Upgrade to GitLab CI 13.0 by removing only/except

Only/except statements are replaced by rules statements in the new GitLab CI yaml.

.gitlab-ci.yml

@@ -44,11 +44,6 @@ stages:
     #      - build/
     #      - generated/
     policy: pull-push
-  only:
-    - master
-    - development
-    - merge_requests
-    - pushes
 
 .gitlab_reporter:
   stage: gitlab reports
@@ -60,12 +55,12 @@ stages:
 gradle_build:
   extends: .build_cached
   stage: build 1
-  only:
-    - master
-    - development
-    - merge_requests
-    - pushes
-    - triggers
+  rules:
+    - if: $CI_COMMIT_BRANCH == "master" ||
+        $CI_COMMIT_BRANCH == "development" ||
+        $CI_MERGE_REQUEST_ID ||
+        $CI_PIPELINE_SOURCE == "push" ||
+        $CI_PIPELINE_SOURCE == "trigger"
   cache:
     policy: pull-push
   artifacts:
@@ -81,12 +76,13 @@ gradle_build:
 generate_pom:
   extends: .build_cached
   stage: build 2
-  only:
-    - master
-    - development
-    - merge_requests
-  except:
-    - triggers
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "trigger" ||
+        $CI_MERGE_REQUEST_EVENT_TYPE == "merge_train"
+      when: never
+    - if: $CI_COMMIT_BRANCH == "master" ||
+        $CI_COMMIT_BRANCH == "development" ||
+        $CI_MERGE_REQUEST_ID
   needs:
     - gradle_build
   artifacts:
@@ -105,8 +101,13 @@ gradle_test:
   stage: test
   needs:
     - gradle_build
-  except:
-    - triggers
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "trigger"
+      when: never
+    - if: $CI_COMMIT_BRANCH == "master" ||
+        $CI_COMMIT_BRANCH == "development" ||
+        $CI_MERGE_REQUEST_ID ||
+        $CI_PIPELINE_SOURCE == "push"
   cache:
     policy: pull-push
   coverage: '/Code coverage: \d+\.\d+/'
@@ -135,8 +136,13 @@ gradle_spotless:
   extends: .build_cached
   needs:
     - gradle_build
-  except:
-    - triggers
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "trigger"
+      when: never
+    - if: $CI_COMMIT_BRANCH == "master" ||
+        $CI_COMMIT_BRANCH == "development" ||
+        $CI_MERGE_REQUEST_ID ||
+        $CI_PIPELINE_SOURCE == "push"
   artifacts:
     name: spotless
     expose_as: Spotless Diagnosis
@@ -155,8 +161,13 @@ gradle_licenses:
   extends: .build_cached
   needs:
     - gradle_build
-  except:
-    - triggers
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "trigger"
+      when: never
+    - if: $CI_COMMIT_BRANCH == "master" ||
+        $CI_COMMIT_BRANCH == "development" ||
+        $CI_MERGE_REQUEST_ID ||
+        $CI_PIPELINE_SOURCE == "push"
   stage: review
   script:
     - ./gradlew licenseMain
@@ -168,12 +179,12 @@ gradle_licenses:
 publish_jar:
   extends: .build_cached
   stage: publish
-  only:
-    - master
-    - development
-    - merge_requests
-    - pushes
-    - triggers
+  rules:
+    - if: $CI_COMMIT_BRANCH == "master" ||
+        $CI_COMMIT_BRANCH == "development" ||
+        $CI_MERGE_REQUEST_ID ||
+        $CI_PIPELINE_SOURCE == "push" ||
+        $CI_PIPELINE_SOURCE == "trigger"
   needs:
     - gradle_build
   artifacts:
@@ -189,7 +200,6 @@ publish_jar:
 
 # Include templates for security scans and code quality reports
 include:
-  - template: Jobs/Code-Quality.gitlab-ci.yml
   - template: Security/DAST.gitlab-ci.yml
   - template: Security/Container-Scanning.gitlab-ci.yml
   - template: Security/Dependency-Scanning.gitlab-ci.yml
@@ -201,16 +211,27 @@ code_quality:
   extends:
     - .build_cached
     - .gitlab_reporter
-  only:
-    - master
-    - development
-    - merge_requests
-  except:
-    refs:
-      - triggers
-    variables:
-      - $CI_MERGE_REQUEST_EVENT_TYPE == "merge_train"
-  stage: gitlab reports
+  image: docker:stable
+  services:
+    - docker:stable-dind
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "trigger" ||
+        $CI_MERGE_REQUEST_EVENT_TYPE == "merge_train"
+      when: never
+    - if: $CI_COMMIT_BRANCH == "master" ||
+        $CI_COMMIT_BRANCH == "development" ||
+        $CI_MERGE_REQUEST_ID
+  script:
+    - docker run
+      --env SOURCE_CODE="$PWD"
+      --env CODECLIMATE_DEBUG="1"
+      --volume "$PWD":/code
+      --volume /var/run/docker.sock:/var/run/docker.sock
+      "registry.gitlab.com/gitlab-org/ci-cd/codequality:0.85.9" /code
+  artifacts:
+    reports:
+      codequality: gl-code-quality-report.json
+    expire_in: 1 week
 
 # Runs the SAST reporter manually
 # (there was a problem with running this from the template with Java 11,
@@ -219,16 +240,20 @@ sast:
   extends:
     - .build_cached
     - .gitlab_reporter
-  only:
-    - master
-    - development
-    - merge_requests
-  except:
-    refs:
-      - triggers
-    variables:
-      - $CI_MERGE_REQUEST_EVENT_TYPE == "merge_train"
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "trigger" ||
+        $CI_MERGE_REQUEST_EVENT_TYPE == "merge_train"
+      when: never
+    - if: $CI_COMMIT_BRANCH == "master" ||
+        $CI_COMMIT_BRANCH == "development" ||
+        $CI_MERGE_REQUEST_ID
   image: docker:stable
+  needs:
+    - generate_pom
+  dependencies:
+    - generate_pom
+  before_script:
+    - rm build.gradle* gradlew gradlew.bat
   variables:
     DOCKER_DRIVER: overlay2
   allow_failure: true
@@ -240,6 +265,7 @@ sast:
       --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}"
       --env SAST_DEFAULT_ANALYZERS=spotbugs
       --env SAST_JAVA_VERSION=11
+      --env MAVEN_CLI_OPTS="-q -Dmaven.main.skip -Dmaven.test.skip=true -DskipTests --batch-mode"
       --volume "$PWD:/code"
       --volume /var/run/docker.sock:/var/run/docker.sock
       "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
@@ -253,17 +279,13 @@ dast:
   extends:
     - .build_cached
     - .gitlab_reporter
-  only:
-    - master
-    - development
-    - merge_requests
-  except:
-    refs:
-      - triggers
-    variables:
-      - $CI_MERGE_REQUEST_EVENT_TYPE == "merge_train"
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "trigger" ||
+        $CI_MERGE_REQUEST_EVENT_TYPE == "merge_train"
+      when: never
+    - if: $CI_COMMIT_BRANCH == "master"
+      when: manual
   stage: gitlab reports
-  when: manual
   variables:
     DAST_VERSION: latest
 
@@ -274,17 +296,14 @@ container_scanning:
   extends:
     - .build_cached
     - .gitlab_reporter
-  only:
-    - master
-    - development
-    - merge_requests
-  except:
-    refs:
-      - triggers
-    variables:
-      - $CI_MERGE_REQUEST_EVENT_TYPE == "merge_train"
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "trigger" ||
+        $CI_MERGE_REQUEST_EVENT_TYPE == "merge_train"
+      when: never
+    - if: $CI_COMMIT_BRANCH == "master" ||
+        $CI_COMMIT_BRANCH == "development"
+      when: manual
   stage: gitlab reports
-  when: manual
   before_script:
     - export DOCKER_USER=$CI_REGISTRY_USER
     - export DOCKER_PASSWORD=$CI_REGISTRY_PASSWORD
@@ -294,15 +313,13 @@ dependency_scanning:
   extends:
     - .build_cached
     - .gitlab_reporter
-  only:
-    - master
-    - development
-    - merge_requests
-  except:
-    refs:
-      - triggers
-    variables:
-      - $CI_MERGE_REQUEST_EVENT_TYPE == "merge_train"
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "trigger" ||
+        $CI_MERGE_REQUEST_EVENT_TYPE == "merge_train"
+      when: never
+    - if: $CI_COMMIT_BRANCH == "master" ||
+        $CI_COMMIT_BRANCH == "development" ||
+        $CI_MERGE_REQUEST_ID
   needs:
     - generate_pom
   dependencies:
@@ -319,19 +336,17 @@ license_scanning:
   extends:
     - .build_cached
     - .gitlab_reporter
-  only:
-    - master
-    - development
-    - merge_requests
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "trigger" ||
+        $CI_MERGE_REQUEST_EVENT_TYPE == "merge_train"
+      when: never
+    - if: $CI_COMMIT_BRANCH == "master" ||
+        $CI_COMMIT_BRANCH == "development" ||
+        $CI_MERGE_REQUEST_ID
   needs:
     - generate_pom
   dependencies:
     - generate_pom
-  except:
-    refs:
-      - triggers
-    variables:
-      - $CI_MERGE_REQUEST_EVENT_TYPE == "merge_train"
   stage: gitlab reports
   before_script:
     - rm build.gradle* gradlew gradlew.bat