From 558203331363c6b5304c64935f9d35e672db0c9e Mon Sep 17 00:00:00 2001
From: Stefan Hynek <stefan.hynek@uni-goettingen.de>
Date: Tue, 10 Jan 2023 17:03:24 +0100
Subject: [PATCH] ci(gitlab): add job that generates pipfiles for better
 dependency detection

---
 .gitlab-ci.yml | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 7352d1b..2c28234 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -56,10 +56,9 @@ build container image:
     name: gcr.io/kaniko-project/executor:debug
     entrypoint: [""]
   script:
-    # always succeed and don't print error message
-    - tag=$(git tag --contains $CI_COMMIT_SHORT_SHA 2>&1) || true
     # use tag for version if not empty; else commit sha
-    - "[[ -n $tag ]] && export version=$tag || export version=$CI_COMMIT_SHORT_SHA"
+    - "[[ -n ${CI_COMMIT_TAG} ]] && export version=${CI_COMMIT_TAG} || export version=${CI_COMMIT_SHORT_SHA}"
+    - echo $version
     - mkdir -p /kaniko/.docker
     - echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(echo -n ${CI_REGISTRY_USER}:${CI_REGISTRY_PASSWORD} | base64 | tr -d '\n')\"},\"$harbor_registry\":{\"auth\":\"$HARBOR_ROBOT_TOKEN64\"}}}" > /kaniko/.docker/config.json
     - /kaniko/executor
@@ -78,20 +77,33 @@ build container image:
     - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
     - if: $CI_COMMIT_TAG
 
+generate pipfile:
+  stage: build
+  image: docker.io/python:3.8-alpine
+  before_script:
+    - pip install pipenv
+  script:
+    - pipenv lock
+  artifacts:
+    paths:
+      - Pipfile*
+  needs: []
+  rules:
+    - if: $CI_COMMIT_TAG
+
 generate app sbom:
   stage: deploy
   image: docker.io/node:18.12
   before_script:
     - npm ci --ignore-scripts
-    - npm run build
   script:
     - npx cdxgen
-      --type nodejs
-      --required-only
+      --type python
       --server-url https://deps.sub.uni-goettingen.de
       --api-key ${DEPS_UPLOAD_TOKEN}
       --project-name ${project_name}
       --project-version ${CI_COMMIT_TAG}
+  needs: ["generate pipfile"]
   rules:
     - if: $CI_COMMIT_TAG
 
@@ -112,5 +124,6 @@ generate container sbom:
       --form "projectName=${project_name}-container"
       --form "projectVersion=${CI_COMMIT_TAG}"
       --form "bom=@bom.json"'
+  needs: ["build container image"]
   rules:
     - if: $CI_COMMIT_TAG
-- 
GitLab