4

在将pronto与 Github 结合使用一段时间后,我尝试结合 Gitlab 安装进行设置。

CI 流程本身运行得很好,但没有像我预期的那样添加任何合并请求注释。看起来它没有做任何与 Gitlab 相关的事情,但也没有任何错误消息。

我的配置(相关部分)如下所示:

stages:
  - security

.shared-variables: &shared-variables
  PRONTO_GITLAB_API_ENDPOINT: "https://gitlab.example.com/api/v4"
  PRONTO_PULL_REQUEST_ID: $CI_MERGE_REQUEST_IID
  # PRONTO_GITLAB_API_PRIVATE_TOKEN is set from within GitLab

brakeman:
  stage: security
  only:
    - merge_requests

  variables:
    <<: *shared-variables
    BUNDLE_GEMFILE: Gemfile-pronto-brakeman

  cache:
    key: brakeman
    paths:
      - .gem

  before_script:
    - export PATH=$GEM_HOME/bin:$PATH
    - |
      cat > $BUNDLE_GEMFILE << EOF
        git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" }

        gem 'pronto'
        gem 'brakeman'
        # TODO: change back once https://github.com/prontolabs/pronto-brakeman/pull/21 is merged & published
        gem 'pronto-brakeman', github: 'zenom/pronto-brakeman'
      EOF
    -  bundle install --jobs $(nproc)

  script:
    # this part of the pipeline only uses the brakeman runner
    - bundle exec pronto run --exit-code -f gitlab_mr -r brakeman -c origin/$CI_MERGE_REQUEST_TARGET_BRANCH_NAME

bundle-audit:
  stage: security
  only:
    - merge_requests

  variables:
    <<: *shared-variables
    BUNDLE_GEMFILE=Gemfile-pronto-bundler_audit

  before_script:
    - export PATH=$GEM_HOME/bin:$PATH
    - |
      cat > $BUNDLE_GEMFILE << EOF
        git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" }

        gem 'pronto'
        # Latest changes haven't been published yet
        gem 'bundler-audit', github: 'rubysec/bundler-audit'
        gem 'pronto-bundler_audit'
      EOF
    - gem update --system
    - bundle install --jobs $(nproc)
    - bundle exec bundle-audit update

  script:
    # Note that bundler_audit is fixed to scan `Gemfile.lock`
    - bundle exec pronto run --exit-code -f gitlab_mr -r bundler_audit -c origin/$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
4

0 回答 0