diff --git a/.gitlab/merge_request_templates/new_feature.md b/.gitlab/merge_request_templates/new_feature.md
index 74abae94c94dc0768bb5c51fe51ad253fce113fe..491b7f98ded7e0da03d18c95978eafcb7d86619f 100644
--- a/.gitlab/merge_request_templates/new_feature.md
+++ b/.gitlab/merge_request_templates/new_feature.md
@@ -8,8 +8,8 @@ Closes #999
## Checklist
* General:
- * [ ] use [rules](https://docs.gitlab.com/ee/ci/yaml/#rules) instead of [only/except](https://docs.gitlab.com/ee/ci/yaml/#onlyexcept-advanced)
- * [ ] optimized [cache](https://docs.gitlab.com/ee/ci/caching/) configuration (wherever applicable)
+ * [ ] use [rules](https://docs.gitlab.com/ci/yaml/#rules) instead of [only/except](https://docs.gitlab.com/ci/yaml/#onlyexcept-advanced)
+ * [ ] optimized [cache](https://docs.gitlab.com/ci/caching/) configuration (wherever applicable)
* Publicly usable:
* [ ] untagged runners
* [ ] no proxy configuration but support `http_proxy`/`https_proxy`/`no_proxy`
diff --git a/CHANGELOG.md b/CHANGELOG.md
index d426dfca9b4c333f7ba9e5d95fd492fdfeffad0f..5f01a106b8cb039bd9f76690670d181dd0fc9d5c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,39 @@
-# [3.12.0](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/semantic-release/compare/3.11.5...3.12.0) (2025-01-29)
+## [3.14.2](https://gitlab.com/to-be-continuous/semantic-release/compare/3.14.1...3.14.2) (2025-04-09)
+
+
+### Bug Fixes
+
+* prevent sem-rel from running in scheduled pipelines ([e872dc7](https://gitlab.com/to-be-continuous/semantic-release/commit/e872dc7b99b9a02d26e7994062a7d14978d60d6e))
+
+## [3.14.1](https://gitlab.com/to-be-continuous/semantic-release/compare/3.14.0...3.14.1) (2025-04-04)
+
+
+### Bug Fixes
+
+* **ca:** install ca-certs before importing custom CA certificates ([43e285f](https://gitlab.com/to-be-continuous/semantic-release/commit/43e285f57e203a0ac1b092731f5cdcbbecb291f3)), closes [#51](https://gitlab.com/to-be-continuous/semantic-release/issues/51)
+
+# [3.14.0](https://gitlab.com/to-be-continuous/semantic-release/compare/3.13.1...3.14.0) (2025-04-01)
+
+
+### Features
+
+* add inputs to overwrite plugins used in default config ([b7b2e0a](https://gitlab.com/to-be-continuous/semantic-release/commit/b7b2e0a468354b5c3190b8334b7ba06f449127c2))
+
+## [3.13.1](https://gitlab.com/to-be-continuous/semantic-release/compare/3.13.0...3.13.1) (2025-03-23)
+
+
+### Bug Fixes
+
+* unset vault variables for semrel ([712331d](https://gitlab.com/to-be-continuous/semantic-release/commit/712331d42158dc9611ea11755f486da8e5d4f8e6)), closes [#54](https://gitlab.com/to-be-continuous/semantic-release/issues/54)
+
+# [3.13.0](https://gitlab.com/to-be-continuous/semantic-release/compare/3.12.0...3.13.0) (2025-02-09)
+
+
+### Features
+
+* add extra CLI options to be passed to semantic-release ([090646b](https://gitlab.com/to-be-continuous/semantic-release/commit/090646b6844932fee4cad9fa05a216f007358b35))
+
+# [3.12.0](https://gitlab.com/to-be-continuous/semantic-release/compare/3.11.5...3.12.0) (2025-01-27)
### Features
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 1f8f9ed09a33b90b94e2ad78ee1ef3abeb05faca..32602a009e1b719a9e9573712b774afeabf9038c 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -61,7 +61,7 @@ To contribute:
1. Create an issue describing the bug or enhancement you want to propose (select the right issue template).
2. Make sure the issue has been reviewed and agreed.
-3. Create a Merge Request, from your **own** fork (see [forking workflow](https://docs.gitlab.com/ee/user/project/repository/forking_workflow.html) documentation).
