diff --git a/.gitlab/merge_request_templates/new_feature.md b/.gitlab/merge_request_templates/new_feature.md index 74abae94c94dc0768bb5c51fe51ad253fce113fe..491b7f98ded7e0da03d18c95978eafcb7d86619f 100644 --- a/.gitlab/merge_request_templates/new_feature.md +++ b/.gitlab/merge_request_templates/new_feature.md @@ -8,8 +8,8 @@ Closes #999 ## Checklist * General: - * [ ] use [rules](https://docs.gitlab.com/ee/ci/yaml/#rules) instead of [only/except](https://docs.gitlab.com/ee/ci/yaml/#onlyexcept-advanced) - * [ ] optimized [cache](https://docs.gitlab.com/ee/ci/caching/) configuration (wherever applicable) + * [ ] use [rules](https://docs.gitlab.com/ci/yaml/#rules) instead of [only/except](https://docs.gitlab.com/ci/yaml/#onlyexcept-advanced) + * [ ] optimized [cache](https://docs.gitlab.com/ci/caching/) configuration (wherever applicable) * Publicly usable: * [ ] untagged runners * [ ] no proxy configuration but support `http_proxy`/`https_proxy`/`no_proxy` diff --git a/CHANGELOG.md b/CHANGELOG.md index d426dfca9b4c333f7ba9e5d95fd492fdfeffad0f..5f01a106b8cb039bd9f76690670d181dd0fc9d5c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,39 @@ -# [3.12.0](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/semantic-release/compare/3.11.5...3.12.0) (2025-01-29) +## [3.14.2](https://gitlab.com/to-be-continuous/semantic-release/compare/3.14.1...3.14.2) (2025-04-09) + + +### Bug Fixes + +* prevent sem-rel from running in scheduled pipelines ([e872dc7](https://gitlab.com/to-be-continuous/semantic-release/commit/e872dc7b99b9a02d26e7994062a7d14978d60d6e)) + +## [3.14.1](https://gitlab.com/to-be-continuous/semantic-release/compare/3.14.0...3.14.1) (2025-04-04) + + +### Bug Fixes + +* **ca:** install ca-certs before importing custom CA certificates ([43e285f](https://gitlab.com/to-be-continuous/semantic-release/commit/43e285f57e203a0ac1b092731f5cdcbbecb291f3)), closes [#51](https://gitlab.com/to-be-continuous/semantic-release/issues/51) + +# [3.14.0](https://gitlab.com/to-be-continuous/semantic-release/compare/3.13.1...3.14.0) (2025-04-01) + + +### Features + +* add inputs to overwrite plugins used in default config ([b7b2e0a](https://gitlab.com/to-be-continuous/semantic-release/commit/b7b2e0a468354b5c3190b8334b7ba06f449127c2)) + +## [3.13.1](https://gitlab.com/to-be-continuous/semantic-release/compare/3.13.0...3.13.1) (2025-03-23) + + +### Bug Fixes + +* unset vault variables for semrel ([712331d](https://gitlab.com/to-be-continuous/semantic-release/commit/712331d42158dc9611ea11755f486da8e5d4f8e6)), closes [#54](https://gitlab.com/to-be-continuous/semantic-release/issues/54) + +# [3.13.0](https://gitlab.com/to-be-continuous/semantic-release/compare/3.12.0...3.13.0) (2025-02-09) + + +### Features + +* add extra CLI options to be passed to semantic-release ([090646b](https://gitlab.com/to-be-continuous/semantic-release/commit/090646b6844932fee4cad9fa05a216f007358b35)) + +# [3.12.0](https://gitlab.com/to-be-continuous/semantic-release/compare/3.11.5...3.12.0) (2025-01-27) ### Features diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 1f8f9ed09a33b90b94e2ad78ee1ef3abeb05faca..32602a009e1b719a9e9573712b774afeabf9038c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -61,7 +61,7 @@ To contribute: 1. Create an issue describing the bug or enhancement you want to propose (select the right issue template). 2. Make sure the issue has been reviewed and agreed. -3. Create a Merge Request, from your **own** fork (see [forking workflow](https://docs.gitlab.com/ee/user/project/repository/forking_workflow.html) documentation). +3. Create a Merge Request, from your **own** fork (see [forking workflow](https://docs.gitlab.com/user/project/repository/forking_workflow/) documentation). Don't hesitate to mark your MR as `Draft` as long as you think it's not ready to be reviewed. ### Git Commit Conventions diff --git a/README.md b/README.md index c54f041ac95c4ee0745400568b46190afe7e805a..7570e00947680cf06ba8832092fb05eb476bdc95 100644 --- a/README.md +++ b/README.md @@ -6,12 +6,12 @@ This project implements a GitLab CI/CD template to automate your versioning and * generate the changelog, * commit any changed resource to the Git repository, * create and push the Git tag, -* publish the packages (in [GitLab](https://docs.gitlab.com/ee/user/project/releases/index.html) or any other package repository of your choice), +* publish the packages (in [GitLab](https://docs.gitlab.com/user/project/releases/) or any other package repository of your choice), * any additional custom behavior you are able to script, triggered on the [release steps](https://semantic-release.gitbook.io/semantic-release/#release-steps). ## Usage -This template can be used both as a [CI/CD component](https://docs.gitlab.com/ee/ci/components/#use-a-component) or using the legacy [`include:project`](https://docs.gitlab.com/ee/ci/yaml/index.html#includeproject) syntax. +This template can be used both as a [CI/CD component](https://docs.gitlab.com/ci/components/#use-a-component) or using the legacy [`include:project`](https://docs.gitlab.com/ci/yaml/#includeproject) syntax. ### Use as a CI/CD component @@ -20,7 +20,7 @@ Add the following to your `.gitlab-ci.yml`: ```yaml include: # 1: include the component - - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.12.0 + - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.14.2 # 2: set/override component inputs inputs: changelog-enabled: true # ⚠ this is only an example @@ -34,7 +34,7 @@ Add the following to your `.gitlab-ci.yml`: include: # 1: include the template - project: 'to-be-continuous/semantic-release' - ref: '3.12.0' + ref: '3.14.2' file: '/templates/gitlab-ci-semrel.yml' variables: @@ -48,12 +48,12 @@ The semantic-release template uses some global configuration used throughout all | Input / Variable | Description | Default value | | -------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------- | -| `image` / `SEMREL_IMAGE` | The Docker image used to run semantic-release | `registry.hub.docker.com/library/node:lts-slim` | +| `image` / `SEMREL_IMAGE` | The Docker image used to run semantic-release | `registry.hub.docker.com/library/node:lts-slim` <br/>[](https://to-be-continuous.gitlab.io/doc/secu/trivy-SEMREL_IMAGE) | | `version` / `SEMREL_VERSION` | The [semantic-release](https://www.npmjs.com/package/semantic-release) version to use | `latest` | | `exec-version` / `SEMREL_EXEC_VERSION` | The [@semantic-release/exec](https://www.npmjs.com/package/@semantic-release/exec) version to use | `latest` | -| :lock: `GITLAB_TOKEN` | A GitLab [project access token](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html) or [personal access token](https://docs.gitlab.com/ce/user/profile/personal_access_tokens.html) with `api`, `read_repository` and `write repository` scopes. :warning: This variable is **mandatory** and [defined by `semantic-release`](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/ci-configuration.md#push-access-to-the-remote-repository) itself. | _none_ | -| :lock: `GIT_AUTHOR_EMAIL` | A Git author email address associated with the `GITLAB_TOKEN` [bot user](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#bot-users-for-projects). This is [defined by `semantic-release`](https://semantic-release.gitbook.io/semantic-release/usage/configuration#git-environment-variables) itself, and **required if** the [verify-user push