Loading templates/gitlab-ci-mobsf.yml +27 −18 Original line number Diff line number Diff line Loading @@ -13,14 +13,33 @@ # program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth # Floor, Boston, MA 02110-1301, USA. # ========================================================================================= # default workflow rules # default workflow rules: Merge Request pipelines workflow: rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID # prevent branch pipeline when an MR is open (prefer MR pipeline) - if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS' when: never - when: always # test job prototype: implement adaptive pipeline rules .test-policy: rules: # on tag: auto & failing - if: $CI_COMMIT_TAG # on ADAPTIVE_PIPELINE_DISABLED: auto & failing - if: '$ADAPTIVE_PIPELINE_DISABLED == "true"' # on production or integration branch(es): auto & failing - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF' # early stage (dev branch, no MR): manual & non-failing - if: '$CI_MERGE_REQUEST_ID == null && $CI_OPEN_MERGE_REQUESTS == null' when: manual allow_failure: true # Draft MR: auto & non-failing - if: '$CI_MERGE_REQUEST_TITLE =~ /^Draft:.*/' allow_failure: true # else (Ready MR): auto & failing - when: on_success variables: # variabilized tracking image TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master" Loading Loading @@ -327,7 +346,6 @@ stages: - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}" - mkdir -p ./reports # scan a packaged app (APK or IPA) on an external instance mobsf-on-server: extends: .mobsf-base Loading @@ -342,10 +360,7 @@ mobsf-on-server: rules: - if: $MOBSF_API_KEY == null || $MOBSF_SERVER_URL == null when: never # on production or integration branches: - if: '($CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF)' # else (development branches): allow failure - allow_failure: true - !reference [.test-policy, rules] # scan a packaged app (APK or IPA) with a generated instance mobsf-local: Loading @@ -354,6 +369,9 @@ mobsf-local: services: - name: opensecurity/mobile-security-framework-mobsf:latest alias: mobsf variables: MOBSF_API_KEY: "apiKey" MOBSF_SERVER_URL: "http://mobsf:8000" script: - assert_defined "${MOBSF_APP_FILE}" 'Missing required MobSF application file' - wait_for_service mobsf 8000 Loading @@ -365,13 +383,4 @@ mobsf-local: rules: - if: $MOBSF_API_KEY || $MOBSF_SERVER_URL when: never # on production or integration branches: - if: '($CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF)' variables: MOBSF_API_KEY: "apiKey" MOBSF_SERVER_URL: "http://mobsf:8000" # else (development branches): allow failure - allow_failure: true variables: MOBSF_API_KEY: "apiKey" MOBSF_SERVER_URL: "http://mobsf:8000" - !reference [.test-policy, rules] Loading
templates/gitlab-ci-mobsf.yml +27 −18 Original line number Diff line number Diff line Loading @@ -13,14 +13,33 @@ # program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth # Floor, Boston, MA 02110-1301, USA. # ========================================================================================= # default workflow rules # default workflow rules: Merge Request pipelines workflow: rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID # prevent branch pipeline when an MR is open (prefer MR pipeline) - if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS' when: never - when: always # test job prototype: implement adaptive pipeline rules .test-policy: rules: # on tag: auto & failing - if: $CI_COMMIT_TAG # on ADAPTIVE_PIPELINE_DISABLED: auto & failing - if: '$ADAPTIVE_PIPELINE_DISABLED == "true"' # on production or integration branch(es): auto & failing - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF' # early stage (dev branch, no MR): manual & non-failing - if: '$CI_MERGE_REQUEST_ID == null && $CI_OPEN_MERGE_REQUESTS == null' when: manual allow_failure: true # Draft MR: auto & non-failing - if: '$CI_MERGE_REQUEST_TITLE =~ /^Draft:.*/' allow_failure: true # else (Ready MR): auto & failing - when: on_success variables: # variabilized tracking image TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master" Loading Loading @@ -327,7 +346,6 @@ stages: - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}" - mkdir -p ./reports # scan a packaged app (APK or IPA) on an external instance mobsf-on-server: extends: .mobsf-base Loading @@ -342,10 +360,7 @@ mobsf-on-server: rules: - if: $MOBSF_API_KEY == null || $MOBSF_SERVER_URL == null when: never # on production or integration branches: - if: '($CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF)' # else (development branches): allow failure - allow_failure: true - !reference [.test-policy, rules] # scan a packaged app (APK or IPA) with a generated instance mobsf-local: Loading @@ -354,6 +369,9 @@ mobsf-local: services: - name: opensecurity/mobile-security-framework-mobsf:latest alias: mobsf variables: MOBSF_API_KEY: "apiKey" MOBSF_SERVER_URL: "http://mobsf:8000" script: - assert_defined "${MOBSF_APP_FILE}" 'Missing required MobSF application file' - wait_for_service mobsf 8000 Loading @@ -365,13 +383,4 @@ mobsf-local: rules: - if: $MOBSF_API_KEY || $MOBSF_SERVER_URL when: never # on production or integration branches: - if: '($CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF)' variables: MOBSF_API_KEY: "apiKey" MOBSF_SERVER_URL: "http://mobsf:8000" # else (development branches): allow failure - allow_failure: true variables: MOBSF_API_KEY: "apiKey" MOBSF_SERVER_URL: "http://mobsf:8000" - !reference [.test-policy, rules]
