diff --git a/src/assets/kicker-aggregated.json b/src/assets/kicker-aggregated.json
index 76c87d41887d639ae6b3e4ee46ccb87d2409e4ef..73f801333fa2ced0a73ce9cac7cc688c15ca9810 100644
--- a/src/assets/kicker-aggregated.json
+++ b/src/assets/kicker-aggregated.json
@@ -1,8955 +1 @@
-{
- "extensions": [],
- "presets": [
- {
- "name": "OpenShift Sandbox",
- "description": "[OpenShift Sandbox](https://developers.redhat.com/developer-sandbox) by RedHat",
- "values": {
- "OS_URL": "https://api.sandbox.x8i5.p1.openshiftapps.com:6443",
- "OS_ENVIRONMENT_URL": "https://%{environment_name}.apps.sandbox.x8i5.p1.openshiftapps.com",
- "K8S_URL": "https://api.sandbox.x8i5.p1.openshiftapps.com:6443",
- "K8S_ENVIRONMENT_URL": "https://%{environment_name}.apps.sandbox.x8i5.p1.openshiftapps.com"
- },
- "extension_id": null,
- "project": {
- "tag": "1.0.0",
- "tags": ["1.0.0"],
- "name": "kicker-extras",
- "path": "to-be-continuous/tools/kicker-extras",
- "web_url": "https://gitlab.com/to-be-continuous/tools/kicker-extras"
- }
- },
- {
- "name": "SonarCloud",
- "description": "[SonarCloud](https://www.sonarsource.com/products/sonarcloud/) (SaaS)",
- "values": { "SONAR_HOST_URL": "https://sonarcloud.io" },
- "extension_id": null,
- "project": {
- "tag": "1.0.0",
- "tags": ["1.0.0"],
- "name": "kicker-extras",
- "path": "to-be-continuous/tools/kicker-extras",
- "web_url": "https://gitlab.com/to-be-continuous/tools/kicker-extras"
- }
- }
- ],
- "templates": [
- {
- "name": "Angular",
- "description": "Build, test and analyse your [Angular](https://angular.io/) projects",
- "template_path": "templates/gitlab-ci-angular.yml",
- "kind": "build",
- "prefix": "ng",
- "is_component": true,
- "variables": [
- {
- "name": "NG_CLI_IMAGE",
- "description": "The Docker image used to run Angular-CLI (`ng`) - **set the version required by your project**",
- "default": "registry.hub.docker.com/trion/ng-cli-karma:latest"
- },
- {
- "name": "NPM_CONFIG_REGISTRY",
- "description": "NPM [registry](https://docs.npmjs.com/configuring-your-registry-settings-as-an-npm-enterprise-user)",
- "type": "url",
- "advanced": true
- },
- {
- "name": "NPM_CONFIG_SCOPED_REGISTRIES",
- "description": "Space separated list of NPM [scoped registries](https://docs.npmjs.com/cli/v8/using-npm/scope#associating-a-scope-with-a-registry) (formatted as `@somescope:https://some.npm.registry/some/repo @anotherscope:https://another.npm.registry/another/repo`)",
- "advanced": true
- },
- {
- "name": "NG_WORKSPACE_DIR",
- "description": "Angular workspace directory",
- "default": ".",
- "advanced": true
- },
- {
- "name": "NG_INSTALL_EXTRA_OPTS",
- "description": "Extra options to install project dependencies (with [`npm ci`](https://docs.npmjs.com/cli/ci.html/))",
- "advanced": true
- },
- {
- "name": "NG_BUILD_ARGS",
- "description": "Angular [ng build](https://angular.io/cli/build) arguments",
- "default": "build",
- "advanced": true
- },
- {
- "name": "NG_TEST_ARGS",
- "description": "Angular [ng test](https://angular.io/cli/test) arguments",
- "default": "test --code-coverage --reporters progress,junit --watch=false --no-progress",
- "advanced": true
- }
- ],
- "features": [
- {
- "id": "lint",
- "name": "Angular lint",
- "description": "Angular lint analysis",
- "disable_with": "NG_LINT_DISABLED",
- "variables": [
- {
- "name": "NG_LINT_ARGS",
- "description": "Angular [ng lint](https://angular.io/cli/lint) arguments",
- "default": "lint",
- "advanced": true
- }
- ]
- },
- {
- "id": "publish",
- "name": "Publish",
- "description": "[publishes](https://docs.npmjs.com/cli/v6/commands/npm-publish) the project packages to a npm registry",
- "enable_with": "NG_PUBLISH_ENABLED",
- "variables": [
- {
- "name": "NG_PUBLISH_ARGS",
- "description": "npm [publish](https://docs.npmjs.com/cli/v6/commands/npm-publish) arguments",
- "advanced": true
- },
- {
- "name": "NG_PUBLISH_PROJECTS",
- "description": "Space separated list of projects to publish. If no project is specified, all workspace projects are published.",
- "advanced": true
- },
- {
- "name": "NPM_PUBLISH_REGISTRY",
- "description": "npm registry to publish to. If none is specified, uses GitLab project npm packages registry",
- "secret": true
- },
- {
- "name": "NPM_PUBLISH_TOKEN",
- "description": "NPM publication registry authentication token",
- "secret": true
- }
- ]
- },
- {
- "id": "e2e-test",
- "name": "e2e-test",
- "description": "Run your [e2e tests](https://angular.io/cli/e2e) on your angular project",
- "enable_with": "NG_E2E_ENABLED",
- "variables": [
- {
- "name": "NG_E2E_ARGS",
- "description": "ng [e2e](https://angular.io/cli/e2e) arguments",
- "default": "e2e",
- "advanced": true
- }
- ]
- },
- {
- "id": "sbom",
- "name": "Software Bill of Materials",
- "description": "This job generates a file listing all dependencies using [@cyclonedx/cyclonedx-npm](https://www.npmjs.com/package/@cyclonedx/cyclonedx-npm)",
- "disable_with": "NG_SBOM_DISABLED",
- "variables": [
- {
- "name": "NG_SBOM_VERSION",
- "description": "Version of the @cyclonedx/cyclonedx-npm used for SBOM analysis",
- "advanced": true
- },
- {
- "name": "NG_SBOM_OPTS",
- "description": "Options for @cyclonedx/cyclonedx-npm used for SBOM analysis",
- "default": "--omit dev",
- "advanced": true
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "4.8.0",
- "tags": [
- "4.8.0",
- "4.8",
- "4.7.0",
- "4.7",
- "4.6.0",
- "4.6",
- "4.5.1",
- "4.5.0",
- "4.5",
- "4.4.0",
- "4.4",
- "4.3.2",
- "4.3.1",
- "4.3.0",
- "4.3",
- "4.2.3",
- "4.2.2",
- "4.2.1",
- "4.2.0",
- "4.2",
- "4.1.1",
- "4.1.0",
- "4.1",
- "4.0.0",
- "4.0",
- "4",
- "3.2.1",
- "3.2.0",
- "3.2",
- "3.1.0",
- "3.1",
- "3.0.1",
- "3.0.0",
- "3.0",
- "3",
- "2.2.0",
- "2.2",
- "2.1.0",
- "2.0.1",
- "2.0.0",
- "2",
- "1.2.0",
- "1.1.0",
- "1.0.1",
- "1.0.0"
- ],
- "name": "angular",
- "path": "to-be-continuous/angular",
- "web_url": "https://gitlab.com/to-be-continuous/angular",
- "avatar": "https://gitlab.com/to-be-continuous/angular/-/avatar"
- }
- },
- {
- "name": "Ansible",
- "description": "Provision your infrastructure and deploy your application with [Ansible](https://www.ansible.com/)",
- "template_path": "templates/gitlab-ci-ansible.yml",
- "kind": "hosting",
- "prefix": "ansible",
- "is_component": true,
- "variables": [
- {
- "name": "ANSIBLE_IMAGE",
- "description": "The Docker image used to run Ansible. The image may contain your Ansible sources. **set the version required by your project**",
- "default": "registry.hub.docker.com/cytopia/ansible:latest-tools"
- },
- {
- "name": "ANSIBLE_PROJECT_DIR",
- "description": "Ansible project root directory",
- "default": ".",
- "advanced": true
- },
- {
- "name": "ANSIBLE_BASE_APP_NAME",
- "description": "Base application name",
- "default": "$CI_PROJECT_NAME",
- "advanced": true
- },
- {
- "name": "ANSIBLE_ENVIRONMENT_URL",
- "type": "url",
- "description": "The default environments url _(only define for static environment URLs declaration)_\n\n_supports late variable expansion (ex: `https://%{environment_name}.acme.com`)_"
- },
- {
- "name": "ANSIBLE_VAULT_PASSWORD",
- "description": "The Ansible vault password used to decrypt vars",
- "secret": true
- },
- {
- "name": "ANSIBLE_PRIVATE_KEY",
- "description": "The Ansible SSH private key to use in all stages (can be overridden per env)",
- "secret": true
- },
- {
- "name": "ANSIBLE_PUBLIC_KEY",
- "description": "The Ansible SSH public key associated to the private key to be use in all stages (can be overridden per env)",
- "advanced": true
- },
- {
- "name": "ANSIBLE_DEFAULT_INVENTORY",
- "description": "The default inventory, if used"
- },
- {
- "name": "ANSIBLE_DEFAULT_TAGS",
- "description": "The default tags, if used"
- },
- {
- "name": "ANSIBLE_DEFAULT_EXTRA_ARGS",
- "description": "Optional default args to add to the ansible-playbook command line",
- "advanced": true
- },
- {
- "name": "ANSIBLE_FORCE_COLOR",
- "description": "Forces color on Ansible output",
- "type": "boolean",
- "default": "true",
- "advanced": true
- },
- {
- "name": "ANSIBLE_REQUIREMENTS_FILE",
- "description": "The file used to install roles with `ansible-galaxy role install`",
- "default": "requirements.yml",
- "advanced": true
- },
- {
- "name": "ANSIBLE_GALAXY_EXTRA_ARGS",
- "description": "`ansible-galaxy role install` command [extra options](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html#role-install)",
- "advanced": true
- },
- {
- "name": "ANSIBLE_SCRIPTS_DIR",
- "description": "The Ansible scripts base directory (relative to `$ANSIBLE_PROJECT_DIR`)",
- "default": ".",
- "advanced": true
- },
- {
- "name": "ANSIBLE_HOST_KEY_CHECKING",
- "description": "Enable or disable the SSH host key checking",
- "type": "boolean",
- "default": "false",
- "advanced": true
- },
- {
- "name": "ANSIBLE_DEFAULT_ROLES_PATH",
- "description": "The default path where the roles should be installed",
- "default": "$CI_PROJECT_DIR/roles",
- "advanced": true
- }
- ],
- "features": [
- {
- "id": "lint",
- "name": "Ansible Lint",
- "description": "Static code analysis of your Ansible scripts with [Ansible Lint](https://docs.ansible.com/ansible-lint/)",
- "disable_with": "ANSIBLE_LINT_DISABLED",
- "variables": [
- {
- "name": "ANSIBLE_LINT_IMAGE",
- "description": "The Docker image used to run Ansible Lint.",
- "default": "registry.hub.docker.com/haxorof/ansible-lint:latest"
- }
- ]
- },
- {
- "id": "review",
- "name": "Review",
- "description": "Dynamic review environments for your topic branches (see GitLab [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/))",
- "variables": [
- {
- "name": "ANSIBLE_REVIEW_APP_NAME",
- "description": "The application name for review env (only define to override default)",
- "advanced": true
- },
- {
- "name": "ANSIBLE_REVIEW_ENVIRONMENT_URL",
- "type": "url",
- "description": "The review environments url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "ANSIBLE_REVIEW_INVENTORY",
- "description": "The inventory for `review` env (only define to override default)"
- },
- {
- "name": "ANSIBLE_REVIEW_TAGS",
- "description": "The tags for `review` env (only define to override default)"
- },
- {
- "name": "ANSIBLE_REVIEW_CLEANUP_TAGS",
- "description": "The tags to cleanup the `review` env",
- "mandatory": true
- },
- {
- "name": "ANSIBLE_REVIEW_EXTRA_ARGS",
- "description": "The command line extra args for `review` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "ANSIBLE_REVIEW_AUTOSTOP_DURATION",
- "description": "The amount of time before GitLab will automatically stop `review` environments",
- "default": "4 hours"
- },
- {
- "name": "ANSIBLE_REVIEW_PLAYBOOK_FILE",
- "description": "The playbook filename for `review` env",
- "mandatory": true
- },
- {
- "name": "ANSIBLE_REVIEW_CLEANUP_PLAYBOOK_FILE",
- "description": "The playbook filename to cleanup `review` env (only define if different from deployment playbook)",
- "advanced": true
- },
- {
- "name": "ANSIBLE_REVIEW_PRIVATE_KEY",
- "description": "The SSH private key to be use in `review` env (only define to override default)",
- "secret": true
- },
- {
- "name": "ANSIBLE_REVIEW_PUBLIC_KEY",
- "description": "The SSH public key associated to the private key to be use in `review` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "ANSIBLE_REVIEW_VAULT_PASSWORD",
- "description": "The Ansible vault password for `review` env (only define to override default)",
- "secret": true,
- "advanced": true
- }
- ]
- },
- {
- "id": "integration",
- "name": "Integration",
- "description": "A continuous-integration environment associated to your integration branch (`develop` by default)",
- "variables": [
- {
- "name": "ANSIBLE_INTEG_APP_NAME",
- "description": "The application name for integration env (only define to override default)",
- "advanced": true
- },
- {
- "name": "ANSIBLE_INTEG_AUTOSTOP_DURATION",
- "description": "The amount of time before GitLab will automatically stop the `integration` env",
- "default": "never"
- },
- {
- "name": "ANSIBLE_INTEG_ENVIRONMENT_URL",
- "type": "url",
- "description": "The integration environment url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "ANSIBLE_INTEG_INVENTORY",
- "description": "The inventory for `integration` env (only define to override default)"
- },
- {
- "name": "ANSIBLE_INTEG_TAGS",
- "description": "The tags for `integration` env (only define to override default)"
- },
- {
- "name": "ANSIBLE_INTEG_CLEANUP_TAGS",
- "description": "The tags to cleanup the `integration` env",
- "mandatory": true
- },
- {
- "name": "ANSIBLE_INTEG_EXTRA_ARGS",
- "description": "The command line extra args for `integration` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "ANSIBLE_INTEG_PLAYBOOK_FILE",
- "description": "The playbook filename for `integration` env",
- "mandatory": true
- },
- {
- "name": "ANSIBLE_INTEG_CLEANUP_PLAYBOOK_FILE",
- "description": "The playbook filename to cleanup `integration` env (only define if different from deployment playbook)",
- "advanced": true
- },
- {
- "name": "ANSIBLE_INTEG_PRIVATE_KEY",
- "description": "The SSH private key to be use in `integration` env (only define to override default)",
- "secret": true,
- "advanced": true
- },
- {
- "name": "ANSIBLE_INTEG_PUBLIC_KEY",
- "description": "The SSH public key associated to the private key to be use in `integration` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "ANSIBLE_INTEG_VAULT_PASSWORD",
- "description": "The Ansible vault password for `integration` env (only define to override default)",
- "secret": true,
- "advanced": true
- }
- ]
- },
- {
- "id": "staging",
- "name": "Staging",
- "description": "An iso-prod environment meant for testing and validation purpose on your production branch (`main` or `master` by default)",
- "variables": [
- {
- "name": "ANSIBLE_STAGING_APP_NAME",
- "description": "The application name for staging env (only define to override default)",
- "advanced": true
- },
- {
- "name": "ANSIBLE_STAGING_AUTOSTOP_DURATION",
- "description": "The amount of time before GitLab will automatically stop the `staging` env",
- "default": "never"
- },
- {
- "name": "ANSIBLE_STAGING_ENVIRONMENT_URL",
- "type": "url",
- "description": "The staging environment url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "ANSIBLE_STAGING_INVENTORY",
- "description": "The inventory for `staging` env (only define to override default)"
- },
- {
- "name": "ANSIBLE_STAGING_TAGS",
- "description": "The tags for `staging` env (only define to override default)"
- },
- {
- "name": "ANSIBLE_STAGING_CLEANUP_TAGS",
- "description": "The tags to cleanup the `staging` env",
- "mandatory": true
- },
- {
- "name": "ANSIBLE_STAGING_EXTRA_ARGS",
- "description": "The command line extra args for `staging` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "ANSIBLE_STAGING_PLAYBOOK_FILE",
- "description": "The playbook filename for `staging` env",
- "mandatory": true
- },
- {
- "name": "ANSIBLE_STAGING_CLEANUP_PLAYBOOK_FILE",
- "description": "The playbook filename to cleanup `staging` env (only define if different from deployment playbook)",
- "advanced": true
- },
- {
- "name": "ANSIBLE_STAGING_PRIVATE_KEY",
- "description": "The SSH private key to be use in `staging` env (only define to override default)",
- "secret": true,
- "advanced": true
- },
- {
- "name": "ANSIBLE_STAGING_PUBLIC_KEY",
- "description": "The SSH public key associated to the private key to be use in `staging` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "ANSIBLE_STAGING_VAULT_PASSWORD",
- "description": "The Ansible vault password for `staging` env (only define to override default)",
- "secret": true,
- "advanced": true
- }
- ]
- },
- {
- "id": "prod",
- "name": "Production",
- "description": "The production environment",
- "variables": [
- {
- "name": "ANSIBLE_PROD_APP_NAME",
- "description": "The application name for production env (only define to override default)",
- "advanced": true
- },
- {
- "name": "ANSIBLE_PROD_ENVIRONMENT_URL",
- "type": "url",
- "description": "The production environment url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "ANSIBLE_PROD_DEPLOY_STRATEGY",
- "description": "Defines the deployment to production strategy.",
- "type": "enum",
- "values": ["manual", "auto"],
- "default": "manual"
- },
- {
- "name": "ANSIBLE_PROD_INVENTORY",
- "description": "The inventory for `production` env (only define to override default)"
- },
- {
- "name": "ANSIBLE_PROD_TAGS",
- "description": "The tags for `production` env (only define to override default)"
- },
- {
- "name": "ANSIBLE_PROD_EXTRA_ARGS",
- "description": "The command line extra args for `production` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "ANSIBLE_PROD_PLAYBOOK_FILE",
- "description": "The playbook filename for `production` env",
- "mandatory": true
- },
- {
- "name": "ANSIBLE_PROD_PRIVATE_KEY",
- "description": "The SSH private key to be use in `production` env (only define to override default)",
- "secret": true,
- "advanced": true
- },
- {
- "name": "ANSIBLE_PROD_PUBLIC_KEY",
- "description": "The SSH public key associated to the private key to be use in `production` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "ANSIBLE_PROD_VAULT_PASSWORD",
- "description": "The Ansible vault password for `production` env (only define to override default)",
- "secret": true,
- "advanced": true
- }
- ]
- }
- ],
- "variants": [
- {
- "id": "vault",
- "name": "Vault",
- "description": "Retrieve secrets from a [Vault](https://www.vaultproject.io/) server",
- "template_path": "templates/gitlab-ci-ansible-vault.yml",
- "variables": [
- {
- "name": "TBC_VAULT_IMAGE",
- "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",
- "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",
- "advanced": true
- },
- {
- "name": "VAULT_BASE_URL",
- "description": "The Vault server base API url",
- "mandatory": true
- },
- {
- "name": "VAULT_OIDC_AUD",
- "description": "The `aud` claim for the JWT",
- "default": "$CI_SERVER_URL"
- },
- {
- "name": "VAULT_ROLE_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID",
- "mandatory": true,
- "secret": true
- },
- {
- "name": "VAULT_SECRET_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID",
- "mandatory": true,
- "secret": true
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "6.3.0",
- "tags": [
- "6.3.0",
- "6.3",
- "6.2.0",
- "6.2",
- "6.1.3",
- "6.1.2",
- "6.1.1",
- "6.1.0",
- "6.1",
- "6.0.1",
- "6.0.0",
- "6.0",
- "6",
- "5.1.0",
- "5.1",
- "5.0.0",
- "5.0",
- "5",
- "4.1.0",
- "4.1",
- "4.0.0",
- "4.0",
- "4",
- "3.5.2",
- "3.5.1",
- "3.5.0",
- "3.5",
- "3.4.1",
- "3.4.0",
- "3.4",
- "3.3.0",
- "3.3",
- "3.2.0",
- "3.2",
- "3.1.0",
- "3.1",
- "3.0.0",
- "3.0",
- "3",
- "2.3.0",
- "2.3",
- "2.2.0",
- "2.2",
- "2.1.4",
- "2.1.3",
- "2.1.2",
- "2.1.1",
- "2.1.0",
- "2.0.1",
- "2.0.0",
- "2",
- "1.2.1",
- "1.2.0",
- "1.1.0",
- "1.0.0"
- ],
- "name": "ansible",
- "path": "to-be-continuous/ansible",
- "web_url": "https://gitlab.com/to-be-continuous/ansible",
- "avatar": "https://gitlab.com/to-be-continuous/ansible/-/avatar"
- }
- },
- {
- "name": "Amazon Web Services",
- "description": "Deploy your application to [Amazon Web Services](https://aws.amazon.com/)",
- "template_path": "templates/gitlab-ci-aws.yml",
- "kind": "hosting",
- "prefix": "aws",
- "is_component": true,
- "variables": [
- {
- "name": "AWS_CLI_IMAGE",
- "description": "The Docker image used to run AWS CLI commands",
- "default": "registry.hub.docker.com/amazon/aws-cli:latest"
- },
- {
- "name": "AWS_BASE_APP_NAME",
- "description": "Base application name",
- "default": "$CI_PROJECT_NAME",
- "advanced": true
- },
- {
- "name": "AWS_ENVIRONMENT_URL",
- "type": "url",
- "description": "The default environments url _(only define for static environment URLs declaration)_\n\n_supports late variable expansion (ex: `https://%{environment_name}.aws.acme.com`)_"
- },
- {
- "name": "AWS_SCRIPTS_DIR",
- "description": "Directory where AWS scripts (deploy & cleanup) are located",
- "default": ".",
- "advanced": true
- }
- ],
- "features": [
- {
- "id": "review",
- "name": "Review",
- "description": "Dynamic review environments for your topic branches (see GitLab [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/))",
- "enable_with": "AWS_REVIEW_ENABLED",
- "variables": [
- {
- "name": "AWS_REVIEW_APP_NAME",
- "description": "The application name for review env (only define to override default)",
- "advanced": true
- },
- {
- "name": "AWS_REVIEW_AUTOSTOP_DURATION",
- "description": "The amount of time before GitLab will automatically stop `review` environments",
- "default": "4 hours"
- },
- {
- "name": "AWS_REVIEW_ENVIRONMENT_URL",
- "type": "url",
- "description": "The review environments url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- }
- ]
- },
- {
- "id": "integration",
- "name": "Integration",
- "description": "A continuous-integration environment associated to your integration branch (`develop` by default)",
- "enable_with": "AWS_INTEG_ENABLED",
- "variables": [
- {
- "name": "AWS_INTEG_APP_NAME",
- "description": "The application name for integration env (only define to override default)",
- "advanced": true
- },
- {
- "name": "AWS_INTEG_ENVIRONMENT_URL",
- "type": "url",
- "description": "The integration environment url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- }
- ]
- },
- {
- "id": "staging",
- "name": "Staging",
- "description": "An iso-prod environment meant for testing and validation purpose on your production branch (`main` or `master` by default)",
- "enable_with": "AWS_STAGING_ENABLED",
- "variables": [
- {
- "name": "AWS_STAGING_APP_NAME",
- "description": "The application name for staging env (only define to override default)",
- "advanced": true
- },
- {
- "name": "AWS_STAGING_ENVIRONMENT_URL",
- "type": "url",
- "description": "The staging environment url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- }
- ]
- },
- {
- "id": "prod",
- "name": "Production",
- "description": "The production environment",
- "enable_with": "AWS_PROD_ENABLED",
- "variables": [
- {
- "name": "AWS_PROD_APP_NAME",
- "description": "The application name for production env (only define to override default)",
- "advanced": true
- },
- {
- "name": "AWS_PROD_ENVIRONMENT_URL",
- "type": "url",
- "description": "The production environment url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "AWS_PROD_DEPLOY_STRATEGY",
- "description": "Defines the deployment to production strategy.",
- "type": "enum",
- "values": ["manual", "auto"],
- "default": "manual"
- }
- ]
- }
- ],
- "variants": [
- {
- "id": "oidc",
- "name": "OpenID Connect",
- "description": "Enables [federated authentication using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/)",
- "template_path": "templates/gitlab-ci-aws-oidc.yml",
- "variables": [
- {
- "name": "AWS_OIDC_AUD",
- "description": "The `aud` claim for the JWT",
- "default": "$CI_SERVER_URL"
- },
- {
- "name": "AWS_OIDC_ROLE_ARN",
- "description": "Default IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/)",
- "advanced": true
- },
- {
- "name": "AWS_REVIEW_OIDC_ROLE_ARN",
- "description": "IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/) on `review` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "AWS_INTEG_OIDC_ROLE_ARN",
- "description": "IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/) on `integration` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "AWS_STAGING_OIDC_ROLE_ARN",
- "description": "IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/) on `staging` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "AWS_PROD_OIDC_ROLE_ARN",
- "description": "IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/) on `production` env _(only define to override default)_",
- "advanced": true
- }
- ]
- },
- {
- "id": "vault",
- "name": "Vault",
- "description": "Retrieve secrets from a [Vault](https://www.vaultproject.io/) server",
- "template_path": "templates/gitlab-ci-aws-vault.yml",
- "variables": [
- {
- "name": "TBC_VAULT_IMAGE",
- "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",
- "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",
- "advanced": true
- },
- {
- "name": "VAULT_OIDC_AUD",
- "description": "The `aud` claim for the JWT",
- "default": "$CI_SERVER_URL"
- },
- {
- "name": "VAULT_BASE_URL",
- "description": "The Vault server base API url",
- "mandatory": true
- },
- {
- "name": "VAULT_ROLE_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID",
- "mandatory": true,
- "secret": true
- },
- {
- "name": "VAULT_SECRET_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID",
- "mandatory": true,
- "secret": true
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "5.2.0",
- "tags": [
- "5.2.0",
- "5.2",
- "5.1.0",
- "5.1",
- "5.0.2",
- "5.0.1",
- "5.0.0",
- "5.0",
- "5",
- "4.1.0",
- "4.1",
- "4.0.0",
- "4.0",
- "4",
- "3.2.0",
- "3.2",
- "3.1.0",
- "3.1",
- "3.0.0",
- "3.0",
- "3",
- "2.3.2",
- "2.3.1",
- "2.3.0",
- "2.3",
- "2.2.0",
- "2.2",
- "2.1.0",
- "2.1",
- "2.0.0",
- "2.0",
- "2",
- "1.4.0",
- "1.4",
- "1.3.0",
- "1.3",
- "1.2.0",
- "1.2",
- "1.1.3",
- "1.1.2",
- "1.1.1",
- "1.1.0",
- "1.0.2",
- "1.0.1",
- "1.0.0",
- "1"
- ],
- "name": "aws",
- "path": "to-be-continuous/aws",
- "web_url": "https://gitlab.com/to-be-continuous/aws",
- "avatar": "https://gitlab.com/to-be-continuous/aws/-/avatar"
- }
- },
- {
- "name": "Azure",
- "description": "Deploy your application to [Azure](https://azure.microsoft.com/)",
- "template_path": "templates/gitlab-ci-azure.yml",
- "kind": "hosting",
- "prefix": "azure",
- "is_component": true,
- "variables": [
- {
- "name": "AZURE_CLI_IMAGE",
- "description": "The Docker image used to run Azure CLI commands",
- "default": "mcr.microsoft.com/azure-cli:latest"
- },
- {
- "name": "AZURE_BASE_APP_NAME",
- "description": "Base application name",
- "default": "$CI_PROJECT_NAME",
- "advanced": true
- },
- {
- "name": "AZURE_ENVIRONMENT_URL",
- "type": "url",
- "description": "The default environments url _(only define for static environment URLs declaration)_\n\n_supports late variable expansion (ex: `https://%{environment_name}.azure.acme.com`)_"
- },
- {
- "name": "AZURE_SCRIPTS_DIR",
- "description": "Directory where Azure scripts (deploy & cleanup) are located",
- "default": ".",
- "advanced": true
- },
- {
- "name": "AZURE_SP_CLIENT_ID",
- "description": "Default Service Principal client ID _(only define if using Service Principal authentication with credentials)_",
- "advanced": true
- },
- {
- "name": "AZURE_SP_PASSWORD",
- "description": "Default Service Principal password (client secret or certificate (File type)) (only define if using Service Principal authentication with credentials)",
- "advanced": true,
- "secret": true
- },
- {
- "name": "AZURE_SP_TENANT_ID",
- "description": "Default Service Principal tenant ID _(only define if using Service Principal authentication with credentials)_",
- "advanced": true
- }
- ],
- "features": [
- {
- "id": "review",
- "name": "Review",
- "description": "Dynamic review environments for your topic branches (see GitLab [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/))",
- "enable_with": "AZURE_REVIEW_ENABLED",
- "variables": [
- {
- "name": "AZURE_REVIEW_APP_NAME",
- "description": "The application name for review env (only define to override default)",
- "advanced": true
- },
- {
- "name": "AZURE_REVIEW_AUTOSTOP_DURATION",
- "description": "The amount of time before GitLab will automatically stop `review` environments",
- "default": "4 hours"
- },
- {
- "name": "AZURE_REVIEW_ENVIRONMENT_URL",
- "type": "url",
- "description": "The review environments url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "AZURE_REVIEW_SP_CLIENT_ID",
- "description": "Service Principal client ID for `review` env - _(only define if using Service Principal authentication with credentials and if different from default)_",
- "advanced": true
- },
- {
- "name": "AZURE_REVIEW_SP_PASSWORD",
- "description": "Service Principal password (client secret or certificate (File type)) for `review` env - (only define if using Service Principal authentication with credentials and if different from default)",
- "advanced": true,
- "secret": true
- },
- {
- "name": "AZURE_REVIEW_SP_TENANT_ID",
- "description": "Service Principal tenant ID for `review` env - _(only define if using Service Principal authentication with credentials and if different from default)_",
- "advanced": true
- }
- ]
- },
- {
- "id": "integration",
- "name": "Integration",
- "description": "A continuous-integration environment associated to your integration branch (`develop` by default)",
- "enable_with": "AZURE_INTEG_ENABLED",
- "variables": [
- {
- "name": "AZURE_INTEG_APP_NAME",
- "description": "The application name for integration env (only define to override default)",
- "advanced": true
- },
- {
- "name": "AZURE_INTEG_ENVIRONMENT_URL",
- "type": "url",
- "description": "The integration environment url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "AZURE_INTEG_SP_CLIENT_ID",
- "description": "Service Principal client ID for `integration` env - _(only define if using Service Principal authentication with credentials and if different from default)_",
- "advanced": true
- },
- {
- "name": "AZURE_INTEG_SP_PASSWORD",
- "description": "Service Principal password (client secret or certificate (File type)) for `integration` env - (only define if using Service Principal authentication with credentials and if different from default)",
- "advanced": true,
- "secret": true
- },
- {
- "name": "AZURE_INTEG_SP_TENANT_ID",
- "description": "Service Principal tenant ID for `integration` env - _(only define if using Service Principal authentication with credentials and if different from default)_",
- "advanced": true
- }
- ]
- },
- {
- "id": "staging",
- "name": "Staging",
- "description": "An iso-prod environment meant for testing and validation purpose on your production branch (`main` or `master` by default)",
- "enable_with": "AZURE_STAGING_ENABLED",
- "variables": [
- {
- "name": "AZURE_STAGING_APP_NAME",
- "description": "The application name for staging env (only define to override default)",
- "advanced": true
- },
- {
- "name": "AZURE_STAGING_ENVIRONMENT_URL",
- "type": "url",
- "description": "The staging environment url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "AZURE_STAGING_SP_CLIENT_ID",
- "description": "Service Principal client ID for `staging` env - _(only define if using Service Principal authentication with credentials and if different from default)_",
- "advanced": true
- },
- {
- "name": "AZURE_STAGING_SP_PASSWORD",
- "description": "Service Principal password (client secret or certificate (File type)) for `staging` env - (only define if using Service Principal authentication with credentials and if different from default)",
- "advanced": true,
- "secret": true
- },
- {
- "name": "AZURE_STAGING_SP_TENANT_ID",
- "description": "Service Principal tenant ID for `staging` env - _(only define if using Service Principal authentication with credentials and if different from default)_",
- "advanced": true
- }
- ]
- },
- {
- "id": "prod",
- "name": "Production",
- "description": "The production environment",
- "enable_with": "AZURE_PROD_ENABLED",
- "variables": [
- {
- "name": "AZURE_PROD_APP_NAME",
- "description": "The application name for production env (only define to override default)",
- "advanced": true
- },
- {
- "name": "AZURE_PROD_ENVIRONMENT_URL",
- "type": "url",
- "description": "The production environment url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "AZURE_PROD_DEPLOY_STRATEGY",
- "description": "Defines the deployment to production strategy.",
- "type": "enum",
- "values": ["manual", "auto"],
- "default": "manual"
- },
- {
- "name": "AZURE_PROD_SP_CLIENT_ID",
- "description": "Service Principal client ID for `production` env - _(only define if using Service Principal authentication with credentials and if different from default)_",
- "advanced": true
- },
- {
- "name": "AZURE_PROD_SP_PASSWORD",
- "description": "Service Principal password (client secret or certificate (File type)) for `production` env - (only define if using Service Principal authentication with credentials and if different from default)",
- "advanced": true,
- "secret": true
- },
- {
- "name": "AZURE_PROD_SP_TENANT_ID",
- "description": "Service Principal tenant ID for `production` env - _(only define if using Service Principal authentication with credentials and if different from default)_",
- "advanced": true
- }
- ]
- }
- ],
- "variants": [
- {
- "id": "oidc",
- "name": "OpenID Connect",
- "description": "Enables [federated authentication using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/azure/)",
- "template_path": "templates/gitlab-ci-azure-oidc.yml",
- "variables": [
- {
- "name": "AZURE_OIDC_AUD",
- "description": "The `aud` claim for the JWT",
- "default": "api://AzureADTokenExchange"
- },
- {
- "name": "AZURE_OIDC_CLIENT_ID",
- "description": "Default Service Principal client ID associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/azure/)",
- "advanced": true
- },
- {
- "name": "AZURE_OIDC_TENANT_ID",
- "description": "Default Service Principal tenant ID associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/azure/)",
- "advanced": true
- },
- {
- "name": "AZURE_REVIEW_OIDC_CLIENT_ID",
- "description": "Service Principal client ID associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/azure/) on `review` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "AZURE_REVIEW_OIDC_TENANT_ID",
- "description": "Service Principal tenant ID associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/azure/) on `review` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "AZURE_INTEG_OIDC_CLIENT_ID",
- "description": "Service Principal client ID associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/azure/) on `integration` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "AZURE_INTEG_OIDC_TENANT_ID",
- "description": "Service Principal tenant ID associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/azure/) on `integration` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "AZURE_STAGING_OIDC_CLIENT_ID",
- "description": "Service Principal client ID associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/azure/) on `staging` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "AZURE_STAGING_OIDC_TENANT_ID",
- "description": "Service Principal tenant ID associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/azure/) on `staging` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "AZURE_PROD_OIDC_CLIENT_ID",
- "description": "Service Principal client ID associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/azure/) on `production` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "AZURE_PROD_OIDC_TENANT_ID",
- "description": "Service Principal tenant ID associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/azure/) on `production` env _(only define to override default)_",
- "advanced": true
- }
- ]
- },
- {
- "id": "vault",
- "name": "Vault",
- "description": "Retrieve secrets from a [Vault](https://www.vaultproject.io/) server",
- "template_path": "templates/gitlab-ci-azure-vault.yml",
- "variables": [
- {
- "name": "TBC_VAULT_IMAGE",
- "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",
- "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",
- "advanced": true
- },
- {
- "name": "VAULT_OIDC_AUD",
- "description": "The `aud` claim for the JWT",
- "default": "$CI_SERVER_URL"
- },
- {
- "name": "VAULT_BASE_URL",
- "description": "The Vault server base API url",
- "mandatory": true
- },
- {
- "name": "VAULT_ROLE_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID",
- "mandatory": true,
- "secret": true
- },
- {
- "name": "VAULT_SECRET_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID",
- "mandatory": true,
- "secret": true
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "2.2.0",
- "tags": [
- "2.2.0",
- "2.2",
- "2.1.0",
- "2.1",
- "2.0.2",
- "2.0.1",
- "2.0.0",
- "2.0",
- "2",
- "1.0.0",
- "1.0",
- "1"
- ],
- "name": "azure",
- "path": "to-be-continuous/azure",
- "web_url": "https://gitlab.com/to-be-continuous/azure",
- "avatar": "https://gitlab.com/to-be-continuous/azure/-/avatar"
- }
- },
- {
- "name": "Bash",
- "description": "Test and analyse your shell code",
- "template_path": "templates/gitlab-ci-bash.yml",
- "kind": "build",
- "prefix": "bash",
- "is_component": true,
- "features": [
- {
- "id": "shellcheck",
- "name": "ShellCheck",
- "description": "Analyse your shell scripts with [ShellCheck](https://github.com/koalaman/shellcheck)",
- "disable_with": "BASH_SHELLCHECK_DISABLED",
- "variables": [
- {
- "name": "BASH_SHELLCHECK_IMAGE",
- "description": "The Docker image used to run [ShellCheck](https://github.com/koalaman/shellcheck)",
- "default": "registry.hub.docker.com/koalaman/shellcheck-alpine:stable",
- "advanced": true
- },
- {
- "name": "BASH_SHELLCHECK_FILES",
- "description": "Shell file(s) pattern to analyse",
- "default": "**/*.sh"
- },
- {
- "name": "BASH_SHELLCHECK_OPTS",
- "description": "ShellCheck [options](https://github.com/koalaman/shellcheck/blob/master/shellcheck.1.md)"
- }
- ]
- },
- {
- "id": "bats",
- "name": "Bats",
- "description": "Test your shell scripts with [Bats](https://bats-core.readthedocs.io/) (Bash Automated Testing System)",
- "enable_with": "BASH_BATS_ENABLED",
- "variables": [
- {
- "name": "BASH_BATS_IMAGE",
- "description": "The Docker image used to run [Bats](https://hub.docker.com/r/bats/bats)",
- "default": "registry.hub.docker.com/bats/bats:latest",
- "advanced": true
- },
- {
- "name": "BASH_BATS_TESTS",
- "description": "The path to a Bats test file, or the path to a directory containing Bats test files",
- "default": "tests"
- },
- {
- "name": "BASH_BATS_OPTS",
- "description": "Bats [options](https://bats-core.readthedocs.io/en/stable/usage.html)"
- },
- {
- "name": "BASH_BATS_LIBRARIES",
- "description": "Coma separated list of Bats [libraries and add-ons](https://bats-core.readthedocs.io/en/stable/writing-tests.html#libraries-and-add-ons)\n\nFormatted as: `lib_name_1@archive_url_1 lib_name_2@archive_url_2 ...`\n\nExample: `bats-support@https://github.com/bats-core/bats-support/archive/v0.3.0.zip bats-assert@https://github.com/bats-core/bats-assert/archive/v2.0.0.zip`"
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "3.4.0",
- "tags": [
- "3.4.0",
- "3.4",
- "3.3.0",
- "3.3",
- "3.2.1",
- "3.2.0",
- "3.2",
- "3.1.2",
- "3.1.1",
- "3.1.0",
- "3.1",
- "3.0.1",
- "3.0.0",
- "3.0",
- "3",
- "2.1.1",
- "2.1.0",
- "2.1",
- "2.0.1",
- "2.0.0",
- "2",
- "1.0.0"
- ],
- "name": "bash",
- "path": "to-be-continuous/bash",
- "web_url": "https://gitlab.com/to-be-continuous/bash",
- "avatar": "https://gitlab.com/to-be-continuous/bash/-/avatar"
- }
- },
- {
- "name": "Bruno",
- "description": "Test your APIs with [Bruno](https://www.usebruno.com/)",
- "template_path": "templates/gitlab-ci-bruno.yml",
- "kind": "acceptance",
- "prefix": "bru",
- "is_component": true,
- "variables": [
- {
- "name": "BRU_IMAGE",
- "description": "The Docker image used to run the [Bruno CLI](https://docs.usebruno.com/cli/overview.html)",
- "default": "registry.hub.docker.com/library/node:latest"
- },
- {
- "name": "BRU_COLLECTIONS",
- "description": "The matcher to select Bruno collection directory(ies) to run",
- "default": "bruno"
- },
- {
- "name": "BRU_BASE_URL",
- "description": "Explicit base url environment to test.\n\n_Auto-evaluated by default._",
- "type": "url",
- "advanced": true
- },
- {
- "name": "BRU_EXTRA_ARGS",
- "description": "Bruno extra [run options](https://docs.usebruno.com/cli/overview.html#options)",
- "advanced": true
- },
- {
- "name": "REVIEW_ENABLED",
- "description": "Set to enable Bruno tests on review environments (dynamic environments instantiated on development branches)",
- "type": "boolean"
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "1.2.0",
- "tags": ["1.2.0", "1.2", "1.1.0", "1.1", "1.0.0", "1.0", "1"],
- "name": "bruno",
- "path": "to-be-continuous/bruno",
- "web_url": "https://gitlab.com/to-be-continuous/bruno",
- "avatar": "https://gitlab.com/to-be-continuous/bruno/-/avatar"
- }
- },
- {
- "name": "Cloud Foundry",
- "description": "Deploy your application to a [Cloud Foundry](https://www.cloudfoundry.org/) platform",
- "template_path": "templates/gitlab-ci-cf.yml",
- "kind": "hosting",
- "variables": [
- {
- "name": "CF_CLI_IMAGE",
- "description": "The Docker image used to run CF CLI commands - **set the version required by your Cloud Foundry server**",
- "default": "registry.hub.docker.com/governmentpaas/cf-cli"
- },
- {
- "name": "CF_MANIFEST_BASENAME",
- "description": "CF manifest file basename (without extension nor env suffix)",
- "default": "manifest",
- "advanced": true
- },
- {
- "name": "CF_URL",
- "type": "url",
- "description": "Global Cloud Foundry API url",
- "mandatory": true
- },
- {
- "name": "CF_ORG",
- "description": "Global Cloud Foundry organization for project",
- "mandatory": true
- },
- {
- "name": "CF_DEFAULT_DOMAIN",
- "description": "Global Cloud Foundry default CF domain _(only define if you want to use a different domain from CF default)_",
- "advanced": true
- },
- {
- "name": "CF_DEFAULT_ROUTE_PATH",
- "description": "Global Cloud Foundry default CF route path _(only define if you want to add a route path to your application route)_",
- "advanced": true
- },
- {
- "name": "CF_USER",
- "description": "Global Cloud Foundry username",
- "secret": true,
- "mandatory": true
- },
- {
- "name": "CF_PASSWORD",
- "description": "Global Cloud Foundry password",
- "secret": true,
- "mandatory": true
- },
- {
- "name": "CF_BASE_APP_NAME",
- "description": "Base application name",
- "default": "$CI_PROJECT_NAME",
- "advanced": true
- },
- {
- "name": "CF_SCRIPTS_DIR",
- "description": "directory where Cloud Foundry scripts (manifest, hook scripts) are located",
- "default": ".",
- "advanced": true
- }
- ],
- "features": [
- {
- "id": "review",
- "name": "Review",
- "description": "Dynamic review environments for your topic branches (see GitLab [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/))",
- "variables": [
- {
- "name": "CF_REVIEW_SPACE",
- "description": "Cloud Foundry space for review env",
- "mandatory": true
- },
- {
- "name": "CF_REVIEW_APP_NAME",
- "description": "The application name for review env (only define if different from global)",
- "advanced": true
- },
- {
- "name": "CF_REVIEW_ENVIRONMENT_SCHEME",
- "description": "The review environment protocol scheme",
- "default": "https",
- "mandatory": true
- },
- {
- "name": "CF_REVIEW_ENVIRONMENT_DOMAIN",
- "description": "The review environment domain (ex: `noprod-cloudfoundry.domain.com`).\n\nBy default review `environment.url` will be built as `${CF_REVIEW_ENVIRONMENT_SCHEME}://${$CI_PROJECT_NAME}-${CI_ENVIRONMENT_SLUG}.${CF_REVIEW_ENVIRONMENT_DOMAIN}/${CF_REVIEW_ROUTE_PATH}`",
- "mandatory": true
- },
- {
- "name": "CF_REVIEW_ROUTE_PATH",
- "description": "The review environment route path",
- "advanced": true
- },
- {
- "name": "CF_REVIEW_ZERODOWNTIME",
- "type": "boolean",
- "description": "Enables zero-downtime deployment on review env",
- "advanced": true
- },
- {
- "name": "CF_REVIEW_URL",
- "type": "url",
- "description": "Cloud Foundry API url for review env (only define if different from global)",
- "advanced": true
- },
- {
- "name": "CF_REVIEW_USER",
- "description": "Cloud Foundry API username for review env (only define if different from global)",
- "secret": true
- },
- {
- "name": "CF_REVIEW_PASSWORD",
- "description": "Cloud Foundry API password for review env (only define if different from global)",
- "secret": true
- },
- {
- "name": "CLEANUP_ALL_REVIEW",
- "description": "Enables a **manual** job to cleanup all review envs at once.\n\nYou may also use it to [schedule](https://docs.gitlab.com/ee/ci/pipelines/schedules.html) cloud resources cleanup. See documentation.",
- "type": "boolean"
- },
- {
- "name": "CF_REVIEW_RETIRED_APP_SUFFIX",
- "description": "If set, the app old version is not deleted/overriden but renamed with this suffix",
- "advanced": true
- }
- ]
- },
- {
- "id": "integration",
- "name": "Integration",
- "description": "A continuous-integration environment associated to your integration branch (`develop` by default)",
- "variables": [
- {
- "name": "CF_INTEG_SPACE",
- "description": "Cloud Foundry space for integration env",
- "mandatory": true
- },
- {
- "name": "CF_INTEG_APP_NAME",
- "description": "The application name for integration env (only define if different from global)",
- "advanced": true
- },
- {
- "name": "CF_INTEG_DOMAIN",
- "description": "The integration environment domain",
- "mandatory": true
- },
- {
- "name": "CF_INTEG_ROUTE_PATH",
- "description": "The integration environment route path",
- "advanced": true
- },
- {
- "name": "CF_INTEG_ENVIRONMENT_URL",
- "type": "url",
- "description": "The integration environment url including scheme (ex: `https://my-application-integration.noprod-cloudfoundry.domain.com`).\n\nDo not use variable inside variable definition as it will result in a two level cascade variable and gitlab does not allow that.",
- "mandatory": true
- },
- {
- "name": "CF_INTEG_ZERODOWNTIME",
- "type": "boolean",
- "description": "Enables zero-downtime deployment on integration env",
- "advanced": true
- },
- {
- "name": "CF_INTEG_URL",
- "type": "url",
- "description": "Cloud Foundry API url for integration env (only define if different from global)",
- "advanced": true
- },
- {
- "name": "CF_INTEG_USER",
- "description": "Cloud Foundry API username for integration env (only define if different from global)",
- "secret": true
- },
- {
- "name": "CF_INTEG_PASSWORD",
- "description": "Cloud Foundry API password for integration env (only define if different from global)",
- "secret": true
- },
- {
- "name": "CF_INTEG_RETIRED_APP_SUFFIX",
- "description": "If set, the app old version is not deleted/overriden but renamed with this suffix",
- "advanced": true
- }
- ]
- },
- {
- "id": "staging",
- "name": "Staging",
- "description": "An iso-prod environment meant for testing and validation purpose on your production branch (`main` or `master` by default)",
- "variables": [
- {
- "name": "CF_STAGING_SPACE",
- "description": "Cloud Foundry space for staging env",
- "mandatory": true
- },
- {
- "name": "CF_STAGING_APP_NAME",
- "description": "The application name for staging env (only define if different from global)",
- "advanced": true
- },
- {
- "name": "CF_STAGING_DOMAIN",
- "description": "The staing environment domain",
- "mandatory": true
- },
- {
- "name": "CF_STAGING_ROUTE_PATH",
- "description": "The staging environment route path",
- "advanced": true
- },
- {
- "name": "CF_STAGING_ENVIRONMENT_URL",
- "type": "url",
- "description": "The staging environment url including scheme (ex: `https://my-application-staging.noprod-cloudfoundry.domain.com`).\n\nDo not use variable inside variable definition as it will result in a two level cascade variable and gitlab does not allow that.",
- "mandatory": true
- },
- {
- "name": "CF_STAGING_ZERODOWNTIME",
- "type": "boolean",
- "description": "Enables zero-downtime deployment on staging env",
- "advanced": true
- },
- {
- "name": "CF_STAGING_URL",
- "type": "url",
- "description": "Cloud Foundry API url for staging env (only define if different from global)",
- "advanced": true
- },
- {
- "name": "CF_STAGING_USER",
- "description": "Cloud Foundry API username for staging env (only define if different from global)",
- "secret": true
- },
- {
- "name": "CF_STAGING_PASSWORD",
- "description": "Cloud Foundry API password for staging env (only define if different from global)",
- "secret": true
- },
- {
- "name": "CF_STAGING_RETIRED_APP_SUFFIX",
- "description": "If set, the app old version is not deleted/overriden but renamed with this suffix",
- "advanced": true
- }
- ]
- },
- {
- "id": "prod",
- "name": "Production",
- "description": "The production environment",
- "variables": [
- {
- "name": "CF_PROD_SPACE",
- "description": "Cloud Foundry space for production env",
- "mandatory": true
- },
- {
- "name": "CF_PROD_APP_NAME",
- "description": "The application name for production env (only define if different from global)",
- "advanced": true
- },
- {
- "name": "CF_PROD_DOMAIN",
- "description": "The production environment domain",
- "mandatory": true
- },
- {
- "name": "CF_PROD_ROUTE_PATH",
- "description": "The production environment route path",
- "advanced": true
- },
- {
- "name": "CF_PROD_ENVIRONMENT_URL",
- "type": "url",
- "description": "The production environment url including scheme (ex: `https://my-application.cloudfoundry.domain.com`).\n\nDo not use variable inside variable definition as it will result in a two level cascade variable and gitlab does not allow that.",
- "mandatory": true
- },
- {
- "name": "CF_PROD_DEPLOY_STRATEGY",
- "description": "Defines the deployment to production strategy.",
- "type": "enum",
- "values": ["manual", "auto"],
- "default": "manual"
- },
- {
- "name": "CF_PROD_ZERODOWNTIME",
- "type": "boolean",
- "description": "Enables zero-downtime deployment on production env",
- "advanced": true
- },
- {
- "name": "CF_PROD_URL",
- "type": "url",
- "description": "Cloud Foundry API url for production env (only define if different from global)",
- "advanced": true
- },
- {
- "name": "CF_PROD_USER",
- "description": "Cloud Foundry API username for production env (only define if different from global)",
- "secret": true
- },
- {
- "name": "CF_PROD_PASSWORD",
- "description": "Cloud Foundry API password for production env (only define if different from global)",
- "secret": true
- },
- {
- "name": "CF_PROD_RETIRED_APP_SUFFIX",
- "description": "If set, the app old version is not deleted/overriden but renamed with this suffix",
- "advanced": true
- }
- ]
- }
- ],
- "variants": [
- {
- "id": "vault",
- "name": "Vault",
- "description": "Retrieve secrets from a [Vault](https://www.vaultproject.io/) server",
- "template_path": "templates/gitlab-ci-cf-vault.yml",
- "variables": [
- {
- "name": "TBC_VAULT_IMAGE",
- "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",
- "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",
- "advanced": true
- },
- {
- "name": "VAULT_BASE_URL",
- "description": "The Vault server base API url"
- },
- {
- "name": "VAULT_OIDC_AUD",
- "description": "The `aud` claim for the JWT",
- "default": "$CI_SERVER_URL"
- },
- {
- "name": "VAULT_ROLE_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID",
- "mandatory": true,
- "secret": true
- },
- {
- "name": "VAULT_SECRET_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID",
- "mandatory": true,
- "secret": true
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "4.3.0",
- "tags": [
- "4.3.0",
- "4.3",
- "4.2.0",
- "4.2",
- "4.1.0",
- "4.1",
- "4.0.2",
- "4.0.1",
- "4.0.0",
- "4.0",
- "4",
- "3.1.0",
- "3.1",
- "3.0.0",
- "3.0",
- "3",
- "2.1.1",
- "2.1.0",
- "2.1",
- "2.0.1",
- "2.0.0",
- "2.0",
- "2",
- "1.8.1",
- "1.8.0",
- "1.8",
- "1.7.0",
- "1.7",
- "1.6.4",
- "1.6.3",
- "1.6.2",
- "1.6.1",
- "1.6.0",
- "1.5.1",
- "1.5.0",
- "1.4.4",
- "1.4.3",
- "1.4.2",
- "1.4.1",
- "1.4.0",
- "1.3.0",
- "1.2.1",
- "1.2.0",
- "1.1.0",
- "1.0.1",
- "1.0.0",
- "1"
- ],
- "name": "cloud-foundry",
- "path": "to-be-continuous/cloud-foundry",
- "web_url": "https://gitlab.com/to-be-continuous/cloud-foundry",
- "avatar": "https://gitlab.com/to-be-continuous/cloud-foundry/-/avatar"
- }
- },
- {
- "name": "Cloud Native Buildpacks",
- "description": "Transform your application source code into images that can run on any cloud with [Cloud Native Buildpacks](https://buildpacks.io/)",
- "template_path": "templates/gitlab-ci-cnb.yml",
- "kind": "package",
- "prefix": "cnb",
- "is_component": true,
- "variables": [
- {
- "name": "CNB_BUILDER_IMAGE",
- "description": "The CNB builder image used to build your application image\n\n_depending on your needs, [choose the most appropriate one](https://paketo.io/docs/concepts/builders/#what-paketo-builders-are-available)_",
- "default": "registry.hub.docker.com/paketobuildpacks/builder:base"
- },
- {
- "name": "CNB_APP_DIR",
- "description": "Absolute root directory in final image",
- "default": "/workspace",
- "advanced": true
- },
- {
- "name": "CNB_SRC_APP_DIR",
- "description": "Relative path to the application source code base directory in your repository",
- "default": ".",
- "advanced": true
- },
- {
- "name": "CNB_PLATFORM_API",
- "description": "The CNB [platform API version](https://github.com/buildpacks/spec/blob/main/platform.md#platform-api-version)",
- "default": "0.9",
- "advanced": true
- },
- {
- "name": "CNB_SNAPSHOT_IMAGE",
- "description": "CNB snapshot image",
- "default": "$CI_REGISTRY_IMAGE/snapshot:$CI_COMMIT_REF_SLUG"
- },
- {
- "name": "CNB_RELEASE_IMAGE",
- "description": "CNB release image",
- "default": "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"
- }
- ],
- "features": [
- {
- "id": "publish",
- "name": "Publish",
- "description": "Promotes the snapshot image as the release image using [skopeo](https://github.com/containers/skopeo)",
- "variables": [
- {
- "name": "CNB_SKOPEO_IMAGE",
- "description": "The docker image used to publish docker image with Skopeo",
- "default": "quay.io/skopeo/stable:latest"
- },
- {
- "name": "CNB_PUBLISH_ARGS",
- "description": "Additional [`skopeo copy` arguments](https://github.com/containers/skopeo/blob/master/docs/skopeo-copy.1.md#options)",
- "advanced": true
- },
- {
- "name": "CNB_PROD_PUBLISH_STRATEGY",
- "description": "Defines the publish to production strategy.",
- "type": "enum",
- "values": ["none", "manual", "auto"],
- "default": "manual"
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "2.3.0",
- "tags": [
- "2.3.0",
- "2.3",
- "2.2.1",
- "2.2.0",
- "2.2",
- "2.1.2",
- "2.1.1",
- "2.1.0",
- "2.1",
- "2.0.0",
- "2.0",
- "2",
- "1.0.3",
- "1.0.2",
- "1.0.1",
- "1.0.0",
- "1.0",
- "1"
- ],
- "name": "cnb",
- "path": "to-be-continuous/cnb",
- "web_url": "https://gitlab.com/to-be-continuous/cnb",
- "avatar": "https://gitlab.com/to-be-continuous/cnb/-/avatar"
- }
- },
- {
- "name": "Cypress",
- "description": "Run your automated (web) tests with [Cypress](https://www.cypress.io/)",
- "template_path": "templates/gitlab-ci-cypress.yml",
- "kind": "acceptance",
- "prefix": "cypress",
- "is_component": true,
- "variables": [
- {
- "name": "CYPRESS_IMAGE",
- "description": "The Docker image used to run Cypress (use [included images](https://github.com/cypress-io/cypress-docker-images/tree/master/included) only).",
- "default": "registry.hub.docker.com/cypress/included:12.0.2"
- },
- {
- "name": "CYPRESS_PROJECT_DIR",
- "description": "The Cypress project directory (containing `cypress.config.js` or `cypress.config.ts`)",
- "default": "."
- },
- {
- "name": "CYPRESS_EXTRA_ARGS",
- "description": "Cypress extra [run options](https://docs.cypress.io/guides/guides/command-line.html#cypress-run) (to select a different browser, configuration or spec files for e.g.)",
- "advanced": true
- },
- {
- "name": "REVIEW_ENABLED",
- "description": "Set to enable Cypress tests on review environments (dynamic environments instantiated on development branches)",
- "type": "boolean"
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "3.5.0",
- "tags": [
- "3.5.0",
- "3.5",
- "3.4.0",
- "3.4",
- "3.3.1",
- "3.3.0",
- "3.3",
- "3.2.1",
- "3.2.0",
- "3.2",
- "3.1.1",
- "3.1.0",
- "3.1",
- "3.0.0",
- "3.0",
- "3",
- "2.1.0",
- "2.1",
- "2.0.1",
- "2.0.0",
- "2",
- "1.2.0",
- "1.1.0",
- "1.0.0"
- ],
- "name": "cypress",
- "path": "to-be-continuous/cypress",
- "web_url": "https://gitlab.com/to-be-continuous/cypress",
- "avatar": "https://gitlab.com/to-be-continuous/cypress/-/avatar"
- }
- },
- {
- "name": "dbt",
- "description": "Continuously integrate and deploy your data with [dbt](https://www.getdbt.com/)",
- "template_path": "templates/gitlab-ci-dbt.yml",
- "kind": "build",
- "prefix": "dbt",
- "is_component": true,
- "variables": [
- {
- "name": "DBT_IMAGE",
- "description": "The Docker image used to run dbt",
- "default": "registry.hub.docker.com/library/python:latest"
- },
- {
- "name": "DBT_PROJECT_DIR",
- "description": "The [dbt_project.yml](https://docs.getdbt.com/reference/dbt_project.yml) dir",
- "default": "."
- },
- {
- "name": "DBT_PROFILES_DIR",
- "description": "The dbt [profile](https://docs.getdbt.com/dbt-cli/configure-your-profile) location",
- "default": "."
