diff --git a/.gitlab/issue_templates/bug_report.md b/.gitlab/issue_templates/bug_report.md index d553301f9a71564f5d55a527dad69693b033bca6..5a603faed7891e231bebbcf389ca55ed79d1eba3 100644 --- a/.gitlab/issue_templates/bug_report.md +++ b/.gitlab/issue_templates/bug_report.md @@ -15,7 +15,7 @@ ## Logs and/or screenshots -(Join any relevant logs and/or screenshot. Please use code blocks (```) to format console output, logs, and code.) +(Join any relevant logs and/or screenshot. Please use code blocks (`` ``` ``) to format console output, logs, and code.) ## Context & Configuration diff --git a/CHANGELOG.md b/CHANGELOG.md index bf45c8d175edf84689e70350badcbe87ebb7aca3..b48973e944cedec288ea8eb651409429885f0cc6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,25 @@ -## [3.11.2](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/semantic-release/compare/3.11.1...3.11.2) (2024-08-29) +## [3.11.5](https://gitlab.com/to-be-continuous/semantic-release/compare/3.11.4...3.11.5) (2024-11-17) + + +### Bug Fixes + +* add preset to semantic-release-info ([6c074f6](https://gitlab.com/to-be-continuous/semantic-release/commit/6c074f671b3e48480f8aea04f71df00f93d54fc0)) + +## [3.11.4](https://gitlab.com/to-be-continuous/semantic-release/compare/3.11.3...3.11.4) (2024-11-08) + + +### Bug Fixes + +* fix eval_secret function when using node to decode a secret ([b579199](https://gitlab.com/to-be-continuous/semantic-release/commit/b579199b53dc58b0f94681720e245163ba457bc7)), closes [#49](https://gitlab.com/to-be-continuous/semantic-release/issues/49) + +## [3.11.3](https://gitlab.com/to-be-continuous/semantic-release/compare/3.11.2...3.11.3) (2024-09-29) + + +### Bug Fixes + +* make gpg configuration to work ([97d56ed](https://gitlab.com/to-be-continuous/semantic-release/commit/97d56edde8c378ae4eefdc52c7171a11fcd555e8)), closes [#48](https://gitlab.com/to-be-continuous/semantic-release/issues/48) + +## [3.11.2](https://gitlab.com/to-be-continuous/semantic-release/compare/3.11.1...3.11.2) (2024-07-25) ### Bug Fixes diff --git a/README.md b/README.md index 62c8779ec5109beaf34797b8a59e508d00b9c7e1..327b69188ff41aab2f71e96bb11d05da0eedcbc4 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ Add the following to your `.gitlab-ci.yml`: ```yaml include: # 1: include the component - - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.11.2 + - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.11.5 # 2: set/override component inputs inputs: changelog-enabled: true # ⚠ this is only an example @@ -34,7 +34,7 @@ Add the following to your `.gitlab-ci.yml`: include: # 1: include the template - project: 'to-be-continuous/semantic-release' - ref: '3.11.2' + ref: '3.11.5' file: '/templates/gitlab-ci-semrel.yml' variables: @@ -92,7 +92,7 @@ As specified in the previous chapter, these variables are only used to generated | `changelog-title` / `SEMREL_CHANGELOG_TITLE` | [changelogTitle @semantic-release/changelog option](https://github.com/semantic-release/changelog#options). You might want to use markdown format (for example `# MyApp Changelog`). | _none_ | | `dry-run` / `SEMREL_DRY_RUN` | Activate the [dryRun semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#dryrun) if present. | _none_ | | `auto-release-enabled` / `SEMREL_AUTO_RELEASE_ENABLED` | When set to `true` the job start automatically. When not set (default), the job is manual. | _none_ | -| `branches-ref` / `SEMREL_BRANCHES_REF` | Regular expression pattern matching branches from which releases should happen (should match your [semantic-release configuration](https://semantic-release.gitbook.io/semantic-release/usage/configuration#branches)) | `/^(master|main)$/` | +| `branches-ref` / `SEMREL_BRANCHES_REF` | Regular expression pattern matching branches from which releases should happen (should match your [semantic-release configuration](https://semantic-release.gitbook.io/semantic-release/usage/configuration#branches)) | `/^(master\|main)$/` | | `tag-format` / `SEMREL_TAG_FORMAT` | [tagFormat semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#tagformat). :warning: don't forget to double the `$` character so it is not interpreted by GitLab. | `$${version}` | | `hooks-dir` / `SEMREL_HOOKS_DIR` | [Hook scripts](#hook_scripts) folder. | `.