I’m setting up a new pipeline, with sast scans and code qualtiy and other template using docker:dind
My project has 2 runners with the docker executor, but my build job is failing.
Any idea what I’m doing wrong??
image: docker:latest
workflow:
rules:
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
when: never
- when: always
services:
- docker:dind
variables:
DOCKER_DRIVER: overlay2
stages:
- build
- test
- cleanup
include:
# Static
- template: Jobs/Container-Scanning.gitlab-ci.yml
- template: Jobs/Dependency-Scanning.gitlab-ci.yml
- template: Jobs/SAST.gitlab-ci.yml
- template: Jobs/Secret-Detection.gitlab-ci.yml
- template: Jobs/Code-Quality.gitlab-ci.yml
# Start Application Build and Test
build-XRecorder:
stage: build
variables:
IMAGE: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA
before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
script:
- docker build -t $IMAGE .
- docker push $IMAGE
test-XRecorder:
stage: test
script:
- dotnet test
# Start Security Scanner Configurations
semgrep-sast:
variables:
SAST_EXPERIMENTAL_FEATURES: "true"
SCAN_KUBERNETES_MANIFESTS: "false"
SAST_EXCLUDED_PATHS: ".gitlab, chart, docs, network-policies, scripts, terraform, tests"
cache: {}
secret_detection:
variables:
SECRET_DETECTION_EXCLUDED_PATHS: "docs, tests, scripts, network-policies, terraform"
GIT_DEPTH: 100
code_quality:
rules:
- if: $CODE_QUALITY_DISABLED
when: never
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
when: never
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
code_quality_html:
extends: code_quality
variables:
REPORT_FORMAT: html
artifacts:
paths: [gl-code-quality-report.html]
# End Security Scanner Configurations