diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index bd76525b1adc4360a3f0b6125532dae913e931ce..8960d4cbadce8f1c3909234ffe74f5217d130499 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,31 +1,38 @@ +# variables in the GitLab CI/CD variables: + # GITLAB_TOKEN to support the semantic-release + # DOCKER_AUTH_CONFIG to support the usage of private docker images as job docker image + # TMPL_RELEASE_ENABLED to enable the semantic-release job + # TBC_NAMESPACE: smartdatalab/public/ci-cd-components + include: - - component: git.code.tecnalia.com/smartdatalab/public/ci-cd-components/gitlab-ci/extract@master + - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/gitlab-ci/extract@master inputs: extract-script-job-tags: ["docker"] - - component: git.code.tecnalia.com/smartdatalab/public/ci-cd-components/gitlab-ci/validation@master + - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/gitlab-ci/validation@master inputs: check-links-job-tags: ["docker"] tbc-check-job-tags: ["docker"] tbc-check-image: cicd-docker-dev.artifact.tecnalia.com/tbc-check:master gitlab-ci-lint-job-tags: ["docker"] - - component: git.code.tecnalia.com/smartdatalab/public/ci-cd-components/kicker/validation@master + - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/kicker/validation@master inputs: kicker-validation-job-tags: ["docker"] schema-base-url: "https://git.code.tecnalia.com/api/v4/projects/smartdatalab%2Fpublic%2Fci-cd-components%2Fkicker/repository/files" - - component: git.code.tecnalia.com/smartdatalab/public/ci-cd-components/bash/gitlab-ci-bash@master + yajsv-image: "cicd-docker-dev.artifact.tecnalia.com/yajsv:latest" + - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/bash/gitlab-ci-bash@master inputs: bash-shellcheck-job-tags: ["docker"] - - component: git.code.tecnalia.com/smartdatalab/public/ci-cd-components/semantic-release/gitlab-ci-semrel@master + shellcheck-files: "*.sh" + - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/semantic-release/gitlab-ci-semrel@master inputs: semantic-release-job-tags: ["docker"] - -stages: - - build - - publish + - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/gitleaks/gitlab-ci-gitleaks@master + inputs: + gitleaks-job-tags: ["docker"] variables: GITLAB_CI_FILES: "templates/gitlab-ci-renovate.yml" - BASH_SHELLCHECK_FILES: "*.sh" + GIT_STRATEGY: clone semantic-release: rules: diff --git a/CHANGELOG.md b/CHANGELOG.md index 91747d3c8ee42084ee327fdc1a5c491a19ff6951..b8a21b9bd36a355770ad78f1508b02176ae0ebe9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,3 @@ -## [1.2.2](https://git.code.tecnalia.com/smartdatalab/public/ci-cd-components/renovate/compare/1.2.1...1.2.2) (2024-05-21) - - -### Bug Fixes - -* **workflow:** disable MR pipeline from prod & integ branches ([e32e815](https://git.code.tecnalia.com/smartdatalab/public/ci-cd-components/renovate/commit/e32e815f6aa487edf0c25112cc6173bbd1ce0ad2)) - ## [1.2.2](https://gitlab.com/to-be-continuous/renovate/compare/1.2.1...1.2.2) (2024-05-05) diff --git a/README.md b/README.md index 6fd4fd25abab23aa5f344b80e98d26534ef7470a..dff8f2313af207cdffcc356a868f086b7f34f1f2 100644 --- a/README.md +++ b/README.md @@ -4,29 +4,29 @@ Automate your dependency updates with [Renovate](https://www.mend.io/renovate/). ## Usage -This template can be used both as a [CI/CD component](https://docs.gitlab.com/ee/ci/components/#use-a-component-in-a-cicd-configuration) +This template can be used both as a [CI/CD component](https://docs.gitlab.com/ee/ci/components/#use-a-component) or using the legacy [`include:project`](https://docs.gitlab.com/ee/ci/yaml/index.html#includeproject) syntax. ### Use as a CI/CD component -Add the following to your `gitlab-ci.yml`: +Add the following to your `.gitlab-ci.yml`: ```yaml include: # include the component - - component: gitlab.com/to-be-continuous/renovate/gitlab-ci-renovate@1.2.2 + - component: $CI_SERVER_FQDN/to-be-continuous/renovate/gitlab-ci-renovate@1.3.0 ``` ### Use as a CI/CD template (legacy) -Add the following to your `gitlab-ci.yml`: +Add the following to your `.gitlab-ci.yml`: ```yaml include: # include the template - - project: 'to-be-continuous/renovate' - ref: '1.2.2' - file: '/templates/gitlab-ci-renovate.yml' + - project: "to-be-continuous/renovate" + ref: "1.2.2" + file: "/templates/gitlab-ci-renovate.yml" ``` ## Configuration @@ -36,7 +36,6 @@ The Renovate template uses some global configuration used throughout all jobs. | Input / Variable | Description | Default value | |------------------------|---------------------------------------------------------------------------------|-------------------| | `image` / `RENOVATE_IMAGE` | The Docker image used to run Renovate | `registry.hub.docker.com/renovate/renovate:latest` | -| `platform` / `RENOVATE_PLATFORM` | The Platform type of repository [See doc](https://docs.renovatebot.com/self-hosted-configuration/#platform) | `gitlab` | | :lock: `RENOVATE_TOKEN`| A GitLab access token to allow Renovate crawl your projects. [See doc](https://docs.renovatebot.com/modules/platform/gitlab/#authentication) | _none_ | | :lock: `GITHUB_COM_TOKEN`| A GitHub access token to allow Renovate fetch changelogs. [See doc](https://docs.renovatebot.com/getting-started/running/#githubcom-token-for-changelogs) | _none_ | | `renovate-validator-job-tags` / `RENOVATE_VALIDATOR_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` | @@ -50,13 +49,29 @@ will be in charge of crawling all your other projects. Upon including the template, carefuly follow [Renovate's documentation](https://docs.renovatebot.com/) to configure the bot accordingly. Pay attention to the following: -* ~~Remember to set the [platform](https://docs.renovatebot.com/self-hosted-configuration/#platform) parameter +- ~~Remember to set the [platform](https://docs.renovatebot.com/self-hosted-configuration/#platform) parameter to `gitlab` in your configuration.~~ -* [GitLab platform integration](https://docs.renovatebot.com/modules/platform/gitlab/) requires that you +- [GitLab platform integration](https://docs.renovatebot.com/modules/platform/gitlab/) requires that you declare a `RENOVATE_TOKEN` variable with an access token. -* You'll also probaly need to declare a `GITHUB_COM_TOKEN` variable, holding a GitHub access token +- You'll also probaly need to declare a `GITHUB_COM_TOKEN` variable, holding a GitHub access token (for [fetching changelogs](https://docs.renovatebot.com/getting-started/running/#githubcom-token-for-changelogs)) +### Default Renovate configuration + +This template is designed to be run on GitLab. + +Defaults values are set to manage GitLab features : + +| Renovate variable | Value | +| ------------------------------------------------------------------------------------------------------------ | ----------------------------------------- | +| [`RENOVATE_PLATFORM`](https://docs.renovatebot.com/self-hosted-configuration/#platform) | `gitlab` | +| [`RENOVATE_ENDPOINT`](https://docs.renovatebot.com/self-hosted-configuration/#endpoint) | `$CI_API_V4_URL` | +| [`RENOVATE_AUTODISCOVER_FILTER`](https://docs.renovatebot.com/self-hosted-configuration/#autodiscoverfilter) | `${CI_PROJECT_ROOT_NAMESPACE}/**` | +| [`RENOVATE_REGISTRY_ALIASES`](https://docs.renovatebot.com/configuration-options/#registryaliases) | `{"$$CI_SERVER_FQDN": "$CI_SERVER_FQDN"}` | +| [`RENOVATE_BINARY_SOURCE`](https://docs.renovatebot.com/self-hosted-configuration/#binarysource) | `install` | +| [`RENOVATE_LOG_FILE`](https://docs.renovatebot.com/config-overview/#logging-variables) | `renovate-log.ndjson` | +| [`RENOVATE_LOG_FILE_LEVEL`](https://docs.renovatebot.com/config-overview/#logging-variables) | `debug` | + ### Dry-run implementation details Depending on the source of a pipeline, the template will either perform your dependency updates (create/update/delete branches and MRs) @@ -69,5 +84,5 @@ The real dependency updates is triggered only when: In any other case (regular Git commit or else) the template will perform a dry run. -:warning: Dry-run behavior is enabled/disabled with the `RENOVATE_DRY_RUN` environment variable. +:warning: Dry-run behavior is enabled/disabled with the `RENOVATE_DRY_RUN` environment variable. Please don't try to override it or you might break the default template implementation. diff --git a/kicker.json b/kicker.json index 50f983c1f93be47888ce7fda9e554839d3fd45b7..1e9f9baa54b60e20f51dabd229b9b3d898c761f6 100644 --- a/kicker.json +++ b/kicker.json @@ -21,11 +21,6 @@ "description": "A GitHub access token to allow Renovate fetch changelogs. [See doc](https://docs.renovatebot.com/getting-started/running/#githubcom-token-for-changelogs)", "secret": true }, - { - "name": "RENOVATE_PLATFORM", - "description": "The Platform type of repository", - "default": "gitlab" - }, { "name": "RENOVATE_RENOVATE_VALIDATOR_JOB_TAGS", "description": "Tags to be used for selecting runners for the job", diff --git a/templates/gitlab-ci-renovate.yml b/templates/gitlab-ci-renovate.yml index 2f6228fab9e84b0e89143edbf7e079c44149d374..bd037d12b3fe2b0045cdfeb62ea156f94a1885c3 100644 --- a/templates/gitlab-ci-renovate.yml +++ b/templates/gitlab-ci-renovate.yml @@ -19,9 +19,6 @@ spec: image: description: The Docker image used to run Renovate default: registry.hub.docker.com/renovate/renovate:latest - platform: - description: The Platform type of repository - default: gitlab renovate-validator-job-tags: description: tags to filter applicable runners for renovate-validator job default: [] @@ -61,14 +58,16 @@ variables: TBC_TRACKING_IMAGE: registry.gitlab.com/to-be-continuous/tools/tracking:master RENOVATE_IMAGE: $[[ inputs.image ]] - RENOVATE_PLATFORM: $[[ inputs.platform ]] # those are native Renovate configuration variables # see: https://docs.renovatebot.com/self-hosted-configuration + RENOVATE_PLATFORM: gitlab RENOVATE_ENDPOINT: $CI_API_V4_URL - RENOVATE_LOG_FILE: renovate-log.ndjson RENOVATE_AUTODISCOVER_FILTER: ${CI_PROJECT_ROOT_NAMESPACE}/** + RENOVATE_REGISTRY_ALIASES: "{\"$$CI_SERVER_FQDN\": \"$CI_SERVER_FQDN\"}" RENOVATE_BINARY_SOURCE: install + # see: https://docs.renovatebot.com/config-overview/#logging-variables + RENOVATE_LOG_FILE: renovate-log.ndjson RENOVATE_LOG_FILE_LEVEL: debug LOG_LEVEL: info @@ -240,7 +239,7 @@ stages: image: $RENOVATE_IMAGE services: - name: "$TBC_TRACKING_IMAGE" - command: ["--service", "renovate", "1.2.2"] + command: ["--service", "renovate", "1.3.0"] variables: RENOVATE_BASE_DIR: $CI_PROJECT_DIR RENOVATE_CACHE_DIR: $CI_PROJECT_DIR/.cache/renovate