- },
- {
- "name": "DBT_ADAPTER",
- "description": "The dbt [adapter](https://docs.getdbt.com/docs/available-adapters) to use ",
- "mandatory": true
- },
- {
- "name": "DBT_TARGET",
- "description": "The dbt [target](https://docs.getdbt.com/reference/dbt-jinja-functions/target) to use "
- },
- {
- "name": "DBT_BUILD_ARGS",
- "description": "Arguments used by [dbt cli](https://docs.getdbt.com/reference/global-configs#command-line-flags) ",
- "advanced": true
- }
- ],
- "features": [
- {
- "id": "dbt-sqlfluff-lint",
- "name": "SQLFluff lint",
- "description": "Lint SQL from dbt project",
- "enable_with": "DBT_SQLFLUFF_ENABLED",
- "variables": [
- {
- "name": "DBT_SQLFLUFF_LINT_ARGS",
- "description": "Lint [options and arguments](https://docs.sqlfluff.com/en/stable/reference/cli.html#sqlfluff-lint)",
- "advanced": true
- },
- {
- "name": "SQLFLUFF_WORKING_DIR",
- "description": "Sqlfluff working directory, scope of configuration and sql files used",
- "default": ".",
- "advanced": true
- }
- ]
- },
- {
- "id": "dbt-deploy",
- "name": "dbt deploy",
- "description": "execute generated SQL from models on target",
- "enable_with": "DBT_DEPLOY_ENABLED"
- },
- {
- "id": "review",
- "name": "Review",
- "description": "Dynamic review environments for your topic branches (see GitLab [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/))",
- "variables": [
- {
- "name": "DBT_REVIEW_TARGET",
- "description": "dbt [target](https://docs.getdbt.com/reference/dbt-jinja-functions/target) for `review` env",
- "mandatory": true
- }
- ]
- },
- {
- "id": "integration",
- "name": "Integration",
- "description": "A continuous-integration environment associated to your integration branch (`develop` by default)",
- "variables": [
- {
- "name": "DBT_INTEG_TARGET",
- "description": " dbt [target](https://docs.getdbt.com/reference/dbt-jinja-functions/target) for `integration` env",
- "mandatory": true
- }
- ]
- },
- {
- "id": "staging",
- "name": "Staging",
- "description": "An iso-prod environment meant for testing and validation purpose on your production branch (`main` or `master` by default)",
- "variables": [
- {
- "name": "DBT_STAGING_TARGET",
- "description": "dbt [target](https://docs.getdbt.com/reference/dbt-jinja-functions/target) for `staging` env",
- "mandatory": true
- }
- ]
- },
- {
- "id": "prod",
- "name": "Production",
- "description": "The production environment",
- "variables": [
- {
- "name": "DBT_PROD_TARGET",
- "description": "dbt [target](https://docs.getdbt.com/reference/dbt-jinja-functions/target) for `production` env ",
- "mandatory": true
- },
- {
- "name": "DBT_PROD_DEPLOY_STRATEGY",
- "description": "Defines the deployment to production strategy.",
- "type": "enum",
- "values": ["manual", "auto"],
- "default": "manual"
- }
- ]
- }
- ],
- "variants": [
- {
- "id": "pages",
- "name": "GitLab Pages",
- "description": "Adds a job to publish the generated site to GitLab pages",
- "template_path": "templates/gitlab-ci-dbt-pages.yml"
- },
- {
- "id": "gcp-auth-provider",
- "name": "Google Cloud",
- "description": "Retrieves an [OAuth access token](https://developers.google.com/identity/protocols/oauth2) for [dbt BigQuery setup](https://docs.getdbt.com/reference/warehouse-setups/bigquery-setup)",
- "template_path": "templates/gitlab-ci-dbt-gcp.yml",
- "variables": [
- {
- "name": "TBC_GCP_PROVIDER_IMAGE",
- "description": "The [GCP Auth Provider](https://gitlab.com/to-be-continuous/tools/gcp-auth-provider) image to use",
- "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",
- "advanced": true
- },
- {
- "name": "GCP_OIDC_AUD",
- "description": "The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/))_",
- "default": "$CI_SERVER_URL",
- "advanced": true
- },
- {
- "name": "GCP_OIDC_ACCOUNT",
- "description": "Default Service Account to which impersonate with OpenID Connect authentication"
- },
- {
- "name": "GCP_OIDC_PROVIDER",
- "description": "Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/)"
- },
- {
- "name": "GCP_REVIEW_OIDC_ACCOUNT",
- "description": "Service Account to which impersonate with OpenID Connect authentication on `review` environment",
- "advanced": true
- },
- {
- "name": "GCP_REVIEW_OIDC_PROVIDER",
- "description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `review` environment",
- "advanced": true
- },
- {
- "name": "GCP_INTEG_OIDC_ACCOUNT",
- "description": "Service Account to which impersonate with OpenID Connect authentication on `integration` environment",
- "advanced": true
- },
- {
- "name": "GCP_INTEG_OIDC_PROVIDER",
- "description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `integration` environment",
- "advanced": true
- },
- {
- "name": "GCP_STAGING_OIDC_ACCOUNT",
- "description": "Service Account to which impersonate with OpenID Connect authentication on `staging` environment",
- "advanced": true
- },
- {
- "name": "GCP_STAGING_OIDC_PROVIDER",
- "description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `staging` environment",
- "advanced": true
- },
- {
- "name": "GCP_PROD_OIDC_ACCOUNT",
- "description": "Service Account to which impersonate with OpenID Connect authentication on `production` environment",
- "advanced": true
- },
- {
- "name": "GCP_PROD_OIDC_PROVIDER",
- "description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `production` environment",
- "advanced": true
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "3.2.0",
- "tags": [
- "3.2.0",
- "3.2",
- "3.1.1",
- "3.1.0",
- "3.1",
- "3.0.1",
- "3.0.0",
- "3.0",
- "3",
- "2.1.1",
- "2.1.0",
- "2.1",
- "2.0.0",
- "2.0",
- "2",
- "1.3.0",
- "1.3",
- "1.2.0",
- "1.2",
- "1.1.1",
- "1.1.0",
- "1.1",
- "1.0.1",
- "1.0.0",
- "1.0",
- "1"
- ],
- "name": "dbt",
- "path": "to-be-continuous/dbt",
- "web_url": "https://gitlab.com/to-be-continuous/dbt",
- "avatar": "https://gitlab.com/to-be-continuous/dbt/-/avatar"
- }
- },
- {
- "name": "DefectDojo",
- "description": "Import security reports into [DefectDojo](https://www.defectdojo.org/)",
- "template_path": "templates/gitlab-ci-defectdojo.yml",
- "kind": "analyse",
- "prefix": "defectdojo",
- "is_component": true,
- "variables": [
- {
- "name": "DEFECTDOJO_BASE_IMAGE",
- "description": "The Docker image used to run import",
- "default": "registry.hub.docker.com/library/node:alpine3.11"
- },
- {
- "name": "DEFECTDOJO_SERVER_URL",
- "description": "URL of DefectDojo server",
- "mandatory": true
- },
- {
- "name": "DEFECTDOJO_API_KEY",
- "description": "Your DefectDojo API v2 key - must be saved as a masked CI/CD variable",
- "secret": true,
- "mandatory": true
- },
- {
- "name": "DEFECTDOJO_DIR",
- "description": "DefectDojo working directory",
- "default": ".",
- "advanced": true
- },
- {
- "name": "DEFECTDOJO_NOPROD_ENABLED",
- "description": "Determines whether security reports produced in non-production branches are uploaded to DefectDojo",
- "type": "boolean"
- },
- {
- "name": "DEFECTDOJO_TIMEZONE",
- "description": "Time zone used for naming imports in DefectDojo",
- "default": "Europe/Paris",
- "advanced": true
- },
- {
- "name": "DEFECTDOJO_SMTP_SERVER",
- "description": "name:port of SMTP server used for notifications - if this value is set, DefectDojo will send an e-mail notification in case of new vulnerabilities",
- "default": "dist",
- "advanced": true
- },
- {
- "name": "DEFECTDOJO_NOTIFICATION_SEVERITIES",
- "description": "List of severities for which you want to be notified - DEFECTDOJO_SMTP_SERVER must be defined if you want to be notified",
- "default": "Critical,High",
- "advanced": true
- },
- {
- "name": "DEFECTDOJO_BANDIT_REPORTS",
- "description": "path to Bandit JSON reports",
- "default": "bandit*.json reports/py-bandit.bandit.json",
- "advanced": true
- },
- {
- "name": "DEFECTDOJO_DC_REPORTS",
- "description": "Path to Dependency Check reports",
- "default": "dependency-check*.xml",
- "advanced": true
- },
- {
- "name": "DEFECTDOJO_DC_GRADLE_REPORTS",
- "description": "Path to Dependency Check reports from Gradle template",
- "default": "dependency-check*.xml",
- "advanced": true
- },
- {
- "name": "DEFECTDOJO_GITLEAKS_REPORTS",
- "description": "Path to Gitleaks reports",
- "default": "gitleaks/gitleaks-report.json reports/gitleaks.native.json",
- "advanced": true
- },
- {
- "name": "DEFECTDOJO_HADOLINT_REPORTS",
- "description": "Path to Hadolint reports",
- "default": "hadolint-json-*.json reports/docker-hadolint-*.native.json",
- "advanced": true
- },
- {
- "name": "DEFECTDOJO_MOBSF_REPORTS",
- "description": "Path to MobSF reports",
- "default": "mobsf*.json",
- "advanced": true
- },
- {
- "name": "DEFECTDOJO_NODEJSSCAN_REPORTS",
- "description": "Path to NodeJSScan reports",
- "default": "nodejsscan-report-sarif.json",
- "advanced": true
- },
- {
- "name": "DEFECTDOJO_NPMAUDIT_REPORTS",
- "description": "Path to NPMAudit reports",
- "default": "npm-audit*.json",
- "advanced": true
- },
- {
- "name": "DEFECTDOJO_TESTSSL_REPORTS",
- "description": "Path to TestSSL reports",
- "default": "reports/testssl.native.csv",
- "advanced": true
- },
- {
- "name": "DEFECTDOJO_TRIVY_REPORTS",
- "description": "Path to Trivy reports",
- "default": "trivy/*.json trivy-*.json reports/docker-trivy-*.native.json reports/py-trivy.trivy.json",
- "advanced": true
- },
- {
- "name": "DEFECTDOJO_ZAP_REPORTS",
- "description": "Path to Zap reports",
- "default": "reports/zap.native.xml",
- "advanced": true
- },
- {
- "name": "ZAP_TPL_PROJECT",
- "description": "Path to Zap template",
- "advanced": true
- },
- {
- "name": "DEFECTDOJO_SEMGREP_REPORTS",
- "description": "Path to Semgrep reports",
- "default": "reports/semgrep.native.json",
- "advanced": true
- },
- {
- "name": "SEMGREP_TEMPLATE",
- "description": "Path to Semgrep template",
- "advanced": true
- },
- {
- "name": "DEFECTDOJO_SONARQUBE_SINCELEAKPERIOD",
- "description": "Determines if delta analysis is activated for SonarQube export",
- "type": "boolean",
- "advanced": true
- },
- {
- "name": "DEFECTDOJO_SONARQUBE_NOSECURITYHOTSPOT",
- "description": "Set this flag to true if SonarQube version does not support security hotspots (v < 7.3)",
- "type": "boolean",
- "default": "true",
- "advanced": true
- },
- {
- "name": "DEFECTDOJO_SONARQUBE_ALLBUGS",
- "description": "In SonarQube, determines if all bugs are exported (true) or only vulnerabilities (false)",
- "type": "boolean",
- "advanced": true
- }
- ],
- "variants": [
- {
- "id": "vault",
- "name": "Vault",
- "description": "Retrieve secrets from a [Vault](https://www.vaultproject.io/) server",
- "template_path": "templates/gitlab-ci-defectdojo-vault.yml",
- "variables": [
- {
- "name": "TBC_VAULT_IMAGE",
- "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",
- "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",
- "advanced": true
- },
- {
- "name": "VAULT_BASE_URL",
- "description": "The Vault server base API url",
- "mandatory": true
- },
- {
- "name": "VAULT_OIDC_AUD",
- "description": "The `aud` claim for the JWT",
- "default": "$CI_SERVER_URL"
- },
- {
- "name": "VAULT_ROLE_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID",
- "mandatory": true,
- "secret": true
- },
- {
- "name": "VAULT_SECRET_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID",
- "mandatory": true,
- "secret": true
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "2.6.0",
- "tags": [
- "2.6.0",
- "2.6",
- "2.5.1",
- "2.5.0",
- "2.5",
- "2.4.1",
- "2.4.0",
- "2.4",
- "2.3.2",
- "2.3.1",
- "2.3.0",
- "2.3",
- "2.2.0",
- "2.2",
- "2.1.1",
- "2.1.0",
- "2.1",
- "2.0.7",
- "2.0.6",
- "2.0.5",
- "2.0.4",
- "2.0.3",
- "2.0.2",
- "2.0.1",
- "2.0.0",
- "2.0",
- "2",
- "1.2.0",
- "1.2",
- "1.1.1",
- "1.1.0",
- "1.1",
- "1.0.4",
- "1.0.3",
- "1.0.2",
- "1.0.1",
- "1.0.0",
- "1"
- ],
- "name": "defectdojo",
- "path": "to-be-continuous/defectdojo",
- "web_url": "https://gitlab.com/to-be-continuous/defectdojo",
- "avatar": "https://gitlab.com/to-be-continuous/defectdojo/-/avatar"
- }
- },
- {
- "name": "Docker",
- "description": "Build, check and inspect your containers with [Docker](https://www.docker.com/)",
- "template_path": "templates/gitlab-ci-docker.yml",
- "kind": "package",
- "prefix": "docker",
- "is_component": true,
- "variables": [
- {
- "name": "DOCKER_BUILD_TOOL",
- "type": "enum",
- "values": ["kaniko", "buildah", "dind"],
- "description": "The build tool to use for building container image",
- "default": "kaniko"
- },
- {
- "name": "DOCKER_KANIKO_IMAGE",
- "description": "The image used to run kaniko\n\n_for kaniko build only_",
- "default": "gcr.io/kaniko-project/executor:debug"
- },
- {
- "name": "DOCKER_BUILDAH_IMAGE",
- "description": "The image used to run buildah\n\n_for buildah build only_",
- "default": "quay.io/buildah/stable:latest"
- },
- {
- "name": "DOCKER_IMAGE",
- "description": "The image used to run the docker client\n\n_for Docker-in-Docker(dind) build only_",
- "default": "registry.hub.docker.com/library/docker:latest"
- },
- {
- "name": "DOCKER_DIND_IMAGE",
- "description": "The image used to run the Docker daemon\n\n_for Docker-in-Docker(dind) build only_",
- "default": "registry.hub.docker.com/library/docker:dind"
- },
- {
- "name": "DOCKER_SKOPEO_IMAGE",
- "description": "The image used to publish docker image with Skopeo",
- "default": "quay.io/skopeo/stable:latest"
- },
- {
- "name": "DOCKER_FILE",
- "description": "The path to your `Dockerfile`",
- "default": "Dockerfile"
- },
- {
- "name": "DOCKER_CONTEXT_PATH",
- "description": "The Docker [context path](https://docs.docker.com/engine/reference/commandline/build/#build-with-path) (working directory) - _only set if you want a context path different from the Dockerfile location_",
- "advanced": true
- },
- {
- "name": "DOCKER_CONFIG_FILE",
- "description": "Path to the [Docker configuration file](https://docs.docker.com/engine/reference/commandline/cli/#sample-configuration-file) (JSON)",
- "default": ".docker/config.json",
- "advanced": true
- },
- {
- "name": "DOCKER_SNAPSHOT_IMAGE",
- "description": "Docker snapshot image",
- "default": "$CI_REGISTRY_IMAGE/snapshot:$CI_COMMIT_REF_SLUG"
- },
- {
- "name": "DOCKER_RELEASE_IMAGE",
- "description": "Docker release image",
- "default": "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"
- },
- {
- "name": "DOCKER_RELEASE_EXTRA_TAGS_PATTERN",
- "description": "Defines the image tag pattern that `$DOCKER_RELEASE_IMAGE` should match to push extra tags (supports capturing groups)\n\nDefaults to [SemVer](https://semver.org/) pattern.",
- "default": "^v?(?P<major>[0-9]+)\\.(?P<minor>[0-9]+)\\.(?P<patch>[0-9]+)(?P<suffix>(?P<prerelease>-[0-9A-Za-z-\\.]+)?(?P<build>\\+[0-9A-Za-z-\\.]+)?)$",
- "advanced": true
- },
- {
- "name": "DOCKER_RELEASE_EXTRA_TAGS",
- "description": "Defines extra tags to publish the _release_ image\n\nSupports capturing group references from `$DOCKER_RELEASE_EXTRA_TAGS_PATTERN` (ex: `latest \\g<major>.\\g<minor> \\g<major>`)",
- "advanced": true
- },
- {
- "name": "DOCKER_BUILD_ARGS",
- "description": "Additional docker/kaniko/buildah build arguments"
- },
- {
- "name": "DOCKER_METADATA",
- "description": "Additional metadata to set as labels",
- "default": "--label org.opencontainers.image.url=${CI_PROJECT_URL} --label org.opencontainers.image.source=${CI_PROJECT_URL} --label org.opencontainers.image.title=${CI_PROJECT_PATH} --label org.opencontainers.image.ref.name=${CI_COMMIT_REF_NAME} --label org.opencontainers.image.revision=${CI_COMMIT_SHA} --label org.opencontainers.image.created=${CI_JOB_STARTED_AT}",
- "advanced": true
- },
- {
- "name": "DOCKER_PUBLISH_ARGS",
- "description": "Additional [`skopeo copy` arguments](https://github.com/containers/skopeo/blob/master/docs/skopeo-copy.1.md#options)"
- },
- {
- "name": "DOCKER_PROD_PUBLISH_STRATEGY",
- "description": "Defines the publish to production strategy.",
- "type": "enum",
- "values": ["none", "manual", "auto"],
- "default": "manual"
- },
- {
- "name": "DOCKER_SEMREL_RELEASE_DISABLED",
- "description": "Disable integration with the [semantic release template](https://gitlab.com/to-be-continuous/semantic-release/)",
- "type": "boolean"
- },
- {
- "name": "DOCKER_REGISTRY_MIRROR",
- "description": "URL of a Docker registry mirror to use instead of default `https://index.docker.io`\n\n_Used by `kaniko` and `dind` builds only_"
- },
- {
- "name": "CONTAINER_REGISTRIES_CONFIG_FILE",
- "description": "The [registries.conf](https://www.redhat.com/sysadmin/manage-container-registries) configuration to be used\n\n_Used by the `buildah` build only_",
- "advanced": true
- },
- {
- "name": "KANIKO_SNAPSHOT_IMAGE_CACHE",
- "description": "Snapshot image repository that will be used to store cached layers.\n\n_Used by the `kaniko` build only_",
- "default": "${DOCKER_SNAPSHOT_IMAGE%:*}/cache",
- "advanced": true
- },
- {
- "name": "DOCKER_BUILD_CACHE_DISABLED",
- "description": "Set to `true` to disable the build cache.",
- "type": "boolean",
- "advanced": true
- }
- ],
- "features": [
- {
- "id": "hadolint",
- "name": "Hadolint",
- "description": "This job performs a [Lint](https://github.com/hadolint/hadolint) on your `Dockerfile`.",
- "disable_with": "DOCKER_HADOLINT_DISABLED",
- "variables": [
- {
- "name": "DOCKER_HADOLINT_IMAGE",
- "description": "The docker image to lint your Dockerfile with Hadolint",
- "default": "registry.hub.docker.com/hadolint/hadolint:latest-alpine"
- },
- {
- "name": "DOCKER_HADOLINT_ARGS",
- "description": "Additional `hadolint` arguments",
- "advanced": true
- }
- ]
- },
- {
- "id": "healthcheck",
- "name": "Health Check",
- "description": "[Health Check](https://docs.docker.com/engine/reference/builder/#healthcheck) image analysis",
- "disable_with": "DOCKER_HEALTHCHECK_DISABLED",
- "variables": [
- {
- "name": "DOCKER_HEALTHCHECK_TIMEOUT",
- "type": "number",
- "description": "When testing an image, how long (in seconds) wait for the HealthCheck status",
- "default": "60",
- "advanced": true
- },
- {
- "name": "DOCKER_HEALTHCHECK_OPTIONS",
- "description": "Docker options for health check such as port mapping, environment...",
- "advanced": true
- },
- {
- "name": "DOCKER_HEALTHCHECK_CONTAINER_ARGS",
- "description": "Arguments sent to the running container for health check",
- "advanced": true
- }
- ]
- },
- {
- "id": "trivy",
- "name": "Trivy",
- "description": "[Trivy](https://github.com/aquasecurity/trivy) vulnerability analysis",
- "disable_with": "DOCKER_TRIVY_DISABLED",
- "variables": [
- {
- "name": "DOCKER_TRIVY_IMAGE",
- "description": "The docker image used to scan images with Trivy",
- "default": "registry.hub.docker.com/aquasec/trivy:latest",
- "advanced": true
- },
- {
- "name": "DOCKER_TRIVY_ADDR",
- "type": "url",
- "description": "The Trivy server address"
- },
- {
- "name": "DOCKER_TRIVY_SECURITY_LEVEL_THRESHOLD",
- "type": "enum",
- "values": [
- "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL",
- "LOW,MEDIUM,HIGH,CRITICAL",
- "MEDIUM,HIGH,CRITICAL",
- "HIGH,CRITICAL",
- "CRITICAL"
- ],
- "description": "Severities of vulnerabilities to be displayed (comma separated values: `UNKNOWN`, `LOW`, `MEDIUM`, `HIGH`, `CRITICAL`)",
- "default": "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
- },
- {
- "name": "DOCKER_TRIVY_ARGS",
- "description": "Additional `trivy client` arguments",
- "default": "--ignore-unfixed --vuln-type os --exit-on-eol 1",
- "advanced": true
- }
- ]
- },
- {
- "id": "sbom",
- "name": "Software Bill of Materials",
- "description": "This job generates a file listing all dependencies using [syft](https://github.com/anchore/syft)",
- "disable_with": "DOCKER_SBOM_DISABLED",
- "variables": [
- {
- "name": "DOCKER_SBOM_IMAGE",
- "default": "registry.hub.docker.com/anchore/syft:debug"
- },
- {
- "name": "DOCKER_SBOM_OPTS",
- "description": "Options for syft used for SBOM analysis",
- "default": "--override-default-catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger",
- "advanced": true
- }
- ]
- }
- ],
- "variants": [
- {
- "id": "vault",
- "name": "Vault",
- "description": "Retrieve secrets from a [Vault](https://www.vaultproject.io/) server",
- "template_path": "templates/gitlab-ci-docker-vault.yml",
- "variables": [
- {
- "name": "TBC_VAULT_IMAGE",
- "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",
- "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",
- "advanced": true
- },
- {
- "name": "VAULT_BASE_URL",
- "description": "The Vault server base API url",
- "mandatory": true
- },
- {
- "name": "VAULT_OIDC_AUD",
- "description": "The `aud` claim for the JWT",
- "default": "$CI_SERVER_URL"
- },
- {
- "name": "VAULT_ROLE_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID",
- "mandatory": true,
- "secret": true
- },
- {
- "name": "VAULT_SECRET_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID",
- "mandatory": true,
- "secret": true
- }
- ]
- },
- {
- "id": "gcp",
- "name": "Google Cloud",
- "description": "Retrieves a registry authentication for the Google Cloud's [Artifact Registry](https://cloud.google.com/artifact-registry)",
- "template_path": "templates/gitlab-ci-docker-gcp.yml",
- "variables": [
- {
- "name": "TBC_GCP_PROVIDER_IMAGE",
- "description": "The [GCP Auth Provider](https://gitlab.com/to-be-continuous/tools/gcp-auth-provider) image to use",
- "default": "registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:main",
- "advanced": true
- },
- {
- "name": "GCP_OIDC_AUD",
- "description": "The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/))_",
- "default": "$CI_SERVER_URL",
- "advanced": true
- },
- {
- "name": "GCP_OIDC_ACCOUNT",
- "description": "Default Service Account to which impersonate with OpenID Connect authentication"
- },
- {
- "name": "GCP_OIDC_PROVIDER",
- "description": "Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/)"
- },
- {
- "name": "GCP_SNAPSHOT_OIDC_ACCOUNT",
- "description": "Service Account to use to push the snapshot image _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "GCP_SNAPSHOT_OIDC_PROVIDER",
- "description": "Workload Identity Provider to push the snapshot image _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "GCP_RELEASE_OIDC_ACCOUNT",
- "description": "Service Account to use to push the release image _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "GCP_RELEASE_OIDC_PROVIDER",
- "description": "Workload Identity Provider to push the release image _(only define to override default)_",
- "advanced": true
- }
- ]
- },
- {
- "id": "ecr",
- "name": "Amazon ECR",
- "description": "Retrieves a registry authentication for the Amazon's [Elastic Container Registry](https://docs.aws.amazon.com/ecr/)",
- "template_path": "templates/gitlab-ci-docker-ecr.yml",
- "variables": [
- {
- "name": "TBC_AWS_PROVIDER_IMAGE",
- "description": "The [AWS Auth Provider](https://gitlab.com/to-be-continuous/tools/aws-auth-provider) image to use",
- "default": "registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:master",
- "advanced": true
- },
- {
- "name": "AWS_REGION",
- "description": "Default region (where the ECR registry is located)"
- },
- {
- "name": "AWS_SNAPSHOT_REGION",
- "description": "Region of the ECR registry for the snapshot image _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "AWS_RELEASE_REGION",
- "description": "Region of the ECR registry for the release image _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "AWS_OIDC_AUD",
- "description": "The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/))_",
- "default": "$CI_SERVER_URL",
- "advanced": true
- },
- {
- "name": "AWS_OIDC_ROLE_ARN",
- "description": "Default IAM Role ARN associated with GitLab _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/))_"
- },
- {
- "name": "AWS_SNAPSHOT_OIDC_ROLE_ARN",
- "description": "IAM Role ARN associated with GitLab for the snapshot image _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/) and if different from default)_",
- "advanced": true
- },
- {
- "name": "AWS_RELEASE_OIDC_ROLE_ARN",
- "description": "IAM Role ARN associated with GitLab for the release image _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/) and if different from default)_",
- "advanced": true
- },
- {
- "name": "AWS_ACCESS_KEY_ID",
- "description": "Default access key ID (only required for basic authentication)",
- "secret": true,
- "advanced": true
- },
- {
- "name": "AWS_SECRET_ACCESS_KEY",
- "description": "Default secret access key (only required for basic authentication)",
- "secret": true,
- "advanced": true
- },
- {
- "name": "AWS_SNAPSHOT_ACCESS_KEY_ID",
- "description": "Access key ID for the snapshot image (only required for basic authentication and if different from default)",
- "secret": true,
- "advanced": true
- },
- {
- "name": "AWS_SNAPSHOT_SECRET_ACCESS_KEY",
- "description": "Secret access key for the snapshot image (only required for basic authentication and if different from default)",
- "secret": true,
- "advanced": true
- },
- {
- "name": "AWS_RELEASE_ACCESS_KEY_ID",
- "description": "Access key ID for the release image (only required for basic authentication and if different from default)",
- "secret": true,
- "advanced": true
- },
- {
- "name": "AWS_RELEASE_SECRET_ACCESS_KEY",
- "description": "Secret access key for the release image (only required for basic authentication and if different from default)",
- "secret": true,
- "advanced": true
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "5.8.0",
- "tags": [
- "5.8.0",
- "5.8",
- "5.7.1",
- "5.7.0",
- "5.7",
- "5.6.1",
- "5.6.0",
- "5.6",
- "5.5.6",
- "5.5.5",
- "5.5.4",
- "5.5.3",
- "5.5.2",
- "5.5.1",
- "5.5.0",
- "5.5",
- "5.4.1",
- "5.4.0",
- "5.4",
- "5.3.1",
- "5.3.0",
- "5.3",
- "5.2.2",
- "5.2.1",
- "5.2.0",
- "5.2",
- "5.1.0",
- "5.1",
- "5.0.3",
- "5.0.2",
- "5.0.1",
- "5.0.0",
- "5.0",
- "5",
- "4.0.0",
- "4.0",
- "4",
- "3.6.0",
- "3.6",
- "3.5.3",
- "3.5.2",
- "3.5.1",
- "3.5.0",
- "3.5",
- "3.4.0",
- "3.4",
- "3.3.0",
- "3.3",
- "3.2.2",
- "3.2.1",
- "3.2.0",
- "3.2",
- "3.1.1",
- "3.1.0",
- "3.1",
- "3.0.0",
- "3.0",
- "3",
- "2.7.1",
- "2.7.0",
- "2.7",
- "2.6.0",
- "2.6",
- "2.5.0",
- "2.5",
- "2.4.0",
- "2.4",
- "2.3.3",
- "2.3.2",
- "2.3.1",
- "2.3.0",
- "2.3",
- "2.2.0",
- "2.1.2",
- "2.1.1",
- "2.1.0",
- "2.0.0",
- "2",
- "1.2.3",
- "1.2.2",
- "1.2.1",
- "1.2.0",
- "1.1.0",
- "1.0.0"
- ],
- "name": "docker",
- "path": "to-be-continuous/docker",
- "web_url": "https://gitlab.com/to-be-continuous/docker",
- "avatar": "https://gitlab.com/to-be-continuous/docker/-/avatar"
- }
- },
- {
- "name": "Google Cloud",
- "description": "Deploy your application to the [Google Cloud](https://cloud.google.com/) platform",
- "template_path": "templates/gitlab-ci-gcloud.yml",
- "kind": "hosting",
- "prefix": "gcp",
- "is_component": true,
- "variables": [
- {
- "name": "GCP_CLI_IMAGE",
- "description": "The Docker image used to run Google Cloud CLI commands",
- "default": "gcr.io/google.com/cloudsdktool/cloud-sdk:latest"
- },
- {
- "name": "GCP_KEY_FILE",
- "description": "Global Service Account key file",
- "secret": true,
- "mandatory": true
- },
- {
- "name": "GCP_WORKLOAD_IDENTITY_PROVIDER",
- "description": "Default [Workload Identity Provider](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) associated with GitLab to authenticate\n\n(has format `projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/POOL_ID/providers/PROVIDER_ID`)",
- "advanced": true
- },
- {
- "name": "GCP_SERVICE_ACCOUNT",
- "description": "Default Service Account to which impersonate with WIF authentication",
- "advanced": true
- },
- {
- "name": "GCP_BASE_APP_NAME",
- "description": "Base application name",
- "default": "$CI_PROJECT_NAME",
- "advanced": true
- },
- {
- "name": "GCP_ENVIRONMENT_URL",
- "type": "url",
- "description": "The default environments url _(only define for static environment URLs declaration)_\n\n_supports late variable expansion (ex: `https://%{environment_name}.gcloud.acme.com`)_"
- },
- {
- "name": "GCP_SCRIPTS_DIR",
- "description": "Directory where Google Cloud scripts (deploy & cleanup) are located",
- "default": ".",
- "advanced": true
- }
- ],
- "features": [
- {
- "id": "review",
- "name": "Review",
- "description": "Dynamic review environments for your topic branches (see GitLab [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/))",
- "variables": [
- {
- "name": "GCP_REVIEW_PROJECT",
- "description": "Google Cloud project ID for review env",
- "mandatory": true
- },
- {
- "name": "GCP_REVIEW_APP_NAME",
- "description": "The application name for review env (only define to override default)",
- "advanced": true
- },
- {
- "name": "GCP_REVIEW_AUTOSTOP_DURATION",
- "description": "The amount of time before GitLab will automatically stop `review` environments",
- "default": "4 hours"
- },
- {
- "name": "GCP_REVIEW_ENVIRONMENT_URL",
- "type": "url",
- "description": "The review environments url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "GCP_REVIEW_KEY_FILE",
- "description": "Service Account key file to authenticate on review env (only define to override default)",
- "secret": true
- }
- ]
- },
- {
- "id": "integration",
- "name": "Integration",
- "description": "A continuous-integration environment associated to your integration branch (`develop` by default)",
- "variables": [
- {
- "name": "GCP_INTEG_PROJECT",
- "description": "Google Cloud project ID for integration env",
- "mandatory": true
- },
- {
- "name": "GCP_INTEG_APP_NAME",
- "description": "The application name for integration env (only define to override default)",
- "advanced": true
- },
- {
- "name": "GCP_INTEG_ENVIRONMENT_URL",
- "type": "url",
- "description": "The integration environment url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "GCP_INTEG_KEY_FILE",
- "description": "Service Account key file to authenticate on integration env (only define to override default)",
- "secret": true
- }
- ]
- },
- {
- "id": "staging",
- "name": "Staging",
- "description": "An iso-prod environment meant for testing and validation purpose on your production branch (`main` or `master` by default)",
- "variables": [
- {
- "name": "GCP_STAGING_PROJECT",
- "description": "Google Cloud project ID for staging env",
- "mandatory": true
- },
- {
- "name": "GCP_STAGING_APP_NAME",
- "description": "The application name for staging env (only define to override default)",
- "advanced": true
- },
- {
- "name": "GCP_STAGING_ENVIRONMENT_URL",
- "type": "url",
- "description": "The staging environment url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "GCP_STAGING_KEY_FILE",
- "description": "Service Account key file to authenticate on staging env (only define to override default)",
- "secret": true
- }
- ]
- },
- {
- "id": "prod",
- "name": "Production",
- "description": "The production environment",
- "variables": [
- {
- "name": "GCP_PROD_PROJECT",
- "description": "Google Cloud project ID for production env",
- "mandatory": true
- },
- {
- "name": "GCP_PROD_APP_NAME",
- "description": "The application name for production env (only define to override default)",
- "advanced": true
- },
- {
- "name": "GCP_PROD_ENVIRONMENT_URL",
- "type": "url",
- "description": "The production environment url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "GCP_PROD_DEPLOY_STRATEGY",
- "description": "Defines the deployment to production strategy.",
- "type": "enum",
- "values": ["manual", "auto"],
- "default": "manual"
- },
- {
- "name": "GCP_PROD_KEY_FILE",
- "description": "Service Account key file to authenticate on production env (only define to override default)",
- "secret": true
- }
- ]
- }
- ],
- "variants": [
- {
- "id": "oidc",
- "name": "OpenID Connect",
- "description": "Enables [federated authentication using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/)",
- "template_path": "templates/gitlab-ci-gcloud-oidc.yml",
- "variables": [
- {
- "name": "GCP_OIDC_AUD",
- "description": "The `aud` claim for the JWT",
- "default": "$CI_SERVER_URL"
- },
- {
- "name": "GCP_OIDC_PROVIDER",
- "description": "Global Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/)",
- "advanced": true
- },
- {
- "name": "GCP_OIDC_ACCOUNT",
- "description": "Global Service Account to which impersonate with OpenID Connect authentication",
- "advanced": true
- },
- {
- "name": "GCP_REVIEW_OIDC_PROVIDER",
- "description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `review` environment\n\n_(only define to override default)_",
- "advanced": true
- },
- {
- "name": "GCP_REVIEW_OIDC_ACCOUNT",
- "description": "Service Account to which impersonate with OpenID Connect authentication on `review` environment",
- "advanced": true
- },
- {
- "name": "GCP_INTEG_OIDC_PROVIDER",
- "description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `integration` environment\n\n_(only define to override default)_",
- "advanced": true
- },
- {
- "name": "GCP_INTEG_OIDC_ACCOUNT",
- "description": "Service Account to which impersonate with OpenID Connect authentication on `integration` environment",
- "advanced": true
- },
- {
- "name": "GCP_STAGING_OIDC_PROVIDER",
- "description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `staging` environment\n\n_(only define to override default)_",
- "advanced": true
- },
- {
- "name": "GCP_STAGING_OIDC_ACCOUNT",
- "description": "Service Account to which impersonate with OpenID Connect authentication on `staging` environment",
- "advanced": true
- },
- {
- "name": "GCP_PROD_OIDC_PROVIDER",
- "description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `production` environment\n\n_(only define to override default)_",
- "advanced": true
- },
- {
- "name": "GCP_PROD_OIDC_ACCOUNT",
- "description": "Service Account to which impersonate with OpenID Connect authentication on `production` environment",
- "advanced": true
- }
- ]
- },
- {
- "id": "vault",
- "name": "Vault",
- "description": "Retrieve secrets from a [Vault](https://www.vaultproject.io/) server",
- "template_path": "templates/gitlab-ci-gcloud-vault.yml",
- "variables": [
- {
- "name": "TBC_VAULT_IMAGE",
- "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",
- "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",
- "advanced": true
- },
- {
- "name": "VAULT_OIDC_AUD",
- "description": "The `aud` claim for the JWT",
- "default": "$CI_SERVER_URL"
- },
- {
- "name": "VAULT_BASE_URL",
- "description": "The Vault server base API url",
- "mandatory": true
- },
- {
- "name": "VAULT_ROLE_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID",
- "mandatory": true,
- "secret": true
- },
- {
- "name": "VAULT_SECRET_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID",
- "mandatory": true,
- "secret": true
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "5.2.0",
- "tags": [
- "5.2.0",
- "5.2",
- "5.1.0",
- "5.1",
- "5.0.2",
- "5.0.1",
- "5.0.0",
- "5.0",
- "5",
- "4.1.0",
- "4.1",
- "4.0.0",
- "4.0",
- "4",
- "3.2.0",
- "3.2",
- "3.1.0",
- "3.1",
- "3.0.0",
- "3.0",
- "3",
- "2.3.2",
- "2.3.1",
- "2.3.0",
- "2.3",
- "2.2.0",
- "2.2",
- "2.1.1",
- "2.1.0",
- "2.1",
- "2.0.0",
- "2.0",
- "2",
- "1.8.0",
- "1.8",
- "1.7.0",
- "1.7",
- "1.6.2",
- "1.6.1",
- "1.6.0",
- "1.5.2",
- "1.5.1",
- "1.5.0",
- "1.4.1",
- "1.4.0",
- "1.3.0",
- "1.2.0",
- "1.1.0",
- "1.0.0",
- "1"
- ],
- "name": "gcloud",
- "path": "to-be-continuous/gcloud",
- "web_url": "https://gitlab.com/to-be-continuous/gcloud",
- "avatar": "https://gitlab.com/to-be-continuous/gcloud/-/avatar"
- }
- },
- {
- "name": "GitLab Package",
- "description": "Publish artifacts to GitLab's [Generic Package Registry](https://docs.gitlab.com/ee/user/packages/generic_packages/)",
- "template_path": "templates/gitlab-ci-gitlab-package.yml",
- "kind": "build",
- "prefix": "glpkg",
- "is_component": true,
- "variables": [
- {
- "name": "GLPKG_IMAGE",
- "description": "The Docker image used to publish packages",
- "default": "registry.hub.docker.com/curlimages/curl:latest",
- "advanced": true
- },
- {
- "name": "GLPKG_FILES",
- "description": "Glob patterns matching files to include in the GitLab package (:warning: does not support double star)",
- "mandatory": true
- },
- {
- "name": "GLPKG_PACKAGE",
- "description": "Name of the package to publish",
- "default": "$CI_PROJECT_NAME"
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "1.2.0",
- "tags": ["1.2.0", "1.2", "1.1.0", "1.1", "1.0.0", "1"],
- "name": "gitlab-package",
- "path": "to-be-continuous/gitlab-package",
- "web_url": "https://gitlab.com/to-be-continuous/gitlab-package",
- "avatar": "https://gitlab.com/to-be-continuous/gitlab-package/-/avatar"
- }
- },
- {
- "name": "Gitleaks",
- "description": "Detect and prevent hardcoded secrets in your Git repository with [Gitleaks](https://github.com/zricethezav/gitleaks/wiki)",
- "template_path": "templates/gitlab-ci-gitleaks.yml",
- "kind": "analyse",
- "prefix": "gitleaks",
- "is_component": true,
- "variables": [
- {
- "name": "GITLEAKS_IMAGE",
- "description": "The Docker image used to run Gitleaks",
- "default": "registry.hub.docker.com/zricethezav/gitleaks:latest"
- },
- {
- "name": "GITLEAKS_RULES",
- "description": "Gitleaks [configuration rules](https://github.com/zricethezav/gitleaks/wiki/Configuration) to use (you may also provide your own `.gitleaks.toml` configuration file in your project).",
- "advanced": true
- },
- {
- "name": "GITLEAKS_ARGS",
- "description": "[Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a full Gitleaks analysis (on master or develop branches)",
- "default": "--verbose",
- "advanced": true
- },
- {
- "name": "GITLEAKS_QUICK_ARGS",
- "description": "[Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a quick Gitleaks analysis (on feature branches)",
- "default": "--verbose",
- "advanced": true
- },
- {
- "name": "GITLEAKS_QUICK_DEPTH",
- "description": "Number of commits to scan (on feature branches)",
- "type": "number",
- "default": "10",
- "advanced": true
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "2.4.0",
- "tags": [
- "2.4.0",
- "2.4",
- "2.3.0",
- "2.3",
- "2.2.3",
- "2.2.2",
- "2.2.1",
- "2.2.0",
- "2.2",
- "2.1.1",
- "2.1.0",
- "2.1",
- "2.0.0",
- "2.0",
- "2",
- "1.3.0",
- "1.3",
- "1.2.5",
- "1.2.4",
- "1.2.3",
- "1.2.2",
- "1.2.1",
- "1.2.0",
- "1.1.1",
- "1.1.0",
- "1.0.0",
- "1"
- ],
- "name": "gitleaks",
- "path": "to-be-continuous/gitleaks",
- "web_url": "https://gitlab.com/to-be-continuous/gitleaks",
- "avatar": "https://gitlab.com/to-be-continuous/gitleaks/-/avatar"
- }
- },
- {
- "name": "Go",
- "description": "Build, test and analyse your [Go](https://golang.org/) projects",
- "template_path": "templates/gitlab-ci-golang.yml",
- "kind": "build",
- "prefix": "go",
- "is_component": true,
- "variables": [
- {
- "name": "GO_IMAGE",
- "description": "The Docker image used to run Go (build+test or build only) - **set the version required by your project**",
- "default": "registry.hub.docker.com/library/golang:bookworm"
- },
- {
- "name": "GO_PROJECT_DIR",
- "description": "Go project root directory",
- "default": ".",
- "advanced": true
- },
- {
- "name": "GOPROXY",
- "description": "URL of Go module proxy (see [Go env](https://golang.org/cmd/go/#hdr-Environment_variables))",
- "advanced": true
- },
- {
- "name": "GO_TEST_IMAGE",
- "description": "Specific Docker image used to run Go tests (as a separate job)",
- "advanced": true
- },
- {
- "name": "GO_BUILD_FLAGS",
- "description": "Flags used by the [go build command](https://pkg.go.dev/cmd/go#hdr-Compile_packages_and_dependencies)",
- "default": "-mod=readonly",
- "advanced": true
- },
- {
- "name": "GO_BUILD_MODE",
- "description": "The template build mode (accepted values are `application`, `modules` and `auto`)",
- "type": "enum",
- "values": ["auto", "application", "modules"],
- "default": "auto",
- "advanced": true
- },
- {
- "name": "GO_BUILD_LINKER_FLAGS",
- "description": "Linker flags used by the [go build command](https://pkg.go.dev/cmd/go#hdr-Compile_packages_and_dependencies) `-ldflags`",
- "default": "-s -w",
- "advanced": true
- },
- {
- "name": "GO_BUILD_PACKAGES",
- "description": "Packages to build with the [go build command](https://pkg.go.dev/cmd/go#hdr-Compile_packages_and_dependencies)",
- "default": "./..."
- },
- {
- "name": "GO_TARGET_OS",
- "description": "The `$GOOS` target [see available values](https://gist.github.com/asukakenji/f15ba7e588ac42795f421b48b8aede63)\n\nFallbacks to default `$GOOS` from the Go Docker image",
- "advanced": true
- },
- {
- "name": "GO_TARGET_ARCH",
- "description": "The `$GOARCH` target [see available values](https://gist.github.com/asukakenji/f15ba7e588ac42795f421b48b8aede63)\n\nFallbacks to default `$GOARCH` from the Go Docker image",
- "advanced": true
- },
- {
- "name": "GO_TEST_FLAGS",
- "description": "Flags used by the [go test command](https://pkg.go.dev/cmd/go#hdr-Test_packages)",
- "default": "-mod=readonly -v -race",
- "advanced": true
- },
- {
- "name": "GO_TEST_PACKAGES",
- "description": "Packages to test with the [go test command](https://pkg.go.dev/cmd/go#hdr-Test_packages)",
- "default": "./..."
- },
- {
- "name": "GO_LIST_ARGS",
- "description": "Arguments used by the list command",
- "default": "list -u -m -mod=readonly -json all",
- "advanced": true
- },
- {
- "name": "GO_COBERTURA_FLAGS",
- "description": "Build flags to add to use gocover-cobertura, leave blank if not needed",
- "advanced": true
- }
- ],
- "features": [
- {
- "id": "golangci-lint",
- "name": "GolangCI-Lint",
- "description": "[GolangCI-Lint](https://github.com/golangci/golangci-lint) analysis",
- "disable_with": "GO_CI_LINT_DISABLED",
- "variables": [
- {
- "name": "GO_CI_LINT_IMAGE",
- "description": "The Docker image used to run `golangci-lint`",
- "default": "registry.hub.docker.com/golangci/golangci-lint:latest-alpine"
- },
- {
- "name": "GO_CI_LINT_ARGS",
- "description": "`golangci-lint` [command line arguments](https://github.com/golangci/golangci-lint#command-line-options)",
- "default": "-E gosec,goimports ./...",
- "advanced": true
- }
- ]
- },
- {
- "id": "go-mod-outdated",
- "name": "Go-mod-outdated",
- "description": "[Go-mod-outdated](https://github.com/psampaz/go-mod-outdated) analysis",
- "variables": [
- {
- "name": "GO_MOD_OUTDATED_ARGS",
- "description": "`god-mod-outdated` [command line arguments](https://github.com/psampaz/go-mod-outdated#usage",
- "default": "-update -direct",
- "advanced": true
- }
- ]
- },
- {
- "id": "sbom",
- "name": "Software Bill of Materials",
- "description": "This job generates a file listing all dependencies using [cyclonedx-gomod](https://github.com/CycloneDX/cyclonedx-gomod)",
- "disable_with": "GO_SBOM_DISABLED",
- "variables": [
- {
- "name": "GO_SBOM_IMAGE",
- "default": "registry.hub.docker.com/cyclonedx/cyclonedx-gomod:latest"
- },
- {
- "name": "GO_SBOM_OPTS",
- "description": "[@cyclonedx/cyclonedx-gomod options](https://github.com/CycloneDX/cyclonedx-gomod#usage) used for SBOM analysis",
- "default": "-main .",
- "advanced": true
- }
- ]
- },
- {
- "id": "govulncheck",
- "name": "Govulncheck",
- "description": "Vulnerability Management with [Govulncheck](https://go.dev/blog/vuln)",
- "disable_with": "GO_VULNCHECK_DISABLED",
- "variables": [
- {
- "name": "GO_VULNCHECK_ARGS",
- "description": "`govulncheck` [command line arguments](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck#hdr-Flags)",
- "default": "./...",
- "advanced": true
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "4.8.0",
- "tags": [
- "4.8.0",
- "4.8",
- "4.7.0",
- "4.7",
- "4.6.1",
- "4.6.0",
- "4.6",
- "4.5.1",
- "4.5.0",
- "4.5",
- "4.4.0",
- "4.4",
- "4.3.0",
- "4.3",
- "4.2.0",
- "4.2",
- "4.1.2",
- "4.1.1",
- "4.1.0",
- "4.1",
- "4.0.2",
- "4.0.1",
- "4.0.0",
- "4.0",
- "4",
- "3.2.1",
- "3.2.0",
- "3.2",
- "3.1.0",
- "3.1",
- "3.0.0",
- "3.0",
- "3",
- "2.3.0",
- "2.3",
- "2.2.0",
- "2.2",
- "2.1.3",
- "2.1.2",
- "2.1.1",
- "2.1.0",
- "2.0.3",
- "2.0.2",
- "2.0.1",
- "2.0.0",
- "2",
- "1.3.0",
- "1.2.2",
- "1.2.1",
- "1.2.0",
- "1.1.0",
- "1.0.0"
- ],
- "name": "golang",
- "path": "to-be-continuous/golang",
- "web_url": "https://gitlab.com/to-be-continuous/golang",
- "avatar": "https://gitlab.com/to-be-continuous/golang/-/avatar"
- }
- },
- {
- "name": "Gradle",
- "description": "Build, test and analyse your [Gradle](https://gradle.org/)-based projects",
- "template_path": "templates/gitlab-ci-gradle.yml",
- "kind": "build",
- "prefix": "gradle",
- "is_component": true,
- "variables": [
- {
- "name": "GRADLE_IMAGE",
- "description": "The Docker image used to run Gradle - **set the version required by your project**",
- "default": "registry.hub.docker.com/library/gradle:latest"
- },
- {
- "name": "GRADLE_CLI_OPTS",
- "description": "Additional Gradle options used on the command line",
- "advanced": true
- },
- {
- "name": "GRADLE_CLI_BIN",
- "description": "The location of the gradle binary. If you prefer using a [gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html) you should override this (for e.g. `gradlew`)",
- "default": "gradle",
- "advanced": true
- },
- {
- "name": "GRADLE_USER_HOME",
- "description": "The gradle user home",
- "default": "$CI_PROJECT_DIR/.gradle",
- "advanced": true
- },
- {
- "name": "GRADLE_DAEMON",
- "description": "Whether to use or not gradle daemon",
- "default": "false",
- "advanced": true
- },
- {
- "name": "GRADLE_BUILD_ARGS",
- "description": "Gradle arguments for the build & test job",
- "default": "build",
- "advanced": true
- },
- {
- "name": "GRADLE_PROJECT_DIR",
- "description": "Gradle project root directory",
- "default": ".",
- "advanced": true
- },
- {
- "name": "JACOCO_CSV_REPORT",
- "description": "Name of code coverage report",
- "default": "jacocoTestReport.csv",
- "advanced": true
- }
- ],
- "features": [
- {
- "id": "sonar",
- "name": "SONAR",
- "description": "Code quality and security analysis with [SONARQube](https://www.sonarqube.org/)",
- "variables": [
- {
- "name": "SONAR_HOST_URL",
- "type": "url",
- "description": "SonarQube server url",
- "mandatory": true
- },
- {
- "name": "SONAR_TOKEN",
- "description": "SonarQube authentication token (see https://docs.sonarsource.com/sonarqube-server/latest/user-guide/managing-tokens/)",
- "secret": true
- },
- {
- "name": "SONAR_BASE_ARGS",
- "description": "SonarQube [analysis arguments](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/analysis-parameters/)",
- "default": "sonar -Dsonar.links.homepage=${CI_PROJECT_URL} -Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines -Dsonar.links.issue=${CI_PROJECT_URL}/-/issues",
- "advanced": true
- },
- {
- "name": "SONAR_QUALITY_GATE_ENABLED",
- "description": "Enables SonarQube [Quality Gate](https://docs.sonarsource.com/sonarqube-server/latest/instance-administration/analysis-functions/quality-gates/) verification.\n\n_Uses `sonar.qualitygate.wait` parameter ([see doc](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/ci-integration/overview/#quality-gate-fails))._",
- "type": "boolean"
- }
- ]
- },
- {
- "id": "dependency-check",
- "name": "Dependency Check",
- "description": "Runs a Gradle dependency check",
- "disable_with": "GRADLE_NO_DEPENDENCY_CHECK",
- "variables": [
- {
- "name": "GRADLE_DEPENDENCY_CHECK_TASK",
- "description": "The dependency-check task that is invoked",
- "default": "dependencyCheckAnalyze",
- "advanced": true
- }
- ]
- },
- {
- "id": "sbom",
- "name": "Software Bill of Materials",
- "description": "This job generates a file listing all dependencies using [cyclonedx-gradle-plugin](https://github.com/CycloneDX/cyclonedx-gradle-plugin)",
- "disable_with": "GRADLE_SBOM_DISABLED",
- "variables": [
- {
- "name": "GRADLE_SBOM_VERSION",
- "description": "Version of the `cyclonedx-gradle-plugin` used for SBOM analysis.\n\n_When unset, the latest version will be used_"
- }
- ]
- },
- {
- "id": "publish",
- "name": "Publish (snapshot & release)",
- "description": "Enable publishing to an artifacts repository",
- "disable_with": "GRADLE_NO_PUBLISH",
- "variables": [
- {
- "name": "GRADLE_PUBLISH_ARGS",
- "description": "The publish task that is invoked",
- "default": "publish",
- "advanced": true
- },
- {
- "name": "GRADLE_PUBLISH_VERSION",
- "description": "The value is propagated as gradle properties named `version`.\n\nIt should be used in your publish task",
- "default": "${CI_COMMIT_REF_SLUG}-SNAPSHOT",
- "advanced": true
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "2.6.0",
- "tags": [
- "2.6.0",
- "2.6",
- "2.5.0",
- "2.5",
- "2.4.2",
- "2.4.1",
- "2.4.0",
- "2.4",
- "2.3.0",
- "2.3",
- "2.2.2",
- "2.2.1",
- "2.2.0",
- "2.2",
- "2.1.0",
- "2.1",
- "2.0.0",
- "2.0",
- "2",
- "1.4.0",
- "1.4",
- "1.3.1",
- "1.3.0",
- "1.2.1",
- "1.2.0",
- "1.1.0",
- "1.0.0",
- "1"
- ],
- "name": "gradle",
- "path": "to-be-continuous/gradle",
- "web_url": "https://gitlab.com/to-be-continuous/gradle",
- "avatar": "https://gitlab.com/to-be-continuous/gradle/-/avatar"
- }
- },
- {
- "name": "Helm",
- "description": "Build your Helm Charts and/or deploy your application to a Kubernetes platform using [Helm](https://helm.sh/)",
- "template_path": "templates/gitlab-ci-helm.yml",
- "kind": "hosting",
- "prefix": "helm",
- "is_component": true,
- "variables": [
- {
- "name": "HELM_CLI_IMAGE",
- "description": "The Docker image used to run Helm - **set the version required by your Kubernetes server**",
- "default": "registry.hub.docker.com/alpine/helm:latest"
- },
- {
- "name": "HELM_CHART_DIR",
- "description": "The folder where the Helm chart is located",
- "default": "."
- },
- {
- "name": "HELM_SCRIPTS_DIR",
- "description": "The folder where hook scripts are located",
- "default": "."
- },
- {
- "name": "HELM_COMMON_VALUES",
- "description": "Common values file (used for all environments, overridden by specific per-env values files)"
- },
- {
- "name": "HELM_DEPLOY_CHART",
- "description": "The Helm [chart](https://helm.sh/docs/topics/charts/) to deploy. _Only required if you want to deploy an **external** chart._"
- },
- {
- "name": "HELM_REPOS",
- "description": "The Helm [chart repositories](https://helm.sh/docs/topics/chart_repository/) to use (formatted as `repo_name_1@repo_url_1 repo_name_2@repo_url_2 ...`)",
- "default": "stable@https://charts.helm.sh/stable bitnami@https://charts.bitnami.com/bitnami"
- },
- {
- "name": "KUBE_NAMESPACE",
- "description": "The default Kubernetes namespace to use. _Leave default if [GitLab Kubernetes integration](https://docs.gitlab.com/ee/user/project/clusters/index.html) is enabled._"
- },
- {
- "name": "HELM_DEFAULT_KUBE_CONFIG",
- "description": "The default kubeconfig content to use. Automatically set if GitLab Kubernetes integration is enabled.",
- "default": "$KUBECONFIG",
- "secret": true
- },
- {
- "name": "HELM_BASE_APP_NAME",
- "description": "Base application name",
- "default": "$CI_PROJECT_NAME",
- "advanced": true
- },
- {
- "name": "HELM_ENVIRONMENT_URL",
- "type": "url",
- "description": "The default environments url _(only define for static environment URLs declaration)_\n\n_supports late variable expansion (ex: `https://%{environment_name}.helm.acme.com`)_"
- },
- {
- "name": "HELM_DEPLOY_ARGS",
- "description": "The Helm [command with options](https://helm.sh/docs/helm/helm_upgrade/) to deploy the application (_without dynamic arguments such as release name and chart_)",
- "default": "upgrade --install --atomic --timeout 120s",
- "advanced": true
- },
- {
- "name": "HELM_DELETE_ARGS",
- "description": "The Helm [command with options](https://helm.sh/docs/helm/helm_uninstall/) to cleanup the application (_without dynamic arguments such as release name_)",
- "default": "uninstall",
- "advanced": true
- },
- {
- "name": "HELM_DEPENDENCY_ARGS",
- "description": "The Helm [command with options](https://helm.sh/docs/helm/helm_dependency_update/) to update on-disk the chart dependencies (_without dynamic arguments such as the chart path_)",
- "default": "dependency update",
- "advanced": true
- },
- {
- "name": "HELM_ENV_VALUE_NAME",
- "description": "The name of the Helm [value](https://helm.sh/docs/chart_best_practices/values/) containing the _environment type_",
- "default": "environmentType",
- "advanced": true
- },
- {
- "name": "HELM_HOSTNAME_VALUE_NAME",
- "description": "The name of the Helm [value](https://helm.sh/docs/chart_best_practices/values/) containing the _environment hostname_ (extracted from the environment URL)",
- "default": "hostname",
- "advanced": true
- }
- ],
- "features": [
- {
- "id": "lint",
- "name": "Helm Lint",
- "description": "Static code analysis of your Helm chart with [Helm Lint](https://helm.sh/docs/helm/helm_lint/)",
- "disable_with": "HELM_LINT_DISABLED",
- "variables": [
- {
- "name": "HELM_LINT_ARGS",
- "description": "The Helm [command with options](https://helm.sh/docs/helm/helm_lint/) to trigger the analysis (_without dynamic arguments such as the chart path_)",
- "default": "lint --strict",
- "advanced": true
- }
- ]
- },
- {
- "id": "test",
- "name": "Helm Test",
- "description": "Acceptance test of your Helm chart with [Helm Test](https://helm.sh/docs/helm/helm_test/)",
- "enable_with": "HELM_TEST_ENABLED",
- "variables": [
- {
- "name": "HELM_TEST_ARGS",
- "description": "The Helm [command with options](https://helm.sh/docs/helm/helm_test/) to perform acceptance test (_without dynamic arguments such as release name_)",
- "default": "test",
- "advanced": true
- }
- ]
- },
- {
- "id": "yamllint",
- "name": "Yaml Lint",
- "description": "[Yaml Lint](https://github.com/adrienverge/yamllint) of your Helm [values file](https://helm.sh/docs/chart_template_guide/values_files/)",
- "disable_with": "HELM_YAMLLINT_DISABLED",
- "variables": [
- {
- "name": "HELM_YAMLLINT_IMAGE",
- "description": "The Docker image used to run YamlLint test",
- "default": "registry.hub.docker.com/cytopia/yamllint"
- },
- {
- "name": "HELM_YAMLLINT_CONFIG",
- "description": "Config used with the yamllint tool",
- "default": "{extends: relaxed, rules: {line-length: {max: 160}}}",
- "advanced": true
- },
- {
- "name": "HELM_YAMLLINT_ARGS",
- "description": "Arguments used by the lint job",
- "default": "-f colored --strict",
- "advanced": true
- }
- ]
- },
- {
- "id": "kube-score",
- "name": "Kube-Score",
- "description": "Run [Kube-Score](https://kube-score.com/) on the resources to be created by Helm",
- "disable_with": "HELM_KUBE_SCORE_DISABLED",
- "variables": [
- {
- "name": "HELM_KUBE_SCORE_IMAGE",
- "description": "The Docker image used to run [Kube-Score](https://kube-score.com/)",
- "default": "registry.hub.docker.com/zegl/kube-score"
- },
- {
- "name": "HELM_KUBE_SCORE_ARGS",
- "description": "Arguments used by the kube-score job",
- "advanced": true
- },
- {
- "name": "HELM_K8S_VERSION",
- "description": "Kubernetes version (_so that `.Capabilities.KubeVersion.Version` can be correctly interpreted_). \n\n Expected format: `vX.YY`",
- "advanced": true
- }
- ]
- },
- {
- "id": "package",
- "name": "Package your chart",
- "description": "[Package](https://helm.sh/docs/helm/helm_package/) your Helm chart",
- "variables": [
- {
- "name": "HELM_PACKAGE_ARGS",
- "description": "The Helm [command with options](https://helm.sh/docs/helm/helm_package/) to perform the packaging (_without dynamic arguments such as the chart path_)",
- "default": "package --dependency-update",
- "advanced": true
- },
- {
- "name": "HELM_PUBLISH_SNAPSHOT_ENABLED",
- "description": "Set to `true` to enable publishing the snapshot (untested) chart during the packaging step",
- "type": "boolean",
- "advanced": true
- },
- {
- "name": "HELM_SEMREL_RELEASE_DISABLED",
- "description": "Disable semantic-release integration",
- "type": "boolean",
- "advanced": true
- }
- ]
- },
- {
- "id": "publish",
- "name": "Publish your chart",
- "description": "Publishes the chart to a [Helm repository](https://helm.sh/docs/topics/chart_repository/) or [OCI-based registry](https://helm.sh/docs/topics/registries/)",
- "variables": [
- {
- "name": "HELM_PUBLISH_URL",
- "description": "The URL of the Helm repository to publish your Helm package",
- "default": "oci://$CI_REGISTRY/$CI_PROJECT_PATH/charts"
- },
- {
- "name": "HELM_PUBLISH_METHOD",
- "description": "HTTP method to use to push the package",
- "default": "auto",
- "type": "enum",
- "values": ["auto", "push", "post", "put", "custom", "disabled"],
- "advanced": true
- },
- {
- "name": "HELM_PUBLISH_USER",
- "description": "Helm repository username",
- "default": "$CI_REGISTRY_USER",
- "secret": true
- },
- {
- "name": "HELM_PUBLISH_PASSWORD",
- "description": "Helm repository password",
- "default": "$CI_REGISTRY_PASSWORD",
- "secret": true
- },
- {
- "name": "HELM_PUBLISH_ON",
- "description": "Defines on which Git reference(s) the publish job shall be enabled\n\n`prod` to enable on production branch only, `protected` to enable on protected references, `all` to enable on all Git branches and `tag` on Git release tags (always auto, superseeds `HELM_PUBLISH_STRATEGY`)",
- "default": "prod",
- "type": "enum",
- "values": ["prod", "protected", "all", "tag"]
- },
- {
- "name": "HELM_PUBLISH_STRATEGY",
- "description": "Defines the publish strategy.",
- "type": "enum",
- "values": ["none", "manual", "auto"],
- "default": "manual"
- },
- {
- "name": "HELM_CM_PUSH_PLUGIN_VERSION",
- "description": "cm-push plugin version to install (only when using `push` method with a regular chart [repository](https://helm.sh/docs/topics/chart_repository/)",
- "advanced": true
- }
- ]
- },
- {
- "id": "review",
- "name": "Review",
- "description": "Dynamic review environments for your topic branches (see GitLab [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/))",
- "enable_with": "HELM_REVIEW_ENABLED",
- "variables": [
- {
- "name": "HELM_REVIEW_APP_NAME",
- "description": "The application name for `review` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "HELM_REVIEW_AUTOSTOP_DURATION",
- "description": "The amount of time before GitLab will automatically stop `review` environments",
- "default": "4 hours"
- },
- {
- "name": "HELM_REVIEW_ENVIRONMENT_URL",
- "type": "url",
- "description": "The review environments url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "HELM_REVIEW_VALUES",
- "description": "The Values file to use with `review` environment"
- },
- {
- "name": "HELM_REVIEW_NAMESPACE",
- "description": "The Kubernetes namespace to use for `review` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "HELM_REVIEW_KUBE_CONFIG",
- "description": "Specific kubeconfig for review env (only define to override default)",
- "advanced": true,
- "secret": true
- }
- ]
- },
- {
- "id": "integration",
- "name": "Integration",
- "description": "A continuous-integration environment associated to your integration branch (`develop` by default)",
- "enable_with": "HELM_INTEG_ENABLED",
- "variables": [
- {
- "name": "HELM_INTEG_APP_NAME",
- "description": "The application name for `integration` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "HELM_INTEG_AUTOSTOP_DURATION",
- "description": "The amount of time before GitLab will automatically stop the `integration` env",
- "default": "never"
- },
- {
- "name": "HELM_INTEG_ENVIRONMENT_URL",
- "type": "url",
- "description": "The integration environment url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "HELM_INTEG_VALUES",
- "description": "The Values file to use with `integration` environment"
- },
- {
- "name": "HELM_INTEG_NAMESPACE",
- "description": "The Kubernetes namespace to use for `integration` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "HELM_INTEG_KUBE_CONFIG",
- "description": "Specific kubeconfig for integration env (only define to override default)",
- "advanced": true,
- "secret": true
- }
- ]
- },
- {
- "id": "staging",
- "name": "Staging",
- "description": "An iso-prod environment meant for testing and validation purpose on your production branch (`main` or `master` by default)",
- "enable_with": "HELM_STAGING_ENABLED",
- "variables": [
- {
- "name": "HELM_STAGING_APP_NAME",
- "description": "The application name for `staging` env _(only define to override default)_",
- "default": "${HELM_BASE_APP_NAME}-staging",
- "advanced": true
- },
- {
- "name": "HELM_STAGING_AUTOSTOP_DURATION",
- "description": "The amount of time before GitLab will automatically stop the `staging` env",
- "default": "never"
- },
- {
- "name": "HELM_STAGING_ENVIRONMENT_URL",
- "type": "url",
- "description": "The staging environment url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "HELM_STAGING_VALUES",
- "description": "The Values file to use with `staging` environment"
- },
- {
- "name": "HELM_STAGING_NAMESPACE",
- "description": "The Kubernetes namespace to use for `staging` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "HELM_STAGING_KUBE_CONFIG",
- "description": "Specific kubeconfig for staging env (only define to override default)",
- "advanced": true,
- "secret": true
- }
- ]
- },
- {
- "id": "prod",
- "name": "Production",
- "description": "The production environment",
- "enable_with": "HELM_PROD_ENABLED",
- "variables": [
- {
- "name": "HELM_PROD_DEPLOY_STRATEGY",
- "description": "Defines the deployment to production strategy.",
- "type": "enum",
- "values": ["manual", "auto"],
- "default": "manual"
- },
- {
- "name": "HELM_PROD_APP_NAME",
- "description": "The application name for `production` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "HELM_PROD_ENVIRONMENT_URL",
- "type": "url",
- "description": "The production environment url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "HELM_PROD_VALUES",
- "description": "The Values file to use with `production` environment"
- },
- {
- "name": "HELM_PROD_NAMESPACE",
- "description": "The Kubernetes namespace to use for `production` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "HELM_PROD_KUBE_CONFIG",
- "description": "Specific kubeconfig for production env (only define to override default)",
- "advanced": true,
- "secret": true
- }
- ]
- }
- ],
- "variants": [
- {
- "id": "vault",
- "name": "Vault",
- "description": "Retrieve secrets from a [Vault](https://www.vaultproject.io/) server",
- "template_path": "templates/gitlab-ci-helm-vault.yml",
- "variables": [
- {
- "name": "TBC_VAULT_IMAGE",
- "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",
- "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",
- "advanced": true
- },
- {
- "name": "VAULT_BASE_URL",
- "description": "The Vault server base API url"
- },
- {
- "name": "VAULT_OIDC_AUD",
- "description": "The `aud` claim for the JWT",
- "default": "$CI_SERVER_URL"
- },
- {
- "name": "VAULT_ROLE_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID",
- "mandatory": true,
- "secret": true
- },
- {
- "name": "VAULT_SECRET_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID",
- "mandatory": true,
- "secret": true
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "7.2.0",
- "tags": [
- "7.2.0",
- "7.2",
- "7.1.0",
- "7.1",
- "7.0.2",
- "7.0.1",
- "7.0.0",
- "7.0",
- "7",
- "6.1.1",
- "6.1.0",
- "6.1",
- "6.0.0",
- "6.0",
- "6",
- "5.3.1",
- "5.3.0",
- "5.3",
- "5.2.0",
- "5.2",
- "5.1.0",
- "5.1",
- "5.0.0",
- "5.0",
- "5",
- "4.1.7",
- "4.1.6",
- "4.1.5",
- "4.1.4",
- "4.1.3",
- "4.1.2",
- "4.1.1",
- "4.1.0",
- "4.1",
- "4.0.1",
- "4.0.0",
- "4.0",
- "4",
- "3.3.2",
- "3.3.1",
- "3.3.0",
- "3.3",
- "3.2.0",
- "3.2",
- "3.1.0",
- "3.1",
- "3.0.1",
- "3.0.0",
- "3.0",
- "3",
- "2.4.1",
- "2.4.0",
- "2.4",
- "2.3.0",
- "2.3",
- "2.2.0",
- "2.1.0",
- "2.0.6",
- "2.0.5",
- "2.0.4",
- "2.0.3",
- "2.0.2",
- "2.0.1",
- "2.0.0",
- "2",
- "1.4.2",
- "1.4.1",
- "1.4.0",
- "1.3.0",
- "1.2.1",
- "1.2.0",
- "1.1.1",
- "1.1.0",
- "1.0.0"
- ],
- "name": "helm",
- "path": "to-be-continuous/helm",
- "web_url": "https://gitlab.com/to-be-continuous/helm",
- "avatar": "https://gitlab.com/to-be-continuous/helm/-/avatar"
- }
- },
- {
- "name": "Helmfile",
- "description": "Deploy your application to a [Kubernetes](https://kubernetes.io/) platform using [helmfile](https://github.com/helmfile/helmfile)",
- "template_path": "templates/gitlab-ci-helmfile.yml",
- "kind": "hosting",
- "prefix": "helmfile",
- "is_component": true,
- "variables": [
- {
- "name": "HELMFILE_CLI_IMAGE",
- "description": "The Docker image used to run helmfile - **set the version required by your Kubernetes server**",
- "default": "ghcr.io/helmfile/helmfile:latest"
- },
- {
- "name": "HELMFILE_SCRIPTS_DIR",
- "description": "The folder where hook scripts are located",
- "default": "."
