diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 32175b43..99ce16d1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,3 +1,21 @@ +# Copyright (c) 2022 Proton Technologies AG +# +# This file is part of ProtonMail Bridge. +# +# ProtonMail Bridge is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# ProtonMail Bridge is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with ProtonMail Bridge. If not, see . + +--- image: gitlab.protontech.ch:4567/go/bridge-internal:latest before_script: @@ -120,11 +138,17 @@ build-qml: script: - make build - git diff && git diff-index --quiet HEAD + - curl -L https://services.nvd.nist.gov/rest/json/cves/1.0/ + - gobinsec -verbose -wait -config utils/gobinsec_conf.yml + cmd/Desktop-Bridge/deploy/linux/proton-bridge artifacts: # Note: The latest artifacts for refs are locked against deletion, and kept # regardless of the expiry time. Introduced in GitLab 13.0 behind a # disabled feature flag, and made the default behavior in GitLab 13.4. expire_in: 1 day + when: always + paths: + - bridge_*.tgz tags: - large @@ -132,20 +156,16 @@ build-linux: extends: .build-base artifacts: name: "bridge-linux-$CI_COMMIT_SHORT_SHA" - paths: - - bridge_*.tgz build-linux-qa: - extends: .build-base + extends: build-linux only: - web - branches - script: - - BUILD_TAGS="build_qa" make build + variables: + BUILD_TAGS: "build_qa" artifacts: name: "bridge-linux-qa-$CI_COMMIT_SHORT_SHA" - paths: - - bridge_*.tgz .build-darwin-base: @@ -159,6 +179,9 @@ build-linux-qa: - export GOPATH=~/go - export PATH=$GOPATH/bin:$PATH - export CGO_CPPFLAGS='-Wno-error -Wno-nullability-completeness -Wno-expansion-to-defined -Wno-builtin-requires-header' + script: + - make build + - git diff && git diff-index --quiet HEAD cache: {} tags: - macOS @@ -167,20 +190,16 @@ build-darwin: extends: .build-darwin-base artifacts: name: "bridge-darwin-$CI_COMMIT_SHORT_SHA" - paths: - - bridge_*.tgz build-darwin-qa: extends: .build-darwin-base only: - web - branches - script: - - BUILD_TAGS="build_qa" make build + variables: + BUILD_TAGS: "build_qa" artifacts: name: "bridge-darwin-qa-$CI_COMMIT_SHORT_SHA" - paths: - - bridge_*.tgz .build-windows-base: @@ -194,6 +213,9 @@ build-darwin-qa: - export PATH=$GOPATH/bin:$PATH - export MSYSTEM= - export PATH=$PATH:/c/grrrQt/5.13.2/mingw73_64/bin + script: + - make build + - git diff && git diff-index --quiet HEAD tags: - windows-bridge @@ -201,20 +223,16 @@ build-windows: extends: .build-windows-base artifacts: name: "bridge-windows-$CI_COMMIT_SHORT_SHA" - paths: - - bridge_*.tgz build-windows-qa: extends: .build-windows-base only: - web - branches - script: - - BUILD_TAGS="build_qa" make build + variables: + BUILD_TAGS: "build_qa" artifacts: name: "bridge-windows-qa-$CI_COMMIT_SHORT_SHA" - paths: - - bridge_*.tgz # Stage: MIRROR diff --git a/utils/gobinsec_conf.yml b/utils/gobinsec_conf.yml new file mode 100644 index 00000000..b8dc710e --- /dev/null +++ b/utils/gobinsec_conf.yml @@ -0,0 +1,5 @@ +--- + +ignore: + # golang.org/x/net wrong match, we are using 2871e0cb, fixed by 37e1c6af + - "CVE-2021-33194"