.gitlab-ci.yml

 include:
-  - project: 'to-be-continuous/tools/gitlab-ci'
-    ref: 'master'
-    file: '/templates/extract.yml'
-  - project: 'to-be-continuous/tools/gitlab-ci'
-    ref: 'master'
-    file: '/templates/validation.yml'
-  - project: 'to-be-continuous/kicker'
-    ref: 'master'
-    file: '/templates/validation.yml'
-  - project: 'to-be-continuous/bash'
-    ref: '3.4'
-    file: '/templates/gitlab-ci-bash.yml'
-  - project: 'to-be-continuous/semantic-release'
-    ref: '3.8'
-    file: '/templates/gitlab-ci-semrel.yml'
+  - component: git.code.tecnalia.com/smartdatalab/public/ci-cd-components/gitlab-ci/extract@master
+    inputs:
+      extract-script-job-tags: ["docker"]
+  - component: git.code.tecnalia.com/smartdatalab/public/ci-cd-components/gitlab-ci/validation@master
+    inputs:
+      check-links-job-tags: ["docker"]
+      tbc-check-job-tags: ["docker"]
+      tbc-check-image: cicd-docker-dev.artifact.tecnalia.com/tbc-check:master
+      gitlab-ci-lint-job-tags: ["docker"]
+  - component: git.code.tecnalia.com/smartdatalab/public/ci-cd-components/kicker/validation@master
+    inputs:
+      kicker-validation-job-tags: ["docker"]
+      schema-base-url: "https://git.code.tecnalia.com/api/v4/projects/smartdatalab%2Fpublic%2Fci-cd-components%2Fkicker/repository/files"
+  - component: git.code.tecnalia.com/smartdatalab/public/ci-cd-components/bash/gitlab-ci-bash@master
+    inputs:
+      bash-shellcheck-job-tags: ["docker"]
+  - component: git.code.tecnalia.com/smartdatalab/public/ci-cd-components/semantic-release/gitlab-ci-semrel@master
+    inputs:
+      semantic-release-job-tags: ["docker"]
 
 stages:
   - build

CHANGELOG.md

+## [2.5.2](https://git.code.tecnalia.com/smartdatalab/public/ci-cd-components/gitleaks/compare/2.5.1...2.5.2) (2024-05-20)
+
+
+### Bug Fixes
+
+* **workflow:** disable MR pipeline from prod & integ branches ([3d43c7f](https://git.code.tecnalia.com/smartdatalab/public/ci-cd-components/gitleaks/commit/3d43c7f96d6e623bf20df17f0302b2dbe22b6fa2))
+
+## [2.5.2](https://gitlab.com/to-be-continuous/gitleaks/compare/2.5.1...2.5.2) (2024-05-05)
+
+
+### Bug Fixes
+
+* **workflow:** disable MR pipeline from prod & integ branches ([3d43c7f](https://gitlab.com/to-be-continuous/gitleaks/commit/3d43c7f96d6e623bf20df17f0302b2dbe22b6fa2))
+
 ## [2.5.1](https://gitlab.com/to-be-continuous/gitleaks/compare/2.5.0...2.5.1) (2024-03-31)
 
 

README.md

@@ -19,7 +19,7 @@ Add the following to your `gitlab-ci.yml`:
 ```yaml
 include:
   # 1: include the component
-  - component: gitlab.com/to-be-continuous/gitleaks/gitlab-ci-gitleaks@2.5.1
+  - component: gitlab.com/to-be-continuous/gitleaks/gitlab-ci-gitleaks@2.5.2
     # 2: set/override component inputs
     inputs:
       args: "--no-banner" # ⚠ this is only an example
@@ -33,7 +33,7 @@ Add the following to your `gitlab-ci.yml`:
 include:
   # 1: include the template
   - project: 'to-be-continuous/gitleaks'
-    ref: '2.5.1'
+    ref: '2.5.2'
     file: '/templates/gitlab-ci-gitleaks.yml'
 
 variables:
@@ -51,6 +51,7 @@ They use the following configuration.
 | `image` / `GITLEAKS_IMAGE` | The Docker image used to run Gitleaks  | `registry.hub.docker.com/zricethezav/gitleaks:latest` |
 | `rules` / `GITLEAKS_RULES` | Gitleaks [configuration rules](https://github.com/zricethezav/gitleaks#configuration) to use (you may also provide your own `.gitleaks.toml` configuration file in your project). | _none_ (uses default rules) |
 | `args` / `GITLEAKS_ARGS` | [Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a full Gitleaks analysis (on master or develop branches) | `--verbose` |
+| `gitleaks-job-tags` / `GITLEAKS_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]`            |
 
 ### Configuring Gitleaks rules
 

bumpversion.sh

@@ -33,7 +33,7 @@ if [[ "$curVer" ]]; then
   # replace in template and variants
   for tmpl in templates/*.yml
   do
-    sed -e "s/command: *\[\"--service\", \"\(.*\)\", \"$curVer\"\]/command: [\"--service\", \"\1\", \"$nextVer\"]/" "$tmpl" > "$tmpl.next"
+    sed -e "s/command: *\[ *\"--service\", *\"\(.*\)\", *\"$curVer\" *\]/command: [\"--service\", \"\1\", \"$nextVer\"]/" "$tmpl" > "$tmpl.next"
     mv -f "$tmpl.next" "$tmpl"
   done
 else

kicker.json

@@ -21,6 +21,13 @@
       "description": "[Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a full Gitleaks analysis (on master or develop branches)",
       "default": "--verbose",
       "advanced": true
+    },
+    {
+      "name": "GITLEAKS_GITLEAKS_JOB_TAGS",
+      "description": "Tags to be used for selecting runners for the job",
+      "type": "array",
+      "default": [],
+      "advanced": true
     }
   ]
 }

templates/gitlab-ci-gitleaks.yml

@@ -25,11 +25,19 @@ spec:
     args:
       description: '[Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a full Gitleaks analysis (on master or develop branches)'
       default: '--verbose'
+    gitleaks-job-tags:
+      description: tags to filter applicable runners for Sonar job
+      default: []
+      type: array
+
 ---
 workflow:
   rules:
-    # prevent branch pipeline when an MR is open (prefer MR pipeline)
-    - if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS'
+    # prevent MR pipeline originating from production or integration branch(es)
+    - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME =~ $PROD_REF || $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME =~ $INTEG_REF'
+      when: never
+    # on non-prod, non-integration branches: prefer MR pipeline over branch pipeline
+    - if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS && $CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF'
       when: never
     - if: '$CI_COMMIT_MESSAGE =~ "/\[(ci skip|skip ci) on ([^],]*,)*tag(,[^],]*)*\]/" && $CI_COMMIT_TAG'
       when: never
@@ -222,7 +230,7 @@ gitleaks:
     entrypoint: [""]
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "gitleaks", "2.5.1"]
+      command: ["--service", "gitleaks", "2.5.2"]
   stage: test
   needs: []
   variables:
@@ -241,3 +249,4 @@ gitleaks:
       - reports/gitleaks.*
   rules:
     - !reference [.test-policy, rules]
+  tags: $[[ inputs.gitleaks-job-tags ]]