I’ve been trying to run code_quality job on merge request and I’ve had only partial success in some of the attempts to coax the rules:
to run all the jobs on default branch and on merge request as well.
Everything now runs as expected but the code_quality
job which should spawn two another jobs, phpcs-security-audit-sast
and semgrep-sast
. There were some attempts where I managed to run them in two parallel pipelines, but not in one single MR pipeline. I need those two jobs in order to generate the widget in MR (see Code Quality | GitLab)
Here’s my abbreviated .gitlab-ci.yml
:
variables:
FF_NETWORK_PER_BUILD: 1
include:
- template: 'Code-Quality.gitlab-ci.yml'
- template: 'Jobs/SAST.gitlab-ci.yml'
cache:
paths:
- $HOME/.composer/cache
stages:
- test
- deploy
workflow:
rules:
- if: $CI_MERGE_REQUEST_IID
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
code_quality:
rules:
- if: $CI_MERGE_REQUEST_IID
services:
tags:
- code-quality-sans
.install: &install
script:
- install foo
unit_testing:
stage: test
<<: *install
script:
# Run phpunit
- php ./admin/tool/phpunit/cli/init.php
- vendor/bin/phpunit --testsuite "${CI_PROJECT_NAME}_testsuite"
acceptance_testing:
stage: test
<<: *install
review_start_job:
stage: test
environment:
name: review/$CI_COMMIT_REF_NAME
url: https://${CI_MERGE_REQUEST_IID}.example.com
on_stop: review_stop_job
auto_stop_in: 3 days
variables:
INSTALL_TIMEOUT: 300
extends: .review_start
review_stop_job:
stage: test
environment:
name: review/$CI_COMMIT_REF_NAME
url: https://${CI_MERGE_REQUEST_IID}.example.com
action: stop
extends: .review_stop
trigger_downstream_job:
stage: deploy
trigger:
project: group/lead_project
branch: master
when: manual
Notes:
- I use self-hosted Gitlab 15.6.
- I’ve setup custom Runner for code_quality job following Code Quality | GitLab