Update CI/CD pipeline to use components (!239) · Merge requests · IGWN Computing and Software / GraceDB / GraceDB Server

Duncan Macleod requested to merge duncanmmacleod/gracedb:ci-sast into master Sep 17, 2024

This MR proposes an update to the CI/CD pipeline for this project to use the centrally-managed CI components, adding

SAST
container scanning
dependency scanning
structured coverage reporting

The use of components should mean that updated best practice is picked up automatically, modulo updating the pinned major versions of the different components.

Other changes:

Update .test template to use recommended PGDG apt 'Quickstart' instructions This should probably be replicated in the Dockerfile, but I haven't updated that.
Slim down .test template apt-get install package list to those really needed. This is shared with the dependency_scanning job which needs the same packages to support pip install
Use docker components for container build. This changes the container that is always pushed to be <project-name>:<commit-sha>, e.g. containers.ligo.org/duncanmmacleod/gracedb:040e332216f94e59881a9b1561e3f4e274e38b19. The <project-name>:<branch/tag-name> and <project-name>:latest tags are only pushed for default branch or tag pipelines.

Admin message

Update CI/CD pipeline to use components

Merge request reports