diff --git a/.gitlab/merge_request_templates/new_feature.md b/.gitlab/merge_request_templates/new_feature.md
index 74abae94c94dc0768bb5c51fe51ad253fce113fe..491b7f98ded7e0da03d18c95978eafcb7d86619f 100644
--- a/.gitlab/merge_request_templates/new_feature.md
+++ b/.gitlab/merge_request_templates/new_feature.md
@@ -8,8 +8,8 @@ Closes #999
## Checklist
* General:
- * [ ] use [rules](https://docs.gitlab.com/ee/ci/yaml/#rules) instead of [only/except](https://docs.gitlab.com/ee/ci/yaml/#onlyexcept-advanced)
- * [ ] optimized [cache](https://docs.gitlab.com/ee/ci/caching/) configuration (wherever applicable)
+ * [ ] use [rules](https://docs.gitlab.com/ci/yaml/#rules) instead of [only/except](https://docs.gitlab.com/ci/yaml/#onlyexcept-advanced)
+ * [ ] optimized [cache](https://docs.gitlab.com/ci/caching/) configuration (wherever applicable)
* Publicly usable:
* [ ] untagged runners
* [ ] no proxy configuration but support `http_proxy`/`https_proxy`/`no_proxy`
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9165b6e4cf6300cba9b40f838928d50fc4c8872b..9991db63fd61546a4997db1bae214fe18d7a1b86 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,18 @@
-# [4.2.0](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/node/compare/4.1.1...4.2.0) (2025-01-29)
+## [4.2.2](https://gitlab.com/to-be-continuous/node/compare/4.2.1...4.2.2) (2025-04-16)
+
+
+### Bug Fixes
+
+* **pnpm:** double dash not supported by pnpm ([776ddb5](https://gitlab.com/to-be-continuous/node/commit/776ddb5168174108f2d1c01a0bfaddd8e9e293d9))
+
+## [4.2.1](https://gitlab.com/to-be-continuous/node/compare/4.2.0...4.2.1) (2025-01-31)
+
+
+### Bug Fixes
+
+* **sbom:** only generate SBOMs on prod branches, integ branches and release tags ([b61bdcd](https://gitlab.com/to-be-continuous/node/commit/b61bdcdc294567e78771e83fc2fceb122a3c16fe))
+
+# [4.2.0](https://gitlab.com/to-be-continuous/node/compare/4.1.1...4.2.0) (2025-01-27)
### Features
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index edd3476236b8340a401245b3b2b43dde10bd9baf..a71fad78a80c442bbcf3ebc9cc615840523f4e05 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -61,7 +61,7 @@ To contribute:
1. Create an issue describing the bug or enhancement you want to propose (select the right issue template).
2. Make sure the issue has been reviewed and agreed.
-3. Create a Merge Request, from your **own** fork (see [forking workflow](https://docs.gitlab.com/ee/user/project/repository/forking_workflow.html) documentation).
+3. Create a Merge Request, from your **own** fork (see [forking workflow](https://docs.gitlab.com/user/project/repository/forking_workflow/) documentation).
Don't hesitate to mark your MR as `Draft` as long as you think it's not ready to be reviewed.
### Git Commit Conventions
diff --git a/README.md b/README.md
index 6e624b39177faf85ffdb584aec71136572308613..f47259c0f95f7bc0ad9428bba4f59409b268f095 100644
--- a/README.md
+++ b/README.md
@@ -6,8 +6,8 @@ More precisely, it can be used by all projects based on [npm](https://www.npmjs.
## Usage
-This template can be used both as a [CI/CD component](https://docs.gitlab.com/ee/ci/components/#use-a-component)
-or using the legacy [`include:project`](https://docs.gitlab.com/ee/ci/yaml/index.html#includeproject) syntax.
+This template can be used both as a [CI/CD component](https://docs.gitlab.com/ci/components/#use-a-component)
+or using the legacy [`include:project`](https://docs.gitlab.com/ci/yaml/#includeproject) syntax.