rules](https://docs.gitlab.com/ee/user/project/repository/push_rules.html#verify-users) enabled for the project | _none_ | -| :lock: `GIT_COMMITTER_EMAIL` | A Git committer email address associated with the `GITLAB_TOKEN` [bot user](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#bot-users-for-projects). This is [defined by `semantic-release`](https://semantic-release.gitbook.io/semantic-release/usage/configuration#git-environment-variables) itself, and **required if** the [verify-user push rules](https://docs.gitlab.com/ee/user/project/repository/push_rules.html#verify-users) enabled for the project | _none_ | +| :lock: `GITLAB_TOKEN` | A GitLab [project access token](https://docs.gitlab.com/user/project/settings/project_access_tokens/) or [personal access token](https://docs.gitlab.com/user/profile/personal_access_tokens/) with `api`, `read_repository` and `write repository` scopes. :warning: This variable is **mandatory** and [defined by `semantic-release`](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/ci-configuration.md#push-access-to-the-remote-repository) itself. | _none_ | +| :lock: `GIT_AUTHOR_EMAIL` | A Git author email address associated with the `GITLAB_TOKEN` [bot user](https://docs.gitlab.com/user/project/settings/project_access_tokens/#bot-users-for-projects). This is [defined by `semantic-release`](https://semantic-release.gitbook.io/semantic-release/usage/configuration#git-environment-variables) itself, and **required if** the [verify-user push rules](https://docs.gitlab.com/user/project/repository/push_rules/#verify-users) enabled for the project | _none_ | +| :lock: `GIT_COMMITTER_EMAIL` | A Git committer email address associated with the `GITLAB_TOKEN` [bot user](https://docs.gitlab.com/user/project/settings/project_access_tokens/#bot-users-for-projects). This is [defined by `semantic-release`](https://semantic-release.gitbook.io/semantic-release/usage/configuration#git-environment-variables) itself, and **required if** the [verify-user push rules](https://docs.gitlab.com/user/project/repository/push_rules/#verify-users) enabled for the project | _none_ | | `config-dir` / `SEMREL_CONFIG_DIR` | directory containing your [semantic-release configuration](https://semantic-release.gitbook.io/semantic-release/usage/configuration#configuration-file) | `.` | | `required-plugins-file` / `SEMREL_REQUIRED_PLUGINS_FILE` | An optional file for additional npm packages to install | `semrel-required-plugins.txt` | @@ -85,18 +85,25 @@ If no configuration is found, the template will generate one with the following As specified in the previous chapter, these variables are only used to generated a `.releaserc` when no configuration is found in the repository. -| Input / Variable | Description | Default value | -| ------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | -| `changelog-enabled` / `SEMREL_CHANGELOG_ENABLED` | Add the [@semantic-release/changelog](https://github.com/semantic-release/changelog) plugin which will commit a changelog file in the repository if set to `true`. | _none_ | -| `changelog-file` / `SEMREL_CHANGELOG_FILE` | [changelogFile @semantic-release/changelog option](https://github.com/semantic-release/changelog#options). | _none_ (use the plugin default value which is `CHANGELOG.md`). | -| `changelog-title` / `SEMREL_CHANGELOG_TITLE` | [changelogTitle @semantic-release/changelog option](https://github.com/semantic-release/changelog#options). You might want to use markdown format (for example `# MyApp Changelog`). | _none_ | -| `dry-run` / `SEMREL_DRY_RUN` | Activate the [dryRun semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#dryrun) if present. | _none_ | -| `auto-release-enabled` / `SEMREL_AUTO_RELEASE_ENABLED` | When