMPILE: "false"
deploy:
stage: deploy