Merge pull request #3 from simplify-framework/feature/upgrade-docker-run-scripts

Fix merging objects - deep merge varialbes, stages, extends

Author: cuongquay

.gitignore

@@ -1,4 +1,3 @@
-**/*
 !README.md
 !.gitignore
 !.github

.gitlab-ci.yml

@@ -0,0 +1,26 @@
+
+image: node:lts-stretch
+stages:
+  - build
+  - test
+
+include:
+  - local: Security/SAST.gitlab-ci.yml
+  - template: Security/DAST.gitlab-ci.yml
+
+package-build:
+  stage: build
+  before_script:
+  - mkdir -p /root/.aws/
+  - echo "[default]" > /root/.aws/credentials
+  - echo "[default]" > /root/.aws/config
+  script:
+  - echo "TEST_FILE_CREAED-1" >> test-file.json
+
+package-test:
+  stage: test
+  dependencies:
+  - package-build
+  script:
+  - ls -la && cat test-file.json
+  - cat .gitlab-ci.yml

Security/SAST.gitlab-ci.yml

@@ -0,0 +1,65 @@
+# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/sast/
+#
+# Configure the scanning tool through the environment variables.
+# List of the variables: https://gitlab.com/gitlab-org/security-products/sast#settings
+# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
+
+variables:
+  # Setting this variable will affect all Security templates
+  # (SAST, Dependency Scanning, ...)
+  SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"
+  SAST_DEFAULT_ANALYZERS: "nodejs-scan, eslint, mobsf, semgrep"
+  SAST_EXCLUDED_ANALYZERS: ""
+  SAST_EXCLUDED_PATHS: "spec, test, tests, tmp"
+  SAST_ANALYZER_IMAGE_TAG: 2
+  SCAN_KUBERNETES_MANIFESTS: "false"
+
+sast:
+  stage: test
+  artifacts:
+    paths:
+    - gl-sast-report.json
+    reports:
+      sast: gl-sast-report.json
+  rules:
+    - when: never
+  variables:
+    SEARCH_MAX_DEPTH: 4
+  script:
+    - echo "$CI_JOB_NAME is used for configuration only, and its script should not be executed"
+    - exit 1
+
+.sast-analyzer:
+  extends: sast
+  allow_failure: false
+  # `rules` must be overridden explicitly by each child job
+  # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
+  script:
+    - /analyzer run
+    - if [ "`which node | grep '/bin/node$'`" == "" ]; then apk add nodejs npm; fi
+    - if [ "$SAST_FAILURE_ALLOWED" == "false" ]; then npm install simplify-security; fi
+    - if [ "$SAST_FAILURE_ALLOWED" == "false" ]; then node node_modules/simplify-security/entrypoint.js report -i gl-sast-report.json; fi
+
+eslint-sast:
+  extends: .sast-analyzer
+  image:
+    name: "$SAST_ANALYZER_IMAGE"
+  variables:
+    # SAST_ANALYZER_IMAGE is an undocumented variable used internally to allow QA to
+    # override the analyzer image with a custom value. This may be subject to change or
+    # breakage across GitLab releases.
+    SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/eslint:$SAST_ANALYZER_IMAGE_TAG"
+    SAST_FAILURE_ALLOWED: "$ESLINT_FAILURE_ALLOWED"
+  rules:
+    - if: $SAST_DISABLED
+      when: never
+    - if: $SAST_EXCLUDED_ANALYZERS =~ /eslint/
+      when: never
+    - if: $CI_COMMIT_BRANCH &&
+          $SAST_DEFAULT_ANALYZERS =~ /eslint/
+      exists:
+        - '**/*.html'
+        - '**/*.js'
+        - '**/*.jsx'
+        - '**/*.ts'
+        - '**/*.tsx'