set to `true` the job start automatically. When not set (default), the job is manual. | _none_ | -| `branches-ref` / `SEMREL_BRANCHES_REF` | Regular expression pattern matching branches from which releases should happen (should match your [semantic-release configuration](https://semantic-release.gitbook.io/semantic-release/usage/configuration#branches)) | `/^(master\|main)$/` | -| `tag-format` / `SEMREL_TAG_FORMAT` | [tagFormat semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#tagformat). :warning: don't forget to double the `$` character so it is not interpreted by GitLab. | `$${version}` | -| `hooks-dir` / `SEMREL_HOOKS_DIR` | [Hook scripts](#hook_scripts) folder. | `.` | -| `commit-message` / `SEMREL_COMMIT_MESSAGE` | Add a custom commit message based on [semantic-release/git option](https://github.com/semantic-release/git#message). | _none_ (uses semantic-release default commit message) | -| `release-disabled` / `SEMREL_RELEASE_DISABLED` | Disable this job. | _none_ | +| Input / Variable | Description | Default value | +| -------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | +| `changelog-enabled` / `SEMREL_CHANGELOG_ENABLED` | Add the [@semantic-release/changelog](https://github.com/semantic-release/changelog) plugin which will commit a changelog file in the repository if set to `true`. | _none_ | +| `changelog-file` / `SEMREL_CHANGELOG_FILE` | [changelogFile @semantic-release/changelog option](https://github.com/semantic-release/changelog#options). | _none_ (use the plugin default value which is `CHANGELOG.md`). | +| `changelog-title` / `SEMREL_CHANGELOG_TITLE` | [changelogTitle @semantic-release/changelog option](https://github.com/semantic-release/changelog#options). You might want to use markdown format (for example `# MyApp Changelog`). | _none_ | +| `dry-run` / `SEMREL_DRY_RUN` | Activate the [dryRun semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#dryrun) if present. | _none_ | +| `extra-args` / `SEMREL_EXTRA_ARGS` | [Extra options](https://semantic-release.gitbook.io/semantic-release/usage/configuration#options) to pass to semantic-release. | _none_ | +| `auto-release-enabled` / `SEMREL_AUTO_RELEASE_ENABLED` | When set to `true` the job start automatically. When not set (default), the job is manual. | _none_ | +| `branches-ref` / `SEMREL_BRANCHES_REF` | Regular expression pattern matching branches from which releases should happen (should match your [semantic-release configuration](https://semantic-release.gitbook.io/semantic-release/usage/configuration#branches)) | `/^(master\|main)$/` | +| `tag-format` / `SEMREL_TAG_FORMAT` | [tagFormat semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#tagformat). :warning: don't forget to double the `$` character so it is not interpreted by GitLab. | `$${version}` | +| `hooks-dir` / `SEMREL_HOOKS_DIR` | [Hook scripts](#hook_scripts) folder. | `.` | +| `commit-message` / `SEMREL_COMMIT_MESSAGE` | Add a custom commit message based on [semantic-release/git option](https://github.com/semantic-release/git#message). | _none_ (uses semantic-release default commit message) | +| `release-disabled` / `SEMREL_RELEASE_DISABLED` | Disable this job. | _none_ | +| `commit-analyzer-plugin` / `SEMREL_COMMIT_ANALYZER_PLUGIN` | NPM plugin name for the [commit-analyzer](https://github.com/semantic-release/commit-analyzer#commit-analyzer) plugin | `@semantic-release/commit-analyzer` | +| `release-notes-generator-plugin` / `SEMREL_RELEASE_NOTES_GENERATOR_PLUGIN` | NPM plugin name for the [release-notes-generator](https://github.com/semantic-release/release-notes-generator#release-notes-generator) plugin | `@semantic-release/release-notes-generator` | +| `gitlab-plugin` / `SEMREL_GITLAB_PLUGIN` | NPM plugin name for the [gitlab](https://github.com/semantic-release/gitlab#semantic-releasegitlab) plugin | `@semantic-release/gitlab` | +| `changelog-plugin` / `SEMREL_CHANGELOG_PLUGIN` | NPM plugin name for the [changelog](https://github.com/semantic-release/changelog#semantic-releasechangelog) plugin | `@semantic-release/changelog` | +| `git-plugin` / `SEMREL_GIT_PLUGIN` | NPM plugin name for the [git](https://github.com/semantic-release/git#semantic-releasegit) plugin | `@semantic-release/git` | +| `exec-plugin` / `SEMREL_EXEC_PLUGIN` | NPM plugin name for the [exec](https://github.com/semantic-release/exec#semantic-releaseexec) plugin | `@semantic-release/exec` | | `semantic-release-job-tags` / `SEMANTIC_RELEASE_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` | #### Hook scripts @@ -161,17 +168,17 @@ Parameters: #### Signing release commits with GPG -For an introduction on commit signing, see [GitLab documentation](https://docs.gitlab.com/ee/user/project/repository/signed_commits/gpg.html). +For an introduction on commit signing, see [GitLab documentation](https://docs.gitlab.com/user/project/repository/signed_commits/gpg/). To make semantic-release sign its commits, use the following variable. | Input / Variable | Description | Default value | | --------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | -| :lock: `SEMREL_GPG_SIGNKEY` | Path to the GPG signkey exported with `gpg --armor --export-secret-key`<br/>:warning: Declare as a masked [project variable of File type](https://docs.gitlab.com/ee/ci/variables/#cicd-variable-types). | _none_ | +| :lock: `SEMREL_GPG_SIGNKEY` | Path to the GPG signkey exported with `gpg --armor --export-secret-key`<br/>:warning: Declare as a masked [project variable of File type](https://docs.gitlab.com/ci/variables/#cicd-variable-types). | _none_ | ### `semantic-release-info` job -This job (disabled by default) runs `semantic-release` with `dry-run` mode in `.pre` stage to save the following variables as [dotenv artifact](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportsdotenv) making them available for the next pipeline stages: +This job (disabled by default) runs `semantic-release` with `dry-run` mode in `.pre` stage to save the following variables as [dotenv artifact](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportsdotenv) making them available for the next pipeline stages: * `SEMREL_INFO_LAST_VERSION`: latest released version * `SEMREL_INFO_NEXT_VERSION`: next release version (based on actual commits and comments) @@ -213,12 +220,12 @@ If the version of Semantic Release is pinned using [`SEMREL_VERSION`](#global-co Here are some advices about your **secrets** (variables marked with a :lock:): -1. Manage them as [project or group CI/CD variables](https://docs.gitlab.com/ee/ci/variables/#for-a-project): - * [**masked**](https://docs.gitlab.com/ee/ci/variables/#mask-a-cicd-variable) to prevent them from being inadvertently +1. Manage them as [project or group CI/CD variables](https://docs.gitlab.com/ci/variables/#for-a-project): + * [**masked**](https://docs.gitlab.com/ci/variables/#mask-a-cicd-variable) to prevent them from being inadvertently displayed in your job logs, - * [**protected**](https://docs.gitlab.com/ee/ci/variables/#protected-cicd-variables) if you want to secure some secrets + * [**protected**](https://docs.gitlab.com/ci/variables/#protected-cicd-variables) if you want to secure some secrets you don't want everyone in the project to have access to (for instance production secrets). -2. In case a secret contains [characters that prevent it from being masked](https://docs.gitlab.com/ee/ci/variables/#mask-a-cicd-variable), +2. In