Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found
Select Git revision
  • master
  • 4
  • 4.0
  • 4.0.0
  • 4.0.1
  • 4.0.2
  • 4.0.3
  • 4.1
  • 4.1.0
  • 4.1.1
  • 4.2
  • 4.2.0
  • 4.2.1
  • 4.2.2
14 results

Target

Select target project
  • smartdatalab/public/ci-cd-components/node
1 result
Select Git revision
  • master
  • 4
  • 4.0
  • 4.0.0
  • 4.0.1
  • 4.0.2
  • 4.0.3
  • 4.1
  • 4.1.0
  • 4.1.1
  • 4.2
  • 4.2.0
  • 4.2.1
  • 4.2.2
14 results
Show changes
Commits on Source (22)
...@@ -12,13 +12,12 @@ include: ...@@ -12,13 +12,12 @@ include:
inputs: inputs:
check-links-job-tags: ["docker"] check-links-job-tags: ["docker"]
tbc-check-job-tags: ["docker"] tbc-check-job-tags: ["docker"]
tbc-check-image: cicd-docker-dev.artifact.tecnalia.com/tbc-check:master tbc-check-image: cicd-docker-dev.artifact.tecnalia.dev/tbc-check:master
gitlab-ci-lint-job-tags: ["docker"] gitlab-ci-lint-job-tags: ["docker"]
- component: $CI_SERVER_FQDN/$TBC_NAMESPACE/kicker/validation@master - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/kicker/validation@master
inputs: inputs:
kicker-validation-job-tags: ["docker"] kicker-validation-job-tags: ["docker"]
schema-base-url: "https://git.code.tecnalia.com/api/v4/projects/smartdatalab%2Fpublic%2Fci-cd-components%2Fkicker/repository/files" schema-base-url: "https://git.code.tecnalia.dev/api/v4/projects/smartdatalab%2Fpublic%2Fci-cd-components%2Fkicker/repository/files"
yajsv-image: "cicd-docker-dev.artifact.tecnalia.com/yajsv:latest"
- component: $CI_SERVER_FQDN/$TBC_NAMESPACE/bash/gitlab-ci-bash@master - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/bash/gitlab-ci-bash@master
inputs: inputs:
bash-shellcheck-job-tags: ["docker"] bash-shellcheck-job-tags: ["docker"]
......
## [4.0.1](https://git.code.tecnalia.com/smartdatalab/public/ci-cd-components/node/compare/4.0.0...4.0.1) (2024-09-18) ## [4.1.1](https://gitlab.com/to-be-continuous/node/compare/4.1.0...4.1.1) (2024-12-05)
### Bug Fixes ### Bug Fixes
* set node-publish default registry ([fd0f04d](https://git.code.tecnalia.com/smartdatalab/public/ci-cd-components/node/commit/fd0f04d730e7b844dd6f57a77b21d913b16dd1c9)) * semgrep subdir ([8ac460c](https://gitlab.com/to-be-continuous/node/commit/8ac460c05668590b7713f05fc571fc7b3fe2f4b4))
# [4.1.0](https://gitlab.com/to-be-continuous/node/compare/4.0.3...4.1.0) (2024-11-23)
### Features
* **lint:** enforce GitLab integration ([44cc3c3](https://gitlab.com/to-be-continuous/node/commit/44cc3c30b1211f35c428edfc5e4165aaae086fbc))
## [4.0.3](https://gitlab.com/to-be-continuous/node/compare/4.0.2...4.0.3) (2024-11-02)
### Bug Fixes
* limit security reports access to developer role or higher ([3d4335f](https://gitlab.com/to-be-continuous/node/commit/3d4335fd9d46070720de57cda656c2570dd9efa2))
## [4.0.2](https://gitlab.com/to-be-continuous/node/compare/4.0.1...4.0.2) (2024-10-04)
### Bug Fixes
* **release:** support full semantic-versioning specifcation (with prerelease and build metadata) ([b031dae](https://gitlab.com/to-be-continuous/node/commit/b031dae19ccf2cd4f31066ff052efd2d8b1c7aef))
## [4.0.1](https://gitlab.com/to-be-continuous/node/compare/4.0.0...4.0.1) (2024-09-08) ## [4.0.1](https://gitlab.com/to-be-continuous/node/compare/4.0.0...4.0.1) (2024-09-08)
......
...@@ -16,7 +16,7 @@ Add the following to your `.gitlab-ci.yml`: ...@@ -16,7 +16,7 @@ Add the following to your `.gitlab-ci.yml`:
```yaml ```yaml
include: include:
# 1: include the component # 1: include the component
- component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node@4.0.1 - component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node@4.1.1
# 2: set/override component inputs # 2: set/override component inputs
inputs: inputs:
image: "registry.hub.docker.com/library/node:20" # ⚠ this is only an example image: "registry.hub.docker.com/library/node:20" # ⚠ this is only an example
...@@ -31,7 +31,7 @@ Add the following to your `.gitlab-ci.yml`: ...@@ -31,7 +31,7 @@ Add the following to your `.gitlab-ci.yml`:
include: include:
# 1: include the template # 1: include the template
- project: "to-be-continuous/node" - project: "to-be-continuous/node"
ref: "4.0.0" ref: "4.1.1"
file: "/templates/gitlab-ci-node.yml" file: "/templates/gitlab-ci-node.yml"
variables: variables:
...@@ -90,7 +90,8 @@ variables: ...@@ -90,7 +90,8 @@ variables:
### `node-lint` job ### `node-lint` job
The Node template features a job `node-lint` that performs Node.js source code **lint**. This job is **disabled by default**. It can be activated by setting `NODE_LINT_ENABLED` The Node template features a `node-lint` job that performs a code analysis with [ESLint](https://eslint.org/).
This job is **disabled by default**. It can be activated by setting `NODE_LINT_ENABLED`.
It is bound to the `build` stage, and uses the following variable: It is bound to the `build` stage, and uses the following variable:
...@@ -100,7 +101,18 @@ It is bound to the `build` stage, and uses the following variable: ...@@ -100,7 +101,18 @@ It is bound to the `build` stage, and uses the following variable:
| `lint-args` / `NODE_LINT_ARGS` | npm [run script](https://docs.npmjs.com/cli/v8/commands/npm-run-script) arguments to execute the lint analysis <br/> yarn [run script](https://classic.yarnpkg.com/en/docs/cli/run) arguments to execute the lint analysis <br/> pnpm [run script](https://pnpm.io/cli/run) arguments to execute the lint analysis | `run lint` | | `lint-args` / `NODE_LINT_ARGS` | npm [run script](https://docs.npmjs.com/cli/v8/commands/npm-run-script) arguments to execute the lint analysis <br/> yarn [run script](https://classic.yarnpkg.com/en/docs/cli/run) arguments to execute the lint analysis <br/> pnpm [run script](https://pnpm.io/cli/run) arguments to execute the lint analysis | `run lint` |
| `node-lint-job-tags` / `NODE_LINT_JOB_TAGS` | Tags to be used for selecting runners for the job | [] | | `node-lint-job-tags` / `NODE_LINT_JOB_TAGS` | Tags to be used for selecting runners for the job | [] |
The job generates a lint report that you will find here: `NODE_PROJECT_DIR/reports/node-lint.xslint.json`. In addition to a textual report in the console, this job produces the following reports, kept for one day:
| Report | Format | Usage |
|-------------------------------------------------------|----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------|
| `$NODE_PROJECT_DIR/reports/node-lint.gitlab.json` | [GitLab](https://docs.gitlab.com/ee/ci/testing/code_quality.html#eslint) | [GitLab integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscodequality) |
| `$NODE_PROJECT_DIR/reports/node-lint.xslint.json` | JSON ESLint | [SonarQube integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/importing-external-issues/external-analyzer-reports/) |
| Report | Format | Usage |
| ------------------------------------------------- | ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `$NODE_PROJECT_DIR/reports/npm-audit.native.json` | [JSON](https://docs.npmjs.com/cli/v9/commands/npm-audit#json) | [DefectDojo integration](https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/npm_audit_7_plus/)<br/>_This report is generated only if DefectDojo template is detected, if needed, you can force it with `$DEFECTDOJO_NPMAUDIT_REPORTS`_ |
### `node-build` job ### `node-build` job
...@@ -135,8 +147,8 @@ Here is the required configuration if you're using [Jest](https://jestjs.io/) as ...@@ -135,8 +147,8 @@ Here is the required configuration if you're using [Jest](https://jestjs.io/) as
| [jest-junit](https://github.com/jest-community/jest-junit) | Yes | `reports/node-test.xunit.xml` | [GitLab unit tests integration](https://docs.gitlab.com/ee/ci/testing/unit_test_reports.html) _(JUnit format)_ | | [jest-junit](https://github.com/jest-community/jest-junit) | Yes | `reports/node-test.xunit.xml` | [GitLab unit tests integration](https://docs.gitlab.com/ee/ci/testing/unit_test_reports.html) _(JUnit format)_ |
| istanbul [text](https://istanbul.js.org/docs/advanced/alternative-reporters/#text) | No | N/A _(stdout)_ | [GitLab MR test coverage results](https://docs.gitlab.com/ee/ci/pipelines/settings.html#merge-request-test-coverage-results) _(GitLab grabs coverage from stdout)_ | | istanbul [text](https://istanbul.js.org/docs/advanced/alternative-reporters/#text) | No | N/A _(stdout)_ | [GitLab MR test coverage results](https://docs.gitlab.com/ee/ci/pipelines/settings.html#merge-request-test-coverage-results) _(GitLab grabs coverage from stdout)_ |
| istanbul [cobertura](https://istanbul.js.org/docs/advanced/alternative-reporters/#cobertura) | No | `reports/cobertura-coverage.xml` | [GitLab code coverage integration](https://docs.gitlab.com/ee/ci/testing/test_coverage_visualization.html) _(Cobertura format)_ | | istanbul [cobertura](https://istanbul.js.org/docs/advanced/alternative-reporters/#cobertura) | No | `reports/cobertura-coverage.xml` | [GitLab code coverage integration](https://docs.gitlab.com/ee/ci/testing/test_coverage_visualization.html) _(Cobertura format)_ |
| [jest-sonar](https://github.com/sh33dafi/jest-sonar) | Yes | `reports/node-test.sonar.xml` | [SonarQube unit tests integration](https://docs.sonarqube.org/latest/analysis/generic-test/) _(generic SonarQube format)_ | | [jest-sonar](https://github.com/sh33dafi/jest-sonar) | Yes | `reports/node-test.sonar.xml` | [SonarQube unit tests integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/generic-test-data/#generic-test-coverage) _(generic SonarQube format)_ |
| istanbul [lcovonly](https://istanbul.js.org/docs/advanced/alternative-reporters/#lcovonly) | No | `reports/lcov.info` | [SonarQube code coverage integration](https://docs.sonarqube.org/latest/analysis/test-coverage/javascript-typescript-test-coverage/) _(JS/TS LCOV format)_ | | istanbul [lcovonly](https://istanbul.js.org/docs/advanced/alternative-reporters/#lcovonly) | No | `reports/lcov.info` | [SonarQube code coverage integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/) _(JS/TS LCOV format)_ |
Here is an example of a `jest.config.js` configuration file with all the above reporters configured as expected: Here is an example of a `jest.config.js` configuration file with all the above reporters configured as expected:
...@@ -182,8 +194,8 @@ Here is the required configuration if you're using [Mocha](https://mochajs.org/) ...@@ -182,8 +194,8 @@ Here is the required configuration if you're using [Mocha](https://mochajs.org/)
| [mocha-junit-reporter](https://github.com/michaelleeallen/mocha-junit-reporter) | Yes | `reports/node-test.xunit.xml` | [GitLab unit tests integration](https://docs.gitlab.com/ee/ci/testing/unit_test_reports.html) _(JUnit format)_ | | [mocha-junit-reporter](https://github.com/michaelleeallen/mocha-junit-reporter) | Yes | `reports/node-test.xunit.xml` | [GitLab unit tests integration](https://docs.gitlab.com/ee/ci/testing/unit_test_reports.html) _(JUnit format)_ |
| istanbul [text](https://istanbul.js.org/docs/advanced/alternative-reporters/#text) | Yes (in `nyc` package) | N/A _(stdout)_ | [GitLab MR test coverage results](https://docs.gitlab.com/ee/ci/pipelines/settings.html#merge-request-test-coverage-results) _(GitLab grabs coverage from stdout)_ | | istanbul [text](https://istanbul.js.org/docs/advanced/alternative-reporters/#text) | Yes (in `nyc` package) | N/A _(stdout)_ | [GitLab MR test coverage results](https://docs.gitlab.com/ee/ci/pipelines/settings.html#merge-request-test-coverage-results) _(GitLab grabs coverage from stdout)_ |
| istanbul [cobertura](https://istanbul.js.org/docs/advanced/alternative-reporters/#cobertura) | Yes (in `nyc` package) | `reports/cobertura-coverage.xml` | [GitLab code coverage integration](https://docs.gitlab.com/ee/ci/testing/test_coverage_visualization.html) _(Cobertura format)_ | | istanbul [cobertura](https://istanbul.js.org/docs/advanced/alternative-reporters/#cobertura) | Yes (in `nyc` package) | `reports/cobertura-coverage.xml` | [GitLab code coverage integration](https://docs.gitlab.com/ee/ci/testing/test_coverage_visualization.html) _(Cobertura format)_ |
| [mocha-sonarqube-reporter](https://github.com/mmouterde/mocha-sonarqube-reporter) | Yes | `reports/node-test.sonar.xml` | [SonarQube unit tests integration](https://docs.sonarqube.org/latest/analysis/generic-test/) _(generic SonarQube format)_ | | [mocha-sonarqube-reporter](https://github.com/mmouterde/mocha-sonarqube-reporter) | Yes | `reports/node-test.sonar.xml` | [SonarQube unit tests integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/generic-test-data/#generic-test-coverage) _(generic SonarQube format)_ |
| istanbul [lcovonly](https://istanbul.js.org/docs/advanced/alternative-reporters/#lcovonly) | Yes (in `nyc` package) | `reports/lcov.info` | [SonarQube code coverage integration](https://docs.sonarqube.org/latest/analysis/test-coverage/javascript-typescript-test-coverage/) _(JS/TS LCOV format)_ | | istanbul [lcovonly](https://istanbul.js.org/docs/advanced/alternative-reporters/#lcovonly) | Yes (in `nyc` package) | `reports/lcov.info` | [SonarQube code coverage integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/) _(JS/TS LCOV format)_ |
:warning: Remarks: :warning: Remarks:
...@@ -288,7 +300,7 @@ If you're using the SonarQube template to analyse your Node code, here are 2 sam ...@@ -288,7 +300,7 @@ If you're using the SonarQube template to analyse your Node code, here are 2 sam
If using JavaScript language: If using JavaScript language:
```properties ```properties
# see: https://docs.sonarqube.org/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/ # see: https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/
# set your source directory(ies) here (relative to the sonar-project.properties file) # set your source directory(ies) here (relative to the sonar-project.properties file)
sonar.sources=. sonar.sources=.
# exclude unwanted directories and files from being analysed # exclude unwanted directories and files from being analysed
...@@ -309,7 +321,7 @@ sonar.javascript.lcov.reportPaths=reports/lcov.info ...@@ -309,7 +321,7 @@ sonar.javascript.lcov.reportPaths=reports/lcov.info
If using TypeScript language: If using TypeScript language:
```properties ```properties
# see: https://docs.sonarqube.org/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/ # see: https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/
# set your source directory(ies) here (relative to the sonar-project.properties file) # set your source directory(ies) here (relative to the sonar-project.properties file)
sonar.sources=src sonar.sources=src
# exclude unwanted directories and files from being analysed # exclude unwanted directories and files from being analysed
...@@ -329,10 +341,10 @@ sonar.typescript.lcov.reportPaths=reports/lcov.info ...@@ -329,10 +341,10 @@ sonar.typescript.lcov.reportPaths=reports/lcov.info
More info: More info:
- [JavaScript language support](https://docs.sonarqube.org/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/) - [JavaScript language support](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/)
- [TypeScript language support](https://docs.sonarqube.org/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/) - [TypeScript language support](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/javascript-typescript-test-coverage/)
- [test coverage & execution parameters](https://docs.sonarqube.org/latest/analysis/coverage/) - [test coverage](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/test-coverage-parameters/) & [test execution](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/test-execution-parameters/) parameters
- [third-party issues](https://docs.sonarqube.org/latest/analysis/external-issues/) - [external analyzer reports](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/importing-external-issues/external-analyzer-reports/)
### `node-audit` job ### `node-audit` job
...@@ -345,7 +357,7 @@ It is bound to the `test` stage. ...@@ -345,7 +357,7 @@ It is bound to the `test` stage.
| `audit-disabled` / `NODE_AUDIT_DISABLED` | Set to `true` to disable npm audit | _none_ (enabled) | | `audit-disabled` / `NODE_AUDIT_DISABLED` | Set to `true` to disable npm audit | _none_ (enabled) |
| `audit-args` / `NODE_AUDIT_ARGS` | npm [audit](https://docs.npmjs.com/cli/v8/commands/npm-audit) arguments <br/> yarn [audit](https://classic.yarnpkg.com/en/docs/cli/audit) arguments <br/> pnpm [audit](https://pnpm.io/cli/audit) arguments | `--audit-level=low` | | `audit-args` / `NODE_AUDIT_ARGS` | npm [audit](https://docs.npmjs.com/cli/v8/commands/npm-audit) arguments <br/> yarn [audit](https://classic.yarnpkg.com/en/docs/cli/audit) arguments <br/> pnpm [audit](https://pnpm.io/cli/audit) arguments | `--audit-level=low` |
In addition to a textual report in the console, this job produces the following report, kept for one day: In addition to a textual report in the console, this job produces the following report, kept for one day and only available for download by users with the Developer role or higher:
| Report | Format | Usage | | Report | Format | Usage |
| ------------------------------------------------- | ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ------------------------------------------------- | ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
...@@ -364,7 +376,7 @@ It is bound to the `test` stage. ...@@ -364,7 +376,7 @@ It is bound to the `test` stage.
| `outdated-args` / `NODE_OUTDATED_ARGS` | npm [outdated](https://docs.npmjs.com/cli/v8/commands/npm-outdated) arguments <br/> yarn [outdated](https://classic.yarnpkg.com/lang/en/docs/cli/outdated/) arguments <br/> pnpm [outdated](https://pnpm.io/cli/outdated) arguments | `--long` | | `outdated-args` / `NODE_OUTDATED_ARGS` | npm [outdated](https://docs.npmjs.com/cli/v8/commands/npm-outdated) arguments <br/> yarn [outdated](https://classic.yarnpkg.com/lang/en/docs/cli/outdated/) arguments <br/> pnpm [outdated](https://pnpm.io/cli/outdated) arguments | `--long` |
| `node-outdated-job-tags` / `NODE_OUTDATED_JOB_TAGS` | Tags to be used for selecting runners for the job | [] | | `node-outdated-job-tags` / `NODE_OUTDATED_JOB_TAGS` | Tags to be used for selecting runners for the job | [] |
The job generates an outdated report that you will find here: `NODE_PROJECT_DIR/reports/npm-outdated-report.json`. The job generates an outdated report that you will find here: `NODE_PROJECT_DIR/reports/npm-outdated-report.json`. This report is only available for download by users with the Developer role or higher
### `node-semgrep` job ### `node-semgrep` job
...@@ -389,12 +401,12 @@ It is bound to the `test` stage, and uses the following variables: ...@@ -389,12 +401,12 @@ It is bound to the `test` stage, and uses the following variables:
> - the `--metrics` option is set to `off`, > - the `--metrics` option is set to `off`,
> - the `--disable-version-check` option is set. > - the `--disable-version-check` option is set.
In addition to a textual report in the console, this job produces the following reports, kept for one day: In addition to a textual report in the console, this job produces the following reports, kept for one week and only available for download by users with the Developer role or higher:
| Report | Format | Usage | | Report | Format | Usage |
| ---------------------------------------------------- | -------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ---------------------------------------------------- | -------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `$NODE_PROJECT_DIR/reports/node-semgrep.gitlab.json` | [GitLab's SAST format](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options) | [GitLab integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportssast) | | `$NODE_PROJECT_DIR/reports/node-semgrep.gitlab.json` | [GitLab's SAST format](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options) | [GitLab integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportssast) |
| `$NODE_PROJECT_DIR/reports/node-semgrep.native.json` | [Semgrep's JSON format](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options) | [DefectDojo integration](https://documentation.defectdojo.com/integrations/parsers/file/semgrep)<br/>_This report is generated only if DefectDojo template is detected_ | | `$NODE_PROJECT_DIR/reports/node-semgrep.native.json` | [Semgrep's JSON format](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options) | [DefectDojo integration](https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/semgrep/)<br/>_This report is generated only if DefectDojo template is detected_ |
### `node-sbom` job ### `node-sbom` job
...@@ -488,10 +500,12 @@ In order to be able to communicate with the Vault server, the variant requires t ...@@ -488,10 +500,12 @@ In order to be able to communicate with the Vault server, the variant requires t
| Input / Variable | Description | Default value | | Input / Variable | Description | Default value |
| ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------- | | ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------- |
| `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest` | | `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest` |
| `vault-base-url` / `VAULT_BASE_URL` | The Vault server base API url | _none_ | | `vault-base-url` / `VAULT_BASE_URL` | The Vault server base API url | **must be defined** |
| `vault-oidc-aud` / `VAULT_OIDC_AUD` | The `aud` claim for the JWT | `$CI_SERVER_URL` | | `vault-oidc-aud` / `VAULT_OIDC_AUD` | The `aud` claim for the JWT | `$CI_SERVER_URL` |
| :lock: `VAULT_ROLE_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | **must be defined** | | :lock: `VAULT_ROLE_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | _none_ |
| :lock: `VAULT_SECRET_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID | **must be defined** | | :lock: `VAULT_SECRET_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID | _none_ |
By default, the variant will authentifacte using a [JWT ID token](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html). To use [AppRole](https://www.vaultproject.io/docs/auth/approle) instead the `VAULT_ROLE_ID` and `VAULT_SECRET_ID` should be defined as secret project variables.
#### Usage #### Usage
...@@ -513,14 +527,13 @@ With: ...@@ -513,14 +527,13 @@ With:
```yaml ```yaml
include: include:
# main template # main template
- component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node@4.0.1 - component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node@4.1.1
# Vault variant # Vault variant
- component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node-vault@4.0.1 - component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node-vault@4.1.1
inputs: inputs:
# audience claim for JWT # audience claim for JWT
vault-oidc-aud: "https://vault.acme.host" vault-oidc-aud: "https://vault.acme.host"
vault-base-url: "https://vault.acme.host/v1" vault-base-url: "https://vault.acme.host/v1"
# $VAULT_ROLE_ID and $VAULT_SECRET_ID defined as a secret CI/CD variable
variables: variables:
NODE_CONFIG_SCOPED_REGISTRIES: "@public-repo:https://public.npm.registry/some/repo @my-priv-repo:https://private.npm.registry/another/repo" NODE_CONFIG_SCOPED_REGISTRIES: "@public-repo:https://public.npm.registry/some/repo @my-priv-repo:https://private.npm.registry/another/repo"
......
...@@ -27,7 +27,7 @@ if [[ "$curVer" ]]; then ...@@ -27,7 +27,7 @@ if [[ "$curVer" ]]; then
log_info "Bump version from \\e[33;1m${curVer}\\e[0m to \\e[33;1m${nextVer}\\e[0m (release type: $relType)..." log_info "Bump version from \\e[33;1m${curVer}\\e[0m to \\e[33;1m${nextVer}\\e[0m (release type: $relType)..."
# replace in README # replace in README
sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\/ref: \$nextVer\/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\"/ref: \"$nextVer\"/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next
mv -f README.md.next README.md mv -f README.md.next README.md
# replace in template and variants # replace in template and variants
......
...@@ -84,7 +84,7 @@ ...@@ -84,7 +84,7 @@
{ {
"id": "node-lint", "id": "node-lint",
"name": "node lint", "name": "node lint",
"description": "node lint analysis", "description": "code analysis with [ESLint](https://eslint.org/)",
"enable_with": "NODE_LINT_ENABLED", "enable_with": "NODE_LINT_ENABLED",
"variables": [ "variables": [
{ {
......
...@@ -22,7 +22,7 @@ variables: ...@@ -22,7 +22,7 @@ variables:
.node-base: .node-base:
services: services:
- name: "$TBC_TRACKING_IMAGE" - name: "$TBC_TRACKING_IMAGE"
command: ["--service", "node", "4.0.1"] command: ["--service", "node", "4.1.1"]
- name: "$TBC_VAULT_IMAGE" - name: "$TBC_VAULT_IMAGE"
alias: "vault-secrets-provider" alias: "vault-secrets-provider"
variables: variables:
......
...@@ -242,7 +242,7 @@ variables: ...@@ -242,7 +242,7 @@ variables:
# default integration ref name (pattern) # default integration ref name (pattern)
INTEG_REF: /^develop$/ INTEG_REF: /^develop$/
# default release tag name (pattern) # default release tag name (pattern)
RELEASE_REF: /^v?[0-9]+\.[0-9]+\.[0-9]+$/ RELEASE_REF: /^v?[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9-\.]+)?(\+[a-zA-Z0-9-\.]+)?$/
# ================================================== # ==================================================
# Stages definition # Stages definition
...@@ -568,16 +568,6 @@ stages: ...@@ -568,16 +568,6 @@ stages:
fi fi
} }
function sonar_lint_report() {
if [[ "$SONAR_HOST_URL" ]] || [[ "$SONAR_URL" ]]
then
mkdir -p -m 777 reports
# generate eslint report in json for SonarQube
# shellcheck disable=SC2086
$NODE_MANAGER $NODE_LINT_ARGS -- --format=json --output-file=reports/node-lint.xslint.json
fi
}
function configure_publish() { function configure_publish() {
# get package scope+name, and target registry url # get package scope+name, and target registry url
pkg_fullname=$(node -pe "require('./package.json').name") pkg_fullname=$(node -pe "require('./package.json').name")
...@@ -645,7 +635,7 @@ stages: ...@@ -645,7 +635,7 @@ stages:
image: $NODE_IMAGE image: $NODE_IMAGE
services: services:
- name: "$TBC_TRACKING_IMAGE" - name: "$TBC_TRACKING_IMAGE"
command: ["--service", "node", "4.0.1"] command: ["--service", "node", "4.1.1"]
variables: variables:
# Yarn cache (better than --cache-folder option, deprecated) # Yarn cache (better than --cache-folder option, deprecated)
YARN_CACHE_FOLDER: "$CI_PROJECT_DIR/$NODE_PROJECT_DIR/.yarn" YARN_CACHE_FOLDER: "$CI_PROJECT_DIR/$NODE_PROJECT_DIR/.yarn"
...@@ -719,16 +709,35 @@ node-lint: ...@@ -719,16 +709,35 @@ node-lint:
extends: .node-base extends: .node-base
stage: build stage: build
script: script:
# generate lint report for sonar - mkdir -p -m 777 reports
- sonar_lint_report || true # maybe generate ESLint report for SonarQube
# display lint result for console - |
- $NODE_MANAGER $NODE_LINT_ARGS if [[ "$SONAR_HOST_URL" ]] || [[ "$SONAR_URL" ]]
then
# generate eslint report for SonarQube
# shellcheck disable=SC2086
log_info "SonarQube detected: producing ESLint JSON report..."
$NODE_MANAGER $NODE_LINT_ARGS -- --format=json --output-file=reports/node-lint.xslint.json || true
fi
# maybe add eslint-formatter-gitlab
- |
if ! $NODE_MANAGER list | grep eslint-formatter-gitlab > /dev/null
then
log_info "Adding eslint-formatter-gitlab to produce ESLint GitLab report..."
$NODE_MANAGER add eslint-formatter-gitlab
fi
# run ESLint with console output and GitLab report
# shellcheck disable=SC2086
- ESLINT_CODE_QUALITY_REPORT=reports/node-lint.gitlab.json $NODE_MANAGER $NODE_LINT_ARGS -- --format=gitlab
artifacts: artifacts:
when: always # store artifact even if test Failed when: always # store artifact even if test Failed
name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
paths:
- $NODE_PROJECT_DIR/reports/node-lint.xslint.json
expire_in: 1 day expire_in: 1 day
paths:
- $NODE_PROJECT_DIR/reports/node-lint.*
reports:
codequality:
- $NODE_PROJECT_DIR/reports/node-lint.gitlab.json
rules: rules:
# exclude if $NODE_LINT_ENABLED unset # exclude if $NODE_LINT_ENABLED unset
- if: '$NODE_LINT_ENABLED != "true"' - if: '$NODE_LINT_ENABLED != "true"'
...@@ -762,6 +771,7 @@ node-audit: ...@@ -762,6 +771,7 @@ node-audit:
paths: paths:
- $NODE_PROJECT_DIR/reports/npm-audit.* - $NODE_PROJECT_DIR/reports/npm-audit.*
expire_in: 1 day expire_in: 1 day
access: developer
rules: rules:
# exclude if $NODE_AUDIT_DISABLED set # exclude if $NODE_AUDIT_DISABLED set
- if: '$NODE_AUDIT_DISABLED == "true"' - if: '$NODE_AUDIT_DISABLED == "true"'
...@@ -787,6 +797,7 @@ node-outdated: ...@@ -787,6 +797,7 @@ node-outdated:
paths: paths:
- $NODE_PROJECT_DIR/reports/npm-outdated.* - $NODE_PROJECT_DIR/reports/npm-outdated.*
expire_in: 1 day expire_in: 1 day
access: developer
rules: rules:
# exclude if $NODE_OUTDATED_DISABLED set # exclude if $NODE_OUTDATED_DISABLED set
- if: $NODE_OUTDATED_DISABLED == "true" - if: $NODE_OUTDATED_DISABLED == "true"
...@@ -808,19 +819,19 @@ node-semgrep: ...@@ -808,19 +819,19 @@ node-semgrep:
dependencies: [] dependencies: []
stage: test stage: test
before_script: before_script:
- *node-scripts - !reference [.node-scripts]
- cd $NODE_PROJECT_DIR - mkdir -p -m 777 ${NODE_PROJECT_DIR}/reports
- mkdir -p -m 777 reports
- setup_semgrep_rules - setup_semgrep_rules
script: script:
- >- - >-
semgrep ci ${TRACE+--verbose} ${NODE_SEMGREP_ARGS} semgrep ci ${TRACE+--verbose} ${NODE_SEMGREP_ARGS} --subdir ${NODE_PROJECT_DIR}
--gitlab-sast-output=reports/node-semgrep.gitlab.json --gitlab-sast-output=${NODE_PROJECT_DIR}/reports/node-semgrep.gitlab.json
${DEFECTDOJO_SEMGREP_REPORTS:+--json-output=reports/node-semgrep.native.json} ${DEFECTDOJO_SEMGREP_REPORTS:+--json-output=${NODE_PROJECT_DIR}/reports/node-semgrep.native.json}
artifacts: artifacts:
name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
when: always when: always
expire_in: 1 week expire_in: 1 week
access: developer
reports: reports:
sast: $NODE_PROJECT_DIR/reports/node-semgrep.gitlab.json sast: $NODE_PROJECT_DIR/reports/node-semgrep.gitlab.json
paths: paths:
......