CI: don't run security-scanner on cloud; introduce task variable

2018-09-26 22:33:59 +02:00 · 2018-09-26 22:33:59 +02:00 · d664ca2156
commit d664ca2156
parent 3e7ea0dfa3
1 changed files with 26 additions and 11 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -27,8 +27,11 @@ dockerimage_builder:
    - docker push $DOCKER_IMAGE_BUILDER
  tags:
    - fablab
+    - ssd
  except:
-    - schedules
+    refs:
+      - schedules
+

 dockerimage_security_scanner:
  stage: prepare
@ -41,8 +44,10 @@ dockerimage_security_scanner:
    - docker push $DOCKER_IMAGE_SECURITY_SCANNER
  tags:
    - fablab
+    - ssd
  except:
-    - schedules
+    refs:
+      - schedules

 security_scanner:
  stage: check
@ -50,9 +55,16 @@ security_scanner:
  script:
    - set -x
    - export GITLAB_URL="$(echo "$CI_PROJECT_URL" | grep -Eo '^https?://[^/]*')"
-    - security-scanner stretch
+    - security-scanner $target
  only:
-    - schedules
+    refs:
+      - schedules
+      - triggers
+    variables:
+      - $task == "security-scanner"
+      - $target
+  tags:
+    - dedicated

 .squashfs_template: &squashfs_template
  stage: build
@ -60,27 +72,30 @@ security_scanner:
    - apk add --no-cache make
  script:
   - make images/debian-stretch.squashfs
-  artifacts: &squashfs_artifacts
+  artifacts:
    paths:
     - images
  tags:
    - fablab
+    - ssd

 squashfs_featurebranch:
  <<: *squashfs_template
  variables:
    COMPRESSION_LEVEL: 5
  except:
-    - master
-    - schedules
+    variables:
+      - $task == "security-scanner"
+    refs:
+      - master

 squashfs_master:
  <<: *squashfs_template
  variables:
    COMPRESSION_LEVEL: 7
  only:
-    - master
+    refs:
+      - master
  except:
-    - schedules
-  artifacts:
-    <<: *squashfs_artifacts
+    variables:
+      - $task == "security-scanner"