diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d163e3317ff2d7afc26c886f7d15a8db3316ed19..6e5dffbe9a0a49c6afbd9d0fba936ad2c1e199ca 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -10,7 +10,7 @@ include:
file: '/templates/validation.yml'
- project: 'to-be-continuous/bash'
ref: '3.3'
- file: 'templates/gitlab-ci-bash.yml'
+ file: '/templates/gitlab-ci-bash.yml'
- project: 'to-be-continuous/semantic-release'
ref: '3.7'
file: '/templates/gitlab-ci-semrel.yml'
diff --git a/README.md b/README.md
index 0a4e11bb95c7f6d9c297b0ac299a9a39fad3f541..9876c5574db23b2784f8f12da89e1d3c49892f9b 100644
--- a/README.md
+++ b/README.md
@@ -4,27 +4,54 @@ This project implements a GitLab CI/CD template to build, test and analyse your
## Usage
-In order to include this template in your project, add the following to your `gitlab-ci.yml`:
+This template can be used both as a [CI/CD component](https://docs.gitlab.com/ee/ci/components/#use-a-component-in-a-cicd-configuration)
+or using the legacy [`include:project`](https://docs.gitlab.com/ee/ci/yaml/index.html#includeproject) syntax.
+
+### Use as a CI/CD component
+
+Add the following to your `gitlab-ci.yml`:
```yaml
include:
+ # 1: include the component
+ - component: gitlab.com/to-be-continuous/maven/gitlab-ci-maven@3.8.0
+ # 2: set/override component inputs
+ inputs:
+ # ⚠ this is only an example
+ image: registry.hub.docker.com/library/maven:3.8-openjdk-18
+ deploy-enabled: true
+```
+
+### Use as a CI/CD template (legacy)
+
+Add the following to your `gitlab-ci.yml`:
+
+```yaml
+include:
+ # 1: include the template
- project: 'to-be-continuous/maven'
ref: '3.8.0'
file: '/templates/gitlab-ci-maven.yml'
+
+variables:
+ # 2: set/override template variables
+ # ⚠ this is only an example
+ MAVEN_IMAGE: registry.hub.docker.com/library/maven:3.8-openjdk-18
+ MAVEN_DEPLOY_ENABLED: "true"
```
## Global configuration
The Maven template uses some global configuration throughout all jobs.
-| Name | description | default value |
+| Input / Variable | Description | Default value |
| --------------------- |--------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------|
-| `MAVEN_IMAGE` | The Docker image used to run Maven <br/>:warning: **set the version required by your project** | `registry.hub.docker.com/library/maven:latest` |
-| `MAVEN_PROJECT_DIR` | Maven projet root directory | `.` |
-| `MAVEN_CFG_DIR` | The Maven configuration directory | `.m2` |
-| `MAVEN_SETTINGS_FILE` | The Maven `settings.xml` file path | `${MAVEN_CFG_DIR}/settings.xml` |
-| `MAVEN_OPTS` | [Global Maven options](http://maven.apache.org/configure.html#maven_opts-environment-variable) | `-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=${MAVEN_CFG_DIR}/repository -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true` |
-| `MAVEN_CLI_OPTS` | Additional [Maven options](https://maven.apache.org/ref/3-LATEST/maven-embedder/cli.html) used on the command line | `--no-transfer-progress --batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true` |
+| `image` / `MAVEN_IMAGE` | The Docker image used to run Maven <br/>:warning: **set the version required by your project** | `registry.hub.docker.com/library/maven:latest` |
+| `project-dir` / `MAVEN_PROJECT_DIR` | Maven projet root directory | `.` |
+| `cfg-dir` / `MAVEN_CFG_DIR` | The Maven configuration directory | `.m2` |
+| `settings-file` / `MAVEN_SETTINGS_FILE` | The Maven `settings.xml` file path | `${MAVEN_CFG_DIR}/settings.xml` |
+| `opts` / `MAVEN_OPTS` | [Global Maven options](http://maven.apache.org/configure.html#maven_opts-environment-variable) | `-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=${MAVEN_CFG_DIR}/repository -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true` |
+| `cli-opts` / `MAVEN_CLI_OPTS` | Additional [Maven options](https://maven.apache.org/ref/3-LATEST/maven-embedder/cli.html) used on the command line | `--no-transfer-progress --batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true` |
### About `$MAVEN_CFG_DIR`
@@ -51,9 +78,9 @@ for test jobs dependency reasons (some test jobs such as SONAR analysis have a d
It uses the following variable:
-| Name | description | default value |
+| Input / Variable | Description | Default value |
| --------------------- | ---------------------------------------- | ----------------- |
-| `MAVEN_BUILD_ARGS` | Maven arguments for the build & test job | `org.jacoco:jacoco-maven-plugin:prepare-agent verify org.jacoco:jacoco-maven-plugin:report` |
+| `build-args` / `MAVEN_BUILD_ARGS` | Maven arguments for the build & test job | `org.jacoco:jacoco-maven-plugin:prepare-agent verify org.jacoco:jacoco-maven-plugin:report` |
#### About Code Coverage
@@ -81,14 +108,14 @@ More info:
This job, **disabled by default**, is bound to the `test` stage and performs a SonarQube analysis of your code.
