From 93d0586b6dc82a4dcc60aa0c822ec604952f76b0 Mon Sep 17 00:00:00 2001
From: Chris <chrlee@protonmail.com>
Date: Sun, 14 Nov 2021 17:36:34 +0000
Subject: [PATCH] Configure SAST in `.gitlab-ci.yml`, creating this file if it
 does not already exist

---
 .gitlab-ci.yml | 51 ++++++++++++++++++++++++++++----------------------
 1 file changed, 29 insertions(+), 22 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index a72c18c..91c78c2 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,34 +1,41 @@
+# You can override the included template(s) by including variable overrides
+# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
+# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
+# Note that environment variables can be set in several places
+# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
 stages:
-  - build
-  - test
-  - release
-
+- build
+- test
+- release
 variables:
-  DEBIAN_FRONTEND: 'noninteractive'
-
+  DEBIAN_FRONTEND: noninteractive
 job-build:
   stage: build
   image: ubuntu:rolling
   script:
-    - sed -Ei 's/^# deb-src /deb-src /' /etc/apt/sources.list
-    - apt-get update
-    - apt-get build-dep -y tint2
-    - apt-get install -y libgtk-3-dev git
-    - git clean -ffdx
-    - mkdir build
-    - cd build
-    - cmake ..
-    - make -j
-
+  - sed -Ei 's/^# deb-src /deb-src /' /etc/apt/sources.list
+  - apt-get update
+  - apt-get build-dep -y tint2
+  - apt-get install -y libgtk-3-dev git
+  - git clean -ffdx
+  - mkdir build
+  - cd build
+  - cmake ..
+  - make -j
 job-release:
   stage: release
   image: registry.gitlab.com/gitlab-org/release-cli:latest
   rules:
-    - if: $CI_COMMIT_TAG =~ /^v.*/
+  - if: "$CI_COMMIT_TAG =~ /^v.*/"
   script:
-    - echo 'running release_job'
+  - echo 'running release_job'
   release:
-    name: 'Release $CI_COMMIT_TAG'
-    description: 'Release $CI_COMMIT_TAG / $CI_COMMIT_SHA'
-    tag_name: '$CI_COMMIT_TAG'
-    ref: '$CI_COMMIT_SHA'
+    name: Release $CI_COMMIT_TAG
+    description: Release $CI_COMMIT_TAG / $CI_COMMIT_SHA
+    tag_name: "$CI_COMMIT_TAG"
+    ref: "$CI_COMMIT_SHA"
+sast:
+  stage: test
+include:
+- template: Security/SAST.gitlab-ci.yml