用于CI和计划SAST的GitLab管道(.gitlab-ci.yml)

Question

我们希望有一个..gitlab ci.yml，它支持默认的CI管道和SAST管道，每天只调度一次。

request)

• test-sast
• lint，build，test-unit ( once
• (每天计划一次)

看似合乎逻辑但不起作用的是这种配置：

include:
  - template: Security/SAST.gitlab-ci.yml
  - template: Workflows/MergeRequest-Pipelines.gitlab-ci.yml

image: node:lts-alpine

stages:
  - lint
  - build
  - test

lint:
  stage: lint
  script:
    - npm i
    - npm run lint

build:
  stage: build
  script:
    - npm i
    - npm run build

test-unit:
  stage: test
  script:
    - npm i
    - npm run test:unit

test-sast:
  stage: test
  script: [ "true" ]
  rules:
    - if: $CI_PIPELINE_SOURCE == "schedule"
      when: always
    - when: never

然后使用环境变量SAST_DISABLED进行了一些测试，但是这个变量也不起作用。

可能是有人有类似的设置，并可能帮助一个工作样本？

Answer 1

您的workflow:rules对$CI_PIPELINE_SOURCE == "schedule"没有明确的允许

这就是我用于合并请求管道的内容：

workflow:
  rules:
    # Do not start pipeline for WIP/Draft commits
    - if: $CI_COMMIT_TITLE =~ /^(WIP|Draft)/i
      when: never
    
    # MergeRequest-Pipelines workflow
    # For merge requests create a pipeline.
    - if: $CI_MERGE_REQUEST_IID || $CI_PIPELINE_SOURCE == "merge_request_event"
    
    # For tags, create a pipeline.
    - if: $CI_COMMIT_TAG
    # For default branch create a pipeline (this includes on schedules, pushes, merges, etc.).
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH

    # For other pipeline triggers
    - if: $CI_PIPELINE_SOURCE =~ /^trigger|pipeline|web|api$/