This job uses the following variables:
-| Name | description | default value |
+| Input / Variable | Description | Default value |
| ------------------------ | -------------------------------------- | ----------------- |
-| `SONAR_HOST_URL` | SonarQube server url | _none_ (disabled) |
+| `sonar-host-url` / `SONAR_HOST_URL` | SonarQube server url | _none_ (disabled) |
| :lock: `SONAR_TOKEN` | SonarQube authentication [token](https://docs.sonarsource.com/sonarqube/latest/user-guide/user-account/generating-and-using-tokens/#using-a-token) (depends on your authentication method) | _none_ |
| :lock: `SONAR_LOGIN` | SonarQube [login](https://docs.sonarsource.com/sonarqube/latest/extension-guide/web-api/#http-basic-access) (depends on your authentication method) | _none_ |
| :lock: `SONAR_PASSWORD` | SonarQube password (depends on your authentication method) | _none_ |
-| `SONAR_BASE_ARGS` | SonarQube [analysis arguments](https://docs.sonarsource.com/sonarqube/latest/analyzing-source-code/analysis-parameters/) | `sonar:sonar -Dsonar.links.homepage=${CI_PROJECT_URL} -Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines -Dsonar.links.issue=${CI_PROJECT_URL}/-/issues` |
-| `SONAR_QUALITY_GATE_ENABLED` | Set to `true` to enable SonarQube [Quality Gate](https://docs.sonarsource.com/sonarqube/latest/user-guide/quality-gates/) verification.<br/>_Uses `sonar.qualitygate.wait` parameter ([see doc](https://docs.sonarsource.com/sonarqube/latest/analyzing-source-code/ci-integration/overview/#quality-gate-fails))._ | _none_ (disabled) |
+| `sonar-base-args` / `SONAR_BASE_ARGS` | SonarQube [analysis arguments](https://docs.sonarsource.com/sonarqube/latest/analyzing-source-code/analysis-parameters/) | `sonar:sonar -Dsonar.links.homepage=${CI_PROJECT_URL} -Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines -Dsonar.links.issue=${CI_PROJECT_URL}/-/issues` |
+| `sonar-quality-gate-enabled` / `SONAR_QUALITY_GATE_ENABLED` | Set to `true` to enable SonarQube [Quality Gate](https://docs.sonarsource.com/sonarqube/latest/user-guide/quality-gates/) verification.<br/>_Uses `sonar.qualitygate.wait` parameter ([see doc](https://docs.sonarsource.com/sonarqube/latest/analyzing-source-code/ci-integration/overview/#quality-gate-fails))._ | _none_ (disabled) |
#### Recommended minimal configuration
@@ -141,10 +168,10 @@ analysis.
It is bound to the `test` stage, and uses the following variables:
-| Name | description | default value |
+| Input / Variable | Description | Default value |
| --------------------- | -------------------------------------- | ----------------- |
-| `MAVEN_DEPENDENCY_CHECK_DISABLED` | Set to `true` to disable this job | _none_ |
-| `MAVEN_DEPENDENCY_CHECK_ARGS` | Maven arguments for Dependency Check job | `org.owasp:dependency-check-maven:check -DretireJsAnalyzerEnabled=false -DassemblyAnalyzerEnabled=false` |
+| `dependency-check-disabled` / `MAVEN_DEPENDENCY_CHECK_DISABLED` | Set to `true` to disable this job | _none_ |
+| `dependency-check-args` / `MAVEN_DEPENDENCY_CHECK_ARGS` | Maven arguments for Dependency Check job | `org.owasp:dependency-check-maven:check -DretireJsAnalyzerEnabled=false -DassemblyAnalyzerEnabled=false` |
A Dependency Check is a quite long operation and therefore the job is configured to be ran __manually__ by default.
@@ -187,9 +214,9 @@ Failure is allowed in feature branches.
It is bound to the `test` stage, and uses the following variables:
-| Name | description | default value |
+| Input / Variable | Description | Default value |
| --------------------- | -------------------------------------- | ----------------- |
-| `MVN_FORBID_SNAPSHOT_DEPENDENCIES_DISABLED` | Set to `true` to disable this job | _none_ |
+| `mvn-forbid-snapshot-dependencies-disabled` / `MVN_FORBID_SNAPSHOT_DEPENDENCIES_DISABLED` | Set to `true` to disable this job | _none_ |
### `mvn-sbom` job
@@ -197,10 +224,10 @@ This job generates a [SBOM](https://cyclonedx.org/) file listing all dependencie
It is bound to the `test` stage, and uses the following variables:
-| Name | description | default value |
+| Input / Variable | Description | Default value |
| --------------------- | -------------------------------------- | ----------------- |
-| `MAVEN_SBOM_DISABLED` | Set to `true` to disable this job | _none_ |
-| `MAVEN_SBOM_GEN_ARGS` | Maven command used for SBOM analysis | `org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom` |
+| `sbom-disabled` / `MAVEN_SBOM_DISABLED` | Set to `true` to disable this job | _none_ |
+| `sbom-gen-args` / `MAVEN_SBOM_GEN_ARGS` | Maven command used for SBOM analysis | `org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom` |
### `mvn-release` & `mvn-deploy-*` jobs
@@ -216,18 +243,18 @@ These jobs are **disabled by default** and - when enabled - respectively perform
They are bound to the `publish` stage, and use the following variables:
-| Name | description | default value |
+| Input / Variable | Description | Default value |
| ----------------------------------- | ------------------------------------------------------------ | ----------------- |
-| `MAVEN_DEPLOY_ENABLED` | Set to `true` to enable release and publish jobs | _none_ (disabled) |
-| `MAVEN_DEPLOY_FROM_UNPROTECTED_DISABLED`| Set to `true` to limit snapshot publication to protected branches | _none_ (disabled) |
-| `MAVEN_DEPLOY_SNAPSHOT_WITH_SLUG_ENABLED`| Set to `true` to inject the Git branch slug in SNAPSHOT versions | _none_ (disabled) |
-| `MAVEN_DEPLOY_ARGS` | Maven arguments for the `mvn-deploy` job | `deploy -Dmaven.test.skip=true` |
-| `MAVEN_RELEASE_ARGS` | Maven arguments for the `mvn-release` job | `release:prepare -DtagNameFormat=@{project.version} -Darguments=-Dmaven.test.skip=true` |
-| `MAVEN_RELEASE_VERSION` | Explicit version to use when triggering a release | _none_ (uses the current snapshot version from `pom.xml`) |
-| `MAVEN_RELEASE_SCM_COMMENT_PREFIX` | Maven release plugin [scmCommentPrefix](https://maven.apache.org/maven-release/maven-release-plugin/prepare-mojo.html#scmCommentPrefix) parameter | `chore(maven-release): ` |
-| `MAVEN_RELEASE_SCM_RELEASE_COMMENT` | Maven release plugin [scmReleaseCommitComment](https://maven.apache.org/maven-release/maven-release-plugin/prepare-mojo.html#scmReleaseCommitComment) parameter (since Maven `3.0.0-M1`) | _none_ (Maven default) |
-| `MAVEN_RELEASE_SCM_DEV_COMMENT` | Maven release plugin [scmDevelopmentCommitComment](https://maven.apache.org/maven-release/maven-release-plugin/prepare-mojo.html#scmDevelopmentCommitComment) parameter (since Maven `3.0.0-M1`) | _none_ (Maven default) |
-| `MVN_SEMREL_RELEASE_DISABLED` | Set to `true` to disable [semantic-release integration](#semantic-release-integration) | _none_ (disabled) |
+| `deploy-enabled` / `MAVEN_DEPLOY_ENABLED` | Set to `true` to enable release and publish jobs | _none_ (disabled) |
+| `deploy-from-unprotected-disabled` / `MAVEN_DEPLOY_FROM_UNPROTECTED_DISABLED` | Set to `true` to limit snapshot publication to protected branches | _none_ (disabled) |
+| `deploy-snapshot-with-slug-enabled` / `MAVEN_DEPLOY_SNAPSHOT_WITH_SLUG_ENABLED` | Set to `true` to inject the Git branch slug in SNAPSHOT versions | _none_ (disabled) |
+| `deploy-args` / `MAVEN_DEPLOY_ARGS` | Maven arguments for the `mvn-deploy` job | `deploy -Dmaven.test.skip=true` |
+| `release-args` / `MAVEN_RELEASE_ARGS` | Maven arguments for the `mvn-release` job | `release:prepare -DtagNameFormat=@{project.version} -Darguments=-Dmaven.test.skip=true` |
+| `release-version` / `MAVEN_RELEASE_VERSION` | Explicit version to use when triggering a release | _none_ (uses the current snapshot version from `pom.xml`) |
+| `release-scm-comment-prefix` / `MAVEN_RELEASE_SCM_COMMENT_PREFIX` | Maven release plugin [scmCommentPrefix](https://maven.apache.org/maven-release/maven-release-plugin/prepare-mojo.html#scmCommentPrefix) parameter | `chore(maven-release): ` |
+| `release-scm-release-comment` / `MAVEN_RELEASE_SCM_RELEASE_COMMENT` | Maven release plugin [scmReleaseCommitComment](https://maven.apache.org/maven-release/maven-release-plugin/prepare-mojo.html#scmReleaseCommitComment) parameter (since Maven `3.0.0-M1`) | _none_ (Maven default) |
+| `release-scm-dev-comment` / `MAVEN_RELEASE_SCM_DEV_COMMENT` | Maven release plugin [scmDevelopmentCommitComment](https://maven.apache.org/maven-release/maven-release-plugin/prepare-mojo.html#scmDevelopmentCommitComment) parameter (since Maven `3.0.0-M1`) | _none_ (Maven default) |
+| `mvn-semrel-release-disabled` / `MVN_SEMREL_RELEASE_DISABLED` | Set to `true` to disable [semantic-release integration](#semantic-release-integration) | _none_ (disabled) |
More info:
@@ -436,10 +463,10 @@ This variant uses the [Jib Maven Plugin](https://github.com/GoogleContainerTools
##### Images and registries config
-| Name | Description | Default value |
+| Input / Variable | Description | Default value |
| -------------------------------------------- | ------------------------ | ------------------------------------------------- |
-| `MAVEN_JIB_SNAPSHOT_IMAGE` | Container snapshot image | `$CI_REGISTRY_IMAGE/snapshot:$CI_COMMIT_REF_SLUG` |
-| `MAVEN_JIB_RELEASE_IMAGE` | Container release image | `$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME` |
+| `jib-snapshot-image` / `MAVEN_JIB_SNAPSHOT_IMAGE` | Container snapshot image | `$CI_REGISTRY_IMAGE/snapshot:$CI_COMMIT_REF_SLUG` |
+| `jib-release-image` / `MAVEN_JIB_RELEASE_IMAGE` | Container release image | `$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME` |
| :lock: `MAVEN_JIB_REGISTRY_USER` | Default registry username for image registry | `$CI_REGISTRY_USER` _(default GitLab registry user)_ |
| :lock: `MAVEN_JIB_REGISTRY_PASSWORD` | Default registry password for image registry | `$CI_REGISTRY_PASSWORD` _(default GitLab registry password)_ |
| :lock: `MAVEN_JIB_REGISTRY_SNAPSHOT_USER` | Registry username for snapshot image registry.<br/> Only set if different from default. | _none_ |
@@ -451,13 +478,13 @@ The template uses GitLab registries and authentication defaults. See the Docker
##### Security scanning and reporting
-| Name | Description | Default value |
+| Input / Variable | Description | Default value |
| -------------------------------------- | ------------------------ | ------------------------------------------------- |
-| `MAVEN_SBOM_IMAGE` | The image used to perform and complete the Security Bill of Materials | `registry.hub.docker.com/anchore/syft:debug` |
-| `MAVEN_SBOM_OPTS` | SBOM options to complete the Security Bill of Materials | `--catalogers rpm-db-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger,portage-catalogerE` |
-| `MAVEN_TRIVY_SECURITY_LEVEL_THRESHOLD` | Security level which fails the `mvn-trivy` job | `UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL` |
-| `MAVEN_TRIVY_IMAGE` | The image to perform container security scanning | `registry.hub.docker.com/aquasec/trivy:latest` |
-| `MAVEN_TRIVY_ARGS` | Arguments for the execution of Trivy | `--ignore-unfixed --vuln-type os` |
+| `sbom-image` / `MAVEN_SBOM_IMAGE` | The image used to perform and complete the Security Bill of Materials | `registry.hub.docker.com/anchore/syft:debug` |
+| `sbom-opts` / `MAVEN_SBOM_OPTS` | SBOM options to complete the Security Bill of Materials | `--catalogers rpm-db-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger,portage-catalogerE` |
+| `trivy-security-level-threshold` / `MAVEN_TRIVY_SECURITY_LEVEL_THRESHOLD` | Security level which fails the `mvn-trivy` job | `UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL` |
+| `trivy-image` / `MAVEN_TRIVY_IMAGE` | The image to perform container security scanning | `registry.hub.docker.com/aquasec/trivy:latest` |
+| `trivy-args` / `MAVEN_TRIVY_ARGS` | Arguments for the execution of Trivy | `--ignore-unfixed --vuln-type os` |
##### Jib build and publish configuration
@@ -467,12 +494,12 @@ Tho `mvn-build` job produces and uploads the container snapshot to the registry
Publishing the release image follows the two-phase Maven release and deploy model. The `mvn-release` job is responsible for versioning and tagging
the `pom.xml` using the Maven Release Plugin, e.g., `release:prepare`. The `mvn-deploy-release` job deploys, or "releases," the container via [`skopeo copy` arguments](https://github.com/containers/skopeo/blob/main/docs/skopeo-copy.1.md) to the provided registry in `$MAVEN_JIB_RELEASE_IMAGE`.
-| Name | Description | Default value |
+| Input / Variable | Description | Default value |
| --------------------------------- | ---------------------------------------------------------- | ----------------- |
-| `MAVEN_SKOPEO_IMAGE` | The image used to publish docker image with Skopeo | `quay.io/skopeo/stable:latest` |
-| `MAVEN_JIB_BUILD_ARGS` | [Jib Maven Plugin arguments](https://github.com/GoogleContainerTools/jib/tree/master/jib-maven-plugin#extended-usage). | `-Djib.to.image=$MAVEN_JIB_SNAPSHOT_IMAGE` |
-| `MAVEN_JIB_PUBLISH_ARGS` | Additional [`skopeo copy` arguments](https://github.com/containers/skopeo/blob/main/docs/skopeo-copy.1.md), e.g., `--additional-tag=strings` | _none_ |
-| `MAVEN_JIB_PROD_PUBLISH_STRATEGY` | Defines the publish to production strategy for `mvn-release` and `mvn-deploy-release` jobs. One of `none`, `auto`, `manual`. | `manual` |
+| `skopeo-image` / `MAVEN_SKOPEO_IMAGE` | The image used to publish docker image with Skopeo | `quay.io/skopeo/stable:latest` |
+| `jib-build-args` / `MAVEN_JIB_BUILD_ARGS` | [Jib Maven Plugin arguments](https://github.com/GoogleContainerTools/jib/tree/master/jib-maven-plugin#extended-usage). | `-Djib.to.image=$MAVEN_JIB_SNAPSHOT_IMAGE` |
+| `jib-publish-args` / `MAVEN_JIB_PUBLISH_ARGS` | Additional [`skopeo copy` arguments](https://github.com/containers/skopeo/blob/main/docs/skopeo-copy.1.md), e.g., `--additional-tag=strings` | _none_ |
+| `jib-prod-publish-strategy` / `MAVEN_JIB_PROD_PUBLISH_STRATEGY` | Defines the publish to production strategy for `mvn-release` and `mvn-deploy-release` jobs. One of `none`, `auto`, `manual`. | `manual` |
#### Usage
@@ -499,13 +526,7 @@ All authentication methods should use masked GitLab environment variables.
```yaml
include:
# main template
- - project: 'to-be-continuous/maven'
- ref: '3.8.0'
- file: '/templates/gitlab-ci-maven.yml'
+ - component: gitlab.com/to-be-continuous/maven/gitlab-ci-maven@3.8.0
# Jib is implemented as an extension to Maven, and uses supporting features of the TBC Maven template
- - project: 'to-be-continuous/maven'
- ref: '3.8.0'
- file: '/templates/gitlab-ci-maven-jib.yml'
-
-variables:
+ - component: gitlab.com/to-be-continuous/maven/gitlab-ci-maven-jib@3.8.0
```
diff --git a/bumpversion.sh b/bumpversion.sh
index f06829a406ca8da98e570e8ad7d8bb22367b668d..ed44d7b68b0e09f6d2cf557f7a15e52553246341 100755
--- a/bumpversion.sh
+++ b/bumpversion.sh
@@ -27,13 +27,13 @@ if [[ "$curVer" ]]; then
log_info "Bump version from \\e[33;1m${curVer}\\e[0m to \\e[33;1m${nextVer}\\e[0m (release type: $relType)..."
# replace in README
- sed -e "s/ref: '$curVer'/ref: '$nextVer'/" README.md > README.md.next
+ sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\”/ref: \”$nextVer\”/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next
mv -f README.md.next README.md
# replace in template and variants
for tmpl in templates/*.yml
do
- sed -e "s/\"$curVer\"/\"$nextVer\"/" "$tmpl" > "$tmpl.next"
+ sed -e "s/command: *\[\"--service\", \"\(.*\)\", \"$curVer\"\]/command: [\"--service\", \"\1\", \"$nextVer\"]/" "$tmpl" > "$tmpl.next"
mv -f "$tmpl.next" "$tmpl"
done
else
diff --git a/kicker.json b/kicker.json
index 3ecf39714045601afa2ad266aff695722c1df383..23270ab6355b1826b9bcbab271712ee7cd4fba21 100644
--- a/kicker.json
+++ b/kicker.json
@@ -3,6 +3,8 @@
"description": "Build, test and analyse your [Maven](https://maven.apache.org/)-based projects",
"template_path": "templates/gitlab-ci-maven.yml",
"kind": "build",
+ "prefix": "maven",
+ "is_component": true,
"variables": [
{
"name": "MAVEN_IMAGE",
@@ -205,98 +207,104 @@
}
],
"variants": [
- {
- "id": "jib",
- "name": "Jib",
- "description": "Build Docker and OCI images for your Java applications with [Jib](https://github.com/GoogleContainerTools/jib)",
- "template_path": "templates/gitlab-ci-maven-jib.yml",
- "features": [
- {
- "id": "mvn-trivy",
- "name": "Maven Trivy",
- "description": "[Trivy](https://github.com/aquasecurity/trivy) vulnerability analysis",
- "disable_with": "MAVEN_TRIVY_DISABLED",
- "variables": [
- {
- "name": "MAVEN_TRIVY_IMAGE",
- "description": "The docker image used to scan images with Trivy",
- "default": "registry.hub.docker.com/aquasec/trivy:latest",
- "advanced": true
- },
- {
- "name": "MAVEN_TRIVY_ADDR",
- "type": "url",
- "description": "The Trivy server address"
- },
- {
- "name": "MAVEN_TRIVY_SECURITY_LEVEL_THRESHOLD",
- "type": "enum",
- "values": ["UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL", "LOW,MEDIUM,HIGH,CRITICAL", "MEDIUM,HIGH,CRITICAL", "HIGH,CRITICAL", "CRITICAL"],
- "description": "Severities of vulnerabilities to be displayed (comma separated values: `UNKNOWN`, `LOW`, `MEDIUM`, `HIGH`, `CRITICAL`)",
- "default": "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
- },
- {
- "name": "MAVEN_TRIVY_ARGS",
- "description": "Additional `trivy client` arguments",
- "default": "--ignore-unfixed --vuln-type os",
- "advanced": true
- }
- ]
- },
- {
- "id": "mvn-sbom",
- "name": "Maven Software Bill of Materials",
- "description": "This job generates a file listing all dependencies using [syft](https://github.com/anchore/syft)",
- "disable_with": "MAVEN_SBOM_DISABLED",
- "variables": [
- {
- "name": "MAVEN_SBOM_IMAGE",
- "default": "registry.hub.docker.com/anchore/syft:debug",
- "advanced": true
- },
- {
- "name": "MAVEN_SBOM_OPTS",
- "description": "Options for syft used for SBOM analysis",
- "default": "--catalogers rpm-db-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger,portage-cataloger",
- "advanced": true
- }
- ]
- }
- ],
- "variables": [
- {
- "name": "MAVEN_JIB_SNAPSHOT_IMAGE",
- "description": "Maven Jib Snapshot image",
- "default": "$CI_REGISTRY_IMAGE/snapshot:$CI_COMMIT_REF_SLUG"
- },
- {
- "name": "MAVEN_JIB_RELEASE_IMAGE",
- "description": "Maven Jib Release image",
- "default": "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"
- },
- {
- "name": "MAVEN_SKOPEO_IMAGE",
- "description": "The image used to publish images with Skopeo",
- "default": "quay.io/skopeo/stable:latest",
- "advanced": true
- },
- {
- "name": "MAVEN_JIB_BUILD_ARGS",
- "description": "[Jib Maven Plugin arguments](https://github.com/GoogleContainerTools/jib/tree/master/jib-maven-plugin#extended-usage)",
- "default": "-Djib.to.image=$MAVEN_JIB_SNAPSHOT_IMAGE"
- },
- {
- "name": "MAVEN_JIB_PROD_PUBLISH_STRATEGY",
- "description": "Defines the publish to production strategy.",
- "type": "enum",
- "values": ["none", "manual", "auto"],
- "default": "manual"
- },
- {
- "name": "MAVEN_JIB_PUBLISH_ARGS",
- "description": "Additional [`skopeo copy` arguments](https://github.com/containers/skopeo/blob/master/docs/skopeo-copy.1.md#options)"
- }
- ]
- }
+ {
+ "id": "jib",
+ "name": "Jib",
+ "description": "Build Docker and OCI images for your Java applications with [Jib](https://github.com/GoogleContainerTools/jib)",
+ "template_path": "templates/gitlab-ci-maven-jib.yml",
+ "features": [
+ {
+ "id": "mvn-trivy",
+ "name": "Maven Trivy",
+ "description": "[Trivy](https://github.com/aquasecurity/trivy) vulnerability analysis",
+ "disable_with": "MAVEN_TRIVY_DISABLED",
+ "variables": [
+ {
+ "name": "MAVEN_TRIVY_IMAGE",
+ "description": "The docker image used to scan images with Trivy",
+ "default": "registry.hub.docker.com/aquasec/trivy:latest",
+ "advanced": true
+ },
+ {
+ "name": "MAVEN_TRIVY_ADDR",
+ "type": "url",
+ "description": "The Trivy server address"
+ },
+ {
+ "name": "MAVEN_TRIVY_SECURITY_LEVEL_THRESHOLD",
+ "type": "enum",
+ "values": [
+ "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL",
+ "LOW,MEDIUM,HIGH,CRITICAL",
+ "MEDIUM,HIGH,CRITICAL",
+ "HIGH,CRITICAL",
+ "CRITICAL"
+ ],
+ "description": "Severities of vulnerabilities to be displayed (comma separated values: `UNKNOWN`, `LOW`, `MEDIUM`, `HIGH`, `CRITICAL`)",
+ "default": "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
+ },
+ {
+ "name": "MAVEN_TRIVY_ARGS",
+ "description": "Additional `trivy client` arguments",
+ "default": "--ignore-unfixed --vuln-type os",
+ "advanced": true
+ }
+ ]
+ },
+ {
+ "id": "mvn-sbom",
+ "name": "Maven Software Bill of Materials",
+ "description": "This job generates a file listing all dependencies using [syft](https://github.com/anchore/syft)",
+ "disable_with": "MAVEN_SBOM_DISABLED",
+ "variables": [
+ {
+ "name": "MAVEN_SBOM_IMAGE",
+ "default": "registry.hub.docker.com/anchore/syft:debug",
+ "advanced": true
+ },
+ {
+ "name": "MAVEN_SBOM_OPTS",
+ "description": "Options for syft used for SBOM analysis",
+ "default": "--catalogers rpm-db-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger,portage-cataloger",
+ "advanced": true
+ }
+ ]
+ }
+ ],
+ "variables": [
+ {
+ "name": "MAVEN_JIB_SNAPSHOT_IMAGE",
+ "description": "Maven Jib Snapshot image",
+ "default": "$CI_REGISTRY_IMAGE/snapshot:$CI_COMMIT_REF_SLUG"
+ },
+ {
+ "name": "MAVEN_JIB_RELEASE_IMAGE",
+ "description": "Maven Jib Release image",
+ "default": "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"
+ },
+ {
+ "name": "MAVEN_SKOPEO_IMAGE",
+ "description": "The image used to publish images with Skopeo",
+ "default": "quay.io/skopeo/stable:latest",
+ "advanced": true
+ },
+ {
+ "name": "MAVEN_JIB_BUILD_ARGS",
+ "description": "[Jib Maven Plugin arguments](https://github.com/GoogleContainerTools/jib/tree/master/jib-maven-plugin#extended-usage)",
+ "default": "-Djib.to.image=$MAVEN_JIB_SNAPSHOT_IMAGE"
+ },
+ {
+ "name": "MAVEN_JIB_PROD_PUBLISH_STRATEGY",
+ "description": "Defines the publish to production strategy.",
+ "type": "enum",
+ "values": ["none", "manual", "auto"],
+ "default": "manual"
+ },
+ {
+ "name": "MAVEN_JIB_PUBLISH_ARGS",
+ "description": "Additional [`skopeo copy` arguments](https://github.com/containers/skopeo/blob/master/docs/skopeo-copy.1.md#options)"
+ }
+ ]
+ }
]
}
diff --git a/logo.png b/logo.png
index 2dd51fb18916b429323eb0296756f1f8aa740a46..0776126ab1c1593539e5261ffd3733b75d7c85c3 100644
Binary files a/logo.png and b/logo.png differ
diff --git a/templates/gitlab-ci-maven-jib.yml b/templates/gitlab-ci-maven-jib.yml
index 7e0875a2d16d00543032663b67bc0976d60a802d..395c91e2fa0f9293a75a3995c91c6ac4feb8de6e 100644
--- a/templates/gitlab-ci-maven-jib.yml
+++ b/templates/gitlab-ci-maven-jib.yml
@@ -1,17 +1,73 @@
# =====================================================================================================================
# === JIB template variant
# =====================================================================================================================
+spec:
+ inputs:
+ jib-snapshot-image:
+ description: Maven Jib Snapshot image
+ default: $CI_REGISTRY_IMAGE/snapshot:$CI_COMMIT_REF_SLUG
+ jib-release-image:
+ description: Maven Jib Release image
+ default: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
+ skopeo-image:
+ description: The image used to publish images with Skopeo
+ default: quay.io/skopeo/stable:latest
+ jib-build-args:
+ description: '[Jib Maven Plugin arguments](https://github.com/GoogleContainerTools/jib/tree/master/jib-maven-plugin#extended-usage)'
+ default: -Djib.to.image=$MAVEN_JIB_SNAPSHOT_IMAGE
+ jib-prod-publish-strategy:
+ description: Defines the publish to production strategy.
+ options:
+ - none
+ - manual
+ - auto
+ default: manual
+ jib-publish-args:
+ description: Additional [`skopeo copy` arguments](https://github.com/containers/skopeo/blob/master/docs/skopeo-copy.1.md#options)
+ default: ''
+ trivy-disabled:
+ description: Disable Maven Trivy
+ type: boolean
+ default: false
+ trivy-image:
+ description: The docker image used to scan images with Trivy
+ default: registry.hub.docker.com/aquasec/trivy:latest
+ trivy-addr:
+ description: The Trivy server address
+ default: ''
+ trivy-security-level-threshold:
+ description: 'Severities of vulnerabilities to be displayed (comma separated values:
+ `UNKNOWN`, `LOW`, `MEDIUM`, `HIGH`, `CRITICAL`)'
+ options:
+ - UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
+ - LOW,MEDIUM,HIGH,CRITICAL
+ - MEDIUM,HIGH,CRITICAL
+ - HIGH,CRITICAL
+ - CRITICAL
+ default: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
+ trivy-args:
+ description: Additional `trivy client` arguments
+ default: --ignore-unfixed --vuln-type os
+ sbom-image:
+ default: registry.hub.docker.com/anchore/syft:debug
+ sbom-opts:
+ description: Options for syft used for SBOM analysis
+ default: --catalogers rpm-db-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger,portage-cataloger
+---
variables:
- MAVEN_SBOM_IMAGE: "registry.hub.docker.com/anchore/syft:debug"
- MAVEN_SBOM_OPTS: "--catalogers rpm-db-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger,portage-cataloger"
- MAVEN_TRIVY_SECURITY_LEVEL_THRESHOLD: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
- MAVEN_TRIVY_IMAGE: "registry.hub.docker.com/aquasec/trivy:latest"
- MAVEN_TRIVY_ARGS: "--ignore-unfixed --vuln-type os"
- MAVEN_JIB_SNAPSHOT_IMAGE: "$CI_REGISTRY_IMAGE/snapshot:$CI_COMMIT_REF_SLUG"
- MAVEN_JIB_RELEASE_IMAGE: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"
- MAVEN_JIB_BUILD_ARGS: "-Djib.to.image=$MAVEN_JIB_SNAPSHOT_IMAGE"
- MAVEN_JIB_PROD_PUBLISH_STRATEGY: "manual"
- MAVEN_SKOPEO_IMAGE: "quay.io/skopeo/stable:latest"
+ MAVEN_SBOM_IMAGE: $[[ inputs.sbom-image ]]
+ MAVEN_SBOM_OPTS: $[[ inputs.sbom-opts ]]
+ MAVEN_TRIVY_SECURITY_LEVEL_THRESHOLD: $[[ inputs.trivy-security-level-threshold ]]
+ MAVEN_TRIVY_IMAGE: $[[ inputs.trivy-image ]]
+ MAVEN_TRIVY_ARGS: $[[ inputs.trivy-args ]]
+ MAVEN_JIB_SNAPSHOT_IMAGE: $[[ inputs.jib-snapshot-image ]]
+ MAVEN_JIB_RELEASE_IMAGE: $[[ inputs.jib-release-image ]]
+ MAVEN_JIB_BUILD_ARGS: $[[ inputs.jib-build-args ]]
+ MAVEN_JIB_PROD_PUBLISH_STRATEGY: $[[ inputs.jib-prod-publish-strategy ]]
+ MAVEN_SKOPEO_IMAGE: $[[ inputs.skopeo-image ]]
+ MAVEN_JIB_PUBLISH_ARGS: $[[ inputs.jib-publish-args ]]
+ MAVEN_TRIVY_DISABLED: $[[ inputs.trivy-disabled ]]
+ MAVEN_TRIVY_ADDR: $[[ inputs.trivy-addr ]]
.mvn-jib-scripts: &mvn-jib-scripts |
# BEGSCRIPT
diff --git a/templates/gitlab-ci-maven.yml b/templates/gitlab-ci-maven.yml
index 616fa22b41ce7742fec8164d97d039cc2bf42977..c468b4da2832a2c62f5f8bbaef7b295a3b2b6720 100644
--- a/templates/gitlab-ci-maven.yml
+++ b/templates/gitlab-ci-maven.yml
@@ -13,6 +13,122 @@
# program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
# Floor, Boston, MA 02110-1301, USA.
# =========================================================================================
+spec:
+ inputs:
+ image:
+ description: The Docker image used to run Maven - **set the version required by
+ your project**
+ default: registry.hub.docker.com/library/maven:latest
+ project-dir:
+ description: Maven project root directory
+ default: .
+ cfg-dir:
+ description: The Maven configuration directory
+ default: .m2
+ settings-file:
+ description: The Maven `settings.xml` file path
+ default: ${MAVEN_CFG_DIR}/settings.xml
+ opts:
+ description: '[Global Maven options](http://maven.apache.org/configure.html#maven_opts-environment-variable)'
+ default: >-
+ -Dhttps.protocols=TLSv1.2
+ -Dmaven.repo.local=${MAVEN_CFG_DIR}/repository
+ -Dorg.slf4j.simpleLogger.showDateTime=true
+ -Djava.awt.headless=true
+ cli-opts:
+ description: Additional [Maven options](https://maven.apache.org/ref/3-LATEST/maven-embedder/cli.html)
+ used on the command line
+ default: >-
+ --no-transfer-progress
+ --batch-mode
+ --errors
+ --fail-at-end
+ --show-version
+ -DinstallAtEnd=true
+ -DdeployAtEnd=true
+ build-args:
+ description: Maven arguments for the build & test job
+ default: org.jacoco:jacoco-maven-plugin:prepare-agent verify org.jacoco:jacoco-maven-plugin:report
+ sonar-host-url:
+ description: SonarQube server url
+ default: ''
+ sonar-base-args:
+ description: SonarQube [analysis arguments](https://docs.sonarqube.org/latest/analysis/analysis-parameters/)
+ default: >-
+ sonar:sonar
+ -Dsonar.links.homepage=${CI_PROJECT_URL}
+ -Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines
+ -Dsonar.links.issue=${CI_PROJECT_URL}/-/issues
+ sonar-quality-gate-enabled:
+ description: 'Enables SonarQube [Quality Gate](https://docs.sonarqube.org/latest/user-guide/quality-gates/)
+ verification.
+
+
+ _Uses `sonar.qualitygate.wait` parameter ([see doc](https://docs.sonarqube.org/latest/analysis/ci-integration-overview/#header-1))._'
+ type: boolean
+ default: false
+ dependency-check-disabled:
+ description: Disable Dependency-Check
+ type: boolean
+ default: false
+ dependency-check-args:
+ description: Maven arguments for Dependency Check job
+ default: >-
+ org.owasp:dependency-check-maven:aggregate
+ -DretireJsAnalyzerEnabled=false
+ -DassemblyAnalyzerEnabled=false
+ -Dformats=HTML,JSON,XML
+ mvn-forbid-snapshot-dependencies-disabled:
+ description: Disable Snapshot dependencies verification
+ type: boolean
+ default: false
+ sbom-disabled:
+ description: Disable Software Bill of Materials
+ type: boolean
+ default: false
+ sbom-gen-args:
+ description: Maven command used for SBOM analysis
+ default: org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom
+ deploy-enabled:
+ description: Enable Publish
+ type: boolean
+ default: false
+ deploy-args:
+ description: Maven arguments for the deploy job
+ default: deploy -Dmaven.test.skip=true
+ deploy-from-unprotected-disabled:
+ description: Set to limit snapshot publication to protected branches
+ type: boolean
+ default: false
+ deploy-snapshot-with-slug-enabled:
+ description: Enable to inject the Git branch slug in SNAPSHOT versions
+ type: boolean
+ default: false
+ release-args:
+ description: Maven arguments for the release job
+ default: release:prepare -DtagNameFormat=@{project.version} -Darguments=-Dmaven.test.skip=true
+ release-version:
+ description: 'Explicit version to use when triggering a release
+ _Otherwise uses the current snapshot version from `pom.xml`)_'
+ default: ''
+ release-scm-comment-prefix:
+ description: Maven release plugin [scmCommentPrefix](https://maven.apache.org/maven-release/maven-release-plugin/prepare-mojo.html#scmCommentPrefix)
+ parameter
+ default: 'chore(maven-release): '
+ release-scm-release-comment:
+ description: 'Maven release plugin [scmReleaseCommitComment](https://maven.apache.org/maven-release/maven-release-plugin/prepare-mojo.html#scmReleaseCommitComment)
+ parameter
+ (since Maven `3.0.0-M1`)'
+ default: ''
+ release-scm-dev-comment:
+ description: 'Maven release plugin [scmDevelopmentCommitComment](https://maven.apache.org/maven-release/maven-release-plugin/prepare-mojo.html#scmDevelopmentCommitComment)
+ parameter
+ (since Maven `3.0.0-M1`)'
+ default: ''
+ mvn-semrel-release-disabled:
+ description: Disable semantic-release integration
+ default: ''
+---
# default workflow rules: Merge Request pipelines
workflow:
rules:
@@ -59,70 +175,53 @@ variables:
TBC_TRACKING_IMAGE: "registry.gitlab.com/to-be-continuous/tools/tracking:master"
# Default Maven project root directory
- MAVEN_PROJECT_DIR: .