### Use as a CI/CD component
@@ -16,11 +16,11 @@ Add the following to your `.gitlab-ci.yml`:
```yaml
include:
# 1: include the component
- - component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node@4.2.0
+ - component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node@4.2.2
# 2: set/override component inputs
inputs:
image: "registry.hub.docker.com/library/node:20" # ⚠ this is only an example
- lint-enabled: "true"
+ lint-enabled: true
```
### Use as a CI/CD template (legacy)
@@ -31,7 +31,7 @@ Add the following to your `.gitlab-ci.yml`:
include:
# 1: include the template
- project: "to-be-continuous/node"
- ref: "4.2.0"
+ ref: "4.2.2"
file: "/templates/gitlab-ci-node.yml"
variables:
@@ -46,7 +46,7 @@ The Node.js template uses some global configuration used throughout all jobs.
| Input / Variable | Description | Default value |
| ------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- |
-| `image` / `NODE_IMAGE` | The Docker image used to run Node.js <br/>:warning: **set the version required by your project** | `registry.hub.docker.com/library/node:lts-alpine` |
+| `image` / `NODE_IMAGE` | The Docker image used to run Node.js <br/>:warning: **set the version required by your project** | `registry.hub.docker.com/library/node:lts-alpine` <br/>[](https://to-be-continuous.gitlab.io/doc/secu/trivy-NODE_IMAGE) |
| `manager` / `NODE_MANAGER` | The package manager used by your project (one of `npm`, `yarn` or `pnpm`)<br/>**If undefined, automatic detection** | _none_ (auto) |
| `config-registry` / `NODE_CONFIG_REGISTRY` | Main npm [registry](https://docs.npmjs.com/cli/v8/using-npm/registry) to use | _none_ |
| `config-scoped-registries` / `NODE_CONFIG_SCOPED_REGISTRIES` | Space separated list of npm [scoped registries](https://docs.npmjs.com/cli/v8/using-npm/scope#associating-a-scope-with-a-registry) (formatted as `@somescope:https://some.npm.registry/some/repo @anotherscope:https://another.npm.registry/another/repo`) | _none_ |
@@ -64,7 +64,7 @@ Examples:
- `npm install @angular/core` installs `@angular/core` package from https://www.npmjs.com/ if no npm registry associated to scope `@angular` is declared,
- `npm install @acme-corp/bar` installs `@acme-corp/bar` package from https://registry.acme.corp/npm if this registry url is associated to scope `@acme-corp`.
-First of all, be aware that the Node.js template automatically configures the [GitLab's project-level npm packages registry](https://docs.gitlab.com/ee/user/packages/npm_registry/) associated to a scope corresponding to the root of the project (ex: project `https://gitlab.example.com/my-org/engineering-group/team-amazing/analytics` will have GitLab's project-level npm packages registry scope `@my-org`).
+First of all, be aware that the Node.js template automatically configures the [GitLab's project-level npm packages registry](https://docs.gitlab.com/user/packages/npm_registry/) associated to a scope corresponding to the root of the project (ex: project `https://gitlab.example.com/my-org/engineering-group/team-amazing/analytics` will have GitLab's project-level npm packages registry scope `@my-org`).
Therefore, GitLab's project-level npm packages registry can freely be used both to install packages (with the right scope) or even to [publish](#node-publish-job) your own packages.
You may configure additional [scoped registries](https://docs.npmjs.com/cli/v8/using-npm/scope#associating-a-scope-with-a-registry) with the `$NODE_CONFIG_SCOPED_REGISTRIES` variable.
@@ -105,7 +105,7 @@ In addition to a textual report in the console, this job produces the following
| Report | Format | Usage |
|-------------------------------------------------------|----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------|
-| `$NODE_PROJECT_DIR/reports/node-lint.gitlab.json` | [GitLab](https://docs.gitlab.com/ee/ci/testing/code_quality.html#eslint) | [GitLab integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscodequality) |
+| `$NODE_PROJECT_DIR/reports/node-lint.gitlab.json` | [GitLab](https://docs.gitlab.com/ci/testing/code_quality/#eslint) | [GitLab integration](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportscodequality) |
| `$NODE_PROJECT_DIR/reports/node-lint.xslint.json` | JSON ESLint | [SonarQube integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/importing-external-issues/external-analyzer-reports/) |
@@ -134,7 +134,7 @@ This job is bound to the `build` stage, and uses the following variables:
#### Unit Tests and Code Coverage reports
This chapter details the required configuration (depending on the unit testing framework you're using) in
-order to integrate your [unit tests reports](https://docs.gitlab.com/ee/ci/testing/unit_test_reports.html) and [code coverage reports](https://docs.gitlab.com/ee/ci/testing/test_coverage_visualization.html) to GitLab.
