Commit 590beb85 authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

Merge branch 'feat/adaptive-pipeline' into 'master' 

adaptive pipeline

See merge request to-be-continuous/mobsf!19
parents 5a8e64a3 5e69c0b3

templates/gitlab-ci-mobsf.yml

+27 −18
Original line number Diff line number Diff line
@@ -13,14 +13,33 @@ 
# program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth 

# Floor, Boston, MA  02110-1301, USA.

# =========================================================================================

# default workflow rules

# default workflow rules: Merge Request pipelines

workflow:

  rules:

    # exclude merge requests

    - if: $CI_MERGE_REQUEST_ID

    # prevent branch pipeline when an MR is open (prefer MR pipeline)

    - if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS'

      when: never

    - when: always



# test job prototype: implement adaptive pipeline rules

.test-policy:

  rules:

    # on tag: auto & failing

    - if: $CI_COMMIT_TAG

    # on ADAPTIVE_PIPELINE_DISABLED: auto & failing

    - if: '$ADAPTIVE_PIPELINE_DISABLED == "true"'

    # on production or integration branch(es): auto & failing

    - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'

    # early stage (dev branch, no MR): manual & non-failing

    - if: '$CI_MERGE_REQUEST_ID == null && $CI_OPEN_MERGE_REQUESTS == null'

      when: manual

      allow_failure: true

    # Draft MR: auto & non-failing

    - if: '$CI_MERGE_REQUEST_TITLE =~ /^Draft:.*/'

      allow_failure: true

    # else (Ready MR): auto & failing

    - when: on_success



variables:

  # variabilized tracking image

  TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master"
@@ -327,7 +346,6 @@ stages: 
    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"

    - mkdir -p ./reports





# scan a packaged app (APK or IPA) on an external instance

mobsf-on-server:

  extends: .mobsf-base
@@ -342,10 +360,7 @@ mobsf-on-server: 
  rules:

    - if: $MOBSF_API_KEY == null || $MOBSF_SERVER_URL == null

      when: never

    # on production or integration branches:

    - if: '($CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF)'

    # else (development branches): allow failure

    - allow_failure: true

    - !reference [.test-policy, rules]



# scan a packaged app (APK or IPA) with a generated instance

mobsf-local:
@@ -354,6 +369,9 @@ mobsf-local: 
  services:

    - name: opensecurity/mobile-security-framework-mobsf:latest

      alias: mobsf

  variables:

    MOBSF_API_KEY: "apiKey"

    MOBSF_SERVER_URL: "http://mobsf:8000"

  script:

    - assert_defined "${MOBSF_APP_FILE}" 'Missing required MobSF application file'

    - wait_for_service mobsf 8000
@@ -365,13 +383,4 @@ mobsf-local: 
  rules:

    - if: $MOBSF_API_KEY || $MOBSF_SERVER_URL

      when: never

    # on production or integration branches:

    - if: '($CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF)'

      variables:

        MOBSF_API_KEY: "apiKey"

        MOBSF_SERVER_URL: "http://mobsf:8000"

    # else (development branches): allow failure

    - allow_failure: true

      variables:

        MOBSF_API_KEY: "apiKey"

        MOBSF_SERVER_URL: "http://mobsf:8000"
 
    - !reference [.test-policy, rules]