Skip to content
Commits on Source (18)
Show whitespace changes
Inline Side-by-side
.gitlab-ci.yml
View file @ 0d2adc45
# variables in the GitLab CI/CD variables:
# GITLAB_TOKEN to support the semantic-release
# DOCKER_AUTH_CONFIG to support the usage of private docker images as job docker image
# TMPL_RELEASE_ENABLED to enable the semantic-release job
# TBC_NAMESPACE: smartdatalab/public/ci-cd-components
include:
- project: "to-be-continuous/tools/gitlab-ci"
ref: "master"
file: "/templates/extract.yml"
- project: "to-be-continuous/tools/gitlab-ci"
ref: "master"
file: "/templates/validation.yml"
- project: "to-be-continuous/kicker"
ref: "master"
file: "/templates/validation.yml"
- component: $CI_SERVER_FQDN/to-be-continuous/bash/gitlab-ci-bash@3.6
- component: $CI_SERVER_FQDN/$TBC_NAMESPACE/gitlab-ci/extract@master
inputs:
extract-script-job-tags: ["docker"]
- component: $CI_SERVER_FQDN/$TBC_NAMESPACE/gitlab-ci/validation@master
inputs:
check-links-job-tags: ["docker"]
tbc-check-job-tags: ["docker"]
tbc-check-image: cicd-docker-dev.artifact.tecnalia.dev/tbc-check:master
gitlab-ci-lint-job-tags: ["docker"]
- component: $CI_SERVER_FQDN/$TBC_NAMESPACE/kicker/validation@master
inputs:
kicker-validation-job-tags: ["docker"]
schema-base-url: "https://git.code.tecnalia.dev/api/v4/projects/smartdatalab%2Fpublic%2Fci-cd-components%2Fkicker/repository/files"
- component: $CI_SERVER_FQDN/$TBC_NAMESPACE/bash/gitlab-ci-bash@master
inputs:
bash-shellcheck-job-tags: ["docker"]
shellcheck-files: "*.sh"
- component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.13
- component: $CI_SERVER_FQDN/$TBC_NAMESPACE/semantic-release/gitlab-ci-semrel@master
inputs:
semantic-release-job-tags: ["docker"]
- component: $CI_SERVER_FQDN/$TBC_NAMESPACE/gitleaks/gitlab-ci-gitleaks@master
inputs:
gitleaks-job-tags: ["docker"]
variables:
GITLAB_CI_FILES: "templates/gitlab-ci-golang.yml"
GIT_STRATEGY: clone
semantic-release:
rules:
......
CHANGELOG.md
View file @ 0d2adc45
# [4.13.0](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/golang/compare/4.12.3...4.13.0) (2025-05-07)
### Features
* use go image for sbom job ([9b7e4ee](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/golang/commit/9b7e4ee0ebbefc34c3cf374d72cbed10ed8ba7c6))
# [4.13.0](https://gitlab.com/to-be-continuous/golang/compare/4.12.3...4.13.0) (2025-04-30)
### Features
* use go image for sbom job ([9b7e4ee](https://gitlab.com/to-be-continuous/golang/commit/9b7e4ee0ebbefc34c3cf374d72cbed10ed8ba7c6))
## [4.12.3](https://gitlab.com/to-be-continuous/golang/compare/4.12.2...4.12.3) (2025-03-28)
......@@ -25,7 +39,14 @@
### Features
* disable tracking service by default ([12a9a9b](https://gitlab.com/to-be-continuous/golang/commit/12a9a9b89203b5da4d3ed4b78e7972c516a994c0))
* disable tracking service by default ([12a9a9b](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/golang/commit/12a9a9b89203b5da4d3ed4b78e7972c516a994c0))
## [4.11.1](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/golang/compare/4.11.0...4.11.1) (2025-01-20)
### Bug Fixes
* semgrep subdir ([0e26288](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/golang/commit/0e26288dd6b27ce3e4b92ab5c21e6a73d1152902))
## [4.11.1](https://gitlab.com/to-be-continuous/golang/compare/4.11.0...4.11.1) (2024-12-06)
......@@ -46,7 +67,7 @@
### Features
* optional installation of Go tools ([5a78d9d](https://gitlab.com/to-be-continuous/golang/commit/5a78d9d8000b45edf165940eba35b6f196e97bf5))
* optional installation of Go tools ([5a78d9d](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/golang/commit/5a78d9d8000b45edf165940eba35b6f196e97bf5))
## [4.9.2](https://gitlab.com/to-be-continuous/golang/compare/4.9.1...4.9.2) (2024-07-02)
......
README.md
View file @ 0d2adc45
......@@ -14,7 +14,7 @@ Add the following to your `.gitlab-ci.yml`:
```yaml
include:
# 1: include the component
- component: $CI_SERVER_FQDN/to-be-continuous/golang/gitlab-ci-golang@4.12.3
- component: $CI_SERVER_FQDN/to-be-continuous/golang/gitlab-ci-golang@4.13.0
# 2: set/override component inputs
inputs:
image: "registry.hub.docker.com/library/golang:buster" # ⚠ this is only an example
......@@ -28,7 +28,7 @@ Add the following to your `.gitlab-ci.yml`:
include:
# 1: include the template
- project: 'to-be-continuous/golang'
ref: '4.12.3'
ref: '4.13.0'
file: '/templates/gitlab-ci-golang.yml'
variables:
......@@ -57,6 +57,7 @@ It is disable by default and can be enabled by setting the `GO_GENERATE_MODULES`
| Input / Variable | Description | Default value |
|------------------|------------------------------------------------------------------------------------------------------------|-----------------|
| `generate-modules` / `GO_GENERATE_MODULES` | Space separated list of Go code generator modules (ex: `stringer mockery`) | _none_ (disabled) |
| `go-generate-job-tags` / `GO_GENERATE_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` |
#### Capture generated files as job artifacts
......@@ -144,6 +145,9 @@ These jobs use the following variable:
| `target-os` / `GO_TARGET_OS` | The `GOOS` target [see available values](https://gist.github.com/asukakenji/f15ba7e588ac42795f421b48b8aede63) | _none_ (fallback to go docker image `GOOS`) |
| `target-arch` / `GO_TARGET_ARCH` | The `GOARCH` target [see available values](https://gist.github.com/asukakenji/f15ba7e588ac42795f421b48b8aede63) | _none_ (fallback to go docker image `GOARCH`) |
| `cobertura-flags` / `GO_COBERTURA_FLAGS` | The `GOFLAGS` to use with `gocover-cobertura` if needed | _none_ |
| `go-build-job-tags` / `GO_BUILD_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` |
| `go-test-job-tags` / `GO_TEST_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` |
| `go-build-test-job-tags` / `GO_BUILD_TEST_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` |
In addition to a textual report in the console, the test jobs produce the following reports, kept for one day:
......@@ -166,6 +170,7 @@ It is bound to the `build` stage, and uses the following variables:
| `ci-lint-image` / `GO_CI_LINT_IMAGE` | The Docker image used to run `golangci-lint` | `registry.hub.docker.com/golangci/golangci-lint:latest-alpine` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-GO_CI_LINT_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-GO_CI_LINT_IMAGE) |
| `ci-lint-args` / `GO_CI_LINT_ARGS` | `golangci-lint` [command line arguments](https://github.com/golangci/golangci-lint#command-line-options) | `-E gosec ./...` |
| `ci-lint-disabled` / `GO_CI_LINT_DISABLED` | Set to `true` to disable this job | _none_ (enabled) |
| `go-ci-lint-job-tags` / `GO_CI_LINT_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` |
In addition to a textual report in the console, this job produces the following reports, kept for one day:
......@@ -211,6 +216,7 @@ It is bound to the `test` stage, and uses the following variables:
| Input / Variable | Description | Default value |
|------------------------|-----------------------------------------------------------------------------------------------|-------------------|
| `mod-outdated-args` / `GO_MOD_OUTDATED_ARGS` | `god-mod-outdated` [command line arguments](https://github.com/psampaz/go-mod-outdated#usage) | `-update -direct` |
| `go-mod-outdated-job-tags` / `GO_MOD_OUTDATED_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` |
Checking outdated modules can be a long operation and therefore the job is configured to be ran **manually** by default (overridable).
......@@ -257,8 +263,9 @@ It is bound to the `test` stage, and uses the following variables:
| --------------------- | -------------------------------------- | ----------------- |
| `sbom-disabled` / `GO_SBOM_DISABLED` | Set to `true` to disable this job | _none_ |
| `TBC_SBOM_MODE` | Controls when SBOM reports are generated (`onrelease`: only on `$INTEG_REF`, `$PROD_REF` and `$RELEASE_REF` pipelines; `always`: any pipeline).<br/>:warning: `sbom-disabled` / `GO_SBOM_DISABLED` takes precedence | `onrelease` |
| `sbom-image` / `GO_SBOM_IMAGE` | Image of cyclonedx-gomod used for SBOM analysis | `registry.hub.docker.com/cyclonedx/cyclonedx-gomod:latest` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-GO_SBOM_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-GO_SBOM_IMAGE) |
| `sbom-image` / `GO_SBOM_IMAGE` | Specific Docker image used to run cyclonedx-gomod | `$GO_IMAGE` |
| `sbom-opts` / `GO_SBOM_OPTS` | [@cyclonedx/cyclonedx-gomod options](https://github.com/CycloneDX/cyclonedx-gomod#usage) used for SBOM analysis | `-main .` |
| `go-sbom-job-tags` / `GO_SBOM_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` |
:warning: if you don't have your main class located at the root of your `GO_PROJECT_DIR`, then you will need to override the `-main` option in `GO_SBOM_OPTS` and define your real main class location.
......@@ -279,3 +286,4 @@ It is bound to the `test` stage, and uses the following variables:
| --------------------- | -------------------------------------- | ----------------- |
| `vulncheck-disabled` / `GO_VULNCHECK_DISABLED` | Set to `true` to disable this job | _none_
| `vulncheck-args` / `GO_VULNCHECK_ARGS` | `govulncheck` [command line arguments](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck#hdr-Flags) | `./...` |
| `go-govulncheck-job-tags` / `GO_GOVULNCHECK_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` |
kicker.json
View file @ 0d2adc45
......@@ -87,6 +87,27 @@
"name": "GO_COBERTURA_FLAGS",
"description": "Build flags to add to use gocover-cobertura, leave blank if not needed",
"advanced": true
},
{
"name": "GO_GO_BUILD_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
},
{
"name": "GO_GO_TEST_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
},
{
"name": "GO_GO_BUILD_TEST_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
],
"features": [
......@@ -99,6 +120,13 @@
"name": "GO_GENERATE_MODULES",
"description": "Space separated list of Go code generator modules (ex: `stringer mockery`)",
"mandatory": true
},
{
"name": "GO_GO_GENERATE_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
]
},
......@@ -118,6 +146,13 @@
"description": "`golangci-lint` [command line arguments](https://github.com/golangci/golangci-lint#command-line-options)",
"default": "-E gosec ./...",
"advanced": true
},
{
"name": "GO_GO_CI_LINT_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
]
},
......@@ -131,6 +166,13 @@
"description": "`god-mod-outdated` [command line arguments](https://github.com/psampaz/go-mod-outdated#usage",
"default": "-update -direct",
"advanced": true
},
{
"name": "GO_GO_MOD_OUTDATED_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
]
},
......@@ -150,13 +192,22 @@
},
{
"name": "GO_SBOM_IMAGE",
"default": "registry.hub.docker.com/cyclonedx/cyclonedx-gomod:latest"
"description": "Specific Docker image used to run cyclonedx-gomod",
"advanced": true,
"default": "$GO_IMAGE"
},
{
"name": "GO_SBOM_OPTS",
"description": "[@cyclonedx/cyclonedx-gomod options](https://github.com/CycloneDX/cyclonedx-gomod#usage) used for SBOM analysis",
"default": "-main .",
"advanced": true
},
{
"name": "GO_GO_SBOM_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
]
},
......@@ -200,6 +251,13 @@
"description": "`govulncheck` [command line arguments](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck#hdr-Flags)",
"default": "./...",
"advanced": true
},
{
"name": "GO_GO_GOVULNCHECK_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
]
}
......
templates/gitlab-ci-golang.yml
View file @ 0d2adc45
......@@ -109,7 +109,8 @@ spec:
type: boolean
default: false
sbom-image:
default: registry.hub.docker.com/cyclonedx/cyclonedx-gomod:latest
description: Specific Docker image used to run cyclonedx-gomod
default: '$GO_IMAGE'
sbom-opts:
description: '[@cyclonedx/cyclonedx-gomod options](https://github.com/CycloneDX/cyclonedx-gomod#usage) used for SBOM analysis'
default: -main .
......@@ -120,6 +121,39 @@ spec:
vulncheck-args:
description: '`govulncheck` [command line arguments](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck#hdr-Flags)'
default: ./...
go-generate-job-tags:
description: tags to filter applicable runners for go-generate job
type: array
default: []
go-build-job-tags:
description: tags to filter applicable runners for go-build job
type: array
default: []
go-test-job-tags:
description: tags to filter applicable runners for go-test job
type: array
default: []
go-build-test-job-tags:
description: tags to filter applicable runners for go-build-test job
type: array
default: []
go-ci-lint-job-tags:
description: tags to filter applicable runners for go-ci-lint job
type: array
default: []
go-mod-outdated-job-tags:
description: tags to filter applicable runners for go-mod-outdated job
type: array
default: []
go-sbom-job-tags:
description: tags to filter applicable runners for go-sbom job
type: array
default: []
go-govulncheck-job-tags:
description: tags to filter applicable runners for go-govulncheck job
type: array
default: []
---
workflow:
rules:
......@@ -605,7 +639,7 @@ stages:
image: $GO_IMAGE
services:
- name: "$TBC_TRACKING_IMAGE"
command: ["--service", "golang", "4.12.3"]
command: ["--service", "golang", "4.13.0"]
variables:
# The directory where 'go install' will install a command.
GOBIN: "$CI_PROJECT_DIR/$GO_PROJECT_DIR/bin"
......@@ -645,6 +679,7 @@ go-generate:
- "${GO_PROJECT_DIR}/**/mock/"
- "${GO_PROJECT_DIR}/**/mocks/"
- "${GO_PROJECT_DIR}/**/*mock*.go"
tags: $[[ inputs.go-generate-job-tags ]]
go-build:
extends: .go-base
......@@ -658,7 +693,8 @@ go-build:
- $GO_PROJECT_DIR/bin/
rules:
# if $GO_TEST_IMAGE set
- if: '$GO_TEST_IMAGE != ""'
- if: '$GO_TEST_IMAGE'
tags: $[[ inputs.go-build-job-tags ]]
go-test:
extends: .go-base
......@@ -685,6 +721,7 @@ go-test:
- if: '$GO_TEST_IMAGE == ""'
when: never
- !reference [.test-policy, rules]
tags: $[[ inputs.go-test-job-tags ]]
go-build-test:
extends: .go-base
......@@ -711,6 +748,7 @@ go-build-test:
rules:
# if $GO_TEST_IMAGE not set
- if: '$GO_TEST_IMAGE == ""'
tags: $[[ inputs.go-build-test-job-tags ]]
go-ci-lint:
extends: .go-base
......@@ -741,6 +779,7 @@ go-ci-lint:
- if: '$GO_CI_LINT_DISABLED == "true"'
when: never
- !reference [.test-policy, rules]
tags: $[[ inputs.go-ci-lint-job-tags ]]
# SAST: semgrep
go-semgrep:
......@@ -800,6 +839,7 @@ go-mod-outdated:
# else manual & non-blocking
- when: manual
allow_failure: true
tags: $[[ inputs.go-mod-outdated-job-tags ]]
go-sbom:
extends: .go-base
......@@ -807,7 +847,7 @@ go-sbom:
image:
name: $GO_SBOM_IMAGE
entrypoint: [""]
# manage separate GitLab cache to prevent permission denied error (this image being rootless, it can't rewrite Go cache - owned by root)
# manage separate GitLab cache to prevent permission denied error (cyclonedx-gomod image being rootless, it can't rewrite Go cache - owned by root)
# see: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29663
cache:
key: "$CI_COMMIT_REF_SLUG-golang-sbom"
......@@ -817,10 +857,10 @@ go-sbom:
dependencies: []
needs: []
script:
- command -v cyclonedx-gomod > /dev/null || go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest
- mkdir -p -m 777 reports
- go_mode=$(go_build_mode)
- |
cyclonedx-gomod "${go_mode:0:3}" -json -output reports/go-sbom.cyclonedx.json $GO_SBOM_OPTS
- cyclonedx-gomod "${go_mode:0:3}" -json -output reports/go-sbom.cyclonedx.json $GO_SBOM_OPTS
- chmod a+r reports/go-sbom.cyclonedx.json
artifacts:
name: "SBOM for golang from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
......@@ -842,6 +882,7 @@ go-sbom:
when: never
# 'onrelease' mode: use common software delivery rules
- !reference [.delivery-policy, rules]
tags: $[[ inputs.go-sbom-job-tags ]]
go-govulncheck:
extends: .go-base
......@@ -856,3 +897,4 @@ go-govulncheck:
- if: '$GO_VULNCHECK_DISABLED == "true"'
when: never
- !reference [.test-policy, rules]
tags: $[[ inputs.go-govulncheck-job-tags ]]