` | | `commit-message` / `SEMREL_COMMIT_MESSAGE` | Add a custom commit message based on [semantic-release/git option](https://github.com/semantic-release/git#message). | _none_ (uses semantic-release default commit message) | @@ -161,7 +161,7 @@ Parameters: #### Signing release commits with GPG -For an introduction on commit signing, see [GitLab documentation](https://docs.gitlab.com/ee/user/project/repository/gpg_signed_commits/). +For an introduction on commit signing, see [GitLab documentation](https://docs.gitlab.com/ee/user/project/repository/signed_commits/gpg.html). To make semantic-release sign its commits, use the following variable. @@ -171,7 +171,7 @@ To make semantic-release sign its commits, use the following variable. ### `semantic-release-info` job -This job (disabled by default) runs `semantic-release` with `dry-run` mode in `.pre` stage to save the following variables as [dotenv artifact](https://docs.gitlab.com/ee/ci/pipelines/job_artifacts.html#artifactsreportsdotenv) making them available for the next pipeline stages: +This job (disabled by default) runs `semantic-release` with `dry-run` mode in `.pre` stage to save the following variables as [dotenv artifact](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportsdotenv) making them available for the next pipeline stages: * `SEMREL_INFO_LAST_VERSION`: latest released version * `SEMREL_INFO_NEXT_VERSION`: next release version (based on actual commits and comments) @@ -355,10 +355,12 @@ In order to be able to communicate with the Vault server, the variant requires t | Input / Variable | Description | Default value | | ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------- | | `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest` | -| `vault-base-url` / `VAULT_BASE_URL` | The Vault server base API url | _none_ | +| `vault-base-url` / `VAULT_BASE_URL` | The Vault server base API url | **must be defined** | | `vault-oidc-aud` / `VAULT_OIDC_AUD` | The `aud` claim for the JWT | `$CI_SERVER_URL` | -| :lock: `VAULT_ROLE_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | **must be defined** | -| :lock: `VAULT_SECRET_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID | **must be defined** | +| :lock: `VAULT_ROLE_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | _none_ | +| :lock: `VAULT_SECRET_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID | _none_ | + +By default, the variant will authentifacte using a [JWT ID token](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html). To use [AppRole](https://www.vaultproject.io/docs/auth/approle) instead the `VAULT_ROLE_ID` and `VAULT_SECRET_ID` should be defined as secret project variables. #### Usage @@ -380,9 +382,9 @@ With: ```yaml include: # main template - - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.11.2 + - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.11.5 # Vault variant - - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel-vault@3.11.2 + - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel-vault@3.11.5 inputs: vault-base-url: "https://vault.acme.host/v1" # audience claim for JWT @@ -391,5 +393,4 @@ include: variables: # Secrets managed by Vault GITLAB_TOKEN: "@url@http://vault-secrets-provider/api/secrets/b7ecb6ebabc231/semantic-release/token?field=group-access-token" - # $VAULT_ROLE_ID and $VAULT_SECRET_ID defined as a secret CI/CD variable ``` diff --git a/bumpversion.sh b/bumpversion.sh index 329e866dac988c049574a0a9f26ba89979c523a8..708faf434d2459d63b2bdaceada5eb32b0fd39eb 100755 --- a/bumpversion.sh +++ b/bumpversion.sh @@ -27,7 +27,7 @@ if [[ "$curVer" ]]; then log_info "Bump version from \\e[33;1m${curVer}\\e[0m to \\e[33;1m${nextVer}\\e[0m (release type: $relType)..." # replace in README - sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\”/ref: \”$nextVer\”/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next + sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\"/ref: \"$nextVer\"/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next mv -f README.md.next README.md # replace in template and variants diff --git a/templates/gitlab-ci-semrel-vault.yml b/templates/gitlab-ci-semrel-vault.yml index 1f748760fd9b14e10860865dae41c8354810356b..aeeaeb2ccea7b116316bc35511af7b0ac66f588d 100644 --- a/templates/gitlab-ci-semrel-vault.yml +++ b/templates/gitlab-ci-semrel-vault.yml @@ -22,7 +22,7 @@ variables: .semrel-base: services: - name: "$TBC_TRACKING_IMAGE" - command: ["--service", "semrel", "3.11.2"] + command: ["--service", "semrel", "3.11.5"] - name: "$TBC_VAULT_IMAGE" alias: "vault-secrets-provider" variables: diff --git a/templates/gitlab-ci-semrel.yml b/templates/gitlab-ci-semrel.yml index 75575e74250b8f4c2a9654638c3ecbe572d8ce31..648d55e7f8a6c18def781ebacec8eadff78f0379 100644 --- a/templates/gitlab-ci-semrel.yml +++ b/templates/gitlab-ci-semrel.yml @@ -383,6 +383,8 @@ stages: fi elif command -v node > /dev/null then + decoded=$(mktemp) + errors=$(mktemp) if node -e "const fs=require('fs');function dlFile(url,file,maxRedir=5){return new Promise((resolve,reject)=>{let redirCount=0;const req=require(url.split(':')[0]).get(url,res=>{res.statusCode>=300&&res.statusCode<400&&res.headers.location&&redirCount<maxRedir?(redirCount++,console.log('Follow redirect ('+redirCount+'): '+res.headers.location),dlFile(res.headers.location,file,maxRedir).then(resolve).catch(reject)):200===res.statusCode?(res.pipe(fs.createWriteStream(file)).on('finish',()=>resolve()),res.on('error',reject)):reject(new Error('HTTP error: '+res.statusCode))});req.on('error',reject)})}dlFile('$url','$decoded').then(()=>{console.log('Download complete'),process.exit(0)}).catch(e=>{console.error('Error:',e),process.exit(1)});" 2> "${errors}" then # shellcheck disable=SC2086 @@ -698,7 +700,7 @@ stages: # Generating the hook scripts that will generate the dotenv file # The dotenv file is generated in $TMPDIR so it will survive the git reset dotenv_tmp="$(mktemp -t semrel-info-XXXXXXXXXX.dotenv)" - + commitPresetConfig=$(generate_commit_preset_conf) export_last_version_hook_script="./export-last-version.sh" { echo "#!/bin/bash" @@ -730,16 +732,13 @@ stages: echo "" echo "# injected (replace your plugins) plugins by the template to generate dotenv" echo "" - echo "plugins: [" - echo " \"@semantic-release/commit-analyzer\"," - echo " [" - echo " \"@semantic-release/exec\"," - echo " {" - echo " \"analyzeCommitsCmd\": \"${export_last_version_hook_script} \\\"\${lastRelease.version}\\\"\"", - echo " \"verifyReleaseCmd\": \"${export_next_version_hook_script} \\\"\${nextRelease.version}\\\" \\\"\${nextRelease.type}\\\"\"" - echo " }" - echo " ]," - echo "]" + echo "plugins:" + echo " - - '@semantic-release/commit-analyzer'" + echo "${commitPresetConfig}" + echo " - - '@semantic-release/exec'" + echo " - analyzeCommitsCmd: '\"${export_last_version_hook_script}\" \"\${lastRelease.version}\"'" + echo " verifyReleaseCmd: '\"${export_next_version_hook_script}\" \"\${nextRelease.version}\" \"\${nextRelease.type}\"'" + echo "" } >> "${releaserc_file}.new" mv -f "${releaserc_file}.new" ".releaserc" @@ -804,12 +803,12 @@ stages: image: $SEMREL_IMAGE services: - name: "$TBC_TRACKING_IMAGE" - command: ["--service", "semrel", "3.11.2"] + command: ["--service", "semrel", "3.11.5"] before_script: - !reference [.semrel-scripts] - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}" # install git and OpenSSH - - maybe_install_packages ca-certificates git openssh-client gpg + - maybe_install_packages ca-certificates git openssh-client gpg gpg-agent - maybe_install_yq - cd "${SEMREL_CONFIG_DIR}" - prepare_semantic_release