discord_bot/.gitlab-ci.yml

# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
stages:
  - 'test'
  - 'code_quality'
  - 'deploy'


sast:
  stage: 'test'
include:
  - template: Security/SAST.gitlab-ci.yml
  - template: Security/Dependency-Scanning.gitlab-ci.yml
  - template: Security/SAST-IaC.gitlab-ci.yml

qodana:
  stage: 'code_quality'
  needs: ['gemnasium-python-dependency_scanning', 'semgrep-sast', 'kics-iac-sast']
  only:
    - master
    - merge_requests
  image:
    name: jetbrains/qodana-python-community
    entrypoint:
    - ''
  cache:
  - key: qodana-2023.3-$CI_DEFAULT_BRANCH-$CI_COMMIT_REF_SLUG
    fallback_keys:
    - qodana-2023.3-$CI_DEFAULT_BRANCH-
    - qodana-2023.3-
    paths:
    - ".qodana/cache"
  variables:
    QODANA_TOKEN: "$qodana_token"
  script:
  - qodana --save-report --results-dir=$CI_PROJECT_DIR/.qodana/results --cache-dir=$CI_PROJECT_DIR/.qodana/cache
  artifacts:
    expose_as: qodana_report
    expire_in: 1 week
    paths:
    - ".qodana/results/"


push:
  stage: 'deploy'
  image: 'alpine'
  needs: ['qodana']
  only:
    - master
  before_script:
    - apk add openssh-client > /dev/null
    - eval $(ssh-agent -s)
    - chmod 400 $SSH_PRIVATE_KEY

    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh

    - cp $SSH_PRIVATE_KEY ~/.ssh/id_rsa

    - ssh-add ~/.ssh/id_rsa
  script:
    - ssh $BOT_HOST -oStrictHostKeyChecking=accept-new 'cd /opt/discord/tarkov && git pull && pip install -r requirements.txt'