+order to integrate your [unit tests reports](https://docs.gitlab.com/ci/testing/unit_test_reports/) and [code coverage reports](https://docs.gitlab.com/ci/testing/code_coverage/) to GitLab.
Additionally, if also using SonarQube, you'll have to enable some extra reporters.
@@ -144,9 +144,9 @@ Here is the required configuration if you're using [Jest](https://jestjs.io/) as
| Reporter | Needs `npm install` | Expected report file | Usage |
| -------------------------------------------------------------------------------------------- | ------------------- | -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| [jest-junit](https://github.com/jest-community/jest-junit) | Yes | `reports/node-test.xunit.xml` | [GitLab unit tests integration](https://docs.gitlab.com/ee/ci/testing/unit_test_reports.html) _(JUnit format)_ |
-| istanbul [text](https://istanbul.js.org/docs/advanced/alternative-reporters/#text) | No | N/A _(stdout)_ | [GitLab MR test coverage results](https://docs.gitlab.com/ee/ci/pipelines/settings.html#merge-request-test-coverage-results) _(GitLab grabs coverage from stdout)_ |
-| istanbul [cobertura](https://istanbul.js.org/docs/advanced/alternative-reporters/#cobertura) | No | `reports/cobertura-coverage.xml` | [GitLab code coverage integration](https://docs.gitlab.com/ee/ci/testing/test_coverage_visualization.html) _(Cobertura format)_ |
+| [jest-junit](https://github.com/jest-community/jest-junit) | Yes | `reports/node-test.xunit.xml` | [GitLab unit tests integration](https://docs.gitlab.com/ci/testing/unit_test_reports/) _(JUnit format)_ |
+| istanbul [text](https://istanbul.js.org/docs/advanced/alternative-reporters/#text) | No | N/A _(stdout)_ | [GitLab MR test coverage results](https://docs.gitlab.com/ci/pipelines/settings/#merge-request-test-coverage-results) _(GitLab grabs coverage from stdout)_ |
+| istanbul [cobertura](https://istanbul.js.org/docs/advanced/alternative-reporters/#cobertura) | No | `reports/cobertura-coverage.xml` | [GitLab code coverage integration](https://docs.gitlab.com/ci/testing/code_coverage/) _(Cobertura format)_ |
| [jest-sonar](https://github.com/sh33dafi/jest-sonar) | Yes | `reports/node-test.sonar.xml` | [SonarQube unit tests integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/generic-test-data/#generic-test-coverage) _(generic SonarQube format)_ |
| istanbul [lcovonly](https://istanbul.js.org/docs/advanced/alternative-reporters/#lcovonly) | No | `reports/lcov.info` | [SonarQube code coverage integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/) _(JS/TS LCOV format)_ |
@@ -191,9 +191,9 @@ Here is the required configuration if you're using [Mocha](https://mochajs.org/)
| Reporter | Needs `npm install` | Expected report file | Usage |
| -------------------------------------------------------------------------------------------- | ---------------------- | -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| [mocha-junit-reporter](https://github.com/michaelleeallen/mocha-junit-reporter) | Yes | `reports/node-test.xunit.xml` | [GitLab unit tests integration](https://docs.gitlab.com/ee/ci/testing/unit_test_reports.html) _(JUnit format)_ |
-| istanbul [text](https://istanbul.js.org/docs/advanced/alternative-reporters/#text) | Yes (in `nyc` package) | N/A _(stdout)_ | [GitLab MR test coverage results](https://docs.gitlab.com/ee/ci/pipelines/settings.html#merge-request-test-coverage-results) _(GitLab grabs coverage from stdout)_ |
-| istanbul [cobertura](https://istanbul.js.org/docs/advanced/alternative-reporters/#cobertura) | Yes (in `nyc` package) | `reports/cobertura-coverage.xml` | [GitLab code coverage integration](https://docs.gitlab.com/ee/ci/testing/test_coverage_visualization.html) _(Cobertura format)_ |
+| [mocha-junit-reporter](https://github.com/michaelleeallen/mocha-junit-reporter) | Yes | `reports/node-test.xunit.xml` | [GitLab unit tests integration](https://docs.gitlab.com/ci/testing/unit_test_reports/) _(JUnit format)_ |
+| istanbul [text](https://istanbul.js.org/docs/advanced/alternative-reporters/#text) | Yes (in `nyc` package) | N/A _(stdout)_ | [GitLab MR test coverage results](https://docs.gitlab.com/ci/pipelines/settings/#merge-request-test-coverage-results) _(GitLab grabs coverage from stdout)_ |
+| istanbul [cobertura](https://istanbul.js.org/docs/advanced/alternative-reporters/#cobertura) | Yes (in `nyc` package) | `reports/cobertura-coverage.xml` | [GitLab code coverage integration](https://docs.gitlab.com/ci/testing/code_coverage/) _(Cobertura format)_ |
| [mocha-sonarqube-reporter](https://github.com/mmouterde/mocha-sonarqube-reporter) | Yes | `reports/node-test.sonar.xml` | [SonarQube unit tests integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/generic-test-data/#generic-test-coverage) _(generic SonarQube format)_ |
| istanbul [lcovonly](https://istanbul.js.org/docs/advanced/alternative-reporters/#lcovonly) | Yes (in `nyc` package) | `reports/lcov.info` | [SonarQube code coverage integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/) _(JS/TS LCOV format)_ |
@@ -387,7 +387,7 @@ It is bound to the `test` stage, and uses the following variables:
| Input / Variable | Description | Default value |
| ------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------ |
| `semgrep-disabled` / `NODE_SEMGREP_DISABLED` | Set to `true` to disable this job | _none_ |
-| `semgrep-image` / `NODE_SEMGREP_IMAGE` | The Docker image used to run [Semgrep](https://semgrep.dev/docs/) | `registry.hub.docker.com/semgrep/semgrep:latest` |
+| `semgrep-image` / `NODE_SEMGREP_IMAGE` | The Docker image used to run [Semgrep](https://semgrep.dev/docs/) | `registry.hub.docker.com/semgrep/semgrep:latest` <br/>[](https://to-be-continuous.gitlab.io/doc/secu/trivy-NODE_SEMGREP_IMAGE) |
| `semgrep-args` / `NODE_SEMGREP_ARGS` | Semgrep [scan options](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options) | `--metrics off --disable-version-check --no-suppress-errors` |
| `semgrep-rules` / `NODE_SEMGREP_RULES` | Space-separated list of [Semgrep rules](https://semgrep.dev/docs/running-rules).<br/>Can be both local YAML files or remote rules from the [Semgrep Registry](https://semgrep.dev/explore) (denoted by the `p/` prefix). | `p/javascript p/eslint p/gitlab-eslint` |
| `semgrep-registry-base-url` / `NODE_SEMGREP_REGISTRY_BASE_URL` | The Semgrep Registry base URL that is used to download the rules. No trailing slash. | `https://semgrep.dev/c` |
@@ -405,7 +405,7 @@ In addition to a textual report in the console, this job produces the following
| Report | Format | Usage |
| ---------------------------------------------------- | -------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `$NODE_PROJECT_DIR/reports/node-semgrep.gitlab.json` | [GitLab's SAST format](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options) | [GitLab integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportssast) |
+| `$NODE_PROJECT_DIR/reports/node-semgrep.gitlab.json` | [GitLab's SAST format](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options) | [GitLab integration](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportssast) |
| `$NODE_PROJECT_DIR/reports/node-semgrep.native.json` | [Semgrep's JSON format](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options) | [DefectDojo integration](https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/semgrep/)<br/>_This report is generated only if DefectDojo template is detected_ |
### `node-sbom` job
@@ -417,6 +417,7 @@ It is bound to the `test` stage, and uses the following variables:
| Input / Variable | Description | Default value |
| -------------------------------------- | ----------------------------------------------------------- | -------------------- |
| `sbom-disabled` / `NODE_SBOM_DISABLED` | Set to `true` to disable this job | _none_ |
+| `TBC_SBOM_MODE` | Controls when SBOM reports are generated (`onrelease`: only on `$INTEG_REF`, `$PROD_REF` and `$RELEASE_REF` pipelines; `always`: any pipeline).<br/>:warning: `sbom-disabled` / `NODE_SBOM_DISABLED` takes precedence | `onrelease` |
| `sbom-version` / `NODE_SBOM_VERSION` | The version of @cyclonedx/cyclonedx-npm used to emit SBOM | _none_ (uses latest) |
| `sbom-opts` / `NODE_SBOM_OPTS` | Options for @cyclonedx/cyclonedx-npm used for SBOM analysis | `--omit dev` |
| `node-sbom-job-tags` / `NODE_SBOM_JOB_TAGS` | Tags to be used for selecting runners for the job | [] |
@@ -473,7 +474,7 @@ Then simply declare the registry authentication token with :lock: `NODE_PUBLISH_
:information_source: it is not mandatory to declare the registry if you wish to use the GitLab
project-level npm packages registry (it is declared by default by the template, with the required credentials). All you have to do to is to make sure your npm package name
-[uses the right scope](https://docs.gitlab.com/ee/user/packages/npm_registry/#naming-convention).
+[uses the right scope](https://docs.gitlab.com/user/packages/npm_registry/#naming-convention).
For example, if your project is `https://gitlab.example.com/my-org/engineering-group/team-amazing/analytics`, the root namespace is `my-org`, and your package name must have the `@my-org` scope (probable package fullname: `@my-org/analytics`).
#### Exclude resources from package
@@ -505,7 +506,7 @@ In order to be able to communicate with the Vault server, the variant requires t
| :lock: `VAULT_ROLE_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | _none_ |
| :lock: `VAULT_SECRET_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID | _none_ |
-By default, the variant will authentifacte using a [JWT ID token](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html). To use [AppRole](https://www.vaultproject.io/docs/auth/approle) instead the `VAULT_ROLE_ID` and `VAULT_SECRET_ID` should be defined as secret project variables.
+By default, the variant will authentifacte using a [JWT ID token](https://docs.gitlab.com/ci/secrets/id_token_authentication/). To use [AppRole](https://www.vaultproject.io/docs/auth/approle) instead the `VAULT_ROLE_ID` and `VAULT_SECRET_ID` should be defined as secret project variables.
#### Usage
@@ -527,9 +528,9 @@ With:
```yaml
include:
# main template
- - component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node@4.2.0
+ - component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node@4.2.2
# Vault variant
- - component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node-vault@4.2.0
+ - component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node-vault@4.2.2
inputs:
# audience claim for JWT
vault-oidc-aud: "https://vault.acme.host"
diff --git a/kicker.json b/kicker.json
index 0d2b302865f5abc8dfbe0f07a5e3534fe24a37db..ae3d1543095a120e7463246d53608cebddcfbdb2 100644
--- a/kicker.json
+++ b/kicker.json
@@ -189,6 +189,14 @@
"description": "This job generates a file listing all dependencies using [@cyclonedx/cyclonedx-npm](https://www.npmjs.com/package/@cyclonedx/cyclonedx-npm)",
"disable_with": "NODE_SBOM_DISABLED",
"variables": [
+ {
+ "name": "TBC_SBOM_MODE",