- },
- {
- "name": "HELMFILE_PATH",
- "description": "Path to the `helmfile.yaml` to deploy",
- "default": "./helmfile.yaml"
- },
- {
- "name": "KUBE_NAMESPACE",
- "description": "The default Kubernetes namespace to use. _Leave default if [GitLab Kubernetes integration](https://docs.gitlab.com/ee/user/project/clusters/index.html) is enabled._"
- },
- {
- "name": "HELMFILE_DEFAULT_KUBE_CONFIG",
- "description": "The default kubeconfig content to use. Automatically set if GitLab Kubernetes integration is enabled.",
- "default": "$KUBECONFIG",
- "secret": true
- },
- {
- "name": "HELMFILE_BASE_APP_NAME",
- "description": "Base application name",
- "default": "$CI_PROJECT_NAME",
- "advanced": true
- },
- {
- "name": "HELMFILE_ENVIRONMENT_URL",
- "type": "url",
- "description": "The default environments url _(only define for static environment URLs declaration)_\n\n_supports late variable expansion (ex: `https://%{environment_name}.helm.acme.com`)_"
- },
- {
- "name": "HELMFILE_DEPLOY_ARGS",
- "description": "The helmfile [command with options](https://helmfile.readthedocs.io/en/latest/#apply) to deploy the application (_without dynamic global parameters such as helmfile path, namespace and environment name)",
- "default": "apply --suppress-secrets --wait",
- "advanced": true
- },
- {
- "name": "HELMFILE_DELETE_ARGS",
- "description": "The helmfile [command with options](https://helmfile.readthedocs.io/en/latest/#destroy) to cleanup the application (_without dynamic global parameters such as helmfile path, namespace and environment name)",
- "default": "destroy",
- "advanced": true
- },
- {
- "name": "HELMFILE_PGP_PRIVATE_KEY_FILE",
- "description": "PGP Private key for decrypting helmfile secrets with SOPS (optional). Should be set as a File type variable.",
- "secret": true
- },
- {
- "name": "HELMFILE_PGP_PASSPHRASE",
- "description": "Passphrase for PGP private key (optional)",
- "secret": true
- },
- {
- "name": "HELMFILE_IMAGE_PULL_SECRET_NAME",
- "description": "Name of the `docker-registry` k8s secret that will be created if the special [GitLab deploy token](https://docs.gitlab.com/ee/user/project/deploy_tokens/#gitlab-deploy-token) is available.",
- "default": "gitlab-registry",
- "advanced": true
- }
- ],
- "features": [
- {
- "id": "lint",
- "name": "Helmfile Lint",
- "description": "Runs a [helm lint](https://helm.sh/docs/helm/helm_lint/) across all of the charts/releases in the helmfile manifest.",
- "enable_with": "HELMFILE_LINT_ENABLED",
- "variables": [
- {
- "name": "HELMFILE_LINT_ARGS",
- "description": "The helmfile [command with options](https://helmfile.readthedocs.io/en/latest/#lint) to trigger the analysis (_without dynamic arguments such as the helmfile path)",
- "default": "lint",
- "advanced": true
- }
- ]
- },
- {
- "id": "test",
- "name": "Helmfile Test",
- "description": "Runs acceptance [Helm tests](https://helm.sh/docs/topics/chart_tests/) against the specified releases in the helmfile manifest",
- "enable_with": "HELMFILE_TEST_ENABLED",
- "variables": [
- {
- "name": "HELMFILE_TEST_ARGS",
- "description": "The helmfile [command with options](https://helmfile.readthedocs.io/en/latest/#test) to perform acceptance test (_without dynamic global arguments such as the helmfile.yaml path, namespace and environment name_)",
- "default": "test --logs --cleanup",
- "advanced": true
- }
- ]
- },
- {
- "id": "review",
- "name": "Review",
- "description": "Dynamic review environments for your topic branches (see GitLab [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/))",
- "enable_with": "HELMFILE_REVIEW_ENABLED",
- "variables": [
- {
- "name": "HELMFILE_REVIEW_APP_NAME",
- "description": "The application name for `review` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "HELMFILE_REVIEW_AUTOSTOP_DURATION",
- "description": "The amount of time before GitLab will automatically stop `review` environments",
- "default": "4 hours"
- },
- {
- "name": "HELMFILE_REVIEW_ENVIRONMENT_URL",
- "type": "url",
- "description": "The review environments url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "HELMFILE_REVIEW_NAMESPACE",
- "description": "The Kubernetes namespace to use for `review` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "HELMFILE_REVIEW_KUBE_CONFIG",
- "description": "Specific kubeconfig for review env (only define to override default)",
- "advanced": true,
- "secret": true
- }
- ]
- },
- {
- "id": "integration",
- "name": "Integration",
- "description": "A continuous-integration environment associated to your integration branch (`develop` by default)",
- "enable_with": "HELMFILE_INTEG_ENABLED",
- "variables": [
- {
- "name": "HELMFILE_INTEG_APP_NAME",
- "description": "The application name for `integration` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "HELMFILE_INTEG_AUTOSTOP_DURATION",
- "description": "The amount of time before GitLab will automatically stop the `integration` env",
- "default": "never"
- },
- {
- "name": "HELMFILE_INTEG_ENVIRONMENT_URL",
- "type": "url",
- "description": "The integration environment url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "HELMFILE_INTEG_NAMESPACE",
- "description": "The Kubernetes namespace to use for `integration` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "HELMFILE_INTEG_KUBE_CONFIG",
- "description": "Specific kubeconfig for integration env (only define to override default)",
- "advanced": true,
- "secret": true
- }
- ]
- },
- {
- "id": "staging",
- "name": "Staging",
- "description": "An iso-prod environment meant for testing and validation purpose on your production branch (`main` or `master` by default)",
- "enable_with": "HELMFILE_STAGING_ENABLED",
- "variables": [
- {
- "name": "HELMFILE_STAGING_APP_NAME",
- "description": "The application name for `staging` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "HELMFILE_STAGING_AUTOSTOP_DURATION",
- "description": "The amount of time before GitLab will automatically stop the `staging` env",
- "default": "never"
- },
- {
- "name": "HELMFILE_STAGING_ENVIRONMENT_URL",
- "type": "url",
- "description": "The staging environment url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "HELMFILE_STAGING_NAMESPACE",
- "description": "The Kubernetes namespace to use for `staging` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "HELMFILE_STAGING_KUBE_CONFIG",
- "description": "Specific kubeconfig for staging env (only define to override default)",
- "advanced": true,
- "secret": true
- }
- ]
- },
- {
- "id": "prod",
- "name": "Production",
- "description": "The production environment",
- "enable_with": "HELMFILE_PROD_ENABLED",
- "variables": [
- {
- "name": "HELMFILE_PROD_DEPLOY_STRATEGY",
- "description": "Defines the deployment to production strategy.",
- "type": "enum",
- "values": ["manual", "auto"],
- "default": "manual"
- },
- {
- "name": "HELMFILE_PROD_APP_NAME",
- "description": "The application name for `production` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "HELMFILE_PROD_ENVIRONMENT_URL",
- "type": "url",
- "description": "The production environment url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "HELMFILE_PROD_NAMESPACE",
- "description": "The Kubernetes namespace to use for `production` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "HELMFILE_PROD_KUBE_CONFIG",
- "description": "Specific kubeconfig for production env (only define to override default)",
- "advanced": true,
- "secret": true
- }
- ]
- }
- ],
- "variants": [
- {
- "id": "vault",
- "name": "Vault",
- "description": "Retrieve secrets from a [Vault](https://www.vaultproject.io/) server",
- "template_path": "templates/gitlab-ci-helmfile-vault.yml",
- "variables": [
- {
- "name": "TBC_VAULT_IMAGE",
- "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",
- "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",
- "advanced": true
- },
- {
- "name": "VAULT_BASE_URL",
- "description": "The Vault server base API url"
- },
- {
- "name": "VAULT_OIDC_AUD",
- "description": "The `aud` claim for the JWT",
- "default": "$CI_SERVER_URL"
- },
- {
- "name": "VAULT_ROLE_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID",
- "mandatory": true,
- "secret": true
- },
- {
- "name": "VAULT_SECRET_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID",
- "mandatory": true,
- "secret": true
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "3.2.0",
- "tags": [
- "3.2.0",
- "3.2",
- "3.1.1",
- "3.1.0",
- "3.1",
- "3.0.3",
- "3.0.2",
- "3.0.1",
- "3.0.0",
- "3.0",
- "3",
- "2.1.0",
- "2.1",
- "2.0.0",
- "2.0",
- "2",
- "1.1.0",
- "1.1",
- "1.0.0",
- "1.0",
- "1"
- ],
- "name": "helmfile",
- "path": "to-be-continuous/helmfile",
- "web_url": "https://gitlab.com/to-be-continuous/helmfile",
- "avatar": "https://gitlab.com/to-be-continuous/helmfile/-/avatar"
- }
- },
- {
- "name": "Hurl",
- "description": "Run your automated tests with [Hurl](https://hurl.dev/)",
- "template_path": "templates/gitlab-ci-hurl.yml",
- "kind": "acceptance",
- "prefix": "hurl",
- "is_component": true,
- "variables": [
- {
- "name": "HURL_IMAGE",
- "description": "The Docker image used to run Hurl",
- "default": "ghcr.io/orange-opensource/hurl:latest"
- },
- {
- "name": "HURL_TEST_FILES",
- "description": "The Hurl test files to run",
- "default": "hurl/*.hurl"
- },
- {
- "name": "HURL_EXTRA_ARGS",
- "description": "Hurl extra [run options](https://hurl.dev/docs/manual.html#options)",
- "advanced": true
- },
- {
- "name": "REVIEW_ENABLED",
- "description": "Set to enable Hurl tests on review environments (dynamic environments instantiated on development branches)",
- "type": "boolean"
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "1.2.0",
- "tags": ["1.2.0", "1.2", "1.1.0", "1.1", "1.0.1", "1.0.0", "1.0", "1"],
- "name": "hurl",
- "path": "to-be-continuous/hurl",
- "web_url": "https://gitlab.com/to-be-continuous/hurl",
- "avatar": "https://gitlab.com/to-be-continuous/hurl/-/avatar"
- }
- },
- {
- "name": "k6",
- "description": "Run your automated load-testing with [k6](https://k6.io/)",
- "template_path": "templates/gitlab-ci-k6.yml",
- "kind": "acceptance",
- "prefix": "k6",
- "is_component": true,
- "variables": [
- {
- "name": "K6_IMAGE",
- "description": "The Docker image used to run k6 CLI.",
- "default": "registry.hub.docker.com/loadimpact/k6:latest"
- },
- {
- "name": "K6_TESTS_DIR",
- "description": "The k6 tests directory",
- "default": "k6"
- },
- {
- "name": "K6_EXTRA_ARGS",
- "description": "k6 extra [command-line](https://k6.io/docs/getting-started/running-k6)",
- "advanced": true
- },
- {
- "name": "REVIEW_ENABLED",
- "description": "Set to enable k6 tests on review environments (dynamic environments instantiated on development branches)",
- "type": "boolean"
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "3.4.0",
- "tags": [
- "3.4.0",
- "3.4",
- "3.3.0",
- "3.3",
- "3.2.1",
- "3.2.0",
- "3.2",
- "3.1.1",
- "3.1.0",
- "3.1",
- "3.0.0",
- "3.0",
- "3",
- "2.1.0",
- "2.1",
- "2.0.1",
- "2.0.0",
- "2",
- "1.0.0"
- ],
- "name": "k6",
- "path": "to-be-continuous/k6",
- "web_url": "https://gitlab.com/to-be-continuous/k6",
- "avatar": "https://gitlab.com/to-be-continuous/k6/-/avatar"
- }
- },
- {
- "name": "Kubernetes",
- "description": "Deploy your application to a [Kubernetes](https://kubernetes.io/) platform using [declarative configuration](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/) or [Kustomize](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/kustomization/)",
- "template_path": "templates/gitlab-ci-k8s.yml",
- "kind": "hosting",
- "prefix": "k8s",
- "is_component": true,
- "variables": [
- {
- "name": "K8S_KUBECTL_IMAGE",
- "description": "The Docker image used to run Kubernetes `kubectl` commands - **set the version required by your Kubernetes server**",
- "default": "registry.hub.docker.com/bitnami/kubectl:latest"
- },
- {
- "name": "K8S_DEFAULT_KUBE_CONFIG",
- "description": "The default kubeconfig to use (either content or file variable) (only define if not using exploded kubeconfig parameters)",
- "secret": true
- },
- {
- "name": "K8S_URL",
- "type": "url",
- "description": "Global Kubernetes API url (only define if using exploded kubeconfig parameters)"
- },
- {
- "name": "K8S_TOKEN",
- "description": "Global Kubernetes API token (only define if using exploded kubeconfig parameters)",
- "secret": true
- },
- {
- "name": "K8S_CA_CERT",
- "description": "Global Kubernetes cluster server certificate authority (only define if using exploded kubeconfig parameters)",
- "secret": true
- },
- {
- "name": "K8S_BASE_APP_NAME",
- "description": "Base application name",
- "default": "$CI_PROJECT_NAME",
- "advanced": true
- },
- {
- "name": "K8S_ENVIRONMENT_URL",
- "type": "url",
- "description": "The default environments url _(only define for static environment URLs declaration)_\n\n_supports late variable expansion (ex: `https://%{environment_name}.k8s.acme.com`)_"
- },
- {
- "name": "K8S_SCRIPTS_DIR",
- "description": "directory where Kubernetes scripts (templates, hook scripts) are located",
- "default": ".",
- "advanced": true
- },
- {
- "name": "K8S_KUSTOMIZE_ENABLED",
- "description": "Set to `true` to enable [Kustomize](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/)",
- "type": "boolean",
- "advanced": true
- },
- {
- "name": "K8S_KUSTOMIZE_ARGS",
- "description": "Additional [`kubectl kustomize` options](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#kustomize)\n\n_For example: `--enable-helm`_",
- "advanced": true
- }
- ],
- "features": [
- {
- "id": "kube-score",
- "name": "kube-score",
- "description": "Static code analysis of your Kubernetes templates with [kube-score](https://github.com/zegl/kube-score)",
- "disable_with": "K8S_SCORE_DISABLED",
- "variables": [
- {
- "name": "K8S_KUBE_SCORE_IMAGE",
- "description": "Docker image to run [kube-score](https://github.com/zegl/kube-score)",
- "default": "registry.hub.docker.com/zegl/kube-score:latest"
- },
- {
- "name": "K8S_SCORE_EXTRA_OPTS",
- "description": "Additional [kube-score options](https://github.com/zegl/kube-score#configuration)",
- "advanced": true
- }
- ]
- },
- {
- "id": "review",
- "name": "Review",
- "description": "Dynamic review environments for your topic branches (see GitLab [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/))",
- "variables": [
- {
- "name": "K8S_REVIEW_SPACE",
- "description": "Kubernetes namespace for review env",
- "mandatory": true
- },
- {
- "name": "K8S_REVIEW_APP_NAME",
- "description": "The application name for review env (only define to override default)",
- "advanced": true
- },
- {
- "name": "K8S_REVIEW_AUTOSTOP_DURATION",
- "description": "The amount of time before GitLab will automatically stop `review` environments",
- "default": "4 hours"
- },
- {
- "name": "K8S_REVIEW_ENVIRONMENT_URL",
- "type": "url",
- "description": "The review environments url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "K8S_REVIEW_KUBE_CONFIG",
- "description": "Specific kubeconfig for review env (only define if not using exploded parameters and if different from global)",
- "secret": true
- },
- {
- "name": "K8S_REVIEW_URL",
- "type": "url",
- "description": "Kubernetes API url for review env (only define if using exploded kubeconfig parameters and if different from global)",
- "advanced": true
- },
- {
- "name": "K8S_REVIEW_TOKEN",
- "description": "Kubernetes API token for review env (only define if using exploded kubeconfig parameters and if different from global)",
- "secret": true
- },
- {
- "name": "K8S_REVIEW_CA_CERT",
- "description": "Kubernetes cluster server certificate authority for review env (only define if using exploded kubeconfig parameters and if different from global)",
- "secret": true
- }
- ]
- },
- {
- "id": "integration",
- "name": "Integration",
- "description": "A continuous-integration environment associated to your integration branch (`develop` by default)",
- "variables": [
- {
- "name": "K8S_INTEG_SPACE",
- "description": "Kubernetes namespace for integration env",
- "mandatory": true
- },
- {
- "name": "K8S_INTEG_APP_NAME",
- "description": "The application name for integration env (only define to override default)",
- "advanced": true
- },
- {
- "name": "K8S_INTEG_ENVIRONMENT_URL",
- "type": "url",
- "description": "The integration environment url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "K8S_INTEG_KUBE_CONFIG",
- "description": "Specific kubeconfig for integration env (only define if not using exploded parameters and if different from global)",
- "secret": true
- },
- {
- "name": "K8S_INTEG_URL",
- "type": "url",
- "description": "Kubernetes API url for integration env (only define if using exploded kubeconfig parameters and if different from global)",
- "advanced": true
- },
- {
- "name": "K8S_INTEG_TOKEN",
- "description": "Kubernetes API token for integration env (only define if using exploded kubeconfig parameters and if different from global)",
- "secret": true
- },
- {
- "name": "K8S_INTEG_CA_CERT",
- "description": "Kubernetes cluster server certificate authority for integration env (only define if using exploded kubeconfig parameters and if different from global)",
- "secret": true
- }
- ]
- },
- {
- "id": "staging",
- "name": "Staging",
- "description": "An iso-prod environment meant for testing and validation purpose on your production branch (`main` or `master` by default)",
- "variables": [
- {
- "name": "K8S_STAGING_SPACE",
- "description": "Kubernetes namespace for staging env",
- "mandatory": true
- },
- {
- "name": "K8S_STAGING_APP_NAME",
- "description": "The application name for staging env (only define to override default)",
- "advanced": true
- },
- {
- "name": "K8S_STAGING_ENVIRONMENT_URL",
- "type": "url",
- "description": "The staging environment url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "K8S_STAGING_KUBE_CONFIG",
- "description": "Specific kubeconfig for staging env (only define if not using exploded parameters and if different from global)",
- "secret": true
- },
- {
- "name": "K8S_STAGING_URL",
- "type": "url",
- "description": "Kubernetes API url for staging env (only define if using exploded kubeconfig parameters and if different from global)",
- "advanced": true
- },
- {
- "name": "K8S_STAGING_TOKEN",
- "description": "Kubernetes API token for staging env (only define if using exploded kubeconfig parameters and if different from global)",
- "secret": true
- },
- {
- "name": "K8S_STAGING_CA_CERT",
- "description": "Kubernetes cluster server certificate authority for staging env (only define if using exploded kubeconfig parameters and if different from global)",
- "secret": true
- }
- ]
- },
- {
- "id": "prod",
- "name": "Production",
- "description": "The production environment",
- "variables": [
- {
- "name": "K8S_PROD_SPACE",
- "description": "Kubernetes namespace for production env",
- "mandatory": true
- },
- {
- "name": "K8S_PROD_APP_NAME",
- "description": "The application name for production env (only define to override default)",
- "advanced": true
- },
- {
- "name": "K8S_PROD_ENVIRONMENT_URL",
- "type": "url",
- "description": "The production environment url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "K8S_PROD_DEPLOY_STRATEGY",
- "description": "Defines the deployment to production strategy.",
- "type": "enum",
- "values": ["manual", "auto"],
- "default": "manual"
- },
- {
- "name": "K8S_PROD_KUBE_CONFIG",
- "description": "Specific kubeconfig for production env (only define if not using exploded parameters and if different from global)",
- "secret": true
- },
- {
- "name": "K8S_PROD_URL",
- "type": "url",
- "description": "Kubernetes API url for production env (only define if using exploded kubeconfig parameters and if different from global)",
- "advanced": true
- },
- {
- "name": "K8S_PROD_TOKEN",
- "description": "Kubernetes API token for production env (only define if using exploded kubeconfig parameters and if different from global)",
- "secret": true
- },
- {
- "name": "K8S_PROD_CA_CERT",
- "description": "Kubernetes cluster server certificate authority for production env (only define if using exploded kubeconfig parameters and if different from global)",
- "secret": true
- }
- ]
- }
- ],
- "variants": [
- {
- "id": "vault",
- "name": "Vault",
- "description": "Retrieve secrets from a [Vault](https://www.vaultproject.io/) server",
- "template_path": "templates/gitlab-ci-k8s-vault.yml",
- "variables": [
- {
- "name": "TBC_VAULT_IMAGE",
- "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",
- "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",
- "advanced": true
- },
- {
- "name": "VAULT_BASE_URL",
- "description": "The Vault server base API url"
- },
- {
- "name": "VAULT_OIDC_AUD",
- "description": "The `aud` claim for the JWT",
- "default": "$CI_SERVER_URL"
- },
- {
- "name": "VAULT_ROLE_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID",
- "mandatory": true,
- "secret": true
- },
- {
- "name": "VAULT_SECRET_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID",
- "mandatory": true,
- "secret": true
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "6.1.0",
- "tags": [
- "6.1.0",
- "6.1",
- "6.0.2",
- "6.0.1",
- "6.0.0",
- "6.0",
- "6",
- "5.2.0",
- "5.2",
- "5.1.0",
- "5.1",
- "5.0.0",
- "5.0",
- "5",
- "4.1.0",
- "4.1",
- "4.0.0",
- "4.0",
- "4",
- "3.5.0",
- "3.5",
- "3.4.3",
- "3.4.2",
- "3.4.1",
- "3.4.0",
- "3.4",
- "3.3.3",
- "3.3.2",
- "3.3.1",
- "3.3.0",
- "3.3",
- "3.2.0",
- "3.2",
- "3.1.1",
- "3.1.0",
- "3.1",
- "3.0.0",
- "3.0",
- "3",
- "2.3.2",
- "2.3.1",
- "2.3.0",
- "2.3",
- "2.2.0",
- "2.2",
- "2.1.0",
- "2.0.7",
- "2.0.6",
- "2.0.5",
- "2.0.4",
- "2.0.3",
- "2.0.2",
- "2.0.1",
- "2.0.0",
- "2",
- "1.3.1",
- "1.3.0",
- "1.2.0",
- "1.1.0",
- "1.0.0"
- ],
- "name": "kubernetes",
- "path": "to-be-continuous/kubernetes",
- "web_url": "https://gitlab.com/to-be-continuous/kubernetes",
- "avatar": "https://gitlab.com/to-be-continuous/kubernetes/-/avatar"
- }
- },
- {
- "name": "Lighthouse",
- "description": "Continuously analyse your web apps and web pages performances and developer best practices with [Lighthouse CI](https://github.com/GoogleChrome/lighthouse-ci)",
- "template_path": "templates/gitlab-ci-lighthouse.yml",
- "kind": "acceptance",
- "prefix": "lhci",
- "is_component": true,
- "variables": [
- {
- "name": "LHCI_IMAGE",
- "description": "The Docker image used to run Lighthouse CI (use [browser images](https://github.com/cypress-io/cypress-docker-images/tree/master/browsers) only).",
- "default": "registry.hub.docker.com/cypress/browsers:latest"
- },
- {
- "name": "LHCI_VERSION",
- "description": "Lighthouse CI version to run",
- "default": "latest",
- "advanced": true
- },
- {
- "name": "LHCI_RUN_OPTS",
- "description": "Lighthouse CI [autorun options](https://github.com/GoogleChrome/lighthouse-ci/blob/main/docs/configuration.md#autorun)",
- "default": "--upload.target=filesystem --collect.settings.chromeFlags=\"--no-sandbox\" --collect.url=\"%{environment_url}\"",
- "advanced": true
- },
- {
- "name": "REVIEW_ENABLED",
- "description": "Set to enable Cypress tests on review environments (dynamic environments instantiated on development branches)",
- "type": "boolean"
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "1.2.0",
- "tags": [
- "1.2.0",
- "1.2",
- "1.1.0",
- "1.1",
- "1.0.2",
- "1.0.1",
- "1.0.0",
- "1.0",
- "1"
- ],
- "name": "lighthouse",
- "path": "to-be-continuous/lighthouse",
- "web_url": "https://gitlab.com/to-be-continuous/lighthouse",
- "avatar": "https://gitlab.com/to-be-continuous/lighthouse/-/avatar"
- }
- },
- {
- "name": "GNU Make",
- "description": "GitLab CI template for [GNU Make](https://www.gnu.org/software/make/)",
- "template_path": "templates/gitlab-ci-make.yml",
- "kind": "build",
- "prefix": "make",
- "is_component": true,
- "variables": [
- {
- "name": "MAKE_IMAGE",
- "description": "The Docker image used to run GNU Make - **set the image required by your project** (see doc)",
- "default": "registry.hub.docker.com/alpinelinux/build-base"
- },
- {
- "name": "MAKE_BUILD_ARGS",
- "description": "Make [options](https://www.gnu.org/software/make/manual/html_node/Options-Summary.html) and [goals](https://www.gnu.org/software/make/manual/html_node/Goals.html) for the build & test job",
- "default": "all test"
- },
- {
- "name": "MAKE_PROJECT_DIR",
- "description": "Makefile root directory",
- "default": ".",
- "advanced": true
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "1.4.0",
- "tags": [
- "1.4.0",
- "1.4",
- "1.3.0",
- "1.3",
- "1.2.0",
- "1.2",
- "1.1.3",
- "1.1.2",
- "1.1.1",
- "1.1.0",
- "1.1",
- "1.0.0",
- "1.0",
- "1"
- ],
- "name": "make",
- "path": "to-be-continuous/make",
- "web_url": "https://gitlab.com/to-be-continuous/make",
- "avatar": "https://gitlab.com/to-be-continuous/make/-/avatar"
- }
- },
- {
- "name": "Maven",
- "description": "Build, test and analyse your [Maven](https://maven.apache.org/)-based projects",
- "template_path": "templates/gitlab-ci-maven.yml",
- "kind": "build",
- "prefix": "maven",
- "is_component": true,
- "variables": [
- {
- "name": "MAVEN_IMAGE",
- "description": "The Docker image used to run Maven - **set the version required by your project**",
- "default": "registry.hub.docker.com/library/maven:latest"
- },
- {
- "name": "MAVEN_PROJECT_DIR",
- "description": "Maven project root directory",
- "default": ".",
- "advanced": true
- },
- {
- "name": "MAVEN_CFG_DIR",
- "description": "The Maven configuration directory",
- "default": ".m2",
- "advanced": true
- },
- {
- "name": "MAVEN_SETTINGS_FILE",
- "description": "The Maven `settings.xml` file path",
- "default": "$MAVEN_CFG_DIR/settings.xml",
- "advanced": true
- },
- {
- "name": "MAVEN_OPTS",
- "description": "[Global Maven options](http://maven.apache.org/configure.html#maven_opts-environment-variable)",
- "default": "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=${MAVEN_CFG_DIR}/repository -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true",
- "advanced": true
- },
- {
- "name": "MAVEN_CLI_OPTS",
- "description": "Additional [Maven options](https://maven.apache.org/ref/3-LATEST/maven-embedder/cli.html) used on the command line",
- "default": "--no-transfer-progress --batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true",
- "advanced": true
- },
- {
- "name": "MAVEN_BUILD_ARGS",
- "description": "Maven arguments for the build & test job",
- "default": "org.jacoco:jacoco-maven-plugin:prepare-agent verify org.jacoco:jacoco-maven-plugin:report",
- "advanced": true
- }
- ],
- "features": [
- {
- "id": "sonar",
- "name": "SONAR",
- "description": "Code quality and security analysis with [SONARQube](https://www.sonarqube.org/)",
- "variables": [
- {
- "name": "SONAR_HOST_URL",
- "type": "url",
- "description": "SonarQube server url",
- "mandatory": true
- },
- {
- "name": "SONAR_TOKEN",
- "description": "SonarQube authentication token (see https://docs.sonarsource.com/sonarqube-server/latest/user-guide/managing-tokens/) - depends on your authentication method",
- "secret": true
- },
- {
- "name": "SONAR_LOGIN",
- "description": "SonarQube login (depends on your authentication method)",
- "secret": true
- },
- {
- "name": "SONAR_PASSWORD",
- "description": "SonarQube password (depends on your authentication method)",
- "secret": true
- },
- {
- "name": "SONAR_BASE_ARGS",
- "description": "SonarQube [analysis arguments](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/analysis-parameters/)",
- "default": "sonar:sonar -Dsonar.links.homepage=${CI_PROJECT_URL} -Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines -Dsonar.links.issue=${CI_PROJECT_URL}/-/issues",
- "advanced": true
- },
- {
- "name": "SONAR_QUALITY_GATE_ENABLED",
- "description": "Enables SonarQube [Quality Gate](https://docs.sonarsource.com/sonarqube-server/latest/instance-administration/analysis-functions/quality-gates/) verification.\n\n_Uses `sonar.qualitygate.wait` parameter ([see doc](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/ci-integration/overview/#quality-gate-fails))._",
- "type": "boolean"
- }
- ]
- },
- {
- "id": "dependency-check",
- "name": "Dependency-Check",
- "description": "[Dependency-Check](https://jeremylong.github.io/DependencyCheck/dependency-check-maven/configuration.html) analysis",
- "disable_with": "MAVEN_DEPENDENCY_CHECK_DISABLED",
- "variables": [
- {
- "name": "MAVEN_DEPENDENCY_CHECK_ARGS",
- "description": "Maven arguments for Dependency Check job",
- "default": "org.owasp:dependency-check-maven:aggregate -DretireJsAnalyzerEnabled=false -DassemblyAnalyzerEnabled=false -Dformats=HTML,JSON,XML",
- "advanced": true
- }
- ]
- },
- {
- "id": "forbid-snapshot-dependencies",
- "name": "Snapshot dependencies verification",
- "description": "This job verifies your project has no _snapshot_ dependencies. Failure is allowed in feature branches.",
- "disable_with": "MVN_FORBID_SNAPSHOT_DEPENDENCIES_DISABLED"
- },
- {
- "id": "sbom",
- "name": "Software Bill of Materials",
- "description": "This job generates a file listing all dependencies using [cyclonedx-maven-plugin](https://github.com/CycloneDX/cyclonedx-maven-plugin)",
- "disable_with": "MAVEN_SBOM_DISABLED",
- "variables": [
- {
- "name": "MAVEN_SBOM_GEN_ARGS",
- "description": "Maven command used for SBOM analysis",
- "default": "org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom",
- "advanced": true
- }
- ]
- },
- {
- "id": "publish",
- "name": "Publish",
- "description": "Publish [Snapshot](https://maven.apache.org/plugins/maven-deploy-plugin/) & [Releases](http://maven.apache.org/maven-release/maven-release-plugin) to a Maven-compliant repository",
- "enable_with": "MAVEN_DEPLOY_ENABLED",
- "variables": [
- {
- "name": "MAVEN_DEPLOY_ARGS",
- "description": "Maven arguments for the deploy job",
- "default": "deploy -Dmaven.test.skip=true",
- "advanced": true
- },
- {
- "name": "MAVEN_DEPLOY_FROM_UNPROTECTED_DISABLED",
- "description": "Set to limit snapshot publication to protected branches",
- "type": "boolean",
- "advanced": true
- },
- {
- "name": "MAVEN_DEPLOY_SNAPSHOT_WITH_SLUG_ENABLED",
- "description": "Enable to inject the Git branch slug in SNAPSHOT versions",
- "type": "boolean",
- "advanced": true
- },
- {
- "name": "MAVEN_RELEASE_ARGS",
- "description": "Maven arguments for the release job",
- "default": "release:prepare -DtagNameFormat=@{project.version} -Darguments=-Dmaven.test.skip=true",
- "advanced": true
- },
- {
- "name": "MAVEN_RELEASE_VERSION",
- "description": "Explicit version to use when triggering a release\n\n_Otherwise uses the current snapshot version from `pom.xml`)_",
- "advanced": true
- },
- {
- "name": "MAVEN_RELEASE_SCM_COMMENT_PREFIX",
- "description": "Maven release plugin [scmCommentPrefix](https://maven.apache.org/maven-release/maven-release-plugin/prepare-mojo.html#scmCommentPrefix) parameter",
- "default": "chore(maven-release): ",
- "advanced": true
- },
- {
- "name": "MAVEN_RELEASE_SCM_RELEASE_COMMENT",
- "description": "Maven release plugin [scmReleaseCommitComment](https://maven.apache.org/maven-release/maven-release-plugin/prepare-mojo.html#scmReleaseCommitComment) parameter\n\n(since Maven `3.0.0-M1`)",
- "advanced": true
- },
- {
- "name": "MAVEN_RELEASE_SCM_DEV_COMMENT",
- "description": "Maven release plugin [scmDevelopmentCommitComment](https://maven.apache.org/maven-release/maven-release-plugin/prepare-mojo.html#scmDevelopmentCommitComment) parameter\n\n(since Maven `3.0.0-M1`)",
- "advanced": true
- },
- {
- "name": "MVN_SEMREL_RELEASE_DISABLED",
- "description": "Disable semantic-release integration",
- "advanced": true
- },
- {
- "name": "GIT_USERNAME",
- "description": "Git username (if you wish to release using Git credentials)",
- "secret": true
- },
- {
- "name": "GIT_PASSWORD",
- "description": "Git password (if you wish to release using Git credentials)",
- "secret": true
- },
- {
- "name": "GIT_PRIVATE_KEY",
- "description": "Git private SSH key (if you wish to release using SSH key or GitLab Deploy Key)",
- "secret": true
- },
- {
- "name": "MAVEN_REPOSITORY_USERNAME",
- "description": "Maven repository username (inject in your settings.xml as ${env.MAVEN_REPOSITORY_USERNAME})",
- "secret": true
- },
- {
- "name": "MAVEN_REPOSITORY_PASSWORD",
- "description": "Maven repository password (inject in your settings.xml as ${env.MAVEN_REPOSITORY_PASSWORD})",
- "secret": true
- }
- ]
- }
- ],
- "variants": [
- {
- "id": "jib",
- "name": "Jib",
- "description": "Build Docker and OCI images for your Java applications with [Jib](https://github.com/GoogleContainerTools/jib)",
- "template_path": "templates/gitlab-ci-maven-jib.yml",
- "features": [
- {
- "id": "mvn-trivy",
- "name": "Maven Trivy",
- "description": "[Trivy](https://github.com/aquasecurity/trivy) vulnerability analysis",
- "disable_with": "MAVEN_TRIVY_DISABLED",
- "variables": [
- {
- "name": "MAVEN_TRIVY_IMAGE",
- "description": "The docker image used to scan images with Trivy",
- "default": "registry.hub.docker.com/aquasec/trivy:latest",
- "advanced": true
- },
- {
- "name": "MAVEN_TRIVY_ADDR",
- "type": "url",
- "description": "The Trivy server address"
- },
- {
- "name": "MAVEN_TRIVY_SECURITY_LEVEL_THRESHOLD",
- "type": "enum",
- "values": [
- "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL",
- "LOW,MEDIUM,HIGH,CRITICAL",
- "MEDIUM,HIGH,CRITICAL",
- "HIGH,CRITICAL",
- "CRITICAL"
- ],
- "description": "Severities of vulnerabilities to be displayed (comma separated values: `UNKNOWN`, `LOW`, `MEDIUM`, `HIGH`, `CRITICAL`)",
- "default": "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
- },
- {
- "name": "MAVEN_TRIVY_ARGS",
- "description": "Additional `trivy client` arguments",
- "default": "--ignore-unfixed --vuln-type os",
- "advanced": true
- }
- ]
- },
- {
- "id": "mvn-sbom",
- "name": "Maven Software Bill of Materials",
- "description": "This job generates a file listing all dependencies using [syft](https://github.com/anchore/syft)",
- "disable_with": "MAVEN_SBOM_DISABLED",
- "variables": [
- {
- "name": "MAVEN_SBOM_IMAGE",
- "default": "registry.hub.docker.com/anchore/syft:debug",
- "advanced": true
- },
- {
- "name": "MAVEN_SBOM_OPTS",
- "description": "Options for syft used for SBOM analysis",
- "default": "--catalogers rpm-db-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger,portage-cataloger",
- "advanced": true
- }
- ]
- }
- ],
- "variables": [
- {
- "name": "MAVEN_JIB_SNAPSHOT_IMAGE",
- "description": "Maven Jib Snapshot image",
- "default": "$CI_REGISTRY_IMAGE/snapshot:$CI_COMMIT_REF_SLUG"
- },
- {
- "name": "MAVEN_JIB_RELEASE_IMAGE",
- "description": "Maven Jib Release image",
- "default": "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"
- },
- {
- "name": "MAVEN_SKOPEO_IMAGE",
- "description": "The image used to publish images with Skopeo",
- "default": "quay.io/skopeo/stable:latest",
- "advanced": true
- },
- {
- "name": "MAVEN_JIB_BUILD_ARGS",
- "description": "[Jib Maven Plugin arguments](https://github.com/GoogleContainerTools/jib/tree/master/jib-maven-plugin#extended-usage)",
- "default": "-Djib.to.image=$MAVEN_JIB_SNAPSHOT_IMAGE"
- },
- {
- "name": "MAVEN_JIB_PROD_PUBLISH_STRATEGY",
- "description": "Defines the publish to production strategy.",
- "type": "enum",
- "values": ["none", "manual", "auto"],
- "default": "manual"
- },
- {
- "name": "MAVEN_JIB_PUBLISH_ARGS",
- "description": "Additional [`skopeo copy` arguments](https://github.com/containers/skopeo/blob/master/docs/skopeo-copy.1.md#options)"
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "3.9.0",
- "tags": [
- "3.9.0",
- "3.9",
- "3.8.0",
- "3.8",
- "3.7.1",
- "3.7.0",
- "3.7",
- "3.6.2",
- "3.6.1",
- "3.6.0",
- "3.6",
- "3.5.0",
- "3.5",
- "3.4.0",
- "3.4",
- "3.3.1",
- "3.3.0",
- "3.3",
- "3.2.3",
- "3.2.2",
- "3.2.1",
- "3.2.0",
- "3.2",
- "3.1.4",
- "3.1.3",
- "3.1.2",
- "3.1.1",
- "3.1.0",
- "3.1",
- "3.0.0",
- "3.0",
- "3",
- "2.3.0",
- "2.3",
- "2.2.0",
- "2.1.6",
- "2.1.5",
- "2.1.4",
- "2.1.3",
- "2.1.2",
- "2.1.1",
- "2.1.0",
- "2.0.1",
- "2.0.0",
- "2",
- "1.4.2",
- "1.4.1",
- "1.4.0",
- "1.3.0",
- "1.2.0",
- "1.1.2",
- "1.1.1",
- "1.1.0",
- "1.0.0"
- ],
- "name": "maven",
- "path": "to-be-continuous/maven",
- "web_url": "https://gitlab.com/to-be-continuous/maven",
- "avatar": "https://gitlab.com/to-be-continuous/maven/-/avatar"
- }
- },
- {
- "name": "MkDocs",
- "description": "Build your static website with [MkDocs](https://www.mkdocs.org/)",
- "template_path": "templates/gitlab-ci-mkdocs.yml",
- "kind": "build",
- "prefix": "mkd",
- "is_component": true,
- "variables": [
- {
- "name": "MKD_IMAGE",
- "description": "The Docker image used to run MkDocs",
- "default": "registry.hub.docker.com/polinux/mkdocs:latest"
- },
- {
- "name": "MKD_BUILD_ARGS",
- "description": "Arguments used by the build job",
- "advanced": true
- },
- {
- "name": "MKD_WORKSPACE_DIR",
- "description": "MkDocs sources directory",
- "default": ".",
- "advanced": true
- },
- {
- "name": "MKD_SITE_DIR",
- "description": "MkDocs generated site directory (relative to `$MKD_WORKSPACE_DIR`)",
- "default": "site",
- "advanced": true
- },
- {
- "name": "MKD_REQUIREMENTS_FILE",
- "description": "Requirements file. If the file is not found in the repository, requirements are read from the `MKD_REQUIREMENTS` variable",
- "default": "requirements.txt",
- "advanced": true
- },
- {
- "name": "MKD_REQUIREMENTS",
- "description": "Space separated requirements (ignored if a requirement file is found)",
- "default": "mkdocs",
- "advanced": true
- },
- {
- "name": "MKD_PREBUILD_SCRIPT",
- "description": "Pre-build hook script",
- "default": "mkdocs-pre-build.sh",
- "advanced": true
- },
- {
- "name": "PIP_OPTS",
- "description": "pip extra [options](https://pip.pypa.io/en/stable/cli/pip/#general-options)",
- "advanced": true
- }
- ],
- "features": [
- {
- "id": "lychee",
- "name": "lychee",
- "description": "Checks broken links and emails with [lychee](https://github.com/lycheeverse/lychee)",
- "enable_with": "MKD_LYCHEE_ENABLED",
- "variables": [
- {
- "name": "MKD_LYCHEE_IMAGE",
- "description": "The Docker image used to run [lychee](https://github.com/lycheeverse/lychee)",
- "default": "registry.hub.docker.com/lycheeverse/lychee:latest",
- "advanced": true
- },
- {
- "name": "MKD_LYCHEE_ARGS",
- "description": "[lychee arguments](https://github.com/lycheeverse/lychee#commandline-parameters) to execute",
- "default": "docs/"
- }
- ]
- }
- ],
- "variants": [
- {
- "id": "pages",
- "name": "GitLab Pages",
- "description": "Adds a job to publish the generated site to GitLab pages",
- "template_path": "templates/gitlab-ci-mkdocs-pages.yml"
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "2.4.0",
- "tags": [
- "2.4.0",
- "2.4",
- "2.3.1",
- "2.3.0",
- "2.3",
- "2.2.1",
- "2.2.0",
- "2.2",
- "2.1.0",
- "2.1",
- "2.0.1",
- "2.0.0",
- "2.0",
- "2",
- "1.5.0",
- "1.5",
- "1.4.3",
- "1.4.2",
- "1.4.1",
- "1.4.0",
- "1.3.0",
- "1.2.0",
- "1.1.1",
- "1.1.0",
- "1.0.0",
- "1"
- ],
- "name": "mkdocs",
- "path": "to-be-continuous/mkdocs",
- "web_url": "https://gitlab.com/to-be-continuous/mkdocs",
- "avatar": "https://gitlab.com/to-be-continuous/mkdocs/-/avatar"
- }
- },
- {
- "name": "MobSF",
- "description": "Perform pen-testing, malware analysis and security assessment for mobile applications with [Mobile Security Framework](https://github.com/MobSF/Mobile-Security-Framework-MobSF) (MobSF)",
- "template_path": "templates/gitlab-ci-mobsf.yml",
- "kind": "analyse",
- "prefix": "mobsf",
- "is_component": true,
- "variables": [
- {
- "name": "MOBSF_CLIENT_IMAGE",
- "description": "The Docker image used to send requests to the MobSF server",
- "default": "registry.hub.docker.com/badouralix/curl-jq"
- },
- {
- "name": "MOBSF_SERVER_URL",
- "description": "URL of MobSF server",
- "mandatory": false
- },
- {
- "name": "MOBSF_API_KEY",
- "description": "API key of the MobSF server",
- "secret": true
- },
- {
- "name": "MOBSF_APP_FILE",
- "description": "Application package file (APK or IPA)",
- "mandatory": true
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "2.3.0",
- "tags": [
- "2.3.0",
- "2.3",
- "2.2.0",
- "2.2",
- "2.1.3",
- "2.1.2",
- "2.1.1",
- "2.1.0",
- "2.1",
- "2.0.2",
- "2.0.1",
- "2.0.0",
- "2.0",
- "2",
- "1.2.0",
- "1.2",
- "1.1.0",
- "1.0.1",
- "1.0.0",
- "1"
- ],
- "name": "mobsf",
- "path": "to-be-continuous/mobsf",
- "web_url": "https://gitlab.com/to-be-continuous/mobsf",
- "avatar": "https://gitlab.com/to-be-continuous/mobsf/-/avatar"
- }
- },
- {
- "name": "Node.js",
- "description": "Build, test and analyse your JavaScript/TypeScript/[Node.js](https://nodejs.org/) projects",
- "template_path": "templates/gitlab-ci-node.yml",
- "kind": "build",
- "prefix": "node",
- "is_component": true,
- "variables": [
- {
- "name": "NODE_CONFIG_REGISTRY",
- "description": "npm [registry](https://docs.npmjs.com/cli/v8/using-npm/registry) ",
- "type": "url",
- "advanced": true
- },
- {
- "name": "NODE_IMAGE",
- "description": "The Docker image used to run Node.js - **set the version required by your project**",
- "default": "registry.hub.docker.com/library/node:lts-alpine"
- },
- {
- "name": "NODE_MANAGER",
- "description": "The package manager used by your project (npm, yarn or pnpm) - **if undefined, automatic detection**",
- "default": "auto",
- "type": "enum",
- "values": ["auto", "npm", "yarn", "pnpm"],
- "advanced": true
- },
- {
- "name": "NODE_PROJECT_DIR",
- "description": "Node project root directory",
- "default": ".",
- "advanced": true
- },
- {
- "name": "NODE_SOURCE_DIR",
- "description": "Sources directory",
- "default": "src",
- "advanced": true
- },
- {
- "name": "NODE_CONFIG_SCOPED_REGISTRIES",
- "description": "Space separated list of NPM [scoped registries](https://docs.npmjs.com/cli/v8/using-npm/scope#associating-a-scope-with-a-registry) (formatted as `@somescope:https://some.npm.registry/some/repo @anotherscope:https://another.npm.registry/another/repo`)",
- "advanced": true
- },
- {
- "name": "NODE_BUILD_ARGS",
- "description": "npm [run script](https://docs.npmjs.com/cli/v8/commands/npm-run-script) arguments - yarn [run script](https://classic.yarnpkg.com/en/docs/cli/run) arguments - pnpm [run script](https://pnpm.io/cli/run) arguments",
- "default": "run build --prod",
- "advanced": true
- },
- {
- "name": "NODE_BUILD_DIR",
- "description": "Variable to define build directory",
- "default": "dist",
- "advanced": true
- },
- {
- "name": "NODE_TEST_ARGS",
- "description": "npm [test](https://docs.npmjs.com/cli/v8/commands/npm-test) arguments - yarn [test](https://classic.yarnpkg.com/en/docs/cli/test) arguments - pnpm [test](https://pnpm.io/cli/test) arguments",
- "default": "test -- --coverage",
- "advanced": true
- },
- {
- "name": "NODE_INSTALL_EXTRA_OPTS",
- "description": "Extra options to install project dependencies (either [`npm ci`](https://docs.npmjs.com/cli/ci.html/), [`yarn install`](https://yarnpkg.com/cli/install) or [`pnpm install`](https://pnpm.io/cli/install))",
- "advanced": true
- }
- ],
- "features": [
- {
- "id": "node-lint",
- "name": "node lint",
- "description": "node lint analysis",
- "enable_with": "NODE_LINT_ENABLED",
- "variables": [
- {
- "name": "NODE_LINT_ARGS",
- "description": "npm [run script](https://docs.npmjs.com/cli/v8/commands/npm-run-script) arguments to execute the lint analysis - yarn [run script](https://classic.yarnpkg.com/en/docs/cli/run) arguments to execute the lint analysis - pnpm [run script](https://pnpm.io/cli/run) arguments to execute the lint analysis",
- "default": "run lint",
- "advanced": true
- }
- ]
- },
- {
- "id": "node-audit",
- "name": "node audit",
- "description": "node audit analysis",
- "disable_with": "NODE_AUDIT_DISABLED",
- "variables": [
- {
- "name": "NODE_AUDIT_ARGS",
- "description": "npm [audit](https://docs.npmjs.com/cli/v8/commands/npm-audit) arguments - yarn [audit](https://classic.yarnpkg.com/en/docs/cli/audit) arguments - [pnpm audit](https://pnpm.io/cli/audit) arguments",
- "default": "--audit-level=low"
- }
- ]
- },
- {
- "id": "node-outdated",
- "name": "node outdated",
- "description": "node outdated analysis",
- "disable_with": "NODE_OUTDATED_DISABLED",
- "variables": [
- {
- "name": "NODE_OUTDATED_ARGS",
- "description": "npm [outdated](https://docs.npmjs.com/cli/v8/commands/npm-outdated) arguments - yarn [outdated](https://classic.yarnpkg.com/lang/en/docs/cli/outdated/) arguments - pnpm [outdated](https://pnpm.io/cli/outdated) arguments",
- "default": "--long"
- }
- ]
- },
- {
- "id": "sbom",
- "name": "Software Bill of Materials",
- "description": "This job generates a file listing all dependencies using [@cyclonedx/cyclonedx-npm](https://www.npmjs.com/package/@cyclonedx/cyclonedx-npm)",
- "disable_with": "NODE_SBOM_DISABLED",
- "variables": [
- {
- "name": "NODE_SBOM_VERSION",
- "description": "Version of the @cyclonedx/cyclonedx-npm used for SBOM analysis",
- "advanced": true
- },
- {
- "name": "NODE_SBOM_OPTS",
- "description": "Options for @cyclonedx/cyclonedx-npm used for SBOM analysis",
- "default": "--omit dev",
- "advanced": true
- }
- ]
- },
- {
- "id": "publish",
- "name": "Publish",
- "description": "[publishes](https://docs.npmjs.com/cli/v8/commands/npm-publish) the project package to a npm registry",
- "enable_with": "NODE_PUBLISH_ENABLED",
- "variables": [
- {
- "name": "NODE_PUBLISH_ARGS",
- "description": "npm [publish](https://docs.npmjs.com/cli/v8/commands/npm-publish) extra arguments - yarn [publish](https://classic.yarnpkg.com/lang/en/docs/cli/publish/) extra arguments - pnpm [publish](https://pnpm.io/cli/publish) extra arguments",
- "advanced": true
- },
- {
- "name": "NODE_PUBLISH_TOKEN",
- "description": "npm publication registry authentication token",
- "secret": true
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "3.11.0",
- "tags": [
- "3.11.0",
- "3.11",
- "3.10.1",
- "3.10.0",
- "3.10",
- "3.9.0",
- "3.9",
- "3.8.0",
- "3.8",
- "3.7.1",
- "3.7.0",
- "3.7",
- "3.6.0",
- "3.6",
- "3.5.3",
- "3.5.2",
- "3.5.1",
- "3.5.0",
- "3.5",
- "3.4.2",
- "3.4.1",
- "3.4.0",
- "3.4",
- "3.3.0",
- "3.3",
- "3.2.1",
- "3.2.0",
- "3.2",
- "3.1.0",
- "3.1",
- "3.0.1",
- "3.0.0",
- "3.0",
- "3",
- "2.4.0",
- "2.4",
- "2.3.0",
- "2.3",
- "2.2.0",
- "2.1.0",
- "2.0.2",
- "2.0.1",
- "2.0.0",
- "2",
- "1.2.0",
- "1.1.1",
- "1.1.0",
- "1.0.0"
- ],
- "name": "node",
- "path": "to-be-continuous/node",
- "web_url": "https://gitlab.com/to-be-continuous/node",
- "avatar": "https://gitlab.com/to-be-continuous/node/-/avatar"
- }
- },
- {
- "name": "OpenShift",
- "description": "Deploy your application to an [OpenShift](https://www.openshift.com/) platform",
- "template_path": "templates/gitlab-ci-openshift.yml",
- "kind": "hosting",
- "prefix": "os",
- "is_component": true,
- "variables": [
- {
- "name": "OS_CLI_IMAGE",
- "description": "the Docker image used to run OpenShift Client (OC) CLI commands - **set the version required by your OpenShift server**",
- "default": "quay.io/openshift/origin-cli:latest"
- },
- {
- "name": "OS_URL",
- "type": "url",
- "description": "Global OpenShift API url",
- "mandatory": true
- },
- {
- "name": "OS_TOKEN",
- "description": "Global OpenShift API token",
- "secret": true,
- "mandatory": true
- },
- {
- "name": "OS_BASE_APP_NAME",
- "description": "Base application name",
- "default": "$CI_PROJECT_NAME",
- "advanced": true
- },
- {
- "name": "OS_BASE_TEMPLATE_NAME",
- "description": "Base OpenShift template name",
- "default": "openshift",
- "advanced": true
- },
- {
- "name": "OS_ENVIRONMENT_URL",
- "type": "url",
- "description": "The default environments url _(only define for static environment URLs declaration)_\n\n_supports late variable expansion (ex: `https://%{environment_name}.openshift.acme.com`)_"
- },
- {
- "name": "OS_SCRIPTS_DIR",
- "description": "directory where OpenShift scripts (templates, hook scripts) are located",
- "default": ".",
- "advanced": true
- },
- {
- "name": "OS_APP_LABEL",
- "description": "The OpenShift [label](https://docs.openshift.com/container-platform/3.11/dev_guide/templates.html#writing-labels) set with the `$environment_name` dynamic variable.",
- "default": "app",
- "advanced": true
- },
- {
- "name": "OS_ENV_LABEL",
- "description": "The OpenShift [label](https://docs.openshift.com/container-platform/3.11/dev_guide/templates.html#writing-labels) set with the `$environment_type` dynamic variable.",
- "default": "env",
- "advanced": true
- }
- ],
- "features": [
- {
- "id": "review",
- "name": "Review",
- "description": "Dynamic review environments for your topic branches (see GitLab [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/))",
- "variables": [
- {
- "name": "OS_REVIEW_PROJECT",
- "description": "OpenShift project for review env",
- "mandatory": true
- },
- {
- "name": "OS_REVIEW_APP_NAME",
- "description": "The application name for review env (only define to override default)",
- "advanced": true
- },
- {
- "name": "OS_REVIEW_AUTOSTOP_DURATION",
- "description": "The amount of time before GitLab will automatically stop `review` environments",
- "default": "4 hours"
- },
- {
- "name": "OS_REVIEW_ENVIRONMENT_URL",
- "type": "url",
- "description": "The review environments url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "OS_REVIEW_URL",
- "type": "url",
- "description": "OpenShift API url for review env (only define to override default)",
- "advanced": true
- },
- {
- "name": "OS_REVIEW_TOKEN",
- "description": "OpenShift API token for review env (only define to override default)",
- "secret": true
- },
- {
- "name": "CLEANUP_ALL_REVIEW",
- "description": "Enables a **manual** job to cleanup all review envs at once.\n\nYou may also use it to [schedule](https://docs.gitlab.com/ee/ci/pipelines/schedules.html) cloud resources cleanup. See documentation.",
- "type": "boolean"
- }
- ]
- },
- {
- "id": "integration",
- "name": "Integration",
- "description": "A continuous-integration environment associated to your integration branch (`develop` by default)",
- "variables": [
- {
- "name": "OS_INTEG_PROJECT",
- "description": "OpenShift project for integration env",
- "mandatory": true
- },
- {
- "name": "OS_INTEG_APP_NAME",
- "description": "The application name for integration env (only define to override default)",
- "advanced": true
- },
- {
- "name": "OS_INTEG_ENVIRONMENT_URL",
- "type": "url",
- "description": "The integration environment url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "OS_INTEG_URL",
- "type": "url",
- "description": "OpenShift API url for integration env (only define to override default)",
- "advanced": true
- },
- {
- "name": "OS_INTEG_TOKEN",
- "description": "OpenShift API token for integration env (only define to override default)",
- "secret": true
- }
- ]
- },
- {
- "id": "staging",
- "name": "Staging",
- "description": "An iso-prod environment meant for testing and validation purpose on your production branch (`main` or `master` by default)",
- "variables": [
- {
- "name": "OS_STAGING_PROJECT",
- "description": "OpenShift project for staging env",
- "mandatory": true
- },
- {
- "name": "OS_STAGING_APP_NAME",
- "description": "The application name for staging env (only define to override default)",
- "advanced": true
- },
- {
- "name": "OS_STAGING_ENVIRONMENT_URL",
- "type": "url",
- "description": "The staging environment url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "OS_STAGING_URL",
- "type": "url",
- "description": "OpenShift API url for staging env (only define to override default)",
- "advanced": true
- },
- {
- "name": "OS_STAGING_TOKEN",
- "description": "OpenShift API token for staging env (only define to override default)",
- "secret": true
- }
- ]
- },
- {
- "id": "prod",
- "name": "Production",
- "description": "The production environment",
- "variables": [
- {
- "name": "OS_PROD_PROJECT",
- "description": "OpenShift project for production env",
- "mandatory": true
- },
- {
- "name": "OS_PROD_APP_NAME",
- "description": "The application name for production env (only define to override default)",
- "advanced": true
- },
- {
- "name": "OS_PROD_ENVIRONMENT_URL",
- "type": "url",
- "description": "The production environment url _(only define for static environment URLs declaration and if different from default)_",
- "advanced": true
- },
- {
- "name": "OS_PROD_DEPLOY_STRATEGY",
- "description": "Defines the deployment to production strategy.",
- "type": "enum",
- "values": ["manual", "auto"],
- "default": "manual"
- },
- {
- "name": "OS_PROD_URL",
- "type": "url",
- "description": "OpenShift API url for production env (only define to override default)",
- "advanced": true
- },
- {
- "name": "OS_PROD_TOKEN",
- "description": "OpenShift API token for production env (only define to override default)",
- "secret": true
- }
- ]
- }
- ],
- "variants": [
- {
- "id": "vault",
- "name": "Vault",
- "description": "Retrieve secrets from a [Vault](https://www.vaultproject.io/) server",
- "template_path": "templates/gitlab-ci-openshift-vault.yml",
- "variables": [
- {
- "name": "TBC_VAULT_IMAGE",
- "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",
- "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",
- "advanced": true
- },
- {
- "name": "VAULT_BASE_URL",
- "description": "The Vault server base API url"
- },
- {
- "name": "VAULT_OIDC_AUD",
- "description": "The `aud` claim for the JWT",
- "default": "$CI_SERVER_URL"
- },
- {
- "name": "VAULT_ROLE_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID",
- "mandatory": true,
- "secret": true
- },
- {
- "name": "VAULT_SECRET_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID",
- "mandatory": true,
- "secret": true
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "5.2.0",
- "tags": [
- "5.2.0",
- "5.2",
- "5.1.0",
- "5.1",
- "5.0.1",
- "5.0.0",
- "5.0",
- "5",
- "4.1.0",
- "4.1",
- "4.0.0",
- "4.0",
- "4",
- "3.1.0",
- "3.1",
- "3.0.0",
- "3.0",
- "3",
- "2.2.5",
- "2.2.4",
- "2.2.3",
- "2.2.2",
- "2.2.1",
- "2.2.0",
- "2.2",
- "2.1.0",
- "2.1",
- "2.0.0",
- "2.0",
- "2",
- "1.4.0",
- "1.4",
- "1.3.0",
- "1.3",
- "1.2.7",
- "1.2.6",
- "1.2.5",
- "1.2.4",
- "1.2.3",
- "1.2.2",
- "1.2.1",
- "1.2.0",
- "1.1.0",
- "1.0.0",
- "1"
- ],
- "name": "openshift",
- "path": "to-be-continuous/openshift",
- "web_url": "https://gitlab.com/to-be-continuous/openshift",
- "avatar": "https://gitlab.com/to-be-continuous/openshift/-/avatar"
- }
- },
- {
- "name": "PHP",
- "description": "Build, test and analyse your [PHP](https://www.php.net/) projects",
- "template_path": "templates/gitlab-ci-php.yml",
- "kind": "build",
- "prefix": "php",
- "is_component": true,
- "variables": [
- {
- "name": "PHP_IMAGE",
- "description": "The Docker image used to run PHP - **set the version required by your project**",
- "default": "registry.hub.docker.com/library/php:latest"
- },
- {
- "name": "PHP_PROJECT_DIR",
- "description": "The PHP project root directory",
- "default": ".",
- "advanced": true
- }
- ],
- "features": [
- {
- "id": "phpunit",
- "name": "PHPUnit",
- "description": "[PHPUnit](https://phpunit.readthedocs.io/) tests\n\nAutomatically enabled if a PHPUnit [XML configuration file](https://phpunit.readthedocs.io/en/9.5/configuration.html#appendixes-configuration) is found in the project (`phpunit.xml`)",
- "disable_with": "PHP_UNIT_DISABLED",
- "variables": [
- {
- "name": "PHP_UNIT_ARGS",
- "description": "Additional PHPUnit [options](https://phpunit.readthedocs.io/en/9.5/textui.html#command-line-options)",
- "advanced": true
- }
- ]
- },
- {
- "id": "codesniffer",
- "name": "PHP_CodeSniffer",
- "description": "[PHP_CodeSniffer](https://github.com/squizlabs/PHP_CodeSniffer) analysis",
- "disable_with": "PHP_CODESNIFFER_DISABLED",
- "variables": [
- {
- "name": "PHP_CODESNIFFER_ARGS",
- "description": "PHP_CodeSniffer [options](https://github.com/squizlabs/PHP_CodeSniffer/wiki/Configuration-Options)\n\nEither use this variable or use an [XML configuration file](https://github.com/squizlabs/PHP_CodeSniffer/wiki/Advanced-Usage#using-a-default-configuration-file) in your project.",
- "advanced": true
- }
- ]
- },
- {
- "id": "sbom",
- "name": "Software Bill of Materials",
- "description": "This job generates a file listing all dependencies using [@cyclonedx/cyclonedx-php](https://github.com/CycloneDX/cyclonedx-php-composer)",
- "disable_with": "PHP_SBOM_DISABLED",
- "variables": [
- {
- "name": "PHP_SBOM_VERSION",
- "description": "Version of the cyclonedx-php-composer used for SBOM analysis",
- "advanced": true
- },
- {
- "name": "PHP_SBOM_OPTS",
- "description": "[`cyclonedx/cyclonedx-php` options](https://github.com/CycloneDX/cyclonedx-php-composer#usage) used for SBOM analysis",
- "advanced": true
- }
- ]
- },
- {
- "id": "outdated",
- "name": "composer outdated",
- "description": "Shows the list of installed packages that have updates available (uses [`composer outdated`](https://getcomposer.org/doc/03-cli.md#outdated))",
- "variables": [
- {
- "name": "PHP_OUTDATED_OPTS",
- "description": "[`composer outdated` options](https://getcomposer.org/doc/03-cli.md#outdated)",
- "default": "--direct",
- "advanced": true
- }
- ]
- },
- {
- "id": "audit",
- "name": "composer audit",
- "description": " Scan your dependencies for vulnerabilities with [`composer audit`](https://getcomposer.org/doc/03-cli.md#audit)",
- "disable_with": "PHP_COMPOSER_AUDIT_DISABLED",
- "variables": [
- {
- "name": "PHP_COMPOSER_AUDIT_OPTS",
- "description": "[`composer audit` options](https://getcomposer.org/doc/03-cli.md#audit)",
- "default": "--locked",
- "advanced": true
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "4.6.0",
- "tags": [
- "4.6.0",
- "4.6",
- "4.5.0",
- "4.5",
- "4.4.2",
- "4.4.1",
- "4.4.0",
- "4.4",
- "4.3.0",
- "4.3",
- "4.2.2",
- "4.2.1",
- "4.2.0",
- "4.2",
- "4.1.0",
- "4.1",
- "4.0.0",
- "4.0",
- "4",
- "3.0.0",
- "3.0",
- "3",
- "2.1.0",
- "2.1",
- "2.0.1",
- "2.0.0",
- "2",
- "1.2.1",
- "1.2.0",
- "1.1.1",
- "1.1.0",
- "1.0.0"
- ],
- "name": "php",
- "path": "to-be-continuous/php",
- "web_url": "https://gitlab.com/to-be-continuous/php",
- "avatar": "https://gitlab.com/to-be-continuous/php/-/avatar"
- }
- },
- {
- "name": "Playwright",
- "description": "Run your automated tests with [Playwright](https://playwright.dev/docs/intro)",
- "template_path": "templates/gitlab-ci-playwright.yml",
- "kind": "acceptance",
- "prefix": "playwright",
- "is_component": true,
- "variables": [
- {
- "name": "PLAYWRIGHT_IMAGE",
- "description": "The Docker image used to run Playwright",
- "default": "mcr.microsoft.com/playwright:latest"
- },
- {
- "name": "PLAYWRIGHT_PROJECT_DIR",
- "description": "The Playwright root project directory (contains the `playwright.config.ts` file)",
- "default": "."
- },
- {
- "name": "PLAYWRIGHT_EXTRA_ARGS",
- "description": "Playwright extra [run options](https://playwright.dev/docs/test-cli)",
- "advanced": true
- },
- {
- "name": "REVIEW_ENABLED",
- "description": "Set to enable Playwright tests on review environments (dynamic environments instantiated on development branches)",
- "type": "boolean"
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "1.2.0",
- "tags": ["1.2.0", "1.2", "1.1.0", "1.1", "1.0.0", "1.0", "1"],
- "name": "playwright",
- "path": "to-be-continuous/playwright",
- "web_url": "https://gitlab.com/to-be-continuous/playwright",
- "avatar": "https://gitlab.com/to-be-continuous/playwright/-/avatar"
- }
- },
- {
- "name": "Postman",
- "description": "Run your automated (API) tests with [Postman](https://www.postman.com/automated-testing)",
- "template_path": "templates/gitlab-ci-postman.yml",
- "kind": "acceptance",
- "prefix": "postman",
- "is_component": true,
- "variables": [
- {
- "name": "POSTMAN_IMAGE",
- "description": "The Docker image used to run Postman CLI.",
- "default": "registry.hub.docker.com/postman/newman:latest"
- },
- {
- "name": "POSTMAN_COLLECTIONS",
- "description": "The matcher to select Postman collection file(s) to run.",
- "default": "postman/*collection.json"
- },
- {
- "name": "POSTMAN_EXTRA_ARGS",
- "description": "Newman extra [run options](https://github.com/postmanlabs/newman#command-line-options) (to use global variables, an environment or a data source for e.g.)",
- "advanced": true
- },
- {
- "name": "REVIEW_ENABLED",
- "description": "Set to enable Postman tests on review environments (dynamic environments instantiated on development branches)",
- "type": "boolean"
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "3.4.0",
- "tags": [
- "3.4.0",
- "3.4",
- "3.3.0",
- "3.3",
- "3.2.1",
- "3.2.0",
- "3.2",
- "3.1.1",
- "3.1.0",
- "3.1",
- "3.0.0",
- "3.0",
- "3",
- "2.1.0",
- "2.1",
- "2.0.2",
- "2.0.1",
- "2.0.0",
- "2",
- "1.2.0",
- "1.1.0",
- "1.0.0"
- ],
- "name": "postman",
- "path": "to-be-continuous/postman",
- "web_url": "https://gitlab.com/to-be-continuous/postman",
- "avatar": "https://gitlab.com/to-be-continuous/postman/-/avatar"
- }
- },
- {
- "name": "Puppeteer",
- "description": "Run your automated (web) tests with [Puppeteer](https://pptr.dev/)",
- "template_path": "templates/gitlab-ci-puppeteer.yml",
- "kind": "acceptance",
- "prefix": "puppeteer",
- "is_component": true,
- "variables": [
- {
- "name": "PUPPETEER_IMAGE",
- "description": "The Docker image used to run [Puppeteer](https://hub.docker.com/r/ghcr.io/puppeteer/puppeteer)",
- "default": "ghcr.io/puppeteer/puppeteer:latest"
- },
- {
- "name": "PUPPETEER_PROJECT_DIR",
- "description": "The Puppeteer project directory (containing `package.json`)",
- "default": "."
- },
- {
- "name": "PUPPETEER_TEST_EXTRA_ARGS",
- "description": "Testing framework extra options based on [Jest](https://jestjs.io/docs/en/cli)",
- "advanced": true
- },
- {
- "name": "REVIEW_ENABLED",
- "description": "Set to enable Puppeteer tests on review environments (dynamic environments instantiated on development branches)",
- "type": "boolean"
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "3.4.0",
- "tags": [
- "3.4.0",
- "3.4",
- "3.3.0",
- "3.3",
- "3.2.1",
- "3.2.0",
- "3.2",
- "3.1.0",
- "3.1",
- "3.0.0",
- "3.0",
- "3",
- "2.1.0",
- "2.1",
- "2.0.1",
- "2.0.0",
- "2",
- "1.2.0",
- "1.1.0",
- "1.0.0"
- ],
- "name": "puppeteer",
- "path": "to-be-continuous/puppeteer",
- "web_url": "https://gitlab.com/to-be-continuous/puppeteer",
- "avatar": "https://gitlab.com/to-be-continuous/puppeteer/-/avatar"
- }
- },
- {
- "name": "Python",
- "description": "Build, test and analyse your [Python](https://www.python.org/) projects",
- "template_path": "templates/gitlab-ci-python.yml",
- "kind": "build",
- "prefix": "python",
- "is_component": true,
- "variables": [
- {
- "name": "PYTHON_IMAGE",
- "description": "The Docker image used to run Python - **set the version required by your project**",
- "default": "registry.hub.docker.com/library/python:3"
- },
- {
- "name": "PYTHON_PROJECT_DIR",
- "description": "Python project root directory",
- "default": "."
