在将pronto与 Github 结合使用一段时间后,我尝试结合 Gitlab 安装进行设置。
CI 流程本身运行得很好,但没有像我预期的那样添加任何合并请求注释。看起来它没有做任何与 Gitlab 相关的事情,但也没有任何错误消息。
我的配置(相关部分)如下所示:
stages:
- security
.shared-variables: &shared-variables
PRONTO_GITLAB_API_ENDPOINT: "https://gitlab.example.com/api/v4"
PRONTO_PULL_REQUEST_ID: $CI_MERGE_REQUEST_IID
# PRONTO_GITLAB_API_PRIVATE_TOKEN is set from within GitLab
brakeman:
stage: security
only:
- merge_requests
variables:
<<: *shared-variables
BUNDLE_GEMFILE: Gemfile-pronto-brakeman
cache:
key: brakeman
paths:
- .gem
before_script:
- export PATH=$GEM_HOME/bin:$PATH
- |
cat > $BUNDLE_GEMFILE << EOF
git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" }
gem 'pronto'
gem 'brakeman'
# TODO: change back once https://github.com/prontolabs/pronto-brakeman/pull/21 is merged & published
gem 'pronto-brakeman', github: 'zenom/pronto-brakeman'
EOF
- bundle install --jobs $(nproc)
script:
# this part of the pipeline only uses the brakeman runner
- bundle exec pronto run --exit-code -f gitlab_mr -r brakeman -c origin/$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
bundle-audit:
stage: security
only:
- merge_requests
variables:
<<: *shared-variables
BUNDLE_GEMFILE=Gemfile-pronto-bundler_audit
before_script:
- export PATH=$GEM_HOME/bin:$PATH
- |
cat > $BUNDLE_GEMFILE << EOF
git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" }
gem 'pronto'
# Latest changes haven't been published yet
gem 'bundler-audit', github: 'rubysec/bundler-audit'
gem 'pronto-bundler_audit'
EOF
- gem update --system
- bundle install --jobs $(nproc)
- bundle exec bundle-audit update
script:
# Note that bundler_audit is fixed to scan `Gemfile.lock`
- bundle exec pronto run --exit-code -f gitlab_mr -r bundler_audit -c origin/$CI_MERGE_REQUEST_TARGET_BRANCH_NAME