+3. Create a Merge Request, from your **own** fork (see [forking workflow](https://docs.gitlab.com/user/project/repository/forking_workflow/) documentation).
Don't hesitate to mark your MR as `Draft` as long as you think it's not ready to be reviewed.
### Git Commit Conventions
diff --git a/README.md b/README.md
index c54f041ac95c4ee0745400568b46190afe7e805a..7570e00947680cf06ba8832092fb05eb476bdc95 100644
--- a/README.md
+++ b/README.md
@@ -6,12 +6,12 @@ This project implements a GitLab CI/CD template to automate your versioning and
* generate the changelog,
* commit any changed resource to the Git repository,
* create and push the Git tag,
-* publish the packages (in [GitLab](https://docs.gitlab.com/ee/user/project/releases/index.html) or any other package repository of your choice),
+* publish the packages (in [GitLab](https://docs.gitlab.com/user/project/releases/) or any other package repository of your choice),
* any additional custom behavior you are able to script, triggered on the [release steps](https://semantic-release.gitbook.io/semantic-release/#release-steps).
## Usage
-This template can be used both as a [CI/CD component](https://docs.gitlab.com/ee/ci/components/#use-a-component) or using the legacy [`include:project`](https://docs.gitlab.com/ee/ci/yaml/index.html#includeproject) syntax.
+This template can be used both as a [CI/CD component](https://docs.gitlab.com/ci/components/#use-a-component) or using the legacy [`include:project`](https://docs.gitlab.com/ci/yaml/#includeproject) syntax.
### Use as a CI/CD component
@@ -20,7 +20,7 @@ Add the following to your `.gitlab-ci.yml`:
```yaml
include:
# 1: include the component
- - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.12.0
+ - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.14.2
# 2: set/override component inputs
inputs:
changelog-enabled: true # ⚠ this is only an example
@@ -34,7 +34,7 @@ Add the following to your `.gitlab-ci.yml`:
include:
# 1: include the template
- project: 'to-be-continuous/semantic-release'
- ref: '3.12.0'
+ ref: '3.14.2'
file: '/templates/gitlab-ci-semrel.yml'
variables:
@@ -48,12 +48,12 @@ The semantic-release template uses some global configuration used throughout all
| Input / Variable | Description | Default value |
| -------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------- |
-| `image` / `SEMREL_IMAGE` | The Docker image used to run semantic-release | `registry.hub.docker.com/library/node:lts-slim` |
+| `image` / `SEMREL_IMAGE` | The Docker image used to run semantic-release | `registry.hub.docker.com/library/node:lts-slim` <br/>[](https://to-be-continuous.gitlab.io/doc/secu/trivy-SEMREL_IMAGE) |
| `version` / `SEMREL_VERSION` | The [semantic-release](https://www.npmjs.com/package/semantic-release) version to use | `latest` |
| `exec-version` / `SEMREL_EXEC_VERSION` | The [@semantic-release/exec](https://www.npmjs.com/package/@semantic-release/exec) version to use | `latest` |
-| :lock: `GITLAB_TOKEN` | A GitLab [project access token](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html) or [personal access token](https://docs.gitlab.com/ce/user/profile/personal_access_tokens.html) with `api`, `read_repository` and `write repository` scopes. :warning: This variable is **mandatory** and [defined by `semantic-release`](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/ci-configuration.md#push-access-to-the-remote-repository) itself. | _none_ |
-| :lock: `GIT_AUTHOR_EMAIL` | A Git author email address associated with the `GITLAB_TOKEN` [bot user](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#bot-users-for-projects). This is [defined by `semantic-release`](https://semantic-release.gitbook.io/semantic-release/usage/configuration#git-environment-variables) itself, and **required if** the [verify-user push rules](https://docs.gitlab.com/ee/user/project/repository/push_rules.html#verify-users) enabled for the project | _none_ |