- },
- {
- "name": "PYTHON_BUILD_SYSTEM",
- "description": "Python build-system to use to install dependencies, build and package the project",
- "type": "enum",
- "values": ["auto", "setuptools", "poetry", "pipenv", "reqfile"],
- "default": "auto",
- "advanced": true
- },
- {
- "name": "PYTHON_REQS_FILE",
- "description": "Main requirements file _(relative to `$PYTHON_PROJECT_DIR`)_\n\nFor [Requirements Files](https://pip.pypa.io/en/stable/user_guide/#requirements-files) build-system only",
- "default": "requirements.txt",
- "advanced": true
- },
- {
- "name": "PYTHON_EXTRA_REQS_FILES",
- "description": "Extra dev requirements file(s) to install _(relative to `$PYTHON_PROJECT_DIR`)_\n\nFor [Requirements Files](https://pip.pypa.io/en/stable/user_guide/#requirements-files) build-system only",
- "default": "requirements-dev.txt",
- "advanced": true
- },
- {
- "name": "PYTHON_COMPILE_ARGS",
- "description": "[`compileall` CLI options](https://docs.python.org/3/library/compileall.html)",
- "default": "*",
- "advanced": true
- },
- {
- "name": "PIP_OPTS",
- "description": "pip extra [options](https://pip.pypa.io/en/stable/cli/pip/#general-options)",
- "advanced": true
- },
- {
- "name": "PYTHON_EXTRA_DEPS",
- "description": "Extra sets of dependencies to install\n\nFor [Setuptools](https://setuptools.pypa.io/en/latest/userguide/dependency_management.html?highlight=extras#optional-dependencies) or [Poetry](https://python-poetry.org/docs/pyproject/#extras) only"
- }
- ],
- "features": [
- {
- "id": "package",
- "name": "package",
- "description": "This job allows building your Python project [distribution packages](https://packaging.python.org/en/latest/glossary/#term-Distribution-Package).",
- "enable_with": "PYTHON_PACKAGE_ENABLED"
- },
- {
- "id": "py-lint",
- "name": "py-lint",
- "description": "Code analysis based on [pylint](http://pylint.pycqa.org/en/latest/) Python lib.",
- "enable_with": "PYLINT_ENABLED",
- "variables": [
- {
- "name": "PYLINT_ARGS",
- "description": "Additional [pylint CLI options](http://pylint.pycqa.org/en/latest/user_guide/run.html#command-line-options)",
- "advanced": true
- },
- {
- "name": "PYLINT_FILES",
- "description": "Files or directories to analyse",
- "advanced": true
- }
- ]
- },
- {
- "id": "unittest",
- "name": "unittest",
- "description": "Unit tests based on [unittest](https://docs.python.org/3/library/unittest.html) framework",
- "enable_with": "UNITTEST_ENABLED",
- "variables": [
- {
- "name": "UNITTEST_ARGS",
- "description": "Additional xmlrunner/unittest CLI options",
- "advanced": true
- }
- ]
- },
- {
- "id": "pytest",
- "name": "pytest",
- "description": "Unit tests based on [pytest](https://docs.pytest.org/) framework",
- "enable_with": "PYTEST_ENABLED",
- "variables": [
- {
- "name": "PYTEST_ARGS",
- "description": "Additional [pytest](https://docs.pytest.org/en/stable/usage.html) or [pytest-cov](https://github.com/pytest-dev/pytest-cov#usage) CLI options",
- "advanced": true
- }
- ]
- },
- {
- "id": "py-nosetests",
- "name": "py-nosetests",
- "description": "Unit tests based on [nose](https://nose.readthedocs.io/) framework",
- "enable_with": "NOSETESTS_ENABLED",
- "variables": [
- {
- "name": "NOSETESTS_ARGS",
- "description": "Additional [nose CLI options](https://nose.readthedocs.io/en/latest/usage.html#options)",
- "advanced": true
- }
- ]
- },
- {
- "id": "bandit",
- "name": "Bandit",
- "description": "[Bandit](https://pypi.org/project/bandit/) analysis (SAST)",
- "enable_with": "BANDIT_ENABLED",
- "variables": [
- {
- "name": "BANDIT_ARGS",
- "description": "Additional [Bandit CLI options](https://github.com/PyCQA/bandit#usage)",
- "default": "--recursive .",
- "advanced": true
- }
- ]
- },
- {
- "id": "trivy",
- "name": "Trivy",
- "description": "Detect security vulnerabilities with [Trivy](https://github.com/aquasecurity/trivy/) (dependencies analysis)",
- "enable_with": "PYTHON_TRIVY_ENABLED",
- "variables": [
- {
- "name": "PYTHON_TRIVY_IMAGE",
- "description": "The Docker image used to run Trivy",
- "default": "registry.hub.docker.com/aquasec/trivy:latest",
- "advanced": true
- },
- {
- "name": "PYTHON_TRIVY_ARGS",
- "description": "Additional [Trivy CLI options](https://aquasecurity.github.io/trivy/v0.21.1/getting-started/cli/fs/)",
- "default": "--vuln-type library",
- "advanced": true
- }
- ]
- },
- {
- "id": "sbom",
- "name": "Software Bill of Materials",
- "description": "This job generates a file listing all dependencies using [syft](https://github.com/anchore/syft)",
- "disable_with": "PYTHON_SBOM_DISABLED",
- "variables": [
- {
- "name": "PYTHON_SBOM_SYFT_URL",
- "description": "Url to the `tar.gz` package for `linux_amd64` of Syft to use\n\n_When unset, the latest version will be used_",
- "advanced": true
- },
- {
- "name": "PYTHON_SBOM_NAME",
- "description": "Component name of the emitted SBOM",
- "default": "$CI_PROJECT_PATH/$PYTHON_PROJECT_DIR",
- "advanced": true
- },
- {
- "name": "PYTHON_SBOM_OPTS",
- "description": "Options for syft used for SBOM analysis",
- "default": "--override-default-catalogers python-package-cataloger",
- "advanced": true
- }
- ]
- },
- {
- "id": "release",
- "name": "Release",
- "description": "Manually trigger a release of your code (uses [bumpversion](https://pypi.org/project/bumpversion/))",
- "enable_with": "PYTHON_RELEASE_ENABLED",
- "variables": [
- {
- "name": "PYTHON_RELEASE_NEXT",
- "type": "enum",
- "values": ["", "major", "minor", "patch"],
- "description": "The part of the version to increase (one of: `major`, `minor`, `patch`)",
- "default": "minor",
- "advanced": true
- },
- {
- "name": "PYTHON_SEMREL_RELEASE_DISABLED",
- "description": "Disable semantic-release integration",
- "type": "boolean",
- "advanced": true
- },
- {
- "name": "PYTHON_RELEASE_COMMIT_MESSAGE",
- "description": "The Git commit message to use on the release commit. This is templated using the [Python Format String Syntax](http://docs.python.org/2/library/string.html#format-string-syntax). Available in the template context are current_version and new_version.",
- "default": "chore(python-release): {current_version} → {new_version}",
- "advanced": true
- },
- {
- "name": "GIT_USERNAME",
- "description": "Git username for Git push operations",
- "secret": true
- },
- {
- "name": "GIT_PASSWORD",
- "description": "Git password for Git push operations",
- "secret": true
- },
- {
- "name": "GIT_PRIVATE_KEY",
- "description": "SSH key for Git push operations",
- "secret": true
- },
- {
- "name": "PYTHON_REPOSITORY_URL",
- "type": "url",
- "description": "Target PyPI repository to publish packages.\n\n_defaults to [GitLab project's packages repository](https://docs.gitlab.com/ee/user/packages/pypi_repository/)_",
- "default": "${CI_SERVER_URL}/api/v4/projects/${CI_PROJECT_ID}/packages/pypi"
- },
- {
- "name": "PYTHON_REPOSITORY_USERNAME",
- "description": "Target PyPI repository username credential",
- "secret": true,
- "default": "gitlab-ci-token"
- },
- {
- "name": "PYTHON_REPOSITORY_PASSWORD",
- "description": "Target PyPI repository password credential",
- "secret": true,
- "default": "$CI_JOB_TOKEN"
- }
- ]
- }
- ],
- "variants": [
- {
- "id": "vault",
- "name": "Vault",
- "description": "Retrieve secrets from a [Vault](https://www.vaultproject.io/) server",
- "template_path": "templates/gitlab-ci-python-vault.yml",
- "variables": [
- {
- "name": "TBC_VAULT_IMAGE",
- "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",
- "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",
- "advanced": true
- },
- {
- "name": "VAULT_BASE_URL",
- "description": "The Vault server base API url",
- "mandatory": true
- },
- {
- "name": "VAULT_OIDC_AUD",
- "description": "The `aud` claim for the JWT",
- "default": "$CI_SERVER_URL"
- },
- {
- "name": "VAULT_ROLE_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID",
- "mandatory": true,
- "secret": true
- },
- {
- "name": "VAULT_SECRET_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID",
- "mandatory": true,
- "secret": true
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "6.6.3",
- "tags": [
- "6.6.3",
- "6.6.2",
- "6.6.1",
- "6.6.0",
- "6.6",
- "6.5.0",
- "6.5",
- "6.4.1",
- "6.4.0",
- "6.4",
- "6.3.5",
- "6.3.4",
- "6.3.3",
- "6.3.2",
- "6.3.1",
- "6.3.0",
- "6.3",
- "6.2.0",
- "6.2",
- "6.1.5",
- "6.1.4",
- "6.1.3",
- "6.1.2",
- "6.1.1",
- "6.1.0",
- "6.1",
- "6.0.2",
- "6.0.1",
- "6.0.0",
- "6.0",
- "6",
- "5.1.0",
- "5.1",
- "5.0.0",
- "5.0",
- "5",
- "4.2.0",
- "4.2",
- "4.1.1",
- "4.1.0",
- "4.1",
- "4.0.1",
- "4.0.0",
- "4",
- "3.2.1",
- "3.2.0",
- "3.1.1",
- "3.1.0",
- "3.0.1",
- "3.0.0",
- "2.2.0",
- "2.1.1",
- "2.1.0",
- "2.0.3",
- "2.0.2",
- "2.0.1",
- "2.0.0",
- "1.3.0",
- "1.2.3",
- "1.2.2",
- "1.2.1",
- "1.2.0",
- "1.1.0",
- "1.0.0"
- ],
- "name": "python",
- "path": "to-be-continuous/python",
- "web_url": "https://gitlab.com/to-be-continuous/python",
- "avatar": "https://gitlab.com/to-be-continuous/python/-/avatar"
- }
- },
- {
- "name": "Renovate",
- "description": "Automate your dependency updates with [Renovate](https://www.mend.io/renovate/)",
- "template_path": "templates/gitlab-ci-renovate.yml",
- "kind": "misc",
- "prefix": "renovate",
- "is_component": true,
- "variables": [
- {
- "name": "RENOVATE_IMAGE",
- "description": "The Docker image used to run Renovate",
- "default": "registry.hub.docker.com/renovate/renovate:latest"
- },
- {
- "name": "RENOVATE_TOKEN",
- "description": "A GitLab access token to allow Renovate crawl your projects. [See doc](https://docs.renovatebot.com/modules/platform/gitlab/#authentication)",
- "secret": true
- },
- {
- "name": "GITHUB_COM_TOKEN",
- "description": "A GitHub access token to allow Renovate fetch changelogs. [See doc](https://docs.renovatebot.com/getting-started/running/#githubcom-token-for-changelogs)",
- "secret": true
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "1.2.0",
- "tags": ["1.2.0", "1.2", "1.1.0", "1.1", "1.0.0", "1.0", "1"],
- "name": "renovate",
- "path": "to-be-continuous/renovate",
- "web_url": "https://gitlab.com/to-be-continuous/renovate",
- "avatar": "https://gitlab.com/to-be-continuous/renovate/-/avatar"
- }
- },
- {
- "name": "Robot Framework",
- "description": "Run your automated tests with [Robot Framework](https://robotframework.org/)",
- "template_path": "templates/gitlab-ci-robotframework.yml",
- "kind": "acceptance",
- "prefix": "robot",
- "is_component": true,
- "variables": [
- {
- "name": "ROBOT_BASE_IMAGE",
- "description": "The Docker image used to run Robot frame work CLI",
- "default": "registry.hub.docker.com/ppodgorsek/robot-framework:latest"
- },
- {
- "name": "ROBOT_TESTS_DIR",
- "description": "Path to Robot Framework tests directory",
- "default": "robot"
- },
- {
- "name": "ROBOT_BROWSER",
- "description": "Browser to use",
- "default": "firefox",
- "type": "enum",
- "values": ["firefox", "chrome"]
- },
- {
- "name": "ROBOT_OPTIONS",
- "description": "Robot Framework [additional options](http://robotframework.org/robotframework/latest/RobotFrameworkUserGuide.html#all-command-line-options)",
- "advanced": true
- },
- {
- "name": "ROBOT_THREADS",
- "description": "Number of threads to execute Robot Framework tests (uses [Pabot](https://pabot.org/) if > `1`)",
- "default": "1",
- "type": "number",
- "advanced": true
- },
- {
- "name": "PABOT_OPTIONS",
- "description": "Pabot [additional options](https://github.com/mkorpela/pabot#command-line-options) (if `ROBOT_THREADS` > `1`)",
- "advanced": true
- },
- {
- "name": "ROBOT_SCREEN_COLOUR_DEPTH",
- "description": "Screen colour depth for X Window Virtual Framebuffer",
- "type": "number",
- "default": "24"
- },
- {
- "name": "ROBOT_SCREEN_HEIGHT",
- "description": "Screen height for X Window Virtual Framebuffer",
- "type": "number",
- "default": "1080"
- },
- {
- "name": "ROBOT_SCREEN_WIDTH",
- "description": "Screen width for X Window Virtual Framebuffer",
- "type": "number",
- "default": "1920"
- },
- {
- "name": "REVIEW_ENABLED",
- "description": "Set to enable Robot Framework tests on review environments (dynamic environments instantiated on development branches)",
- "type": "boolean"
- }
- ],
- "features": [
- {
- "id": "lint",
- "name": "robotframework-lint",
- "description": "This job performs a [Lint](https://github.com/boakley/robotframework-lint/) analysis on your `Robot Framework files`.",
- "disable_with": "ROBOT_LINT_DISABLED"
- }
- ],
- "variants": [
- {
- "id": "vault",
- "name": "Vault",
- "description": "Retrieve secrets from a [Vault](https://www.vaultproject.io/) server",
- "template_path": "templates/gitlab-ci-robotframework-vault.yml",
- "variables": [
- {
- "name": "TBC_VAULT_IMAGE",
- "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",
- "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",
- "advanced": true
- },
- {
- "name": "VAULT_BASE_URL",
- "description": "The Vault server base API url"
- },
- {
- "name": "VAULT_OIDC_AUD",
- "description": "The `aud` claim for the JWT",
- "default": "$CI_SERVER_URL"
- },
- {
- "name": "VAULT_ROLE_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID",
- "mandatory": true,
- "secret": true
- },
- {
- "name": "VAULT_SECRET_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID",
- "mandatory": true,
- "secret": true
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "4.2.0",
- "tags": [
- "4.2.0",
- "4.2",
- "4.1.0",
- "4.1",
- "4.0.1",
- "4.0.0",
- "4.0",
- "4",
- "3.3.0",
- "3.3",
- "3.2.1",
- "3.2.0",
- "3.2",
- "3.1.0",
- "3.1",
- "3.0.0",
- "3.0",
- "3",
- "2.1.0",
- "2.1",
- "2.0.2",
- "2.0.1",
- "2.0.0",
- "2",
- "1.3.0",
- "1.2.0",
- "1.1.0",
- "1.0.0"
- ],
- "name": "robotframework",
- "path": "to-be-continuous/robotframework",
- "web_url": "https://gitlab.com/to-be-continuous/robotframework",
- "avatar": "https://gitlab.com/to-be-continuous/robotframework/-/avatar"
- }
- },
- {
- "name": "Source-to-Image",
- "description": "Build reproducible container images from your source code with [Source-to-Image](https://github.com/openshift/source-to-image) (S2I)",
- "template_path": "templates/gitlab-ci-s2i.yml",
- "kind": "package",
- "prefix": "s2i",
- "is_component": true,
- "variables": [
- {
- "name": "S2I_DIND_IMAGE",
- "description": "The image used to run the Docker daemon",
- "default": "registry.hub.docker.com/library/docker:dind"
- },
- {
- "name": "S2I_SKOPEO_IMAGE",
- "description": "The image used to push the built container image with Skopeo",
- "default": "quay.io/skopeo/stable:latest"
- },
- {
- "name": "S2I_VERSION",
- "description": "The target S2I version to install/use",
- "default": "latest",
- "advanced": true
- },
- {
- "name": "S2I_PLATFORM",
- "description": "The target S2I platform to install/use",
- "default": "linux-386",
- "advanced": true
- },
- {
- "name": "S2I_BUILDER_IMAGE",
- "description": "The S2I [builder image](https://github.com/openshift/source-to-image/blob/master/docs/builder_image.md) used to build your application image",
- "mandatory": true
- },
- {
- "name": "S2I_ROOT_DIR",
- "description": "Relative path to the application source code base directory in your repository",
- "default": ".",
- "advanced": true
- },
- {
- "name": "S2I_BUILD_EXTRA_FLAGS",
- "description": "S2I build [extra flags](https://github.com/openshift/source-to-image/blob/master/docs/cli.md#s2i-build)",
- "advanced": true
- },
- {
- "name": "S2I_SNAPSHOT_IMAGE",
- "description": "S2I snapshot image",
- "default": "$CI_REGISTRY_IMAGE/snapshot:$CI_COMMIT_REF_SLUG"
- },
- {
- "name": "S2I_RELEASE_IMAGE",
- "description": "S2I release image",
- "default": "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"
- },
- {
- "name": "S2I_PUBLISH_ARGS",
- "description": "Additional [`skopeo copy` arguments](https://github.com/containers/skopeo/blob/master/docs/skopeo-copy.1.md#options)",
- "advanced": true
- },
- {
- "name": "S2I_PROD_PUBLISH_STRATEGY",
- "description": "Defines the publish to production strategy.",
- "type": "enum",
- "values": ["none", "manual", "auto"],
- "default": "manual"
- },
- {
- "name": "S2I_RELEASE_EXTRA_TAGS_PATTERN",
- "description": "Defines the image tag pattern that `$S2I_RELEASE_IMAGE` should match to push extra tags (supports capturing groups)\n\nDefaults to [SemVer](https://semver.org/) pattern.",
- "default": "^v?(?P<major>[0-9]+)\\.(?P<minor>[0-9]+)\\.(?P<patch>[0-9]+)(?P<suffix>(?P<prerelease>-[0-9A-Za-z-\\.]+)?(?P<build>\\+[0-9A-Za-z-\\.]+)?)$",
- "advanced": true
- },
- {
- "name": "S2I_RELEASE_EXTRA_TAGS",
- "description": "Defines extra tags to publish the _release_ image\n\nSupports capturing group references from `$S2I_RELEASE_EXTRA_TAGS_PATTERN` (ex: `latest \\g<major>.\\g<minor> \\g<major>`)",
- "advanced": true
- },
- {
- "name": "S2I_SEMREL_RELEASE_DISABLED",
- "description": "Disable integration with the [semantic release template](https://gitlab.com/to-be-continuous/semantic-release/)",
- "type": "boolean"
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "1.1.0",
- "tags": ["1.1.0", "1.1", "1.0.1", "1.0.0", "1.0", "1"],
- "name": "s2i",
- "path": "to-be-continuous/s2i",
- "web_url": "https://gitlab.com/to-be-continuous/s2i",
- "avatar": "https://gitlab.com/to-be-continuous/s2i/-/avatar"
- }
- },
- {
- "name": "S3 (Simple Storage Service)",
- "description": "Deploy your objects to any [S3](https://en.wikipedia.org/wiki/Amazon_S3) (Simple Storage Service) compatible object storage service",
- "template_path": "templates/gitlab-ci-s3.yml",
- "kind": "hosting",
- "prefix": "s3",
- "is_component": true,
- "variables": [
- {
- "name": "S3_CMD_IMAGE",
- "description": "The Docker image used to run [s3cmd](https://s3tools.org/usage) commands",
- "advanced": true,
- "default": "registry.hub.docker.com/d3fk/s3cmd:latest"
- },
- {
- "name": "S3_ENDPOINT_HOST",
- "description": "Default S3 endpoint hostname (with port)",
- "default": "s3.amazonaws.com",
- "mandatory": true
- },
- {
- "name": "S3_HOST_BUCKET",
- "description": "Default DNS-style bucket+hostname:port template for accessing a bucket",
- "default": "%(bucket)s.$S3_ENDPOINT_HOST",
- "mandatory": true
- },
- {
- "name": "S3_REGION",
- "description": "Default region to create the buckets in (if not defined, the template won't create any)"
- },
- {
- "name": "S3_ACCESS_KEY",
- "description": "Default S3 service Access Key",
- "secret": true,
- "mandatory": true
- },
- {
- "name": "S3_SECRET_KEY",
- "description": "Default S3 service Secret Key",
- "secret": true,
- "mandatory": true
- },
- {
- "name": "S3_BASE_BUCKET_NAME",
- "description": "Base bucket name",
- "default": "$CI_PROJECT_NAME",
- "advanced": true
- },
- {
- "name": "S3_DEPLOY_ARGS",
- "description": "[s3cmd](https://s3tools.org/usage) command and options to deploy files to the bucket",
- "default": "sync --recursive --delete-removed --acl-public --no-mime-magic --guess-mime-type",
- "advanced": true
- },
- {
- "name": "S3_DEPLOY_FILES",
- "description": "Pattern(s) of files to deploy to the S3 bucket",
- "default": "public/"
- },
- {
- "name": "S3_WEBSITE_DISABLED",
- "description": "Disables WebSite hosting by your S3 bucket",
- "type": "boolean"
- },
- {
- "name": "S3_WEBSITE_ENDPOINT",
- "description": "Default WebSite endpoint url pattern (supports `%(bucket)s` and `%(location)s` placeholders)",
- "default": "http://%(bucket)s.s3-website.%(location)s.amazonaws.com"
- },
- {
- "name": "S3_WEBSITE_ARGS",
- "description": "[s3cmd](https://s3tools.org/usage) command and options to enable WebSite hosting on the bucket",
- "default": "ws-create --ws-index=index.html --ws-error=404.html",
- "advanced": true
- },
- {
- "name": "S3_PREFIX",
- "description": "Default S3 prefix to use as a root destination to upload objects in the S3 bucket"
- },
- {
- "name": "S3_SCRIPTS_DIR",
- "description": "Directory where S3 hook scripts are located",
- "default": ".",
- "advanced": true
- }
- ],
- "features": [
- {
- "id": "review",
- "name": "Review",
- "description": "Dynamic review environments for your topic branches (see GitLab [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/))",
- "disable_with": "S3_REVIEW_DISABLED",
- "variables": [
- {
- "name": "S3_REVIEW_ENDPOINT_HOST",
- "description": "S3 endpoint hostname (with port) for `review` env _(only define to override default)_"
- },
- {
- "name": "S3_REVIEW_REGION",
- "description": "Region to create the `review` buckets in (if not defined, the template won't create any)"
- },
- {
- "name": "S3_REVIEW_ACCESS_KEY",
- "description": "S3 service Access Key for `review` env (only define to override default)",
- "secret": true
- },
- {
- "name": "S3_REVIEW_SECRET_KEY",
- "description": "S3 service Secret Key for `review` env (only define to override default)",
- "secret": true
- },
- {
- "name": "S3_REVIEW_BUCKET_NAME",
- "description": "Bucket name for `review` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "CLEANUP_ALL_REVIEW",
- "description": "Enables a **manual** job to cleanup all review envs at once.\n\nYou may also use it to [schedule](https://docs.gitlab.com/ee/ci/pipelines/schedules.html) cloud resources cleanup. See documentation.",
- "type": "boolean"
- },
- {
- "name": "S3_REVIEW_PREFIX",
- "description": "S3 prefix to use for `review` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "S3_REVIEW_AUTOSTOP_DURATION",
- "description": "The amount of time before GitLab will automatically stop `review` environments",
- "default": "4 hours"
- }
- ]
- },
- {
- "id": "integration",
- "name": "Integration",
- "description": "A continuous-integration environment associated to your integration branch (`develop` by default)",
- "disable_with": "S3_INTEG_DISABLED",
- "variables": [
- {
- "name": "S3_INTEG_ENDPOINT_HOST",
- "description": "S3 endpoint hostname (with port) for `integration` env _(only define to override default)_"
- },
- {
- "name": "S3_INTEG_REGION",
- "description": "Region to create the `integration` bucket in"
- },
- {
- "name": "S3_INTEG_ACCESS_KEY",
- "description": "S3 service Access Key for `integration` env (only define to override default)",
- "secret": true
- },
- {
- "name": "S3_INTEG_SECRET_KEY",
- "description": "S3 service Secret Key for `integration` env (only define to override default)",
- "secret": true
- },
- {
- "name": "S3_INTEG_BUCKET_NAME",
- "description": "Bucket name for `integration` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "S3_INTEG_PREFIX",
- "description": "S3 prefix to use for `integration` env _(only define to override default)_",
- "advanced": true
- }
- ]
- },
- {
- "id": "staging",
- "name": "Staging",
- "description": "An iso-prod environment meant for testing and validation purpose on your production branch (`main` or `master` by default)",
- "disable_with": "S3_STAGING_DISABLED",
- "variables": [
- {
- "name": "S3_STAGING_ENDPOINT_HOST",
- "description": "S3 endpoint hostname (with port) for `staging` env _(only define to override default)_"
- },
- {
- "name": "S3_STAGING_REGION",
- "description": "Region to create the `staging` bucket in"
- },
- {
- "name": "S3_STAGING_ACCESS_KEY",
- "description": "S3 service Access Key for `staging` env (only define to override default)",
- "secret": true
- },
- {
- "name": "S3_STAGING_SECRET_KEY",
- "description": "S3 service Secret Key for `staging` env (only define to override default)",
- "secret": true
- },
- {
- "name": "S3_STAGING_BUCKET_NAME",
- "description": "Bucket name for `staging` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "S3_STAGING_PREFIX",
- "description": "S3 prefix to use for `staging` env _(only define to override default)_",
- "advanced": true
- }
- ]
- },
- {
- "id": "prod",
- "name": "Production",
- "description": "The production environment",
- "disable_with": "S3_PROD_DISABLED",
- "variables": [
- {
- "name": "S3_PROD_ENDPOINT_HOST",
- "description": "S3 endpoint hostname (with port) for `production` env _(only define to override default)_"
- },
- {
- "name": "S3_PROD_REGION",
- "description": "Region to create the `production` bucket in"
- },
- {
- "name": "S3_PROD_ACCESS_KEY",
- "description": "S3 service Access Key for `production` env (only define to override default)",
- "secret": true
- },
- {
- "name": "S3_PROD_SECRET_KEY",
- "description": "S3 service Secret Key for `production` env (only define to override default)",
- "secret": true
- },
- {
- "name": "S3_PROD_BUCKET_NAME",
- "description": "Bucket name for `production` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "S3_PROD_DEPLOY_STRATEGY",
- "description": "Defines the deployment to production strategy.",
- "type": "enum",
- "values": ["manual", "auto"],
- "default": "manual"
- },
- {
- "name": "S3_PROD_PREFIX",
- "description": "S3 prefix to use for `production` env _(only define to override default)_",
- "advanced": true
- }
- ]
- }
- ],
- "variants": [
- {
- "id": "vault",
- "name": "Vault",
- "description": "Retrieve secrets from a [Vault](https://www.vaultproject.io/) server",
- "template_path": "templates/gitlab-ci-s3-vault.yml",
- "variables": [
- {
- "name": "TBC_VAULT_IMAGE",
- "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",
- "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",
- "advanced": true
- },
- {
- "name": "VAULT_BASE_URL",
- "description": "The Vault server base API url"
- },
- {
- "name": "VAULT_OIDC_AUD",
- "description": "The `aud` claim for the JWT",
- "default": "$CI_SERVER_URL"
- },
- {
- "name": "VAULT_ROLE_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID",
- "mandatory": true,
- "secret": true
- },
- {
- "name": "VAULT_SECRET_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID",
- "mandatory": true,
- "secret": true
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "7.2.0",
- "tags": [
- "7.2.0",
- "7.2",
- "7.1.0",
- "7.1",
- "7.0.1",
- "7.0.0",
- "7.0",
- "7",
- "6.0.0",
- "6.0",
- "6",
- "5.2.0",
- "5.2",
- "5.1.0",
- "5.1",
- "5.0.0",
- "5.0",
- "5",
- "4.1.1",
- "4.1.0",
- "4.1",
- "4.0.0",
- "4.0",
- "4",
- "3.0.0",
- "3.0",
- "3",
- "2.3.0",
- "2.3",
- "2.2.0",
- "2.2",
- "2.1.5",
- "2.1.4",
- "2.1.3",
- "2.1.2",
- "2.1.1",
- "2.1.0",
- "2.0.0",
- "2",
- "1.2.1",
- "1.2.0",
- "1.1.0",
- "1.0.0"
- ],
- "name": "s3",
- "path": "to-be-continuous/s3",
- "web_url": "https://gitlab.com/to-be-continuous/s3",
- "avatar": "https://gitlab.com/to-be-continuous/s3/-/avatar"
- }
- },
- {
- "name": "Scala/SBT",
- "description": "Build, test and analyse your [sbt](https://www.scala-sbt.org/)-based projects",
- "template_path": "templates/gitlab-ci-sbt.yml",
- "kind": "build",
- "prefix": "sbt",
- "is_component": true,
- "variables": [
- {
- "name": "SBT_IMAGE",
- "description": "The Docker image used to run sbt - **set the version required by your project**",
- "default": "registry.hub.docker.com/sbtscala/scala-sbt:17.0.2_1.6.2_3.1.3"
- },
- {
- "name": "SBT_BUILD_ARGS",
- "description": "The sbt arguments for the sbt arguments for the [build job packaging](https://www.scala-sbt.org/1.x/docs/Running.html#Common+commands)",
- "default": "clean package",
- "advanced": true
- },
- {
- "name": "SBT_TEST_ARGS",
- "description": "The sbt arguments for the sbt arguments for the [build job test phase](https://www.scala-sbt.org/1.x/docs/Running.html#Common+commands)",
- "default": "coverage test coverageAggregate",
- "advanced": true
- },
- {
- "name": "SBT_OPTS",
- "description": "Global [sbt options](https://www.scala-sbt.org/1.x/docs/Command-Line-Reference.html#sbt+JVM+options+and+system+properties)",
- "default": "-Dsbt.global.base=sbt-cache/sbtboot -Dsbt.boot.directory=sbt-cache/boot -Dsbt.coursier.home=sbt-cache/coursier -Dsbt.ci=true -Dsbt.color=always",
- "advanced": true
- },
- {
- "name": "SBT_CLI_OPTS",
- "description": "Additional sbt options used on the command line",
- "default": "--batch",
- "advanced": true
- }
- ],
- "features": [
- {
- "id": "sbom",
- "name": "Software Bill of Materials",
- "description": "This job generates a file listing all dependencies using [syft](https://github.com/anchore/syft)",
- "disable_with": "SBT_SBOM_DISABLED",
- "variables": [
- {
- "name": "SBT_SBOM_IMAGE",
- "default": "registry.hub.docker.com/anchore/syft:debug",
- "description": "The syft image used for SBOM analysis"
- },
- {
- "name": "SBT_SBOM_OPTS",
- "description": "Options for syft used for SBOM analysis",
- "default": "dir:sbt-cache/coursier --catalogers java-cataloger",
- "advanced": true
- }
- ]
- },
- {
- "id": "publish",
- "name": "Publish (snapshot & release)",
- "description": "Enable artifacts publishing to a Nexus repository",
- "variables": [
- {
- "name": "SBT_PUBLISH_MODE",
- "description": "Publish mode (one of `snapshot`, `ontag`, `release`)",
- "type": "enum",
- "values": ["", "snapshot", "ontag", "release"],
- "default": "",
- "mandatory": true
- },
- {
- "name": "GIT_PRIVATE_KEY",
- "description": "Git private key to perform Git operations (for `release` publish mode)",
- "secret": true
- },
- {
- "name": "MAVEN_REPOSITORY_HOST",
- "description": "Global Maven repository host where credentials apply",
- "secret": false
- },
- {
- "name": "MAVEN_REPOSITORY_USERNAME",
- "description": "Global Maven repository username",
- "secret": true
- },
- {
- "name": "MAVEN_REPOSITORY_PASSWORD",
- "description": "Global Maven repository password",
- "secret": true
- },
- {
- "name": "MAVEN_REPOSITORY_PUBLISH_RELEASE_URL",
- "description": "Maven repository URL where to publish release artifacts",
- "secret": false
- },
- {
- "name": "MAVEN_REPOSITORY_PUBLISH_SNAPSHOT_URL",
- "description": "Maven repository URL where to publish snapshot artifacts",
- "secret": false
- },
- {
- "name": "MAVEN_REPOSITORY_PUBLISH_USERNAME",
- "description": "Maven repository username used for publishing purposes",
- "secret": true
- },
- {
- "name": "MAVEN_REPOSITORY_PUBLISH_PASSWORD",
- "description": "Maven repository password used for publishing purposes",
- "secret": true
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "1.5.0",
- "tags": [
- "1.5.0",
- "1.5",
- "1.4.0",
- "1.4",
- "1.3.1",
- "1.3.0",
- "1.3",
- "1.2.0",
- "1.2",
- "1.1.2",
- "1.1.1",
- "1.1.0",
- "1.1",
- "1.0.0",
- "1.0",
- "1"
- ],
- "name": "sbt",
- "path": "to-be-continuous/sbt",
- "web_url": "https://gitlab.com/to-be-continuous/sbt",
- "avatar": "https://gitlab.com/to-be-continuous/sbt/-/avatar"
- }
- },
- {
- "name": "semantic-release",
- "description": "Automate your versioning and release management with [semantic-release](https://github.com/semantic-release/semantic-release)",
- "template_path": "templates/gitlab-ci-semrel.yml",
- "kind": "publish",
- "prefix": "semrel",
- "is_component": true,
- "variables": [
- {
- "name": "SEMREL_IMAGE",
- "description": "The Docker image used to run semantic-release",
- "default": "registry.hub.docker.com/library/node:latest"
- },
- {
- "name": "SEMREL_VERSION",
- "description": "The [semantic-release](https://www.npmjs.com/package/semantic-release) version to use",
- "default": "latest",
- "advanced": true
- },
- {
- "name": "SEMREL_EXEC_VERSION",
- "description": "The [@semantic-release/exec](https://www.npmjs.com/package/@semantic-release/exec) version to use",
- "default": "latest",
- "advanced": true
- },
- {
- "name": "GITLAB_TOKEN",
- "description": "A GitLab 'project access token' or 'personal access token' with `api`, `read_repository` and `write repository` scopes.",
- "mandatory": true,
- "secret": true
- },
- {
- "name": "SEMREL_CONFIG_DIR",
- "description": "directory containing your [semantic-release configuration](https://semantic-release.gitbook.io/semantic-release/usage/configuration#configuration-file)",
- "default": ".",
- "advanced": true
- },
- {
- "name": "SEMREL_TAG_FORMAT",
- "description": "For generated `.releaserc` file only. [tagFormat semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#tagformat)e. :warning: don't forget to double the `$` character so it is not interpreted by GitLab.",
- "default": "$${version}",
- "advanced": true
- },
- {
- "name": "SEMREL_REQUIRED_PLUGINS_FILE",
- "description": "Full path to `semrel-required-plugins.txt` file _(relative to `$CI_PROJECT_DIR`)_",
- "default": "semrel-required-plugins.txt",
- "advanced": true
- }
- ],
- "features": [
- {
- "id": "semantic-release",
- "name": "semantic-release",
- "description": "Performs a semantic release.",
- "disable_with": "SEMREL_RELEASE_DISABLED",
- "variables": [
- {
- "name": "SEMREL_CHANGELOG_ENABLED",
- "description": "Add the [@semantic-release/changelog](https://github.com/semantic-release/changelog) plugin which will commit a changelog file in the repository.",
- "type": "boolean"
- },
- {
- "name": "SEMREL_CHANGELOG_FILE",
- "description": "[changelogFile @semantic-release/changelog option](https://github.com/semantic-release/changelog#options).",
- "default": "CHANGELOG.md",
- "advanced": true
- },
- {
- "name": "SEMREL_CHANGELOG_TITLE",
- "description": "[changelogTitle @semantic-release/changelog option](https://github.com/semantic-release/changelog#options). You might want to use markdown format (for example `# MyApp Changelog`).",
- "advanced": true
- },
- {
- "name": "SEMREL_DRY_RUN",
- "description": "For generated `.releaserc` file only. Activate the [dryRun semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#dryrun) if present.",
- "type": "boolean",
- "advanced": true
- },
- {
- "name": "SEMREL_AUTO_RELEASE_ENABLED",
- "description": "When set the job start automatically. When not set (default), the job is manual.",
- "type": "boolean"
- },
- {
- "name": "SEMREL_HOOKS_DIR",
- "description": "Hook scripts folder.",
- "default": ".",
- "advanced": true
- },
- {
- "name": "SEMREL_RELEASE_DISABLED",
- "description": "Disable this job.",
- "advanced": true
- },
- {
- "name": "SEMREL_GPG_SIGNKEY",
- "description": "Path to the GPG signkey exported with `gpg --armor --export-secret-key`.",
- "secret": true,
- "advanced": true
- },
- {
- "name": "SEMREL_COMMIT_MESSAGE",
- "description": "[message @semantic-release/git option](https://github.com/semantic-release/git#message)",
- "advanced": true
- }
- ]
- },
- {
- "id": "semantic-release-info",
- "name": "semantic-release-info",
- "description": "Run `semantic-release` dry run to save next release version information as dotenv artifact and make them available in next pipeline stages",
- "variables": [
- {
- "name": "SEMREL_INFO_ON",
- "description": "Define on which branch(es) the job shall be run",
- "type": "enum",
- "values": ["", "prod", "protected", "all"],
- "mandatory": true
- }
- ]
- }
- ],
- "variants": [
- {
- "id": "vault",
- "name": "Vault",
- "description": "Retrieve secrets from a [Vault](https://www.vaultproject.io/) server",
- "template_path": "templates/gitlab-ci-semrel-vault.yml",
- "variables": [
- {
- "name": "TBC_VAULT_IMAGE",
- "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",
- "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",
- "advanced": true
- },
- {
- "name": "VAULT_BASE_URL",
- "description": "The Vault server base API url",
- "mandatory": true
- },
- {
- "name": "VAULT_OIDC_AUD",
- "description": "The `aud` claim for the JWT",
- "default": "$CI_SERVER_URL"
- },
- {
- "name": "VAULT_ROLE_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID",
- "mandatory": true,
- "secret": true
- },
- {
- "name": "VAULT_SECRET_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID",
- "mandatory": true,
- "secret": true
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "3.7.1",
- "tags": [
- "3.7.1",
- "3.7.0",
- "3.7",
- "3.6.0",
- "3.6",
- "3.5.2",
- "3.5.1",
- "3.5.0",
- "3.5",
- "3.4.2",
- "3.4.1",
- "3.4.0",
- "3.4",
- "3.3.1",
- "3.3.0",
- "3.3",
- "3.2.2",
- "3.2.1",
- "3.2.0",
- "3.2",
- "3.1.1",
- "3.1.0",
- "3.1",
- "3.0.0",
- "3.0",
- "3",
- "2.3.1",
- "2.3.0",
- "2.3",
- "2.2.6",
- "2.2.5",
- "2.2.4",
- "2.2.3",
- "2.2.2",
- "2.2.1",
- "2.2.0",
- "2.1.0",
- "2.0.5",
- "2.0.4",
- "2.0.3",
- "2.0.2",
- "2.0.1",
- "2.0.0",
- "2",
- "1.2.0",
- "1.1.0",
- "1.0.1",
- "1.0.0"
- ],
- "name": "semantic-release",
- "path": "to-be-continuous/semantic-release",
- "web_url": "https://gitlab.com/to-be-continuous/semantic-release",
- "avatar": "https://gitlab.com/to-be-continuous/semantic-release/-/avatar"
- }
- },
- {
- "name": "SonarQube",
- "description": "Continuously inspect your codebase with [SonarQube](https://www.sonarqube.org/)",
- "template_path": "templates/gitlab-ci-sonar.yml",
- "kind": "analyse",
- "prefix": "sonar",
- "is_component": true,
- "variables": [
- {
- "name": "SONAR_SCANNER_IMAGE",
- "description": "The Docker image used to run [sonar-scanner](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/scanners/sonarscanner/)",
- "default": "registry.hub.docker.com/sonarsource/sonar-scanner-cli:latest"
- },
- {
- "name": "SONAR_HOST_URL",
- "type": "url",
- "description": "SonarQube server url",
- "mandatory": true
- },
- {
- "name": "SONAR_PROJECT_KEY",
- "description": "SonarQube Project Key (might also be set in the `sonar-project.properties` file)",
- "advanced": true
- },
- {
- "name": "SONAR_PROJECT_NAME",
- "description": "SonarQube Project Name (might also be set in the `sonar-project.properties` file)",
- "advanced": true
- },
- {
- "name": "SONAR_TOKEN",
- "description": "SonarQube authentication token (depends on your authentication method)",
- "secret": true
- },
- {
- "name": "SONAR_LOGIN",
- "description": "SonarQube login (depends on your authentication method)",
- "secret": true
- },
- {
- "name": "SONAR_PASSWORD",
- "description": "SonarQube password (depends on your authentication method)",
- "secret": true
- },
- {
- "name": "SONAR_BASE_ARGS",
- "description": "SonarQube [analysis arguments](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/analysis-parameters/)",
- "default": "-Dsonar.links.homepage=${CI_PROJECT_URL} -Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines -Dsonar.links.issue=${CI_PROJECT_URL}/-/issues",
- "advanced": true
- },
- {
- "name": "SONAR_QUALITY_GATE_ENABLED",
- "description": "Enables SonarQube [Quality Gate](https://docs.sonarsource.com/sonarqube-server/latest/instance-administration/analysis-functions/quality-gates/) verification.\n\n_Uses `sonar.qualitygate.wait` parameter ([see doc](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/ci-integration/overview/#quality-gate-fails))._",
- "type": "boolean"
- }
- ],
- "variants": [
- {
- "id": "vault",
- "name": "Vault",
- "description": "Retrieve secrets from a [Vault](https://www.vaultproject.io/) server",
- "template_path": "templates/gitlab-ci-openshift-vault.yml",
- "variables": [
- {
- "name": "TBC_VAULT_IMAGE",
- "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",
- "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",
- "advanced": true
- },
- {
- "name": "VAULT_BASE_URL",
- "description": "The Vault server base API url"
- },
- {
- "name": "VAULT_OIDC_AUD",
- "description": "The `aud` claim for the JWT",
- "default": "$CI_SERVER_URL"
- },
- {
- "name": "VAULT_ROLE_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID",
- "mandatory": true,
- "secret": true
- },
- {
- "name": "VAULT_SECRET_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID",
- "mandatory": true,
- "secret": true
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "4.2.0",
- "tags": [
- "4.2.0",
- "4.2",
- "4.1.1",
- "4.1.0",
- "4.1",
- "4.0.1",
- "4.0.0",
- "4.0",
- "4",
- "3.3.0",
- "3.3",
- "3.2.0",
- "3.2",
- "3.1.1",
- "3.1.0",
- "3.1",
- "3.0.0",
- "3.0",
- "3",
- "2.1.0",
- "2.1",
- "2.0.1",
- "2.0.0",
- "2",
- "1.3.2",
- "1.3.1",
- "1.3.0",
- "1.2.0",
- "1.1.0",
- "1.0.0"
- ],
- "name": "sonar",
- "path": "to-be-continuous/sonar",
- "web_url": "https://gitlab.com/to-be-continuous/sonar",
- "avatar": "https://gitlab.com/to-be-continuous/sonar/-/avatar"
- }
- },
- {
- "name": "Spectral",
- "description": "[Spectral](https://docs.stoplight.io/docs/spectral) is a JSON/YAML Linter with custom rulesets, out of the box support for OpenAPI and AsyncAPI",
- "template_path": "templates/gitlab-ci-spectral.yml",
- "kind": "analyse",
- "prefix": "spectral",
- "is_component": true,
- "variables": [
- {
- "name": "SPECTRAL_IMAGE",
- "description": "The Docker image used to run `spectral`",
- "default": "registry.hub.docker.com/stoplight/spectral:latest"
- },
- {
- "name": "SPECTRAL_DOCUMENTS",
- "description": "Location of JSON/YAML documents to be linted. Can be either a file, a glob or fetchable resource(s) on the web",
- "default": "{,api/,src/main/resources/}*{openapi,oas,swagger,async}*.{json,yml,yaml}"
- },
- {
- "name": "SPECTRAL_EXTRA_ARGS",
- "description": "Extra Spectral CLI [options](https://docs.stoplight.io/docs/spectral/docs/guides/2-cli.md)",
- "advanced": true
- },
- {
- "name": "SPECTRAL_DISABLED",
- "description": "Set to `true` to disable this job",
- "type": "boolean",
- "advanced": true
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "1.1.0",
- "tags": ["1.1.0", "1.1", "1.0.0", "1.0", "1"],
- "name": "spectral",
- "path": "to-be-continuous/spectral",
- "web_url": "https://gitlab.com/to-be-continuous/spectral",
- "avatar": "https://gitlab.com/to-be-continuous/spectral/-/avatar"
- }
- },
- {
- "name": "Sphinx",
- "description": "Build your documentation with [Sphinx](https://www.sphinx-doc.org/)",
- "template_path": "templates/gitlab-ci-sphinx.yml",
- "kind": "build",
- "prefix": "sphinx",
- "is_component": true,
- "variables": [
- {
- "name": "SPHINX_IMAGE",
- "description": "The Docker image used to run Sphinx",
- "default": "ghcr.io/sphinx-doc/sphinx:latest"
- },
- {
- "name": "SPHINX_BUILD_ARGS",
- "description": "[`sphinx-build` options](https://www.sphinx-doc.org/en/master/man/sphinx-build.html)) to be used",
- "default": "-M html"
- },
- {
- "name": "SPHINX_PROJECT_DIR",
- "description": "Sphinx project root directory",
- "default": "."
- },
- {
- "name": "SPHINX_SOURCE_DIR",
- "description": "Sphinx source directory (relative to `$SPHINX_PROJECT_DIR`) containing the Sphinx `conf.py` file",
- "default": "source",
- "advanced": true
- },
- {
- "name": "SPHINX_BUILD_DIR",
- "description": "Sphinx build output directory (relative to `$SPHINX_PROJECT_DIR`)",
- "default": "build",
- "advanced": true
- },
- {
- "name": "SPHINX_REQUIREMENTS_FILE",
- "description": "Requirements file (relative to `$SPHINX_PROJECT_DIR`). If the file is not found in the repository, requirements are read from the `SPHINX_REQUIREMENTS` variable",
- "default": "requirements.txt",
- "advanced": true
- },
- {
- "name": "SPHINX_REQUIREMENTS",
- "description": "Space separated requirements (ignored if a requirement file is found)",
- "default": "",
- "advanced": true
- },
- {
- "name": "SPHINX_PREBUILD_SCRIPT",
- "description": "Pre-build hook script (relative to `$SPHINX_PROJECT_DIR`)",
- "default": "sphinx-pre-build.sh",
- "advanced": true
- },
- {
- "name": "PIP_OPTS",
- "description": "pip extra [options](https://pip.pypa.io/en/stable/cli/pip/#general-options)",
- "advanced": true
- }
- ],
- "features": [
- {
- "id": "lychee",
- "name": "lychee",
- "description": "Checks broken links and emails with [lychee](https://github.com/lycheeverse/lychee)",
- "enable_with": "SPHINX_LYCHEE_ENABLED",
- "variables": [
- {
- "name": "SPHINX_LYCHEE_IMAGE",
- "description": "The Docker image used to run [lychee](https://github.com/lycheeverse/lychee)",
- "default": "registry.hub.docker.com/lycheeverse/lychee:latest",
- "advanced": true
- },
- {
- "name": "SPHINX_LYCHEE_ARGS",
- "description": "[lychee arguments](https://github.com/lycheeverse/lychee#commandline-parameters) to execute",
- "default": "--exclude-loopback $SPHINX_SOURCE_DIR/**/*.rst"
- }
- ]
- }
- ],
- "variants": [
- {
- "id": "pages",
- "name": "GitLab Pages",
- "description": "Adds a job to publish the generated documentation to GitLab pages",
- "template_path": "templates/gitlab-ci-sphinx-pages.yml"
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "1.1.0",
- "tags": ["1.1.0", "1.1", "1.0.0", "1.0", "1"],
- "name": "sphinx",
- "path": "to-be-continuous/sphinx",
- "web_url": "https://gitlab.com/to-be-continuous/sphinx",
- "avatar": "https://gitlab.com/to-be-continuous/sphinx/-/avatar"
- }
- },
- {
- "name": "SQLFluff lint",
- "description": "Lint your SQL files (whichever your dialect) with [SQLFluff](https://docs.sqlfluff.com)",
- "template_path": "templates/gitlab-ci-sqlfluff.yml",
- "kind": "analyse",
- "prefix": "sqlfluff",
- "is_component": true,
- "variables": [
- {
- "name": "SQLFLUFF_IMAGE",
- "description": "The Docker image used to run SQLFluff",
- "default": "registry.hub.docker.com/sqlfluff/sqlfluff:latest"
- },
- {
- "name": "SQLFLUFF_WORKING_DIR",
- "description": "Sqlfluff working directory, scope of configuration and sql files used",
- "default": ".",
- "advanced": true
- },
- {
- "name": "SQLFLUFF_LINT_ARGS",
- "description": "Lint [options and arguments](https://docs.sqlfluff.com/en/stable/reference/cli.html#sqlfluff-lint)",
- "advanced": true
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "1.3.0",
- "tags": [
- "1.3.0",
- "1.3",
- "1.2.0",
- "1.2",
- "1.1.2",
- "1.1.1",
- "1.1.0",
- "1.1",
- "1.0.2",
- "1.0.1",
- "1.0.0",
- "1.0",
- "1"
- ],
- "name": "sqlfluff",
- "path": "to-be-continuous/sqlfluff",
- "web_url": "https://gitlab.com/to-be-continuous/sqlfluff",
- "avatar": "https://gitlab.com/to-be-continuous/sqlfluff/-/avatar"
- }
- },
- {
- "name": "Terraform",
- "description": "Manage your infrastructure with [Terraform](https://www.terraform.io)",
- "template_path": "templates/gitlab-ci-terraform.yml",
- "kind": "infrastructure",
- "prefix": "tf",
- "is_component": true,
- "variables": [
- {
- "name": "TF_IMAGE",
- "description": "the Docker image used to run Terraform CLI commands - **set the version required by your project**",
- "default": "registry.hub.docker.com/hashicorp/terraform:latest"
- },
- {
- "name": "TF_GITLAB_BACKEND_DISABLED",
- "type": "boolean",
- "description": "Set to disable [GitLab managed Terraform State](https://docs.gitlab.com/ee/user/infrastructure/iac/terraform_state.html)",
- "advanced": true
- },
- {
- "name": "TF_PROJECT_DIR",
- "description": "Terraform project root directory",
- "default": ".",
- "advanced": true
- },
- {
- "name": "TF_SCRIPTS_DIR",
- "description": "Terraform (hook) scripts base directory (relative to `$TF_PROJECT_DIR`)",
- "default": ".",
- "advanced": true
- },
- {
- "name": "TF_OUTPUT_DIR",
- "description": "Terraform output directory (relative to `$TF_PROJECT_DIR`).\n\n_Everything generated in this directory will be kept as job artifacts._",
- "default": "tf-output",
- "advanced": true
- },
- {
- "name": "TF_EXTRA_OPTS",
- "description": "Default Terraform extra options (applies to all Terraform commands)",
- "advanced": true
- },
- {
- "name": "TF_INIT_OPTS",
- "description": "Default Terraform extra [init options](https://developer.hashicorp.com/terraform/cli/commands/init)",
- "advanced": true
- },
- {
- "name": "TF_WORKSPACE",
- "description": "Default Terraform project [workspace](https://developer.hashicorp.com/terraform/language/state/workspaces)",
- "advanced": true
- },
- {
- "name": "TF_PLAN_OPTS",
- "description": "Default Terraform extra [plan options](https://developer.hashicorp.com/terraform/cli/commands/plan)",
- "advanced": true
- },
- {
- "name": "TF_APPLY_OPTS",
- "description": "Default Terraform extra [apply options](https://developer.hashicorp.com/terraform/cli/commands/apply)",
- "advanced": true
- },
- {
- "name": "TF_DESTROY_OPTS",
- "description": "Default Terraform extra [destroy options](https://developer.hashicorp.com/terraform/cli/commands/destroy)",
- "advanced": true
- }
- ],
- "features": [
- {
- "id": "tfsec",
- "name": "tfsec",
- "description": "Detect security issues with [tfsec](https://github.com/tfsec/tfsec)",
- "enable_with": "TF_TFSEC_ENABLED",
- "variables": [
- {
- "name": "TF_TFSEC_IMAGE",
- "description": "tfsec docker image",
- "default": "registry.hub.docker.com/aquasec/tfsec-ci",
- "advanced": true
- },
- {
- "name": "TF_TFSEC_ARGS",
- "description": "tfsec [options and args](https://aquasecurity.github.io/tfsec/latest/guides/usage/)",
- "default": "."
- }
- ]
- },
- {
- "id": "checkov",
- "name": "checkov",
- "description": "Static code analysis tool for infrastructure-as-code",
- "enable_with": "TF_CHECKOV_ENABLED",
- "variables": [
- {
- "name": "TF_CHECKOV_IMAGE",
- "description": "checkov docker image",
- "default": "registry.hub.docker.com/bridgecrew/checkov",
- "advanced": true
- },
- {
- "name": "TF_CHECKOV_ARGS",
- "description": "checkov [options and args](https://www.checkov.io/2.Basics/CLI%20Command%20Reference.html)",
- "default": "--framework terraform",
- "advanced": true
- }
- ]
- },
- {
- "id": "tf-infracost",
- "name": "tf-infracost",
- "description": "Shows cloud cost estimates for infrastructure-as-code projects",
- "enable_with": "TF_INFRACOST_ENABLED",
- "variables": [
- {
- "name": "TF_INFRACOST_IMAGE",
- "description": "Infracost docker image",
- "default": "registry.hub.docker.com/infracost/infracost",
- "advanced": true
- },
- {
- "name": "TF_INFRACOST_ARGS",
- "description": "infracost [CLI options and args](https://www.infracost.io/docs/#usage)",
- "default": "breakdown"
- },
- {
- "name": "TF_INFACOST_USAGE_FILE",
- "description": "infracost [usage file](https://www.infracost.io/docs/usage_based_resources/#infracost-usage-file)",
- "default": "infracost-usage.yml"
- },
- {
- "name": "INFRACOST_API_KEY",
- "description": "the infracost API key",
- "secret": true
- }
- ]
- },
- {
- "id": "tf-tflint",
- "name": "tf-tflint",
- "description": "Analyse your Terraform code with [tflint](https://github.com/terraform-linters/tflint)",
- "disable_with": "TF_TFLINT_DISABLED",
- "variables": [
- {
- "name": "TF_TFLINT_IMAGE",
- "description": "Tflint docker image",
- "default": "ghcr.io/terraform-linters/tflint-bundle:latest",
- "advanced": true
- },
- {
- "name": "TF_TFLINT_ARGS",
- "description": "tflint extra [options and args](https://github.com/terraform-linters/tflint/#usage)",
- "default": "--enable-plugin=google --enable-plugin=azurerm --enable-plugin=aws --recursive"
- }
- ]
- },
- {
- "id": "tf-fmt",
- "name": "tf-fmt",
- "description": "Check your Terraform code with [tffmt](https://developer.hashicorp.com/terraform/cli/commands/fmt#usage)",
- "enable_with": "TF_FMT_ENABLED",
- "variables": [
- {
- "name": "TF_FMT_ARGS",
- "description": "terraform fmt extra [options](https://developer.hashicorp.com/terraform/cli/commands/fmt#usage)",
- "default": "-diff -recursive"
- }
- ]
- },
- {
- "id": "tf-validate",
- "name": "tf-validate",
- "description": "Check your Terraform code with [tfvalidate](https://developer.hashicorp.com/terraform/cli/commands/validate#usage)",
- "enable_with": "TF_VALIDATE_ENABLED",
- "variables": []
- },
- {
- "id": "tfdocs",
- "name": "terraform docs",
- "description": "Build Terraform documentation based on [terraform docs](https://terraform-docs.io/)",
- "enable_with": "TF_DOCS_ENABLED",
- "variables": [
- {
- "name": "TF_DOCS_IMAGE",
- "description": "[terraform docs](https://terraform-docs.io/) container image",
- "default": "quay.io/terraform-docs/terraform-docs:edge",
- "advanced": true
- },
- {
- "name": "TF_DOCS_EXTRA_OPTS",
- "description": "Extra [terraform docs options](https://terraform-docs.io/reference/terraform-docs/)",
- "advanced": true
- },
- {
- "name": "TF_DOCS_CONFIG",
- "description": "terraform docs [configuration file](https://terraform-docs.io/user-guide/configuration/) (relative to `$TF_PROJECT_DIR`)",
- "default": ".terraform-docs.yml",
- "advanced": true
- },
- {
- "name": "TF_DOCS_OUTPUT_DIR",
- "description": "terraform docs output directory (relative to `$TF_PROJECT_DIR`)",
- "default": "docs",
- "advanced": true
- }
- ]
- },
- {
- "id": "tfpublish",
- "name": "publish module",
- "description": "Publish a Terraform module to GitLab's [Terraform Module Registry](https://docs.gitlab.com/ee/user/packages/terraform_module_registry/)",
- "enable_with": "TF_PUBLISH_ENABLED",
- "variables": [
- {
- "name": "TF_PUBLISH_IMAGE",
- "description": "container image used to publish module",
- "default": "registry.hub.docker.com/curlimages/curl:latest",
- "advanced": true
- },
- {
- "name": "TF_MODULE_NAME",
- "description": "The module name. May not contain any spaces or underscores.",
- "default": "$CI_PROJECT_NAME",
- "advanced": true
- },
- {
- "name": "TF_MODULE_SYSTEM",
- "description": "The module system or provider (example: `local`, `aws`, `google`)",
- "default": "local"
- },
- {
- "name": "TF_MODULE_VERSION",
- "description": "The module version. It must be valid according to the [semantic versioning](https://semver.org/) specification.",
- "default": "$CI_COMMIT_TAG",
- "advanced": true
- },
- {
- "name": "TF_MODULE_FILES",
- "description": "Glob patterns matching files to include into the Terraform module (:warning: does not support double star)",
- "default": "*.tf *.tpl *.md"
- }
- ]
- },
- {
- "id": "review",
- "name": "Review",
- "description": "Dynamic review environments for your topic branches (see GitLab [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/))",
- "enable_with": "TF_REVIEW_ENABLED",
- "variables": [
- {
- "name": "TF_REVIEW_EXTRA_OPTS",
- "description": "Terraform extra options for `review` env (applies to all Terraform commands) (only define to override default)",
- "advanced": true
- },
- {
- "name": "TF_REVIEW_INIT_OPTS",
- "description": "Terraform extra [init options](https://developer.hashicorp.com/terraform/cli/commands/init) for `review` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "TF_REVIEW_WORKSPACE",
- "description": "Terraform project [workspace](https://developer.hashicorp.com/terraform/language/state/workspaces) for `review` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "TF_REVIEW_PLAN_ENABLED",
- "description": "Set to enable separate Terraform plan job for `review` env.",
- "type": "boolean",
- "advanced": true
- },
- {
- "name": "TF_REVIEW_PLAN_OPTS",
- "description": "Terraform extra [plan options](https://developer.hashicorp.com/terraform/cli/commands/plan) for `review` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "TF_REVIEW_APPLY_OPTS",
- "description": "Terraform extra [apply options](https://developer.hashicorp.com/terraform/cli/commands/apply) for `review` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "TF_REVIEW_DESTROY_OPTS",
- "description": "Terraform extra [destroy options](https://developer.hashicorp.com/terraform/cli/commands/destroy) for `review` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "TF_REVIEW_AUTOSTOP_DURATION",
- "description": "The amount of time before GitLab will automatically stop `review` environments",
- "default": "4 hours"
- }
- ]
- },
- {
- "id": "integration",
- "name": "Integration",
- "description": "A continuous-integration environment associated to your integration branch (`develop` by default)",
- "enable_with": "TF_INTEG_ENABLED",
- "variables": [
- {
- "name": "TF_INTEG_EXTRA_OPTS",
- "description": "Terraform extra options for `integration` env (applies to all Terraform commands) (only define to override default)",
- "advanced": true
- },
- {
- "name": "TF_INTEG_INIT_OPTS",
- "description": "Terraform extra [init options](https://developer.hashicorp.com/terraform/cli/commands/init) for `integration` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "TF_INTEG_WORKSPACE",
- "description": "Terraform project [workspace](https://developer.hashicorp.com/terraform/language/state/workspaces) for `integration` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "TF_INTEG_PLAN_ENABLED",
- "description": "Set to enable separate Terraform plan job for `integration` env.",
- "type": "boolean",
- "advanced": true
- },
- {
- "name": "TF_INTEG_PLAN_OPTS",
- "description": "Terraform extra [plan options](https://developer.hashicorp.com/terraform/cli/commands/plan) for `integration` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "TF_INTEG_APPLY_OPTS",
- "description": "Terraform extra [apply options](https://developer.hashicorp.com/terraform/cli/commands/apply) for `integration` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "TF_INTEG_DESTROY_OPTS",
- "description": "Terraform extra [destroy options](https://developer.hashicorp.com/terraform/cli/commands/destroy) for `integration` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "TF_INTEG_AUTOSTOP_DURATION",
- "description": "The amount of time before GitLab will automatically stop the `integration` env",
- "default": "never"
- }
- ]
- },
- {
- "id": "staging",
- "name": "Staging",
- "description": "An iso-prod environment meant for testing and validation purpose on your production branch (`main` or `master` by default)",
- "enable_with": "TF_STAGING_ENABLED",
- "variables": [
- {
- "name": "TF_STAGING_EXTRA_OPTS",
- "description": "Terraform extra options for `staging` env (applies to all Terraform commands) (only define to override default)",
- "advanced": true
- },
- {
- "name": "TF_STAGING_INIT_OPTS",
- "description": "Terraform extra [init options](https://developer.hashicorp.com/terraform/cli/commands/init) for `staging` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "TF_STAGING_WORKSPACE",
- "description": "Terraform project [workspace](https://developer.hashicorp.com/terraform/language/state/workspaces) for `staging` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "TF_STAGING_PLAN_ENABLED",
- "description": "Set to enable separate Terraform plan job for `staging` env.",
- "type": "boolean",
- "advanced": true
- },
- {
- "name": "TF_STAGING_PLAN_OPTS",
- "description": "Terraform extra [plan options](https://developer.hashicorp.com/terraform/cli/commands/plan) for `staging` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "TF_STAGING_APPLY_OPTS",
- "description": "Terraform extra [apply options](https://developer.hashicorp.com/terraform/cli/commands/apply) for `staging` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "TF_STAGING_DESTROY_OPTS",
- "description": "Terraform extra [destroy options](https://developer.hashicorp.com/terraform/cli/commands/destroy) for `staging` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "TF_STAGING_AUTOSTOP_DURATION",
- "description": "The amount of time before GitLab will automatically stop the `staging` env",
- "default": "never"
- }
- ]
- },
- {
- "id": "prod",
- "name": "Production",
- "description": "The production environment",
- "enable_with": "TF_PROD_ENABLED",
- "variables": [
- {
- "name": "TF_PROD_EXTRA_OPTS",
- "description": "Terraform extra options for `production` env (applies to all Terraform commands) (only define to override default)",
- "advanced": true
- },
- {
- "name": "TF_PROD_INIT_OPTS",
- "description": "Terraform extra [init options](https://developer.hashicorp.com/terraform/cli/commands/init) for `production` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "TF_PROD_WORKSPACE",
- "description": "Terraform project [workspace](https://developer.hashicorp.com/terraform/language/state/workspaces) for `production` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "TF_PROD_PLAN_ENABLED",
- "description": "Set to enable separate Terraform plan job for `production` env.",
- "type": "boolean",
- "default": "true",
- "advanced": true
- },
- {
- "name": "TF_PROD_PLAN_OPTS",
- "description": "Terraform extra [plan options](https://developer.hashicorp.com/terraform/cli/commands/plan) for `production` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "TF_PROD_APPLY_OPTS",
- "description": "Terraform extra [apply options](https://developer.hashicorp.com/terraform/cli/commands/apply) for `production` env (only define to override default)",
- "advanced": true
- },
- {
- "name": "TF_PROD_DESTROY_OPTS",
- "description": "Terraform extra [destroy options](https://developer.hashicorp.com/terraform/cli/commands/destroy) for `production` env (only define to override default)",
- "advanced": true
- }
- ]
- }
- ],
- "variants": [
- {
- "id": "vault",
- "name": "Vault",
- "description": "Retrieve secrets from a [Vault](https://www.vaultproject.io/) server",
- "template_path": "templates/gitlab-ci-terraform-vault.yml",
- "variables": [
- {
- "name": "TBC_VAULT_IMAGE",
- "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",
- "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",
- "advanced": true
- },
- {
- "name": "VAULT_BASE_URL",
- "description": "The Vault server base API url",
- "mandatory": true
- },
- {
- "name": "VAULT_OIDC_AUD",
- "description": "The `aud` claim for the JWT",
- "default": "$CI_SERVER_URL"
- },
- {
- "name": "VAULT_ROLE_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID",
- "mandatory": true,
- "secret": true
- },
- {
- "name": "VAULT_SECRET_ID",
- "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID",
- "mandatory": true,
- "secret": true
- }
- ]
- },
- {
- "id": "gcp-auth-provider",
- "name": "Google Cloud",
- "description": "Retrieves an [OAuth access token](https://developers.google.com/identity/protocols/oauth2) for the [Google Cloud Platform Provider for Terraform](https://registry.terraform.io/providers/hashicorp/google/latest/docs)",
- "template_path": "templates/gitlab-ci-terraform-gcp.yml",
- "variables": [
- {
- "name": "TBC_GCP_PROVIDER_IMAGE",
- "description": "The [GCP Auth Provider](https://gitlab.com/to-be-continuous/tools/gcp-auth-provider) image to use",
- "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",
- "advanced": true
- },
- {
- "name": "GCP_OIDC_AUD",
- "description": "The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/))_",
- "default": "$CI_SERVER_URL",
- "advanced": true
- },
- {
- "name": "GCP_OIDC_ACCOUNT",
- "description": "Default Service Account to which impersonate with OpenID Connect authentication"
- },
- {
- "name": "GCP_OIDC_PROVIDER",
- "description": "Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/)"
- },
- {
- "name": "GCP_REVIEW_OIDC_ACCOUNT",
- "description": "Service Account to which impersonate with OpenID Connect authentication on `review` environment",
- "advanced": true
- },
- {
- "name": "GCP_REVIEW_OIDC_PROVIDER",
- "description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `review` environment",
- "advanced": true
- },
- {
- "name": "GCP_INTEG_OIDC_ACCOUNT",
- "description": "Service Account to which impersonate with OpenID Connect authentication on `integration` environment",
- "advanced": true
- },
- {
- "name": "GCP_INTEG_OIDC_PROVIDER",
- "description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `integration` environment",
- "advanced": true
- },
- {
- "name": "GCP_STAGING_OIDC_ACCOUNT",
- "description": "Service Account to which impersonate with OpenID Connect authentication on `staging` environment",
- "advanced": true
- },
- {
- "name": "GCP_STAGING_OIDC_PROVIDER",
- "description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `staging` environment",
- "advanced": true
- },
- {
- "name": "GCP_PROD_OIDC_ACCOUNT",
- "description": "Service Account to which impersonate with OpenID Connect authentication on `production` environment",
- "advanced": true
- },
- {
- "name": "GCP_PROD_OIDC_PROVIDER",
- "description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `production` environment",
- "advanced": true
- }
- ]
- },
- {
- "id": "aws",
- "name": "AWS",
- "description": "Sets the appropriate Assume Role with Web Identity configuration for the [AWS Provider for Terraform](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#assume-role-with-web-identity-configuration-reference)",
- "template_path": "templates/gitlab-ci-terraform-aws.yml",
- "variables": [
- {
- "name": "AWS_OIDC_AUD",
- "description": "The `aud` claim for the JWT",
- "default": "$CI_SERVER_URL"
- },
- {
- "name": "AWS_OIDC_ROLE_ARN",
- "description": "Default IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/)",
- "advanced": true
- },
- {
- "name": "AWS_REVIEW_OIDC_ROLE_ARN",
- "description": "IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/) on `review` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "AWS_INTEG_OIDC_ROLE_ARN",
- "description": "IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/) on `integration` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "AWS_STAGING_OIDC_ROLE_ARN",
- "description": "IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/) on `staging` env _(only define to override default)_",
- "advanced": true
- },
- {
- "name": "AWS_PROD_OIDC_ROLE_ARN",
- "description": "IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/) on `production` env _(only define to override default)_",
- "advanced": true
- }
- ]
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "5.4.0",
- "tags": [
- "5.4.0",
- "5.4",
- "5.3.0",
- "5.3",
- "5.2.0",
- "5.2",
- "5.1.0",
- "5.1",
- "5.0.2",
- "5.0.1",
- "5.0.0",
- "5.0",
- "5",
- "4.0.3",
- "4.0.2",
- "4.0.1",
- "4.0.0",
- "4.0",
- "4",
- "3.12.3",
- "3.12.2",
- "3.12.1",
- "3.12.0",
- "3.12",
- "3.11.0",
- "3.11",
- "3.10.0",
- "3.10",
- "3.9.1",
- "3.9.0",
- "3.9",
- "3.8.0",
- "3.8",
- "3.7.0",
- "3.7",
- "3.6.3",
- "3.6.2",
- "3.6.1",
- "3.6.0",
- "3.6",
- "3.5.1",
- "3.5.0",
- "3.5",
- "3.4.0",
- "3.4",
- "3.3.0",
- "3.3",
- "3.2.1",
- "3.2.0",
- "3.2",
- "3.1.0",
- "3.1",
- "3.0.0",
- "3.0",
- "3",
- "2.8.0",
- "2.8",
- "2.7.1",
- "2.7.0",
- "2.7",
- "2.6.0",
- "2.6",
- "2.5.0",
- "2.5",
- "2.4.3",
- "2.4.2",
- "2.4.1",
- "2.4.0",
- "2.3.2",
- "2.3.1",
- "2.3.0",
- "2.2.4",
- "2.2.3",
- "2.2.2",
- "2.2.1",
- "2.2.0",
- "2.1.1",
- "2.1.0",
- "2.0.0",
- "2",
- "1.1.2",
- "1.1.1",
- "1.1.0",
- "1.0.0"
- ],
- "name": "terraform",
- "path": "to-be-continuous/terraform",
- "web_url": "https://gitlab.com/to-be-continuous/terraform",
- "avatar": "https://gitlab.com/to-be-continuous/terraform/-/avatar"
- }
- },
- {
- "name": "Test SSL",
- "description": "Test your TLS/SSL servers compliance with [Test SSL](https://testssl.sh/)",
- "template_path": "templates/gitlab-ci-testssl.yml",
- "kind": "acceptance",
- "prefix": "testssl",
- "is_component": true,
- "variables": [
- {
- "name": "TESTSSL_IMAGE",
- "description": "The Docker image used to run [Test SSL](https://testssl.sh/)",
- "default": "registry.hub.docker.com/drwetter/testssl.sh:latest"
- },
- {
- "name": "TESTSSL_ARGS",
- "description": "Test SSL [command-line options](https://testssl.sh/#usage)",
- "default": "--severity MEDIUM",
- "advanced": true
- },
- {
- "name": "TESTSSL_URL",
- "description": "Server url to test TLS/SSL against\n\n_Leave unset if you're using deployment templates_"
- },
- {
- "name": "REVIEW_ENABLED",
- "description": "Set to enable Test SSL tests on review environments (dynamic environments instantiated on development branches)",
- "type": "boolean"
- }
- ],
- "extension_id": null,
- "project": {
- "tag": "3.4.0",
- "tags": [
- "3.4.0",
- "3.4",
- "3.3.0",
- "3.3",
- "3.2.1",
- "3.2.0",
- "3.2",
- "3.1.2",
- "3.1.1",
- "3.1.0",
- "3.1",
- "3.0.0",
- "3.0",
- "3",
- "2.1.0",
- "2.1",
- "2.0.1",
- "2.0.0",
- "2",
- "1.2.0",
- "1.1.0",
- "1.0.0"
- ],
- "name": "testssl",
- "path": "to-be-continuous/testssl",
- "web_url": "https://gitlab.com/to-be-continuous/testssl",
- "avatar": "https://gitlab.com/to-be-continuous/testssl/-/avatar"
- }
- }
- ]
-}
+{"extensions":[],"presets":[{"name":"OpenShift Sandbox","description":"[OpenShift Sandbox](https://developers.redhat.com/developer-sandbox) by RedHat","values":{"OS_URL":"https://api.sandbox.x8i5.p1.openshiftapps.com:6443","OS_ENVIRONMENT_URL":"https://%{environment_name}.apps.sandbox.x8i5.p1.openshiftapps.com","K8S_URL":"https://api.sandbox.x8i5.p1.openshiftapps.com:6443","K8S_ENVIRONMENT_URL":"https://%{environment_name}.apps.sandbox.x8i5.p1.openshiftapps.com"},"extension_id":null,"project":{"tag":"1.0.0","tags":["1.0.0"],"name":"kicker-extras","path":"to-be-continuous/tools/kicker-extras","web_url":"https://gitlab.com/to-be-continuous/tools/kicker-extras"}},{"name":"SonarCloud","description":"[SonarCloud](https://www.sonarsource.com/products/sonarcloud/) (SaaS)","values":{"SONAR_HOST_URL":"https://sonarcloud.io"},"extension_id":null,"project":{"tag":"1.0.0","tags":["1.0.0"],"name":"kicker-extras","path":"to-be-continuous/tools/kicker-extras","web_url":"https://gitlab.com/to-be-continuous/tools/kicker-extras"}}],"templates":[{"name":"Angular","description":"Build, test and analyse your [Angular](https://angular.io/) projects","template_path":"templates/gitlab-ci-angular.yml","kind":"build","prefix":"ng","is_component":true,"variables":[{"name":"NG_CLI_IMAGE","description":"The Docker image used to run Angular-CLI (`ng`) - **set the version required by your project**","default":"registry.hub.docker.com/trion/ng-cli-karma:latest"},{"name":"NPM_CONFIG_REGISTRY","description":"NPM [registry](https://docs.npmjs.com/configuring-your-registry-settings-as-an-npm-enterprise-user)","type":"url","advanced":true},{"name":"NPM_CONFIG_SCOPED_REGISTRIES","description":"Space separated list of NPM [scoped registries](https://docs.npmjs.com/cli/v8/using-npm/scope#associating-a-scope-with-a-registry) (formatted as `@somescope:https://some.npm.registry/some/repo @anotherscope:https://another.npm.registry/another/repo`)","advanced":true},{"name":"NG_WORKSPACE_DIR","description":"Angular workspace directory","default":".","advanced":true},{"name":"NG_INSTALL_EXTRA_OPTS","description":"Extra options to install project dependencies (with [`npm ci`](https://docs.npmjs.com/cli/ci.html/))","advanced":true},{"name":"NG_BUILD_ARGS","description":"Angular [ng build](https://angular.io/cli/build) arguments","default":"build","advanced":true},{"name":"NG_TEST_ARGS","description":"Angular [ng test](https://angular.io/cli/test) arguments","default":"test --code-coverage --reporters progress,junit --watch=false --no-progress","advanced":true}],"features":[{"id":"lint","name":"Angular lint","description":"Angular lint analysis","disable_with":"NG_LINT_DISABLED","variables":[{"name":"NG_LINT_ARGS","description":"Angular [ng lint](https://angular.io/cli/lint) arguments","default":"lint","advanced":true}]},{"id":"publish","name":"Publish","description":"[publishes](https://docs.npmjs.com/cli/v6/commands/npm-publish) the project packages to a npm registry","enable_with":"NG_PUBLISH_ENABLED","variables":[{"name":"NG_PUBLISH_ARGS","description":"npm [publish](https://docs.npmjs.com/cli/v6/commands/npm-publish) arguments","advanced":true},{"name":"NG_PUBLISH_PROJECTS","description":"Space separated list of projects to publish. If no project is specified, all workspace projects are published.","advanced":true},{"name":"NPM_PUBLISH_REGISTRY","description":"npm registry to publish to. If none is specified, uses GitLab project npm packages registry","secret":true},{"name":"NPM_PUBLISH_TOKEN","description":"NPM publication registry authentication token","secret":true}]},{"id":"e2e-test","name":"e2e-test","description":"Run your [e2e tests](https://angular.io/cli/e2e) on your angular project","enable_with":"NG_E2E_ENABLED","variables":[{"name":"NG_E2E_ARGS","description":"ng [e2e](https://angular.io/cli/e2e) arguments","default":"e2e","advanced":true}]},{"id":"ng-outdated","name":"ng-outdated","description":"This job performs outdated analysis ([npm outdated](https://docs.npmjs.com/cli/v8/commands/npm-outdated)), to find dependencies that might be updated.","disable_with":"NG_OUTDATED_DISABLED","variables":[{"name":"NG_OUTDATED_ARGS","description":"npm [outdated](https://docs.npmjs.com/cli/v8/commands/npm-outdated) arguments","default":"--long"},{"name":"NG_OUTDATED_ALLOW_FAILURE","description":"Allow the job to fail and therefore not block the pipeline","type":"boolean","default":"true","advanced":true}]},{"id":" ng-audit","name":"ng-audit","description":"This job performs an audit using ([npm audit](https://docs.npmjs.com/cli/v8/commands/npm-audit)), to find vulnerabilities (security).","disable_with":"NG_AUDIT_DISABLED","variables":[{"name":"NG_AUDIT_ARGS","description":"npm [audit](https://docs.npmjs.com/cli/v8/commands/npm-audit) arguments","default":"--audit-level=low"}]},{"id":"sbom","name":"Software Bill of Materials","description":"This job generates a file listing all dependencies using [@cyclonedx/cyclonedx-npm](https://www.npmjs.com/package/@cyclonedx/cyclonedx-npm)","disable_with":"NG_SBOM_DISABLED","variables":[{"name":"NG_SBOM_VERSION","description":"Version of the @cyclonedx/cyclonedx-npm used for SBOM analysis","advanced":true},{"name":"NG_SBOM_OPTS","description":"Options for @cyclonedx/cyclonedx-npm used for SBOM analysis","default":"--omit dev","advanced":true}]}],"extension_id":null,"project":{"tag":"4.10.2","tags":["4.10.2","4.10.1","4.10.0","4.10","4.9.1","4.9.0","4.9","4.8.2","4.8.1","4.8.0","4.8","4.7.0","4.7","4.6.0","4.6","4.5.1","4.5.0","4.5","4.4.0","4.4","4.3.2","4.3.1","4.3.0","4.3","4.2.3","4.2.2","4.2.1","4.2.0","4.2","4.1.1","4.1.0","4.1","4.0.0","4.0","4","3.2.1","3.2.0","3.2","3.1.0","3.1","3.0.1","3.0.0","3.0","3","2.2.0","2.2","2.1.0","2.0.1","2.0.0","2","1.2.0","1.1.0","1.0.1","1.0.0"],"name":"angular","path":"to-be-continuous/angular","web_url":"https://gitlab.com/to-be-continuous/angular","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26451062/logo.png"}},{"name":"Ansible","description":"Provision your infrastructure and deploy your application with [Ansible](https://www.ansible.com/)","template_path":"templates/gitlab-ci-ansible.yml","kind":"hosting","prefix":"ansible","is_component":true,"variables":[{"name":"ANSIBLE_IMAGE","description":"The Docker image used to run Ansible. The image may contain your Ansible sources. **set the version required by your project**","default":"registry.hub.docker.com/cytopia/ansible:latest-tools"},{"name":"ANSIBLE_PROJECT_DIR","description":"Ansible project root directory","default":".","advanced":true},{"name":"ANSIBLE_BASE_APP_NAME","description":"Base application name","default":"$CI_PROJECT_NAME","advanced":true},{"name":"ANSIBLE_ENVIRONMENT_URL","type":"url","description":"The default environments url _(only define for static environment URLs declaration)_\n\n_supports late variable expansion (ex: `https://%{environment_name}.acme.com`)_"},{"name":"ANSIBLE_VAULT_PASSWORD","description":"The Ansible vault password used to decrypt vars","secret":true},{"name":"ANSIBLE_PRIVATE_KEY","description":"The Ansible SSH private key to use in all stages (can be overridden per env)","secret":true},{"name":"ANSIBLE_PUBLIC_KEY","description":"The Ansible SSH public key associated to the private key to be use in all stages (can be overridden per env)","advanced":true},{"name":"ANSIBLE_DEFAULT_INVENTORY","description":"The default inventory, if used"},{"name":"ANSIBLE_DEFAULT_TAGS","description":"The default tags, if used"},{"name":"ANSIBLE_DEFAULT_EXTRA_ARGS","description":"Optional default args to add to the ansible-playbook command line","advanced":true},{"name":"ANSIBLE_FORCE_COLOR","description":"Forces color on Ansible output","type":"boolean","default":"true","advanced":true},{"name":"ANSIBLE_REQUIREMENTS_FILE","description":"The file used to install roles with `ansible-galaxy role install`","default":"requirements.yml","advanced":true},{"name":"ANSIBLE_GALAXY_EXTRA_ARGS","description":"`ansible-galaxy role install` command [extra options](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html#role-install)","advanced":true},{"name":"ANSIBLE_SCRIPTS_DIR","description":"The Ansible scripts base directory (relative to `$ANSIBLE_PROJECT_DIR`)","default":".","advanced":true},{"name":"ANSIBLE_HOST_KEY_CHECKING","description":"Enable or disable the SSH host key checking","type":"boolean","default":"false","advanced":true},{"name":"ANSIBLE_DEFAULT_ROLES_PATH","description":"The default path where the roles should be installed","default":"$CI_PROJECT_DIR/roles","advanced":true}],"features":[{"id":"lint","name":"Ansible Lint","description":"Static code analysis of your Ansible scripts with [Ansible Lint](https://docs.ansible.com/ansible-lint/)","disable_with":"ANSIBLE_LINT_DISABLED","variables":[{"name":"ANSIBLE_LINT_IMAGE","description":"The Docker image used to run Ansible Lint.","default":"registry.hub.docker.com/haxorof/ansible-lint:latest"}]},{"id":"review","name":"Review","description":"Dynamic review environments for your topic branches (see GitLab [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/))","variables":[{"name":"ANSIBLE_REVIEW_APP_NAME","description":"The application name for review env (only define to override default)","advanced":true},{"name":"ANSIBLE_REVIEW_ENVIRONMENT_URL","type":"url","description":"The review environments url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"ANSIBLE_REVIEW_INVENTORY","description":"The inventory for `review` env (only define to override default)"},{"name":"ANSIBLE_REVIEW_TAGS","description":"The tags for `review` env (only define to override default)"},{"name":"ANSIBLE_REVIEW_CLEANUP_TAGS","description":"The tags to cleanup the `review` env","mandatory":true},{"name":"ANSIBLE_REVIEW_EXTRA_ARGS","description":"The command line extra args for `review` env (only define to override default)","advanced":true},{"name":"ANSIBLE_REVIEW_AUTOSTOP_DURATION","description":"The amount of time before GitLab will automatically stop `review` environments","default":"4 hours"},{"name":"ANSIBLE_REVIEW_PLAYBOOK_FILE","description":"The playbook filename for `review` env","mandatory":true},{"name":"ANSIBLE_REVIEW_CLEANUP_PLAYBOOK_FILE","description":"The playbook filename to cleanup `review` env (only define if different from deployment playbook)","advanced":true},{"name":"ANSIBLE_REVIEW_PRIVATE_KEY","description":"The SSH private key to be use in `review` env (only define to override default)","secret":true},{"name":"ANSIBLE_REVIEW_PUBLIC_KEY","description":"The SSH public key associated to the private key to be use in `review` env (only define to override default)","advanced":true},{"name":"ANSIBLE_REVIEW_VAULT_PASSWORD","description":"The Ansible vault password for `review` env (only define to override default)","secret":true,"advanced":true}]},{"id":"integration","name":"Integration","description":"A continuous-integration environment associated to your integration branch (`develop` by default)","variables":[{"name":"ANSIBLE_INTEG_APP_NAME","description":"The application name for integration env (only define to override default)","advanced":true},{"name":"ANSIBLE_INTEG_AUTOSTOP_DURATION","description":"The amount of time before GitLab will automatically stop the `integration` env","default":"never"},{"name":"ANSIBLE_INTEG_ENVIRONMENT_URL","type":"url","description":"The integration environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"ANSIBLE_INTEG_INVENTORY","description":"The inventory for `integration` env (only define to override default)"},{"name":"ANSIBLE_INTEG_TAGS","description":"The tags for `integration` env (only define to override default)"},{"name":"ANSIBLE_INTEG_CLEANUP_TAGS","description":"The tags to cleanup the `integration` env","mandatory":true},{"name":"ANSIBLE_INTEG_EXTRA_ARGS","description":"The command line extra args for `integration` env (only define to override default)","advanced":true},{"name":"ANSIBLE_INTEG_PLAYBOOK_FILE","description":"The playbook filename for `integration` env","mandatory":true},{"name":"ANSIBLE_INTEG_CLEANUP_PLAYBOOK_FILE","description":"The playbook filename to cleanup `integration` env (only define if different from deployment playbook)","advanced":true},{"name":"ANSIBLE_INTEG_PRIVATE_KEY","description":"The SSH private key to be use in `integration` env (only define to override default)","secret":true,"advanced":true},{"name":"ANSIBLE_INTEG_PUBLIC_KEY","description":"The SSH public key associated to the private key to be use in `integration` env (only define to override default)","advanced":true},{"name":"ANSIBLE_INTEG_VAULT_PASSWORD","description":"The Ansible vault password for `integration` env (only define to override default)","secret":true,"advanced":true}]},{"id":"staging","name":"Staging","description":"An iso-prod environment meant for testing and validation purpose on your production branch (`main` or `master` by default)","variables":[{"name":"ANSIBLE_STAGING_APP_NAME","description":"The application name for staging env (only define to override default)","advanced":true},{"name":"ANSIBLE_STAGING_AUTOSTOP_DURATION","description":"The amount of time before GitLab will automatically stop the `staging` env","default":"never"},{"name":"ANSIBLE_STAGING_ENVIRONMENT_URL","type":"url","description":"The staging environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"ANSIBLE_STAGING_INVENTORY","description":"The inventory for `staging` env (only define to override default)"},{"name":"ANSIBLE_STAGING_TAGS","description":"The tags for `staging` env (only define to override default)"},{"name":"ANSIBLE_STAGING_CLEANUP_TAGS","description":"The tags to cleanup the `staging` env","mandatory":true},{"name":"ANSIBLE_STAGING_EXTRA_ARGS","description":"The command line extra args for `staging` env (only define to override default)","advanced":true},{"name":"ANSIBLE_STAGING_PLAYBOOK_FILE","description":"The playbook filename for `staging` env","mandatory":true},{"name":"ANSIBLE_STAGING_CLEANUP_PLAYBOOK_FILE","description":"The playbook filename to cleanup `staging` env (only define if different from deployment playbook)","advanced":true},{"name":"ANSIBLE_STAGING_PRIVATE_KEY","description":"The SSH private key to be use in `staging` env (only define to override default)","secret":true,"advanced":true},{"name":"ANSIBLE_STAGING_PUBLIC_KEY","description":"The SSH public key associated to the private key to be use in `staging` env (only define to override default)","advanced":true},{"name":"ANSIBLE_STAGING_VAULT_PASSWORD","description":"The Ansible vault password for `staging` env (only define to override default)","secret":true,"advanced":true}]},{"id":"prod","name":"Production","description":"The production environment","variables":[{"name":"ANSIBLE_PROD_APP_NAME","description":"The application name for production env (only define to override default)","advanced":true},{"name":"ANSIBLE_PROD_ENVIRONMENT_URL","type":"url","description":"The production environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"ANSIBLE_PROD_DEPLOY_STRATEGY","description":"Defines the deployment to production strategy.","type":"enum","values":["manual","auto"],"default":"manual"},{"name":"ANSIBLE_PROD_INVENTORY","description":"The inventory for `production` env (only define to override default)"},{"name":"ANSIBLE_PROD_TAGS","description":"The tags for `production` env (only define to override default)"},{"name":"ANSIBLE_PROD_EXTRA_ARGS","description":"The command line extra args for `production` env (only define to override default)","advanced":true},{"name":"ANSIBLE_PROD_PLAYBOOK_FILE","description":"The playbook filename for `production` env","mandatory":true},{"name":"ANSIBLE_PROD_PRIVATE_KEY","description":"The SSH private key to be use in `production` env (only define to override default)","secret":true,"advanced":true},{"name":"ANSIBLE_PROD_PUBLIC_KEY","description":"The SSH public key associated to the private key to be use in `production` env (only define to override default)","advanced":true},{"name":"ANSIBLE_PROD_VAULT_PASSWORD","description":"The Ansible vault password for `production` env (only define to override default)","secret":true,"advanced":true}]}],"variants":[{"id":"vault","name":"Vault","description":"Retrieve secrets from a [Vault](https://www.vaultproject.io/) server","template_path":"templates/gitlab-ci-ansible-vault.yml","variables":[{"name":"TBC_VAULT_IMAGE","description":"The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use","default":"registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest","advanced":true},{"name":"VAULT_BASE_URL","description":"The Vault server base API url","mandatory":true},{"name":"VAULT_OIDC_AUD","description":"The `aud` claim for the JWT","default":"$CI_SERVER_URL"},{"name":"VAULT_ROLE_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID","mandatory":true,"secret":true},{"name":"VAULT_SECRET_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID","mandatory":true,"secret":true}]},{"id":"gcp-auth-provider","name":"Google Cloud","description":"This variant uses [Application Default Credentials][gcp-adc] through the `GOOGLE_APPLICATION_CREDENTIALS` variable using Workload Identity federation.","template_path":"templates/gitlab-ci-ansible-gcp.yml","variables":[{"name":"GCP_OIDC_AUD","description":"The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/))_","default":"$CI_SERVER_URL","advanced":true},{"name":"GCP_OIDC_ACCOUNT","description":"Default Service Account to which impersonate with OpenID Connect authentication"},{"name":"GCP_OIDC_PROVIDER","description":"Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/)"},{"name":"GCP_REVIEW_OIDC_ACCOUNT","description":"Service Account to which impersonate with OpenID Connect authentication on `review` environment","advanced":true},{"name":"GCP_REVIEW_OIDC_PROVIDER","description":"Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `review` environment","advanced":true},{"name":"GCP_INTEG_OIDC_ACCOUNT","description":"Service Account to which impersonate with OpenID Connect authentication on `integration` environment","advanced":true},{"name":"GCP_INTEG_OIDC_PROVIDER","description":"Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `integration` environment","advanced":true},{"name":"GCP_STAGING_OIDC_ACCOUNT","description":"Service Account to which impersonate with OpenID Connect authentication on `staging` environment","advanced":true},{"name":"GCP_STAGING_OIDC_PROVIDER","description":"Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `staging` environment","advanced":true},{"name":"GCP_PROD_OIDC_ACCOUNT","description":"Service Account to which impersonate with OpenID Connect authentication on `production` environment","advanced":true},{"name":"GCP_PROD_OIDC_PROVIDER","description":"Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `production` environment","advanced":true}]}],"extension_id":null,"project":{"tag":"6.4.0","tags":["6.4.0","6.4","6.3.4","6.3.3","6.3.2","6.3.1","6.3.0","6.3","6.2.0","6.2","6.1.3","6.1.2","6.1.1","6.1.0","6.1","6.0.1","6.0.0","6.0","6","5.1.0","5.1","5.0.0","5.0","5","4.1.0","4.1","4.0.0","4.0","4","3.5.2","3.5.1","3.5.0","3.5","3.4.1","3.4.0","3.4","3.3.0","3.3","3.2.0","3.2","3.1.0","3.1","3.0.0","3.0","3","2.3.0","2.3","2.2.0","2.2","2.1.4","2.1.3","2.1.2","2.1.1","2.1.0","2.0.1","2.0.0","2","1.2.1","1.2.0","1.1.0","1.0.0"],"name":"ansible","path":"to-be-continuous/ansible","web_url":"https://gitlab.com/to-be-continuous/ansible","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26473639/logo.png"}},{"name":"Amazon Web Services","description":"Deploy your application to [Amazon Web Services](https://aws.amazon.com/)","template_path":"templates/gitlab-ci-aws.yml","kind":"hosting","prefix":"aws","is_component":true,"variables":[{"name":"AWS_CLI_IMAGE","description":"The Docker image used to run AWS CLI commands","default":"registry.hub.docker.com/amazon/aws-cli:latest"},{"name":"AWS_BASE_APP_NAME","description":"Base application name","default":"$CI_PROJECT_NAME","advanced":true},{"name":"AWS_ENVIRONMENT_URL","type":"url","description":"The default environments url _(only define for static environment URLs declaration)_\n\n_supports late variable expansion (ex: `https://%{environment_name}.aws.acme.com`)_"},{"name":"AWS_SCRIPTS_DIR","description":"Directory where AWS scripts (deploy & cleanup) are located","default":".","advanced":true}],"features":[{"id":"review","name":"Review","description":"Dynamic review environments for your topic branches (see GitLab [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/))","enable_with":"AWS_REVIEW_ENABLED","variables":[{"name":"AWS_REVIEW_APP_NAME","description":"The application name for review env (only define to override default)","advanced":true},{"name":"AWS_REVIEW_AUTOSTOP_DURATION","description":"The amount of time before GitLab will automatically stop `review` environments","default":"4 hours"},{"name":"AWS_REVIEW_ENVIRONMENT_URL","type":"url","description":"The review environments url _(only define for static environment URLs declaration and if different from default)_","advanced":true}]},{"id":"integration","name":"Integration","description":"A continuous-integration environment associated to your integration branch (`develop` by default)","enable_with":"AWS_INTEG_ENABLED","variables":[{"name":"AWS_INTEG_APP_NAME","description":"The application name for integration env (only define to override default)","advanced":true},{"name":"AWS_INTEG_ENVIRONMENT_URL","type":"url","description":"The integration environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true}]},{"id":"staging","name":"Staging","description":"An iso-prod environment meant for testing and validation purpose on your production branch (`main` or `master` by default)","enable_with":"AWS_STAGING_ENABLED","variables":[{"name":"AWS_STAGING_APP_NAME","description":"The application name for staging env (only define to override default)","advanced":true},{"name":"AWS_STAGING_ENVIRONMENT_URL","type":"url","description":"The staging environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true}]},{"id":"prod","name":"Production","description":"The production environment","enable_with":"AWS_PROD_ENABLED","variables":[{"name":"AWS_PROD_APP_NAME","description":"The application name for production env (only define to override default)","advanced":true},{"name":"AWS_PROD_ENVIRONMENT_URL","type":"url","description":"The production environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"AWS_PROD_DEPLOY_STRATEGY","description":"Defines the deployment to production strategy.","type":"enum","values":["manual","auto"],"default":"manual"}]}],"variants":[{"id":"oidc","name":"OpenID Connect","description":"Enables [federated authentication using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/)","template_path":"templates/gitlab-ci-aws-oidc.yml","variables":[{"name":"AWS_OIDC_AUD","description":"The `aud` claim for the JWT","default":"$CI_SERVER_URL"},{"name":"AWS_OIDC_ROLE_ARN","description":"Default IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/)","advanced":true},{"name":"AWS_REVIEW_OIDC_ROLE_ARN","description":"IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/) on `review` env _(only define to override default)_","advanced":true},{"name":"AWS_INTEG_OIDC_ROLE_ARN","description":"IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/) on `integration` env _(only define to override default)_","advanced":true},{"name":"AWS_STAGING_OIDC_ROLE_ARN","description":"IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/) on `staging` env _(only define to override default)_","advanced":true},{"name":"AWS_PROD_OIDC_ROLE_ARN","description":"IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/) on `production` env _(only define to override default)_","advanced":true}]},{"id":"vault","name":"Vault","description":"Retrieve secrets from a [Vault](https://www.vaultproject.io/) server","template_path":"templates/gitlab-ci-aws-vault.yml","variables":[{"name":"TBC_VAULT_IMAGE","description":"The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use","default":"registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest","advanced":true},{"name":"VAULT_OIDC_AUD","description":"The `aud` claim for the JWT","default":"$CI_SERVER_URL"},{"name":"VAULT_BASE_URL","description":"The Vault server base API url","mandatory":true},{"name":"VAULT_ROLE_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID","mandatory":true,"secret":true},{"name":"VAULT_SECRET_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID","mandatory":true,"secret":true}]}],"extension_id":null,"project":{"tag":"5.2.3","tags":["5.2.3","5.2.2","5.2.1","5.2.0","5.2","5.1.0","5.1","5.0.2","5.0.1","5.0.0","5.0","5","4.1.0","4.1","4.0.0","4.0","4","3.2.0","3.2","3.1.0","3.1","3.0.0","3.0","3","2.3.2","2.3.1","2.3.0","2.3","2.2.0","2.2","2.1.0","2.1","2.0.0","2.0","2","1.4.0","1.4","1.3.0","1.3","1.2.0","1.2","1.1.3","1.1.2","1.1.1","1.1.0","1.0.2","1.0.1","1.0.0","1"],"name":"aws","path":"to-be-continuous/aws","web_url":"https://gitlab.com/to-be-continuous/aws","avatar":"https://gitlab.com/uploads/-/system/project/avatar/30120028/logo.png"}},{"name":"Azure","description":"Deploy your application to [Azure](https://azure.microsoft.com/)","template_path":"templates/gitlab-ci-azure.yml","kind":"hosting","prefix":"azure","is_component":true,"variables":[{"name":"AZURE_CLI_IMAGE","description":"The Docker image used to run Azure CLI commands","default":"mcr.microsoft.com/azure-cli:latest"},{"name":"AZURE_BASE_APP_NAME","description":"Base application name","default":"$CI_PROJECT_NAME","advanced":true},{"name":"AZURE_ENVIRONMENT_URL","type":"url","description":"The default environments url _(only define for static environment URLs declaration)_\n\n_supports late variable expansion (ex: `https://%{environment_name}.azure.acme.com`)_"},{"name":"AZURE_SCRIPTS_DIR","description":"Directory where Azure scripts (deploy & cleanup) are located","default":".","advanced":true},{"name":"AZURE_SP_CLIENT_ID","description":"Default Service Principal client ID _(only define if using Service Principal authentication with credentials)_","advanced":true},{"name":"AZURE_SP_PASSWORD","description":"Default Service Principal password (client secret or certificate (File type)) (only define if using Service Principal authentication with credentials)","advanced":true,"secret":true},{"name":"AZURE_SP_TENANT_ID","description":"Default Service Principal tenant ID _(only define if using Service Principal authentication with credentials)_","advanced":true}],"features":[{"id":"review","name":"Review","description":"Dynamic review environments for your topic branches (see GitLab [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/))","enable_with":"AZURE_REVIEW_ENABLED","variables":[{"name":"AZURE_REVIEW_APP_NAME","description":"The application name for review env (only define to override default)","advanced":true},{"name":"AZURE_REVIEW_AUTOSTOP_DURATION","description":"The amount of time before GitLab will automatically stop `review` environments","default":"4 hours"},{"name":"AZURE_REVIEW_ENVIRONMENT_URL","type":"url","description":"The review environments url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"AZURE_REVIEW_SP_CLIENT_ID","description":"Service Principal client ID for `review` env - _(only define if using Service Principal authentication with credentials and if different from default)_","advanced":true},{"name":"AZURE_REVIEW_SP_PASSWORD","description":"Service Principal password (client secret or certificate (File type)) for `review` env - (only define if using Service Principal authentication with credentials and if different from default)","advanced":true,"secret":true},{"name":"AZURE_REVIEW_SP_TENANT_ID","description":"Service Principal tenant ID for `review` env - _(only define if using Service Principal authentication with credentials and if different from default)_","advanced":true}]},{"id":"integration","name":"Integration","description":"A continuous-integration environment associated to your integration branch (`develop` by default)","enable_with":"AZURE_INTEG_ENABLED","variables":[{"name":"AZURE_INTEG_APP_NAME","description":"The application name for integration env (only define to override default)","advanced":true},{"name":"AZURE_INTEG_ENVIRONMENT_URL","type":"url","description":"The integration environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"AZURE_INTEG_SP_CLIENT_ID","description":"Service Principal client ID for `integration` env - _(only define if using Service Principal authentication with credentials and if different from default)_","advanced":true},{"name":"AZURE_INTEG_SP_PASSWORD","description":"Service Principal password (client secret or certificate (File type)) for `integration` env - (only define if using Service Principal authentication with credentials and if different from default)","advanced":true,"secret":true},{"name":"AZURE_INTEG_SP_TENANT_ID","description":"Service Principal tenant ID for `integration` env - _(only define if using Service Principal authentication with credentials and if different from default)_","advanced":true}]},{"id":"staging","name":"Staging","description":"An iso-prod environment meant for testing and validation purpose on your production branch (`main` or `master` by default)","enable_with":"AZURE_STAGING_ENABLED","variables":[{"name":"AZURE_STAGING_APP_NAME","description":"The application name for staging env (only define to override default)","advanced":true},{"name":"AZURE_STAGING_ENVIRONMENT_URL","type":"url","description":"The staging environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"AZURE_STAGING_SP_CLIENT_ID","description":"Service Principal client ID for `staging` env - _(only define if using Service Principal authentication with credentials and if different from default)_","advanced":true},{"name":"AZURE_STAGING_SP_PASSWORD","description":"Service Principal password (client secret or certificate (File type)) for `staging` env - (only define if using Service Principal authentication with credentials and if different from default)","advanced":true,"secret":true},{"name":"AZURE_STAGING_SP_TENANT_ID","description":"Service Principal tenant ID for `staging` env - _(only define if using Service Principal authentication with credentials and if different from default)_","advanced":true}]},{"id":"prod","name":"Production","description":"The production environment","enable_with":"AZURE_PROD_ENABLED","variables":[{"name":"AZURE_PROD_APP_NAME","description":"The application name for production env (only define to override default)","advanced":true},{"name":"AZURE_PROD_ENVIRONMENT_URL","type":"url","description":"The production environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"AZURE_PROD_DEPLOY_STRATEGY","description":"Defines the deployment to production strategy.","type":"enum","values":["manual","auto"],"default":"manual"},{"name":"AZURE_PROD_SP_CLIENT_ID","description":"Service Principal client ID for `production` env - _(only define if using Service Principal authentication with credentials and if different from default)_","advanced":true},{"name":"AZURE_PROD_SP_PASSWORD","description":"Service Principal password (client secret or certificate (File type)) for `production` env - (only define if using Service Principal authentication with credentials and if different from default)","advanced":true,"secret":true},{"name":"AZURE_PROD_SP_TENANT_ID","description":"Service Principal tenant ID for `production` env - _(only define if using Service Principal authentication with credentials and if different from default)_","advanced":true}]}],"variants":[{"id":"oidc","name":"OpenID Connect","description":"Enables [federated authentication using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/azure/)","template_path":"templates/gitlab-ci-azure-oidc.yml","variables":[{"name":"AZURE_OIDC_AUD","description":"The `aud` claim for the JWT","default":"api://AzureADTokenExchange"},{"name":"AZURE_OIDC_CLIENT_ID","description":"Default Service Principal client ID associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/azure/)","advanced":true},{"name":"AZURE_OIDC_TENANT_ID","description":"Default Service Principal tenant ID associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/azure/)","advanced":true},{"name":"AZURE_REVIEW_OIDC_CLIENT_ID","description":"Service Principal client ID associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/azure/) on `review` env _(only define to override default)_","advanced":true},{"name":"AZURE_REVIEW_OIDC_TENANT_ID","description":"Service Principal tenant ID associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/azure/) on `review` env _(only define to override default)_","advanced":true},{"name":"AZURE_INTEG_OIDC_CLIENT_ID","description":"Service Principal client ID associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/azure/) on `integration` env _(only define to override default)_","advanced":true},{"name":"AZURE_INTEG_OIDC_TENANT_ID","description":"Service Principal tenant ID associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/azure/) on `integration` env _(only define to override default)_","advanced":true},{"name":"AZURE_STAGING_OIDC_CLIENT_ID","description":"Service Principal client ID associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/azure/) on `staging` env _(only define to override default)_","advanced":true},{"name":"AZURE_STAGING_OIDC_TENANT_ID","description":"Service Principal tenant ID associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/azure/) on `staging` env _(only define to override default)_","advanced":true},{"name":"AZURE_PROD_OIDC_CLIENT_ID","description":"Service Principal client ID associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/azure/) on `production` env _(only define to override default)_","advanced":true},{"name":"AZURE_PROD_OIDC_TENANT_ID","description":"Service Principal tenant ID associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/azure/) on `production` env _(only define to override default)_","advanced":true}]},{"id":"vault","name":"Vault","description":"Retrieve secrets from a [Vault](https://www.vaultproject.io/) server","template_path":"templates/gitlab-ci-azure-vault.yml","variables":[{"name":"TBC_VAULT_IMAGE","description":"The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use","default":"registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest","advanced":true},{"name":"VAULT_OIDC_AUD","description":"The `aud` claim for the JWT","default":"$CI_SERVER_URL"},{"name":"VAULT_BASE_URL","description":"The Vault server base API url","mandatory":true},{"name":"VAULT_ROLE_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID","mandatory":true,"secret":true},{"name":"VAULT_SECRET_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID","mandatory":true,"secret":true}]}],"extension_id":null,"project":{"tag":"2.2.3","tags":["2.2.3","2.2.2","2.2.1","2.2.0","2.2","2.1.0","2.1","2.0.2","2.0.1","2.0.0","2.0","2","1.0.0","1.0","1"],"name":"azure","path":"to-be-continuous/azure","web_url":"https://gitlab.com/to-be-continuous/azure","avatar":"https://gitlab.com/uploads/-/system/project/avatar/48544609/logo.png"}},{"name":"Bash","description":"Test and analyse your shell code","template_path":"templates/gitlab-ci-bash.yml","kind":"build","prefix":"bash","is_component":true,"features":[{"id":"shellcheck","name":"ShellCheck","description":"Analyse your shell scripts with [ShellCheck](https://github.com/koalaman/shellcheck)","disable_with":"BASH_SHELLCHECK_DISABLED","variables":[{"name":"BASH_SHELLCHECK_IMAGE","description":"The Docker image used to run [ShellCheck](https://github.com/koalaman/shellcheck)","default":"registry.hub.docker.com/koalaman/shellcheck-alpine:stable","advanced":true},{"name":"BASH_SHELLCHECK_FILES","description":"Shell file(s) or pattern(s) to analyse","default":"**/*.sh"},{"name":"BASH_SHELLCHECK_OPTS","description":"ShellCheck [options](https://github.com/koalaman/shellcheck/blob/master/shellcheck.1.md)"}]},{"id":"bats","name":"Bats","description":"Test your shell scripts with [Bats](https://bats-core.readthedocs.io/) (Bash Automated Testing System)","enable_with":"BASH_BATS_ENABLED","variables":[{"name":"BASH_BATS_IMAGE","description":"The Docker image used to run [Bats](https://hub.docker.com/r/bats/bats)","default":"registry.hub.docker.com/bats/bats:latest","advanced":true},{"name":"BASH_BATS_TESTS","description":"The path to a Bats test file, or the path to a directory containing Bats test files","default":"tests"},{"name":"BASH_BATS_OPTS","description":"Bats [options](https://bats-core.readthedocs.io/en/stable/usage.html)"},{"name":"BASH_BATS_LIBRARIES","description":"Coma separated list of Bats [libraries and add-ons](https://bats-core.readthedocs.io/en/stable/writing-tests.html#libraries-and-add-ons)\n\nFormatted as: `lib_name_1@archive_url_1 lib_name_2@archive_url_2 ...`\n\nExample: `bats-support@https://github.com/bats-core/bats-support/archive/v0.3.0.zip bats-assert@https://github.com/bats-core/bats-assert/archive/v2.0.0.zip`"}]}],"extension_id":null,"project":{"tag":"3.5.2","tags":["3.5.2","3.5.1","3.5.0","3.5","3.4.1","3.4.0","3.4","3.3.0","3.3","3.2.1","3.2.0","3.2","3.1.2","3.1.1","3.1.0","3.1","3.0.1","3.0.0","3.0","3","2.1.1","2.1.0","2.1","2.0.1","2.0.0","2","1.0.0"],"name":"bash","path":"to-be-continuous/bash","web_url":"https://gitlab.com/to-be-continuous/bash","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26449717/logo.png"}},{"name":"Bruno","description":"Test your APIs with [Bruno](https://www.usebruno.com/)","template_path":"templates/gitlab-ci-bruno.yml","kind":"acceptance","prefix":"bru","job_prefix":"bruno","is_component":true,"variables":[{"name":"BRU_IMAGE","description":"The Docker image used to run the [Bruno CLI](https://docs.usebruno.com/cli/overview.html)","default":"registry.hub.docker.com/library/node:lts-alpine"},{"name":"BRU_COLLECTIONS","description":"The matcher to select Bruno collection directory(ies) to run","default":"bruno"},{"name":"BRU_BASE_URL","description":"Explicit base url environment to test.\n\n_Auto-evaluated by default._","type":"url","advanced":true},{"name":"BRU_EXTRA_ARGS","description":"Bruno extra [run options](https://docs.usebruno.com/cli/overview.html#options)","advanced":true},{"name":"REVIEW_ENABLED","description":"Set to enable Bruno tests on review environments (dynamic environments instantiated on development branches)","type":"boolean"}],"extension_id":null,"project":{"tag":"1.5.0","tags":["1.5.0","1.5","1.4.0","1.4","1.3.0","1.3","1.2.2","1.2.1","1.2.0","1.2","1.1.0","1.1","1.0.0","1.0","1"],"name":"bruno","path":"to-be-continuous/bruno","web_url":"https://gitlab.com/to-be-continuous/bruno","avatar":"https://gitlab.com/uploads/-/system/project/avatar/53021411/logo.png"}},{"name":"Cloud Foundry","description":"Deploy your application to a [Cloud Foundry](https://www.cloudfoundry.org/) platform","template_path":"templates/gitlab-ci-cf.yml","kind":"hosting","prefix":"cf","is_component":true,"variables":[{"name":"CF_CLI_IMAGE","description":"The Docker image used to run CF CLI commands - **set the version required by your Cloud Foundry server**","default":"registry.hub.docker.com/governmentpaas/cf-cli"},{"name":"CF_MANIFEST_BASENAME","description":"CF manifest file basename (without extension nor env suffix)","default":"manifest","advanced":true},{"name":"CF_URL","type":"url","description":"Global Cloud Foundry API url","mandatory":true},{"name":"CF_ORG","description":"Global Cloud Foundry organization for project","mandatory":true},{"name":"CF_DEFAULT_DOMAIN","description":"Global Cloud Foundry default CF domain _(only define if you want to use a different domain from CF default)_","advanced":true},{"name":"CF_DEFAULT_ROUTE_PATH","description":"Global Cloud Foundry default CF route path _(only define if you want to add a route path to your application route)_","advanced":true},{"name":"CF_DEFAULT_PUSH_ARGS","description":"Global additional arguments for cf push command _(only define if you want has a specific need not med by the template)_","advanced":true},{"name":"CF_USER","description":"Global Cloud Foundry username","secret":true,"mandatory":true},{"name":"CF_PASSWORD","description":"Global Cloud Foundry password","secret":true,"mandatory":true},{"name":"CF_BASE_APP_NAME","description":"Base application name","default":"$CI_PROJECT_NAME","advanced":true},{"name":"CF_SCRIPTS_DIR","description":"Directory where Cloud Foundry scripts (manifest, hook scripts) are located","default":".","advanced":true},{"name":"CF_ROLLING_STRATEGY","description":"Use Cloud Foundry native zero-downtime deployment strategy instead of the historical blue-green method _(ignores $CF_XXX_ZERODOWNTIME)_","type":"boolean","default":"false","advanced":true}],"features":[{"id":"review","name":"Review","description":"Dynamic review environments for your topic branches (see GitLab [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/))","variables":[{"name":"CF_REVIEW_ORG","description":"Cloud Foundry organization for review env _(only define if different from global)_"},{"name":"CF_REVIEW_SPACE","description":"Cloud Foundry space for review env","mandatory":true},{"name":"CF_REVIEW_APP_NAME","description":"The application name for review env (only define to override default)","advanced":true},{"name":"CF_REVIEW_HOST_NAME","description":"The review environment host name _(defaults to $CF_BASE_APP_NAME-$CI_ENVIRONMENT_SLUG)_","advanced":true},{"name":"CF_REVIEW_DOMAIN","description":"The review environment domain","advanced":true},{"name":"CF_REVIEW_ENVIRONMENT_SCHEME","description":"The review environment protocol scheme","default":"https","mandatory":true},{"name":"CF_REVIEW_ENVIRONMENT_DOMAIN","description":"The review environment domain (ex: `noprod-cloudfoundry.domain.com`).\n\nBy default review `environment.url` will be built as `${CF_REVIEW_ENVIRONMENT_SCHEME}://${$CI_PROJECT_NAME}-${CI_ENVIRONMENT_SLUG}.${CF_REVIEW_ENVIRONMENT_DOMAIN}/${CF_REVIEW_ROUTE_PATH}`","mandatory":true},{"name":"CF_REVIEW_ROUTE_PATH","description":"The review environment route path","advanced":true},{"name":"CF_REVIEW_PUSH_ARGS","description":"The review environment additional cf push arguments","advanced":true},{"name":"CF_REVIEW_DOMAIN_TMP","description":"The review environment domain for the temporary blue-green app","advanced":true},{"name":"CF_REVIEW_ZERODOWNTIME","type":"boolean","description":"Enables zero-downtime deployment on review env","advanced":true},{"name":"CF_REVIEW_URL","type":"url","description":"Cloud Foundry API url for review env (only define to override default)","advanced":true},{"name":"CF_REVIEW_USER","description":"Cloud Foundry API username for review env (only define to override default)","secret":true},{"name":"CF_REVIEW_PASSWORD","description":"Cloud Foundry API password for review env (only define to override default)","secret":true},{"name":"CLEANUP_ALL_REVIEW","description":"Enables a **manual** job to cleanup all review envs at once.\n\nYou may also use it to [schedule](https://docs.gitlab.com/ee/ci/pipelines/schedules.html) cloud resources cleanup. See documentation.","type":"enum","values":["","force","true"]},{"name":"CF_REVIEW_RETIRED_APP_SUFFIX","description":"If set, the app old version is not deleted/overriden but renamed with this suffix","advanced":true}]},{"id":"integration","name":"Integration","description":"A continuous-integration environment associated to your integration branch (`develop` by default)","variables":[{"name":"CF_INTEG_ORG","description":"Cloud Foundry organization for integration env _(only define if different from global)_"},{"name":"CF_INTEG_SPACE","description":"Cloud Foundry space for integration env","mandatory":true},{"name":"CF_INTEG_APP_NAME","description":"The application name for integration env (only define to override default)","advanced":true},{"name":"CF_INTEG_HOST_NAME","description":"The integration environment host name _(defaults to $CF_BASE_APP_NAME-integration)_","advanced":true},{"name":"CF_INTEG_DOMAIN","description":"The integration environment domain","advanced":true},{"name":"CF_INTEG_ROUTE_PATH","description":"The integration environment route path","advanced":true},{"name":"CF_INTEG_PUSH_ARGS","description":"The integration environment additional cf push arguments","advanced":true},{"name":"CF_INTEG_DOMAIN_TMP","description":"The integration environment domain for the temporary blue-green app","advanced":true},{"name":"CF_INTEG_ENVIRONMENT_URL","type":"url","description":"The integration environment url including scheme (ex: `https://my-application-integration.noprod-cloudfoundry.domain.com`).\n\nDo not use variable inside variable definition as it will result in a two level cascade variable and gitlab does not allow that.","mandatory":true},{"name":"CF_INTEG_ZERODOWNTIME","type":"boolean","description":"Enables zero-downtime deployment on integration env","advanced":true},{"name":"CF_INTEG_URL","type":"url","description":"Cloud Foundry API url for integration env (only define to override default)","advanced":true},{"name":"CF_INTEG_USER","description":"Cloud Foundry API username for integration env (only define to override default)","secret":true},{"name":"CF_INTEG_PASSWORD","description":"Cloud Foundry API password for integration env (only define to override default)","secret":true},{"name":"CF_INTEG_RETIRED_APP_SUFFIX","description":"If set, the app old version is not deleted/overriden but renamed with this suffix","advanced":true}]},{"id":"staging","name":"Staging","description":"An iso-prod environment meant for testing and validation purpose on your production branch (`main` or `master` by default)","variables":[{"name":"CF_STAGING_ORG","description":"Cloud Foundry organization for staging env _(only define if different from global)_"},{"name":"CF_STAGING_SPACE","description":"Cloud Foundry space for staging env","mandatory":true},{"name":"CF_STAGING_APP_NAME","description":"The application name for staging env (only define to override default)","advanced":true},{"name":"CF_STAGING_HOST_NAME","description":"The staging environment host name _(defaults to $CF_BASE_APP_NAME-staging)_","advanced":true},{"name":"CF_STAGING_DOMAIN","description":"The staing environment domain","advanced":true},{"name":"CF_STAGING_ROUTE_PATH","description":"The staging environment route path","advanced":true},{"name":"CF_STAGING_PUSH_ARGS","description":"The staging environment additional cf push arguments","advanced":true},{"name":"CF_STAGING_DOMAIN_TMP","description":"The staging environment domain for the temporary blue-green app","advanced":true},{"name":"CF_STAGING_ENVIRONMENT_URL","type":"url","description":"The staging environment url including scheme (ex: `https://my-application-staging.noprod-cloudfoundry.domain.com`).\n\nDo not use variable inside variable definition as it will result in a two level cascade variable and gitlab does not allow that.","mandatory":true},{"name":"CF_STAGING_ZERODOWNTIME","type":"boolean","description":"Enables zero-downtime deployment on staging env","advanced":true},{"name":"CF_STAGING_URL","type":"url","description":"Cloud Foundry API url for staging env (only define to override default)","advanced":true},{"name":"CF_STAGING_USER","description":"Cloud Foundry API username for staging env (only define to override default)","secret":true},{"name":"CF_STAGING_PASSWORD","description":"Cloud Foundry API password for staging env (only define to override default)","secret":true},{"name":"CF_STAGING_RETIRED_APP_SUFFIX","description":"If set, the app old version is not deleted/overriden but renamed with this suffix","advanced":true}]},{"id":"prod","name":"Production","description":"The production environment","variables":[{"name":"CF_PROD_ORG","description":"Cloud Foundry organization for production env _(only define if different from global)_"},{"name":"CF_PROD_SPACE","description":"Cloud Foundry space for production env","mandatory":true},{"name":"CF_PROD_APP_NAME","description":"The application name for production env (only define to override default)","advanced":true},{"name":"CF_PROD_HOST_NAME","description":"The production environment host name _(defaults to $CF_BASE_APP_NAME)_","advanced":true},{"name":"CF_PROD_DOMAIN","description":"The production environment domain","advanced":true},{"name":"CF_PROD_ROUTE_PATH","description":"The production environment route path","advanced":true},{"name":"CF_PROD_PUSH_ARGS","description":"The production environment additional cf push arguments","advanced":true},{"name":"CF_PROD_DOMAIN_TMP","description":"The production environment domain for the temporary blue-green app","advanced":true},{"name":"CF_PROD_ENVIRONMENT_URL","type":"url","description":"The production environment url including scheme (ex: `https://my-application.cloudfoundry.domain.com`).