1  # SPDX-License-Identifier: AGPL-3.0-or-later
  2  # Primary CI/CD - GitLab is the source of truth
  3  
  4  stages:
  5    - security
  6    - lint
  7    - test
  8    - build
  9  
 10  variables:
 11    CARGO_HOME: ${CI_PROJECT_DIR}/.cargo
 12  
 13  cache:
 14    key: ${CI_COMMIT_REF_SLUG}
 15    paths:
 16      - .cargo/
 17      - target/
 18  
 19  # ==================
 20  # Security Scanning
 21  # ==================
 22  
 23  trivy:
 24    stage: security
 25    image: aquasec/trivy:latest
 26    script:
 27      - trivy fs --exit-code 0 --severity HIGH,CRITICAL --format table .
 28      - trivy fs --exit-code 1 --severity CRITICAL .
 29    allow_failure: false
 30  
 31  gitleaks:
 32    stage: security
 33    image: zricethezav/gitleaks:latest
 34    script:
 35      - gitleaks detect --source . --verbose --redact
 36    allow_failure: false
 37  
 38  semgrep:
 39    stage: security
 40    image: returntocorp/semgrep
 41    script:
 42      - semgrep --config auto --error .
 43    allow_failure: true
 44  
 45  cargo-audit:
 46    stage: security
 47    image: rust:latest
 48    script:
 49      - cargo install cargo-audit
 50      - cargo audit
 51    rules:
 52      - exists:
 53          - Cargo.toml
 54  
 55  cargo-deny:
 56    stage: security
 57    image: rust:latest
 58    script:
 59      - cargo install cargo-deny
 60      - cargo deny check
 61    rules:
 62      - exists:
 63          - Cargo.toml
 64    allow_failure: true
 65  
 66  mix-audit:
 67    stage: security
 68    image: elixir:latest
 69    script:
 70      - mix local.hex --force
 71      - mix archive.install hex mix_audit --force
 72      - mix deps.get
 73      - mix deps.audit
 74    rules:
 75      - exists:
 76          - mix.exs
 77    allow_failure: true
 78  
 79  # ==================
 80  # Linting
 81  # ==================
 82  
 83  rustfmt:
 84    stage: lint
 85    image: rust:latest
 86    script:
 87      - rustup component add rustfmt
 88      - cargo fmt -- --check
 89    rules:
 90      - exists:
 91          - Cargo.toml
 92  
 93  clippy:
 94    stage: lint
 95    image: rust:latest
 96    script:
 97      - rustup component add clippy
 98      - cargo clippy -- -D warnings
 99    rules:
100      - exists:
101          - Cargo.toml
102    allow_failure: true
103  
104  mix-format:
105    stage: lint
106    image: elixir:latest
107    script:
108      - mix format --check-formatted
109    rules:
110      - exists:
111          - mix.exs
112  
113  credo:
114    stage: lint
115    image: elixir:latest
116    script:
117      - mix local.hex --force
118      - mix deps.get
119      - mix credo --strict
120    rules:
121      - exists:
122          - mix.exs
123    allow_failure: true
124  
125  # ==================
126  # Testing
127  # ==================
128  
129  cargo-test:
130    stage: test
131    image: rust:latest
132    script:
133      - cargo test --all-features
134    rules:
135      - exists:
136          - Cargo.toml
137  
138  mix-test:
139    stage: test
140    image: elixir:latest
141    script:
142      - mix local.hex --force
143      - mix deps.get
144      - mix test
145    rules:
146      - exists:
147          - mix.exs
148  
149  # ==================
150  # Build
151  # ==================
152  
153  cargo-build:
154    stage: build
155    image: rust:latest
156    script:
157      - cargo build --release
158    artifacts:
159      paths:
160        - target/release/
161      expire_in: 1 week
162    rules:
163      - exists:
164          - Cargo.toml
165  
166  mix-build:
167    stage: build
168    image: elixir:latest
169    script:
170      - mix local.hex --force
171      - mix deps.get
172      - MIX_ENV=prod mix compile
173    rules:
174      - exists:
175          - mix.exs