Skip to content
Commits on Source (21)
Expand all Hide whitespace changes
Inline Side-by-side
.gitlab-ci.yml
View file @ 37e4728e
# variables in the GitLab CI/CD variables:
# GITLAB_TOKEN to support the semantic-release
# DOCKER_AUTH_CONFIG to support the usage of private docker images as job docker image
# TMPL_RELEASE_ENABLED to enable the semantic-release job
# TBC_NAMESPACE: smartdatalab/public/ci-cd-components
include:
- project: "to-be-continuous/tools/gitlab-ci"
ref: "master"
file: "/templates/extract.yml"
- project: "to-be-continuous/tools/gitlab-ci"
ref: "master"
file: "/templates/validation.yml"
- project: "to-be-continuous/kicker"
ref: "master"
file: "/templates/validation.yml"
- component: $CI_SERVER_FQDN/to-be-continuous/bash/gitlab-ci-bash@3.5
- component: $CI_SERVER_FQDN/$TBC_NAMESPACE/gitlab-ci/extract@master
inputs:
extract-script-job-tags: ["docker"]
- component: $CI_SERVER_FQDN/$TBC_NAMESPACE/gitlab-ci/validation@master
inputs:
check-links-job-tags: ["docker"]
tbc-check-job-tags: ["docker"]
tbc-check-image: cicd-docker-dev.artifact.tecnalia.dev/tbc-check:master
gitlab-ci-lint-job-tags: ["docker"]
- component: $CI_SERVER_FQDN/$TBC_NAMESPACE/kicker/validation@master
inputs:
kicker-validation-job-tags: ["docker"]
schema-base-url: "https://git.code.tecnalia.dev/api/v4/projects/smartdatalab%2Fpublic%2Fci-cd-components%2Fkicker/repository/files"
- component: $CI_SERVER_FQDN/$TBC_NAMESPACE/bash/gitlab-ci-bash@master
inputs:
bash-shellcheck-job-tags: ["docker"]
shellcheck-files: "*.sh"
- component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.11
- component: $CI_SERVER_FQDN/$TBC_NAMESPACE/semantic-release/gitlab-ci-semrel@master
inputs:
semantic-release-job-tags: ["docker"]
variables:
GITLAB_CI_FILES: "templates/gitlab-ci-node.yml"
LYCHEE_EXTRA_OPTS: "--exclude .acme.corp"
GIT_STRATEGY: clone
semantic-release:
rules:
......
CHANGELOG.md
View file @ 37e4728e
## [4.1.1](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/node/compare/4.1.0...4.1.1) (2025-01-20)
### Bug Fixes
* semgrep subdir ([8ac460c](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/node/commit/8ac460c05668590b7713f05fc571fc7b3fe2f4b4))
## [4.1.1](https://gitlab.com/to-be-continuous/node/compare/4.1.0...4.1.1) (2024-12-05)
### Bug Fixes
* semgrep subdir ([8ac460c](https://gitlab.com/to-be-continuous/node/commit/8ac460c05668590b7713f05fc571fc7b3fe2f4b4))
# [4.1.0](https://gitlab.com/to-be-continuous/node/compare/4.0.3...4.1.0) (2024-11-23)
......
README.md
View file @ 37e4728e
This diff is collapsed.
kicker.json
View file @ 37e4728e
......@@ -71,8 +71,15 @@
"name": "NODE_INSTALL_EXTRA_OPTS",
"description": "Extra options to install project dependencies (either [`npm ci`](https://docs.npmjs.com/cli/ci.html/), [`yarn install`](https://yarnpkg.com/cli/install) or [`pnpm install`](https://pnpm.io/cli/install))",
"advanced": true
},
{
"name": "NODE_NODE_BUILD_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
],
],
"features": [
{
"id": "node-lint",
......@@ -85,6 +92,13 @@
"description": "npm [run script](https://docs.npmjs.com/cli/v8/commands/npm-run-script) arguments to execute the lint analysis - yarn [run script](https://classic.yarnpkg.com/en/docs/cli/run) arguments to execute the lint analysis - pnpm [run script](https://pnpm.io/cli/run) arguments to execute the lint analysis",
"default": "run lint",
"advanced": true
},
{
"name": "NODE_NODE_LINT_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
]
},
......@@ -98,6 +112,13 @@
"name": "NODE_AUDIT_ARGS",
"description": "npm [audit](https://docs.npmjs.com/cli/v8/commands/npm-audit) arguments - yarn [audit](https://classic.yarnpkg.com/en/docs/cli/audit) arguments - [pnpm audit](https://pnpm.io/cli/audit) arguments",
"default": "--audit-level=low"
},
{
"name": "NODE_NODE_AUDIT_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
]
},
......@@ -111,6 +132,13 @@
"name": "NODE_OUTDATED_ARGS",
"description": "npm [outdated](https://docs.npmjs.com/cli/v8/commands/npm-outdated) arguments - yarn [outdated](https://classic.yarnpkg.com/lang/en/docs/cli/outdated/) arguments - pnpm [outdated](https://pnpm.io/cli/outdated) arguments",
"default": "--long"
},
{
"name": "NODE_NODE_OUTDATED_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
]
},
......@@ -145,6 +173,13 @@
"description": "Download Semgrep remote rules",
"type": "boolean",
"default": "true"
},
{
"name": "NODE_NODE_SEMGREP_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
]
},
......@@ -164,6 +199,13 @@
"description": "Options for @cyclonedx/cyclonedx-npm used for SBOM analysis",
"default": "--omit dev",
"advanced": true
},
{
"name": "NODE_NODE_SBOM_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
]
},
......@@ -182,6 +224,13 @@
"name": "NODE_PUBLISH_TOKEN",
"description": "npm publication registry authentication token",
"secret": true
},
{
"name": "NODE_NODE_PUBLISH_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
]
}
......
templates/gitlab-ci-node-vault.yml
View file @ 37e4728e
......@@ -22,7 +22,7 @@ variables:
.node-base:
services:
- name: "$TBC_TRACKING_IMAGE"
command: ["--service", "node", "4.1.0"]
command: ["--service", "node", "4.1.1"]
- name: "$TBC_VAULT_IMAGE"
alias: "vault-secrets-provider"
variables:
......
templates/gitlab-ci-node.yml
View file @ 37e4728e
......@@ -120,6 +120,35 @@ spec:
publish-args:
description: npm [publish](https://docs.npmjs.com/cli/v8/commands/npm-publish) extra arguments - yarn [publish](https://classic.yarnpkg.com/lang/en/docs/cli/publish/) extra arguments - pnpm [publish](https://pnpm.io/cli/publish) extra arguments
default: ''
node-build-job-tags:
description: tags to filter applicable runners for node-build job
type: array
default: []
node-lint-job-tags:
description: tags to filter applicable runners for node-lint job
type: array
default: []
node-audit-job-tags:
description: tags to filter applicable runners for node-audit job
type: array
default: []
node-outdated-job-tags:
description: tags to filter applicable runners for node-outdated job
type: array
default: []
node-semgrep-job-tags:
description: tags to filter applicable runners for node-semgrep job
type: array
default: []
node-sbom-job-tags:
description: tags to filter applicable runners for node-sbom job
type: array
default: []
node-publish-job-tags:
description: tags to filter applicable runners for node-publish job
type: array
default: []
---
workflow:
rules:
......@@ -606,7 +635,7 @@ stages:
image: $NODE_IMAGE
services:
- name: "$TBC_TRACKING_IMAGE"
command: ["--service", "node", "4.1.0"]
command: ["--service", "node", "4.1.1"]
variables:
# Yarn cache (better than --cache-folder option, deprecated)
YARN_CACHE_FOLDER: "$CI_PROJECT_DIR/$NODE_PROJECT_DIR/.yarn"
......@@ -674,6 +703,7 @@ node-build:
- if: '$NODE_BUILD_DISABLED != "true"'
# else (test only): apply test-policy
- !reference [.test-policy, rules]
tags: $[[ inputs.node-build-job-tags ]]
node-lint:
extends: .node-base
......@@ -686,7 +716,7 @@ node-lint:
then
# generate eslint report for SonarQube
# shellcheck disable=SC2086
log_info "SonarQube detedted: producing ESLint JSON report..."
log_info "SonarQube detected: producing ESLint JSON report..."
$NODE_MANAGER $NODE_LINT_ARGS -- --format=json --output-file=reports/node-lint.xslint.json || true
fi
# maybe add eslint-formatter-gitlab
......@@ -714,6 +744,7 @@ node-lint:
when: never
# on production or integration branch(es): auto & failing
- !reference [.test-policy, rules]
tags: $[[ inputs.node-lint-job-tags ]]
###############################################################################################
# Test stage: audit & outdated
......@@ -746,6 +777,7 @@ node-audit:
- if: '$NODE_AUDIT_DISABLED == "true"'
when: never
- !reference [.test-policy, rules]
tags: $[[ inputs.node-audit-job-tags ]]
# outdated
node-outdated:
......@@ -776,6 +808,7 @@ node-outdated:
# on non-production, non-integration branches: manual & non-blocking
- when: manual
allow_failure: true
tags: $[[ inputs.node-outdated-job-tags ]]
# SAST: Semgrep
node-semgrep:
......@@ -786,15 +819,14 @@ node-semgrep:
dependencies: []
stage: test
before_script:
- *node-scripts
- cd $NODE_PROJECT_DIR
- mkdir -p -m 777 reports
- !reference [.node-scripts]
- mkdir -p -m 777 ${NODE_PROJECT_DIR}/reports
- setup_semgrep_rules
script:
- >-
semgrep ci ${TRACE+--verbose} ${NODE_SEMGREP_ARGS}
--gitlab-sast-output=reports/node-semgrep.gitlab.json
${DEFECTDOJO_SEMGREP_REPORTS:+--json-output=reports/node-semgrep.native.json}
semgrep ci ${TRACE+--verbose} ${NODE_SEMGREP_ARGS} --subdir ${NODE_PROJECT_DIR}
--gitlab-sast-output=${NODE_PROJECT_DIR}/reports/node-semgrep.gitlab.json
${DEFECTDOJO_SEMGREP_REPORTS:+--json-output=${NODE_PROJECT_DIR}/reports/node-semgrep.native.json}
artifacts:
name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
when: always
......@@ -809,6 +841,7 @@ node-semgrep:
- if: '$NODE_SEMGREP_DISABLED == "true"'
when: never
- !reference [.test-policy, rules]
tags: $[[ inputs.node-semgrep-job-tags ]]
node-sbom:
extends: .node-base
......@@ -839,6 +872,7 @@ node-sbom:
- if: '$NODE_SBOM_DISABLED == "true"'
when: never
- !reference [.test-policy, rules]
tags: $[[ inputs.node-sbom-job-tags ]]
node-publish:
extends: .node-base
......@@ -853,3 +887,4 @@ node-publish:
when: never
# on tag with release pattern: auto
- if: '$CI_COMMIT_TAG =~ $RELEASE_REF'
tags: $[[ inputs.node-publish-job-tags ]]
\ No newline at end of file