Commit 1341a3db authored by Greg Myers's avatar Greg Myers Committed by Marcel Amirault

Fix and improve compliance pipeline example

parent 3d823895
...@@ -87,59 +87,64 @@ Example `.compliance-gitlab-ci.yml` ...@@ -87,59 +87,64 @@ Example `.compliance-gitlab-ci.yml`
# Allows compliance team to control the ordering and interweaving of stages/jobs. # Allows compliance team to control the ordering and interweaving of stages/jobs.
# Stages without jobs defined will remain hidden. # Stages without jobs defined will remain hidden.
stages: stages:
- pre-compliance - pre-compliance
- build - build
- test - test
- pre-deploy-compliance - pre-deploy-compliance
- deploy - deploy
- post-compliance - post-compliance
variables: # can be overriden by a developer's local .gitlab-ci.yml variables: # Can be overridden by setting a job-specific variable in project's local .gitlab-ci.yml
FOO: sast FOO: sast
sast: # none of these attributes can be overriden by a developer's local .gitlab-ci.yml sast: # None of these attributes can be overridden by a project's local .gitlab-ci.yml
variables: variables:
FOO: sast FOO: sast
image: ruby:2.6 image: ruby:2.6
stage: pre-compliance stage: pre-compliance
rules: rules:
- when: always - if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS && $CI_PIPELINE_SOURCE == "push"
when: never
- when: always # or when: on_success
allow_failure: false allow_failure: false
before_script: before_script:
- "# No before scripts." - "# No before scripts."
script: script:
- echo "running $FOO" - echo "running $FOO"
after_script: after_script:
- "# No after scripts." - "# No after scripts."
sanity check: sanity check:
image: ruby:2.6 image: ruby:2.6
stage: pre-deploy-compliance stage: pre-deploy-compliance
rules: rules:
- when: always - if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS && $CI_PIPELINE_SOURCE == "push"
when: never
- when: always # or when: on_success
allow_failure: false allow_failure: false
before_script: before_script:
- "# No before scripts." - "# No before scripts."
script: script:
- echo "running $FOO" - echo "running $FOO"
after_script: after_script:
- "# No after scripts." - "# No after scripts."
audit trail: audit trail:
image: ruby:2.6 image: ruby:2.6
stage: post-compliance stage: post-compliance
rules: rules:
- when: always - if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS && $CI_PIPELINE_SOURCE == "push"
when: never
- when: always # or when: on_success
allow_failure: false allow_failure: false
before_script: before_script:
- "# No before scripts." - "# No before scripts."
script: script:
- echo "running $FOO" - echo "running $FOO"
after_script: after_script:
- "# No after scripts." - "# No after scripts."
include: # Execute individual project's configuration include: # Execute individual project's configuration (if project contains .gitlab-ci.yml)
project: '$CI_PROJECT_PATH' project: '$CI_PROJECT_PATH'
file: '$CI_CONFIG_PATH' file: '$CI_CONFIG_PATH'
ref: '$CI_COMMIT_REF_NAME' # Must be defined or MR pipelines always use the use default branch. ref: '$CI_COMMIT_REF_NAME' # Must be defined or MR pipelines always use the use default branch.
...@@ -187,7 +192,7 @@ section. ...@@ -187,7 +192,7 @@ section.
You can now change the [Project visibility](../../../public_access/public_access.md). You can now change the [Project visibility](../../../public_access/public_access.md).
If you set **Project Visibility** to public, you can limit access to some features If you set **Project Visibility** to public, you can limit access to some features
to **Only Project Members**. In addition, you can select the option to to **Only Project Members**. In addition, you can select the option to
[Allow users to request access](../members/index.md#prevent-users-from-requesting-access-to-a-project). [Allow users to request access](../members/index.md#request-access-to-a-project).
Use the switches to enable or disable the following features: Use the switches to enable or disable the following features:
...@@ -350,7 +355,7 @@ to transfer a project. ...@@ -350,7 +355,7 @@ to transfer a project.
You can transfer an existing project into a [group](../../group/index.md) if: You can transfer an existing project into a [group](../../group/index.md) if:
- You have at least the Maintainer** role in that group. - You have at least **Maintainer** [role](../../permissions.md#project-members-permissions) in that group.
- You're at least an **Owner** of the project to be transferred. - You're at least an **Owner** of the project to be transferred.
- The group to which the project is being transferred to must allow creation of new projects. - The group to which the project is being transferred to must allow creation of new projects.
...@@ -457,7 +462,7 @@ To do so: ...@@ -457,7 +462,7 @@ To do so:
1. Confirm the action by typing the project's path as instructed. 1. Confirm the action by typing the project's path as instructed.
NOTE: NOTE:
Only project Owners have the [permissions](../../permissions.md#project-members-permissions) Only project owners have the [permissions](../../permissions.md#project-members-permissions)
to remove a fork relationship. to remove a fork relationship.
## Monitor settings ## Monitor settings
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment