Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • 7
  • 7.10
  • 7.10.2
  • 7.10.1
  • 7.10.0
  • 7.9
  • 7.9.2
  • 7.9.1
  • 7.9.0
  • 7.8.3
  • 7.8.2
  • 7.8.1
  • 7.8
  • 7.8.0
  • 7.7
  • 7.7.1
  • 7.7.0
  • 7.6
  • 7.6.0
  • 7.5
21 results

kicker.json

Blame
  • kicker.json 10.18 KiB
    {
      "name": "Python",
      "description": "Build, test and analyse your [Python](https://www.python.org/) projects",
      "template_path": "templates/gitlab-ci-python.yml",
      "kind": "build",
      "variables": [
        {
          "name": "PYTHON_IMAGE",
          "description": "The Docker image used to run Python - **set the version required by your project**",
          "default": "registry.hub.docker.com/library/python:3"
        },
        {
          "name": "PYTHON_PROJECT_DIR",
          "description": "Python project root directory",
          "default": "."
        },
        {
          "name": "PYTHON_BUILD_SYSTEM",
          "description": "Python build-system to use to install dependencies, build and package the project",
          "type": "enum",
          "values": ["auto", "setuptools", "poetry", "pipenv", "reqfile"],
          "default": "auto",
          "advanced": true
        },
        {
          "name": "PYTHON_REQS_FILE",
          "description": "Main requirements file _(relative to `$PYTHON_PROJECT_DIR`)_\n\nFor [Requirements Files](https://pip.pypa.io/en/stable/user_guide/#requirements-files) build-system only",
          "default": "requirements.txt",
          "advanced": true
        },
        {
          "name": "PYTHON_EXTRA_REQS_FILES",
          "description": "Extra dev requirements file(s) to install _(relative to `$PYTHON_PROJECT_DIR`)_\n\nFor [Requirements Files](https://pip.pypa.io/en/stable/user_guide/#requirements-files) build-system only",
          "default": "requirements-dev.txt",
          "advanced": true
        },
        {
          "name": "PYTHON_COMPILE_ARGS",
          "description": "[`compileall` CLI options](https://docs.python.org/3/library/compileall.html)",
          "default": "*",
          "advanced": true
        },
        {
          "name": "PIP_OPTS",
          "description": "pip extra [options](https://pip.pypa.io/en/stable/cli/pip/#general-options)",
          "advanced": true
        },
        {
          "name": "PYTHON_EXTRA_DEPS",
          "description": "Extra sets of dependencies to install\n\nFor [Setuptools](https://setuptools.pypa.io/en/latest/userguide/dependency_management.html?highlight=extras#optional-dependencies) or [Poetry](https://python-poetry.org/docs/pyproject/#extras) only"
        }
      ],
      "features": [
        {
          "id":"package",
          "name":"package",
          "description":"This job allows building your Python project [distribution packages](https://packaging.python.org/en/latest/glossary/#term-Distribution-Package).",
          "enable_with": "PYTHON_PACKAGE_ENABLED"
        },
        {
          "id": "py-lint",
          "name": "py-lint",
          "description": "Code analysis based on [pylint](http://pylint.pycqa.org/en/latest/) Python lib.",
          "enable_with": "PYLINT_ENABLED",
          "variables": [
            {
              "name": "PYLINT_ARGS",
              "description": "Additional [pylint CLI options](http://pylint.pycqa.org/en/latest/user_guide/run.html#command-line-options)",
              "advanced": true
            },
            {
              "name": "PYLINT_FILES",
              "description": "Files or directories to analyse",
              "advanced": true
            }
          ]
        },
        {
          "id": "unittest",
          "name": "unittest",
          "description": "Unit tests based on [unittest](https://docs.python.org/3/library/unittest.html) framework",
          "enable_with": "UNITTEST_ENABLED",
          "variables": [
            {
              "name": "UNITTEST_ARGS",
              "description": "Additional xmlrunner/unittest CLI options",
              "advanced": true
            }
          ]
        },
        {
          "id": "pytest",
          "name": "pytest",
          "description": "Unit tests based on [pytest](https://docs.pytest.org/) framework",
          "enable_with": "PYTEST_ENABLED",
          "variables": [
            {
              "name": "PYTEST_ARGS",
              "description": "Additional [pytest](https://docs.pytest.org/en/stable/usage.html) or [pytest-cov](https://github.com/pytest-dev/pytest-cov#usage) CLI options",
              "advanced": true
            }
          ]
        },
        {
          "id": "py-nosetests",
          "name": "py-nosetests",
          "description": "Unit tests based on [nose](https://nose.readthedocs.io/) framework",
          "enable_with": "NOSETESTS_ENABLED",
          "variables": [
            {
              "name": "NOSETESTS_ARGS",
              "description": "Additional [nose CLI options](https://nose.readthedocs.io/en/latest/usage.html#options)",
              "advanced": true
            }
          ]
        },
        {
          "id": "bandit",
          "name": "Bandit",
          "description": "[Bandit](https://pypi.org/project/bandit/) analysis (SAST)",
          "enable_with": "BANDIT_ENABLED",
          "variables": [
            {
              "name": "BANDIT_ARGS",
              "description": "Additional [Bandit CLI options](https://github.com/PyCQA/bandit#usage)",
              "default": "--recursive .",
              "advanced": true
            }
          ]
        },
        {
          "id": "safety",
          "name": "Safety",
          "description": "Detect security vulnerabilities with [Safety](https://pypi.org/project/safety/) (dependencies analysis)",
          "enable_with": "SAFETY_ENABLED",
          "variables": [
            {
              "name": "SAFETY_ARGS",
              "description": "Additional [Safety CLI options](https://github.com/pyupio/safety#usage)",
              "default": "--full-report",
              "advanced": true
            }
          ]
        },
        {
          "id": "trivy",
          "name": "Trivy",
          "description": "Detect security vulnerabilities with [Trivy](https://github.com/aquasecurity/trivy/) (dependencies analysis)",
          "enable_with": "PYTHON_TRIVY_ENABLED",
          "variables": [
            {
              "name": "PYTHON_TRIVY_ARGS",
              "description": "Additional [Trivy CLI options](https://aquasecurity.github.io/trivy/v0.21.1/getting-started/cli/fs/)",
              "default": "--vuln-type library",
              "advanced": true
            }
          ]
        },
        {
          "id": "sbom",
          "name": "Software Bill of Materials",
          "description": "This job generates a file listing all dependencies using [syft](https://github.com/anchore/syft)",
          "disable_with": "PYTHON_SBOM_DISABLED",
          "variables": [
            {
              "name": "PYTHON_SBOM_SYFT_URL",
              "description": "Url to the `tar.gz` package for `linux_amd64` of Syft to use\n\n_When unset, the latest version will be used_",
              "advanced": true
            },
            {
              "name": "PYTHON_SBOM_NAME",
              "description": "Component name of the emitted SBOM",
              "default": "$CI_PROJECT_PATH/$PYTHON_PROJECT_DIR",
              "advanced": true
            },
            {
              "name": "PYTHON_SBOM_OPTS",
              "description": "Options for syft used for SBOM analysis",
              "default": "--catalogers python-index-cataloger",
              "advanced": true
            }
          ]
        },
        {
          "id": "release",
          "name": "Release",
          "description": "Manually trigger a release of your code (uses [bumpversion](https://pypi.org/project/bumpversion/))",
          "enable_with": "PYTHON_RELEASE_ENABLED",
          "variables": [
            {
              "name": "PYTHON_RELEASE_NEXT",
              "type": "enum",
              "values": [
                "",
                "major",
                "minor",
                "patch"
              ],
              "description": "The part of the version to increase (one of: `major`, `minor`, `patch`)",
              "default": "minor",
              "advanced": true
            },
            {
              "name": "PYTHON_SEMREL_RELEASE_DISABLED",
              "description": "Disable semantic-release integration",
              "type": "boolean",
              "advanced": true
            },
            {
              "name": "PYTHON_RELEASE_COMMIT_MESSAGE",
              "description": "The Git commit message to use on the release commit. This is templated using the [Python Format String Syntax](http://docs.python.org/2/library/string.html#format-string-syntax). Available in the template context are current_version and new_version.",
              "default": "chore(python-release): {current_version} → {new_version}",
              "advanced": true
            },
            {
              "name": "GIT_USERNAME",
              "description": "Git username for Git push operations",
              "secret": true
            },
            {
              "name": "GIT_PASSWORD",
              "description": "Git password for Git push operations",
              "secret": true
            },
            {
              "name": "GIT_PRIVATE_KEY",
              "description": "SSH key for Git push operations",
              "secret": true
            },
            {
              "name": "PYTHON_REPOSITORY_URL",
              "type": "url",
              "description": "Target PyPI repository to publish packages.\n\n_defaults to [GitLab project's packages repository](https://docs.gitlab.com/ee/user/packages/pypi_repository/)_",
              "default": "${CI_SERVER_URL}/api/v4/projects/${CI_PROJECT_ID}/packages/pypi"
            },
            {
              "name": "PYTHON_REPOSITORY_USERNAME",
              "description": "Target PyPI repository username credential",
              "secret": true,
              "default": "gitlab-ci-token"
            },
            {
              "name": "PYTHON_REPOSITORY_PASSWORD",
              "description": "Target PyPI repository password credential",
              "secret": true,
              "default": "$CI_JOB_TOKEN"
            }
          ]
        }
      ],
      "variants": [
        {
          "id": "vault",
          "name": "Vault",
          "description": "Retrieve secrets from a [Vault](https://www.vaultproject.io/) server",
          "template_path": "templates/gitlab-ci-python-vault.yml",
          "variables": [
            {
              "name": "TBC_VAULT_IMAGE",
              "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",
              "default": "$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master",
              "advanced": true
            },
            {
              "name": "VAULT_BASE_URL",
              "description": "The Vault server base API url",
              "mandatory": true
            },
            {
              "name": "VAULT_OIDC_AUD",
              "description": "The `aud` claim for the JWT",
              "default": "$CI_SERVER_URL"
            },
            {
              "name": "VAULT_ROLE_ID",
              "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID",
              "mandatory": true,
              "secret": true
            },
            {
              "name": "VAULT_SECRET_ID",
              "description": "The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID",
              "mandatory": true,
              "secret": true
            }
          ]
        }
      ]
    }