-| :lock: `GIT_COMMITTER_EMAIL` | A Git committer email address associated with the `GITLAB_TOKEN` [bot user](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#bot-users-for-projects). This is [defined by `semantic-release`](https://semantic-release.gitbook.io/semantic-release/usage/configuration#git-environment-variables) itself, and **required if** the [verify-user push rules](https://docs.gitlab.com/ee/user/project/repository/push_rules.html#verify-users) enabled for the project | _none_ |
+| :lock: `GITLAB_TOKEN` | A GitLab [project access token](https://docs.gitlab.com/user/project/settings/project_access_tokens/) or [personal access token](https://docs.gitlab.com/user/profile/personal_access_tokens/) with `api`, `read_repository` and `write repository` scopes. :warning: This variable is **mandatory** and [defined by `semantic-release`](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/ci-configuration.md#push-access-to-the-remote-repository) itself. | _none_ |
+| :lock: `GIT_AUTHOR_EMAIL` | A Git author email address associated with the `GITLAB_TOKEN` [bot user](https://docs.gitlab.com/user/project/settings/project_access_tokens/#bot-users-for-projects). This is [defined by `semantic-release`](https://semantic-release.gitbook.io/semantic-release/usage/configuration#git-environment-variables) itself, and **required if** the [verify-user push rules](https://docs.gitlab.com/user/project/repository/push_rules/#verify-users) enabled for the project | _none_ |
+| :lock: `GIT_COMMITTER_EMAIL` | A Git committer email address associated with the `GITLAB_TOKEN` [bot user](https://docs.gitlab.com/user/project/settings/project_access_tokens/#bot-users-for-projects). This is [defined by `semantic-release`](https://semantic-release.gitbook.io/semantic-release/usage/configuration#git-environment-variables) itself, and **required if** the [verify-user push rules](https://docs.gitlab.com/user/project/repository/push_rules/#verify-users) enabled for the project | _none_ |
| `config-dir` / `SEMREL_CONFIG_DIR` | directory containing your [semantic-release configuration](https://semantic-release.gitbook.io/semantic-release/usage/configuration#configuration-file) | `.` |
| `required-plugins-file` / `SEMREL_REQUIRED_PLUGINS_FILE` | An optional file for additional npm packages to install | `semrel-required-plugins.txt` |
@@ -85,18 +85,25 @@ If no configuration is found, the template will generate one with the following
As specified in the previous chapter, these variables are only used to generated a `.releaserc` when no configuration is found in the repository.
-| Input / Variable | Description | Default value |
-| ------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- |
-| `changelog-enabled` / `SEMREL_CHANGELOG_ENABLED` | Add the [@semantic-release/changelog](https://github.com/semantic-release/changelog) plugin which will commit a changelog file in the repository if set to `true`. | _none_ |
-| `changelog-file` / `SEMREL_CHANGELOG_FILE` | [changelogFile @semantic-release/changelog option](https://github.com/semantic-release/changelog#options). | _none_ (use the plugin default value which is `CHANGELOG.md`). |
-| `changelog-title` / `SEMREL_CHANGELOG_TITLE` | [changelogTitle @semantic-release/changelog option](https://github.com/semantic-release/changelog#options). You might want to use markdown format (for example `# MyApp Changelog`). | _none_ |
-| `dry-run` / `SEMREL_DRY_RUN` | Activate the [dryRun semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#dryrun) if present. | _none_ |
-| `auto-release-enabled` / `SEMREL_AUTO_RELEASE_ENABLED` | When set to `true` the job start automatically. When not set (default), the job is manual. | _none_ |
-| `branches-ref` / `SEMREL_BRANCHES_REF` | Regular expression pattern matching branches from which releases should happen (should match your [semantic-release configuration](https://semantic-release.gitbook.io/semantic-release/usage/configuration#branches)) | `/^(master\|main)$/` |
-| `tag-format` / `SEMREL_TAG_FORMAT` | [tagFormat semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#tagformat). :warning: don't forget to double the `$` character so it is not interpreted by GitLab. | `$${version}` |