\n\nDo not use variable inside variable definition as it will result in a two level cascade variable and gitlab does not allow that.","mandatory":true},{"name":"CF_PROD_DEPLOY_STRATEGY","description":"Defines the deployment to production strategy.","type":"enum","values":["manual","auto"],"default":"manual"},{"name":"CF_PROD_ZERODOWNTIME","type":"boolean","description":"Enables zero-downtime deployment on production env","default":"true","advanced":true},{"name":"CF_PROD_URL","type":"url","description":"Cloud Foundry API url for production env (only define to override default)","advanced":true},{"name":"CF_PROD_USER","description":"Cloud Foundry API username for production env (only define to override default)","secret":true},{"name":"CF_PROD_PASSWORD","description":"Cloud Foundry API password for production env (only define to override default)","secret":true},{"name":"CF_PROD_RETIRED_APP_SUFFIX","description":"If set, the app old version is not deleted/overriden but renamed with this suffix","advanced":true}]}],"variants":[{"id":"vault","name":"Vault","description":"Retrieve secrets from a [Vault](https://www.vaultproject.io/) server","template_path":"templates/gitlab-ci-cf-vault.yml","variables":[{"name":"TBC_VAULT_IMAGE","description":"The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use","default":"registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master","advanced":true},{"name":"VAULT_BASE_URL","description":"The Vault server base API url"},{"name":"VAULT_OIDC_AUD","description":"The `aud` claim for the JWT","default":"$CI_SERVER_URL"},{"name":"VAULT_ROLE_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID","mandatory":true,"secret":true},{"name":"VAULT_SECRET_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID","mandatory":true,"secret":true}]}],"extension_id":null,"project":{"tag":"4.6.2","tags":["4.6.2","4.6.1","4.6.0","4.6","4.5.0","4.5","4.4.0","4.4","4.3.6","4.3.5","4.3.4","4.3.3","4.3.2","4.3.1","4.3.0","4.3","4.2.0","4.2","4.1.0","4.1","4.0.2","4.0.1","4.0.0","4.0","4","3.1.0","3.1","3.0.0","3.0","3","2.1.1","2.1.0","2.1","2.0.1","2.0.0","2.0","2","1.8.1","1.8.0","1.8","1.7.0","1.7","1.6.4","1.6.3","1.6.2","1.6.1","1.6.0","1.5.1","1.5.0","1.4.4","1.4.3","1.4.2","1.4.1","1.4.0","1.3.0","1.2.1","1.2.0","1.1.0","1.0.1","1.0.0","1"],"name":"cloud-foundry","path":"to-be-continuous/cloud-foundry","web_url":"https://gitlab.com/to-be-continuous/cloud-foundry","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26453989/cloud-foundry.png"}},{"name":"Cloud Native Buildpacks","description":"Transform your application source code into images that can run on any cloud with [Cloud Native Buildpacks](https://buildpacks.io/)","template_path":"templates/gitlab-ci-cnb.yml","kind":"package","prefix":"cnb","is_component":true,"variables":[{"name":"CNB_BUILDER_IMAGE","description":"The CNB builder image used to build your application image\n\n_depending on your needs, [choose the most appropriate one](https://paketo.io/docs/concepts/builders/#what-paketo-builders-are-available)_","default":"registry.hub.docker.com/paketobuildpacks/builder:base"},{"name":"CNB_APP_DIR","description":"Absolute root directory in final image","default":"/workspace","advanced":true},{"name":"CNB_SRC_APP_DIR","description":"Relative path to the application source code base directory in your repository","default":".","advanced":true},{"name":"CNB_PLATFORM_API","description":"The CNB [platform API version](https://github.com/buildpacks/spec/blob/main/platform.md#platform-api-version)","default":"0.9","advanced":true},{"name":"CNB_SNAPSHOT_IMAGE","description":"CNB snapshot image","default":"$CI_REGISTRY_IMAGE/snapshot:$CI_COMMIT_REF_SLUG"},{"name":"CNB_RELEASE_IMAGE","description":"CNB release image","default":"$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"}],"features":[{"id":"trivy","name":"Trivy","description":"[Trivy](https://aquasecurity.github.io/trivy) vulnerability analysis","disable_with":"CNB_TRIVY_DISABLED","variables":[{"name":"CNB_TRIVY_IMAGE","description":"The docker image used to scan images with Trivy","default":"registry.hub.docker.com/aquasec/trivy:latest","advanced":true},{"name":"CNB_TRIVY_ARGS","description":"Additional [`trivy image` options](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_image/#options)","default":"--ignore-unfixed --vuln-type os --exit-on-eol 1","advanced":true}]},{"id":"publish","name":"Publish","description":"Promotes the snapshot image as the release image using [skopeo](https://github.com/containers/skopeo)","variables":[{"name":"CNB_SKOPEO_IMAGE","description":"The docker image used to publish docker image with Skopeo","default":"quay.io/skopeo/stable:latest"},{"name":"CNB_PUBLISH_ARGS","description":"Additional [`skopeo copy` arguments](https://github.com/containers/skopeo/blob/master/docs/skopeo-copy.1.md#options)","advanced":true},{"name":"CNB_PROD_PUBLISH_STRATEGY","description":"Defines the publish to production strategy.","type":"enum","values":["none","manual","auto"],"default":"manual"}]}],"extension_id":null,"project":{"tag":"3.0.0","tags":["3.0.0","3.0","3","2.4.2","2.4.1","2.4.0","2.4","2.3.0","2.3","2.2.1","2.2.0","2.2","2.1.2","2.1.1","2.1.0","2.1","2.0.0","2.0","2","1.0.3","1.0.2","1.0.1","1.0.0","1.0","1"],"name":"cnb","path":"to-be-continuous/cnb","web_url":"https://gitlab.com/to-be-continuous/cnb","avatar":"https://gitlab.com/uploads/-/system/project/avatar/38368181/logo.png"}},{"name":"Cypress","description":"Run your automated (web) tests with [Cypress](https://www.cypress.io/)","template_path":"templates/gitlab-ci-cypress.yml","kind":"acceptance","prefix":"cypress","is_component":true,"variables":[{"name":"CYPRESS_IMAGE","description":"The Docker image used to run Cypress (use [included images](https://github.com/cypress-io/cypress-docker-images/tree/master/included) only).","default":"registry.hub.docker.com/cypress/included:13.13.3"},{"name":"CYPRESS_PROJECT_DIR","description":"The Cypress project directory (containing `cypress.config.js` or `cypress.config.ts`)","default":"."},{"name":"CYPRESS_EXTRA_ARGS","description":"Cypress extra [run options](https://docs.cypress.io/guides/guides/command-line.html#cypress-run) (to select a different browser, configuration or spec files for e.g.)","advanced":true},{"name":"REVIEW_ENABLED","description":"Set to enable Cypress tests on review environments (dynamic environments instantiated on development branches)","type":"boolean"}],"extension_id":null,"project":{"tag":"3.8.0","tags":["3.8.0","3.8","3.7.0","3.7","3.6.1","3.6.0","3.6","3.5.0","3.5","3.4.0","3.4","3.3.1","3.3.0","3.3","3.2.1","3.2.0","3.2","3.1.1","3.1.0","3.1","3.0.0","3.0","3","2.1.0","2.1","2.0.1","2.0.0","2","1.2.0","1.1.0","1.0.0"],"name":"cypress","path":"to-be-continuous/cypress","web_url":"https://gitlab.com/to-be-continuous/cypress","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26454216/logo.png"}},{"name":"dbt","description":"Continuously integrate and deploy your data with [dbt](https://www.getdbt.com/)","template_path":"templates/gitlab-ci-dbt.yml","kind":"build","prefix":"dbt","is_component":true,"variables":[{"name":"DBT_IMAGE","description":"The Docker image used to run dbt","default":"ghcr.io/dbt-labs/dbt-core:latest"},{"name":"DBT_PROJECT_DIR","description":"The [dbt_project.yml](https://docs.getdbt.com/reference/dbt_project.yml) dir","default":"."},{"name":"DBT_PROFILES_DIR","description":"The dbt [profile](https://docs.getdbt.com/dbt-cli/configure-your-profile) location","default":"."},{"name":"DBT_ADAPTER","description":"The dbt [adapter](https://docs.getdbt.com/docs/available-adapters) to use ","mandatory":true},{"name":"DBT_TARGET","description":"The dbt [target](https://docs.getdbt.com/reference/dbt-jinja-functions/target) to use "},{"name":"DBT_BUILD_ARGS","description":"Arguments used by [dbt cli](https://docs.getdbt.com/reference/global-configs#command-line-flags) ","advanced":true}],"features":[{"id":"dbt-sqlfluff-lint","name":"SQLFluff lint","description":"Lint SQL from dbt project","enable_with":"DBT_SQLFLUFF_ENABLED","variables":[{"name":"DBT_SQLFLUFF_LINT_ARGS","description":"Lint [options and arguments](https://docs.sqlfluff.com/en/stable/reference/cli.html#sqlfluff-lint)","advanced":true},{"name":"SQLFLUFF_WORKING_DIR","description":"Sqlfluff working directory, scope of configuration and sql files used","default":".","advanced":true}]},{"id":"dbt-deploy","name":"dbt deploy","description":"execute generated SQL from models on target","enable_with":"DBT_DEPLOY_ENABLED"},{"id":"review","name":"Review","description":"Dynamic review environments for your topic branches (see GitLab [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/))","variables":[{"name":"DBT_REVIEW_TARGET","description":"dbt [target](https://docs.getdbt.com/reference/dbt-jinja-functions/target) for `review` env","mandatory":true}]},{"id":"integration","name":"Integration","description":"A continuous-integration environment associated to your integration branch (`develop` by default)","variables":[{"name":"DBT_INTEG_TARGET","description":" dbt [target](https://docs.getdbt.com/reference/dbt-jinja-functions/target) for `integration` env","mandatory":true}]},{"id":"staging","name":"Staging","description":"An iso-prod environment meant for testing and validation purpose on your production branch (`main` or `master` by default)","variables":[{"name":"DBT_STAGING_TARGET","description":"dbt [target](https://docs.getdbt.com/reference/dbt-jinja-functions/target) for `staging` env","mandatory":true}]},{"id":"prod","name":"Production","description":"The production environment","variables":[{"name":"DBT_PROD_TARGET","description":"dbt [target](https://docs.getdbt.com/reference/dbt-jinja-functions/target) for `production` env ","mandatory":true},{"name":"DBT_PROD_DEPLOY_STRATEGY","description":"Defines the deployment to production strategy.","type":"enum","values":["manual","auto"],"default":"manual"}]}],"variants":[{"id":"pages","name":"GitLab Pages","description":"Adds a job to publish the generated site to GitLab pages","template_path":"templates/gitlab-ci-dbt-pages.yml"},{"id":"gcp-auth-provider","name":"Google Cloud","description":"Retrieves an [OAuth access token](https://developers.google.com/identity/protocols/oauth2) for [dbt BigQuery setup](https://docs.getdbt.com/reference/warehouse-setups/bigquery-setup)","template_path":"templates/gitlab-ci-dbt-gcp.yml","variables":[{"name":"TBC_GCP_PROVIDER_IMAGE","description":"The [GCP Auth Provider](https://gitlab.com/to-be-continuous/tools/gcp-auth-provider) image to use","default":"registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:latest","advanced":true},{"name":"GCP_OIDC_AUD","description":"The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/))_","default":"$CI_SERVER_URL","advanced":true},{"name":"GCP_OIDC_ACCOUNT","description":"Default Service Account to which impersonate with OpenID Connect authentication"},{"name":"GCP_OIDC_PROVIDER","description":"Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/)"},{"name":"GCP_REVIEW_OIDC_ACCOUNT","description":"Service Account to which impersonate with OpenID Connect authentication on `review` environment","advanced":true},{"name":"GCP_REVIEW_OIDC_PROVIDER","description":"Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `review` environment","advanced":true},{"name":"GCP_INTEG_OIDC_ACCOUNT","description":"Service Account to which impersonate with OpenID Connect authentication on `integration` environment","advanced":true},{"name":"GCP_INTEG_OIDC_PROVIDER","description":"Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `integration` environment","advanced":true},{"name":"GCP_STAGING_OIDC_ACCOUNT","description":"Service Account to which impersonate with OpenID Connect authentication on `staging` environment","advanced":true},{"name":"GCP_STAGING_OIDC_PROVIDER","description":"Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `staging` environment","advanced":true},{"name":"GCP_PROD_OIDC_ACCOUNT","description":"Service Account to which impersonate with OpenID Connect authentication on `production` environment","advanced":true},{"name":"GCP_PROD_OIDC_PROVIDER","description":"Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `production` environment","advanced":true}]}],"extension_id":null,"project":{"tag":"4.1.0","tags":["4.1.0","4.1","4.0.0","4.0","4","3.3.0","3.3","3.2.3","3.2.2","3.2.1","3.2.0","3.2","3.1.1","3.1.0","3.1","3.0.1","3.0.0","3.0","3","2.1.1","2.1.0","2.1","2.0.0","2.0","2","1.3.0","1.3","1.2.0","1.2","1.1.1","1.1.0","1.1","1.0.1","1.0.0","1.0","1"],"name":"dbt","path":"to-be-continuous/dbt","web_url":"https://gitlab.com/to-be-continuous/dbt","avatar":"https://gitlab.com/uploads/-/system/project/avatar/37018181/logo.png"}},{"name":"DefectDojo","description":"Import security reports into [DefectDojo](https://www.defectdojo.org/)","template_path":"templates/gitlab-ci-defectdojo.yml","kind":"analyse","prefix":"defectdojo","is_component":true,"variables":[{"name":"DEFECTDOJO_BASE_IMAGE","description":"The Docker image used to run import","default":"registry.hub.docker.com/library/node:alpine3.11"},{"name":"DEFECTDOJO_SERVER_URL","description":"URL of DefectDojo server","mandatory":true},{"name":"DEFECTDOJO_API_KEY","description":"Your DefectDojo API v2 key - must be saved as a masked CI/CD variable","secret":true,"mandatory":true},{"name":"DEFECTDOJO_DIR","description":"DefectDojo working directory","default":".","advanced":true},{"name":"DEFECTDOJO_NOPROD_ENABLED","description":"Determines whether security reports produced in non-production branches are uploaded to DefectDojo","type":"boolean"},{"name":"DEFECTDOJO_TIMEZONE","description":"Time zone used for naming imports in DefectDojo","default":"Europe/Paris","advanced":true},{"name":"DEFECTDOJO_SMTP_SERVER","description":"name:port of SMTP server used for notifications - if this value is set, DefectDojo will send an e-mail notification in case of new vulnerabilities","advanced":true},{"name":"DEFECTDOJO_NOTIFICATION_SEVERITIES","description":"List of severities for which you want to be notified - DEFECTDOJO_SMTP_SERVER must be defined if you want to be notified","default":"Critical,High","advanced":true},{"name":"DEFECTDOJO_BANDIT_REPORTS","description":"path to Bandit JSON reports","default":"bandit*.json reports/py-bandit.bandit.json","advanced":true},{"name":"DEFECTDOJO_DC_REPORTS","description":"Path to Dependency Check reports","default":"dependency-check*.xml","advanced":true},{"name":"DEFECTDOJO_DC_GRADLE_REPORTS","description":"Path to Dependency Check reports from Gradle template","default":"dependency-check*.xml","advanced":true},{"name":"DEFECTDOJO_GITLEAKS_REPORTS","description":"Path to Gitleaks reports","default":"gitleaks/gitleaks-report.json reports/gitleaks.native.json","advanced":true},{"name":"DEFECTDOJO_HADOLINT_REPORTS","description":"Path to Hadolint reports","default":"hadolint-json-*.json reports/docker-hadolint-*.native.json","advanced":true},{"name":"DEFECTDOJO_MOBSF_REPORTS","description":"Path to MobSF reports","default":"mobsf*.json","advanced":true},{"name":"DEFECTDOJO_NODEJSSCAN_REPORTS","description":"Path to NodeJSScan reports","default":"nodejsscan-report-sarif.json","advanced":true},{"name":"DEFECTDOJO_NPMAUDIT_REPORTS","description":"Path to NPMAudit reports","default":"npm-audit*.json","advanced":true},{"name":"DEFECTDOJO_TESTSSL_REPORTS","description":"Path to TestSSL reports","default":"reports/testssl.native.csv","advanced":true},{"name":"DEFECTDOJO_TRIVY_REPORTS","description":"Path to Trivy reports","default":"trivy/*.json trivy-*.json reports/docker-trivy-*.native.json reports/py-trivy.trivy.json","advanced":true},{"name":"DEFECTDOJO_ZAP_REPORTS","description":"Path to Zap reports","default":"reports/zap.native.xml","advanced":true},{"name":"ZAP_TPL_PROJECT","description":"Path to Zap template","advanced":true},{"name":"DEFECTDOJO_SEMGREP_REPORTS","description":"Path to Semgrep reports","default":"reports/semgrep.native.json","advanced":true},{"name":"SEMGREP_TEMPLATE","description":"Path to Semgrep template","advanced":true},{"name":"DEFECTDOJO_SONARQUBE_SINCELEAKPERIOD","description":"Determines if delta analysis is activated for SonarQube export","type":"boolean","advanced":true},{"name":"DEFECTDOJO_SONARQUBE_NOSECURITYHOTSPOT","description":"Set this flag to true if SonarQube version does not support security hotspots (v < 7.3)","type":"boolean","default":"true","advanced":true},{"name":"DEFECTDOJO_SONARQUBE_ALLBUGS","description":"In SonarQube, determines if all bugs are exported (true) or only vulnerabilities (false)","type":"boolean","advanced":true}],"variants":[{"id":"vault","name":"Vault","description":"Retrieve secrets from a [Vault](https://www.vaultproject.io/) server","template_path":"templates/gitlab-ci-defectdojo-vault.yml","variables":[{"name":"TBC_VAULT_IMAGE","description":"The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use","default":"registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest","advanced":true},{"name":"VAULT_BASE_URL","description":"The Vault server base API url","mandatory":true},{"name":"VAULT_OIDC_AUD","description":"The `aud` claim for the JWT","default":"$CI_SERVER_URL"},{"name":"VAULT_ROLE_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID","mandatory":true,"secret":true},{"name":"VAULT_SECRET_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID","mandatory":true,"secret":true}]}],"extension_id":null,"project":{"tag":"2.6.5","tags":["2.6.5","2.6.4","2.6.3","2.6.2","2.6.1","2.6.0","2.6","2.5.1","2.5.0","2.5","2.4.1","2.4.0","2.4","2.3.2","2.3.1","2.3.0","2.3","2.2.0","2.2","2.1.1","2.1.0","2.1","2.0.7","2.0.6","2.0.5","2.0.4","2.0.3","2.0.2","2.0.1","2.0.0","2.0","2","1.2.0","1.2","1.1.1","1.1.0","1.1","1.0.4","1.0.3","1.0.2","1.0.1","1.0.0","1"],"name":"defectdojo","path":"to-be-continuous/defectdojo","web_url":"https://gitlab.com/to-be-continuous/defectdojo","avatar":"https://gitlab.com/uploads/-/system/project/avatar/31516889/logo.png"}},{"name":"Dependency Track","description":"Identify and reduce risk in your software supply chain with [Dependency Track](https://dependencytrack.org/)","template_path":"templates/gitlab-ci-dependency-track.yml","kind":"analyse","prefix":"deptrack","job_prefix":"dependency-track","is_component":true,"variables":[{"name":"DEPTRACK_SBOM_SCANNER_IMAGE","description":"The container image with [Dependency Track SBOM Scanner](https://gitlab.com/to-be-continuous/tools/dt-sbom-scanner) tool","default":"registry.gitlab.com/to-be-continuous/tools/dt-sbom-scanner:latest","advanced":true},{"name":"DEPTRACK_BASE_API_URL","description":"Dependency Track server base API url (includes `/api`)","mandatory":true,"type":"url"},{"name":"DEPTRACK_API_KEY","description":"Dependency Track API key","secret":true},{"name":"DEPTRACK_PROJECT_PATH","description":"Dependency Track target project path to publish SBOM files to","default":"$CI_PROJECT_NAMESPACE//$CI_PROJECT_PATH-{file_prefix}@$CI_COMMIT_REF_NAME"},{"name":"DEPTRACK_PATH_SEPARATOR","description":"Separator to use in project path","default":"//","advanced":true},{"name":"DEPTRACK_MERGE","description":"Merge all SBOM files into one","type":"boolean","default":"false"},{"name":"DEPTRACK_MERGE_OUTPUT","description":"Output merged SBOM file (only used with merge enabled) - _for debugging purpose_","advanced":true,"default":"reports/deptrack-merged.cyclonedx.json"},{"name":"DEPTRACK_PURL_MAX_LEN","description":"PURLs max length (`-1`: auto, `0`: no trim, `>0`: trim to size - default: `-1`)","type":"number","advanced":true,"default":"-1"},{"name":"DEPTRACK_SBOM_PATTERNS","description":"SBOM file patterns to publish (supports glob patterns)","default":"**/*.cyclonedx.json **/*.cyclonedx.xml","advanced":true},{"name":"DEPTRACK_SHOW_FINDINGS","description":"Wait for analysis and display found vulnerabilities in logs","type":"boolean","default":"false"},{"name":"DEPTRACK_RISK_SCORE_THRESHOLD","description":"Fail the job if risk score threshold is exceeded (`<0`: disabled - default: `-1`)","type":"number","default":"-1"}],"features":[{"id":"quality-gate","name":"Quality Gate","description":"Enable a job at acceptance stage which will block the pipeline when failing","enable_with":"DEPTRACK_QUALITY_GATE_ENABLED","variables":[{"name":"DEPTRACK_QUALITY_GATE_BASE_API_URL","description":"Override Dependency Track server base API url (includes `/api`) to use for acceptance stage","type":"url"},{"name":"DEPTRACK_QUALITY_GATE_API_KEY","description":"Override Dependency Track API key to use for acceptance stage","secret":true},{"name":"DEPTRACK_QUALITY_GATE_PROJECT_PATH","description":"Override Dependency Track target project path to publish SBOM files to during acceptance stage"},{"name":"DEPTRACK_QUALITY_GATE_MERGE","description":"Merge all SBOM files into one during acceptance stage","advanced":true},{"name":"DEPTRACK_QUALITY_GATE_SHOW_FINDINGS","description":"Wait for analysis and display found vulnerabilities in logs during acceptance stage","advanced":true},{"name":"DEPTRACK_QUALITY_GATE_RISK_SCORE_THRESHOLD","description":"Fail the acceptance job if risk score threshold is exceeded (`<0`: disabled - default: `-1`)","advanced":true}]}],"variants":[{"id":"vault","name":"Vault","description":"Retrieve secrets from a [Vault](https://www.vaultproject.io/) server","template_path":"templates/gitlab-ci-dependency-track-vault.yml","variables":[{"name":"TBC_VAULT_IMAGE","description":"The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use","default":"registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master","advanced":true},{"name":"VAULT_BASE_URL","description":"The Vault server base API url"},{"name":"VAULT_OIDC_AUD","description":"The `aud` claim for the JWT","default":"$CI_SERVER_URL"},{"name":"VAULT_ROLE_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID","mandatory":true,"secret":true},{"name":"VAULT_SECRET_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID","mandatory":true,"secret":true}]}],"extension_id":null,"project":{"tag":"1.5.1","tags":["1.5.1","1.5.0","1.5","1.4.0","1.4","1.3.0","1.3","1.2.0","1.2","1.1.0","1.1","1.0.0","1.0","1"],"name":"dependency-track","path":"to-be-continuous/dependency-track","web_url":"https://gitlab.com/to-be-continuous/dependency-track","avatar":"https://gitlab.com/uploads/-/system/project/avatar/56360582/dependency-track.png"}},{"name":"Docker Compose","description":"Deploy your application with [Docker Compose](https://docs.docker.com/compose/)","template_path":"templates/gitlab-ci-docker-compose.yml","kind":"hosting","prefix":"dcmp","job_prefix":"compose","is_component":true,"variables":[{"name":"DCMP_IMAGE","description":"The Docker image used to run Docker Compose CLI commands - **set the version required by your Docker Compose cluster**","default":"registry.hub.docker.com/library/docker:latest"},{"name":"DCMP_CMD","description":"The docker compose or stack command (empty means _auto_)","values":["","docker compose","docker-compose","docker stack"],"advanced":true},{"name":"DCMP_BASE_APP_NAME","description":"Base application name","default":"$CI_PROJECT_NAME","advanced":true},{"name":"DCMP_ENVIRONMENT_URL","type":"url","description":"The default environments url _(only define for static environment URLs declaration)_\n\n_supports late variable expansion (ex: `https://%{environment_name}.dcmp.acme.com`)_"},{"name":"DCMP_SCRIPTS_DIR","description":"Directory where Compose files, dotenv files and hook scripts are located","default":".","advanced":true},{"name":"DCMP_UP_OPTS","description":"[`compose up` options](https://docs.docker.com/reference/cli/docker/compose/up/#options) (only when using Docker Compose)","default":"--no-build --remove-orphans --wait --wait-timeout 180"},{"name":"DCMP_DOWN_OPTS","description":"[`compose down` options](https://docs.docker.com/reference/cli/docker/compose/down/#options) (only when using Docker Compose)","default":"--volumes --remove-orphans --rmi all"},{"name":"DCMP_STACK_DEPLOY_OPTS","description":"[`stack deploy` options](https://docs.docker.com/reference/cli/docker/stack/deploy/) (only when using Docker Stack)","default":"--prune"},{"name":"DCMP_SSH_PRIVATE_KEY","description":"Default SSH key to use when connecting to Docker hosts over SSH (can be overridden per env)","secret":true},{"name":"DCMP_SSH_KNOWN_HOSTS","description":"SSH `known_hosts` (file or text variable)"}],"features":[{"id":"config","name":"Compose Config","description":"Runs [`compose config`](https://docs.docker.com/reference/cli/docker/compose/config/) to detect errors in your Compose file(s)","disable_with":"DCMP_CONFIG_DISABLED","variables":[{"name":"DCMP_CONFIG_OPTS","description":"[`compose config` options](https://docs.docker.com/reference/cli/docker/compose/config/#options)","default":"--quiet","advanced":true},{"name":"DCMP_STACK_CONFIG_OPTS","description":"[`stack config` options](https://docs.docker.com/reference/cli/docker/stack/config/)","advanced":true},{"name":"DCMP_STACK_CONFIG_SILENT","description":"Silences standard output of `stack config` command","type":"boolean","default":"true","advanced":true}]},{"id":"review","name":"Review","description":"Dynamic review environments for your topic branches (see GitLab [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/))","variables":[{"name":"DCMP_REVIEW_DOCKER_HOST","description":"Docker Host for `review` env (ex: `ssh://docker@docker-host-for-review:2375`)","mandatory":true},{"name":"DCMP_REVIEW_SSH_PRIVATE_KEY","description":"`review` env specific SSH key to use when connecting to Docker Host over SSH","secret":true},{"name":"DCMP_REVIEW_APP_NAME","description":"The application name for `review` env (only define to override default)","advanced":true},{"name":"DCMP_REVIEW_AUTOSTOP_DURATION","description":"The amount of time before GitLab will automatically stop `review` environments","default":"4 hours"},{"name":"DCMP_REVIEW_ENVIRONMENT_URL","type":"url","description":"The `review` environments url _(only define for static environment URLs declaration and if different from default)_","advanced":true}]},{"id":"integration","name":"Integration","description":"A continuous-integration environment associated to your integration branch (`develop` by default)","variables":[{"name":"DCMP_INTEG_DOCKER_HOST","description":"Docker Host for `integration` env (ex: `ssh://docker@docker-host-for-integ:2375`)","mandatory":true},{"name":"DCMP_INTEG_SSH_PRIVATE_KEY","description":"`integration` env specific SSH key to use when connecting to Docker Host over SSH","secret":true},{"name":"DCMP_INTEG_APP_NAME","description":"The application name for `integration` env (only define to override default)","advanced":true},{"name":"DCMP_INTEG_ENVIRONMENT_URL","type":"url","description":"The `integration` environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true}]},{"id":"staging","name":"Staging","description":"An iso-prod environment meant for testing and validation purpose on your production branch (`main` or `master` by default)","variables":[{"name":"DCMP_STAGING_DOCKER_HOST","description":"Docker Host for `staging` env (ex: `ssh://docker@docker-host-for-staging:2375`)","mandatory":true},{"name":"DCMP_STAGING_SSH_PRIVATE_KEY","description":"`staging` env specific SSH key to use when connecting to Docker Host over SSH","secret":true},{"name":"DCMP_STAGING_APP_NAME","description":"The application name for `staging` env (only define to override default)","advanced":true},{"name":"DCMP_STAGING_ENVIRONMENT_URL","type":"url","description":"The `staging` environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true}]},{"id":"prod","name":"Production","description":"The production environment","variables":[{"name":"DCMP_PROD_DOCKER_HOST","description":"Docker Host for `production` env (ex: `ssh://docker@docker-host-for-prod:2375`)","mandatory":true},{"name":"DCMP_PROD_SSH_PRIVATE_KEY","description":"`production` env specific SSH key to use when connecting to Docker Host over SSH","secret":true},{"name":"DCMP_PROD_APP_NAME","description":"The application name for `production` env (only define to override default)","advanced":true},{"name":"DCMP_PROD_ENVIRONMENT_URL","type":"url","description":"The `production` environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"DCMP_PROD_DEPLOY_STRATEGY","description":"Defines the deployment to `production` strategy.","type":"enum","values":["manual","auto"],"default":"manual"}]}],"extension_id":null,"project":{"tag":"1.0.2","tags":["1.0.2","1.0.1","1.0.0","1.0","1"],"name":"docker-compose","path":"to-be-continuous/docker-compose","web_url":"https://gitlab.com/to-be-continuous/docker-compose","avatar":"https://gitlab.com/uploads/-/system/project/avatar/55380145/logo.png"}},{"name":"Docker","description":"Build, check and inspect your containers with [Docker](https://www.docker.com/)","template_path":"templates/gitlab-ci-docker.yml","kind":"package","prefix":"docker","is_component":true,"variables":[{"name":"DOCKER_BUILD_TOOL","type":"enum","values":["kaniko","buildah","dind"],"description":"The build tool to use for building container image","default":"kaniko"},{"name":"DOCKER_KANIKO_IMAGE","description":"The image used to run kaniko\n\n_for kaniko build only_","default":"gcr.io/kaniko-project/executor:debug"},{"name":"DOCKER_BUILDAH_IMAGE","description":"The image used to run buildah\n\n_for buildah build only_","default":"quay.io/buildah/stable:latest"},{"name":"DOCKER_IMAGE","description":"The image used to run the docker client\n\n_for Docker-in-Docker(dind) build only_","default":"registry.hub.docker.com/library/docker:latest"},{"name":"DOCKER_DIND_IMAGE","description":"The image used to run the Docker daemon\n\n_for Docker-in-Docker(dind) build only_","default":"registry.hub.docker.com/library/docker:dind"},{"name":"DOCKER_SKOPEO_IMAGE","description":"The image used to publish docker image with Skopeo","default":"quay.io/skopeo/stable:latest"},{"name":"DOCKER_FILE","description":"The path to your `Dockerfile`","default":"Dockerfile"},{"name":"DOCKER_CONTEXT_PATH","description":"The Docker [context path](https://docs.docker.com/engine/reference/commandline/build/#build-with-path) (working directory) - _only set if you want a context path different from the Dockerfile location_","advanced":true},{"name":"DOCKER_CONFIG_FILE","description":"Path to the [Docker configuration file](https://docs.docker.com/engine/reference/commandline/cli/#sample-configuration-file) (JSON)","default":".docker/config.json","advanced":true},{"name":"DOCKER_SNAPSHOT_IMAGE","description":"Docker snapshot image","default":"$CI_REGISTRY_IMAGE/snapshot:$CI_COMMIT_REF_SLUG"},{"name":"DOCKER_RELEASE_IMAGE","description":"Docker release image","default":"$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"},{"name":"DOCKER_RELEASE_EXTRA_TAGS_PATTERN","description":"Defines the image tag pattern that `$DOCKER_RELEASE_IMAGE` should match to push extra tags (supports capturing groups)\n\nDefaults to [SemVer](https://semver.org/) pattern.","default":"^v?(?P<major>[0-9]+)\\.(?P<minor>[0-9]+)\\.(?P<patch>[0-9]+)(?P<suffix>(?P<prerelease>-[0-9A-Za-z-\\.]+)?(?P<build>\\+[0-9A-Za-z-\\.]+)?)$","advanced":true},{"name":"DOCKER_RELEASE_EXTRA_TAGS","description":"Defines extra tags to publish the _release_ image\n\nSupports capturing group references from `$DOCKER_RELEASE_EXTRA_TAGS_PATTERN` (ex: `latest \\g<major>.\\g<minor> \\g<major>`)","advanced":true},{"name":"DOCKER_BUILD_ARGS","description":"Additional docker/kaniko/buildah build arguments.\n\n_If values contain spaces, ensure any required quote are correctly escaped when needed (not supported for Kaniko)_"},{"name":"DOCKER_METADATA","description":"Additional metadata to set as labels.\n\nIf values contain spaces, ensure any required quote are correctly escaped when needed (not supported for Kaniko)_","default":"--label \"org.opencontainers.image.url=${CI_PROJECT_URL}\" --label \"org.opencontainers.image.source=${CI_PROJECT_URL}\" --label \"org.opencontainers.image.title=${CI_PROJECT_PATH}\" --label \"org.opencontainers.image.ref.name=${CI_COMMIT_REF_NAME}\" --label \"org.opencontainers.image.revision=${CI_COMMIT_SHA}\" --label \"org.opencontainers.image.created=${CI_JOB_STARTED_AT}\"","advanced":true},{"name":"DOCKER_PUBLISH_ARGS","description":"Additional [`skopeo copy` arguments](https://github.com/containers/skopeo/blob/master/docs/skopeo-copy.1.md#options)"},{"name":"DOCKER_PROD_PUBLISH_STRATEGY","description":"Defines the publish to production strategy.","type":"enum","values":["none","manual","auto"],"default":"manual"},{"name":"DOCKER_SEMREL_RELEASE_DISABLED","description":"Disable integration with the [semantic release template](https://gitlab.com/to-be-continuous/semantic-release/)","type":"boolean"},{"name":"DOCKER_REGISTRY_MIRROR","description":"URL of a Docker registry mirror to use instead of default `https://index.docker.io`\n\n_Used by `kaniko` and `dind` builds only_"},{"name":"CONTAINER_REGISTRIES_CONFIG_FILE","description":"The [registries.conf](https://www.redhat.com/sysadmin/manage-container-registries) configuration to be used\n\n_Used by the `buildah` build only_","advanced":true},{"name":"KANIKO_SNAPSHOT_IMAGE_CACHE","description":"Snapshot image repository that will be used to store cached layers (leave empty to use default: snapshot image repository + `/cache`)\n\n_Used by the `kaniko` build only_","advanced":true},{"name":"DOCKER_BUILD_CACHE_DISABLED","description":"Set to `true` to disable the build cache.","type":"boolean","advanced":true},{"name":"DOCKER_PUSH_ARGS","description":"Additional docker/buildah `push` arguments (executed right after `build`).\n\nEx: `--compression-format zstd --compression-level 20`","advanced":true}],"features":[{"id":"hadolint","name":"Hadolint","description":"This job performs a [Lint](https://github.com/hadolint/hadolint) on your `Dockerfile`.","disable_with":"DOCKER_HADOLINT_DISABLED","variables":[{"name":"DOCKER_HADOLINT_IMAGE","description":"The docker image to lint your Dockerfile with Hadolint","default":"registry.hub.docker.com/hadolint/hadolint:latest-alpine"},{"name":"DOCKER_HADOLINT_ARGS","description":"Additional `hadolint` arguments","advanced":true}]},{"id":"healthcheck","name":"Health Check","description":"[Health Check](https://docs.docker.com/engine/reference/builder/#healthcheck) image analysis","disable_with":"DOCKER_HEALTHCHECK_DISABLED","variables":[{"name":"DOCKER_HEALTHCHECK_TIMEOUT","type":"number","description":"When testing an image, how long (in seconds) wait for the HealthCheck status","default":"60","advanced":true},{"name":"DOCKER_HEALTHCHECK_OPTIONS","description":"Docker options for health check such as port mapping, environment...","advanced":true},{"name":"DOCKER_HEALTHCHECK_CONTAINER_ARGS","description":"Arguments sent to the running container for health check","advanced":true}]},{"id":"trivy","name":"Trivy","description":"[Trivy](https://aquasecurity.github.io/trivy) vulnerability analysis","disable_with":"DOCKER_TRIVY_DISABLED","variables":[{"name":"DOCKER_TRIVY_IMAGE","description":"The docker image used to scan images with Trivy","default":"registry.hub.docker.com/aquasec/trivy:latest","advanced":true},{"name":"DOCKER_TRIVY_ARGS","description":"Additional [`trivy image` options](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_image/#options)","default":"--ignore-unfixed --pkg-types os --exit-on-eol 1 --detection-priority comprehensive","advanced":true}]},{"id":"sbom","name":"Software Bill of Materials","description":"This job generates a file listing all dependencies using [syft](https://github.com/anchore/syft)","disable_with":"DOCKER_SBOM_DISABLED","variables":[{"name":"DOCKER_SBOM_IMAGE","default":"registry.hub.docker.com/anchore/syft:debug"},{"name":"DOCKER_SBOM_OPTS","description":"Options for syft used for SBOM analysis","default":"--override-default-catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger","advanced":true}]}],"variants":[{"id":"vault","name":"Vault","description":"Retrieve secrets from a [Vault](https://www.vaultproject.io/) server","template_path":"templates/gitlab-ci-docker-vault.yml","variables":[{"name":"TBC_VAULT_IMAGE","description":"The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use","default":"registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest","advanced":true},{"name":"VAULT_BASE_URL","description":"The Vault server base API url","mandatory":true},{"name":"VAULT_OIDC_AUD","description":"The `aud` claim for the JWT","default":"$CI_SERVER_URL"},{"name":"VAULT_ROLE_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID","mandatory":true,"secret":true},{"name":"VAULT_SECRET_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID","mandatory":true,"secret":true}]},{"id":"gcp","name":"Google Cloud","description":"Retrieves a registry authentication for the Google Cloud's [Artifact Registry](https://cloud.google.com/artifact-registry)","template_path":"templates/gitlab-ci-docker-gcp.yml","variables":[{"name":"TBC_GCP_PROVIDER_IMAGE","description":"The [GCP Auth Provider](https://gitlab.com/to-be-continuous/tools/gcp-auth-provider) image to use","default":"registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:latest","advanced":true},{"name":"GCP_OIDC_AUD","description":"The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/))_","default":"$CI_SERVER_URL","advanced":true},{"name":"GCP_OIDC_ACCOUNT","description":"Default Service Account to which impersonate with OpenID Connect authentication"},{"name":"GCP_OIDC_PROVIDER","description":"Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/)"},{"name":"GCP_SNAPSHOT_OIDC_ACCOUNT","description":"Service Account to use to push the snapshot image _(only define to override default)_","advanced":true},{"name":"GCP_SNAPSHOT_OIDC_PROVIDER","description":"Workload Identity Provider to push the snapshot image _(only define to override default)_","advanced":true},{"name":"GCP_RELEASE_OIDC_ACCOUNT","description":"Service Account to use to push the release image _(only define to override default)_","advanced":true},{"name":"GCP_RELEASE_OIDC_PROVIDER","description":"Workload Identity Provider to push the release image _(only define to override default)_","advanced":true}]},{"id":"ecr","name":"Amazon ECR","description":"Retrieves a registry authentication for the Amazon's [Elastic Container Registry](https://docs.aws.amazon.com/ecr/)","template_path":"templates/gitlab-ci-docker-ecr.yml","variables":[{"name":"TBC_AWS_PROVIDER_IMAGE","description":"The [AWS Auth Provider](https://gitlab.com/to-be-continuous/tools/aws-auth-provider) image to use","default":"registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:latest","advanced":true},{"name":"AWS_REGION","description":"Default region (where the ECR registry is located)"},{"name":"AWS_SNAPSHOT_REGION","description":"Region of the ECR registry for the snapshot image _(only define to override default)_","advanced":true},{"name":"AWS_RELEASE_REGION","description":"Region of the ECR registry for the release image _(only define to override default)_","advanced":true},{"name":"AWS_OIDC_AUD","description":"The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/))_","default":"$CI_SERVER_URL","advanced":true},{"name":"AWS_OIDC_ROLE_ARN","description":"Default IAM Role ARN associated with GitLab _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/))_"},{"name":"AWS_SNAPSHOT_OIDC_ROLE_ARN","description":"IAM Role ARN associated with GitLab for the snapshot image _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/) and if different from default)_","advanced":true},{"name":"AWS_RELEASE_OIDC_ROLE_ARN","description":"IAM Role ARN associated with GitLab for the release image _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/) and if different from default)_","advanced":true},{"name":"AWS_ACCESS_KEY_ID","description":"Default access key ID (only required for basic authentication)","secret":true,"advanced":true},{"name":"AWS_SECRET_ACCESS_KEY","description":"Default secret access key (only required for basic authentication)","secret":true,"advanced":true},{"name":"AWS_SNAPSHOT_ACCESS_KEY_ID","description":"Access key ID for the snapshot image (only required for basic authentication and if different from default)","secret":true,"advanced":true},{"name":"AWS_SNAPSHOT_SECRET_ACCESS_KEY","description":"Secret access key for the snapshot image (only required for basic authentication and if different from default)","secret":true,"advanced":true},{"name":"AWS_RELEASE_ACCESS_KEY_ID","description":"Access key ID for the release image (only required for basic authentication and if different from default)","secret":true,"advanced":true},{"name":"AWS_RELEASE_SECRET_ACCESS_KEY","description":"Secret access key for the release image (only required for basic authentication and if different from default)","secret":true,"advanced":true}]}],"extension_id":null,"project":{"tag":"6.0.0","tags":["6.0.0","6.0","6","5.14.1","5.14.0","5.14","5.13.3","5.13.2","5.13.1","5.13.0","5.13","5.12.1","5.12.0","5.12","5.11.1","5.11.0","5.11","5.10.3","5.10.2","5.10.1","5.10.0","5.10","5.9.1","5.9.0","5.9","5.8.2","5.8.1","5.8.0","5.8","5.7.1","5.7.0","5.7","5.6.1","5.6.0","5.6","5.5.6","5.5.5","5.5.4","5.5.3","5.5.2","5.5.1","5.5.0","5.5","5.4.1","5.4.0","5.4","5.3.1","5.3.0","5.3","5.2.2","5.2.1","5.2.0","5.2","5.1.0","5.1","5.0.3","5.0.2","5.0.1","5.0.0","5.0","5","4.0.0","4.0","4","3.6.0","3.6","3.5.3","3.5.2","3.5.1","3.5.0","3.5","3.4.0","3.4","3.3.0","3.3","3.2.2","3.2.1","3.2.0","3.2","3.1.1","3.1.0","3.1","3.0.0","3.0","3","2.7.1","2.7.0","2.7","2.6.0","2.6","2.5.0","2.5","2.4.0","2.4","2.3.3","2.3.2","2.3.1","2.3.0","2.3","2"],"name":"docker","path":"to-be-continuous/docker","web_url":"https://gitlab.com/to-be-continuous/docker","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26450930/logo.png"}},{"name":"Google Cloud","description":"Deploy your application to the [Google Cloud](https://cloud.google.com/) platform","template_path":"templates/gitlab-ci-gcloud.yml","kind":"hosting","prefix":"gcp","is_component":true,"variables":[{"name":"GCP_CLI_IMAGE","description":"The Docker image used to run Google Cloud CLI commands","default":"gcr.io/google.com/cloudsdktool/cloud-sdk:latest"},{"name":"GCP_KEY_FILE","description":"Global Service Account key file","secret":true,"mandatory":true},{"name":"GCP_WORKLOAD_IDENTITY_PROVIDER","description":"Default [Workload Identity Provider](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) associated with GitLab to authenticate\n\n(has format `projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/POOL_ID/providers/PROVIDER_ID`)","advanced":true},{"name":"GCP_SERVICE_ACCOUNT","description":"Default Service Account to which impersonate with WIF authentication","advanced":true},{"name":"GCP_BASE_APP_NAME","description":"Base application name","default":"$CI_PROJECT_NAME","advanced":true},{"name":"GCP_ENVIRONMENT_URL","type":"url","description":"The default environments url _(only define for static environment URLs declaration)_\n\n_supports late variable expansion (ex: `https://%{environment_name}.gcloud.acme.com`)_"},{"name":"GCP_SCRIPTS_DIR","description":"Directory where Google Cloud scripts (deploy & cleanup) are located","default":".","advanced":true}],"features":[{"id":"review","name":"Review","description":"Dynamic review environments for your topic branches (see GitLab [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/))","variables":[{"name":"GCP_REVIEW_PROJECT","description":"Google Cloud project ID for review env","mandatory":true},{"name":"GCP_REVIEW_APP_NAME","description":"The application name for review env (only define to override default)","advanced":true},{"name":"GCP_REVIEW_AUTOSTOP_DURATION","description":"The amount of time before GitLab will automatically stop `review` environments","default":"4 hours"},{"name":"GCP_REVIEW_ENVIRONMENT_URL","type":"url","description":"The review environments url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"GCP_REVIEW_KEY_FILE","description":"Service Account key file to authenticate on review env (only define to override default)","secret":true}]},{"id":"integration","name":"Integration","description":"A continuous-integration environment associated to your integration branch (`develop` by default)","variables":[{"name":"GCP_INTEG_PROJECT","description":"Google Cloud project ID for integration env","mandatory":true},{"name":"GCP_INTEG_APP_NAME","description":"The application name for integration env (only define to override default)","advanced":true},{"name":"GCP_INTEG_ENVIRONMENT_URL","type":"url","description":"The integration environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"GCP_INTEG_KEY_FILE","description":"Service Account key file to authenticate on integration env (only define to override default)","secret":true}]},{"id":"staging","name":"Staging","description":"An iso-prod environment meant for testing and validation purpose on your production branch (`main` or `master` by default)","variables":[{"name":"GCP_STAGING_PROJECT","description":"Google Cloud project ID for staging env","mandatory":true},{"name":"GCP_STAGING_APP_NAME","description":"The application name for staging env (only define to override default)","advanced":true},{"name":"GCP_STAGING_ENVIRONMENT_URL","type":"url","description":"The staging environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"GCP_STAGING_KEY_FILE","description":"Service Account key file to authenticate on staging env (only define to override default)","secret":true}]},{"id":"prod","name":"Production","description":"The production environment","variables":[{"name":"GCP_PROD_PROJECT","description":"Google Cloud project ID for production env","mandatory":true},{"name":"GCP_PROD_APP_NAME","description":"The application name for production env (only define to override default)","advanced":true},{"name":"GCP_PROD_ENVIRONMENT_URL","type":"url","description":"The production environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"GCP_PROD_DEPLOY_STRATEGY","description":"Defines the deployment to production strategy.","type":"enum","values":["manual","auto"],"default":"manual"},{"name":"GCP_PROD_KEY_FILE","description":"Service Account key file to authenticate on production env (only define to override default)","secret":true}]}],"variants":[{"id":"oidc","name":"OpenID Connect","description":"Enables [federated authentication using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/)","template_path":"templates/gitlab-ci-gcloud-oidc.yml","variables":[{"name":"GCP_OIDC_AUD","description":"The `aud` claim for the JWT","default":"$CI_SERVER_URL"},{"name":"GCP_OIDC_PROVIDER","description":"Global Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/)","advanced":true},{"name":"GCP_OIDC_ACCOUNT","description":"Global Service Account to which impersonate with OpenID Connect authentication","advanced":true},{"name":"GCP_REVIEW_OIDC_PROVIDER","description":"Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `review` environment\n\n_(only define to override default)_","advanced":true},{"name":"GCP_REVIEW_OIDC_ACCOUNT","description":"Service Account to which impersonate with OpenID Connect authentication on `review` environment","advanced":true},{"name":"GCP_INTEG_OIDC_PROVIDER","description":"Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `integration` environment\n\n_(only define to override default)_","advanced":true},{"name":"GCP_INTEG_OIDC_ACCOUNT","description":"Service Account to which impersonate with OpenID Connect authentication on `integration` environment","advanced":true},{"name":"GCP_STAGING_OIDC_PROVIDER","description":"Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `staging` environment\n\n_(only define to override default)_","advanced":true},{"name":"GCP_STAGING_OIDC_ACCOUNT","description":"Service Account to which impersonate with OpenID Connect authentication on `staging` environment","advanced":true},{"name":"GCP_PROD_OIDC_PROVIDER","description":"Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `production` environment\n\n_(only define to override default)_","advanced":true},{"name":"GCP_PROD_OIDC_ACCOUNT","description":"Service Account to which impersonate with OpenID Connect authentication on `production` environment","advanced":true}]},{"id":"vault","name":"Vault","description":"Retrieve secrets from a [Vault](https://www.vaultproject.io/) server","template_path":"templates/gitlab-ci-gcloud-vault.yml","variables":[{"name":"TBC_VAULT_IMAGE","description":"The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use","default":"registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest","advanced":true},{"name":"VAULT_OIDC_AUD","description":"The `aud` claim for the JWT","default":"$CI_SERVER_URL"},{"name":"VAULT_BASE_URL","description":"The Vault server base API url","mandatory":true},{"name":"VAULT_ROLE_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID","mandatory":true,"secret":true},{"name":"VAULT_SECRET_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID","mandatory":true,"secret":true}]}],"extension_id":null,"project":{"tag":"5.2.3","tags":["5.2.3","5.2.2","5.2.1","5.2.0","5.2","5.1.0","5.1","5.0.2","5.0.1","5.0.0","5.0","5","4.1.0","4.1","4.0.0","4.0","4","3.2.0","3.2","3.1.0","3.1","3.0.0","3.0","3","2.3.2","2.3.1","2.3.0","2.3","2.2.0","2.2","2.1.1","2.1.0","2.1","2.0.0","2.0","2","1.8.0","1.8","1.7.0","1.7","1.6.2","1.6.1","1.6.0","1.5.2","1.5.1","1.5.0","1.4.1","1.4.0","1.3.0","1.2.0","1.1.0","1.0.0","1"],"name":"gcloud","path":"to-be-continuous/gcloud","web_url":"https://gitlab.com/to-be-continuous/gcloud","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26454217/logo.png"}},{"name":"GitLab Butler","description":"Automate cleaning your projects with [GitLab Butler](https://gitlab.com/to-be-continuous/tools/gitlab-butler)","template_path":"templates/gitlab-ci-butler.yml","kind":"misc","prefix":"butler","is_component":true,"variables":[{"name":"BUTLER_IMAGE","description":"The Docker image used to run GitLab Butler","default":"registry.gitlab.com/to-be-continuous/tools/gitlab-butler:latest","advanced":true},{"name":"BUTLER_TOKEN","description":"A GitLab access token to allow GitLab Butler crawl your projects","secret":true},{"name":"BUTLER_GROUP_PATH","description":"GitLab group to process","default":"$CI_PROJECT_NAMESPACE"},{"name":"BUTLER_PIPELINES_DELETE_OLDER_THAN","description":"The max age (in days) after which pipelines are deleted","default":"90"}],"extension_id":null,"project":{"tag":"1.1.0","tags":["1.1.0","1.1","1.0.0","1.0","1"],"name":"gitlab-butler","path":"to-be-continuous/gitlab-butler","web_url":"https://gitlab.com/to-be-continuous/gitlab-butler","avatar":"https://gitlab.com/uploads/-/system/project/avatar/61952173/logo.png"}},{"name":"GitLab Package","description":"Publish artifacts to GitLab's [Generic Package Registry](https://docs.gitlab.com/ee/user/packages/generic_packages/)","template_path":"templates/gitlab-ci-gitlab-package.yml","kind":"build","prefix":"glpkg","is_component":true,"variables":[{"name":"GLPKG_IMAGE","description":"The Docker image used to publish packages","default":"registry.hub.docker.com/curlimages/curl:latest","advanced":true},{"name":"GLPKG_FILES","description":"Glob patterns matching files to include in the GitLab package (:warning: does not support double star)","mandatory":true},{"name":"GLPKG_PACKAGE","description":"Name of the package to publish","default":"$CI_PROJECT_NAME"}],"extension_id":null,"project":{"tag":"1.2.2","tags":["1.2.2","1.2.1","1.2.0","1.2","1.1.0","1.1","1.0.0","1"],"name":"gitlab-package","path":"to-be-continuous/gitlab-package","web_url":"https://gitlab.com/to-be-continuous/gitlab-package","avatar":"https://gitlab.com/uploads/-/system/project/avatar/47461614/logo.png"}},{"name":"Gitleaks","description":"Detect and prevent hardcoded secrets in your Git repository with [Gitleaks](https://github.com/zricethezav/gitleaks/wiki)","template_path":"templates/gitlab-ci-gitleaks.yml","kind":"analyse","prefix":"gitleaks","is_component":true,"variables":[{"name":"GITLEAKS_IMAGE","description":"The Docker image used to run Gitleaks","default":"registry.hub.docker.com/zricethezav/gitleaks:latest"},{"name":"GITLEAKS_RULES","description":"Gitleaks [configuration rules](https://github.com/zricethezav/gitleaks/wiki/Configuration) to use (you may also provide your own `.gitleaks.toml` configuration file in your project).","advanced":true},{"name":"GITLEAKS_ARGS","description":"[Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a full Gitleaks analysis (on master or develop branches)","default":"--verbose --redact","advanced":true}],"extension_id":null,"project":{"tag":"2.6.1","tags":["2.6.1","2.6.0","2.6","2.5.2","2.5.1","2.5.0","2.5","2.4.1","2.4.0","2.4","2.3.0","2.3","2.2.3","2.2.2","2.2.1","2.2.0","2.2","2.1.1","2.1.0","2.1","2.0.0","2.0","2","1.3.0","1.3","1.2.5","1.2.4","1.2.3","1.2.2","1.2.1","1.2.0","1.1.1","1.1.0","1.0.0","1"],"name":"gitleaks","path":"to-be-continuous/gitleaks","web_url":"https://gitlab.com/to-be-continuous/gitleaks","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26454220/logo.png"}},{"name":"Go","description":"Build, test and analyse your [Go](https://golang.org/) projects","template_path":"templates/gitlab-ci-golang.yml","kind":"build","prefix":"go","is_component":true,"variables":[{"name":"GO_IMAGE","description":"The Docker image used to run Go (build+test or build only) - **set the version required by your project**","default":"registry.hub.docker.com/library/golang:bookworm"},{"name":"GO_PROJECT_DIR","description":"Go project root directory","default":".","advanced":true},{"name":"GOPROXY","description":"URL of Go module proxy (see [Go env](https://golang.org/cmd/go/#hdr-Environment_variables))","advanced":true},{"name":"GO_TEST_IMAGE","description":"Specific Docker image used to run Go tests (as a separate job)","advanced":true},{"name":"GO_BUILD_FLAGS","description":"Flags used by the [go build command](https://pkg.go.dev/cmd/go#hdr-Compile_packages_and_dependencies)","default":"-mod=readonly","advanced":true},{"name":"GO_BUILD_MODE","description":"The template build mode (accepted values are `application`, `modules` and `auto`)","type":"enum","values":["auto","application","modules"],"default":"auto","advanced":true},{"name":"GO_BUILD_LINKER_FLAGS","description":"Linker flags used by the [go build command](https://pkg.go.dev/cmd/go#hdr-Compile_packages_and_dependencies) `-ldflags`","default":"-s -w","advanced":true},{"name":"GO_BUILD_PACKAGES","description":"Packages to build with the [go build command](https://pkg.go.dev/cmd/go#hdr-Compile_packages_and_dependencies)","default":"./..."},{"name":"GO_TARGET_OS","description":"The `$GOOS` target [see available values](https://gist.github.com/asukakenji/f15ba7e588ac42795f421b48b8aede63)\n\nFallbacks to default `$GOOS` from the Go Docker image","advanced":true},{"name":"GO_TARGET_ARCH","description":"The `$GOARCH` target [see available values](https://gist.github.com/asukakenji/f15ba7e588ac42795f421b48b8aede63)\n\nFallbacks to default `$GOARCH` from the Go Docker image","advanced":true},{"name":"GO_TEST_FLAGS","description":"Flags used by the [go test command](https://pkg.go.dev/cmd/go#hdr-Test_packages)","default":"-mod=readonly -v -race","advanced":true},{"name":"GO_TEST_PACKAGES","description":"Packages to test with the [go test command](https://pkg.go.dev/cmd/go#hdr-Test_packages)","default":"./..."},{"name":"GO_LIST_ARGS","description":"Arguments used by the list command","default":"list -u -m -mod=readonly -json all","advanced":true},{"name":"GO_COBERTURA_FLAGS","description":"Build flags to add to use gocover-cobertura, leave blank if not needed","advanced":true}],"features":[{"id":"generate","name":"go generate","description":"generate code with [go generate](https://go.dev/blog/generate)","variables":[{"name":"GO_GENERATE_MODULES","description":"Space separated list of Go code generator modules (ex: `stringer mockery`)","mandatory":true}]},{"id":"golangci-lint","name":"GolangCI-Lint","description":"[GolangCI-Lint](https://github.com/golangci/golangci-lint) analysis","disable_with":"GO_CI_LINT_DISABLED","variables":[{"name":"GO_CI_LINT_IMAGE","description":"The Docker image used to run `golangci-lint`","default":"registry.hub.docker.com/golangci/golangci-lint:latest-alpine"},{"name":"GO_CI_LINT_ARGS","description":"`golangci-lint` [command line arguments](https://github.com/golangci/golangci-lint#command-line-options)","default":"-E gosec,goimports ./...","advanced":true}]},{"id":"go-mod-outdated","name":"Go-mod-outdated","description":"[Go-mod-outdated](https://github.com/psampaz/go-mod-outdated) analysis","variables":[{"name":"GO_MOD_OUTDATED_ARGS","description":"`god-mod-outdated` [command line arguments](https://github.com/psampaz/go-mod-outdated#usage","default":"-update -direct","advanced":true}]},{"id":"sbom","name":"Software Bill of Materials","description":"This job generates a file listing all dependencies using [cyclonedx-gomod](https://github.com/CycloneDX/cyclonedx-gomod)","disable_with":"GO_SBOM_DISABLED","variables":[{"name":"GO_SBOM_IMAGE","default":"registry.hub.docker.com/cyclonedx/cyclonedx-gomod:latest"},{"name":"GO_SBOM_OPTS","description":"[@cyclonedx/cyclonedx-gomod options](https://github.com/CycloneDX/cyclonedx-gomod#usage) used for SBOM analysis","default":"-main .","advanced":true}]},{"id":"go-semgrep","name":"Semgrep","description":"[Semgrep](https://semgrep.dev/docs/) analysis","disable_with":"GO_SEMGREP_DISABLED","variables":[{"name":"GO_SEMGREP_IMAGE","description":"The Docker image used to run [Semgrep](https://semgrep.dev/docs/)","default":"registry.hub.docker.com/semgrep/semgrep:latest"},{"name":"GO_SEMGREP_ARGS","description":"Semgrep [scan options](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options)","default":"--metrics off --disable-version-check"},{"name":"GO_SEMGREP_RULES","description":"Space-separated list of [Semgrep rules](https://semgrep.dev/docs/running-rules).\n\nCan be both local YAML files or remote rules from the [Semgrep Registry](https://semgrep.dev/explore) (denoted by the `p/` prefix)","default":"p/golang p/gosec"},{"name":"GO_SEMGREP_DOWNLOAD_RULES_ENABLED","description":"Download Semgrep remote rules","type":"boolean","default":"true"}]},{"id":"govulncheck","name":"Govulncheck","description":"Vulnerability Management with [Govulncheck](https://go.dev/blog/vuln)","disable_with":"GO_VULNCHECK_DISABLED","variables":[{"name":"GO_VULNCHECK_ARGS","description":"`govulncheck` [command line arguments](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck#hdr-Flags)","default":"./...","advanced":true}]}],"extension_id":null,"project":{"tag":"4.11.1","tags":["4.11.1","4.11.0","4.11","4.10.0","4.10","4.9.2","4.9.1","4.9.0","4.9","4.8.3","4.8.2","4.8.1","4.8.0","4.8","4.7.0","4.7","4.6.1","4.6.0","4.6","4.5.1","4.5.0","4.5","4.4.0","4.4","4.3.0","4.3","4.2.0","4.2","4.1.2","4.1.1","4.1.0","4.1","4.0.2","4.0.1","4.0.0","4.0","4","3.2.1","3.2.0","3.2","3.1.0","3.1","3.0.0","3.0","3","2.3.0","2.3","2.2.0","2.2","2.1.3","2.1.2","2.1.1","2.1.0","2.0.3","2.0.2","2.0.1","2.0.0","2","1.3.0","1.2.2","1.2.1","1.2.0","1.1.0","1.0.0"],"name":"golang","path":"to-be-continuous/golang","web_url":"https://gitlab.com/to-be-continuous/golang","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26454222/logo.png"}},{"name":"Gradle","description":"Build, test and analyse your [Gradle](https://gradle.org/)-based projects","template_path":"templates/gitlab-ci-gradle.yml","kind":"build","prefix":"gradle","is_component":true,"variables":[{"name":"GRADLE_IMAGE","description":"The Docker image used to run Gradle - **set the version required by your project**","default":"registry.hub.docker.com/library/gradle:latest"},{"name":"GRADLE_CLI_OPTS","description":"Additional Gradle options used on the command line","advanced":true},{"name":"GRADLE_CLI_BIN","description":"The location of the gradle binary. If you prefer using a [gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html) you should override this (for e.g. `gradlew`)","default":"gradle","advanced":true},{"name":"GRADLE_USER_HOME","description":"The gradle user home","default":"$CI_PROJECT_DIR/.gradle","advanced":true},{"name":"GRADLE_DAEMON","description":"Whether to use or not gradle daemon","default":"false","advanced":true},{"name":"GRADLE_BUILD_ARGS","description":"Gradle arguments for the build & test job","default":"build","advanced":true},{"name":"GRADLE_PROJECT_DIR","description":"Gradle project root directory","default":".","advanced":true},{"name":"JACOCO_CSV_REPORT","description":"Name of code coverage report","default":"jacocoTestReport.csv","advanced":true}],"features":[{"id":"sonar","name":"SONAR","description":"Code quality and security analysis with [SONARQube](https://www.sonarqube.org/)","variables":[{"name":"SONAR_HOST_URL","type":"url","description":"SonarQube server url","mandatory":true},{"name":"SONAR_TOKEN","description":"SonarQube authentication token (see https://docs.sonarsource.com/sonarqube-server/latest/user-guide/managing-tokens/)","secret":true},{"name":"SONAR_BASE_ARGS","description":"SonarQube [analysis arguments](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/analysis-parameters/)","default":"sonar -Dsonar.links.homepage=${CI_PROJECT_URL} -Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines -Dsonar.links.issue=${CI_PROJECT_URL}/-/issues","advanced":true},{"name":"SONAR_QUALITY_GATE_ENABLED","description":"Enables SonarQube [Quality Gate](https://docs.sonarsource.com/sonarqube-server/latest/instance-administration/analysis-functions/quality-gates/) verification.\n\n_Uses `sonar.qualitygate.wait` parameter ([see doc](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/ci-integration/overview/#quality-gate-fails))._","type":"boolean"}]},{"id":"dependency-check","name":"Dependency Check","description":"Runs a Gradle dependency check","disable_with":"GRADLE_DEPENDENCY_CHECK_DISABLED","variables":[{"name":"GRADLE_DEPENDENCY_CHECK_TASK","description":"The dependency-check task that is invoked","default":"dependencyCheckAnalyze","advanced":true}]},{"id":"sbom","name":"Software Bill of Materials","description":"This job generates a file listing all dependencies using [cyclonedx-gradle-plugin](https://github.com/CycloneDX/cyclonedx-gradle-plugin)","disable_with":"GRADLE_SBOM_DISABLED","variables":[{"name":"GRADLE_SBOM_VERSION","description":"Version of the `cyclonedx-gradle-plugin` used for SBOM analysis.\n\n_When unset, the latest version will be used_"},{"name":"GRADLE_MAVEN_PLUGIN_URL","description":"Maven Repository that is used to download the `cyclonedx-gradle-plugin`. No trailing slash.","default":"https://plugins.gradle.org/m2"}]},{"id":"publish","name":"Publish (snapshot & release)","description":"Enable publishing to an artifacts repository","disable_with":"GRADLE_NO_PUBLISH","variables":[{"name":"GRADLE_PUBLISH_ARGS","description":"The publish task that is invoked","default":"publish","advanced":true},{"name":"GRADLE_PUBLISH_VERSION","description":"The value is propagated as gradle properties named `version`.\n\nIt should be used in your publish task","default":"${CI_COMMIT_REF_SLUG}-SNAPSHOT","advanced":true}]}],"extension_id":null,"project":{"tag":"2.8.0","tags":["2.8.0","2.8","2.7.2","2.7.1","2.7.0","2.7","2.6.3","2.6.2","2.6.1","2.6.0","2.6","2.5.0","2.5","2.4.2","2.4.1","2.4.0","2.4","2.3.0","2.3","2.2.2","2.2.1","2.2.0","2.2","2.1.0","2.1","2.0.0","2.0","2","1.4.0","1.4","1.3.1","1.3.0","1.2.1","1.2.0","1.1.0","1.0.0","1"],"name":"gradle","path":"to-be-continuous/gradle","web_url":"https://gitlab.com/to-be-continuous/gradle","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26454226/logo.png"}},{"name":"Helm","description":"Build your Helm Charts and/or deploy your application to a Kubernetes platform using [Helm](https://helm.sh/)","template_path":"templates/gitlab-ci-helm.yml","kind":"hosting","prefix":"helm","is_component":true,"variables":[{"name":"HELM_CLI_IMAGE","description":"The Docker image used to run Helm - **set the version required by your Kubernetes server**","default":"registry.hub.docker.com/alpine/helm:latest"},{"name":"HELM_CHART_DIR","description":"The folder where the Helm chart is located","default":"."},{"name":"HELM_SCRIPTS_DIR","description":"The folder where hook scripts are located","default":"."},{"name":"HELM_COMMON_VALUES","description":"Common values file (used for all environments, overridden by specific per-env values files)"},{"name":"HELM_DEPLOY_CHART","description":"The Helm [chart](https://helm.sh/docs/topics/charts/) to deploy. _Only required if you want to deploy an **external** chart._"},{"name":"HELM_REPOS","description":"The Helm [chart repositories](https://helm.sh/docs/topics/chart_repository/) to use (formatted as `repo_name_1@repo_url_1 repo_name_2@repo_url_2 ...`)","default":"stable@https://charts.helm.sh/stable bitnami@https://charts.bitnami.com/bitnami"},{"name":"KUBE_NAMESPACE","description":"The default Kubernetes namespace to use. _Leave default if [GitLab Kubernetes integration](https://docs.gitlab.com/ee/user/project/clusters/index.html) is enabled._"},{"name":"HELM_DEFAULT_KUBE_CONFIG","description":"The default kubeconfig content to use. Automatically set if GitLab Kubernetes integration is enabled.","default":"$KUBECONFIG","secret":true},{"name":"HELM_BASE_APP_NAME","description":"Base application name","default":"$CI_PROJECT_NAME","advanced":true},{"name":"HELM_ENVIRONMENT_URL","type":"url","description":"The default environments url _(only define for static environment URLs declaration)_\n\n_supports late variable expansion (ex: `https://%{environment_name}.helm.acme.com`)_"},{"name":"HELM_DEPLOY_ARGS","description":"The Helm [command with options](https://helm.sh/docs/helm/helm_upgrade/) to deploy the application (_without dynamic arguments such as release name and chart_)","default":"upgrade --install --atomic --timeout 120s","advanced":true},{"name":"HELM_DELETE_ARGS","description":"The Helm [command with options](https://helm.sh/docs/helm/helm_uninstall/) to cleanup the application (_without dynamic arguments such as release name_)","default":"uninstall","advanced":true},{"name":"HELM_DEPENDENCY_ARGS","description":"The Helm [command with options](https://helm.sh/docs/helm/helm_dependency_update/) to update on-disk the chart dependencies (_without dynamic arguments such as the chart path_)","default":"dependency update","advanced":true},{"name":"HELM_ENV_VALUE_NAME","description":"The name of the Helm [value](https://helm.sh/docs/chart_best_practices/values/) containing the _environment type_","default":"environmentType","advanced":true},{"name":"HELM_HOSTNAME_VALUE_NAME","description":"The name of the Helm [value](https://helm.sh/docs/chart_best_practices/values/) containing the _environment hostname_ (extracted from the environment URL)","default":"hostname","advanced":true}],"features":[{"id":"lint","name":"Helm Lint","description":"Static code analysis of your Helm chart with [Helm Lint](https://helm.sh/docs/helm/helm_lint/)","disable_with":"HELM_LINT_DISABLED","variables":[{"name":"HELM_LINT_ARGS","description":"The Helm [command with options](https://helm.sh/docs/helm/helm_lint/) to trigger the analysis (_without dynamic arguments such as the chart path_)","default":"lint --strict","advanced":true}]},{"id":"test","name":"Helm Test","description":"Acceptance test of your Helm chart with [Helm Test](https://helm.sh/docs/helm/helm_test/)","enable_with":"HELM_TEST_ENABLED","variables":[{"name":"HELM_TEST_ARGS","description":"The Helm [command with options](https://helm.sh/docs/helm/helm_test/) to perform acceptance test (_without dynamic arguments such as release name_)","default":"test","advanced":true}]},{"id":"yamllint","name":"Yaml Lint","description":"[Yaml Lint](https://github.com/adrienverge/yamllint) of your Helm [values file](https://helm.sh/docs/chart_template_guide/values_files/)","disable_with":"HELM_YAMLLINT_DISABLED","variables":[{"name":"HELM_YAMLLINT_IMAGE","description":"The Docker image used to run YamlLint test","default":"registry.hub.docker.com/cytopia/yamllint"},{"name":"HELM_YAMLLINT_CONFIG","description":"Config used with the yamllint tool","default":"{extends: relaxed, rules: {line-length: {max: 160}}}","advanced":true},{"name":"HELM_YAMLLINT_ARGS","description":"Arguments used by the lint job","default":"-f colored --strict","advanced":true}]},{"id":"kube-score","name":"Kube-Score","description":"Run [Kube-Score](https://kube-score.com/) on the resources to be created by Helm","disable_with":"HELM_KUBE_SCORE_DISABLED","variables":[{"name":"HELM_KUBE_SCORE_IMAGE","description":"The Docker image used to run [Kube-Score](https://kube-score.com/)","default":"registry.hub.docker.com/zegl/kube-score"},{"name":"HELM_KUBE_SCORE_ARGS","description":"Arguments used by the kube-score job","advanced":true},{"name":"HELM_K8S_VERSION","description":"Kubernetes version (_so that `.Capabilities.KubeVersion.Version` can be correctly interpreted_). \n\n Expected format: `vX.YY`","advanced":true}]},{"id":"package","name":"Package your chart","description":"[Package](https://helm.sh/docs/helm/helm_package/) your Helm chart","variables":[{"name":"HELM_PACKAGE_ARGS","description":"The Helm [command with options](https://helm.sh/docs/helm/helm_package/) to perform the packaging (_without dynamic arguments such as the chart path_)","default":"package --dependency-update","advanced":true},{"name":"HELM_PUBLISH_SNAPSHOT_ENABLED","description":"Set to `true` to enable publishing the snapshot (untested) chart during the packaging step","type":"boolean","advanced":true},{"name":"HELM_SEMREL_RELEASE_DISABLED","description":"Disable semantic-release integration","type":"boolean","advanced":true}]},{"id":"publish","name":"Publish your chart","description":"Publishes the chart to a [Helm repository](https://helm.sh/docs/topics/chart_repository/) or [OCI-based registry](https://helm.sh/docs/topics/registries/)","variables":[{"name":"HELM_PUBLISH_URL","description":"The URL of the Helm repository to publish your Helm package","default":"oci://$CI_REGISTRY/$CI_PROJECT_PATH/charts"},{"name":"HELM_PUBLISH_METHOD","description":"HTTP method to use to push the package","default":"auto","type":"enum","values":["auto","push","post","put","custom","disabled"],"advanced":true},{"name":"HELM_PUBLISH_USER","description":"Helm repository username","default":"$CI_REGISTRY_USER","secret":true},{"name":"HELM_PUBLISH_PASSWORD","description":"Helm repository password","default":"$CI_REGISTRY_PASSWORD","secret":true},{"name":"HELM_PUBLISH_ON","description":"Defines on which Git reference(s) the publish job shall be enabled\n\n`prod` to enable on production branch only, `protected` to enable on protected references, `all` to enable on all Git branches and `tag` on Git release tags (always auto, superseeds `HELM_PUBLISH_STRATEGY`)","default":"prod","type":"enum","values":["prod","protected","all","tag"]},{"name":"HELM_PUBLISH_STRATEGY","description":"Defines the publish strategy.","type":"enum","values":["none","manual","auto"],"default":"manual"},{"name":"HELM_CM_PUSH_PLUGIN_VERSION","description":"cm-push plugin version to install (only when using `push` method with a regular chart [repository](https://helm.sh/docs/topics/chart_repository/)","advanced":true}]},{"id":"review","name":"Review","description":"Dynamic review environments for your topic branches (see GitLab [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/))","enable_with":"HELM_REVIEW_ENABLED","variables":[{"name":"HELM_REVIEW_APP_NAME","description":"The application name for `review` env _(only define to override default)_","advanced":true},{"name":"HELM_REVIEW_AUTOSTOP_DURATION","description":"The amount of time before GitLab will automatically stop `review` environments","default":"4 hours"},{"name":"HELM_REVIEW_ENVIRONMENT_URL","type":"url","description":"The review environments url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"HELM_REVIEW_VALUES","description":"The Values file to use with `review` environment"},{"name":"HELM_REVIEW_NAMESPACE","description":"The Kubernetes namespace to use for `review` env _(only define to override default)_","advanced":true},{"name":"HELM_REVIEW_KUBE_CONFIG","description":"Specific kubeconfig for review env (only define to override default)","advanced":true,"secret":true}]},{"id":"integration","name":"Integration","description":"A continuous-integration environment associated to your integration branch (`develop` by default)","enable_with":"HELM_INTEG_ENABLED","variables":[{"name":"HELM_INTEG_APP_NAME","description":"The application name for `integration` env _(only define to override default)_","advanced":true},{"name":"HELM_INTEG_AUTOSTOP_DURATION","description":"The amount of time before GitLab will automatically stop the `integration` env","default":"never"},{"name":"HELM_INTEG_ENVIRONMENT_URL","type":"url","description":"The integration environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"HELM_INTEG_VALUES","description":"The Values file to use with `integration` environment"},{"name":"HELM_INTEG_NAMESPACE","description":"The Kubernetes namespace to use for `integration` env _(only define to override default)_","advanced":true},{"name":"HELM_INTEG_KUBE_CONFIG","description":"Specific kubeconfig for integration env (only define to override default)","advanced":true,"secret":true}]},{"id":"staging","name":"Staging","description":"An iso-prod environment meant for testing and validation purpose on your production branch (`main` or `master` by default)","enable_with":"HELM_STAGING_ENABLED","variables":[{"name":"HELM_STAGING_APP_NAME","description":"The application name for `staging` env _(only define to override default)_","default":"${HELM_BASE_APP_NAME}-staging","advanced":true},{"name":"HELM_STAGING_AUTOSTOP_DURATION","description":"The amount of time before GitLab will automatically stop the `staging` env","default":"never"},{"name":"HELM_STAGING_ENVIRONMENT_URL","type":"url","description":"The staging environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"HELM_STAGING_VALUES","description":"The Values file to use with `staging` environment"},{"name":"HELM_STAGING_NAMESPACE","description":"The Kubernetes namespace to use for `staging` env _(only define to override default)_","advanced":true},{"name":"HELM_STAGING_KUBE_CONFIG","description":"Specific kubeconfig for staging env (only define to override default)","advanced":true,"secret":true}]},{"id":"prod","name":"Production","description":"The production environment","enable_with":"HELM_PROD_ENABLED","variables":[{"name":"HELM_PROD_DEPLOY_STRATEGY","description":"Defines the deployment to production strategy.","type":"enum","values":["manual","auto"],"default":"manual"},{"name":"HELM_PROD_APP_NAME","description":"The application name for `production` env _(only define to override default)_","advanced":true},{"name":"HELM_PROD_ENVIRONMENT_URL","type":"url","description":"The production environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"HELM_PROD_VALUES","description":"The Values file to use with `production` environment"},{"name":"HELM_PROD_NAMESPACE","description":"The Kubernetes namespace to use for `production` env _(only define to override default)_","advanced":true},{"name":"HELM_PROD_KUBE_CONFIG","description":"Specific kubeconfig for production env (only define to override default)","advanced":true,"secret":true}]}],"variants":[{"id":"vault","name":"Vault","description":"Retrieve secrets from a [Vault](https://www.vaultproject.io/) server","template_path":"templates/gitlab-ci-helm-vault.yml","variables":[{"name":"TBC_VAULT_IMAGE","description":"The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use","default":"registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest","advanced":true},{"name":"VAULT_BASE_URL","description":"The Vault server base API url"},{"name":"VAULT_OIDC_AUD","description":"The `aud` claim for the JWT","default":"$CI_SERVER_URL"},{"name":"VAULT_ROLE_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID","mandatory":true,"secret":true},{"name":"VAULT_SECRET_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID","mandatory":true,"secret":true}]},{"id":"gcp","name":"Google Cloud","description":"Retrieve credentials for Google Cloud","template_path":"templates/gitlab-ci-helm-gcp.yml","variables":[{"name":"TBC_GCP_PROVIDER_IMAGE","description":"The [GCP Auth Provider](https://gitlab.com/to-be-continuous/tools/gcp-auth-provider) image to use","default":"registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:latest","advanced":true},{"name":"GCP_OIDC_AUD","description":"The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/))_","default":"$CI_SERVER_URL","advanced":true},{"name":"GCP_OIDC_ACCOUNT","description":"Default Service Account to which impersonate with OpenID Connect authentication"},{"name":"GCP_OIDC_PROVIDER","description":"Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/)"},{"name":"GCP_REVIEW_OIDC_ACCOUNT","description":"Service Account to which impersonate with OpenID Connect authentication on `review` environment","advanced":true},{"name":"GCP_REVIEW_OIDC_PROVIDER","description":"Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `review` environment","advanced":true},{"name":"GCP_INTEG_OIDC_ACCOUNT","description":"Service Account to which impersonate with OpenID Connect authentication on `integration` environment","advanced":true},{"name":"GCP_INTEG_OIDC_PROVIDER","description":"Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `integration` environment","advanced":true},{"name":"GCP_STAGING_OIDC_ACCOUNT","description":"Service Account to which impersonate with OpenID Connect authentication on `staging` environment","advanced":true},{"name":"GCP_STAGING_OIDC_PROVIDER","description":"Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `staging` environment","advanced":true},{"name":"GCP_PROD_OIDC_ACCOUNT","description":"Service Account to which impersonate with OpenID Connect authentication on `production` environment","advanced":true},{"name":"GCP_PROD_OIDC_PROVIDER","description":"Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `production` environment","advanced":true}]}],"extension_id":null,"project":{"tag":"7.4.1","tags":["7.4.1","7.4.0","7.4","7.3.1","7.3.0","7.3","7.2.6","7.2.5","7.2.4","7.2.3","7.2.2","7.2.1","7.2.0","7.2","7.1.0","7.1","7.0.2","7.0.1","7.0.0","7.0","7","6.1.1","6.1.0","6.1","6.0.0","6.0","6","5.3.1","5.3.0","5.3","5.2.0","5.2","5.1.0","5.1","5.0.0","5.0","5","4.1.7","4.1.6","4.1.5","4.1.4","4.1.3","4.1.2","4.1.1","4.1.0","4.1","4.0.1","4.0.0","4.0","4","3.3.2","3.3.1","3.3.0","3.3","3.2.0","3.2","3.1.0","3.1","3.0.1","3.0.0","3.0","3","2.4.1","2.4.0","2.4","2.3.0","2.3","2.2.0","2.1.0","2.0.6","2.0.5","2.0.4","2.0.3","2.0.2","2.0.1","2.0.0","2","1.4.2","1.4.1","1.4.0","1.3.0","1.2.1","1.2.0","1.1.1","1.1.0","1.0.0"],"name":"helm","path":"to-be-continuous/helm","web_url":"https://gitlab.com/to-be-continuous/helm","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26454230/logo.png"}},{"name":"Helmfile","description":"Deploy your application to a [Kubernetes](https://kubernetes.io/) platform using [helmfile](https://github.com/helmfile/helmfile)","template_path":"templates/gitlab-ci-helmfile.yml","kind":"hosting","prefix":"helmfile","is_component":true,"variables":[{"name":"HELMFILE_CLI_IMAGE","description":"The Docker image used to run helmfile - **set the version required by your Kubernetes server**","default":"ghcr.io/helmfile/helmfile:latest"},{"name":"HELMFILE_SCRIPTS_DIR","description":"The folder where hook scripts are located","default":"."},{"name":"HELMFILE_PATH","description":"Path to the `helmfile.yaml` to deploy","default":"./helmfile.yaml"},{"name":"KUBE_NAMESPACE","description":"The default Kubernetes namespace to use. _Leave default if [GitLab Kubernetes integration](https://docs.gitlab.com/ee/user/project/clusters/index.html) is enabled._"},{"name":"HELMFILE_DEFAULT_KUBE_CONFIG","description":"The default kubeconfig content to use. Automatically set if GitLab Kubernetes integration is enabled.","default":"$KUBECONFIG","secret":true},{"name":"HELMFILE_BASE_APP_NAME","description":"Base application name","default":"$CI_PROJECT_NAME","advanced":true},{"name":"HELMFILE_ENVIRONMENT_URL","type":"url","description":"The default environments url _(only define for static environment URLs declaration)_\n\n_supports late variable expansion (ex: `https://%{environment_name}.helm.acme.com`)_"},{"name":"HELMFILE_DEPLOY_ARGS","description":"The helmfile [command with options](https://helmfile.readthedocs.io/en/latest/#apply) to deploy the application (_without dynamic global parameters such as helmfile path, namespace and environment name)","default":"apply --suppress-secrets --wait","advanced":true},{"name":"HELMFILE_DELETE_ARGS","description":"The helmfile [command with options](https://helmfile.readthedocs.io/en/latest/#destroy) to cleanup the application (_without dynamic global parameters such as helmfile path, namespace and environment name)","default":"destroy","advanced":true},{"name":"HELMFILE_PGP_PRIVATE_KEY_FILE","description":"PGP Private key for decrypting helmfile secrets with SOPS (optional). Should be set as a File type variable.","secret":true},{"name":"HELMFILE_PGP_PASSPHRASE","description":"Passphrase for PGP private key (optional)","secret":true},{"name":"HELMFILE_IMAGE_PULL_SECRET_NAME","description":"Name of the `docker-registry` k8s secret that will be created if the special [GitLab deploy token](https://docs.gitlab.com/ee/user/project/deploy_tokens/#gitlab-deploy-token) is available.","default":"gitlab-registry","advanced":true}],"features":[{"id":"lint","name":"Helmfile Lint","description":"Runs a [helm lint](https://helm.sh/docs/helm/helm_lint/) across all of the charts/releases in the helmfile manifest.","enable_with":"HELMFILE_LINT_ENABLED","variables":[{"name":"HELMFILE_LINT_ARGS","description":"The helmfile [command with options](https://helmfile.readthedocs.io/en/latest/#lint) to trigger the analysis (_without dynamic arguments such as the helmfile path)","default":"lint","advanced":true}]},{"id":"test","name":"Helmfile Test","description":"Runs acceptance [Helm tests](https://helm.sh/docs/topics/chart_tests/) against the specified releases in the helmfile manifest","enable_with":"HELMFILE_TEST_ENABLED","variables":[{"name":"HELMFILE_TEST_ARGS","description":"The helmfile [command with options](https://helmfile.readthedocs.io/en/latest/#test) to perform acceptance test (_without dynamic global arguments such as the helmfile.yaml path, namespace and environment name_)","default":"test --logs --cleanup","advanced":true}]},{"id":"review","name":"Review","description":"Dynamic review environments for your topic branches (see GitLab [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/))","enable_with":"HELMFILE_REVIEW_ENABLED","variables":[{"name":"HELMFILE_REVIEW_APP_NAME","description":"The application name for `review` env _(only define to override default)_","advanced":true},{"name":"HELMFILE_REVIEW_AUTOSTOP_DURATION","description":"The amount of time before GitLab will automatically stop `review` environments","default":"4 hours"},{"name":"HELMFILE_REVIEW_ENVIRONMENT_URL","type":"url","description":"The review environments url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"HELMFILE_REVIEW_NAMESPACE","description":"The Kubernetes namespace to use for `review` env _(only define to override default)_","advanced":true},{"name":"HELMFILE_REVIEW_KUBE_CONFIG","description":"Specific kubeconfig for review env (only define to override default)","advanced":true,"secret":true}]},{"id":"integration","name":"Integration","description":"A continuous-integration environment associated to your integration branch (`develop` by default)","enable_with":"HELMFILE_INTEG_ENABLED","variables":[{"name":"HELMFILE_INTEG_APP_NAME","description":"The application name for `integration` env _(only define to override default)_","advanced":true},{"name":"HELMFILE_INTEG_AUTOSTOP_DURATION","description":"The amount of time before GitLab will automatically stop the `integration` env","default":"never"},{"name":"HELMFILE_INTEG_ENVIRONMENT_URL","type":"url","description":"The integration environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"HELMFILE_INTEG_NAMESPACE","description":"The Kubernetes namespace to use for `integration` env _(only define to override default)_","advanced":true},{"name":"HELMFILE_INTEG_KUBE_CONFIG","description":"Specific kubeconfig for integration env (only define to override default)","advanced":true,"secret":true}]},{"id":"staging","name":"Staging","description":"An iso-prod environment meant for testing and validation purpose on your production branch (`main` or `master` by default)","enable_with":"HELMFILE_STAGING_ENABLED","variables":[{"name":"HELMFILE_STAGING_APP_NAME","description":"The application name for `staging` env _(only define to override default)_","advanced":true},{"name":"HELMFILE_STAGING_AUTOSTOP_DURATION","description":"The amount of time before GitLab will automatically stop the `staging` env","default":"never"},{"name":"HELMFILE_STAGING_ENVIRONMENT_URL","type":"url","description":"The staging environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"HELMFILE_STAGING_NAMESPACE","description":"The Kubernetes namespace to use for `staging` env _(only define to override default)_","advanced":true},{"name":"HELMFILE_STAGING_KUBE_CONFIG","description":"Specific kubeconfig for staging env (only define to override default)","advanced":true,"secret":true}]},{"id":"prod","name":"Production","description":"The production environment","enable_with":"HELMFILE_PROD_ENABLED","variables":[{"name":"HELMFILE_PROD_DEPLOY_STRATEGY","description":"Defines the deployment to production strategy.","type":"enum","values":["manual","auto"],"default":"manual"},{"name":"HELMFILE_PROD_APP_NAME","description":"The application name for `production` env _(only define to override default)_","advanced":true},{"name":"HELMFILE_PROD_ENVIRONMENT_URL","type":"url","description":"The production environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"HELMFILE_PROD_NAMESPACE","description":"The Kubernetes namespace to use for `production` env _(only define to override default)_","advanced":true},{"name":"HELMFILE_PROD_KUBE_CONFIG","description":"Specific kubeconfig for production env (only define to override default)","advanced":true,"secret":true}]}],"variants":[{"id":"vault","name":"Vault","description":"Retrieve secrets from a [Vault](https://www.vaultproject.io/) server","template_path":"templates/gitlab-ci-helmfile-vault.yml","variables":[{"name":"TBC_VAULT_IMAGE","description":"The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use","default":"registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest","advanced":true},{"name":"VAULT_BASE_URL","description":"The Vault server base API url"},{"name":"VAULT_OIDC_AUD","description":"The `aud` claim for the JWT","default":"$CI_SERVER_URL"},{"name":"VAULT_ROLE_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID","mandatory":true,"secret":true},{"name":"VAULT_SECRET_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID","mandatory":true,"secret":true}]}],"extension_id":null,"project":{"tag":"3.2.4","tags":["3.2.4","3.2.3","3.2.2","3.2.1","3.2.0","3.2","3.1.1","3.1.0","3.1","3.0.3","3.0.2","3.0.1","3.0.0","3.0","3","2.1.0","2.1","2.0.0","2.0","2","1.1.0","1.1","1.0.0","1.0","1"],"name":"helmfile","path":"to-be-continuous/helmfile","web_url":"https://gitlab.com/to-be-continuous/helmfile","avatar":"https://gitlab.com/uploads/-/system/project/avatar/44473697/logo.png"}},{"name":"Hurl","description":"Run your automated tests with [Hurl](https://hurl.dev/)","template_path":"templates/gitlab-ci-hurl.yml","kind":"acceptance","prefix":"hurl","is_component":true,"variables":[{"name":"HURL_IMAGE","description":"The Docker image used to run Hurl","default":"ghcr.io/orange-opensource/hurl:latest"},{"name":"HURL_TEST_FILES","description":"The Hurl test files to run","default":"--glob **/*.hurl"},{"name":"HURL_EXTRA_ARGS","description":"Hurl extra [run options](https://hurl.dev/docs/manual.html#options)","advanced":true},{"name":"REVIEW_ENABLED","description":"Set to enable Hurl tests on review environments (dynamic environments instantiated on development branches)","type":"boolean"}],"extension_id":null,"project":{"tag":"1.4.0","tags":["1.4.0","1.4","1.3.0","1.3","1.2.1","1.2.0","1.2","1.1.0","1.1","1.0.1","1.0.0","1.0","1"],"name":"hurl","path":"to-be-continuous/hurl","web_url":"https://gitlab.com/to-be-continuous/hurl","avatar":"https://gitlab.com/uploads/-/system/project/avatar/50266464/logo.png"}},{"name":"k6","description":"Run your automated load-testing with [k6](https://k6.io/)","template_path":"templates/gitlab-ci-k6.yml","kind":"acceptance","prefix":"k6","is_component":true,"variables":[{"name":"K6_IMAGE","description":"The Docker image used to run k6 CLI.","default":"registry.hub.docker.com/grafana/k6:latest"},{"name":"K6_TESTS_DIR","description":"The k6 tests directory","default":"k6"},{"name":"K6_EXTRA_ARGS","description":"k6 extra [command-line](https://k6.io/docs/getting-started/running-k6)","advanced":true},{"name":"REVIEW_ENABLED","description":"Set to enable k6 tests on review environments (dynamic environments instantiated on development branches)","type":"boolean"}],"extension_id":null,"project":{"tag":"3.4.3","tags":["3.4.3","3.4.2","3.4.1","3.4.0","3.4","3.3.0","3.3","3.2.1","3.2.0","3.2","3.1.1","3.1.0","3.1","3.0.0","3.0","3","2.1.0","2.1","2.0.1","2.0.0","2","1.0.0"],"name":"k6","path":"to-be-continuous/k6","web_url":"https://gitlab.com/to-be-continuous/k6","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26797499/logo.png"}},{"name":"Kubernetes","description":"Deploy your application to a [Kubernetes](https://kubernetes.io/) platform using [declarative configuration](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/) or [Kustomize](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/kustomization/)","template_path":"templates/gitlab-ci-k8s.yml","kind":"hosting","prefix":"k8s","is_component":true,"variables":[{"name":"K8S_KUBECTL_IMAGE","description":"The Docker image used to run Kubernetes `kubectl` commands - **set the version required by your Kubernetes server**","default":"registry.hub.docker.com/bitnami/kubectl:latest"},{"name":"K8S_DEFAULT_KUBE_CONFIG","description":"The default kubeconfig to use (either content or file variable) (only define if not using exploded kubeconfig parameters)","secret":true},{"name":"K8S_URL","type":"url","description":"Global Kubernetes API url (only define if using exploded kubeconfig parameters)"},{"name":"K8S_TOKEN","description":"Global Kubernetes API token (only define if using exploded kubeconfig parameters)","secret":true},{"name":"K8S_CA_CERT","description":"Global Kubernetes cluster server certificate authority (only define if using exploded kubeconfig parameters)","secret":true},{"name":"K8S_BASE_APP_NAME","description":"Base application name","default":"$CI_PROJECT_NAME","advanced":true},{"name":"K8S_ENVIRONMENT_URL","type":"url","description":"The default environments url _(only define for static environment URLs declaration)_\n\n_supports late variable expansion (ex: `https://%{environment_name}.k8s.acme.com`)_"},{"name":"K8S_SCRIPTS_DIR","description":"directory where Kubernetes scripts (templates, hook scripts) are located","default":".","advanced":true},{"name":"K8S_KUSTOMIZE_ENABLED","description":"Set to `true` to enable [Kustomize](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/)","type":"boolean","advanced":true},{"name":"K8S_KUSTOMIZE_ARGS","description":"Additional [`kubectl kustomize` options](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#kustomize)\n\n_For example: `--enable-helm`_","advanced":true}],"features":[{"id":"kube-score","name":"kube-score","description":"Static code analysis of your Kubernetes templates with [kube-score](https://github.com/zegl/kube-score)","disable_with":"K8S_SCORE_DISABLED","variables":[{"name":"K8S_KUBE_SCORE_IMAGE","description":"Docker image to run [kube-score](https://github.com/zegl/kube-score)","default":"registry.hub.docker.com/zegl/kube-score:latest"},{"name":"K8S_SCORE_EXTRA_OPTS","description":"Additional [kube-score options](https://github.com/zegl/kube-score#configuration)","advanced":true}]},{"id":"review","name":"Review","description":"Dynamic review environments for your topic branches (see GitLab [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/))","variables":[{"name":"K8S_REVIEW_SPACE","description":"Kubernetes namespace for review env","mandatory":true},{"name":"K8S_REVIEW_APP_NAME","description":"The application name for review env (only define to override default)","advanced":true},{"name":"K8S_REVIEW_AUTOSTOP_DURATION","description":"The amount of time before GitLab will automatically stop `review` environments","default":"4 hours"},{"name":"K8S_REVIEW_ENVIRONMENT_URL","type":"url","description":"The review environments url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"K8S_REVIEW_KUBE_CONFIG","description":"Specific kubeconfig for review env (only define if not using exploded parameters and if different from global)","secret":true},{"name":"K8S_REVIEW_URL","type":"url","description":"Kubernetes API url for review env (only define if using exploded kubeconfig parameters and if different from global)","advanced":true},{"name":"K8S_REVIEW_TOKEN","description":"Kubernetes API token for review env (only define if using exploded kubeconfig parameters and if different from global)","secret":true},{"name":"K8S_REVIEW_CA_CERT","description":"Kubernetes cluster server certificate authority for review env (only define if using exploded kubeconfig parameters and if different from global)","secret":true}]},{"id":"integration","name":"Integration","description":"A continuous-integration environment associated to your integration branch (`develop` by default)","variables":[{"name":"K8S_INTEG_SPACE","description":"Kubernetes namespace for integration env","mandatory":true},{"name":"K8S_INTEG_APP_NAME","description":"The application name for integration env (only define to override default)","advanced":true},{"name":"K8S_INTEG_ENVIRONMENT_URL","type":"url","description":"The integration environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"K8S_INTEG_KUBE_CONFIG","description":"Specific kubeconfig for integration env (only define if not using exploded parameters and if different from global)","secret":true},{"name":"K8S_INTEG_URL","type":"url","description":"Kubernetes API url for integration env (only define if using exploded kubeconfig parameters and if different from global)","advanced":true},{"name":"K8S_INTEG_TOKEN","description":"Kubernetes API token for integration env (only define if using exploded kubeconfig parameters and if different from global)","secret":true},{"name":"K8S_INTEG_CA_CERT","description":"Kubernetes cluster server certificate authority for integration env (only define if using exploded kubeconfig parameters and if different from global)","secret":true}]},{"id":"staging","name":"Staging","description":"An iso-prod environment meant for testing and validation purpose on your production branch (`main` or `master` by default)","variables":[{"name":"K8S_STAGING_SPACE","description":"Kubernetes namespace for staging env","mandatory":true},{"name":"K8S_STAGING_APP_NAME","description":"The application name for staging env (only define to override default)","advanced":true},{"name":"K8S_STAGING_ENVIRONMENT_URL","type":"url","description":"The staging environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"K8S_STAGING_KUBE_CONFIG","description":"Specific kubeconfig for staging env (only define if not using exploded parameters and if different from global)","secret":true},{"name":"K8S_STAGING_URL","type":"url","description":"Kubernetes API url for staging env (only define if using exploded kubeconfig parameters and if different from global)","advanced":true},{"name":"K8S_STAGING_TOKEN","description":"Kubernetes API token for staging env (only define if using exploded kubeconfig parameters and if different from global)","secret":true},{"name":"K8S_STAGING_CA_CERT","description":"Kubernetes cluster server certificate authority for staging env (only define if using exploded kubeconfig parameters and if different from global)","secret":true}]},{"id":"prod","name":"Production","description":"The production environment","variables":[{"name":"K8S_PROD_SPACE","description":"Kubernetes namespace for production env","mandatory":true},{"name":"K8S_PROD_APP_NAME","description":"The application name for production env (only define to override default)","advanced":true},{"name":"K8S_PROD_ENVIRONMENT_URL","type":"url","description":"The production environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"K8S_PROD_DEPLOY_STRATEGY","description":"Defines the deployment to production strategy.","type":"enum","values":["manual","auto"],"default":"manual"},{"name":"K8S_PROD_KUBE_CONFIG","description":"Specific kubeconfig for production env (only define if not using exploded parameters and if different from global)","secret":true},{"name":"K8S_PROD_URL","type":"url","description":"Kubernetes API url for production env (only define if using exploded kubeconfig parameters and if different from global)","advanced":true},{"name":"K8S_PROD_TOKEN","description":"Kubernetes API token for production env (only define if using exploded kubeconfig parameters and if different from global)","secret":true},{"name":"K8S_PROD_CA_CERT","description":"Kubernetes cluster server certificate authority for production env (only define if using exploded kubeconfig parameters and if different from global)","secret":true}]}],"variants":[{"id":"vault","name":"Vault","description":"Retrieve secrets from a [Vault](https://www.vaultproject.io/) server","template_path":"templates/gitlab-ci-k8s-vault.yml","variables":[{"name":"TBC_VAULT_IMAGE","description":"The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use","default":"registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest","advanced":true},{"name":"VAULT_BASE_URL","description":"The Vault server base API url"},{"name":"VAULT_OIDC_AUD","description":"The `aud` claim for the JWT","default":"$CI_SERVER_URL"},{"name":"VAULT_ROLE_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID","mandatory":true,"secret":true},{"name":"VAULT_SECRET_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID","mandatory":true,"secret":true}]},{"id":"gcp-auth-provider","name":"Google Cloud","description":"This variant uses [Application Default Credentials][gcp-adc] through the `GOOGLE_APPLICATION_CREDENTIALS` variable using Workload Identity federation.","template_path":"templates/gitlab-ci-k8s-gcp.yml","variables":[{"name":"GCP_OIDC_AUD","description":"The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/))_","default":"$CI_SERVER_URL","advanced":true},{"name":"GCP_OIDC_ACCOUNT","description":"Default Service Account to which impersonate with OpenID Connect authentication"},{"name":"GCP_OIDC_PROVIDER","description":"Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/)"},{"name":"GCP_REVIEW_OIDC_ACCOUNT","description":"Service Account to which impersonate with OpenID Connect authentication on `review` environment","advanced":true},{"name":"GCP_REVIEW_OIDC_PROVIDER","description":"Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `review` environment","advanced":true},{"name":"GCP_INTEG_OIDC_ACCOUNT","description":"Service Account to which impersonate with OpenID Connect authentication on `integration` environment","advanced":true},{"name":"GCP_INTEG_OIDC_PROVIDER","description":"Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `integration` environment","advanced":true},{"name":"GCP_STAGING_OIDC_ACCOUNT","description":"Service Account to which impersonate with OpenID Connect authentication on `staging` environment","advanced":true},{"name":"GCP_STAGING_OIDC_PROVIDER","description":"Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `staging` environment","advanced":true},{"name":"GCP_PROD_OIDC_ACCOUNT","description":"Service Account to which impersonate with OpenID Connect authentication on `production` environment","advanced":true},{"name":"GCP_PROD_OIDC_PROVIDER","description":"Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `production` environment","advanced":true},{"name":"K8S_KUBECTL_IMAGE","description":"The Docker image used to run Kubernetes `kubectl` commands on [GKE](https://cloud.google.com/kubernetes-engine/docs)","default":"gcr.io/google.com/cloudsdktool/cloud-sdk:latest"}]}],"extension_id":null,"project":{"tag":"6.3.0","tags":["6.3.0","6.3","6.2.0","6.2","6.1.4","6.1.3","6.1.2","6.1.1","6.1.0","6.1","6.0.2","6.0.1","6.0.0","6.0","6","5.2.0","5.2","5.1.0","5.1","5.0.0","5.0","5","4.1.0","4.1","4.0.0","4.0","4","3.5.0","3.5","3.4.3","3.4.2","3.4.1","3.4.0","3.4","3.3.3","3.3.2","3.3.1","3.3.0","3.3","3.2.0","3.2","3.1.1","3.1.0","3.1","3.0.0","3.0","3","2.3.2","2.3.1","2.3.0","2.3","2.2.0","2.2","2.1.0","2.0.7","2.0.6","2.0.5","2.0.4","2.0.3","2.0.2","2.0.1","2.0.0","2","1.3.1","1.3.0","1.2.0","1.1.0","1.0.0"],"name":"kubernetes","path":"to-be-continuous/kubernetes","web_url":"https://gitlab.com/to-be-continuous/kubernetes","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26454231/logo.png"}},{"name":"Lighthouse","description":"Continuously analyse your web apps and web pages performances and developer best practices with [Lighthouse CI](https://github.com/GoogleChrome/lighthouse-ci)","template_path":"templates/gitlab-ci-lighthouse.yml","kind":"acceptance","prefix":"lhci","job_prefix":"lighthouse","is_component":true,"variables":[{"name":"LHCI_IMAGE","description":"The Docker image used to run Lighthouse CI (use [browser images](https://github.com/cypress-io/cypress-docker-images/tree/master/browsers) only).","default":"registry.hub.docker.com/cypress/browsers:latest"},{"name":"LHCI_VERSION","description":"Lighthouse CI version to run","default":"latest","advanced":true},{"name":"LHCI_RUN_OPTS","description":"Lighthouse CI [autorun options](https://github.com/GoogleChrome/lighthouse-ci/blob/main/docs/configuration.md#autorun)","default":"--upload.target=filesystem --collect.settings.chromeFlags=\"--no-sandbox\" --collect.url=\"%{environment_url}\"","advanced":true},{"name":"REVIEW_ENABLED","description":"Set to enable Cypress tests on review environments (dynamic environments instantiated on development branches)","type":"boolean"}],"extension_id":null,"project":{"tag":"1.4.0","tags":["1.4.0","1.4","1.3.0","1.3","1.2.1","1.2.0","1.2","1.1.0","1.1","1.0.2","1.0.1","1.0.0","1.0","1"],"name":"lighthouse","path":"to-be-continuous/lighthouse","web_url":"https://gitlab.com/to-be-continuous/lighthouse","avatar":"https://gitlab.com/uploads/-/system/project/avatar/47102540/logo.png"}},{"name":"GNU Make","description":"GitLab CI template for [GNU Make](https://www.gnu.org/software/make/)","template_path":"templates/gitlab-ci-make.yml","kind":"build","prefix":"make","is_component":true,"variables":[{"name":"MAKE_IMAGE","description":"The Docker image used to run GNU Make - **set the image required by your project** (see doc)","default":"registry.hub.docker.com/alpinelinux/build-base"},{"name":"MAKE_BUILD_ARGS","description":"Make [options](https://www.gnu.org/software/make/manual/html_node/Options-Summary.html) and [goals](https://www.gnu.org/software/make/manual/html_node/Goals.html) for the build & test job","default":"all test"},{"name":"MAKE_PROJECT_DIR","description":"Makefile root directory","default":".","advanced":true}],"extension_id":null,"project":{"tag":"1.4.1","tags":["1.4.1","1.4.0","1.4","1.3.0","1.3","1.2.0","1.2","1.1.3","1.1.2","1.1.1","1.1.0","1.1","1.0.0","1.0","1"],"name":"make","path":"to-be-continuous/make","web_url":"https://gitlab.com/to-be-continuous/make","avatar":"https://gitlab.com/uploads/-/system/project/avatar/42537057/logo.png"}},{"name":"Maven","description":"Build, test and analyse your [Maven](https://maven.apache.org/)-based projects","template_path":"templates/gitlab-ci-maven.yml","kind":"build","prefix":"maven","job_prefix":"mvn","is_component":true,"variables":[{"name":"MAVEN_IMAGE","description":"The Docker image used to run Maven - **set the version required by your project**","default":"registry.hub.docker.com/library/maven:latest"},{"name":"MAVEN_PROJECT_DIR","description":"Maven project root directory","default":".","advanced":true},{"name":"MAVEN_CFG_DIR","description":"The Maven configuration directory","default":".m2","advanced":true},{"name":"MAVEN_SETTINGS_FILE","description":"The Maven `settings.xml` file path","default":"$MAVEN_CFG_DIR/settings.xml","advanced":true},{"name":"MAVEN_OPTS","description":"[Global Maven options](http://maven.apache.org/configure.html#maven_opts-environment-variable)","default":"-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=${MAVEN_CFG_DIR}/repository -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true","advanced":true},{"name":"MAVEN_CLI_OPTS","description":"Additional [Maven options](https://maven.apache.org/ref/3-LATEST/maven-embedder/cli.html) used on the command line","default":"--no-transfer-progress --batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true","advanced":true},{"name":"MAVEN_BUILD_ARGS","description":"Maven arguments for the build & test job","default":"org.jacoco:jacoco-maven-plugin:prepare-agent verify org.jacoco:jacoco-maven-plugin:report","advanced":true}],"features":[{"id":"sonar","name":"SONAR","description":"Code quality and security analysis with [SONARQube](https://www.sonarqube.org/)","variables":[{"name":"SONAR_HOST_URL","type":"url","description":"SonarQube server url","mandatory":true},{"name":"SONAR_TOKEN","description":"SonarQube authentication token (see https://docs.sonarsource.com/sonarqube-server/latest/user-guide/managing-tokens/) - depends on your authentication method","secret":true},{"name":"SONAR_LOGIN","description":"SonarQube login (depends on your authentication method)","secret":true},{"name":"SONAR_PASSWORD","description":"SonarQube password (depends on your authentication method)","secret":true},{"name":"SONAR_BASE_ARGS","description":"SonarQube [analysis arguments](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/analysis-parameters/)","default":"sonar:sonar -Dsonar.links.homepage=${CI_PROJECT_URL} -Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines -Dsonar.links.issue=${CI_PROJECT_URL}/-/issues","advanced":true},{"name":"SONAR_QUALITY_GATE_ENABLED","description":"Enables SonarQube [Quality Gate](https://docs.sonarsource.com/sonarqube-server/latest/instance-administration/analysis-functions/quality-gates/) verification.\n\n_Uses `sonar.qualitygate.wait` parameter ([see doc](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/ci-integration/overview/#quality-gate-fails))._","type":"boolean"}]},{"id":"dependency-check","name":"Dependency-Check","description":"[Dependency-Check](https://jeremylong.github.io/DependencyCheck/dependency-check-maven/configuration.html) analysis","disable_with":"MAVEN_DEPENDENCY_CHECK_DISABLED","variables":[{"name":"MAVEN_DEPENDENCY_CHECK_ARGS","description":"Maven arguments for Dependency Check job","default":"org.owasp:dependency-check-maven:aggregate -DretireJsAnalyzerEnabled=false -DassemblyAnalyzerEnabled=false -Dformats=HTML,JSON,XML","advanced":true}]},{"id":"forbid-snapshot-dependencies","name":"Snapshot dependencies verification","description":"This job verifies your project has no _snapshot_ dependencies. Failure is allowed in feature branches.","disable_with":"MVN_FORBID_SNAPSHOT_DEPENDENCIES_DISABLED"},{"id":"sbom","name":"Software Bill of Materials","description":"This job generates a file listing all dependencies using [cyclonedx-maven-plugin](https://github.com/CycloneDX/cyclonedx-maven-plugin)","disable_with":"MAVEN_SBOM_DISABLED","variables":[{"name":"MAVEN_SBOM_GEN_ARGS","description":"Maven command used for SBOM analysis","default":"org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom","advanced":true}]},{"id":"publish","name":"Publish","description":"Publish [Snapshot](https://maven.apache.org/plugins/maven-deploy-plugin/) & [Releases](http://maven.apache.org/maven-release/maven-release-plugin) to a Maven-compliant repository","enable_with":"MAVEN_DEPLOY_ENABLED","variables":[{"name":"MAVEN_DEPLOY_ARGS","description":"Maven arguments for the deploy job","default":"deploy -Dmaven.test.skip=true","advanced":true},{"name":"MAVEN_DEPLOY_FROM_UNPROTECTED_DISABLED","description":"Set to limit snapshot publication to protected branches","type":"boolean","advanced":true},{"name":"MAVEN_DEPLOY_SNAPSHOT_WITH_SLUG_ENABLED","description":"Enable to inject the Git branch slug in SNAPSHOT versions","type":"boolean","advanced":true},{"name":"MAVEN_RELEASE_ARGS","description":"Maven arguments for the release job","default":"release:prepare -DtagNameFormat=@{project.version} -Darguments=-Dmaven.test.skip=true","advanced":true},{"name":"MAVEN_RELEASE_VERSION","description":"Explicit version to use when triggering a release\n\n_Otherwise uses the current snapshot version from `pom.xml`)_","advanced":true},{"name":"MAVEN_RELEASE_SCM_COMMENT_PREFIX","description":"Maven release plugin [scmCommentPrefix](https://maven.apache.org/maven-release/maven-release-plugin/prepare-mojo.html#scmCommentPrefix) parameter","default":"chore(maven-release): ","advanced":true},{"name":"MAVEN_RELEASE_SCM_RELEASE_COMMENT","description":"Maven release plugin [scmReleaseCommitComment](https://maven.apache.org/maven-release/maven-release-plugin/prepare-mojo.html#scmReleaseCommitComment) parameter\n\n(since Maven `3.0.0-M1`)","advanced":true},{"name":"MAVEN_RELEASE_SCM_DEV_COMMENT","description":"Maven release plugin [scmDevelopmentCommitComment](https://maven.apache.org/maven-release/maven-release-plugin/prepare-mojo.html#scmDevelopmentCommitComment) parameter\n\n(since Maven `3.0.0-M1`)","advanced":true},{"name":"MVN_SEMREL_RELEASE_DISABLED","description":"Disable semantic-release integration","advanced":true},{"name":"GIT_USERNAME","description":"Git username (if you wish to release using Git credentials)","secret":true},{"name":"GIT_PASSWORD","description":"Git password (if you wish to release using Git credentials)","secret":true},{"name":"GIT_PRIVATE_KEY","description":"Git private SSH key (if you wish to release using SSH key or GitLab Deploy Key)","secret":true},{"name":"MAVEN_REPOSITORY_USERNAME","description":"Maven repository username (inject in your settings.xml as ${env.MAVEN_REPOSITORY_USERNAME})","secret":true},{"name":"MAVEN_REPOSITORY_PASSWORD","description":"Maven repository password (inject in your settings.xml as ${env.MAVEN_REPOSITORY_PASSWORD})","secret":true}]}],"variants":[{"id":"jib","name":"Jib","description":"Build Docker and OCI images for your Java applications with [Jib](https://github.com/GoogleContainerTools/jib)","template_path":"templates/gitlab-ci-maven-jib.yml","features":[{"id":"mvn-trivy","name":"Maven Trivy","description":"[Trivy](https://aquasecurity.github.io/trivy) vulnerability analysis","disable_with":"MAVEN_TRIVY_DISABLED","variables":[{"name":"MAVEN_TRIVY_IMAGE","description":"The docker image used to scan images with Trivy","default":"registry.hub.docker.com/aquasec/trivy:latest","advanced":true},{"name":"MAVEN_TRIVY_ARGS","description":"Additional [`trivy image` options](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_image/#options)","default":"--ignore-unfixed --vuln-type os","advanced":true}]},{"id":"mvn-sbom","name":"Maven Software Bill of Materials","description":"This job generates a file listing all dependencies using [syft](https://github.com/anchore/syft)","disable_with":"MAVEN_SBOM_DISABLED","variables":[{"name":"MAVEN_SBOM_IMAGE","default":"registry.hub.docker.com/anchore/syft:debug","advanced":true},{"name":"MAVEN_SBOM_OPTS","description":"Options for syft used for SBOM analysis","default":"--override-default-catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger,nix-store-cataloger,java","advanced":true}]}],"variables":[{"name":"MAVEN_JIB_SNAPSHOT_IMAGE","description":"Maven Jib Snapshot image","default":"$CI_REGISTRY_IMAGE/snapshot:$CI_COMMIT_REF_SLUG"},{"name":"MAVEN_JIB_RELEASE_IMAGE","description":"Maven Jib Release image","default":"$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"},{"name":"MAVEN_SKOPEO_IMAGE","description":"The image used to publish images with Skopeo","default":"quay.io/skopeo/stable:latest","advanced":true},{"name":"MAVEN_JIB_BUILD_ARGS","description":"[Jib Maven Plugin arguments](https://github.com/GoogleContainerTools/jib/tree/master/jib-maven-plugin#extended-usage)","default":"-Djib.to.image=$MAVEN_JIB_SNAPSHOT_IMAGE"},{"name":"MAVEN_JIB_PROD_PUBLISH_STRATEGY","description":"Defines the publish to production strategy.","type":"enum","values":["none","manual","auto"],"default":"manual"},{"name":"MAVEN_JIB_PUBLISH_ARGS","description":"Additional [`skopeo copy` arguments](https://github.com/containers/skopeo/blob/master/docs/skopeo-copy.1.md#options)"}]}],"extension_id":null,"project":{"tag":"4.0.1","tags":["4.0.1","4.0.0","4.0","4","3.11.4","3.11.3","3.11.2","3.11.1","3.11.0","3.11","3.10.2","3.10.1","3.10.0","3.10","3.9.2","3.9.1","3.9.0","3.9","3.8.0","3.8","3.7.1","3.7.0","3.7","3.6.2","3.6.1","3.6.0","3.6","3.5.0","3.5","3.4.0","3.4","3.3.1","3.3.0","3.3","3.2.3","3.2.2","3.2.1","3.2.0","3.2","3.1.4","3.1.3","3.1.2","3.1.1","3.1.0","3.1","3.0.0","3.0","3","2.3.0","2.3","2.2.0","2.1.6","2.1.5","2.1.4","2.1.3","2.1.2","2.1.1","2.1.0","2.0.1","2.0.0","2","1.4.2","1.4.1","1.4.0","1.3.0","1.2.0","1.1.2","1.1.1","1.1.0","1.0.0"],"name":"maven","path":"to-be-continuous/maven","web_url":"https://gitlab.com/to-be-continuous/maven","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26454233/logo.png"}},{"name":"MkDocs","description":"Build your static website with [MkDocs](https://www.mkdocs.org/)","template_path":"templates/gitlab-ci-mkdocs.yml","kind":"build","prefix":"mkd","job_prefix":"mkdocs","is_component":true,"variables":[{"name":"MKD_IMAGE","description":"The Docker image used to run MkDocs","default":"docker.io/squidfunk/mkdocs-material:latest"},{"name":"MKD_BUILD_ARGS","description":"Arguments used by the build job","advanced":true},{"name":"MKD_WORKSPACE_DIR","description":"MkDocs sources directory","default":".","advanced":true},{"name":"MKD_SITE_DIR","description":"MkDocs generated site directory (relative to `$MKD_WORKSPACE_DIR`)","default":"site","advanced":true},{"name":"MKD_REQUIREMENTS_FILE","description":"Requirements file. If the file is not found in the repository, requirements are read from the `MKD_REQUIREMENTS` variable","default":"requirements.txt","advanced":true},{"name":"MKD_REQUIREMENTS","description":"Space separated requirements (ignored if a requirement file is found)","default":"mkdocs","advanced":true},{"name":"MKD_PREBUILD_SCRIPT","description":"Pre-build hook script","default":"mkdocs-pre-build.sh","advanced":true},{"name":"PIP_OPTS","description":"pip extra [options](https://pip.pypa.io/en/stable/cli/pip/#general-options)","advanced":true}],"features":[{"id":"lychee","name":"lychee","description":"Checks broken links and emails with [lychee](https://github.com/lycheeverse/lychee)","enable_with":"MKD_LYCHEE_ENABLED","variables":[{"name":"MKD_LYCHEE_IMAGE","description":"The Docker image used to run [lychee](https://github.com/lycheeverse/lychee)","default":"docker.io/lycheeverse/lychee:latest","advanced":true},{"name":"MKD_LYCHEE_ARGS","description":"[lychee arguments](https://github.com/lycheeverse/lychee#commandline-parameters) to execute","default":"docs/"}]}],"variants":[{"id":"pages","name":"GitLab Pages","description":"Adds a job to publish the generated site to GitLab pages","template_path":"templates/gitlab-ci-mkdocs-pages.yml"}],"extension_id":null,"project":{"tag":"2.7.0","tags":["2.7.0","2.7","2.6.1","2.6.0","2.6","2.5.1","2.5.0","2.5","2.4.0","2.4","2.3.1","2.3.0","2.3","2.2.1","2.2.0","2.2","2.1.0","2.1","2.0.1","2.0.0","2.0","2","1.5.0","1.5","1.4.3","1.4.2","1.4.1","1.4.0","1.3.0","1.2.0","1.1.1","1.1.0","1.0.0","1"],"name":"mkdocs","path":"to-be-continuous/mkdocs","web_url":"https://gitlab.com/to-be-continuous/mkdocs","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26450936/logo.png"}},{"name":"MobSF","description":"Perform pen-testing, malware analysis and security assessment for mobile applications with [Mobile Security Framework](https://github.com/MobSF/Mobile-Security-Framework-MobSF) (MobSF)","template_path":"templates/gitlab-ci-mobsf.yml","kind":"analyse","prefix":"mobsf","is_component":true,"variables":[{"name":"MOBSF_CLIENT_IMAGE","description":"The Docker image used to send requests to the MobSF server","default":"registry.hub.docker.com/badouralix/curl-jq"},{"name":"MOBSF_SERVER_URL","description":"URL of MobSF server","mandatory":false},{"name":"MOBSF_API_KEY","description":"API key of the MobSF server","secret":true},{"name":"MOBSF_APP_FILE","description":"Application package file (APK or IPA)","mandatory":true}],"extension_id":null,"project":{"tag":"2.3.1","tags":["2.3.1","2.3.0","2.3","2.2.0","2.2","2.1.3","2.1.2","2.1.1","2.1.0","2.1","2.0.2","2.0.1","2.0.0","2.0","2","1.2.0","1.2","1.1.0","1.0.1","1.0.0","1"],"name":"mobsf","path":"to-be-continuous/mobsf","web_url":"https://gitlab.com/to-be-continuous/mobsf","avatar":"https://gitlab.com/uploads/-/system/project/avatar/29247375/logo.png"}},{"name":"Node.js","description":"Build, test and analyse your JavaScript/TypeScript/[Node.js](https://nodejs.org/) projects","template_path":"templates/gitlab-ci-node.yml","kind":"build","prefix":"node","is_component":true,"variables":[{"name":"NODE_CONFIG_REGISTRY","description":"npm [registry](https://docs.npmjs.com/cli/v8/using-npm/registry) ","type":"url","advanced":true},{"name":"NODE_IMAGE","description":"The Docker image used to run Node.js - **set the version required by your project**","default":"registry.hub.docker.com/library/node:lts-alpine"},{"name":"NODE_MANAGER","description":"The package manager used by your project (npm, yarn or pnpm) - **if undefined, automatic detection**","default":"auto","type":"enum","values":["auto","npm","yarn","pnpm"],"advanced":true},{"name":"NODE_PROJECT_DIR","description":"Node project root directory","default":".","advanced":true},{"name":"NODE_SOURCE_DIR","description":"Sources directory","default":"src","advanced":true},{"name":"NODE_CONFIG_SCOPED_REGISTRIES","description":"Space separated list of NPM [scoped registries](https://docs.npmjs.com/cli/v8/using-npm/scope#associating-a-scope-with-a-registry) (formatted as `@somescope:https://some.npm.registry/some/repo @anotherscope:https://another.npm.registry/another/repo`)","advanced":true},{"name":"NODE_BUILD_DISABLED","description":"Set to true to disable build","default":"false","type":"boolean","advanced":true},{"name":"NODE_BUILD_ARGS","description":"npm [run script](https://docs.npmjs.com/cli/v8/commands/npm-run-script) arguments - yarn [run script](https://classic.yarnpkg.com/en/docs/cli/run) arguments - pnpm [run script](https://pnpm.io/cli/run) arguments\n\n⚠ default value should be overridden for `pnpm` as `--prod` is not a valid option","default":"run build --prod","advanced":true},{"name":"NODE_BUILD_DIR","description":"Variable to define build directory","default":"dist","advanced":true},{"name":"NODE_TEST_ARGS","description":"npm [test](https://docs.npmjs.com/cli/v8/commands/npm-test) arguments - yarn [test](https://classic.yarnpkg.com/en/docs/cli/test) arguments - pnpm [test](https://pnpm.io/cli/test) arguments","default":"test -- --coverage","advanced":true},{"name":"NODE_INSTALL_EXTRA_OPTS","description":"Extra options to install project dependencies (either [`npm ci`](https://docs.npmjs.com/cli/ci.html/), [`yarn install`](https://yarnpkg.com/cli/install) or [`pnpm install`](https://pnpm.io/cli/install))","advanced":true}],"features":[{"id":"node-lint","name":"node lint","description":"code analysis with [ESLint](https://eslint.org/)","enable_with":"NODE_LINT_ENABLED","variables":[{"name":"NODE_LINT_ARGS","description":"npm [run script](https://docs.npmjs.com/cli/v8/commands/npm-run-script) arguments to execute the lint analysis - yarn [run script](https://classic.yarnpkg.com/en/docs/cli/run) arguments to execute the lint analysis - pnpm [run script](https://pnpm.io/cli/run) arguments to execute the lint analysis","default":"run lint","advanced":true}]},{"id":"node-audit","name":"node audit","description":"node audit analysis","disable_with":"NODE_AUDIT_DISABLED","variables":[{"name":"NODE_AUDIT_ARGS","description":"npm [audit](https://docs.npmjs.com/cli/v8/commands/npm-audit) arguments - yarn [audit](https://classic.yarnpkg.com/en/docs/cli/audit) arguments - [pnpm audit](https://pnpm.io/cli/audit) arguments","default":"--audit-level=low"}]},{"id":"node-outdated","name":"node outdated","description":"node outdated analysis","disable_with":"NODE_OUTDATED_DISABLED","variables":[{"name":"NODE_OUTDATED_ARGS","description":"npm [outdated](https://docs.npmjs.com/cli/v8/commands/npm-outdated) arguments - yarn [outdated](https://classic.yarnpkg.com/lang/en/docs/cli/outdated/) arguments - pnpm [outdated](https://pnpm.io/cli/outdated) arguments","default":"--long"}]},{"id":"node-semgrep","name":"Semgrep","description":"[Semgrep](https://semgrep.dev/docs/) analysis","disable_with":"NODE_SEMGREP_DISABLED","variables":[{"name":"NODE_SEMGREP_IMAGE","description":"The Docker image used to run [Semgrep](https://semgrep.dev/docs/)","default":"registry.hub.docker.com/semgrep/semgrep:latest"},{"name":"NODE_SEMGREP_ARGS","description":"Semgrep [scan options](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options)","default":"--metrics off --disable-version-check --no-suppress-errors"},{"name":"NODE_SEMGREP_RULES","description":"Space-separated list of [Semgrep rules](https://semgrep.dev/docs/running-rules).\n\nCan be both local YAML files or remote rules from the [Semgrep Registry](https://semgrep.dev/explore) (denoted by the `p/` prefix).","default":"p/javascript p/eslint p/gitlab-eslint"},{"name":"NODE_SEMGREP_REGISTRY_BASE_URL","description":"The Semgrep Registry base URL that is used to download the rules. No trailing slash.","default":"https://semgrep.dev/c"},{"name":"NODE_SEMGREP_DOWNLOAD_RULES_ENABLED","description":"Download Semgrep remote rules","type":"boolean","default":"true"}]},{"id":"sbom","name":"Software Bill of Materials","description":"This job generates a file listing all dependencies using [@cyclonedx/cyclonedx-npm](https://www.npmjs.com/package/@cyclonedx/cyclonedx-npm)","disable_with":"NODE_SBOM_DISABLED","variables":[{"name":"NODE_SBOM_VERSION","description":"Version of the @cyclonedx/cyclonedx-npm used for SBOM analysis","advanced":true},{"name":"NODE_SBOM_OPTS","description":"Options for @cyclonedx/cyclonedx-npm used for SBOM analysis","default":"--omit dev","advanced":true}]},{"id":"publish","name":"Publish","description":"[publishes](https://docs.npmjs.com/cli/v8/commands/npm-publish) the project package to a npm registry","enable_with":"NODE_PUBLISH_ENABLED","variables":[{"name":"NODE_PUBLISH_ARGS","description":"npm [publish](https://docs.npmjs.com/cli/v8/commands/npm-publish) extra arguments - yarn [publish](https://classic.yarnpkg.com/lang/en/docs/cli/publish/) extra arguments - pnpm [publish](https://pnpm.io/cli/publish) extra arguments","advanced":true},{"name":"NODE_PUBLISH_TOKEN","description":"npm publication registry authentication token","secret":true}]}],"variants":[{"id":"vault","name":"Vault","description":"Retrieve secrets from a [Vault](https://www.vaultproject.io/) server","template_path":"templates/gitlab-ci-node-vault.yml","variables":[{"name":"TBC_VAULT_IMAGE","description":"The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use","default":"registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest","advanced":true},{"name":"VAULT_BASE_URL","description":"The Vault server base API url","mandatory":true},{"name":"VAULT_OIDC_AUD","description":"The `aud` claim for the JWT","default":"$CI_SERVER_URL"},{"name":"VAULT_ROLE_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID","mandatory":true,"secret":true},{"name":"VAULT_SECRET_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID","mandatory":true,"secret":true}]}],"extension_id":null,"project":{"tag":"4.1.1","tags":["4.1.1","4.1.0","4.1","4.0.3","4.0.2","4.0.1","4.0.0","4.0","4","3.15.2","3.15.1","3.15.0","3.15","3.14.0","3.14","3.13.0","3.13","3.12.3","3.12.2","3.12.1","3.12.0","3.12","3.11.1","3.11.0","3.11","3.10.1","3.10.0","3.10","3.9.0","3.9","3.8.0","3.8","3.7.1","3.7.0","3.7","3.6.0","3.6","3.5.3","3.5.2","3.5.1","3.5.0","3.5","3.4.2","3.4.1","3.4.0","3.4","3.3.0","3.3","3.2.1","3.2.0","3.2","3.1.0","3.1","3.0.1","3.0.0","3.0","3","2.4.0","2.4","2.3.0","2.3","2.2.0","2.1.0","2.0.2","2.0.1","2.0.0","2","1.2.0","1.1.1","1.1.0","1.0.0"],"name":"node","path":"to-be-continuous/node","web_url":"https://gitlab.com/to-be-continuous/node","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26454237/logo.png"}},{"name":"OpenShift","description":"Deploy your application to an [OpenShift](https://www.openshift.com/) platform","template_path":"templates/gitlab-ci-openshift.yml","kind":"hosting","prefix":"os","is_component":true,"variables":[{"name":"OS_CLI_IMAGE","description":"the Docker image used to run OpenShift Client (OC) CLI commands - **set the version required by your OpenShift server**","default":"quay.io/openshift/origin-cli:latest"},{"name":"OS_URL","type":"url","description":"Global OpenShift API url","mandatory":true},{"name":"OS_TOKEN","description":"Global OpenShift API token","secret":true,"mandatory":true},{"name":"OS_BASE_APP_NAME","description":"Base application name","default":"$CI_PROJECT_NAME","advanced":true},{"name":"OS_BASE_TEMPLATE_NAME","description":"Base OpenShift template name","default":"openshift","advanced":true},{"name":"OS_ENVIRONMENT_URL","type":"url","description":"The default environments url _(only define for static environment URLs declaration)_\n\n_supports late variable expansion (ex: `https://%{environment_name}.openshift.acme.com`)_"},{"name":"OS_SCRIPTS_DIR","description":"directory where OpenShift scripts (templates, hook scripts) are located","default":".","advanced":true},{"name":"OS_APP_LABEL","description":"The OpenShift [label](https://docs.openshift.com/container-platform/3.11/dev_guide/templates.html#writing-labels) set with the `$environment_name` dynamic variable.","default":"app","advanced":true},{"name":"OS_ENV_LABEL","description":"The OpenShift [label](https://docs.openshift.com/container-platform/3.11/dev_guide/templates.html#writing-labels) set with the `$environment_type` dynamic variable.","default":"env","advanced":true}],"features":[{"id":"review","name":"Review","description":"Dynamic review environments for your topic branches (see GitLab [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/))","variables":[{"name":"OS_REVIEW_PROJECT","description":"OpenShift project for review env","mandatory":true},{"name":"OS_REVIEW_APP_NAME","description":"The application name for review env (only define to override default)","advanced":true},{"name":"OS_REVIEW_AUTOSTOP_DURATION","description":"The amount of time before GitLab will automatically stop `review` environments","default":"4 hours"},{"name":"OS_REVIEW_ENVIRONMENT_URL","type":"url","description":"The review environments url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"OS_REVIEW_URL","type":"url","description":"OpenShift API url for review env (only define to override default)","advanced":true},{"name":"OS_REVIEW_TOKEN","description":"OpenShift API token for review env (only define to override default)","secret":true},{"name":"CLEANUP_ALL_REVIEW","description":"Enables a **manual** job to cleanup all review envs at once.\n\nYou may also use it to [schedule](https://docs.gitlab.com/ee/ci/pipelines/schedules.html) cloud resources cleanup. See documentation.","type":"boolean"}]},{"id":"integration","name":"Integration","description":"A continuous-integration environment associated to your integration branch (`develop` by default)","variables":[{"name":"OS_INTEG_PROJECT","description":"OpenShift project for integration env","mandatory":true},{"name":"OS_INTEG_APP_NAME","description":"The application name for integration env (only define to override default)","advanced":true},{"name":"OS_INTEG_ENVIRONMENT_URL","type":"url","description":"The integration environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"OS_INTEG_URL","type":"url","description":"OpenShift API url for integration env (only define to override default)","advanced":true},{"name":"OS_INTEG_TOKEN","description":"OpenShift API token for integration env (only define to override default)","secret":true}]},{"id":"staging","name":"Staging","description":"An iso-prod environment meant for testing and validation purpose on your production branch (`main` or `master` by default)","variables":[{"name":"OS_STAGING_PROJECT","description":"OpenShift project for staging env","mandatory":true},{"name":"OS_STAGING_APP_NAME","description":"The application name for staging env (only define to override default)","advanced":true},{"name":"OS_STAGING_ENVIRONMENT_URL","type":"url","description":"The staging environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"OS_STAGING_URL","type":"url","description":"OpenShift API url for staging env (only define to override default)","advanced":true},{"name":"OS_STAGING_TOKEN","description":"OpenShift API token for staging env (only define to override default)","secret":true}]},{"id":"prod","name":"Production","description":"The production environment","variables":[{"name":"OS_PROD_PROJECT","description":"OpenShift project for production env","mandatory":true},{"name":"OS_PROD_APP_NAME","description":"The application name for production env (only define to override default)","advanced":true},{"name":"OS_PROD_ENVIRONMENT_URL","type":"url","description":"The production environment url _(only define for static environment URLs declaration and if different from default)_","advanced":true},{"name":"OS_PROD_DEPLOY_STRATEGY","description":"Defines the deployment to production strategy.","type":"enum","values":["manual","auto"],"default":"manual"},{"name":"OS_PROD_URL","type":"url","description":"OpenShift API url for production env (only define to override default)","advanced":true},{"name":"OS_PROD_TOKEN","description":"OpenShift API token for production env (only define to override default)","secret":true}]}],"variants":[{"id":"vault","name":"Vault","description":"Retrieve secrets from a [Vault](https://www.vaultproject.io/) server","template_path":"templates/gitlab-ci-openshift-vault.yml","variables":[{"name":"TBC_VAULT_IMAGE","description":"The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use","default":"registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest","advanced":true},{"name":"VAULT_BASE_URL","description":"The Vault server base API url"},{"name":"VAULT_OIDC_AUD","description":"The `aud` claim for the JWT","default":"$CI_SERVER_URL"},{"name":"VAULT_ROLE_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID","mandatory":true,"secret":true},{"name":"VAULT_SECRET_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID","mandatory":true,"secret":true}]}],"extension_id":null,"project":{"tag":"5.2.3","tags":["5.2.3","5.2.2","5.2.1","5.2.0","5.2","5.1.0","5.1","5.0.1","5.0.0","5.0","5","4.1.0","4.1","4.0.0","4.0","4","3.1.0","3.1","3.0.0","3.0","3","2.2.5","2.2.4","2.2.3","2.2.2","2.2.1","2.2.0","2.2","2.1.0","2.1","2.0.0","2.0","2","1.4.0","1.4","1.3.0","1.3","1.2.7","1.2.6","1.2.5","1.2.4","1.2.3","1.2.2","1.2.1","1.2.0","1.1.0","1.0.0","1"],"name":"openshift","path":"to-be-continuous/openshift","web_url":"https://gitlab.com/to-be-continuous/openshift","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26454239/logo.png"}},{"name":"PHP","description":"Build, test and analyse your [PHP](https://www.php.net/) projects","template_path":"templates/gitlab-ci-php.yml","kind":"build","prefix":"php","is_component":true,"variables":[{"name":"PHP_IMAGE","description":"The Docker image used to run PHP - **set the version required by your project**","default":"registry.hub.docker.com/library/php:latest"},{"name":"PHP_PROJECT_DIR","description":"The PHP project root directory","default":".","advanced":true}],"features":[{"id":"phpunit","name":"PHPUnit","description":"[PHPUnit](https://docs.phpunit.de/) tests\n\nAutomatically enabled if a PHPUnit [XML configuration file](https://docs.phpunit.de/en/11.5/configuration.html#appendixes-configuration) is found in the project (`phpunit.xml`)","disable_with":"PHP_UNIT_DISABLED","variables":[{"name":"PHP_UNIT_ARGS","description":"Additional PHPUnit [options](https://docs.phpunit.de/en/11.5/textui.html#command-line-options)","advanced":true}]},{"id":"codesniffer","name":"PHP_CodeSniffer","description":"[PHP_CodeSniffer](https://github.com/squizlabs/PHP_CodeSniffer) analysis","disable_with":"PHP_CODESNIFFER_DISABLED","variables":[{"name":"PHP_CODESNIFFER_ARGS","description":"PHP_CodeSniffer [options](https://github.com/squizlabs/PHP_CodeSniffer/wiki/Configuration-Options)\n\nEither use this variable or use an [XML configuration file](https://github.com/squizlabs/PHP_CodeSniffer/wiki/Advanced-Usage#using-a-default-configuration-file) in your project.","advanced":true}]},{"id":"sbom","name":"Software Bill of Materials","description":"This job generates a file listing all dependencies using [@cyclonedx/cyclonedx-php](https://github.com/CycloneDX/cyclonedx-php-composer)","disable_with":"PHP_SBOM_DISABLED","variables":[{"name":"PHP_SBOM_VERSION","description":"Version of the cyclonedx-php-composer used for SBOM analysis","advanced":true},{"name":"PHP_SBOM_OPTS","description":"[`cyclonedx/cyclonedx-php` options](https://github.com/CycloneDX/cyclonedx-php-composer#usage) used for SBOM analysis","advanced":true}]},{"id":"outdated","name":"composer outdated","description":"Shows the list of installed packages that have updates available (uses [`composer outdated`](https://getcomposer.org/doc/03-cli.md#outdated))","variables":[{"name":"PHP_OUTDATED_OPTS","description":"[`composer outdated` options](https://getcomposer.org/doc/03-cli.md#outdated)","default":"--direct","advanced":true}]},{"id":"audit","name":"composer audit","description":" Scan your dependencies for vulnerabilities with [`composer audit`](https://getcomposer.org/doc/03-cli.md#audit)","disable_with":"PHP_COMPOSER_AUDIT_DISABLED","variables":[{"name":"PHP_COMPOSER_AUDIT_OPTS","description":"[`composer audit` options](https://getcomposer.org/doc/03-cli.md#audit)","default":"--locked","advanced":true}]}],"extension_id":null,"project":{"tag":"4.8.0","tags":["4.8.0","4.8","4.7.1","4.7.0","4.7","4.6.0","4.6","4.5.0","4.5","4.4.2","4.4.1","4.4.0","4.4","4.3.0","4.3","4.2.2","4.2.1","4.2.0","4.2","4.1.0","4.1","4.0.0","4.0","4","3.0.0","3.0","3","2.1.0","2.1","2.0.1","2.0.0","2","1.2.1","1.2.0","1.1.1","1.1.0","1.0.0"],"name":"php","path":"to-be-continuous/php","web_url":"https://gitlab.com/to-be-continuous/php","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26454241/logo.png"}},{"name":"Playwright","description":"Run your automated tests with [Playwright](https://playwright.dev/docs/intro)","template_path":"templates/gitlab-ci-playwright.yml","kind":"acceptance","prefix":"playwright","is_component":true,"variables":[{"name":"PLAYWRIGHT_IMAGE","description":"The Docker image used to run Playwright","default":"mcr.microsoft.com/playwright:latest"},{"name":"PLAYWRIGHT_PROJECT_DIR","description":"The Playwright root project directory (contains the `playwright.config.ts` file)","default":"."},{"name":"PLAYWRIGHT_EXTRA_ARGS","description":"Playwright extra [run options](https://playwright.dev/docs/test-cli)","advanced":true},{"name":"REVIEW_ENABLED","description":"Set to enable Playwright tests on review environments (dynamic environments instantiated on development branches)","type":"boolean"},{"name":"NODE_INSTALL_EXTRA_OPTS","description":"Extra [`npm ci`](https://docs.npmjs.com/cli/ci.html/) options to install project dependencies","type":"text"}],"extension_id":null,"project":{"tag":"1.4.0","tags":["1.4.0","1.4","1.3.1","1.3.0","1.3","1.2.0","1.2","1.1.0","1.1","1.0.0","1.0","1"],"name":"playwright","path":"to-be-continuous/playwright","web_url":"https://gitlab.com/to-be-continuous/playwright","avatar":"https://gitlab.com/uploads/-/system/project/avatar/51928175/logo.png"}},{"name":"Postman","description":"Run your automated (API) tests with [Postman](https://www.postman.com/automated-testing)","template_path":"templates/gitlab-ci-postman.yml","kind":"acceptance","prefix":"postman","is_component":true,"variables":[{"name":"POSTMAN_IMAGE","description":"The Docker image used to run Postman CLI.","default":"registry.hub.docker.com/postman/newman:latest"},{"name":"POSTMAN_COLLECTIONS","description":"The matcher to select Postman collection file(s) to run.","default":"postman/*collection.json"},{"name":"POSTMAN_EXTRA_ARGS","description":"Newman extra [run options](https://github.com/postmanlabs/newman#command-line-options) (to use global variables, an environment or a data source for e.g.)","advanced":true},{"name":"REVIEW_ENABLED","description":"Set to enable Postman tests on review environments (dynamic environments instantiated on development branches)","type":"boolean"}],"extension_id":null,"project":{"tag":"3.6.0","tags":["3.6.0","3.6","3.5.0","3.5","3.4.1","3.4.0","3.4","3.3.0","3.3","3.2.1","3.2.0","3.2","3.1.1","3.1.0","3.1","3.0.0","3.0","3","2.1.0","2.1","2.0.2","2.0.1","2.0.0","2","1.2.0","1.1.0","1.0.0"],"name":"postman","path":"to-be-continuous/postman","web_url":"https://gitlab.com/to-be-continuous/postman","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26454247/logo.png"}},{"name":"pre-commit","description":"Test your [pre-commit](https://pre-commit.com/) hooks in CI","template_path":"templates/gitlab-ci-pre-commit.yml","kind":"build","prefix":"pre-commit","is_component":true,"variables":[{"name":"PRE_COMMIT_IMAGE","description":"The Docker image used to run `pre-commit`\n\n:information_source: You may build your own pre-configured image to speed-up things and prevent the tool and plugins from being pip-installed (see documentation).","default":"registry.hub.docker.com/library/python:3-alpine"}],"features":[{"id":"pre-commit-run","name":"pre-commit run","description":"[pre-commit](https://pre-commit.com/) analysis","disable_with":"PRE_COMMIT_DISABLED","variables":[{"name":"PRE_COMMIT_ARGS","description":"Additionnal arguments for the `pre-commit run` command","advanced":true},{"name":"PRE_COMMIT_SKIP","description":"pre-commit `SKIP` environment variable that allows to disable some hooks (see https://pre-commit.com/#temporarily-disabling-hooks)","default":"no-commit-to-branch","advanced":true},{"name":"PRE_COMMIT_FILE","description":"pre-commit config file to use for the `pre-commit run` command","default":".pre-commit-ci.yaml","advanced":true}]}],"extension_id":null,"project":{"tag":"1.1.1","tags":["1.1.1","1.1.0","1.1","1.0.2","1.0.1","1.0.0","1.0","1"],"name":"pre-commit","path":"to-be-continuous/pre-commit","web_url":"https://gitlab.com/to-be-continuous/pre-commit","avatar":"https://gitlab.com/uploads/-/system/project/avatar/56753211/logo.png"}},{"name":"Puppeteer","description":"Run your automated (web) tests with [Puppeteer](https://pptr.dev/)","template_path":"templates/gitlab-ci-puppeteer.yml","kind":"acceptance","prefix":"puppeteer","is_component":true,"variables":[{"name":"PUPPETEER_IMAGE","description":"The Docker image used to run [Puppeteer](https://hub.docker.com/r/ghcr.io/puppeteer/puppeteer)","default":"ghcr.io/puppeteer/puppeteer:latest"},{"name":"PUPPETEER_PROJECT_DIR","description":"The Puppeteer project directory (containing `package.json`)","default":"."},{"name":"PUPPETEER_TEST_EXTRA_ARGS","description":"Testing framework extra options based on [Jest](https://jestjs.io/docs/en/cli)","advanced":true},{"name":"REVIEW_ENABLED","description":"Set to enable Puppeteer tests on review environments (dynamic environments instantiated on development branches)","type":"boolean"}],"extension_id":null,"project":{"tag":"3.6.0","tags":["3.6.0","3.6","3.5.0","3.5","3.4.1","3.4.0","3.4","3.3.0","3.3","3.2.1","3.2.0","3.2","3.1.0","3.1","3.0.0","3.0","3","2.1.0","2.1","2.0.1","2.0.0","2","1.2.0","1.1.0","1.0.0"],"name":"puppeteer","path":"to-be-continuous/puppeteer","web_url":"https://gitlab.com/to-be-continuous/puppeteer","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26454250/logo.png"}},{"name":"Python","description":"Build, test and analyse your [Python](https://www.python.org/) projects","template_path":"templates/gitlab-ci-python.yml","kind":"build","prefix":"python","job_prefix":"py","is_component":true,"variables":[{"name":"PYTHON_IMAGE","description":"The Docker image used to run Python - **set the version required by your project**","default":"registry.hub.docker.com/library/python:3-slim"},{"name":"PYTHON_PROJECT_DIR","description":"Python project root directory","default":"."},{"name":"PYTHON_BUILD_SYSTEM","description":"Python build-system to use to install dependencies, build and package the project","type":"enum","values":["auto","setuptools","poetry","pipenv","reqfile","uv"],"default":"auto","advanced":true},{"name":"PYTHON_REQS_FILE","description":"Main requirements file _(relative to `$PYTHON_PROJECT_DIR`)_\n\nFor [Requirements Files](https://pip.pypa.io/en/stable/user_guide/#requirements-files) build-system only","default":"requirements.txt","advanced":true},{"name":"PYTHON_EXTRA_REQS_FILES","description":"Extra dev requirements file(s) to install _(relative to `$PYTHON_PROJECT_DIR`)_\n\nFor [Requirements Files](https://pip.pypa.io/en/stable/user_guide/#requirements-files) build-system only","default":"requirements-dev.txt","advanced":true},{"name":"PYTHON_COMPILE_ARGS","description":"[`compileall` CLI options](https://docs.python.org/3/library/compileall.html)","default":"*","advanced":true},{"name":"PIP_OPTS","description":"pip extra [options](https://pip.pypa.io/en/stable/cli/pip/#general-options)","advanced":true},{"name":"PYTHON_EXTRA_DEPS","description":"Extra sets of dependencies to install\n\nFor [Setuptools](https://setuptools.pypa.io/en/latest/userguide/dependency_management.html?highlight=extras#optional-dependencies) or [Poetry](https://python-poetry.org/docs/pyproject/#extras) only"}],"features":[{"id":"package","name":"package","description":"This job allows building your Python project [distribution packages](https://packaging.python.org/en/latest/glossary/#term-Distribution-Package).","enable_with":"PYTHON_PACKAGE_ENABLED"},{"id":"pylint","name":"pylint","description":"Code analysis based on [pylint](http://pylint.pycqa.org/en/latest/) Python lib.","enable_with":"PYLINT_ENABLED","variables":[{"name":"PYLINT_ARGS","description":"Additional [pylint CLI options](http://pylint.pycqa.org/en/latest/user_guide/run.html#command-line-options)","advanced":true},{"name":"PYLINT_FILES","description":"Files or directories to analyse","advanced":true}]},{"id":"unittest","name":"unittest","description":"Unit tests based on [unittest](https://docs.python.org/3/library/unittest.html) framework","enable_with":"UNITTEST_ENABLED","variables":[{"name":"UNITTEST_ARGS","description":"Additional xmlrunner/unittest CLI options","advanced":true}]},{"id":"pytest","name":"pytest","description":"Unit tests based on [pytest](https://docs.pytest.org/) framework","enable_with":"PYTEST_ENABLED","variables":[{"name":"PYTEST_ARGS","description":"Additional [pytest](https://docs.pytest.org/en/stable/usage.html) or [pytest-cov](https://github.com/pytest-dev/pytest-cov#usage) CLI options","advanced":true}]},{"id":"nose","name":"nose","description":"Unit tests based on [nose](https://nose.readthedocs.io/) framework","enable_with":"NOSETESTS_ENABLED","variables":[{"name":"NOSETESTS_ARGS","description":"Additional [nose CLI options](https://nose.readthedocs.io/en/latest/usage.html#options)","advanced":true}]},{"id":"bandit","name":"Bandit","description":"[Bandit](https://pypi.org/project/bandit/) analysis (SAST)","enable_with":"BANDIT_ENABLED","variables":[{"name":"BANDIT_ARGS","description":"Additional [Bandit CLI options](https://github.com/PyCQA/bandit#usage)","default":"--recursive .","advanced":true}]},{"id":"trivy","name":"Trivy","description":"Detect security vulnerabilities with [Trivy](https://aquasecurity.github.io/trivy) (dependencies analysis)","disable_with":"PYTHON_TRIVY_DISABLED","variables":[{"name":"PYTHON_TRIVY_DIST_URL","description":"Url to the `tar.gz` package for `linux_amd64` of Trivy to use\n\n_When unset, the latest version will be used_","advanced":true},{"name":"PYTHON_TRIVY_ARGS","description":"Additional [Trivy CLI options](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_filesystem/)","default":"--ignore-unfixed --pkg-types library --detection-priority comprehensive","advanced":true}]},{"id":"sbom","name":"Software Bill of Materials","description":"This job generates a file listing all dependencies using [syft](https://github.com/anchore/syft)","disable_with":"PYTHON_SBOM_DISABLED","variables":[{"name":"PYTHON_SBOM_SYFT_URL","description":"Url to the `tar.gz` package for `linux_amd64` of Syft to use\n\n_When unset, the latest version will be used_","advanced":true},{"name":"PYTHON_SBOM_NAME","description":"Component name of the emitted SBOM","default":"$CI_PROJECT_PATH/$PYTHON_PROJECT_DIR","advanced":true},{"name":"PYTHON_SBOM_OPTS","description":"Options for syft used for SBOM analysis","default":"--override-default-catalogers python-package-cataloger","advanced":true}]},{"id":"release","name":"Release","description":"Manually trigger a release of your code (uses [bumpversion](https://pypi.org/project/bumpversion/))","enable_with":"PYTHON_RELEASE_ENABLED","variables":[{"name":"PYTHON_RELEASE_NEXT","type":"enum","values":["","major","minor","patch"],"description":"The part of the version to increase (one of: `major`, `minor`, `patch`)","default":"minor","advanced":true},{"name":"PYTHON_SEMREL_RELEASE_DISABLED","description":"Disable semantic-release integration","type":"boolean","advanced":true},{"name":"PYTHON_RELEASE_COMMIT_MESSAGE","description":"The Git commit message to use on the release commit. This is templated using the [Python Format String Syntax](http://docs.python.org/2/library/string.html#format-string-syntax). Available in the template context are current_version and new_version.","default":"chore(python-release): {current_version} → {new_version}","advanced":true},{"name":"GIT_USERNAME","description":"Git username for Git push operations","secret":true},{"name":"GIT_PASSWORD","description":"Git password for Git push operations","secret":true},{"name":"GIT_PRIVATE_KEY","description":"SSH key for Git push operations","secret":true},{"name":"PYTHON_REPOSITORY_URL","type":"url","description":"Target PyPI repository to publish packages.\n\n_defaults to [GitLab project's packages repository](https://docs.gitlab.com/ee/user/packages/pypi_repository/)_","default":"${CI_SERVER_URL}/api/v4/projects/${CI_PROJECT_ID}/packages/pypi"},{"name":"PYTHON_REPOSITORY_USERNAME","description":"Target PyPI repository username credential","secret":true,"default":"gitlab-ci-token"},{"name":"PYTHON_REPOSITORY_PASSWORD","description":"Target PyPI repository password credential","secret":true,"default":"$CI_JOB_TOKEN"}]},{"id":"black","name":"black","description":"Code formatting based on [black](https://black.readthedocs.io)","enable_with":"PYTHON_BLACK_ENABLED"},{"id":"isort","name":"isort","description":"Check imports order with [isort](https://pycqa.github.io/isort)","enable_with":"PYTHON_ISORT_ENABLED"},{"id":"ruff","name":"Ruff","description":"An extremely fast Python linter and code formatter, written in Rust. [Ruff](https://docs.astral.sh/ruff/)","enable_with":"RUFF_ENABLED","variables":[{"name":"RUFF_ARGS","description":"Additional [Ruff Linter CLI options](https://docs.astral.sh/ruff/configuration/#full-command-line-interface)","advanced":true}]},{"id":"ruff-format","name":"Ruff Format","description":"An extremely fast Python linter and code formatter, written in Rust. [Ruff](https://docs.astral.sh/ruff/)","enable_with":"RUFF_FORMAT_ENABLED","variables":[]},{"id":"mypy","name":"mypy","description":"Code analysis based on [mypy](https://mypy.readthedocs.io/).","enable_with":"MYPY_ENABLED","variables":[{"name":"MYPY_ARGS","description":"Additional [mypy CLI options](https://mypy.readthedocs.io/en/stable/command_line.html)","advanced":true},{"name":"MYPY_FILES","description":"Files or directories to analyse","advanced":true}]}],"variants":[{"id":"vault","name":"Vault","description":"Retrieve secrets from a [Vault](https://www.vaultproject.io/) server","template_path":"templates/gitlab-ci-python-vault.yml","variables":[{"name":"TBC_VAULT_IMAGE","description":"The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use","default":"registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest","advanced":true},{"name":"VAULT_BASE_URL","description":"The Vault server base API url","mandatory":true},{"name":"VAULT_OIDC_AUD","description":"The `aud` claim for the JWT","default":"$CI_SERVER_URL"},{"name":"VAULT_ROLE_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID","mandatory":true,"secret":true},{"name":"VAULT_SECRET_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID","mandatory":true,"secret":true}]},{"id":"gcp-auth-provider","name":"Google Cloud","description":"Retrieves an [ADC](https://cloud.google.com/docs/authentication/application-default-credentials) for Python Google Client","template_path":"templates/gitlab-ci-python-gcp.yml","variables":[{"name":"GCP_OIDC_AUD","description":"The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/))_","default":"$CI_SERVER_URL","advanced":true},{"name":"GCP_OIDC_ACCOUNT","description":"Default Service Account to which impersonate with OpenID Connect authentication"},{"name":"GCP_OIDC_PROVIDER","description":"Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/)"}]},{"id":"aws-codeartifact","name":"AWS CodeArtifact","description":"Retrieves AWS CodeArtifact credentials","template_path":"templates/gitlab-ci-python-aws-codeartifact.yml","variables":[{"name":"TBC_AWS_PROVIDER_IMAGE","description":"The [AWS Auth Provider](https://gitlab.com/to-be-continuous/tools/aws-auth-provider) image to use","default":"registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:latest","advanced":true},{"name":"AWS_REGION","description":"Default region (where the codeartifact repository is located)"},{"name":"AWS_OIDC_AUD","description":"The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/))_","default":"$CI_SERVER_URL","advanced":true},{"name":"AWS_OIDC_ROLE_ARN","description":"Default IAM Role ARN associated with GitLab _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/))_"},{"name":"AWS_ACCESS_KEY_ID","description":"Default access key ID (only required for basic authentication)","secret":true,"advanced":true},{"name":"AWS_SECRET_ACCESS_KEY","description":"Default secret access key (only required for basic authentication)","secret":true,"advanced":true},{"name":"AWS_CODEARTIFACT_DOMAIN","description":"The AWS CodeArtifact domain","mandatory":true},{"name":"AWS_CODEARTIFACT_DOMAIN_OWNER","description":"The AWS CodeArtifact domain owner","mandatory":true},{"name":"AWS_CODEARTIFACT_REPOSITORY","description":"The AWS CodeArtifact repository","mandatory":true}]}],"extension_id":null,"project":{"tag":"7.5.2","tags":["7.5.2","7.5.1","7.5.0","7.5","7.4.0","7.3.3","7.3.2","7.3.1","7.3.0","7.3","7.2.0","7.2","7.1.1","7.1.0","7.1","7.0.2","7.0.1","7.0.0","7.0","7","6.11.1","6.11.0","6.11","6.10.0","6.10","6.9.0","6.9","6.8.1","6.8.0","6.8","6.7.0","6.7","6.6.5","6.6.4","6.6.3","6.6.2","6.6.1","6.6.0","6.6","6.5.0","6.5","6.4.1","6.4.0","6.4","6.3.5","6.3.4","6.3.3","6.3.2","6.3.1","6.3.0","6.3","6.2.0","6.2","6.1.5","6.1.4","6.1.3","6.1.2","6.1.1","6.1.0","6.1","6.0.2","6.0.1","6.0.0","6.0","6","5.1.0","5.1","5.0.0","5.0","5","4.2.0","4.2","4.1.1","4.1.0","4.1","4.0.1","4.0.0","4","3.2.1","3.2.0","3.1.1","3.1.0","3.0.1","3.0.0","2.2.0","2.1.1","2.1.0","2.0.3","2.0.2","2.0.1","2.0.0","1.3.0","1.2.3","1.2.2","1.2.1","1.2.0","1.1.0","1.0.0"],"name":"python","path":"to-be-continuous/python","web_url":"https://gitlab.com/to-be-continuous/python","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26454253/logo.png"}},{"name":"Renovate","description":"Automate your dependency updates with [Renovate](https://www.mend.io/renovate/)","template_path":"templates/gitlab-ci-renovate.yml","kind":"misc","prefix":"renovate","is_component":true,"variables":[{"name":"RENOVATE_IMAGE","description":"The Docker image used to run Renovate","default":"registry.hub.docker.com/renovate/renovate:latest"},{"name":"RENOVATE_ONBOARDING_CONFIG","description":"Renovate configuration to use for onboarding PRs","default":"{\n \"$$schema\": \"https://docs.renovatebot.com/renovate-schema.json\",\n \"extends\": [\n \"config:recommended\",\n \":dependencyDashboard\"\n ],\n \"labels\": [\n \"dependencies\"\n ],\n \"customManagers\": [\n {\n \"customType\": \"regex\",\n \"fileMatch\": [ \"\\\\.gitlab-ci\\\\.ya?ml$\" ], \n \"matchStrings\": [ \"\\\\s?_IMAGE:\\\\s['\\\"](?<registryUrls>.*?)\\\\/(?<depName>.*?):(?<currentValue>.*)['\\\"]\" ], \n \"datasourceTemplate\": \"docker\" \n },\n {\n \"customType\": \"regex\",\n \"fileMatch\": [ \"\\\\.gitlab-ci\\\\.ya?ml$\" ], \n \"matchStrings\": [ \"\\\\s?image:\\\\s['\\\"](?<registryUrls>.*?)\\\\/(?<depName>.*?):(?<currentValue>.*)['\\\"]\" ], \n \"datasourceTemplate\": \"docker\" \n }\n ] \n}"},{"name":"RENOVATE_TOKEN","description":"A GitLab access token to allow Renovate crawl your projects. [See doc](https://docs.renovatebot.com/modules/platform/gitlab/#authentication)","secret":true},{"name":"GITHUB_COM_TOKEN","description":"A GitHub access token to allow Renovate fetch changelogs. [See doc](https://docs.renovatebot.com/getting-started/running/#githubcom-token-for-changelogs)","secret":true}],"extension_id":null,"project":{"tag":"1.4.1","tags":["1.4.1","1.4.0","1.4","1.3.0","1.3","1.2.2","1.2.1","1.2.0","1.2","1.1.0","1.1","1.0.0","1.0","1"],"name":"renovate","path":"to-be-continuous/renovate","web_url":"https://gitlab.com/to-be-continuous/renovate","avatar":"https://gitlab.com/uploads/-/system/project/avatar/48678619/logo.png"}},{"name":"Robot Framework","description":"Run your automated tests with [Robot Framework](https://robotframework.org/)","template_path":"templates/gitlab-ci-robotframework.yml","kind":"acceptance","prefix":"robot","job_prefix":"robotframework","is_component":true,"variables":[{"name":"ROBOT_BASE_IMAGE","description":"The Docker image used to run Robot frame work CLI","default":"registry.hub.docker.com/ppodgorsek/robot-framework:latest"},{"name":"ROBOT_TESTS_DIR","description":"Path to Robot Framework tests directory","default":"robot"},{"name":"ROBOT_BROWSER","description":"Browser to use","default":"firefox","type":"enum","values":["firefox","chrome"]},{"name":"ROBOT_OPTIONS","description":"Robot Framework [additional options](http://robotframework.org/robotframework/latest/RobotFrameworkUserGuide.html#all-command-line-options)","advanced":true},{"name":"ROBOT_THREADS","description":"Number of threads to execute Robot Framework tests (uses [Pabot](https://pabot.org/) if > `1`)","default":"1","type":"number","advanced":true},{"name":"PABOT_OPTIONS","description":"Pabot [additional options](https://github.com/mkorpela/pabot#command-line-options) (if `ROBOT_THREADS` > `1`)","advanced":true},{"name":"ROBOT_SCREEN_COLOUR_DEPTH","description":"Screen colour depth for X Window Virtual Framebuffer","type":"number","default":"24"},{"name":"ROBOT_SCREEN_HEIGHT","description":"Screen height for X Window Virtual Framebuffer","type":"number","default":"1080"},{"name":"ROBOT_SCREEN_WIDTH","description":"Screen width for X Window Virtual Framebuffer","type":"number","default":"1920"},{"name":"REVIEW_ENABLED","description":"Set to enable Robot Framework tests on review environments (dynamic environments instantiated on development branches)","type":"boolean"}],"features":[{"id":"lint","name":"robotframework-lint","description":"This job performs a [Lint](https://github.com/boakley/robotframework-lint/) analysis on your `Robot Framework files`.","disable_with":"ROBOT_LINT_DISABLED"}],"variants":[{"id":"vault","name":"Vault","description":"Retrieve secrets from a [Vault](https://www.vaultproject.io/) server","template_path":"templates/gitlab-ci-robotframework-vault.yml","variables":[{"name":"TBC_VAULT_IMAGE","description":"The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use","default":"registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest","advanced":true},{"name":"VAULT_BASE_URL","description":"The Vault server base API url"},{"name":"VAULT_OIDC_AUD","description":"The `aud` claim for the JWT","default":"$CI_SERVER_URL"},{"name":"VAULT_ROLE_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID","mandatory":true,"secret":true},{"name":"VAULT_SECRET_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID","mandatory":true,"secret":true}]}],"extension_id":null,"project":{"tag":"4.3.0","tags":["4.3.0","4.3","4.2.2","4.2.1","4.2.0","4.2","4.1.0","4.1","4.0.1","4.0.0","4.0","4","3.3.0","3.3","3.2.1","3.2.0","3.2","3.1.0","3.1","3.0.0","3.0","3","2.1.0","2.1","2.0.2","2.0.1","2.0.0","2","1.3.0","1.2.0","1.1.0","1.0.0"],"name":"robotframework","path":"to-be-continuous/robotframework","web_url":"https://gitlab.com/to-be-continuous/robotframework","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26546374/logo.png"}},{"name":"Source-to-Image","description":"Build reproducible container images from your source code with [Source-to-Image](https://github.com/openshift/source-to-image) (S2I)","template_path":"templates/gitlab-ci-s2i.yml","kind":"package","prefix":"s2i","is_component":true,"variables":[{"name":"S2I_DIND_IMAGE","description":"The image used to run the Docker daemon","default":"registry.hub.docker.com/library/docker:dind"},{"name":"S2I_SKOPEO_IMAGE","description":"The image used to push the built container image with Skopeo","default":"quay.io/skopeo/stable:latest"},{"name":"S2I_VERSION","description":"The target S2I version to install/use","default":"latest","advanced":true},{"name":"S2I_PLATFORM","description":"The target S2I platform to install/use","default":"linux-386","advanced":true},{"name":"S2I_BUILDER_IMAGE","description":"The S2I [builder image](https://github.com/openshift/source-to-image/blob/master/docs/builder_image.md) used to build your application image","mandatory":true},{"name":"S2I_ROOT_DIR","description":"Relative path to the application source code base directory in your repository","default":".","advanced":true},{"name":"S2I_BUILD_EXTRA_FLAGS","description":"S2I build [extra flags](https://github.com/openshift/source-to-image/blob/master/docs/cli.md#s2i-build)","advanced":true},{"name":"S2I_SNAPSHOT_IMAGE","description":"S2I snapshot image","default":"$CI_REGISTRY_IMAGE/snapshot:$CI_COMMIT_REF_SLUG"},{"name":"S2I_RELEASE_IMAGE","description":"S2I release image","default":"$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"},{"name":"S2I_PUBLISH_ARGS","description":"Additional [`skopeo copy` arguments](https://github.com/containers/skopeo/blob/master/docs/skopeo-copy.1.md#options)","advanced":true},{"name":"S2I_PROD_PUBLISH_STRATEGY","description":"Defines the publish to production strategy.","type":"enum","values":["none","manual","auto"],"default":"manual"},{"name":"S2I_RELEASE_EXTRA_TAGS_PATTERN","description":"Defines the image tag pattern that `$S2I_RELEASE_IMAGE` should match to push extra tags (supports capturing groups)\n\nDefaults to [SemVer](https://semver.org/) pattern.","default":"^v?(?P<major>[0-9]+)\\.(?P<minor>[0-9]+)\\.(?P<patch>[0-9]+)(?P<suffix>(?P<prerelease>-[0-9A-Za-z-\\.]+)?(?P<build>\\+[0-9A-Za-z-\\.]+)?)$","advanced":true},{"name":"S2I_RELEASE_EXTRA_TAGS","description":"Defines extra tags to publish the _release_ image\n\nSupports capturing group references from `$S2I_RELEASE_EXTRA_TAGS_PATTERN` (ex: `latest \\g<major>.\\g<minor> \\g<major>`)","advanced":true},{"name":"S2I_SEMREL_RELEASE_DISABLED","description":"Disable integration with the [semantic release template](https://gitlab.com/to-be-continuous/semantic-release/)","type":"boolean"}],"extension_id":null,"project":{"tag":"1.1.1","tags":["1.1.1","1.1.0","1.1","1.0.1","1.0.0","1.0","1"],"name":"s2i","path":"to-be-continuous/s2i","web_url":"https://gitlab.com/to-be-continuous/s2i","avatar":"https://gitlab.com/uploads/-/system/project/avatar/48540470/logo.png"}},{"name":"S3 (Simple Storage Service)","description":"Deploy your objects to any [S3](https://en.wikipedia.org/wiki/Amazon_S3) (Simple Storage Service) compatible object storage service","template_path":"templates/gitlab-ci-s3.yml","kind":"hosting","prefix":"s3","is_component":true,"variables":[{"name":"S3_CMD_IMAGE","description":"The Docker image used to run [s3cmd](https://s3tools.org/usage) commands","advanced":true,"default":"registry.hub.docker.com/d3fk/s3cmd:latest"},{"name":"S3_ENDPOINT_HOST","description":"Default S3 endpoint hostname (with port)","default":"s3.amazonaws.com","mandatory":true},{"name":"S3_HOST_BUCKET","description":"Default DNS-style bucket+hostname:port template for accessing a bucket","default":"%(bucket)s.$S3_ENDPOINT_HOST","mandatory":true},{"name":"S3_REGION","description":"Default region to create the buckets in (if not defined, the template won't create any)"},{"name":"S3_ACCESS_KEY","description":"Default S3 service Access Key","secret":true,"mandatory":true},{"name":"S3_SECRET_KEY","description":"Default S3 service Secret Key","secret":true,"mandatory":true},{"name":"S3_BASE_BUCKET_NAME","description":"Base bucket name","default":"$CI_PROJECT_NAME","advanced":true},{"name":"S3_DEPLOY_ARGS","description":"[s3cmd](https://s3tools.org/usage) command and options to deploy files to the bucket","default":"sync --recursive --delete-removed --acl-public --no-mime-magic --guess-mime-type","advanced":true},{"name":"S3_DEPLOY_FILES","description":"Pattern(s) of files to deploy to the S3 bucket","default":"public/"},{"name":"S3_WEBSITE_DISABLED","description":"Disables WebSite hosting by your S3 bucket","type":"boolean"},{"name":"S3_WEBSITE_ENDPOINT","description":"Default WebSite endpoint url pattern (supports `%(bucket)s` and `%(location)s` placeholders)","default":"http://%(bucket)s.s3-website.%(location)s.amazonaws.com"},{"name":"S3_WEBSITE_ARGS","description":"[s3cmd](https://s3tools.org/usage) command and options to enable WebSite hosting on the bucket","default":"ws-create --ws-index=index.html --ws-error=404.html","advanced":true},{"name":"S3_PREFIX","description":"Default S3 prefix to use as a root destination to upload objects in the S3 bucket"},{"name":"S3_SCRIPTS_DIR","description":"Directory where S3 hook scripts are located","default":".","advanced":true}],"features":[{"id":"review","name":"Review","description":"Dynamic review environments for your topic branches (see GitLab [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/))","disable_with":"S3_REVIEW_DISABLED","variables":[{"name":"S3_REVIEW_ENDPOINT_HOST","description":"S3 endpoint hostname (with port) for `review` env _(only define to override default)_"},{"name":"S3_REVIEW_REGION","description":"Region to create the `review` buckets in (if not defined, the template won't create any)"},{"name":"S3_REVIEW_ACCESS_KEY","description":"S3 service Access Key for `review` env (only define to override default)","secret":true},{"name":"S3_REVIEW_SECRET_KEY","description":"S3 service Secret Key for `review` env (only define to override default)","secret":true},{"name":"S3_REVIEW_BUCKET_NAME","description":"Bucket name for `review` env _(only define to override default)_","advanced":true},{"name":"CLEANUP_ALL_REVIEW","description":"Enables a **manual** job to cleanup all review envs at once.\n\nYou may also use it to [schedule](https://docs.gitlab.com/ee/ci/pipelines/schedules.html) cloud resources cleanup. See documentation.","type":"boolean"},{"name":"S3_REVIEW_PREFIX","description":"S3 prefix to use for `review` env _(only define to override default)_","advanced":true},{"name":"S3_REVIEW_AUTOSTOP_DURATION","description":"The amount of time before GitLab will automatically stop `review` environments","default":"4 hours"}]},{"id":"integration","name":"Integration","description":"A continuous-integration environment associated to your integration branch (`develop` by default)","disable_with":"S3_INTEG_DISABLED","variables":[{"name":"S3_INTEG_ENDPOINT_HOST","description":"S3 endpoint hostname (with port) for `integration` env _(only define to override default)_"},{"name":"S3_INTEG_REGION","description":"Region to create the `integration` bucket in"},{"name":"S3_INTEG_ACCESS_KEY","description":"S3 service Access Key for `integration` env (only define to override default)","secret":true},{"name":"S3_INTEG_SECRET_KEY","description":"S3 service Secret Key for `integration` env (only define to override default)","secret":true},{"name":"S3_INTEG_BUCKET_NAME","description":"Bucket name for `integration` env _(only define to override default)_","advanced":true},{"name":"S3_INTEG_PREFIX","description":"S3 prefix to use for `integration` env _(only define to override default)_","advanced":true}]},{"id":"staging","name":"Staging","description":"An iso-prod environment meant for testing and validation purpose on your production branch (`main` or `master` by default)","disable_with":"S3_STAGING_DISABLED","variables":[{"name":"S3_STAGING_ENDPOINT_HOST","description":"S3 endpoint hostname (with port) for `staging` env _(only define to override default)_"},{"name":"S3_STAGING_REGION","description":"Region to create the `staging` bucket in"},{"name":"S3_STAGING_ACCESS_KEY","description":"S3 service Access Key for `staging` env (only define to override default)","secret":true},{"name":"S3_STAGING_SECRET_KEY","description":"S3 service Secret Key for `staging` env (only define to override default)","secret":true},{"name":"S3_STAGING_BUCKET_NAME","description":"Bucket name for `staging` env _(only define to override default)_","advanced":true},{"name":"S3_STAGING_PREFIX","description":"S3 prefix to use for `staging` env _(only define to override default)_","advanced":true}]},{"id":"prod","name":"Production","description":"The production environment","disable_with":"S3_PROD_DISABLED","variables":[{"name":"S3_PROD_ENDPOINT_HOST","description":"S3 endpoint hostname (with port) for `production` env _(only define to override default)_"},{"name":"S3_PROD_REGION","description":"Region to create the `production` bucket in"},{"name":"S3_PROD_ACCESS_KEY","description":"S3 service Access Key for `production` env (only define to override default)","secret":true},{"name":"S3_PROD_SECRET_KEY","description":"S3 service Secret Key for `production` env (only define to override default)","secret":true},{"name":"S3_PROD_BUCKET_NAME","description":"Bucket name for `production` env _(only define to override default)_","advanced":true},{"name":"S3_PROD_DEPLOY_STRATEGY","description":"Defines the deployment to production strategy.","type":"enum","values":["manual","auto"],"default":"manual"},{"name":"S3_PROD_PREFIX","description":"S3 prefix to use for `production` env _(only define to override default)_","advanced":true}]}],"variants":[{"id":"vault","name":"Vault","description":"Retrieve secrets from a [Vault](https://www.vaultproject.io/) server","template_path":"templates/gitlab-ci-s3-vault.yml","variables":[{"name":"TBC_VAULT_IMAGE","description":"The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use","default":"registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest","advanced":true},{"name":"VAULT_BASE_URL","description":"The Vault server base API url"},{"name":"VAULT_OIDC_AUD","description":"The `aud` claim for the JWT","default":"$CI_SERVER_URL"},{"name":"VAULT_ROLE_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID","mandatory":true,"secret":true},{"name":"VAULT_SECRET_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID","mandatory":true,"secret":true}]}],"extension_id":null,"project":{"tag":"7.2.3","tags":["7.2.3","7.2.2","7.2.1","7.2.0","7.2","7.1.0","7.1","7.0.1","7.0.0","7.0","7","6.0.0","6.0","6","5.2.0","5.2","5.1.0","5.1","5.0.0","5.0","5","4.1.1","4.1.0","4.1","4.0.0","4.0","4","3.0.0","3.0","3","2.3.0","2.3","2.2.0","2.2","2.1.5","2.1.4","2.1.3","2.1.2","2.1.1","2.1.0","2.0.0","2","1.2.1","1.2.0","1.1.0","1.0.0"],"name":"s3","path":"to-be-continuous/s3","web_url":"https://gitlab.com/to-be-continuous/s3","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26450933/logo.png"}},{"name":"Scala/SBT","description":"Build, test and analyse your [sbt](https://www.scala-sbt.org/)-based projects","template_path":"templates/gitlab-ci-sbt.yml","kind":"build","prefix":"sbt","is_component":true,"variables":[{"name":"SBT_IMAGE","description":"The Docker image used to run sbt - **set the version required by your project**","default":"registry.hub.docker.com/sbtscala/scala-sbt:17.0.2_1.6.2_3.1.3"},{"name":"SBT_BUILD_ARGS","description":"The sbt arguments for the sbt arguments for the [build job packaging](https://www.scala-sbt.org/1.x/docs/Running.html#Common+commands)","default":"clean package","advanced":true},{"name":"SBT_TEST_ARGS","description":"The sbt arguments for the sbt arguments for the [build job test phase](https://www.scala-sbt.org/1.x/docs/Running.html#Common+commands)","default":"coverage test coverageAggregate","advanced":true},{"name":"SBT_OPTS","description":"Global [sbt options](https://www.scala-sbt.org/1.x/docs/Command-Line-Reference.html#sbt+JVM+options+and+system+properties)","default":"-Dsbt.global.base=sbt-cache/sbtboot -Dsbt.boot.directory=sbt-cache/boot -Dsbt.coursier.home=sbt-cache/coursier -Dsbt.ci=true -Dsbt.color=always","advanced":true},{"name":"SBT_CLI_OPTS","description":"Additional sbt options used on the command line","default":"--batch","advanced":true}],"features":[{"id":"sbom","name":"Software Bill of Materials","description":"This job generates a file listing all dependencies using [syft](https://github.com/anchore/syft)","disable_with":"SBT_SBOM_DISABLED","variables":[{"name":"SBT_SBOM_IMAGE","default":"registry.hub.docker.com/anchore/syft:debug","description":"The syft image used for SBOM analysis"},{"name":"SBT_SBOM_OPTS","description":"Options for syft used for SBOM analysis","default":"dir:sbt-cache/coursier --catalogers java-cataloger","advanced":true}]},{"id":"publish","name":"Publish (snapshot & release)","description":"Enable artifacts publishing to a Nexus repository","variables":[{"name":"SBT_PUBLISH_MODE","description":"Publish mode (one of `snapshot`, `ontag`, `release`)","type":"enum","values":["","snapshot","ontag","release"],"mandatory":true},{"name":"GIT_PRIVATE_KEY","description":"Git private key to perform Git operations (for `release` publish mode)","secret":true},{"name":"MAVEN_REPOSITORY_HOST","description":"Global Maven repository host where credentials apply","secret":false},{"name":"MAVEN_REPOSITORY_USERNAME","description":"Global Maven repository username","secret":true},{"name":"MAVEN_REPOSITORY_PASSWORD","description":"Global Maven repository password","secret":true},{"name":"MAVEN_REPOSITORY_PUBLISH_RELEASE_URL","description":"Maven repository URL where to publish release artifacts","secret":false},{"name":"MAVEN_REPOSITORY_PUBLISH_SNAPSHOT_URL","description":"Maven repository URL where to publish snapshot artifacts","secret":false},{"name":"MAVEN_REPOSITORY_PUBLISH_USERNAME","description":"Maven repository username used for publishing purposes","secret":true},{"name":"MAVEN_REPOSITORY_PUBLISH_PASSWORD","description":"Maven repository password used for publishing purposes","secret":true}]}],"extension_id":null,"project":{"tag":"1.7.1","tags":["1.7.1","1.7.0","1.7","1.6.0","1.6","1.5.1","1.5.0","1.5","1.4.0","1.4","1.3.1","1.3.0","1.3","1.2.0","1.2","1.1.2","1.1.1","1.1.0","1.1","1.0.0","1.0","1"],"name":"sbt","path":"to-be-continuous/sbt","web_url":"https://gitlab.com/to-be-continuous/sbt","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26717195/logo.png"}},{"name":"semantic-release","description":"Automate your versioning and release management with [semantic-release](https://github.com/semantic-release/semantic-release)","template_path":"templates/gitlab-ci-semrel.yml","kind":"publish","prefix":"semrel","job_prefix":"semantic-release","is_component":true,"variables":[{"name":"SEMREL_IMAGE","description":"The Docker image used to run semantic-release","default":"registry.hub.docker.com/library/node:lts-slim"},{"name":"SEMREL_VERSION","description":"The [semantic-release](https://www.npmjs.com/package/semantic-release) version to use","default":"latest","advanced":true},{"name":"SEMREL_EXEC_VERSION","description":"The [@semantic-release/exec](https://www.npmjs.com/package/@semantic-release/exec) version to use","default":"latest","advanced":true},{"name":"GITLAB_TOKEN","description":"A GitLab 'project access token' or 'personal access token' with `api`, `read_repository` and `write repository` scopes.","mandatory":true,"secret":true},{"name":"SEMREL_CONFIG_DIR","description":"directory containing your [semantic-release configuration](https://semantic-release.gitbook.io/semantic-release/usage/configuration#configuration-file)","default":".","advanced":true},{"name":"SEMREL_TAG_FORMAT","description":"For generated `.releaserc` file only. [tagFormat semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#tagformat)e. :warning: don't forget to double the `$` character so it is not interpreted by GitLab.","default":"$${version}","advanced":true},{"name":"SEMREL_REQUIRED_PLUGINS_FILE","description":"Full path to `semrel-required-plugins.txt` file _(relative to `$CI_PROJECT_DIR`)_","default":"semrel-required-plugins.txt","advanced":true}],"features":[{"id":"semantic-release","name":"semantic-release","description":"Performs a semantic release.","disable_with":"SEMREL_RELEASE_DISABLED","variables":[{"name":"SEMREL_CHANGELOG_ENABLED","description":"Add the [@semantic-release/changelog](https://github.com/semantic-release/changelog) plugin which will commit a changelog file in the repository.","type":"boolean"},{"name":"SEMREL_CHANGELOG_FILE","description":"[changelogFile @semantic-release/changelog option](https://github.com/semantic-release/changelog#options).","default":"CHANGELOG.md","advanced":true},{"name":"SEMREL_CHANGELOG_TITLE","description":"[changelogTitle @semantic-release/changelog option](https://github.com/semantic-release/changelog#options). You might want to use markdown format (for example `# MyApp Changelog`).","advanced":true},{"name":"SEMREL_DRY_RUN","description":"For generated `.releaserc` file only. Activate the [dryRun semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#dryrun) if present.","type":"boolean","advanced":true},{"name":"SEMREL_AUTO_RELEASE_ENABLED","description":"When set the job start automatically. When not set (default), the job is manual.","type":"boolean"},{"name":"SEMREL_BRANCHES_REF","description":"Regular expression pattern matching branches from which releases should happen (should match your [semantic-release configuration](https://semantic-release.gitbook.io/semantic-release/usage/configuration#branches))","default":"/^(master|main)$/","advanced":true},{"name":"SEMREL_HOOKS_DIR","description":"Hook scripts folder.","default":".","advanced":true},{"name":"SEMREL_GPG_SIGNKEY","description":"Path to the GPG signkey exported with `gpg --armor --export-secret-key`.","secret":true,"advanced":true},{"name":"SEMREL_COMMIT_MESSAGE","description":"[message @semantic-release/git option](https://github.com/semantic-release/git#message)","advanced":true},{"name":"SEMREL_COMMIT_SPEC","description":"Commit specification `preset` (possible values: `angular`, `atom`, `codemirror`, `ember`, `eslint`, `express`, `jquery`, `jshint`, `conventionalcommits`). The default is `angular`.","values":["angular","codemirror","conventionalcommits","ember","eslint","express","jquery","jshint"],"default":"angular","advanced":true}]},{"id":"semantic-release-info","name":"semantic-release-info","description":"Run `semantic-release` dry run to save next release version information as dotenv artifact and make them available in next pipeline stages","variables":[{"name":"SEMREL_INFO_ON","description":"Define on which branch(es) the job shall be run","type":"enum","values":["","prod","branches-ref","protected","all"],"mandatory":true}]}],"variants":[{"id":"vault","name":"Vault","description":"Retrieve secrets from a [Vault](https://www.vaultproject.io/) server","template_path":"templates/gitlab-ci-semrel-vault.yml","variables":[{"name":"TBC_VAULT_IMAGE","description":"The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use","default":"registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest","advanced":true},{"name":"VAULT_BASE_URL","description":"The Vault server base API url","mandatory":true},{"name":"VAULT_OIDC_AUD","description":"The `aud` claim for the JWT","default":"$CI_SERVER_URL"},{"name":"VAULT_ROLE_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID","mandatory":true,"secret":true},{"name":"VAULT_SECRET_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID","mandatory":true,"secret":true}]}],"extension_id":null,"project":{"tag":"3.11.5","tags":["3.11.5","3.11.4","3.11.3","3.11.2","3.11.1","3.11.0","3.11","3.10.3","3.10.2","3.10.1","3.10.0","3.10","3.9.1","3.9.0","3.9","3.8.3","3.8.2","3.8.1","3.8.0","3.8","3.7.1","3.7.0","3.7","3.6.0","3.6","3.5.2","3.5.1","3.5.0","3.5","3.4.2","3.4.1","3.4.0","3.4","3.3.1","3.3.0","3.3","3.2.2","3.2.1","3.2.0","3.2","3.1.1","3.1.0","3.1","3.0.0","3.0","3","2.3.1","2.3.0","2.3","2.2.6","2.2.5","2.2.4","2.2.3","2.2.2","2.2.1","2.2.0","2.1.0","2.0.5","2.0.4","2.0.3","2.0.2","2.0.1","2.0.0","2","1.2.0","1.1.0","1.0.1","1.0.0"],"name":"semantic-release","path":"to-be-continuous/semantic-release","web_url":"https://gitlab.com/to-be-continuous/semantic-release","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26454254/logo.png"}},{"name":"SonarQube","description":"Continuously inspect your codebase with [SonarQube](https://www.sonarqube.org/)","template_path":"templates/gitlab-ci-sonar.yml","kind":"analyse","prefix":"sonar","is_component":true,"variables":[{"name":"SONAR_SCANNER_IMAGE","description":"The Docker image used to run [sonar-scanner](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/scanners/sonarscanner/)","default":"registry.hub.docker.com/sonarsource/sonar-scanner-cli:latest"},{"name":"SONAR_HOST_URL","type":"url","description":"SonarQube server url","mandatory":true},{"name":"SONAR_PROJECT_KEY","description":"SonarQube Project Key (might also be set in the `sonar-project.properties` file)","advanced":true},{"name":"SONAR_PROJECT_NAME","description":"SonarQube Project Name (might also be set in the `sonar-project.properties` file)","advanced":true},{"name":"SONAR_TOKEN","description":"SonarQube authentication token (depends on your authentication method)","secret":true},{"name":"SONAR_LOGIN","description":"SonarQube login (depends on your authentication method)","secret":true},{"name":"SONAR_PASSWORD","description":"SonarQube password (depends on your authentication method)","secret":true},{"name":"SONAR_BASE_ARGS","description":"SonarQube [analysis arguments](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/analysis-parameters/)","default":"-Dsonar.links.homepage=${CI_PROJECT_URL} -Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines -Dsonar.links.issue=${CI_PROJECT_URL}/-/issues","advanced":true},{"name":"SONAR_QUALITY_GATE_ENABLED","description":"Enables SonarQube [Quality Gate](https://docs.sonarsource.com/sonarqube-server/latest/instance-administration/analysis-functions/quality-gates/) verification.\n\n_Uses `sonar.qualitygate.wait` parameter ([see doc](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/ci-integration/overview/#quality-gate-fails))._","type":"boolean"}],"variants":[{"id":"vault","name":"Vault","description":"Retrieve secrets from a [Vault](https://www.vaultproject.io/) server","template_path":"templates/gitlab-ci-sonar-vault.yml","variables":[{"name":"TBC_VAULT_IMAGE","description":"The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use","default":"registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest","advanced":true},{"name":"VAULT_BASE_URL","description":"The Vault server base API url"},{"name":"VAULT_OIDC_AUD","description":"The `aud` claim for the JWT","default":"$CI_SERVER_URL"},{"name":"VAULT_ROLE_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID","mandatory":true,"secret":true},{"name":"VAULT_SECRET_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID","mandatory":true,"secret":true}]}],"extension_id":null,"project":{"tag":"4.2.4","tags":["4.2.4","4.2.3","4.2.2","4.2.1","4.2.0","4.2","4.1.1","4.1.0","4.1","4.0.1","4.0.0","4.0","4","3.3.0","3.3","3.2.0","3.2","3.1.1","3.1.0","3.1","3.0.0","3.0","3","2.1.0","2.1","2.0.1","2.0.0","2","1.3.2","1.3.1","1.3.0","1.2.0","1.1.0","1.0.0"],"name":"sonar","path":"to-be-continuous/sonar","web_url":"https://gitlab.com/to-be-continuous/sonar","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26454259/logo.png"}},{"name":"Spectral","description":"[Spectral](https://docs.stoplight.io/docs/spectral) is a JSON/YAML Linter with custom rulesets, out of the box support for OpenAPI and AsyncAPI","template_path":"templates/gitlab-ci-spectral.yml","kind":"analyse","prefix":"spectral","is_component":true,"variables":[{"name":"SPECTRAL_IMAGE","description":"The Docker image used to run `spectral`","default":"registry.hub.docker.com/stoplight/spectral:latest"},{"name":"SPECTRAL_DOCUMENTS","description":"Location of JSON/YAML documents to be linted. Can be either a file, a glob or fetchable resource(s) on the web","default":"{,api/,src/main/resources/}*{openapi,oas,swagger,async}*.{json,yml,yaml}"},{"name":"SPECTRAL_EXTRA_ARGS","description":"Extra Spectral CLI [options](https://docs.stoplight.io/docs/spectral/docs/guides/2-cli.md)","advanced":true},{"name":"SPECTRAL_DISABLED","description":"Set to `true` to disable this job","type":"boolean","advanced":true}],"extension_id":null,"project":{"tag":"1.1.2","tags":["1.1.2","1.1.1","1.1.0","1.1","1.0.0","1.0","1"],"name":"spectral","path":"to-be-continuous/spectral","web_url":"https://gitlab.com/to-be-continuous/spectral","avatar":"https://gitlab.com/uploads/-/system/project/avatar/52371414/logo.png"}},{"name":"Sphinx","description":"Build your documentation with [Sphinx](https://www.sphinx-doc.org/)","template_path":"templates/gitlab-ci-sphinx.yml","kind":"build","prefix":"sphinx","is_component":true,"variables":[{"name":"SPHINX_IMAGE","description":"The Docker image used to run Sphinx","default":"ghcr.io/sphinx-doc/sphinx:latest"},{"name":"SPHINX_BUILD_ARGS","description":"[`sphinx-build` options](https://www.sphinx-doc.org/en/master/man/sphinx-build.html)) to be used","default":"-M html"},{"name":"SPHINX_PROJECT_DIR","description":"Sphinx project root directory","default":"."},{"name":"SPHINX_SOURCE_DIR","description":"Sphinx source directory (relative to `$SPHINX_PROJECT_DIR`) containing the Sphinx `conf.py` file","default":"source","advanced":true},{"name":"SPHINX_BUILD_DIR","description":"Sphinx build output directory (relative to `$SPHINX_PROJECT_DIR`)","default":"build","advanced":true},{"name":"SPHINX_REQUIREMENTS_FILE","description":"Requirements file (relative to `$SPHINX_PROJECT_DIR`). If the file is not found in the repository, requirements are read from the `SPHINX_REQUIREMENTS` variable","default":"requirements.txt","advanced":true},{"name":"SPHINX_REQUIREMENTS","description":"Space separated requirements (ignored if a requirement file is found)","advanced":true},{"name":"SPHINX_PREBUILD_SCRIPT","description":"Pre-build hook script (relative to `$SPHINX_PROJECT_DIR`)","default":"sphinx-pre-build.sh","advanced":true},{"name":"PIP_OPTS","description":"pip extra [options](https://pip.pypa.io/en/stable/cli/pip/#general-options)","advanced":true}],"features":[{"id":"lychee","name":"lychee","description":"Checks broken links and emails with [lychee](https://github.com/lycheeverse/lychee)","enable_with":"SPHINX_LYCHEE_ENABLED","variables":[{"name":"SPHINX_LYCHEE_IMAGE","description":"The Docker image used to run [lychee](https://github.com/lycheeverse/lychee)","default":"registry.hub.docker.com/lycheeverse/lychee:latest","advanced":true},{"name":"SPHINX_LYCHEE_ARGS","description":"[lychee arguments](https://github.com/lycheeverse/lychee#commandline-parameters) to execute","default":"--exclude-loopback $SPHINX_SOURCE_DIR/**/*.rst"}]}],"variants":[{"id":"pages","name":"GitLab Pages","description":"Adds a job to publish the generated documentation to GitLab pages","template_path":"templates/gitlab-ci-sphinx-pages.yml"}],"extension_id":null,"project":{"tag":"1.2.0","tags":["1.2.0","1.2","1.1.1","1.1.0","1.1","1.0.0","1.0","1"],"name":"sphinx","path":"to-be-continuous/sphinx","web_url":"https://gitlab.com/to-be-continuous/sphinx","avatar":"https://gitlab.com/uploads/-/system/project/avatar/53144593/logo.png"}},{"name":"SQLFluff lint","description":"Lint your SQL files (whichever your dialect) with [SQLFluff](https://docs.sqlfluff.com)","template_path":"templates/gitlab-ci-sqlfluff.yml","kind":"analyse","prefix":"sqlfluff","is_component":true,"variables":[{"name":"SQLFLUFF_IMAGE","description":"The Docker image used to run SQLFluff","default":"registry.hub.docker.com/sqlfluff/sqlfluff:latest"},{"name":"SQLFLUFF_WORKING_DIR","description":"Sqlfluff working directory, scope of configuration and sql files used","default":".","advanced":true},{"name":"SQLFLUFF_LINT_ARGS","description":"Lint [options and arguments](https://docs.sqlfluff.com/en/stable/reference/cli.html#sqlfluff-lint)","advanced":true}],"extension_id":null,"project":{"tag":"1.3.1","tags":["1.3.1","1.3.0","1.3","1.2.0","1.2","1.1.2","1.1.1","1.1.0","1.1","1.0.2","1.0.1","1.0.0","1.0","1"],"name":"sqlfluff","path":"to-be-continuous/sqlfluff","web_url":"https://gitlab.com/to-be-continuous/sqlfluff","avatar":"https://gitlab.com/uploads/-/system/project/avatar/38513375/logo.png"}},{"name":"Terraform","description":"Manage your infrastructure with [Terraform](https://www.terraform.io)","template_path":"templates/gitlab-ci-terraform.yml","kind":"infrastructure","prefix":"tf","is_component":true,"variables":[{"name":"TF_IMAGE","description":"the Docker image used to run Terraform CLI commands - **set the version required by your project**","default":"registry.hub.docker.com/hashicorp/terraform:latest"},{"name":"TF_GITLAB_BACKEND_DISABLED","type":"boolean","description":"Set to disable [GitLab managed Terraform State](https://docs.gitlab.com/ee/user/infrastructure/iac/terraform_state.html)","advanced":true},{"name":"TF_PROJECT_DIR","description":"Terraform project root directory","default":".","advanced":true},{"name":"TF_SCRIPTS_DIR","description":"Terraform (hook) scripts base directory (relative to `$TF_PROJECT_DIR`)","default":".","advanced":true},{"name":"TF_OUTPUT_DIR","description":"Terraform output directory (relative to `$TF_PROJECT_DIR`).\n\n_Everything generated in this directory will be kept as job artifacts._","default":"tf-output","advanced":true},{"name":"TF_EXTRA_OPTS","description":"Default Terraform extra options (applies to all Terraform commands)","advanced":true},{"name":"TF_INIT_OPTS","description":"Default Terraform extra [init options](https://developer.hashicorp.com/terraform/cli/commands/init)","advanced":true},{"name":"TF_WORKSPACE","description":"Default Terraform project [workspace](https://developer.hashicorp.com/terraform/language/state/workspaces)","advanced":true},{"name":"TF_PLAN_OPTS","description":"Default Terraform extra [plan options](https://developer.hashicorp.com/terraform/cli/commands/plan)","advanced":true},{"name":"TF_APPLY_OPTS","description":"Default Terraform extra [apply options](https://developer.hashicorp.com/terraform/cli/commands/apply)","advanced":true},{"name":"TF_DESTROY_OPTS","description":"Default Terraform extra [destroy options](https://developer.hashicorp.com/terraform/cli/commands/destroy)","advanced":true}],"features":[{"id":"tfsec","name":"tfsec","description":"Detect security issues with [tfsec](https://github.com/tfsec/tfsec)","enable_with":"TF_TFSEC_ENABLED","variables":[{"name":"TF_TFSEC_IMAGE","description":"tfsec docker image","default":"registry.hub.docker.com/aquasec/tfsec-ci","advanced":true},{"name":"TF_TFSEC_ARGS","description":"tfsec [options and args](https://aquasecurity.github.io/tfsec/latest/guides/usage/)","default":"."}]},{"id":"trivy","name":"trivy","description":"Detect security issues with [trivy config](https://aquasecurity.github.io/trivy/latest/docs/scanner/misconfiguration/)","disable_with":"TF_TRIVY_DISABLED","variables":[{"name":"TF_TRIVY_IMAGE","description":"trivy docker image","default":"registry.hub.docker.com/aquasec/trivy","advanced":true},{"name":"TF_TRIVY_ARGS","description":"trivy config [options and args](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_config/)","default":"."}]},{"id":"checkov","name":"checkov","description":"Static code analysis tool for infrastructure-as-code","enable_with":"TF_CHECKOV_ENABLED","variables":[{"name":"TF_CHECKOV_IMAGE","description":"checkov docker image","default":"registry.hub.docker.com/bridgecrew/checkov","advanced":true},{"name":"TF_CHECKOV_ARGS","description":"checkov [options and args](https://www.checkov.io/2.Basics/CLI%20Command%20Reference.html)","default":"--framework terraform","advanced":true}]},{"id":"tf-infracost","name":"tf-infracost","description":"Shows cloud cost estimates for infrastructure-as-code projects","enable_with":"TF_INFRACOST_ENABLED","variables":[{"name":"TF_INFRACOST_IMAGE","description":"Infracost docker image","default":"registry.hub.docker.com/infracost/infracost","advanced":true},{"name":"TF_INFRACOST_ARGS","description":"infracost [CLI options and args](https://www.infracost.io/docs/#usage)","default":"breakdown"},{"name":"TF_INFACOST_USAGE_FILE","description":"infracost [usage file](https://www.infracost.io/docs/usage_based_resources/#infracost-usage-file)","default":"infracost-usage.yml"},{"name":"INFRACOST_API_KEY","description":"the infracost API key","secret":true}]},{"id":"tf-tflint","name":"tf-tflint","description":"Analyse your Terraform code with [tflint](https://github.com/terraform-linters/tflint)","disable_with":"TF_TFLINT_DISABLED","variables":[{"name":"TF_TFLINT_IMAGE","description":"Tflint docker image","default":"ghcr.io/terraform-linters/tflint-bundle:latest","advanced":true},{"name":"TF_TFLINT_ARGS","description":"tflint extra [options and args](https://github.com/terraform-linters/tflint/#usage)","default":"--enable-plugin=google --enable-plugin=azurerm --enable-plugin=aws --recursive"}]},{"id":"tf-fmt","name":"tf-fmt","description":"Check your Terraform code with [tffmt](https://developer.hashicorp.com/terraform/cli/commands/fmt#usage)","enable_with":"TF_FMT_ENABLED","variables":[{"name":"TF_FMT_ARGS","description":"terraform fmt extra [options](https://developer.hashicorp.com/terraform/cli/commands/fmt#usage)","default":"-diff -recursive"}]},{"id":"tf-validate","name":"tf-validate","description":"Check your Terraform code with [tfvalidate](https://developer.hashicorp.com/terraform/cli/commands/validate#usage)","enable_with":"TF_VALIDATE_ENABLED","variables":[]},{"id":"tfdocs","name":"terraform docs","description":"Build Terraform documentation based on [terraform docs](https://terraform-docs.io/)","enable_with":"TF_DOCS_ENABLED","variables":[{"name":"TF_DOCS_IMAGE","description":"[terraform docs](https://terraform-docs.io/) container image","default":"quay.io/terraform-docs/terraform-docs:edge","advanced":true},{"name":"TF_DOCS_EXTRA_OPTS","description":"Extra [terraform docs options](https://terraform-docs.io/reference/terraform-docs/)","advanced":true},{"name":"TF_DOCS_CONFIG","description":"terraform docs [configuration file](https://terraform-docs.io/user-guide/configuration/) (relative to `$TF_PROJECT_DIR`)","default":".terraform-docs.yml","advanced":true},{"name":"TF_DOCS_OUTPUT_DIR","description":"terraform docs output directory (relative to `$TF_PROJECT_DIR`)","default":"docs","advanced":true}]},{"id":"tfpublish","name":"publish module","description":"Publish a Terraform module to GitLab's [Terraform Module Registry](https://docs.gitlab.com/ee/user/packages/terraform_module_registry/)","enable_with":"TF_PUBLISH_ENABLED","variables":[{"name":"TF_PUBLISH_IMAGE","description":"container image used to publish module","default":"registry.hub.docker.com/curlimages/curl:latest","advanced":true},{"name":"TF_MODULE_NAME","description":"The module name. May not contain any spaces or underscores.","default":"$CI_PROJECT_NAME","advanced":true},{"name":"TF_MODULE_SYSTEM","description":"The module system or provider (example: `local`, `aws`, `google`)","default":"local"},{"name":"TF_MODULE_VERSION","description":"The module version. It must be valid according to the [semantic versioning](https://semver.org/) specification.","default":"$CI_COMMIT_TAG","advanced":true},{"name":"TF_MODULE_FILES","description":"Glob patterns matching files to include into the Terraform module (:warning: does not support double star)","default":"*.tf *.tpl *.md"}]},{"id":"review","name":"Review","description":"Dynamic review environments for your topic branches (see GitLab [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/))","enable_with":"TF_REVIEW_ENABLED","variables":[{"name":"TF_REVIEW_EXTRA_OPTS","description":"Terraform extra options for `review` env (applies to all Terraform commands) (only define to override default)","advanced":true},{"name":"TF_REVIEW_INIT_OPTS","description":"Terraform extra [init options](https://developer.hashicorp.com/terraform/cli/commands/init) for `review` env (only define to override default)","advanced":true},{"name":"TF_REVIEW_WORKSPACE","description":"Terraform project [workspace](https://developer.hashicorp.com/terraform/language/state/workspaces) for `review` env (only define to override default)","advanced":true},{"name":"TF_REVIEW_PLAN_ENABLED","description":"Set to enable separate Terraform plan job for `review` env.","type":"boolean","advanced":true},{"name":"TF_REVIEW_PLAN_OPTS","description":"Terraform extra [plan options](https://developer.hashicorp.com/terraform/cli/commands/plan) for `review` env (only define to override default)","advanced":true},{"name":"TF_REVIEW_APPLY_OPTS","description":"Terraform extra [apply options](https://developer.hashicorp.com/terraform/cli/commands/apply) for `review` env (only define to override default)","advanced":true},{"name":"TF_REVIEW_DESTROY_OPTS","description":"Terraform extra [destroy options](https://developer.hashicorp.com/terraform/cli/commands/destroy) for `review` env (only define to override default)","advanced":true},{"name":"TF_REVIEW_AUTOSTOP_DURATION","description":"The amount of time before GitLab will automatically stop `review` environments","default":"4 hours"}]},{"id":"integration","name":"Integration","description":"A continuous-integration environment associated to your integration branch (`develop` by default)","enable_with":"TF_INTEG_ENABLED","variables":[{"name":"TF_INTEG_EXTRA_OPTS","description":"Terraform extra options for `integration` env (applies to all Terraform commands) (only define to override default)","advanced":true},{"name":"TF_INTEG_INIT_OPTS","description":"Terraform extra [init options](https://developer.hashicorp.com/terraform/cli/commands/init) for `integration` env (only define to override default)","advanced":true},{"name":"TF_INTEG_WORKSPACE","description":"Terraform project [workspace](https://developer.hashicorp.com/terraform/language/state/workspaces) for `integration` env (only define to override default)","advanced":true},{"name":"TF_INTEG_PLAN_ENABLED","description":"Set to enable separate Terraform plan job for `integration` env.","type":"boolean","advanced":true},{"name":"TF_INTEG_PLAN_OPTS","description":"Terraform extra [plan options](https://developer.hashicorp.com/terraform/cli/commands/plan) for `integration` env (only define to override default)","advanced":true},{"name":"TF_INTEG_APPLY_OPTS","description":"Terraform extra [apply options](https://developer.hashicorp.com/terraform/cli/commands/apply) for `integration` env (only define to override default)","advanced":true},{"name":"TF_INTEG_DESTROY_OPTS","description":"Terraform extra [destroy options](https://developer.hashicorp.com/terraform/cli/commands/destroy) for `integration` env (only define to override default)","advanced":true},{"name":"TF_INTEG_AUTOSTOP_DURATION","description":"The amount of time before GitLab will automatically stop the `integration` env","default":"never"}]},{"id":"staging","name":"Staging","description":"An iso-prod environment meant for testing and validation purpose on your production branch (`main` or `master` by default)","enable_with":"TF_STAGING_ENABLED","variables":[{"name":"TF_STAGING_EXTRA_OPTS","description":"Terraform extra options for `staging` env (applies to all Terraform commands) (only define to override default)","advanced":true},{"name":"TF_STAGING_INIT_OPTS","description":"Terraform extra [init options](https://developer.hashicorp.com/terraform/cli/commands/init) for `staging` env (only define to override default)","advanced":true},{"name":"TF_STAGING_WORKSPACE","description":"Terraform project [workspace](https://developer.hashicorp.com/terraform/language/state/workspaces) for `staging` env (only define to override default)","advanced":true},{"name":"TF_STAGING_PLAN_ENABLED","description":"Set to enable separate Terraform plan job for `staging` env.","type":"boolean","advanced":true},{"name":"TF_STAGING_PLAN_OPTS","description":"Terraform extra [plan options](https://developer.hashicorp.com/terraform/cli/commands/plan) for `staging` env (only define to override default)","advanced":true},{"name":"TF_STAGING_APPLY_OPTS","description":"Terraform extra [apply options](https://developer.hashicorp.com/terraform/cli/commands/apply) for `staging` env (only define to override default)","advanced":true},{"name":"TF_STAGING_DESTROY_OPTS","description":"Terraform extra [destroy options](https://developer.hashicorp.com/terraform/cli/commands/destroy) for `staging` env (only define to override default)","advanced":true},{"name":"TF_STAGING_AUTOSTOP_DURATION","description":"The amount of time before GitLab will automatically stop the `staging` env","default":"never"}]},{"id":"prod","name":"Production","description":"The production environment","enable_with":"TF_PROD_ENABLED","variables":[{"name":"TF_PROD_EXTRA_OPTS","description":"Terraform extra options for `production` env (applies to all Terraform commands) (only define to override default)","advanced":true},{"name":"TF_PROD_INIT_OPTS","description":"Terraform extra [init options](https://developer.hashicorp.com/terraform/cli/commands/init) for `production` env (only define to override default)","advanced":true},{"name":"TF_PROD_WORKSPACE","description":"Terraform project [workspace](https://developer.hashicorp.com/terraform/language/state/workspaces) for `production` env (only define to override default)","advanced":true},{"name":"TF_PROD_PLAN_ENABLED","description":"Set to enable separate Terraform plan job for `production` env.","type":"boolean","default":"true","advanced":true},{"name":"TF_PROD_PLAN_OPTS","description":"Terraform extra [plan options](https://developer.hashicorp.com/terraform/cli/commands/plan) for `production` env (only define to override default)","advanced":true},{"name":"TF_PROD_APPLY_OPTS","description":"Terraform extra [apply options](https://developer.hashicorp.com/terraform/cli/commands/apply) for `production` env (only define to override default)","advanced":true},{"name":"TF_PROD_DESTROY_OPTS","description":"Terraform extra [destroy options](https://developer.hashicorp.com/terraform/cli/commands/destroy) for `production` env (only define to override default)","advanced":true}]}],"variants":[{"id":"vault","name":"Vault","description":"Retrieve secrets from a [Vault](https://www.vaultproject.io/) server","template_path":"templates/gitlab-ci-terraform-vault.yml","variables":[{"name":"TBC_VAULT_IMAGE","description":"The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use","default":"registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest","advanced":true},{"name":"VAULT_BASE_URL","description":"The Vault server base API url","mandatory":true},{"name":"VAULT_OIDC_AUD","description":"The `aud` claim for the JWT","default":"$CI_SERVER_URL"},{"name":"VAULT_ROLE_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID","mandatory":true,"secret":true},{"name":"VAULT_SECRET_ID","description":"The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID","mandatory":true,"secret":true}]},{"id":"gcp-auth-provider","name":"Google Cloud","description":"Retrieves an [OAuth access token](https://developers.google.com/identity/protocols/oauth2) for the [Google Cloud Platform Provider for Terraform](https://registry.terraform.io/providers/hashicorp/google/latest/docs)","template_path":"templates/gitlab-ci-terraform-gcp.yml","variables":[{"name":"GCP_OIDC_AUD","description":"The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/))_","default":"$CI_SERVER_URL","advanced":true},{"name":"GCP_OIDC_ACCOUNT","description":"Default Service Account to which impersonate with OpenID Connect authentication"},{"name":"GCP_OIDC_PROVIDER","description":"Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/)"},{"name":"GCP_REVIEW_OIDC_ACCOUNT","description":"Service Account to which impersonate with OpenID Connect authentication on `review` environment","advanced":true},{"name":"GCP_REVIEW_OIDC_PROVIDER","description":"Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `review` environment","advanced":true},{"name":"GCP_INTEG_OIDC_ACCOUNT","description":"Service Account to which impersonate with OpenID Connect authentication on `integration` environment","advanced":true},{"name":"GCP_INTEG_OIDC_PROVIDER","description":"Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `integration` environment","advanced":true},{"name":"GCP_STAGING_OIDC_ACCOUNT","description":"Service Account to which impersonate with OpenID Connect authentication on `staging` environment","advanced":true},{"name":"GCP_STAGING_OIDC_PROVIDER","description":"Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `staging` environment","advanced":true},{"name":"GCP_PROD_OIDC_ACCOUNT","description":"Service Account to which impersonate with OpenID Connect authentication on `production` environment","advanced":true},{"name":"GCP_PROD_OIDC_PROVIDER","description":"Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `production` environment","advanced":true}]},{"id":"aws","name":"AWS","description":"Sets the appropriate Assume Role with Web Identity configuration for the [AWS Provider for Terraform](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#assume-role-with-web-identity-configuration-reference)","template_path":"templates/gitlab-ci-terraform-aws.yml","variables":[{"name":"AWS_OIDC_AUD","description":"The `aud` claim for the JWT","default":"$CI_SERVER_URL"},{"name":"AWS_OIDC_ROLE_ARN","description":"Default IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/)","advanced":true},{"name":"AWS_REVIEW_OIDC_ROLE_ARN","description":"IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/) on `review` env _(only define to override default)_","advanced":true},{"name":"AWS_INTEG_OIDC_ROLE_ARN","description":"IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/) on `integration` env _(only define to override default)_","advanced":true},{"name":"AWS_STAGING_OIDC_ROLE_ARN","description":"IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/) on `staging` env _(only define to override default)_","advanced":true},{"name":"AWS_PROD_OIDC_ROLE_ARN","description":"IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/) on `production` env _(only define to override default)_","advanced":true}]}],"extension_id":null,"project":{"tag":"5.5.6","tags":["5.5.6","5.5.5","5.5.4","5.5.3","5.5.2","5.5.1","5.5.0","5.5","5.4.14","5.4.13","5.4.12","5.4.11","5.4.10","5.4.9","5.4.8","5.4.7","5.4.6","5.4.5","5.4.4","5.4.3","5.4.2","5.4.1","5.4.0","5.4","5.3.0","5.3","5.2.0","5.2","5.1.0","5.1","5.0.2","5.0.1","5.0.0","5.0","5","4.0.3","4.0.2","4.0.1","4.0.0","4.0","4","3.12.3","3.12.2","3.12.1","3.12.0","3.12","3.11.0","3.11","3.10.0","3.10","3.9.1","3.9.0","3.9","3.8.0","3.8","3.7.0","3.7","3.6.3","3.6.2","3.6.1","3.6.0","3.6","3.5.1","3.5.0","3.5","3.4.0","3.4","3.3.0","3.3","3.2.1","3.2.0","3.2","3.1.0","3.1","3.0.0","3.0","3","2.8.0","2.8","2.7.1","2.7.0","2.7","2.6.0","2.6","2.5.0","2.5","2.4.3","2.4.2","2.4.1","2.4.0","2.3.2","2.3.1","2.3.0","2.2.4","2.2.3","2.2.2","2.2.1","2.2.0","2.1.1","2"],"name":"terraform","path":"to-be-continuous/terraform","web_url":"https://gitlab.com/to-be-continuous/terraform","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26454262/logo.png"}},{"name":"Test SSL","description":"Test your TLS/SSL servers compliance with [Test SSL](https://testssl.sh/)","template_path":"templates/gitlab-ci-testssl.yml","kind":"acceptance","prefix":"testssl","is_component":true,"variables":[{"name":"TESTSSL_IMAGE","description":"The Docker image used to run [Test SSL](https://testssl.sh/)","default":"registry.hub.docker.com/drwetter/testssl.sh:latest"},{"name":"TESTSSL_ARGS","description":"Test SSL [command-line options](https://testssl.sh/#usage)","default":"--severity MEDIUM","advanced":true},{"name":"TESTSSL_URL","description":"Server url to test TLS/SSL against\n\n_Leave unset if you're using deployment templates_"},{"name":"REVIEW_ENABLED","description":"Set to enable Test SSL tests on review environments (dynamic environments instantiated on development branches)","type":"boolean"}],"extension_id":null,"project":{"tag":"3.6.0","tags":["3.6.0","3.6","3.5.0","3.5","3.4.1","3.4.0","3.4","3.3.0","3.3","3.2.1","3.2.0","3.2","3.1.2","3.1.1","3.1.0","3.1","3.0.0","3.0","3","2.1.0","2.1","2.0.1","2.0.0","2","1.2.0","1.1.0","1.0.0"],"name":"testssl","path":"to-be-continuous/testssl","web_url":"https://gitlab.com/to-be-continuous/testssl","avatar":"https://gitlab.com/uploads/-/system/project/avatar/26454277/logo.png"}}]}