+ "type": "enum",
+ "values": ["onrelease", "always"],
+ "description": "Controls when SBOM reports are generated (`onrelease`: only on `$INTEG_REF`, `$PROD_REF` and `$RELEASE_REF` pipelines; `always`: any pipeline)",
+ "advanced": true,
+ "default": "onrelease"
+ },
{
"name": "NODE_SBOM_VERSION",
"description": "Version of the @cyclonedx/cyclonedx-npm used for SBOM analysis",
diff --git a/templates/gitlab-ci-node-vault.yml b/templates/gitlab-ci-node-vault.yml
index 5744eeef6ffa48a6f41def651e6703b2c72edfac..7d013fe6f2322b8e4ae3834831a6ccbb71bdc3ed 100644
--- a/templates/gitlab-ci-node-vault.yml
+++ b/templates/gitlab-ci-node-vault.yml
@@ -22,7 +22,7 @@ variables:
.node-base:
services:
- name: "$TBC_TRACKING_IMAGE"
- command: ["--service", "node", "4.2.0"]
+ command: ["--service", "node", "4.2.2"]
- name: "$TBC_VAULT_IMAGE"
alias: "vault-secrets-provider"
variables:
diff --git a/templates/gitlab-ci-node.yml b/templates/gitlab-ci-node.yml
index 707f27cc076d84e42968185f6778dc66e27d7a01..a646a747d81f2cae13d546d51c04aba1e84759e9 100644
--- a/templates/gitlab-ci-node.yml
+++ b/templates/gitlab-ci-node.yml
@@ -193,7 +193,18 @@ workflow:
# else (Ready MR): auto & failing
- when: on_success
+# software delivery job prototype: run on production and integration branches + release pipelines
+.delivery-policy:
+ rules:
+ # on tag with release pattern
+ - if: '$CI_COMMIT_TAG =~ $RELEASE_REF'
+ # on production or integration branch(es)
+ - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
+
variables:
+ # Global TBC SBOM Mode (onrelease -> only generate SBOMs for releases, always -> generate SBOMs for all refs)
+ TBC_SBOM_MODE: "onrelease"
+
# Default docker image for Node
NODE_IMAGE: $[[ inputs.image ]]
# Default Node project root directory
@@ -633,7 +644,7 @@ stages:
image: $NODE_IMAGE
services:
- name: "$TBC_TRACKING_IMAGE"
- command: ["--service", "node", "4.2.0"]
+ command: ["--service", "node", "4.2.2"]
variables:
# Yarn cache (better than --cache-folder option, deprecated)
YARN_CACHE_FOLDER: "$CI_PROJECT_DIR/$NODE_PROJECT_DIR/.yarn"
@@ -715,7 +726,12 @@ node-lint:
# generate eslint report for SonarQube
# shellcheck disable=SC2086
log_info "SonarQube detected: producing ESLint JSON report..."
- $NODE_MANAGER $NODE_LINT_ARGS -- --format=json --output-file=reports/node-lint.xslint.json || true
+ if [ "$NODE_MANAGER" = "pnpm" ]
+ then
+ $NODE_MANAGER $NODE_LINT_ARGS --format=json --output-file=reports/node-lint.xslint.json || true
+ else
+ $NODE_MANAGER $NODE_LINT_ARGS -- --format=json --output-file=reports/node-lint.xslint.json || true
+ fi
fi
# maybe add eslint-formatter-gitlab
- |
@@ -726,7 +742,13 @@ node-lint:
fi
# run ESLint with console output and GitLab report
# shellcheck disable=SC2086
- - ESLINT_CODE_QUALITY_REPORT=reports/node-lint.gitlab.json $NODE_MANAGER $NODE_LINT_ARGS -- --format=gitlab
+ - |
+ if [ "$NODE_MANAGER" = "pnpm" ]
+ then
+ ESLINT_CODE_QUALITY_REPORT=reports/node-lint.gitlab.json $NODE_MANAGER $NODE_LINT_ARGS --format=gitlab
+ else
+ ESLINT_CODE_QUALITY_REPORT=reports/node-lint.gitlab.json $NODE_MANAGER $NODE_LINT_ARGS -- --format=gitlab
+ fi
artifacts:
when: always # store artifact even if test Failed
name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
@@ -869,7 +891,13 @@ node-sbom:
# exclude if disabled
- if: '$NODE_SBOM_DISABLED == "true"'
when: never
- - !reference [.test-policy, rules]
+ # 'always' mode: run
+ - if: '$TBC_SBOM_MODE == "always"'
+ # exclude unsupported modes
+ - if: '$TBC_SBOM_MODE != "onrelease"'
+ when: never
+ # 'onrelease' mode: use common software delivery rules
+ - !reference [.delivery-policy, rules]
tags: $[[ inputs.node-sbom-job-tags ]]
node-publish: