.gitlab-ci.yml

+# variables in the GitLab CI/CD variables:
+  #   GITLAB_TOKEN to support the semantic-release
+  #   DOCKER_AUTH_CONFIG to support the usage of private docker images as job docker image
+  #   TMPL_RELEASE_ENABLED to enable the semantic-release job
+  #   TBC_NAMESPACE: smartdatalab/public/ci-cd-components
+
 include:
-  - project: "to-be-continuous/tools/gitlab-ci"
-    ref: "master"
-    file: "/templates/extract.yml"
-  - project: "to-be-continuous/tools/gitlab-ci"
-    ref: "master"
-    file: "/templates/validation.yml"
-  - project: "to-be-continuous/kicker"
-    ref: "master"
-    file: "/templates/validation.yml"
-  - component: $CI_SERVER_FQDN/to-be-continuous/bash/gitlab-ci-bash@3.6
+  - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/gitlab-ci/extract@master
+    inputs:
+      extract-script-job-tags: ["docker"]
+  - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/gitlab-ci/validation@master
+    inputs:
+      check-links-job-tags: ["docker"]
+      tbc-check-job-tags: ["docker"]
+      tbc-check-image: cicd-docker-dev.artifact.tecnalia.dev/tbc-check:master
+      gitlab-ci-lint-job-tags: ["docker"]
+  - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/kicker/validation@master
     inputs:
+      kicker-validation-job-tags: ["docker"]
+      schema-base-url: "https://git.code.tecnalia.dev/api/v4/projects/smartdatalab%2Fpublic%2Fci-cd-components%2Fkicker/repository/files"
+  - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/bash/gitlab-ci-bash@master
+    inputs:
+      bash-shellcheck-job-tags: ["docker"]
       shellcheck-files: "*.sh"
-  - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.12
+  - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/semantic-release/gitlab-ci-semrel@master
+    inputs:
+      semantic-release-job-tags: ["docker"]
+
 
 variables:
   GITLAB_CI_FILES: "templates/gitlab-ci-node.yml"
   LYCHEE_EXTRA_OPTS: "--exclude .acme.corp"
+  GIT_STRATEGY: clone
 
 semantic-release:
   rules:

.gitlab/merge_request_templates/new_feature.md

@@ -8,8 +8,8 @@ Closes #999
 ## Checklist
 
 * General:
-    * [ ] use [rules](https://docs.gitlab.com/ee/ci/yaml/#rules) instead of [only/except](https://docs.gitlab.com/ee/ci/yaml/#onlyexcept-advanced)
-    * [ ] optimized [cache](https://docs.gitlab.com/ee/ci/caching/) configuration (wherever applicable)
+    * [ ] use [rules](https://docs.gitlab.com/ci/yaml/#rules) instead of [only/except](https://docs.gitlab.com/ci/yaml/#onlyexcept-advanced)
+    * [ ] optimized [cache](https://docs.gitlab.com/ci/caching/) configuration (wherever applicable)
 * Publicly usable:
     * [ ] untagged runners
     * [ ] no proxy configuration but support `http_proxy`/`https_proxy`/`no_proxy`

CHANGELOG.md

+## [4.2.2](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/node/compare/4.2.1...4.2.2) (2025-05-07)
+
+
+### Bug Fixes
+
+* **pnpm:** double dash not supported by pnpm ([776ddb5](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/node/commit/776ddb5168174108f2d1c01a0bfaddd8e9e293d9))
+
+## [4.2.2](https://gitlab.com/to-be-continuous/node/compare/4.2.1...4.2.2) (2025-04-16)
+
+
+### Bug Fixes
+
+* **pnpm:** double dash not supported by pnpm ([776ddb5](https://gitlab.com/to-be-continuous/node/commit/776ddb5168174108f2d1c01a0bfaddd8e9e293d9))
+
 ## [4.2.1](https://gitlab.com/to-be-continuous/node/compare/4.2.0...4.2.1) (2025-01-31)
 
 
@@ -10,7 +24,14 @@
 
 ### Features
 
-* disable tracking service by default ([8823fa4](https://gitlab.com/to-be-continuous/node/commit/8823fa457209e3f38e09d70f0a3b755611394ed4))
+* disable tracking service by default ([8823fa4](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/node/commit/8823fa457209e3f38e09d70f0a3b755611394ed4))
+
+## [4.1.1](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/node/compare/4.1.0...4.1.1) (2025-01-20)
+
+
+### Bug Fixes
+
+* semgrep subdir ([8ac460c](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/node/commit/8ac460c05668590b7713f05fc571fc7b3fe2f4b4))
 
 ## [4.1.1](https://gitlab.com/to-be-continuous/node/compare/4.1.0...4.1.1) (2024-12-05)
 

CONTRIBUTING.md

@@ -61,7 +61,7 @@ To contribute:
 
 1. Create an issue describing the bug or enhancement you want to propose (select the right issue template).
 2. Make sure the issue has been reviewed and agreed.
-3. Create a Merge Request, from your **own** fork (see [forking workflow](https://docs.gitlab.com/ee/user/project/repository/forking_workflow.html) documentation).
+3. Create a Merge Request, from your **own** fork (see [forking workflow](https://docs.gitlab.com/user/project/repository/forking_workflow/) documentation).
    Don't hesitate to mark your MR as `Draft` as long as you think it's not ready to be reviewed.
 
 ### Git Commit Conventions

kicker.json

@@ -71,8 +71,15 @@
       "name": "NODE_INSTALL_EXTRA_OPTS",
       "description": "Extra options to install project dependencies (either [`npm ci`](https://docs.npmjs.com/cli/ci.html/), [`yarn install`](https://yarnpkg.com/cli/install) or [`pnpm install`](https://pnpm.io/cli/install))",
       "advanced": true
+    },
+    {
+      "name": "NODE_NODE_BUILD_JOB_TAGS",
+      "description": "Tags to be used for selecting runners for the job",
+      "type": "array",
+      "default": [],
+      "advanced": true
     }
-  ],
+],
   "features": [
     {
       "id": "node-lint",
@@ -85,6 +92,13 @@
           "description": "npm [run script](https://docs.npmjs.com/cli/v8/commands/npm-run-script) arguments to execute the lint analysis - yarn [run script](https://classic.yarnpkg.com/en/docs/cli/run) arguments to execute the lint analysis - pnpm [run script](https://pnpm.io/cli/run) arguments to execute the lint analysis",
           "default": "run lint",
           "advanced": true
+        },
+        {
+          "name": "NODE_NODE_LINT_JOB_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
         }
       ]
     },
@@ -98,6 +112,13 @@
           "name": "NODE_AUDIT_ARGS",
           "description": "npm [audit](https://docs.npmjs.com/cli/v8/commands/npm-audit) arguments - yarn [audit](https://classic.yarnpkg.com/en/docs/cli/audit) arguments - [pnpm audit](https://pnpm.io/cli/audit) arguments",
           "default": "--audit-level=low"
+        },
+        {
+          "name": "NODE_NODE_AUDIT_JOB_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
         }
       ]
     },
@@ -111,6 +132,13 @@
           "name": "NODE_OUTDATED_ARGS",
           "description": "npm [outdated](https://docs.npmjs.com/cli/v8/commands/npm-outdated) arguments - yarn [outdated](https://classic.yarnpkg.com/lang/en/docs/cli/outdated/) arguments - pnpm [outdated](https://pnpm.io/cli/outdated) arguments",
           "default": "--long"
+        },
+        {
+          "name": "NODE_NODE_OUTDATED_JOB_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
         }
       ]
     },
@@ -145,6 +173,13 @@
           "description": "Download Semgrep remote rules",
           "type": "boolean",
           "default": "true"
+        },
+        {
+          "name": "NODE_NODE_SEMGREP_JOB_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
         }
       ]
     },
@@ -172,6 +207,13 @@
           "description": "Options for @cyclonedx/cyclonedx-npm used for SBOM analysis",
           "default": "--omit dev",
           "advanced": true
+        },
+        {
+          "name": "NODE_NODE_SBOM_JOB_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
         }
       ]
     },
@@ -190,6 +232,13 @@
           "name": "NODE_PUBLISH_TOKEN",
           "description": "npm publication registry authentication token",
           "secret": true
+        },
+        {
+          "name": "NODE_NODE_PUBLISH_JOB_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
         }
       ]
     }

templates/gitlab-ci-node-vault.yml

@@ -22,7 +22,7 @@ variables:
 .node-base:
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "node", "4.2.1"]
+      command: ["--service", "node", "4.2.2"]
     - name: "$TBC_VAULT_IMAGE"
       alias: "vault-secrets-provider"
   variables:

templates/gitlab-ci-node.yml

@@ -120,6 +120,35 @@ spec:
     publish-args:
       description: npm [publish](https://docs.npmjs.com/cli/v8/commands/npm-publish) extra arguments - yarn [publish](https://classic.yarnpkg.com/lang/en/docs/cli/publish/) extra arguments - pnpm [publish](https://pnpm.io/cli/publish) extra arguments
       default: ''
+    node-build-job-tags:
+      description: tags to filter applicable runners for node-build job
+      type: array
+      default: []
+    node-lint-job-tags:
+      description: tags to filter applicable runners for node-lint job
+      type: array
+      default: []
+    node-audit-job-tags:
+      description: tags to filter applicable runners for node-audit job
+      type: array
+      default: []
+    node-outdated-job-tags:
+      description: tags to filter applicable runners for node-outdated job
+      type: array
+      default: []
+    node-semgrep-job-tags:
+      description: tags to filter applicable runners for node-semgrep job
+      type: array
+      default: []
+    node-sbom-job-tags:
+      description: tags to filter applicable runners for node-sbom job
+      type: array
+      default: []
+    node-publish-job-tags:
+      description: tags to filter applicable runners for node-publish job
+      type: array
+      default: []
+
 ---
 workflow:
   rules:
@@ -615,7 +644,7 @@ stages:
   image: $NODE_IMAGE
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "node", "4.2.1"]
+      command: ["--service", "node", "4.2.2"]
   variables:
     # Yarn cache (better than --cache-folder option, deprecated)
     YARN_CACHE_FOLDER: "$CI_PROJECT_DIR/$NODE_PROJECT_DIR/.yarn"
@@ -683,6 +712,7 @@ node-build:
     - if: '$NODE_BUILD_DISABLED != "true"'
     # else (test only): apply test-policy
     - !reference [.test-policy, rules]
+  tags: $[[ inputs.node-build-job-tags ]]
 
 node-lint:
   extends: .node-base
@@ -696,7 +726,12 @@ node-lint:
         # generate eslint report for SonarQube
         # shellcheck disable=SC2086
         log_info "SonarQube detected: producing ESLint JSON report..."
-        $NODE_MANAGER $NODE_LINT_ARGS -- --format=json --output-file=reports/node-lint.xslint.json || true
+        if [ "$NODE_MANAGER" = "pnpm" ]
+        then
+          $NODE_MANAGER $NODE_LINT_ARGS --format=json --output-file=reports/node-lint.xslint.json || true
+        else
+          $NODE_MANAGER $NODE_LINT_ARGS -- --format=json --output-file=reports/node-lint.xslint.json || true
+        fi
       fi
     # maybe add eslint-formatter-gitlab
     - |
@@ -707,7 +742,13 @@ node-lint:
       fi
     # run ESLint with console output and GitLab report
     # shellcheck disable=SC2086
-    - ESLINT_CODE_QUALITY_REPORT=reports/node-lint.gitlab.json $NODE_MANAGER $NODE_LINT_ARGS -- --format=gitlab
+    - |
+      if [ "$NODE_MANAGER" = "pnpm" ]
+      then
+        ESLINT_CODE_QUALITY_REPORT=reports/node-lint.gitlab.json $NODE_MANAGER $NODE_LINT_ARGS --format=gitlab
+      else
+        ESLINT_CODE_QUALITY_REPORT=reports/node-lint.gitlab.json $NODE_MANAGER $NODE_LINT_ARGS -- --format=gitlab
+      fi
   artifacts:
     when: always # store artifact even if test Failed
     name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
@@ -723,6 +764,7 @@ node-lint:
       when: never
     # on production or integration branch(es): auto & failing
     - !reference [.test-policy, rules]
+  tags: $[[ inputs.node-lint-job-tags ]]
 
 ###############################################################################################
 # Test stage: audit & outdated
@@ -755,6 +797,7 @@ node-audit:
     - if: '$NODE_AUDIT_DISABLED == "true"'
       when: never
     - !reference [.test-policy, rules]
+  tags: $[[ inputs.node-audit-job-tags ]]
 
 # outdated
 node-outdated:
@@ -785,6 +828,7 @@ node-outdated:
     # on non-production, non-integration branches: manual & non-blocking
     - when: manual
       allow_failure: true
+  tags: $[[ inputs.node-outdated-job-tags ]]
 
 # SAST: Semgrep
 node-semgrep:
@@ -817,6 +861,7 @@ node-semgrep:
     - if: '$NODE_SEMGREP_DISABLED == "true"'
       when: never
     - !reference [.test-policy, rules]
+  tags: $[[ inputs.node-semgrep-job-tags ]]
 
 node-sbom:
   extends: .node-base
@@ -853,6 +898,7 @@ node-sbom:
       when: never
     # 'onrelease' mode: use common software delivery rules
     - !reference [.delivery-policy, rules]
+  tags: $[[ inputs.node-sbom-job-tags ]]
 
 node-publish:
   extends: .node-base
@@ -867,3 +913,4 @@ node-publish:
       when: never
     # on tag with release pattern: auto
     - if: '$CI_COMMIT_TAG =~ $RELEASE_REF'
+  tags: $[[ inputs.node-publish-job-tags ]]
\ No newline at end of file