Skip to content
Snippets Groups Projects
Commit ca12d3b3 authored by Benguria Elguezabal, Gorka's avatar Benguria Elguezabal, Gorka
Browse files

adds job tags

parent 246d9c36
No related branches found
No related tags found
No related merge requests found
Pipeline #158686 failed
Stage: .pre
Stage: build
Stage: publish
Show whitespace changes
Inline Side-by-side
README.md
+ 7
0
View file @ ca12d3b3
......@@ -98,6 +98,7 @@ It is bound to the `build` stage, and uses the following variable:
| ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------- |
| `lint-enabled` / `NODE_LINT_ENABLED` | Set to `true` to enable lint analysis | _none_ (disabled) |
| `lint-args` / `NODE_LINT_ARGS` | npm [run script](https://docs.npmjs.com/cli/v8/commands/npm-run-script) arguments to execute the lint analysis <br/> yarn [run script](https://classic.yarnpkg.com/en/docs/cli/run) arguments to execute the lint analysis <br/> pnpm [run script](https://pnpm.io/cli/run) arguments to execute the lint analysis | `run lint` |
| `node-lint-job-tags` / `NODE_LINT_JOB_TAGS` | Tags to be used for selecting runners for the job | [] |
The job generates a lint report that you will find here: `NODE_PROJECT_DIR/reports/node-lint.xslint.json`.
......@@ -116,6 +117,7 @@ This job is bound to the `build` stage, and uses the following variables:
| `build-dir` / `NODE_BUILD_DIR` | Variable to define build directory | `dist` |
| `build-args` / `NODE_BUILD_ARGS` | npm [run script](https://docs.npmjs.com/cli/v8/commands/npm-run-script) arguments <br/> yarn [run script](https://classic.yarnpkg.com/en/docs/cli/run) arguments <br/> pnpm [run script](https://pnpm.io/cli/run) arguments <br/>⚠ default value should be overridden for `pnpm` as `--prod` is not a valid option. | `run build --prod` |
| `test-args` / `NODE_TEST_ARGS` | npm [test](https://docs.npmjs.com/cli/v8/commands/npm-test) arguments <br/> yarn [test](https://classic.yarnpkg.com/en/docs/cli/test) arguments <br/> pnpm [test](https://pnpm.io/cli/test) arguments | `test -- --coverage` |
| `node-build-job-tags` / `NODE_BUILD_JOB_TAGS` | Tags to be used for selecting runners for the job | [] |
#### Unit Tests and Code Coverage reports
......@@ -348,6 +350,7 @@ In addition to a textual report in the console, this job produces the following
| Report | Format | Usage |
| ------------------------------------------------- | ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `$NODE_PROJECT_DIR/reports/npm-audit.native.json` | [JSON](https://docs.npmjs.com/cli/v9/commands/npm-audit#json) | [DefectDojo integration](https://documentation.defectdojo.com/integrations/parsers/#npm-audit)<br/>_This report is generated only if DefectDojo template is detected, if needed, you can force it with `$DEFECTDOJO_NPMAUDIT_REPORTS`_ |
| `node-audit-jobs-tags` / `NODE_AUDIT_JOB_TAGS` | Tags to be used for selecting runners for the job | [] |
### `node-outdated` job
......@@ -359,6 +362,7 @@ It is bound to the `test` stage.
| ---------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
| `outdated-disabled` / `NODE_OUTDATED_DISABLED` | Set to `true` to disable npm outdated | _none_ (enabled) |
| `outdated-args` / `NODE_OUTDATED_ARGS` | npm [outdated](https://docs.npmjs.com/cli/v8/commands/npm-outdated) arguments <br/> yarn [outdated](https://classic.yarnpkg.com/lang/en/docs/cli/outdated/) arguments <br/> pnpm [outdated](https://pnpm.io/cli/outdated) arguments | `--long` |
| `node-outdated-job-tags` / `NODE_OUTDATED_JOB_TAGS` | Tags to be used for selecting runners for the job | [] |
The job generates an outdated report that you will find here: `NODE_PROJECT_DIR/reports/npm-outdated-report.json`.
......@@ -376,6 +380,7 @@ It is bound to the `test` stage, and uses the following variables:
| `semgrep-rules` / `NODE_SEMGREP_RULES` | Space-separated list of [Semgrep rules](https://semgrep.dev/docs/running-rules).<br/>Can be both local YAML files or remote rules from the [Semgrep Registry](https://semgrep.dev/explore) (denoted by the `p/` prefix). | `p/javascript p/eslint p/gitlab-eslint` |
| `semgrep-registry-base-url` / `NODE_SEMGREP_REGISTRY_BASE_URL` | The Semgrep Registry base URL that is used to download the rules. No trailing slash. | `https://semgrep.dev/c` |
| `semgrep-download-rules-enabled` / `NODE_SEMGREP_DOWNLOAD_RULES_ENABLED` | Download Semgrep remote rules | `true` |
| `node-semgrep-job-tags` / `NODE_SEMGREP_JOB_TAGS` | Tags to be used for selecting runners for the job | [] |
> :information_source: Semgrep may [collect some metrics](https://semgrep.dev/docs/metrics), especially when using rules from the Semgrep Registry.
> To protect your privacy and let you run Semgrep in air-gap environments, this template disables all Semgrep metrics by default:
......@@ -402,6 +407,7 @@ It is bound to the `test` stage, and uses the following variables:
| `sbom-disabled` / `NODE_SBOM_DISABLED` | Set to `true` to disable this job | _none_ |
| `sbom-version` / `NODE_SBOM_VERSION` | The version of @cyclonedx/cyclonedx-npm used to emit SBOM | _none_ (uses latest) |
| `sbom-opts` / `NODE_SBOM_OPTS` | Options for @cyclonedx/cyclonedx-npm used for SBOM analysis | `--omit dev` |
| `node-sbom-job-tags` / `NODE_SBOM_JOB_TAGS` | Tags to be used for selecting runners for the job | [] |
### `node-publish` job
......@@ -417,6 +423,7 @@ It uses the following variables:
| `publish-enabled` / `NODE_PUBLISH_ENABLED` | Set to `true` to enable the publish job | _none_ (disabled) |
| `publish-args` / `NODE_PUBLISH_ARGS` | npm [publish](https://docs.npmjs.com/cli/v8/commands/npm-publish) extra arguments<br/>yarn [publish](https://classic.yarnpkg.com/lang/en/docs/cli/publish/) extra arguments <br/>pnpm [publish](https://pnpm.io/cli/publish) extra arguments | _none_ |
| :lock: `NODE_PUBLISH_TOKEN` | npm publication registry authentication token | _none_ |
| `node-publish-job-tags` / `NODE_PUBLISH_JOB_TAGS` | Tags to be used for selecting runners for the job | [] |
#### Configure the target registry
......
kicker.json
+ 50
1
View file @ ca12d3b3
......@@ -71,6 +71,13 @@
"name": "NODE_INSTALL_EXTRA_OPTS",
"description": "Extra options to install project dependencies (either [`npm ci`](https://docs.npmjs.com/cli/ci.html/), [`yarn install`](https://yarnpkg.com/cli/install) or [`pnpm install`](https://pnpm.io/cli/install))",
"advanced": true
},
{
"name": "NODE_BUILD_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
],
"features": [
......@@ -85,6 +92,13 @@
"description": "npm [run script](https://docs.npmjs.com/cli/v8/commands/npm-run-script) arguments to execute the lint analysis - yarn [run script](https://classic.yarnpkg.com/en/docs/cli/run) arguments to execute the lint analysis - pnpm [run script](https://pnpm.io/cli/run) arguments to execute the lint analysis",
"default": "run lint",
"advanced": true
},
{
"name": "NODE_LINT_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
]
},
......@@ -98,6 +112,13 @@
"name": "NODE_AUDIT_ARGS",
"description": "npm [audit](https://docs.npmjs.com/cli/v8/commands/npm-audit) arguments - yarn [audit](https://classic.yarnpkg.com/en/docs/cli/audit) arguments - [pnpm audit](https://pnpm.io/cli/audit) arguments",
"default": "--audit-level=low"
},
{
"name": "NODE_AUDIT_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
]
},
......@@ -111,6 +132,13 @@
"name": "NODE_OUTDATED_ARGS",
"description": "npm [outdated](https://docs.npmjs.com/cli/v8/commands/npm-outdated) arguments - yarn [outdated](https://classic.yarnpkg.com/lang/en/docs/cli/outdated/) arguments - pnpm [outdated](https://pnpm.io/cli/outdated) arguments",
"default": "--long"
},
{
"name": "NODE_OUTDATED_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
]
},
......@@ -145,6 +173,13 @@
"description": "Download Semgrep remote rules",
"type": "boolean",
"default": "true"
},
{
"name": "NODE_PUBLISH_SEMGREP_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
]
},
......@@ -164,6 +199,13 @@
"description": "Options for @cyclonedx/cyclonedx-npm used for SBOM analysis",
"default": "--omit dev",
"advanced": true
},
{
"name": "NODE_SBOM_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
]
},
......@@ -182,6 +224,13 @@
"name": "NODE_PUBLISH_TOKEN",
"description": "npm publication registry authentication token",
"secret": true
},
{
"name": "NODE_PUBLISH_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
]
}
......
templates/gitlab-ci-node.yml
+ 30
0
View file @ ca12d3b3
......@@ -120,6 +120,31 @@ spec:
publish-args:
description: npm [publish](https://docs.npmjs.com/cli/v8/commands/npm-publish) extra arguments - yarn [publish](https://classic.yarnpkg.com/lang/en/docs/cli/publish/) extra arguments - pnpm [publish](https://pnpm.io/cli/publish) extra arguments
default: ''
node-build-job-tags:
description: tags to filter applicable runners for node-build job
type: array
default: []
node-lint-job-tags:
description: tags to filter applicable runners for node-lint job
type: array
default: []
node-audit-job-tags:
description: tags to filter applicable runners for node-audit job
type: array
default: []
node-outdated-job-tags:
description: tags to filter applicable runners for node-outdated job
type: array
default: []
node-sbom-job-tags:
description: tags to filter applicable runners for node-sbom job
type: array
default: []
node-publish-job-tags:
description: tags to filter applicable runners for node-publish job
type: array
default: []
---
workflow:
rules:
......@@ -736,6 +761,7 @@ node-audit:
- if: '$NODE_AUDIT_DISABLED == "true"'
when: never
- !reference [.test-policy, rules]
tags: $[[ inputs.node-audit-job-tags ]]
# outdated
node-outdated:
......@@ -765,6 +791,7 @@ node-outdated:
# on non-production, non-integration branches: manual & non-blocking
- when: manual
allow_failure: true
tags: $[[ inputs.node-outdated-job-tags ]]
# SAST: Semgrep
node-semgrep:
......@@ -797,6 +824,7 @@ node-semgrep:
- if: '$NODE_SEMGREP_DISABLED == "true"'
when: never
- !reference [.test-policy, rules]
tags: $[[ inputs.node-semgrep-job-tags ]]
node-sbom:
extends: .node-base
......@@ -827,6 +855,7 @@ node-sbom:
- if: '$NODE_SBOM_DISABLED == "true"'
when: never
- !reference [.test-policy, rules]
tags: $[[ inputs.node-sbom-job-tags ]]
node-publish:
extends: .node-base
......@@ -841,3 +870,4 @@ node-publish:
when: never
# on tag with release pattern: auto
- if: '$CI_COMMIT_TAG =~ $RELEASE_REF'
tags: $[[ inputs.node-publish-job-tags ]]
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment