fix: ooops, container scanning should be past building

2022-09-30 04:49:36 +03:00 · 2022-09-30 04:49:36 +03:00 · 2d67f6b0c8
parent 91685a06e4
commit 2d67f6b0c8
1 changed files with 10 additions and 18 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,6 +1,7 @@
 stages:
  - test
  - build-image
+  - post-test

 sast:
  stage: test
@ -10,13 +11,6 @@ include:
 - template: Security/Secret-Detection.gitlab-ci.yml
 - template: Security/Container-Scanning.gitlab-ci.yml

-container_scanning:
-  variables:
-    CS_DISABLE_DEPENDENCY_LIST: "true"
-    CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:latest
-    CS_DISABLE_LANGUAGE_VULNERABILITY_SCAN: "false"
-    CS_ANALYZER_IMAGE: "registry.gitlab.com/security-products/container-scanning/grype:5"
-
 docker-image-build:
  stage: build-image
  image: docker:20-git
@ -34,14 +28,12 @@ docker-image-build:
    - requirements.txt
    - .gitlab-ci.yml

-docker-image-nightly-build:
-  stage: build-image
-  image: docker:20-git
-  script:
-    - docker build -t $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:nightly .
-    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
-    - docker image push $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:nightly
-  rules:
-  - if: $CI_COMMIT_BRANCH == "unsafe"
-    exists:
-    - Dockerfile
+container_scanning:
+  stage: post-test
+  variables:
+    CS_DISABLE_DEPENDENCY_LIST: "true"
+    CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:latest
+    CI_APPLICATION_REPOSITORY: $CI_REGISTRY_IMAGE/hatkidchan-mastoposter
+    CS_DISABLE_LANGUAGE_VULNERABILITY_SCAN: "false"
+    CS_ANALYZER_IMAGE: "registry.gitlab.com/security-products/container-scanning/grype:5"
+    SECURE_LOG_LEVEL: "debug"