diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index f26aaf31c0cabe5b7b072aaee2cb8b133abc96eb..15952f20feea403ca03904fb1463d66ec9cad26a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -10,7 +10,7 @@ include:
file: '/templates/validation.yml'
- project: 'to-be-continuous/bash'
ref: '3.3'
- file: 'templates/gitlab-ci-bash.yml'
+ file: '/templates/gitlab-ci-bash.yml'
- local: "templates/gitlab-ci-semrel.yml"
stages:
diff --git a/README.md b/README.md
index 5f0657584bff0af4ff351f3c51d7306b59a23df6..6cf89bc99091c56ae8beda3fa0ffea2e7c9e66cb 100644
--- a/README.md
+++ b/README.md
@@ -11,29 +11,51 @@ This project implements a GitLab CI/CD template to automate your versioning and
## Usage
-In order to include this template in your project, add the following to your `gitlab-ci.yml`:
+This template can be used both as a [CI/CD component](https://docs.gitlab.com/ee/ci/components/#use-a-component-in-a-cicd-configuration) or using the legacy [`include:project`](https://docs.gitlab.com/ee/ci/yaml/index.html#includeproject) syntax.
+
+### Use as a CI/CD component
+
+Add the following to your `gitlab-ci.yml`:
+
+```yaml
+include:
+ # 1: include the component
+ - component: gitlab.com/to-be-continuous/semantic-release/gitlab-ci-semrel@3.7.1
+ # 2: set/override component inputs
+ inputs:
+ changelog-enabled: true # ⚠ this is only an example
+```
+
+### Use as a CI/CD template (legacy)
+
+Add the following to your `gitlab-ci.yml`:
```yaml
include:
+ # 1: include the template
- project: 'to-be-continuous/semantic-release'
ref: '3.7.1'
file: '/templates/gitlab-ci-semrel.yml'
+
+variables:
+ # 2: set/override template variables
+ SEMREL_CHANGELOG_ENABLED: "true" # ⚠ this is only an example
```
## Global configuration
The semantic-release template uses some global configuration used throughout all jobs.
-| Name | Description | Default value |
+| Input / Variable | Description | Default value |
| --------------------- | --------------------------------------------- | ----------------- |
-| `SEMREL_IMAGE` | The Docker image used to run semantic-release | `registry.hub.docker.com/library/node:latest` |
-| `SEMREL_VERSION` | The [semantic-release](https://www.npmjs.com/package/semantic-release) version to use | `latest` |
-| `SEMREL_EXEC_VERSION` | The [@semantic-release/exec](https://www.npmjs.com/package/@semantic-release/exec) version to use | `latest` |
+| `image` / `SEMREL_IMAGE` | The Docker image used to run semantic-release | `registry.hub.docker.com/library/node:latest` |
+| `version` / `SEMREL_VERSION` | The [semantic-release](https://www.npmjs.com/package/semantic-release) version to use | `latest` |
+| `exec-version` / `SEMREL_EXEC_VERSION` | The [@semantic-release/exec](https://www.npmjs.com/package/@semantic-release/exec) version to use | `latest` |
| :lock: `GITLAB_TOKEN` | A GitLab [project access token](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html) or [personal access token](https://docs.gitlab.com/ce/user/profile/personal_access_tokens.html) with `api`, `read_repository` and `write repository` scopes. :warning: This variable is **mandatory** and [defined by `semantic-release`](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/ci-configuration.md#push-access-to-the-remote-repository) itself. | _none_ |
-| `GIT_AUTHOR_EMAIL` | A Git author email address associated with the `GITLAB_TOKEN` [bot user](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#bot-users-for-projects). This is [defined by `semantic-release`](https://semantic-release.gitbook.io/semantic-release/usage/configuration#git-environment-variables) itself, and **required if** the [verify-user push rules](https://docs.gitlab.com/ee/user/project/repository/push_rules.html#verify-users) enabled for the project | _none_ |
-| `GIT_COMMITTER_EMAIL` | A Git committer email address associated with the `GITLAB_TOKEN` [bot user](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#bot-users-for-projects). This is [defined by `semantic-release`](https://semantic-release.gitbook.io/semantic-release/usage/configuration#git-environment-variables) itself, and **required if** the [verify-user push rules](https://docs.gitlab.com/ee/user/project/repository/push_rules.html#verify-users) enabled for the project | _none_ |
-| `SEMREL_CONFIG_DIR` | directory containing your [semantic-release configuration](https://semantic-release.gitbook.io/semantic-release/usage/configuration#configuration-file) | `.` |
-| `SEMREL_REQUIRED_PLUGINS_FILE` | An optional file for additional npm packages to install | `semrel-required-plugins.txt` |
+| :lock: `GIT_AUTHOR_EMAIL` | A Git author email address associated with the `GITLAB_TOKEN` [bot user](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#bot-users-for-projects). This is [defined by `semantic-release`](https://semantic-release.gitbook.io/semantic-release/usage/configuration#git-environment-variables) itself, and **required if** the [verify-user push rules](https://docs.gitlab.com/ee/user/project/repository/push_rules.html#verify-users) enabled for the project | _none_ |
+| :lock: `GIT_COMMITTER_EMAIL` | A Git committer email address associated with the `GITLAB_TOKEN` [bot user](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#bot-users-for-projects). This is [defined by `semantic-release`](https://semantic-release.gitbook.io/semantic-release/usage/configuration#git-environment-variables) itself, and **required if** the [verify-user push rules](https://docs.gitlab.com/ee/user/project/repository/push_rules.html#verify-users) enabled for the project | _none_ |
+| `config-dir` / `SEMREL_CONFIG_DIR` | directory containing your [semantic-release configuration](https://semantic-release.gitbook.io/semantic-release/usage/configuration#configuration-file) | `.` |
+| `required-plugins-file` / `SEMREL_REQUIRED_PLUGINS_FILE` | An optional file for additional npm packages to install | `semrel-required-plugins.txt` |
Jobs will extract required plugin packages from discovered configuration. If your configuration needs additional packages, add them, one per line, to `SEMREL_REQUIRED_PLUGINS_FILE` file. Each line must be a valid `npm install` package argument.
@@ -63,17 +85,17 @@ If no configuration is found, the template will generate one with the following
As specified in the previous chapter, these variables are only used to generated a `.releaserc` when no configuration is found in the repository.
-| Name | Description | Default value |
+| Input / Variable | Description | Default value |
| ------------------------------| ------------------------------------------------------ | ------------- |
-| `SEMREL_CHANGELOG_ENABLED` | Add the [@semantic-release/changelog](https://github.com/semantic-release/changelog) plugin which will commit a changelog file in the repository if set to `true`. | _none_ |
-| `SEMREL_CHANGELOG_FILE` | [changelogFile @semantic-release/changelog option](https://github.com/semantic-release/changelog#options). | _none_ (use the plugin default value which is `CHANGELOG.md`). |
-| `SEMREL_CHANGELOG_TITLE` | [changelogTitle @semantic-release/changelog option](https://github.com/semantic-release/changelog#options). You might want to use markdown format (for example `# MyApp Changelog`). | _none_ |
-| `SEMREL_DRY_RUN` | Activate the [dryRun semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#dryrun) if present. | _none_ |
-| `SEMREL_AUTO_RELEASE_ENABLED` | When set to `true` the job start automatically. When not set (default), the job is manual. | _none_ |
-| `SEMREL_TAG_FORMAT` | [tagFormat semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#tagformat). :warning: don't forget to double the `$` character so it is not interpreted by GitLab. | `$${version}` |
-| `SEMREL_HOOKS_DIR` | [Hook scripts](#hook_scripts) folder. | `.` |
-| `SEMREL_COMMIT_MESSAGE` | Add a custom commit message based on [semantic-release/git option](https://github.com/semantic-release/git#message). | _none_ (uses semantic-release default commit message) |
-| `SEMREL_RELEASE_DISABLED` | Disable this job. | _none_ |
+| `changelog-enabled` / `SEMREL_CHANGELOG_ENABLED` | Add the [@semantic-release/changelog](https://github.com/semantic-release/changelog) plugin which will commit a changelog file in the repository if set to `true`. | _none_ |
+| `changelog-file` / `SEMREL_CHANGELOG_FILE` | [changelogFile @semantic-release/changelog option](https://github.com/semantic-release/changelog#options). | _none_ (use the plugin default value which is `CHANGELOG.md`). |
+| `changelog-title` / `SEMREL_CHANGELOG_TITLE` | [changelogTitle @semantic-release/changelog option](https://github.com/semantic-release/changelog#options). You might want to use markdown format (for example `# MyApp Changelog`). | _none_ |
+| `dry-run` / `SEMREL_DRY_RUN` | Activate the [dryRun semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#dryrun) if present. | _none_ |
+| `auto-release-enabled` / `SEMREL_AUTO_RELEASE_ENABLED` | When set to `true` the job start automatically. When not set (default), the job is manual. | _none_ |
+| `tag-format` / `SEMREL_TAG_FORMAT` | [tagFormat semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#tagformat). :warning: don't forget to double the `$` character so it is not interpreted by GitLab. | `$${version}` |
+| `hooks-dir` / `SEMREL_HOOKS_DIR` | [Hook scripts](#hook_scripts) folder. | `.` |
+| `commit-message` / `SEMREL_COMMIT_MESSAGE` | Add a custom commit message based on [semantic-release/git option](https://github.com/semantic-release/git#message). | _none_ (uses semantic-release default commit message) |
+| `release-disabled` / `SEMREL_RELEASE_DISABLED` | Disable this job. | _none_ |
#### Hook scripts
@@ -141,7 +163,7 @@ For an introduction on commit signing, see [GitLab documentation](https://docs.g
To make semantic-release sign its commits, use the following variable.
-| Name | Description | Default value |
+| Input / Variable | Description | Default value |
| ---------------------| ------------------------------------------------------------------------ | ------------- |
| :lock: `SEMREL_GPG_SIGNKEY` | Path to the GPG signkey exported with `gpg --armor --export-secret-key`<br/>:warning: Declare as a masked [project variable of File type](https://docs.gitlab.com/ee/ci/variables/#cicd-variable-types). | _none_ |
@@ -176,7 +198,6 @@ Here are some advices about your **secrets** (variables marked with a :lock:):
3. Don't forget to escape special characters (ex: `$` -> `$$`).
4. You can also manage secrets using Vault variant
-
## Variants
The Docker template can be used in conjunction with template variants to cover specific cases.
@@ -189,11 +210,11 @@ This variant allows delegating your secrets management to a [Vault](https://www.
In order to be able to communicate with the Vault server, the variant requires the additional configuration parameters:
-| Name | Description | Default value |
+| Input / Variable | Description | Default value |
| ----------------- | -------------------------------------- | ----------------- |
| `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master` |
-| `VAULT_BASE_URL` | The Vault server base API url | _none_ |
-| `VAULT_OIDC_AUD` | The `aud` claim for the JWT | `$CI_SERVER_URL` |
+| `vault-base-url` / `VAULT_BASE_URL` | The Vault server base API url | _none_ |
+| `vault-oidc-aud` / `VAULT_OIDC_AUD` | The `aud` claim for the JWT | `$CI_SERVER_URL` |
| :lock: `VAULT_ROLE_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | **must be defined** |
| :lock: `VAULT_SECRET_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID | **must be defined** |
@@ -207,7 +228,7 @@ Then you may retrieve any of your secret(s) from Vault using the following synta
With:
-| Name | Description |
+| Parameter | Description |
| -------------------------------- | -------------------------------------- |
| `secret_path` (_path parameter_) | this is your secret location in the Vault server |
| `field` (_query parameter_) | parameter to access a single basic field from the secret JSON payload |
@@ -217,19 +238,16 @@ With:
```yaml
include:
# main template
- - project: 'to-be-continuous/semantic-release'
- ref: '3.7.1'
- file: '/templates/gitlab-ci-semrel.yml'
+ - component: gitlab.com/to-be-continuous/semantic-release/gitlab-ci-semrel@3.7.1
# Vault variant
- - project: 'to-be-continuous/semantic-release'
- ref: '3.7.1'
- file: '/templates/gitlab-ci-semrel-vault.yml'
+ - component: gitlab.com/to-be-continuous/semantic-release/gitlab-ci-semrel-vault@3.7.1
+ inputs:
+ vault-base-url: "https://vault.acme.host/v1"
+ # audience claim for JWT
+ vault-oidc-aud: "https://vault.acme.host"
variables:
- # audience claim for JWT
- VAULT_OIDC_AUD: "https://vault.acme.host"
- # Secrets managed by Vault
- GITLAB_TOKEN: "@url@http://vault-secrets-provider/api/secrets/b7ecb6ebabc231/semantic-release/token?field=group-access-token"
- VAULT_BASE_URL: "https://vault.acme.host/v1"
- # $VAULT_ROLE_ID and $VAULT_SECRET_ID defined as a secret CI/CD variable
+ # Secrets managed by Vault
+ GITLAB_TOKEN: "@url@http://vault-secrets-provider/api/secrets/b7ecb6ebabc231/semantic-release/token?field=group-access-token"
+ # $VAULT_ROLE_ID and $VAULT_SECRET_ID defined as a secret CI/CD variable
```
diff --git a/bumpversion.sh b/bumpversion.sh
index f06829a406ca8da98e570e8ad7d8bb22367b668d..ed44d7b68b0e09f6d2cf557f7a15e52553246341 100755
--- a/bumpversion.sh
+++ b/bumpversion.sh
@@ -27,13 +27,13 @@ if [[ "$curVer" ]]; then
log_info "Bump version from \\e[33;1m${curVer}\\e[0m to \\e[33;1m${nextVer}\\e[0m (release type: $relType)..."
# replace in README
- sed -e "s/ref: '$curVer'/ref: '$nextVer'/" README.md > README.md.next
+ sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\”/ref: \”$nextVer\”/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next
mv -f README.md.next README.md
# replace in template and variants
for tmpl in templates/*.yml
do
- sed -e "s/\"$curVer\"/\"$nextVer\"/" "$tmpl" > "$tmpl.next"
+ sed -e "s/command: *\[\"--service\", \"\(.*\)\", \"$curVer\"\]/command: [\"--service\", \"\1\", \"$nextVer\"]/" "$tmpl" > "$tmpl.next"
mv -f "$tmpl.next" "$tmpl"
done
else
diff --git a/kicker.json b/kicker.json
index be97055bc01e6f3427f0cdb6b47b2a6d4fa891da..0faad4815b05957b0c51f5d8d74ad5469b25c939 100644
--- a/kicker.json
+++ b/kicker.json
@@ -3,6 +3,8 @@
"description": "Automate your versioning and release management with [semantic-release](https://github.com/semantic-release/semantic-release)",
"template_path": "templates/gitlab-ci-semrel.yml",
"kind": "publish",
+ "prefix": "semrel",
+ "is_component": true,
"variables": [
{
"name": "SEMREL_IMAGE",
diff --git a/logo.png b/logo.png
index 801f94e84c96af295617759cc81db11c3da66486..7bdd4f94353de730372dc681f2c7b238fd64fca0 100644
Binary files a/logo.png and b/logo.png differ
diff --git a/templates/gitlab-ci-semrel-vault.yml b/templates/gitlab-ci-semrel-vault.yml
index 65a860677fe8fec86394edcfddd2f339659cc8e6..052c1cf047762aa0438542451ebe901ee6a4f482 100644
--- a/templates/gitlab-ci-semrel-vault.yml
+++ b/templates/gitlab-ci-semrel-vault.yml
@@ -1,13 +1,23 @@
# =====================================================================================================================
# === Vault template variant
# =====================================================================================================================
+spec:
+ inputs:
+ vault-base-url:
+ description: The Vault server base API url
+ default: ''
+ vault-oidc-aud:
+ description: The `aud` claim for the JWT
+ default: $CI_SERVER_URL
+---
variables:
# variabilized vault-secrets-provider image
- TBC_VAULT_IMAGE: "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master"
+ TBC_VAULT_IMAGE: registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master
# variables have to be explicitly declared in the YAML to be exported to the service
VAULT_ROLE_ID: "$VAULT_ROLE_ID"
VAULT_SECRET_ID: "$VAULT_SECRET_ID"
- VAULT_OIDC_AUD: "$CI_SERVER_URL"
+ VAULT_OIDC_AUD: $[[ inputs.vault-oidc-aud ]]
+ VAULT_BASE_URL: $[[ inputs.vault-base-url ]]
.semrel-base:
services:
diff --git a/templates/gitlab-ci-semrel.yml b/templates/gitlab-ci-semrel.yml
index 9b065caae9c55530d6f3c3099ac57c0f1133267a..6d5b6630a351a7db10fa183805059c65b2b85f2a 100644
--- a/templates/gitlab-ci-semrel.yml
+++ b/templates/gitlab-ci-semrel.yml
@@ -14,6 +14,62 @@
# Floor, Boston, MA 02110-1301, USA.
# =========================================================================================
# default workflow rules: Merge Request pipelines
+spec:
+ inputs:
+ image:
+ description: The Docker image used to run semantic-release
+ default: registry.hub.docker.com/library/node:latest
+ version:
+ description: The [semantic-release](https://www.npmjs.com/package/semantic-release) version to use
+ default: latest
+ exec-version:
+ description: The [@semantic-release/exec](https://www.npmjs.com/package/@semantic-release/exec) version to use
+ default: latest
+ config-dir:
+ description: directory containing your [semantic-release configuration](https://semantic-release.gitbook.io/semantic-release/usage/configuration#configuration-file)
+ default: .
+ tag-format:
+ description: 'For generated `.releaserc` file only. [tagFormat semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#tagformat)e. :warning: don''t forget to double the `$` character so it is not interpreted by GitLab.'
+ default: $${version}
+ required-plugins-file:
+ description: Full path to `semrel-required-plugins.txt` file _(relative to `$CI_PROJECT_DIR`)_
+ default: semrel-required-plugins.txt
+ release-disabled:
+ description: Disable this job.
+ default: ''
+ changelog-enabled:
+ description: Add the [@semantic-release/changelog](https://github.com/semantic-release/changelog) plugin which will commit a changelog file in the repository.
+ type: boolean
+ default: false
+ changelog-file:
+ description: '[changelogFile @semantic-release/changelog option](https://github.com/semantic-release/changelog#options).'
+ default: CHANGELOG.md
+ changelog-title:
+ description: '[changelogTitle @semantic-release/changelog option](https://github.com/semantic-release/changelog#options). You might want to use markdown format (for example `# MyApp Changelog`).'
+ default: ''
+ dry-run:
+ description: For generated `.releaserc` file only. Activate the [dryRun semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#dryrun) if present.
+ type: boolean
+ default: false
+ auto-release-enabled:
+ description: When set the job start automatically. When not set (default), the job is manual.
+ type: boolean
+ default: false
+ hooks-dir:
+ description: Hook scripts folder.
+ default: .
+ commit-message:
+ description: '[message @semantic-release/git option](https://github.com/semantic-release/git#message)'
+ default: ''
+ info-on:
+ description: Define on which branch(es) the job shall be run
+ options:
+ - ''
+ - prod
+ - protected
+ - all
+ default: ''
+---
workflow:
rules:
# prevent branch pipeline when an MR is open (prefer MR pipeline)
@@ -37,17 +93,14 @@ workflow:
variables:
# variabilized tracking image
- TBC_TRACKING_IMAGE: "registry.gitlab.com/to-be-continuous/tools/tracking:master"
+ TBC_TRACKING_IMAGE: registry.gitlab.com/to-be-continuous/tools/tracking:master
# Default Docker image (use a public image - can be overridden)
- SEMREL_IMAGE: "registry.hub.docker.com/library/node:latest"
- SEMREL_HOOKS_DIR: "."
- SEMREL_TAG_FORMAT: "$${version}"
+ SEMREL_IMAGE: $[[ inputs.image ]]
+ SEMREL_HOOKS_DIR: $[[ inputs.hooks-dir ]]
+ SEMREL_TAG_FORMAT: $[[ inputs.tag-format ]]
- # default production ref name (pattern)
- PROD_REF: '/^(master|main)$/'
-
- SEMREL_REQUIRED_PLUGINS_FILE: "semrel-required-plugins.txt"
+ SEMREL_REQUIRED_PLUGINS_FILE: $[[ inputs.required-plugins-file ]]
# undocumented (for internal use only)
SEMREL_VERIFY_CONDITIONS_CMD: "verify-conditions.sh"
@@ -56,10 +109,21 @@ variables:
SEMREL_PUBLISH_CMD: "publish.sh"
SEMREL_SUCCESS_CMD: "success.sh"
SEMREL_FAIL_CMD: "fail.sh"
- SEMREL_VERSION: latest
- SEMREL_EXEC_VERSION: latest
+ SEMREL_VERSION: $[[ inputs.version ]]
+ SEMREL_EXEC_VERSION: $[[ inputs.exec-version ]]
+
+ SEMREL_CONFIG_DIR: $[[ inputs.config-dir ]]
+ SEMREL_CHANGELOG_ENABLED: $[[ inputs.changelog-enabled ]]
+ SEMREL_CHANGELOG_FILE: $[[ inputs.changelog-file ]]
+ SEMREL_CHANGELOG_TITLE: $[[ inputs.changelog-title ]]
+ SEMREL_DRY_RUN: $[[ inputs.dry-run ]]
+ SEMREL_AUTO_RELEASE_ENABLED: $[[ inputs.auto-release-enabled ]]
+ SEMREL_COMMIT_MESSAGE: $[[ inputs.commit-message ]]
+ SEMREL_RELEASE_DISABLED: $[[ inputs.release-disabled ]]
+ SEMREL_INFO_ON: $[[ inputs.info-on ]]
- SEMREL_CONFIG_DIR: "."
+ # default production ref name (pattern)
+ PROD_REF: /^(master|main)$/
stages:
- build