Merge remote-tracking branch 'upstream/master'

# Conflicts: # .gitlab-ci.yml # CHANGELOG.md # README.md # templates/gitlab-ci-semrel.yml

Merge remote-tracking branch 'upstream/master'
d732eb27 · Benguria Elguezabal, Gorka · ed83a4ac · 07c0f61f · d732eb27 · d732eb27
Commit d732eb27 authored 1 month ago by Benguria Elguezabal, Gorka
--- a/.gitlab/merge_request_templates/new_feature.md
+++ b/.gitlab/merge_request_templates/new_feature.md
@@ -8,8 +8,8 @@ Closes #999
 ## Checklist

 * General:
-    * [ ] use [rules](https://docs.gitlab.com/ee/ci/yaml/#rules) instead of [only/except](https://docs.gitlab.com/ee/ci/yaml/#onlyexcept-advanced)
-    * [ ] optimized [cache](https://docs.gitlab.com/ee/ci/caching/) configuration (wherever applicable)
+    * [ ] use [rules](https://docs.gitlab.com/ci/yaml/#rules) instead of [only/except](https://docs.gitlab.com/ci/yaml/#onlyexcept-advanced)
+    * [ ] optimized [cache](https://docs.gitlab.com/ci/caching/) configuration (wherever applicable)
 * Publicly usable:
    * [ ] untagged runners
    * [ ] no proxy configuration but support `http_proxy`/`https_proxy`/`no_proxy`

--- a/CHANGELOG.md
+++ b/CHANGELOG.md
-# [3.12.0](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/semantic-release/compare/3.11.5...3.12.0) (2025-01-29)
+## [3.14.2](https://gitlab.com/to-be-continuous/semantic-release/compare/3.14.1...3.14.2) (2025-04-09)
+
+
+### Bug Fixes
+
+* prevent sem-rel from running in scheduled pipelines ([e872dc7](https://gitlab.com/to-be-continuous/semantic-release/commit/e872dc7b99b9a02d26e7994062a7d14978d60d6e))
+
+## [3.14.1](https://gitlab.com/to-be-continuous/semantic-release/compare/3.14.0...3.14.1) (2025-04-04)
+
+
+### Bug Fixes
+
+* **ca:** install ca-certs before importing custom CA certificates ([43e285f](https://gitlab.com/to-be-continuous/semantic-release/commit/43e285f57e203a0ac1b092731f5cdcbbecb291f3)), closes [#51](https://gitlab.com/to-be-continuous/semantic-release/issues/51)
+
+# [3.14.0](https://gitlab.com/to-be-continuous/semantic-release/compare/3.13.1...3.14.0) (2025-04-01)
+
+
+### Features
+
+* add inputs to overwrite plugins used in default config ([b7b2e0a](https://gitlab.com/to-be-continuous/semantic-release/commit/b7b2e0a468354b5c3190b8334b7ba06f449127c2))
+
+## [3.13.1](https://gitlab.com/to-be-continuous/semantic-release/compare/3.13.0...3.13.1) (2025-03-23)
+
+
+### Bug Fixes
+
+* unset vault variables for semrel ([712331d](https://gitlab.com/to-be-continuous/semantic-release/commit/712331d42158dc9611ea11755f486da8e5d4f8e6)), closes [#54](https://gitlab.com/to-be-continuous/semantic-release/issues/54)
+
+# [3.13.0](https://gitlab.com/to-be-continuous/semantic-release/compare/3.12.0...3.13.0) (2025-02-09)
+
+
+### Features
+
+* add extra CLI options to be passed to semantic-release ([090646b](https://gitlab.com/to-be-continuous/semantic-release/commit/090646b6844932fee4cad9fa05a216f007358b35))
+
+# [3.12.0](https://gitlab.com/to-be-continuous/semantic-release/compare/3.11.5...3.12.0) (2025-01-27)


 ### Features

--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -61,7 +61,7 @@ To contribute:

 1. Create an issue describing the bug or enhancement you want to propose (select the right issue template).
 2. Make sure the issue has been reviewed and agreed.
-3. Create a Merge Request, from your **own** fork (see [forking workflow](https://docs.gitlab.com/ee/user/project/repository/forking_workflow.html) documentation).
+3. Create a Merge Request, from your **own** fork (see [forking workflow](https://docs.gitlab.com/user/project/repository/forking_workflow/) documentation).
   Don't hesitate to mark your MR as `Draft` as long as you think it's not ready to be reviewed.

 ### Git Commit Conventions

--- a/README.md
+++ b/README.md
--- a/kicker.json
+++ b/kicker.json
@@ -78,6 +78,11 @@
          "type": "boolean",
          "advanced": true
        },
+        {
+          "name": "SEMREL_EXTRA_ARGS",
+          "description": "[Extra options](https://semantic-release.gitbook.io/semantic-release/usage/configuration#options) to pass to semantic-release.",
+          "advanced": true
+        },
        {
          "name": "SEMREL_AUTO_RELEASE_ENABLED",
          "description": "When set the job start automatically. When not set (default), the job is manual.",
@@ -119,6 +124,42 @@
          "values": ["angular","codemirror","conventionalcommits","ember","eslint","express","jquery","jshint"],
          "default": "angular",          
          "advanced": true
+        },
+        {
+          "name": "SEMREL_COMMIT_ANALYZER_PLUGIN",
+          "description": "NPM plugin name for the commit-analyzer plugin.",
+          "default": "@semantic-release/commit-analyzer",
+          "advanced": true
+        },
+        {
+          "name": "SEMREL_RELEASE_NOTES_GENERATOR_PLUGIN",
+          "description": "NPM plugin name for the release-notes-generator plugin.",
+          "default": "@semantic-release/release-notes-generator",
+          "advanced": true
+        },
+        {
+          "name": "SEMREL_GITLAB_PLUGIN",
+          "description": "NPM plugin name for the gitlab plugin.",
+          "default": "@semantic-release/gitlab",
+          "advanced": true
+        },
+        {
+          "name": "SEMREL_CHANGELOG_PLUGIN",
+          "description": "NPM plugin name for the changelog plugin.",
+          "default": "@semantic-release/changelog",
+          "advanced": true
+        },
+        {
+          "name": "SEMREL_GIT_PLUGIN",
+          "description": "NPM plugin name for the git plugin.",
+          "default": "@semantic-release/git",
+          "advanced": true
+        },
+        {
+          "name": "SEMREL_EXEC_PLUGIN",
+          "description": "NPM plugin name for the exec plugin.",
+          "default": "@semantic-release/exec",
+          "advanced": true
        }
      ]
    },

--- a/templates/gitlab-ci-semrel-vault.yml
+++ b/templates/gitlab-ci-semrel-vault.yml
@@ -22,7 +22,7 @@ variables:
 .semrel-base:
  services:
    - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "semrel", "3.12.0"]
+      command: ["--service", "semrel", "3.14.2"]
    - name: "$TBC_VAULT_IMAGE"
      alias: "vault-secrets-provider"
  variables:

--- a/templates/gitlab-ci-semrel.yml
+++ b/templates/gitlab-ci-semrel.yml
@@ -55,6 +55,9 @@ spec:
      description: For generated `.releaserc` file only. Activate the [dryRun semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#dryrun) if present.
      type: boolean
      default: false
+    extra-args:
+      description: "[Extra options](https://semantic-release.gitbook.io/semantic-release/usage/configuration#options) to pass to semantic-release."
+      default: ''
    auto-release-enabled:
      description: When set the job start automatically. When not set (default), the job is manual.
      type: boolean
@@ -86,6 +89,24 @@ spec:
      - protected
      - all
      default: ''
+    commit-analyzer-plugin:
+      description: The npm plugin name for the commit-analyzer plugin. The default is `@semantic-release/commit-analyzer`
+      default: '@semantic-release/commit-analyzer'
+    release-notes-generator-plugin:
+      description: The npm plugin name for the release-notes-generator plugin. The default is `@semantic-release/release-notes-generator`
+      default: '@semantic-release/release-notes-generator'
+    gitlab-plugin:
+      description: The npm plugin name for the gitlab plugin. The default is `@semantic-release/gitlab`
+      default: '@semantic-release/gitlab'
+    changelog-plugin: 
+      description: The npm plugin name for the changelog plugin. The default is `@semantic-release/changelog`
+      default: '@semantic-release/changelog'
+    git-plugin:
+      description: The npm plugin name for the git plugin. The default is `@semantic-release/git`
+      default: '@semantic-release/git'
+    exec-plugin:
+      description: The npm plugin name for the exec plugin. The default is `@semantic-release/exec`
+      default: '@semantic-release/exec'
    semantic-release-job-tags:
      description: Tags to be used for selecting runners for the job
      type: array
@@ -139,12 +160,20 @@ variables:
  SEMREL_CHANGELOG_FILE: $[[ inputs.changelog-file ]]
  SEMREL_CHANGELOG_TITLE: $[[ inputs.changelog-title ]]
  SEMREL_DRY_RUN: $[[ inputs.dry-run ]]
+  SEMREL_EXTRA_ARGS: $[[ inputs.extra-args ]]
  SEMREL_AUTO_RELEASE_ENABLED: $[[ inputs.auto-release-enabled ]]
  SEMREL_COMMIT_MESSAGE: $[[ inputs.commit-message ]]
  SEMREL_RELEASE_DISABLED: $[[ inputs.release-disabled ]]
  SEMREL_INFO_ON: $[[ inputs.info-on ]]
  SEMREL_COMMIT_SPEC: $[[ inputs.commit-spec ]]

+  SEMREL_COMMIT_ANALYZER_PLUGIN: $[[ inputs.commit-analyzer-plugin ]]
+  SEMREL_RELEASE_NOTES_GENERATOR_PLUGIN: $[[ inputs.release-notes-generator-plugin ]]
+  SEMREL_GITLAB_PLUGIN: $[[ inputs.gitlab-plugin ]]
+  SEMREL_CHANGELOG_PLUGIN: $[[ inputs.changelog-plugin ]]
+  SEMREL_GIT_PLUGIN: $[[ inputs.git-plugin ]]
+  SEMREL_EXEC_PLUGIN: $[[ inputs.exec-plugin ]]
+
  # default production ref name (pattern)
  PROD_REF: /^(master|main)$/
  SEMREL_BRANCHES_REF: $[[ inputs.branches-ref ]]
@@ -507,11 +536,11 @@ stages:
          echo "tagFormat: '${SEMREL_TAG_FORMAT}'"
          echo ""
          echo "plugins: "
-          echo "  - - '@semantic-release/commit-analyzer'"
+          echo "  - - '${SEMREL_COMMIT_ANALYZER_PLUGIN}'"
          echo "${commitPresetConfig}"
-          echo "  - - '@semantic-release/release-notes-generator'"
+          echo "  - - '${SEMREL_RELEASE_NOTES_GENERATOR_PLUGIN}'"
          echo "${commitPresetConfig}"
-          echo "  - '@semantic-release/gitlab'"
+          echo "  - '${SEMREL_GITLAB_PLUGIN}'"
          echo "${changelogPluginConfig}"
          echo "${execPluginConfig}"
          echo "${gitPluginConfig}"
@@ -584,10 +613,10 @@ stages:
        if [[ -n "${SEMREL_CHANGELOG_TITLE}" ]]; then
          changeLogConfig=$(echo -e "${changeLogConfig:+${changeLogConfig}\n      }changelogTitle: '${SEMREL_CHANGELOG_TITLE}'")
        fi
-        echo "  - - '@semantic-release/changelog'"
+        echo "  - - '${SEMREL_CHANGELOG_PLUGIN}'"
        echo "    - ${changeLogConfig}"
      else
-        echo "  - '@semantic-release/changelog'"
+        echo "  - '${SEMREL_CHANGELOG_PLUGIN}'"
      fi
    else
      echo ""
@@ -598,7 +627,7 @@ stages:
  function generate_git_plugin_conf() {
    # git plugin has default changelog file as asset by default so
    # we need to add it explicitly if the user configured a custom changelogFile
-    echo "  - - '@semantic-release/git'"
+    echo "  - - '${SEMREL_GIT_PLUGIN}'"
    if [[ "${SEMREL_CHANGELOG_ENABLED}" = "true" ]] && [[ -n "${SEMREL_CHANGELOG_FILE}" ]]; then
      echo "    - assets:"
      echo "      - '${SEMREL_CHANGELOG_FILE}'"
@@ -656,7 +685,7 @@ stages:
      tabs="      "
    fi
    if [[ -n "${scriptsConfig}" ]]; then
-      echo "  - - '@semantic-release/exec'"
+      echo "  - - '${SEMREL_EXEC_PLUGIN}'"
      echo "${scriptsConfig}"
    else
      echo ""
@@ -730,9 +759,9 @@ stages:
      echo "# injected (replace your plugins) plugins by the template to generate dotenv"
      echo ""
      echo "plugins:"
-      echo "  - - '@semantic-release/commit-analyzer'"
+      echo "  - - '${SEMREL_COMMIT_ANALYZER_PLUGIN}'"
      echo "${commitPresetConfig}"
-      echo "  - - '@semantic-release/exec'"
+      echo "  - - '${SEMREL_EXEC_PLUGIN}'"
      echo "    - analyzeCommitsCmd: '\"${export_last_version_hook_script}\" \"\${lastRelease.version}\"'"
      echo "      verifyReleaseCmd: '\"${export_next_version_hook_script}\" \"\${nextRelease.version}\" \"\${nextRelease.type}\"'"
      echo ""
@@ -745,7 +774,7 @@ stages:
      cat ".releaserc"
    fi

-    npm install --global "semantic-release@${SEMREL_VERSION}" "@semantic-release/exec@${SEMREL_EXEC_VERSION}"
+    npm install --global "semantic-release@${SEMREL_VERSION}" "${SEMREL_EXEC_PLUGIN}@${SEMREL_EXEC_VERSION}"
    semantic-release --dry-run

    # Rollback temporary semantic-release configuration
@@ -791,6 +820,12 @@ stages:
    log_info "Commit signing setup complete."
  }

+  function clear_vault_env() {
+    # unset service container env when Vault variant is enabled (SemRel censors them all due to 'SECRET' in the name)
+    # shellcheck disable=SC2046
+    unset $(env | awk -F '=' '/^VAULT_SECRETS_PROVIDER_/{print $1}' | xargs)
+  }
+
  unscope_variables
  eval_all_secrets

@@ -800,16 +835,17 @@ stages:
  image: $SEMREL_IMAGE
  services:
    - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "semrel", "3.12.0"]
+      command: ["--service", "semrel", "3.14.2"]
  before_script:
    - !reference [.semrel-scripts]
-    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"
    # install git and OpenSSH
    - maybe_install_packages ca-certificates git openssh-client gpg gpg-agent
+    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"
    - maybe_install_yq
    - cd "${SEMREL_CONFIG_DIR}"
    - prepare_semantic_release
    - install_semantic_release_plugins
+    - clear_vault_env
  variables:
    # download cache
    XDG_CACHE_HOME: "$CI_PROJECT_DIR/.cache"
@@ -835,6 +871,8 @@ semantic-release-info:
    reports:
      dotenv: "${SEMREL_CONFIG_DIR}/semrel.out.env"
  rules:
+    - if: $CI_PIPELINE_SOURCE == "schedule"
+      when: never
    - if: $CI_COMMIT_TAG
      when: never
    - if: '$SEMREL_INFO_ON == "prod" && $CI_COMMIT_REF_NAME =~ $PROD_REF'
@@ -848,9 +886,11 @@ semantic-release:
  script:
    - configure_commit_signing
    - if [[ "$SEMREL_DRY_RUN" == "true" ]]; then dry_run_opt="--dry-run"; fi
-    - semantic-release ${TRACE:+--debug} --ci $dry_run_opt
+    - semantic-release ${TRACE:+--debug} --ci $dry_run_opt $SEMREL_EXTRA_ARGS
  dependencies: []
  rules:
+    - if: $CI_PIPELINE_SOURCE == "schedule"
+      when: never
    - if: '$SEMREL_RELEASE_DISABLED == "true"'
      when: never
    - if: $CI_COMMIT_TAG