adds job tags

d3829255 · Benguria Elguezabal, Gorka · 1e7aa1d7 · d3829255 · d3829255 · d3829255
Commit d3829255 authored Jul 26, 2024 by Benguria Elguezabal, Gorka
--- a/README.md
+++ b/README.md
@@ -101,6 +101,7 @@ It is bound to the `build` stage, and uses the following variables:
 | `pylint-enabled` / `PYLINT_ENABLED` | Set to `true` to enable the `pylint` job                  | _none_ (disabled) |
 | `pylint-args` / `PYLINT_ARGS` | Additional [pylint CLI options](http://pylint.pycqa.org/en/latest/user_guide/run.html#command-line-options) |  _none_           |
 | `pylint-files` / `PYLINT_FILES` | Files or directories to analyse   | _none_ (by default analyses all found python source files) |
+| `py-lint-job-tags` / `PY_LINT_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]`            |

 In addition to a textual report in the console, this job produces the following reports, kept for one day:

@@ -131,6 +132,7 @@ It is bound to the `build` stage, and uses the following variables:
 | ------------------------ | -------------------------------------------------------------------- | ----------------------- |
 | `unittest-enabled` / `UNITTEST_ENABLED` | Set to `true` to enable the `unittest` job                  | _none_ (disabled) |
 | `unittest-args` / `UNITTEST_ARGS` | Additional xmlrunner/unittest CLI options                            | _none_                  |
+| `py-unittest-job-tags` / `PY_UNITTEST_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]`            |

 :information_source: use a `.coveragerc` file at the root of your Python project to control the coverage settings.

@@ -198,6 +200,7 @@ It is bound to the `build` stage, and uses the following variables:
 | ------------------------ | --------------------------------------------------------------------------------------- | ----------------------- |
 | `nosetests-enabled` / `NOSETESTS_ENABLED` | Set to `true` to enable the `nose` job                  | _none_ (disabled) |
 | `nosetests-args` / `NOSETESTS_ARGS` | Additional [nose CLI options](https://nose.readthedocs.io/en/latest/usage.html#options) | _none_                  |
+| `py-nosetests-job-tags` / `PY_NOSETESTS_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]`            |

 By default coverage will be run on all the project directories. You can restrict it to your packages by setting the `$NOSE_COVER_PACKAGE` variable.
 More [info](https://nose.readthedocs.io/en/latest/plugins/cover.html)
@@ -233,6 +236,7 @@ It is bound to the `test` stage, and uses the following variables:
 | ---------------- | ---------------------------------------------------------------------- | ----------------- |
 | `bandit-enabled` / `BANDIT_ENABLED` | Set to `true` to enable Bandit analysis                                | _none_ (disabled) |
 | `bandit-args` / `BANDIT_ARGS`    | Additional [Bandit CLI options](https://github.com/PyCQA/bandit#usage) | `--recursive .`   |
+| `py-bandit-job-tags` / `PY_BANDIT_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]`            |

 In addition to a textual report in the console, this job produces the following reports, kept for one day:

@@ -254,6 +258,7 @@ It is bound to the `test` stage, and uses the following variables:
 | `trivy-disabled` / `PYTHON_TRIVY_DISABLED` | Set to `true` to disable Trivy job                                 | _none_ (enabled) |
 | `trivy-dist-url` / `PYTHON_TRIVY_DIST_URL` | Url to the `tar.gz` package for `linux_amd64` of Trivy to use (ex: `https://github.com/aquasecurity/trivy/releases/download/v0.51.1/trivy_0.51.1_Linux-64bit.tar.gz`)<br/>_When unset, the latest version will be used_ | _none_ |
 | `trivy-args` / `PYTHON_TRIVY_ARGS`       | Additional [Trivy CLI options](https://aquasecurity.github.io/trivy/v0.21.1/getting-started/cli/fs/) | `--vuln-type library`   |
+| `py-trivy-job-tags` / `PY_TRIVY_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]`            |

 In addition to a textual report in the console, this job produces the following reports, kept for one day:

@@ -273,6 +278,7 @@ It is bound to the `test` stage, and uses the following variables:
 | `sbom-syft-url` / `PYTHON_SBOM_SYFT_URL` | Url to the `tar.gz` package for `linux_amd64` of Syft to use (ex: `https://github.com/anchore/syft/releases/download/v0.62.3/syft_0.62.3_linux_amd64.tar.gz`)<br/>_When unset, the latest version will be used_ | _none_ |
 | `sbom-name` / `PYTHON_SBOM_NAME` | Component name of the emitted SBOM | `$CI_PROJECT_PATH/$PYTHON_PROJECT_DIR` |
 | `sbom-opts` / `PYTHON_SBOM_OPTS` | Options for syft used for SBOM analysis | `--override-default-catalogers python-package-cataloger` |
+| `py-sbom-job-tags` / `PY_SBOM_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]`            |

 In addition to logs in the console, this job produces the following reports, kept for one week:

@@ -287,6 +293,7 @@ This job **disabled by default** and runs [black](https://black.readthedocs.io)
 | Input / Variable | Description                                                             | Default value     |
 | ---------------- | ----------------------------------------------------------------------- | ----------------- |
 | `black-enabled` / `PYTHON_BLACK_ENABLED` | Set to `true` to enable black job               | _none_ (disabled) |
+| `py-black-job-tags` / `PY_BLACK_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]`            |

 ### `py-isort` job

@@ -295,6 +302,7 @@ This job **disabled by default** and runs [isort](https://pycqa.github.io/isort/
 | Input / Variable | Description                                                             | Default value     |
 | ---------------- | ----------------------------------------------------------------------- | ----------------- |
 | `isort-enabled` / `PYTHON_ISORT_ENABLED` | Set to `true` to enable isort job               | _none_ (disabled) |
+| `py-isort-job-tags` / `PY_ISORT_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]`            |

 ### `py-ruff` job

@@ -328,6 +336,7 @@ It is bound to the `build` stage, and uses the following variables:
 | `mypy-enabled` / `MYPY_ENABLED` | Set to `true` to enable the `mypy` job                  | _none_ (disabled) |
 | `mypy-args` / `MYPY_ARGS` | Additional [mypy CLI options](https://mypy.readthedocs.io/en/stable/command_line.html) | _none_           |
 | `mypy-files` / `MYPY_FILES` | Files or directories to analyse   | _none_ (by default analyses all found python source files) |
+| `py-mypy-job-tags` / `PY_MYPY_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]`            |

 In addition to a textual report in the console, this job produces the following reports, kept for one day:


--- a/kicker.json
+++ b/kicker.json
@@ -98,6 +98,13 @@
          "name": "PYLINT_FILES",
          "description": "Files or directories to analyse",
          "advanced": true
+        },
+        {
+          "name": "PY_PYLINT_JOB_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
        }
      ]
    },
@@ -111,6 +118,13 @@
          "name": "UNITTEST_ARGS",
          "description": "Additional xmlrunner/unittest CLI options",
          "advanced": true
+        },
+        {
+          "name": "PY_UNITTEST_JOB_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
        }
      ]
    },
@@ -144,6 +158,13 @@
          "name": "NOSETESTS_ARGS",
          "description": "Additional [nose CLI options](https://nose.readthedocs.io/en/latest/usage.html#options)",
          "advanced": true
+        },
+        {
+          "name": "PY_NOSETESTS_JOB_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
        }
      ]
    },
@@ -158,6 +179,13 @@
          "description": "Additional [Bandit CLI options](https://github.com/PyCQA/bandit#usage)",
          "default": "--recursive .",
          "advanced": true
+        },
+        {
+          "name": "PY_BANDIT_JOB_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
        }
      ]
    },
@@ -177,6 +205,13 @@
          "description": "Additional [Trivy CLI options](https://aquasecurity.github.io/trivy/v0.21.1/getting-started/cli/fs/)",
          "default": "--vuln-type library",
          "advanced": true
+        },
+        {
+          "name": "PY_TRIVY_JOB_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
        }
      ]
    },
@@ -202,6 +237,13 @@
          "description": "Options for syft used for SBOM analysis",
          "default": "--override-default-catalogers python-package-cataloger",
          "advanced": true
+        },
+        {
+          "name": "PY_SBOM_JOB_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
        }
      ]
    },
@@ -282,13 +324,31 @@
      "id": "black",
      "name": "black",
      "description": "Code formatting based on [black](https://black.readthedocs.io)",
-      "enable_with": "PYTHON_BLACK_ENABLED"
+      "enable_with": "PYTHON_BLACK_ENABLED",
+      "variables": [
+        {
+          "name": "PY_BLACK_JOB_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
+        }
+      ]
    },
    {
      "id": "isort",
      "name": "isort",
      "description": "Check imports order with [isort](https://pycqa.github.io/isort)",
-      "enable_with": "PYTHON_ISORT_ENABLED"
+      "enable_with": "PYTHON_ISORT_ENABLED",
+      "variables": [
+        {
+          "name": "PY_ISORT_JOB_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
+        }
+      ]
    },
    {
      "id": "ruff",
@@ -330,6 +390,13 @@
          "name": "MYPY_FILES",
          "description": "Files or directories to analyse",
          "advanced": true
+        },
+        {
+          "name": "PY_MYPY_JOB_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
        }
      ]
    }

--- a/templates/gitlab-ci-python.yml
+++ b/templates/gitlab-ci-python.yml
@@ -202,6 +202,42 @@ spec:
      description: tags to filter applicable runners for py-publish job
      type: array
      default: []
+    py-pylint-job-tags:
+      description: tags to filter applicable runners for py-pylint job
+      type: array
+      default: []
+    py-black-job-tags:
+      description: tags to filter applicable runners for py-black job
+      type: array
+      default: []
+    py-isort-job-tags:
+      description: tags to filter applicable runners for py-isort job
+      type: array
+      default: []
+    py-mypy-job-tags:
+      description: tags to filter applicable runners for py-mypy job
+      type: array
+      default: []
+    py-unittest-job-tags:
+      description: tags to filter applicable runners for py-unittest job
+      type: array
+      default: []
+    py-nosetests-job-tags:
+      description: tags to filter applicable runners for py-nosetests job
+      type: array
+      default: []
+    py-bandit-job-tags:
+      description: tags to filter applicable runners for py-bandit job
+      type: array
+      default: []
+    py-trivy-job-tags:
+      description: tags to filter applicable runners for py-trivy job
+      type: array
+      default: []
+    py-sbom-job-tags:
+      description: tags to filter applicable runners for py-sbom job
+      type: array
+      default: []

 ---
 # default workflow rules: Merge Request pipelines
@@ -963,6 +999,7 @@ py-lint:
    - if: '$PYLINT_ENABLED != "true"'
      when: never
    - !reference [.test-policy, rules]
+  tags: $[[ inputs.py-lint-job-tags ]]

 py-compile:
  extends: .python-base
@@ -989,6 +1026,7 @@ py-black:
    - if: '$PYTHON_BLACK_ENABLED != "true"'
      when: never
    - !reference [.test-policy, rules]
+  tags: $[[ inputs.py-black-job-tags ]]

 py-isort:
  extends: .python-base
@@ -1002,6 +1040,7 @@ py-isort:
    - if: '$PYTHON_ISORT_ENABLED != "true"'
      when: never
    - !reference [.test-policy, rules]
+  tags: $[[ inputs.py-isort-job-tags ]]

 py-ruff:
  extends: .python-base
@@ -1062,6 +1101,7 @@ py-mypy:
    - if: '$MYPY_ENABLED != "true"'
      when: never
    - !reference [.test-policy, rules]
+  tags: $[[ inputs.py-mypy-job-tags ]]

 ###############################################################################################
 #                                      test stage                                             #
@@ -1098,6 +1138,7 @@ py-unittest:
    - if: '$UNITTEST_ENABLED != "true"'
      when: never
    - !reference [.test-policy, rules]
+  tags: $[[ inputs.py-unittest-job-tags ]]

 py-pytest:
  extends: .python-base
@@ -1154,6 +1195,7 @@ py-nosetests:
    - if: '$NOSETESTS_ENABLED != "true"'
      when: never
    - !reference [.test-policy, rules]
+  tags: $[[ inputs.py-nosetests-job-tags ]]

 # Bandit (SAST)
 py-bandit:
@@ -1189,6 +1231,7 @@ py-bandit:
    - if: '$BANDIT_ENABLED != "true"'
      when: never
    - !reference [.test-policy, rules]
+  tags: $[[ inputs.py-bandit-job-tags ]]

 # Trivy (dependency check)
 py-trivy:
@@ -1258,6 +1301,7 @@ py-trivy:
    - if: '$PYTHON_TRIVY_DISABLED == "true"'
      when: never
    - !reference [.test-policy, rules]
+  tags: $[[ inputs.py-trivy-job-tags ]]

 py-sbom:
  extends: .python-base
@@ -1305,6 +1349,7 @@ py-sbom:
    - if: '$PYTHON_SBOM_DISABLED == "true"'
      when: never
    - !reference [.test-policy, rules]
+  tags: $[[ inputs.py-sbom-job-tags ]]

 # (manual from master branch): triggers a release (tag creation)
 py-release: