Benguria Elguezabal, Gorka · Benguria Elguezabal, Gorka · semantic-release-bot · Benguria Elguezabal, Gorka · Benguria Elguezabal, Gorka · Benguria Elguezabal, Gorka
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+# variables in the GitLab CI/CD variables:
+  #   GITLAB_TOKEN to support the semantic-release
+  #   DOCKER_AUTH_CONFIG to support the usage of private docker images as job docker image
+  #   TMPL_RELEASE_ENABLED to enable the semantic-release job
+  #   TBC_NAMESPACE: smartdatalab/public/ci-cd-components
+
 include:
-  - project: "to-be-continuous/tools/gitlab-ci"
-    ref: "master"
-    file: "/templates/extract.yml"
-  - project: "to-be-continuous/tools/gitlab-ci"
-    ref: "master"
-    file: "/templates/validation.yml"
-  - project: "to-be-continuous/kicker"
-    ref: "master"
-    file: "/templates/validation.yml"
-  - component: $CI_SERVER_FQDN/to-be-continuous/bash/gitlab-ci-bash@3.5
+  - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/gitlab-ci/extract@master
+    inputs:
+      extract-script-job-tags: ["docker"]
+  - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/gitlab-ci/validation@master
+    inputs:
+      check-links-job-tags: ["docker"]
+      tbc-check-job-tags: ["docker"]
+      tbc-check-image: cicd-docker-dev.artifact.tecnalia.dev/tbc-check:master
+      gitlab-ci-lint-job-tags: ["docker"]
+  - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/kicker/validation@master
    inputs:
+      kicker-validation-job-tags: ["docker"]
+      schema-base-url: "https://git.code.tecnalia.dev/api/v4/projects/smartdatalab%2Fpublic%2Fci-cd-components%2Fkicker/repository/files"
+  - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/bash/gitlab-ci-bash@master
+    inputs:
+      bash-shellcheck-job-tags: ["docker"]
      shellcheck-files: "*.sh"
-  - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.11
+  - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/semantic-release/gitlab-ci-semrel@master
+    inputs:
+      semantic-release-job-tags: ["docker"]

 variables:
  GITLAB_CI_FILES: "templates/gitlab-ci-k8s.yml"
+  GIT_STRATEGY: clone

 semantic-release:
  rules:

--- a/CHANGELOG.md
+++ b/CHANGELOG.md
-# [6.4.0](https://gitlab.com/to-be-continuous/kubernetes/compare/6.3.0...6.4.0) (2025-01-20)
+# [6.5.0](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/kubernetes/compare/6.4.0...6.5.0) (2025-01-29)


 ### Features

-* add automatic namespace creation (when it doesn't exist) ([266bee9](https://gitlab.com/to-be-continuous/kubernetes/commit/266bee9290b7b5e8611c4ef9e80f842004fbd015))
+* disable tracking service by default ([5b31f18](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/kubernetes/commit/5b31f18734e9e4497716d0eb091606dd7bf9edd5))

-# [6.3.0](https://gitlab.com/to-be-continuous/kubernetes/compare/6.2.0...6.3.0) (2024-08-05)
+# [6.3.0](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/kubernetes/compare/6.2.0...6.3.0) (2024-08-29)


 ### Features

-* **gcp:** setup GCP credentials through ADC ([ff59904](https://gitlab.com/to-be-continuous/kubernetes/commit/ff599041fe3515bce9c0e69b99d44859dfd93ba4))
+* **gcp:** setup GCP credentials through ADC ([ff59904](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/kubernetes/commit/ff599041fe3515bce9c0e69b99d44859dfd93ba4))

 # [6.2.0](https://gitlab.com/to-be-continuous/kubernetes/compare/6.1.4...6.2.0) (2024-07-12)


--- a/README.md
+++ b/README.md
@@ -16,7 +16,7 @@ Add the following to your `.gitlab-ci.yml`:
 ```yaml
 include:
  # 1: include the component
-  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s@6.4.0
+  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s@6.5.0
    # 2: set/override component inputs
    inputs:
      # ⚠ this is only an example
@@ -35,7 +35,7 @@ Add the following to your `.gitlab-ci.yml`:
 include:
  # 1: include the template
  - project: 'to-be-continuous/kubernetes'
-    ref: '6.4.0'
+    ref: '6.5.0'
    file: '/templates/gitlab-ci-k8s.yml'

 variables:
@@ -418,6 +418,8 @@ Here are variables supported to configure review environments:
 | :lock: `K8S_REVIEW_CA_CERT`     | the Kubernetes server certificate authority for `review` env _(only define if using exploded kubeconfig parameters and if different from default)_ | `$K8S_CA_CERT` |
 | :lock: `K8S_REVIEW_TOKEN`| service account token for `review` env _(only define if using exploded kubeconfig parameters and if different from default)_ | `$K8S_TOKEN` |
 | `review-autostop-duration` / `K8S_REVIEW_AUTOSTOP_DURATION` | The amount of time before GitLab will automatically stop `review` environments | `4 hours` |
+| `k8s-review-job-tags` / `K8S_REVIEW_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]`            |
+| `k8s-cleanup-review-job-tags` / `K8S_CLEANUP_REVIEW_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]`            |

 ### Integration environment configuration

@@ -436,6 +438,7 @@ Here are variables supported to configure the integration environment:
 | `integ-url` / `K8S_INTEG_URL` | Kubernetes API url for `integration` env  _(only define if using exploded kubeconfig parameters and if different from default)_ | `$K8S_URL` |
 | :lock: `K8S_INTEG_CA_CERT`      | the Kubernetes server certificate authority for `integration` env _(only define if using exploded kubeconfig parameters and if different from default)_ | `$K8S_CA_CERT` |
 | :lock: `K8S_INTEG_TOKEN` | service account token for `integration` env _(only define if using exploded kubeconfig parameters and if different from default)_ | `$K8S_TOKEN` |
+| `k8s-integ-job-tags` / `K8S_INTEG_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]`            |

 ### Staging environment configuration

@@ -454,6 +457,7 @@ Here are variables supported to configure the staging environment:
 | `staging-url` / `K8S_STAGING_URL` | Kubernetes API url for `staging` env  _(only define if using exploded kubeconfig parameters and if different from default)_   | `$K8S_URL` |
 | :lock: `K8S_STAGING_CA_CERT`    | the Kubernetes server certificate authority for `staging` env _(only define if using exploded kubeconfig parameters and if different from default)_ | `$K8S_CA_CERT` |
 | :lock: `K8S_STAGING_TOKEN`| service account token for `staging` env _(only define if using exploded kubeconfig parameters and if different from default)_ | `$K8S_TOKEN` |
+| `k8s-staging-job-tags` / `K8S_STAGING_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]`            |

 ### Production environment configuration

@@ -473,6 +477,7 @@ Here are variables supported to configure the production environment:
 | :lock: `K8S_PROD_CA_CERT`       | the Kubernetes server certificate authority for `production` env _(only define if using exploded kubeconfig parameters and if different from default)_ | `$K8S_CA_CERT` |
 | :lock: `K8S_PROD_TOKEN`  | service account token for `production` env _(only define if using exploded kubeconfig parameters and if different from default)_ | `$K8S_TOKEN` |
 | `prod-deploy-strategy` / `K8S_PROD_DEPLOY_STRATEGY` | Defines the deployment to production strategy. One of `manual` (i.e. _one-click_) or `auto`. | `manual` |
+| `k8s-prod-job-tags` / `K8S_PROD_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]`            |

 ### kube-score job

@@ -486,6 +491,7 @@ Here are its parameters:
 | `kube-score-image` / `K8S_KUBE_SCORE_IMAGE` | Docker image to run [kube-score](https://github.com/zegl/kube-score) | `registry.hub.docker.com/zegl/kube-score:latest` **it is recommended to set a tool version compatible with your Kubernetes cluster** |
 | `score-disabled` / `K8S_SCORE_DISABLED` | Set to `true` to disable the `kube-score` analysis                             | _none_ (enabled) |
 | `score-extra-opts` / `K8S_SCORE_EXTRA_OPTS` | [Additional options](https://github.com/zegl/kube-score#configuration) to `kube-score` command line | _none_ |
+| `k8s-score-job-tags` / `K8S_SCORE_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]`            |

 ## Variants

@@ -535,12 +541,12 @@ With:
 ```yaml
 include:
  # main template
-  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s@6.4.0
+  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s@6.5.0
    inputs:
      # ⚠ oc-container image (includes required curl)
      kubectl-image: registry.hub.docker.com/docker.io/appuio/oc:v4.14
  # Vault variant
-  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s-vault@6.4.0
+  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s-vault@6.5.0
    inputs:
      # audience claim for JWT
      vault-oidc-aud: "https://vault.acme.host"
@@ -601,9 +607,9 @@ With a common default `GCP_OIDC_PROVIDER` and `GCP_OIDC_ACCOUNT` configuration f
 ```yaml
 include:
  # main template
-  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s@6.4.0
+  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s@6.5.0
  # Google Cloud variant
-  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8ss-gcp@6.4.0
+  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8ss-gcp@6.5.0
    inputs:
      # common OIDC config for non-prod envs
      gcp-oidc-provider: "projects/<gcp_nonprod_proj_id>/locations/global/workloadIdentityPools/<pool_id>/providers/<provider_id>"

--- a/kicker.json
+++ b/kicker.json
@@ -59,6 +59,13 @@
      "description": "Additional [`kubectl kustomize` options](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#kustomize)\n\n_For example: `--enable-helm`_",
      "advanced": true
    },
+    {
+      "name": "K8S_K8S_SCORE_JOB_TAGS",
+      "description": "Tags to be used for selecting runners for the job",
+      "type": "array",
+      "default": [],
+      "advanced": true
+    },
    {
      "name": "K8S_CREATE_NAMESPACE_ENABLED",
      "description": "Set to `true` to enable automatic namespace creation",
@@ -131,6 +138,20 @@
          "name": "K8S_REVIEW_CA_CERT",
          "description": "Kubernetes cluster server certificate authority for review env (only define if using exploded kubeconfig parameters and if different from global)",
          "secret": true
+        },
+        {
+          "name": "K8S_K8S_REVIEW_JOB_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
+        },
+        {
+          "name": "K8S_K8S_CLEANUP_REVIEW_JOB_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
        }
      ]
    },
@@ -175,6 +196,13 @@
          "name": "K8S_INTEG_CA_CERT",
          "description": "Kubernetes cluster server certificate authority for integration env (only define if using exploded kubeconfig parameters and if different from global)",
          "secret": true
+        },
+        {
+          "name": "K8S_K8S_INTEG_JOB_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
        }
      ]
    },
@@ -219,6 +247,13 @@
          "name": "K8S_STAGING_CA_CERT",
          "description": "Kubernetes cluster server certificate authority for staging env (only define if using exploded kubeconfig parameters and if  different from global)",
          "secret": true
+        },
+        {
+          "name": "K8S_K8S_STAGING_JOB_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
        }
      ]
    },
@@ -270,6 +305,13 @@
          "name": "K8S_PROD_CA_CERT",
          "description": "Kubernetes cluster server certificate authority for production env (only define if using exploded kubeconfig parameters and if  different from global)",
          "secret": true
+        },
+        {
+          "name": "K8S_K8S_PROD_JOB_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
        }
      ]
    }

--- a/templates/gitlab-ci-k8s-vault.yml
+++ b/templates/gitlab-ci-k8s-vault.yml
@@ -22,7 +22,7 @@ variables:
 .k8s-base:
  services:
    - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "--port", "8082", "kubernetes", "6.4.0"]
+      command: ["--service", "--port", "8082", "kubernetes", "6.5.0"]
    - name: "$TBC_VAULT_IMAGE"
      alias: "vault-secrets-provider"
  variables:

--- a/templates/gitlab-ci-k8s.yml
+++ b/templates/gitlab-ci-k8s.yml
@@ -114,6 +114,31 @@ spec:
    prod-url:
      description: Kubernetes API url for production env (only define if using exploded kubeconfig parameters and if different from global)
      default: ''
+    k8s-score-job-tags:
+      description: tags to filter applicable runners for k8s-score job
+      type: array
+      default: []
+    k8s-review-job-tags:
+      description: tags to filter applicable runners for k8s-review job
+      type: array
+      default: []
+    k8s-cleanup-review-job-tags:
+      description: tags to filter applicable runners for k8s-cleanup-review job
+      type: array
+      default: []
+    k8s-integ-job-tags:
+      description: tags to filter applicable runners for k8s-integration job
+      type: array
+      default: []
+    k8s-staging-job-tags:
+      description: tags to filter applicable runners for k8s-staging job
+      type: array
+      default: []
+    k8s-prod-job-tags:
+      description: tags to filter applicable runners for k8s-production job
+      type: array
+      default: []
+
 ---
 # default workflow rules: Merge Request pipelines
 workflow:
@@ -160,9 +185,6 @@ workflow:
    - when: on_success

 variables:
-  # variabilized tracking image
-  TBC_TRACKING_IMAGE: registry.gitlab.com/to-be-continuous/tools/tracking:master
-
  # Docker Image with Kubernetes CLI tool (can be overridden)
  K8S_KUBECTL_IMAGE: $[[ inputs.kubectl-image ]]
  K8S_KUBE_SCORE_IMAGE: $[[ inputs.kube-score-image ]]
@@ -780,7 +802,7 @@ stages:
    entrypoint: [""]
  services:
    - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "kubernetes", "6.4.0"]
+      command: ["--service", "kubernetes", "6.5.0"]
  before_script:
    - !reference [.k8s-scripts]
    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"
@@ -826,7 +848,7 @@ k8s-score:
    - if: '$ENV_TYPE == "production" && ($K8S_PROD_SPACE == null || $K8S_PROD_SPACE == "")'
      when: never
    - !reference [.test-policy, rules]
-
+  tags: $[[ inputs.k8s-score-job-tags ]]

 # Deploy job prototype
 # Can be extended to define a concrete environment
@@ -910,6 +932,7 @@ k8s-review:
      when: never
    # only on non-production, non-integration branches, with $K8S_REVIEW_SPACE set
    - if: '$K8S_REVIEW_SPACE != "" && $CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF'
+  tags: $[[ inputs.k8s-review-job-tags ]]

 # stop review env (automatically triggered once branches are deleted)
 k8s-cleanup-review:
@@ -934,6 +957,7 @@ k8s-cleanup-review:
    - if: '$K8S_REVIEW_SPACE != "" && $CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF'
      when: manual
      allow_failure: true
+  tags: $[[ inputs.k8s-cleanup-review-job-tags ]]

 k8s-integration:
  extends: .k8s-deploy
@@ -952,6 +976,7 @@ k8s-integration:
  rules:
    # only on integration branch(es), with $K8S_INTEG_SPACE set
    - if: '$K8S_INTEG_SPACE != "" && $CI_COMMIT_REF_NAME =~ $INTEG_REF'
+  tags: $[[ inputs.k8s-integ-job-tags ]]

 ###############################
 # Staging deploys are disabled by default since
@@ -977,6 +1002,7 @@ k8s-staging:
  rules:
    # only on production branch(es), with $K8S_STAGING_SPACE set
    - if: '$K8S_STAGING_SPACE != "" && $CI_COMMIT_REF_NAME =~ $PROD_REF'
+  tags: $[[ inputs.k8s-staging-job-tags ]]

 k8s-production:
  extends: .k8s-deploy
@@ -1004,3 +1030,4 @@ k8s-production:
    - if: '$K8S_PROD_DEPLOY_STRATEGY == "manual"'
      when: manual
    - if: '$K8S_PROD_DEPLOY_STRATEGY == "auto"'
+  tags: $[[ inputs.k8s-prod-job-tags ]]
\ No newline at end of file