-| `hooks-dir` / `SEMREL_HOOKS_DIR` | [Hook scripts](#hook_scripts) folder. | `.` |
-| `commit-message` / `SEMREL_COMMIT_MESSAGE` | Add a custom commit message based on [semantic-release/git option](https://github.com/semantic-release/git#message). | _none_ (uses semantic-release default commit message) |
-| `release-disabled` / `SEMREL_RELEASE_DISABLED` | Disable this job. | _none_ |
+| Input / Variable | Description | Default value |
+| -------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- |
+| `changelog-enabled` / `SEMREL_CHANGELOG_ENABLED` | Add the [@semantic-release/changelog](https://github.com/semantic-release/changelog) plugin which will commit a changelog file in the repository if set to `true`. | _none_ |
+| `changelog-file` / `SEMREL_CHANGELOG_FILE` | [changelogFile @semantic-release/changelog option](https://github.com/semantic-release/changelog#options). | _none_ (use the plugin default value which is `CHANGELOG.md`). |
+| `changelog-title` / `SEMREL_CHANGELOG_TITLE` | [changelogTitle @semantic-release/changelog option](https://github.com/semantic-release/changelog#options). You might want to use markdown format (for example `# MyApp Changelog`). | _none_ |
+| `dry-run` / `SEMREL_DRY_RUN` | Activate the [dryRun semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#dryrun) if present. | _none_ |
+| `extra-args` / `SEMREL_EXTRA_ARGS` | [Extra options](https://semantic-release.gitbook.io/semantic-release/usage/configuration#options) to pass to semantic-release. | _none_ |
+| `auto-release-enabled` / `SEMREL_AUTO_RELEASE_ENABLED` | When set to `true` the job start automatically. When not set (default), the job is manual. | _none_ |
+| `branches-ref` / `SEMREL_BRANCHES_REF` | Regular expression pattern matching branches from which releases should happen (should match your [semantic-release configuration](https://semantic-release.gitbook.io/semantic-release/usage/configuration#branches)) | `/^(master\|main)$/` |
+| `tag-format` / `SEMREL_TAG_FORMAT` | [tagFormat semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#tagformat). :warning: don't forget to double the `$` character so it is not interpreted by GitLab. | `$${version}` |
+| `hooks-dir` / `SEMREL_HOOKS_DIR` | [Hook scripts](#hook_scripts) folder. | `.` |
+| `commit-message` / `SEMREL_COMMIT_MESSAGE` | Add a custom commit message based on [semantic-release/git option](https://github.com/semantic-release/git#message). | _none_ (uses semantic-release default commit message) |
+| `release-disabled` / `SEMREL_RELEASE_DISABLED` | Disable this job. | _none_ |
+| `commit-analyzer-plugin` / `SEMREL_COMMIT_ANALYZER_PLUGIN` | NPM plugin name for the [commit-analyzer](https://github.com/semantic-release/commit-analyzer#commit-analyzer) plugin | `@semantic-release/commit-analyzer` |
+| `release-notes-generator-plugin` / `SEMREL_RELEASE_NOTES_GENERATOR_PLUGIN` | NPM plugin name for the [release-notes-generator](https://github.com/semantic-release/release-notes-generator#release-notes-generator) plugin | `@semantic-release/release-notes-generator` |
+| `gitlab-plugin` / `SEMREL_GITLAB_PLUGIN` | NPM plugin name for the [gitlab](https://github.com/semantic-release/gitlab#semantic-releasegitlab) plugin | `@semantic-release/gitlab` |
+| `changelog-plugin` / `SEMREL_CHANGELOG_PLUGIN` | NPM plugin name for the [changelog](https://github.com/semantic-release/changelog#semantic-releasechangelog) plugin | `@semantic-release/changelog` |
+| `git-plugin` / `SEMREL_GIT_PLUGIN` | NPM plugin name for the [git](https://github.com/semantic-release/git#semantic-releasegit) plugin | `@semantic-release/git` |
+| `exec-plugin` / `SEMREL_EXEC_PLUGIN` | NPM plugin name for the [exec](https://github.com/semantic-release/exec#semantic-releaseexec) plugin | `@semantic-release/exec` |
| `semantic-release-job-tags` / `SEMANTIC_RELEASE_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` |
#### Hook scripts
@@ -161,17 +168,17 @@ Parameters:
#### Signing release commits with GPG
-For an introduction on commit signing, see [GitLab documentation](https://docs.gitlab.com/ee/user/project/repository/signed_commits/gpg.html).
+For an introduction on commit signing, see [GitLab documentation](https://docs.gitlab.com/user/project/repository/signed_commits/gpg/).
To make semantic-release sign its commits, use the following variable.
| Input / Variable | Description | Default value |
| --------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- |
-| :lock: `SEMREL_GPG_SIGNKEY` | Path to the GPG signkey exported with `gpg --armor --export-secret-key`<br/>:warning: Declare as a masked [project variable of File type](https://docs.gitlab.com/ee/ci/variables/#cicd-variable-types). | _none_ |
+| :lock: `SEMREL_GPG_SIGNKEY` | Path to the GPG signkey exported with `gpg --armor --export-secret-key`<br/>:warning: Declare as a masked [project variable of File type](https://docs.gitlab.com/ci/variables/#cicd-variable-types). | _none_ |
### `semantic-release-info` job
-This job (disabled by default) runs `semantic-release` with `dry-run` mode in `.pre` stage to save the following variables as [dotenv artifact](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportsdotenv) making them available for the next pipeline stages:
+This job (disabled by default) runs `semantic-release` with `dry-run` mode in `.pre` stage to save the following variables as [dotenv artifact](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportsdotenv) making them available for the next pipeline stages:
* `SEMREL_INFO_LAST_VERSION`: latest released version
* `SEMREL_INFO_NEXT_VERSION`: next release version (based on actual commits and comments)
@@ -213,12 +220,12 @@ If the version of Semantic Release is pinned using [`SEMREL_VERSION`](#global-co
Here are some advices about your **secrets** (variables marked with a :lock:):
-1. Manage them as [project or group CI/CD variables](https://docs.gitlab.com/ee/ci/variables/#for-a-project):
- * [**masked**](https://docs.gitlab.com/ee/ci/variables/#mask-a-cicd-variable) to prevent them from being inadvertently
+1. Manage them as [project or group CI/CD variables](https://docs.gitlab.com/ci/variables/#for-a-project):
+ * [**masked**](https://docs.gitlab.com/ci/variables/#mask-a-cicd-variable) to prevent them from being inadvertently
displayed in your job logs,
- * [**protected**](https://docs.gitlab.com/ee/ci/variables/#protected-cicd-variables) if you want to secure some secrets
+ * [**protected**](https://docs.gitlab.com/ci/variables/#protected-cicd-variables) if you want to secure some secrets
you don't want everyone in the project to have access to (for instance production secrets).
-2. In case a secret contains [characters that prevent it from being masked](https://docs.gitlab.com/ee/ci/variables/#mask-a-cicd-variable),
+2. In case a secret contains [characters that prevent it from being masked](https://docs.gitlab.com/ci/variables/#mask-a-cicd-variable),
simply define its value as the [Base64](https://en.wikipedia.org/wiki/Base64) encoded value prefixed with `@b64@`:
it will then be possible to mask it and the template will automatically decode it prior to using it.
3. Don't forget to escape special characters (ex: `$` -> `$$`).
@@ -360,7 +367,7 @@ In order to be able to communicate with the Vault server, the variant requires t
| :lock: `VAULT_ROLE_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | _none_ |
| :lock: `VAULT_SECRET_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID | _none_ |
-By default, the variant will authentifacte using a [JWT ID token](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html). To use [AppRole](https://www.vaultproject.io/docs/auth/approle) instead the `VAULT_ROLE_ID` and `VAULT_SECRET_ID` should be defined as secret project variables.
+By default, the variant will authentifacte using a [JWT ID token](https://docs.gitlab.com/ci/secrets/id_token_authentication/). To use [AppRole](https://www.vaultproject.io/docs/auth/approle) instead the `VAULT_ROLE_ID` and `VAULT_SECRET_ID` should be defined as secret project variables.
#### Usage
@@ -382,9 +389,9 @@ With:
```yaml
include:
# main template
- - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.12.0
+ - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.14.2
# Vault variant
- - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel-vault@3.12.0
+ - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel-vault@3.14.2
inputs:
vault-base-url: "https://vault.acme.host/v1"
# audience claim for JWT
diff --git a/kicker.json b/kicker.json
index 1fc4dc569c109f5fef82a4ec293ade9404b58be3..71c08dd60bff47e228c7f6d7bba69007871a9d00 100644
--- a/kicker.json
+++ b/kicker.json
@@ -78,6 +78,11 @@
"type": "boolean",
"advanced": true
},
+ {
+ "name": "SEMREL_EXTRA_ARGS",
+ "description": "[Extra options](https://semantic-release.gitbook.io/semantic-release/usage/configuration#options) to pass to semantic-release.",
+ "advanced": true
+ },
{
"name": "SEMREL_AUTO_RELEASE_ENABLED",
"description": "When set the job start automatically. When not set (default), the job is manual.",
@@ -119,6 +124,42 @@
"values": ["angular","codemirror","conventionalcommits","ember","eslint","express","jquery","jshint"],
"default": "angular",
"advanced": true
+ },
+ {
+ "name": "SEMREL_COMMIT_ANALYZER_PLUGIN",
+ "description": "NPM plugin name for the commit-analyzer plugin.",
+ "default": "@semantic-release/commit-analyzer",
+ "advanced": true
+ },
+ {
+ "name": "SEMREL_RELEASE_NOTES_GENERATOR_PLUGIN",
+ "description": "NPM plugin name for the release-notes-generator plugin.",
+ "default": "@semantic-release/release-notes-generator",
+ "advanced": true
+ },
+ {
+ "name": "SEMREL_GITLAB_PLUGIN",
+ "description": "NPM plugin name for the gitlab plugin.",
+ "default": "@semantic-release/gitlab",
+ "advanced": true
+ },
+ {
+ "name": "SEMREL_CHANGELOG_PLUGIN",
+ "description": "NPM plugin name for the changelog plugin.",
+ "default": "@semantic-release/changelog",
+ "advanced": true
+ },
+ {
+ "name": "SEMREL_GIT_PLUGIN",
+ "description": "NPM plugin name for the git plugin.",
+ "default": "@semantic-release/git",
+ "advanced": true
+ },
+ {
+ "name": "SEMREL_EXEC_PLUGIN",
+ "description": "NPM plugin name for the exec plugin.",
+ "default": "@semantic-release/exec",
+ "advanced": true
}
]
},
diff --git a/templates/gitlab-ci-semrel-vault.yml b/templates/gitlab-ci-semrel-vault.yml
index ba9e553b6b82a621d2b1e9c822319c62d99c4c64..7947a846e77fa9304d66e441ed8212e151eba3ad 100644
--- a/templates/gitlab-ci-semrel-vault.yml
+++ b/templates/gitlab-ci-semrel-vault.yml
@@ -22,7 +22,7 @@ variables:
.semrel-base:
services:
- name: "$TBC_TRACKING_IMAGE"
- command: ["--service", "semrel", "3.12.0"]
+ command: ["--service", "semrel", "3.14.2"]
- name: "$TBC_VAULT_IMAGE"
alias: "vault-secrets-provider"
variables:
diff --git a/templates/gitlab-ci-semrel.yml b/templates/gitlab-ci-semrel.yml
index 1a2871462509ece3654b73d560c56acac3f8aae9..738d2645ff904f8537a736f652c7fe61791bf147 100644
--- a/templates/gitlab-ci-semrel.yml
+++ b/templates/gitlab-ci-semrel.yml
@@ -55,6 +55,9 @@ spec:
description: For generated `.releaserc` file only. Activate the [dryRun semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#dryrun) if present.
type: boolean
default: false
+ extra-args:
+ description: "[Extra options](https://semantic-release.gitbook.io/semantic-release/usage/configuration#options) to pass to semantic-release."
+ default: ''
auto-release-enabled:
description: When set the job start automatically. When not set (default), the job is manual.
type: boolean
@@ -86,6 +89,24 @@ spec:
- protected
- all
default: ''
+ commit-analyzer-plugin:
+ description: The npm plugin name for the commit-analyzer plugin. The default is `@semantic-release/commit-analyzer`
+ default: '@semantic-release/commit-analyzer'
+ release-notes-generator-plugin:
+ description: The npm plugin name for the release-notes-generator plugin. The default is `@semantic-release/release-notes-generator`
+ default: '@semantic-release/release-notes-generator'
+ gitlab-plugin:
+ description: The npm plugin name for the gitlab plugin. The default is `@semantic-release/gitlab`
+ default: '@semantic-release/gitlab'
+ changelog-plugin:
+ description: The npm plugin name for the changelog plugin. The default is `@semantic-release/changelog`
+ default: '@semantic-release/changelog'
+ git-plugin:
+ description: The npm plugin name for the git plugin. The default is `@semantic-release/git`
+ default: '@semantic-release/git'
+ exec-plugin:
+ description: The npm plugin name for the exec plugin. The default is `@semantic-release/exec`
+ default: '@semantic-release/exec'
semantic-release-job-tags:
description: Tags to be used for selecting runners for the job
type: array
@@ -139,12 +160,20 @@ variables:
SEMREL_CHANGELOG_FILE: $[[ inputs.changelog-file ]]
SEMREL_CHANGELOG_TITLE: $[[ inputs.changelog-title ]]
SEMREL_DRY_RUN: $[[ inputs.dry-run ]]
+ SEMREL_EXTRA_ARGS: $[[ inputs.extra-args ]]
SEMREL_AUTO_RELEASE_ENABLED: $[[ inputs.auto-release-enabled ]]
SEMREL_COMMIT_MESSAGE: $[[ inputs.commit-message ]]
SEMREL_RELEASE_DISABLED: $[[ inputs.release-disabled ]]
SEMREL_INFO_ON: $[[ inputs.info-on ]]
SEMREL_COMMIT_SPEC: $[[ inputs.commit-spec ]]
+ SEMREL_COMMIT_ANALYZER_PLUGIN: $[[ inputs.commit-analyzer-plugin ]]
+ SEMREL_RELEASE_NOTES_GENERATOR_PLUGIN: $[[ inputs.release-notes-generator-plugin ]]
+ SEMREL_GITLAB_PLUGIN: $[[ inputs.gitlab-plugin ]]
+ SEMREL_CHANGELOG_PLUGIN: $[[ inputs.changelog-plugin ]]
+ SEMREL_GIT_PLUGIN: $[[ inputs.git-plugin ]]
+ SEMREL_EXEC_PLUGIN: $[[ inputs.exec-plugin ]]
+
# default production ref name (pattern)
PROD_REF: /^(master|main)$/
SEMREL_BRANCHES_REF: $[[ inputs.branches-ref ]]
@@ -507,11 +536,11 @@ stages:
echo "tagFormat: '${SEMREL_TAG_FORMAT}'"
echo ""
echo "plugins: "
- echo " - - '@semantic-release/commit-analyzer'"
+ echo " - - '${SEMREL_COMMIT_ANALYZER_PLUGIN}'"
echo "${commitPresetConfig}"
- echo " - - '@semantic-release/release-notes-generator'"
+ echo " - - '${SEMREL_RELEASE_NOTES_GENERATOR_PLUGIN}'"
echo "${commitPresetConfig}"
- echo " - '@semantic-release/gitlab'"
+ echo " - '${SEMREL_GITLAB_PLUGIN}'"
echo "${changelogPluginConfig}"
echo "${execPluginConfig}"
echo "${gitPluginConfig}"
@@ -584,10 +613,10 @@ stages:
if [[ -n "${SEMREL_CHANGELOG_TITLE}" ]]; then
changeLogConfig=$(echo -e "${changeLogConfig:+${changeLogConfig}\n }changelogTitle: '${SEMREL_CHANGELOG_TITLE}'")
fi
- echo " - - '@semantic-release/changelog'"
+ echo " - - '${SEMREL_CHANGELOG_PLUGIN}'"
echo " - ${changeLogConfig}"
else
- echo " - '@semantic-release/changelog'"
+ echo " - '${SEMREL_CHANGELOG_PLUGIN}'"
fi
else
echo ""
@@ -598,7 +627,7 @@ stages:
function generate_git_plugin_conf() {
# git plugin has default changelog file as asset by default so
# we need to add it explicitly if the user configured a custom changelogFile
- echo " - - '@semantic-release/git'"
+ echo " - - '${SEMREL_GIT_PLUGIN}'"
if [[ "${SEMREL_CHANGELOG_ENABLED}" = "true" ]] && [[ -n "${SEMREL_CHANGELOG_FILE}" ]]; then
echo " - assets:"
echo " - '${SEMREL_CHANGELOG_FILE}'"
@@ -656,7 +685,7 @@ stages:
tabs=" "
fi
if [[ -n "${scriptsConfig}" ]]; then
- echo " - - '@semantic-release/exec'"
+ echo " - - '${SEMREL_EXEC_PLUGIN}'"
echo "${scriptsConfig}"
else
echo ""
@@ -730,9 +759,9 @@ stages:
echo "# injected (replace your plugins) plugins by the template to generate dotenv"
echo ""
echo "plugins:"
- echo " - - '@semantic-release/commit-analyzer'"
+ echo " - - '${SEMREL_COMMIT_ANALYZER_PLUGIN}'"
echo "${commitPresetConfig}"
- echo " - - '@semantic-release/exec'"
+ echo " - - '${SEMREL_EXEC_PLUGIN}'"
echo " - analyzeCommitsCmd: '\"${export_last_version_hook_script}\" \"\${lastRelease.version}\"'"
echo " verifyReleaseCmd: '\"${export_next_version_hook_script}\" \"\${nextRelease.version}\" \"\${nextRelease.type}\"'"
echo ""
@@ -745,7 +774,7 @@ stages:
cat ".releaserc"
fi
- npm install --global "semantic-release@${SEMREL_VERSION}" "@semantic-release/exec@${SEMREL_EXEC_VERSION}"
+ npm install --global "semantic-release@${SEMREL_VERSION}" "${SEMREL_EXEC_PLUGIN}@${SEMREL_EXEC_VERSION}"
semantic-release --dry-run
# Rollback temporary semantic-release configuration
@@ -791,6 +820,12 @@ stages:
log_info "Commit signing setup complete."
}
+ function clear_vault_env() {
+ # unset service container env when Vault variant is enabled (SemRel censors them all due to 'SECRET' in the name)
+ # shellcheck disable=SC2046
+ unset $(env | awk -F '=' '/^VAULT_SECRETS_PROVIDER_/{print $1}' | xargs)
+ }
+
unscope_variables
eval_all_secrets
@@ -800,16 +835,17 @@ stages:
image: $SEMREL_IMAGE
services:
- name: "$TBC_TRACKING_IMAGE"
- command: ["--service", "semrel", "3.12.0"]
+ command: ["--service", "semrel", "3.14.2"]
before_script:
- !reference [.semrel-scripts]
- - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"
# install git and OpenSSH
- maybe_install_packages ca-certificates git openssh-client gpg gpg-agent
+ - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"
- maybe_install_yq
- cd "${SEMREL_CONFIG_DIR}"
- prepare_semantic_release
- install_semantic_release_plugins
+ - clear_vault_env
variables:
# download cache
XDG_CACHE_HOME: "$CI_PROJECT_DIR/.cache"
@@ -835,6 +871,8 @@ semantic-release-info:
reports:
dotenv: "${SEMREL_CONFIG_DIR}/semrel.out.env"
rules:
+ - if: $CI_PIPELINE_SOURCE == "schedule"
+ when: never
- if: $CI_COMMIT_TAG
when: never
- if: '$SEMREL_INFO_ON == "prod" && $CI_COMMIT_REF_NAME =~ $PROD_REF'
@@ -848,9 +886,11 @@ semantic-release:
script:
- configure_commit_signing
- if [[ "$SEMREL_DRY_RUN" == "true" ]]; then dry_run_opt="--dry-run"; fi
- - semantic-release ${TRACE:+--debug} --ci $dry_run_opt
+ - semantic-release ${TRACE:+--debug} --ci $dry_run_opt $SEMREL_EXTRA_ARGS
dependencies: []
rules:
+ - if: $CI_PIPELINE_SOURCE == "schedule"
+ when: never
- if: '$SEMREL_RELEASE_DISABLED == "true"'
when: never
- if: $CI_COMMIT_TAG