case a secret contains [characters that prevent it from being masked](https://docs.gitlab.com/ci/variables/#mask-a-cicd-variable), simply define its value as the [Base64](https://en.wikipedia.org/wiki/Base64) encoded value prefixed with `@b64@`: it will then be possible to mask it and the template will automatically decode it prior to using it. 3. Don't forget to escape special characters (ex: `$` -> `$$`). @@ -360,7 +367,7 @@ In order to be able to communicate with the Vault server, the variant requires t | :lock: `VAULT_ROLE_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | _none_ | | :lock: `VAULT_SECRET_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID | _none_ | -By default, the variant will authentifacte using a [JWT ID token](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html). To use [AppRole](https://www.vaultproject.io/docs/auth/approle) instead the `VAULT_ROLE_ID` and `VAULT_SECRET_ID` should be defined as secret project variables. +By default, the variant will authentifacte using a [JWT ID token](https://docs.gitlab.com/ci/secrets/id_token_authentication/). To use [AppRole](https://www.vaultproject.io/docs/auth/approle) instead the `VAULT_ROLE_ID` and `VAULT_SECRET_ID` should be defined as secret project variables. #### Usage @@ -382,9 +389,9 @@ With: ```yaml include: # main template - - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.12.0 + - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.14.2 # Vault variant - - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel-vault@3.12.0 + - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel-vault@3.14.2 inputs: vault-base-url: "https://vault.acme.host/v1" # audience claim for JWT diff --git a/kicker.json b/kicker.json index 1fc4dc569c109f5fef82a4ec293ade9404b58be3..71c08dd60bff47e228c7f6d7bba69007871a9d00 100644 --- a/kicker.json +++ b/kicker.json @@ -78,6 +78,11 @@ "type": "boolean", "advanced": true }, + { + "name": "SEMREL_EXTRA_ARGS", + "description": "[Extra options](https://semantic-release.gitbook.io/semantic-release/usage/configuration#options) to pass to semantic-release.", + "advanced": true + }, { "name": "SEMREL_AUTO_RELEASE_ENABLED", "description": "When set the job start automatically. When not set (default), the job is manual.", @@ -119,6 +124,42 @@ "values": ["angular","codemirror","conventionalcommits","ember","eslint","express","jquery","jshint"], "default": "angular", "advanced": true + }, + { + "name": "SEMREL_COMMIT_ANALYZER_PLUGIN", + "description": "NPM plugin name for the commit-analyzer plugin.", + "default": "@semantic-release/commit-analyzer", + "advanced": true + }, + { + "name": "SEMREL_RELEASE_NOTES_GENERATOR_PLUGIN", + "description": "NPM plugin name for the release-notes-generator plugin.", + "default": "@semantic-release/release-notes-generator", + "advanced": true + }, + { + "name": "SEMREL_GITLAB_PLUGIN", + "description": "NPM plugin name for the gitlab plugin.", + "default": "@semantic-release/gitlab", + "advanced": true + }, + { + "name": "SEMREL_CHANGELOG_PLUGIN", + "description": "NPM plugin name for the changelog plugin.", + "default": "@semantic-release/changelog", + "advanced": true + }, + { + "name": "SEMREL_GIT_PLUGIN", + "description": "NPM plugin name for the git plugin.", + "default": "@semantic-release/git", + "advanced": true + }, + { + "name": "SEMREL_EXEC_PLUGIN", + "description": "NPM plugin name for the exec plugin.", + "default": "@semantic-release/exec", + "advanced": true } ] }, diff --git a/templates/gitlab-ci-semrel-vault.yml b/templates/gitlab-ci-semrel-vault.yml index ba9e553b6b82a621d2b1e9c822319c62d99c4c64..7947a846e77fa9304d66e441ed8212e151eba3ad 100644 --- a/templates/gitlab-ci-semrel-vault.yml +++ b/templates/gitlab-ci-semrel-vault.yml @@ -22,7 +22,7 @@ variables: .semrel-base: services: - name: "$TBC_TRACKING_IMAGE" - command: ["--service", "semrel", "3.12.0"] + command: ["--service", "semrel", "3.14.2"] - name: "$TBC_VAULT_IMAGE" alias: "vault-secrets-provider" variables: diff --git a/templates/gitlab-ci-semrel.yml b/templates/gitlab-ci-semrel.yml index 1a2871462509ece3654b73d560c56acac3f8aae9..738d2645ff904f8537a736f652c7fe61791bf147 100644 --- a/templates/gitlab-ci-semrel.yml +++ b/templates/gitlab-ci-semrel.yml @@ -55,6 +55,9 @@ spec: description: For generated `.releaserc` file only. Activate the [dryRun semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#dryrun) if present. type: boolean default: false + extra-args: + description: "[Extra options](https://semantic-release.gitbook.io/semantic-release/usage/configuration#options) to pass to semantic-release." + default: '' auto-release-enabled: description: When set the job start automatically. When not set (default), the job is manual. type: boolean @@ -86,6 +89,24 @@ spec: - protected - all default: '' + commit-analyzer-plugin: + description: The npm plugin name for the commit-analyzer plugin. The default is `@semantic-release/commit-analyzer` + default: '@semantic-release/commit-analyzer' + release-notes-generator-plugin: + description: The npm plugin name for the release-notes-generator plugin. The default is `@semantic-release/release-notes-generator` + default: '@semantic-release/release-notes-generator' + gitlab-plugin: + description: The npm plugin name for the gitlab plugin. The default is `@semantic-release/gitlab` + default: '@semantic-release/gitlab' + changelog-plugin: + description: The npm plugin name for the changelog plugin. The default is `@semantic-release/changelog` + default: '@semantic-release/changelog' + git-plugin: + description: The npm plugin name for the git plugin. The default is `@semantic-release/git` + default: '@semantic-release/git' + exec-plugin: + description: The npm plugin name for the exec plugin. The default is `@semantic-release/exec` + default: '@semantic-release/exec' semantic-release-job-tags: description: Tags to be used for selecting runners for the job type: array @@ -139,12 +160,20 @@ variables: SEMREL_CHANGELOG_FILE: $[[ inputs.changelog-file ]] SEMREL_CHANGELOG_TITLE: $[[ inputs.changelog-title ]] SEMREL_DRY_RUN: $[[ inputs.dry-run ]] + SEMREL_EXTRA_ARGS: $[[ inputs.extra-args ]] SEMREL_AUTO_RELEASE_ENABLED: $[[ inputs.auto-release-enabled ]] SEMREL_COMMIT_MESSAGE: $[[ inputs.commit-message ]] SEMREL_RELEASE_DISABLED: $[[ inputs.release-disabled ]] SEMREL_INFO_ON: $[[ inputs.info-on ]] SEMREL_COMMIT_SPEC: $[[ inputs.commit-spec ]] + SEMREL_COMMIT_ANALYZER_PLUGIN: $[[ inputs.commit-analyzer-plugin ]] + SEMREL_RELEASE_NOTES_GENERATOR_PLUGIN: $[[ inputs.release-notes-generator-plugin ]] + SEMREL_GITLAB_PLUGIN: $[[ inputs.gitlab-plugin ]] + SEMREL_CHANGELOG_PLUGIN: $[[ inputs.changelog-plugin ]] + SEMREL_GIT_PLUGIN: $[[ inputs.git-plugin ]] + SEMREL_EXEC_PLUGIN: $[[ inputs.exec-plugin ]] + # default production ref name (pattern) PROD_REF: /^(master|main)$/ SEMREL_BRANCHES_REF: $[[ inputs.branches-ref ]] @@ -507,11 +536,11 @@ stages: echo "tagFormat: '${SEMREL_TAG_FORMAT}'" echo "" echo "plugins: " - echo " - - '@semantic-release/commit-analyzer'" + echo " - - '${SEMREL_COMMIT_ANALYZER_PLUGIN}'" echo "${commitPresetConfig}" - echo " - - '@semantic-release/release-notes-generator'" + echo " - - '${SEMREL_RELEASE_NOTES_GENERATOR_PLUGIN}'" echo "${commitPresetConfig}" - echo " - '@semantic-release/gitlab'" + echo " - '${SEMREL_GITLAB_PLUGIN}'" echo "${changelogPluginConfig}" echo "${execPluginConfig}" echo "${gitPluginConfig}" @@ -584,10 +613,10 @@ stages: if [[ -n "${SEMREL_CHANGELOG_TITLE}" ]]; then changeLogConfig=$(echo -e "${changeLogConfig:+${changeLogConfig}\n }changelogTitle: '${SEMREL_CHANGELOG_TITLE}'") fi - echo " - - '@semantic-release/changelog'" + echo " - - '${SEMREL_CHANGELOG_PLUGIN}'" echo " - ${changeLogConfig}" else - echo " - '@semantic-release/changelog'" + echo " - '${SEMREL_CHANGELOG_PLUGIN}'" fi else echo "" @@ -598,7 +627,7 @@ stages: function generate_git_plugin_conf() { # git plugin has default changelog file as asset by default so # we need to add it explicitly if the user configured a custom changelogFile - echo " - - '@semantic-release/git'" + echo " - - '${SEMREL_GIT_PLUGIN}'" if [[ "${SEMREL_CHANGELOG_ENABLED}" = "true" ]] && [[ -n "${SEMREL_CHANGELOG_FILE}" ]]; then echo " - assets:" echo " - '${SEMREL_CHANGELOG_FILE}'" @@ -656,7 +685,7 @@ stages: tabs=" " fi if [[ -n "${scriptsConfig}" ]]; then - echo " - - '@semantic-release/exec'" + echo " - - '${SEMREL_EXEC_PLUGIN}'" echo "${scriptsConfig}" else echo "" @@ -730,9 +759,9 @@ stages: echo "# injected (replace your plugins) plugins by the template to generate dotenv" echo "" echo "plugins:" - echo " - - '@semantic-release/commit-analyzer'" + echo " - - '${SEMREL_COMMIT_ANALYZER_PLUGIN}'" echo "${commitPresetConfig}" - echo " - - '@semantic-release/exec'" + echo " - - '${SEMREL_EXEC_PLUGIN}'" echo " - analyzeCommitsCmd: '\"${export_last_version_hook_script}\" \"\${lastRelease.version}\"'" echo " verifyReleaseCmd: '\"${export_next_version_hook_script}\" \"\${nextRelease.version}\" \"\${nextRelease.type}\"'" echo "" @@ -745,7 +774,7 @@ stages: cat ".releaserc" fi - npm install --global "semantic-release@${SEMREL_VERSION}" "@semantic-release/exec@${SEMREL_EXEC_VERSION}" + npm install --global "semantic-release@${SEMREL_VERSION}" "${SEMREL_EXEC_PLUGIN}@${SEMREL_EXEC_VERSION}" semantic-release --dry-run # Rollback temporary semantic-release configuration @@ -791,6 +820,12 @@ stages: log_info "Commit signing setup complete." } + function clear_vault_env() { + # unset service container env when Vault variant is enabled (SemRel censors them all due to 'SECRET' in the name) + # shellcheck disable=SC2046 + unset $(env | awk -F '=' '/^VAULT_SECRETS_PROVIDER_/{print $1}' | xargs) + } + unscope_variables eval_all_secrets @@ -800,16 +835,17 @@ stages: image: $SEMREL_IMAGE services: - name: "$TBC_TRACKING_IMAGE" - command: ["--service", "semrel", "3.12.0"] + command: ["--service", "semrel", "3.14.2"] before_script: - !reference [.semrel-scripts] - - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}" # install git and OpenSSH - maybe_install_packages ca-certificates git openssh-client gpg gpg-agent + - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}" - maybe_install_yq - cd "${SEMREL_CONFIG_DIR}" - prepare_semantic_release - install_semantic_release_plugins + - clear_vault_env variables: # download cache XDG_CACHE_HOME: "$CI_PROJECT_DIR/.cache" @@ -835,6 +871,8 @@ semantic-release-info: reports: dotenv: "${SEMREL_CONFIG_DIR}/semrel.out.env" rules: + - if: $CI_PIPELINE_SOURCE == "schedule" + when: never - if: $CI_COMMIT_TAG when: never - if: '$SEMREL_INFO_ON == "prod" && $CI_COMMIT_REF_NAME =~ $PROD_REF' @@ -848,9 +886,11 @@ semantic-release: script: - configure_commit_signing - if [[ "$SEMREL_DRY_RUN" == "true" ]]; then dry_run_opt="--dry-run"; fi - - semantic-release ${TRACE:+--debug} --ci $dry_run_opt + - semantic-release ${TRACE:+--debug} --ci $dry_run_opt $SEMREL_EXTRA_ARGS dependencies: [] rules: + - if: $CI_PIPELINE_SOURCE == "schedule" + when: never - if: '$SEMREL_RELEASE_DISABLED == "true"' when: never - if: $CI_COMMIT_TAG