Skip to content

Update CI/CD pipeline to use components

Duncan Macleodrequested to merge
duncanmmacleod/gracedb:ci-components into master

This MR proposes an update to the CI/CD pipeline for this project to use the centrally-managed CI components, adding

  • SAST
  • container scanning
  • dependency scanning
  • structured coverage reporting

The use of components should mean that updated best practice is picked up automatically, modulo updating the pinned major versions of the different components.

Other changes:

  • Update .test template to use recommended PGDG apt 'Quickstart' instructions This should probably be replicated in the Dockerfile, but I haven't updated that.

  • Slim down .test template apt-get install package list to those really needed. This is shared with the dependency_scanning job which needs the same packages to support pip install

  • Use docker components for container build. This changes the container that is always pushed to be <project-name>:<commit-sha>, e.g. containers.ligo.org/duncanmmacleod/gracedb:040e332216f94e59881a9b1561e3f4e274e38b19. The <project-name>:<branch/tag-name> and <project-name>:latest tags are only pushed for default branch or tag pipelines.

Merge request reports