-
+ MAVEN_PROJECT_DIR: $[[ inputs.project-dir ]]
# Maven image (can be overridden)
- MAVEN_IMAGE: "registry.hub.docker.com/library/maven:latest"
-
+ MAVEN_IMAGE: $[[ inputs.image ]]
# default production ref name (pattern)
PROD_REF: '/^(master|main)$/'
# default integration ref name (pattern)
INTEG_REF: '/^develop$/'
# default release tag name (pattern)
RELEASE_REF: '/^v?[0-9]+\.[0-9]+\.[0-9]+$/'
-
# default configuration directory
- MAVEN_CFG_DIR: ".m2"
+ MAVEN_CFG_DIR: $[[ inputs.cfg-dir ]]
# default settings.xml file path
- MAVEN_SETTINGS_FILE: "$MAVEN_CFG_DIR/settings.xml"
-
+ MAVEN_SETTINGS_FILE: $[[ inputs.settings-file ]]
# `showDateTime` will show the passed time in milliseconds. You need to specify `--batch-mode` to make this work.
- MAVEN_OPTS: >-
- -Dhttps.protocols=TLSv1.2
- -Dmaven.repo.local=${MAVEN_CFG_DIR}/repository
- -Dorg.slf4j.simpleLogger.showDateTime=true
- -Djava.awt.headless=true
-
+ MAVEN_OPTS: $[[ inputs.opts ]]
# As of Maven 3.3.0 instead of this you may define these options in `.mvn/maven.config` so the same config is used
# when running from the command line.
# `installAtEnd` and `deployAtEnd` are only effective with recent version of the corresponding plugins.
- MAVEN_CLI_OPTS: >-
- --no-transfer-progress
- --batch-mode
- --errors
- --fail-at-end
- --show-version
- -DinstallAtEnd=true
- -DdeployAtEnd=true
-
+ MAVEN_CLI_OPTS: $[[ inputs.cli-opts ]]
# Maven build arguments
- MAVEN_BUILD_ARGS: "org.jacoco:jacoco-maven-plugin:prepare-agent verify org.jacoco:jacoco-maven-plugin:report"
-
+ MAVEN_BUILD_ARGS: $[[ inputs.build-args ]]
# Sonar base analysis default args
# see: https://docs.sonarqube.org/latest/analysis/analysis-parameters/
# default uses branch analysis: https://docs.sonarqube.org/latest/branches/overview/
- SONAR_BASE_ARGS: >-
- sonar:sonar
- -Dsonar.links.homepage=${CI_PROJECT_URL}
- -Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines
- -Dsonar.links.issue=${CI_PROJECT_URL}/-/issues
-
+ SONAR_BASE_ARGS: $[[ inputs.sonar-base-args ]]
# Dependency Check arguments
- MAVEN_DEPENDENCY_CHECK_ARGS: >-
- org.owasp:dependency-check-maven:aggregate
- -DretireJsAnalyzerEnabled=false
- -DassemblyAnalyzerEnabled=false
- -Dformats=HTML,JSON,XML
-
+ MAVEN_DEPENDENCY_CHECK_ARGS: $[[ inputs.dependency-check-args ]]
# SBOM genenration arguments
- MAVEN_SBOM_GEN_ARGS: org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom
-
+ MAVEN_SBOM_GEN_ARGS: $[[ inputs.sbom-gen-args ]]
# Maven deploy arguments
- MAVEN_DEPLOY_ARGS: "deploy -Dmaven.test.skip=true"
-
+ MAVEN_DEPLOY_ARGS: $[[ inputs.deploy-args ]]
# Maven release arguments
- MAVEN_RELEASE_ARGS: "release:prepare -DtagNameFormat=@{project.version} -Darguments=-Dmaven.test.skip=true"
- MAVEN_RELEASE_SCM_COMMENT_PREFIX: "chore(maven-release): "
+ MAVEN_RELEASE_ARGS: $[[ inputs.release-args ]]
+ MAVEN_RELEASE_SCM_COMMENT_PREFIX: $[[ inputs.release-scm-comment-prefix ]]
+
+ SONAR_HOST_URL: $[[ inputs.sonar-host-url ]]
+ SONAR_QUALITY_GATE_ENABLED: $[[ inputs.sonar-quality-gate-enabled ]]
+ MAVEN_DEPENDENCY_CHECK_DISABLED: $[[ inputs.dependency-check-disabled ]]
+ MVN_FORBID_SNAPSHOT_DEPENDENCIES_DISABLED: $[[ inputs.mvn-forbid-snapshot-dependencies-disabled ]]
+ MAVEN_SBOM_DISABLED: $[[ inputs.sbom-disabled ]]
+ MAVEN_DEPLOY_ENABLED: $[[ inputs.deploy-enabled ]]
+ MAVEN_DEPLOY_FROM_UNPROTECTED_DISABLED: $[[ inputs.deploy-from-unprotected-disabled ]]
+ MAVEN_DEPLOY_SNAPSHOT_WITH_SLUG_ENABLED: $[[ inputs.deploy-snapshot-with-slug-enabled ]]
+ MAVEN_RELEASE_VERSION: $[[ inputs.release-version ]]
+ MAVEN_RELEASE_SCM_RELEASE_COMMENT: $[[ inputs.release-scm-release-comment ]]
+ MAVEN_RELEASE_SCM_DEV_COMMENT: $[[ inputs.release-scm-dev-comment ]]
+ MVN_SEMREL_RELEASE_DISABLED: $[[ inputs.mvn-semrel-release-disabled ]]
stages:
- build