Merge remote-tracking branch 'upstream/master'

# Conflicts: # .gitlab-ci.yml # CHANGELOG.md

Merge remote-tracking branch 'upstream/master'
e6964a20 · Benguria Elguezabal, Gorka · 3673eb2e · b6984339 · e6964a20 · e6964a20
Commit e6964a20 authored 5 months ago by Benguria Elguezabal, Gorka
--- a/.gitlab/issue_templates/bug_report.md
+++ b/.gitlab/issue_templates/bug_report.md
@@ -15,7 +15,7 @@
 ## Logs and/or screenshots
-(Join any relevant logs and/or screenshot. Please use code blocks (```) to format console output, logs, and code.)
+(Join any relevant logs and/or screenshot. Please use code blocks (`` ``` ``) to format console output, logs, and code.)
 ## Context & Configuration

--- a/CHANGELOG.md
+++ b/CHANGELOG.md
-## [3.11.2](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/semantic-release/compare/3.11.1...3.11.2) (2024-08-29)
+## [3.11.5](https://gitlab.com/to-be-continuous/semantic-release/compare/3.11.4...3.11.5) (2024-11-17)
+### Bug Fixes
+* add preset to semantic-release-info ([6c074f6](https://gitlab.com/to-be-continuous/semantic-release/commit/6c074f671b3e48480f8aea04f71df00f93d54fc0))
+## [3.11.4](https://gitlab.com/to-be-continuous/semantic-release/compare/3.11.3...3.11.4) (2024-11-08)
+### Bug Fixes
+* fix eval_secret function when using node to decode a secret ([b579199](https://gitlab.com/to-be-continuous/semantic-release/commit/b579199b53dc58b0f94681720e245163ba457bc7)), closes [#49](https://gitlab.com/to-be-continuous/semantic-release/issues/49)
+## [3.11.3](https://gitlab.com/to-be-continuous/semantic-release/compare/3.11.2...3.11.3) (2024-09-29)
+### Bug Fixes
+* make gpg configuration to work ([97d56ed](https://gitlab.com/to-be-continuous/semantic-release/commit/97d56edde8c378ae4eefdc52c7171a11fcd555e8)), closes [#48](https://gitlab.com/to-be-continuous/semantic-release/issues/48)
+## [3.11.2](https://gitlab.com/to-be-continuous/semantic-release/compare/3.11.1...3.11.2) (2024-07-25)
 ### Bug Fixes

--- a/README.md
+++ b/README.md
@@ -20,7 +20,7 @@ Add the following to your `.gitlab-ci.yml`:
 ```yaml
 include:
  # 1: include the component
-  - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.11.2
+  - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.11.5
    # 2: set/override component inputs
    inputs:
      changelog-enabled: true # ⚠ this is only an example
@@ -34,7 +34,7 @@ Add the following to your `.gitlab-ci.yml`:
 include:
  # 1: include the template
  - project: 'to-be-continuous/semantic-release'
-    ref: '3.11.2'
+    ref: '3.11.5'
    file: '/templates/gitlab-ci-semrel.yml'
 variables:
@@ -92,7 +92,7 @@ As specified in the previous chapter, these variables are only used to generated
 | `changelog-title` / `SEMREL_CHANGELOG_TITLE`           | [changelogTitle @semantic-release/changelog option](https://github.com/semantic-release/changelog#options). You might want to use markdown format (for example `# MyApp Changelog`).                                                | _none_                                                                                                                                |
 | `dry-run` / `SEMREL_DRY_RUN`                           | Activate the [dryRun semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#dryrun) if present.                                                                      | _none_                                                                                                                                |
 | `auto-release-enabled` / `SEMREL_AUTO_RELEASE_ENABLED` | When set to `true` the job start automatically. When not set (default), the job is manual.                                                                                                                                          | _none_                                                                                                                                |
-| `branches-ref` / `SEMREL_BRANCHES_REF`                 | Regular expression pattern matching branches from which releases should happen (should match your [semantic-release configuration](https://semantic-release.gitbook.io/semantic-release/usage/configuration#branches))              | `/^(master|main)$/` |
+| `branches-ref` / `SEMREL_BRANCHES_REF`                 | Regular expression pattern matching branches from which releases should happen (should match your [semantic-release configuration](https://semantic-release.gitbook.io/semantic-release/usage/configuration#branches))              | `/^(master\|main)$/` |
 | `tag-format` / `SEMREL_TAG_FORMAT`                     | [tagFormat semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#tagformat). :warning: don't forget to double the `$` character so it is not interpreted by GitLab. | `$${version}`                                                                                                                         |
 | `hooks-dir` / `SEMREL_HOOKS_DIR`                       | [Hook scripts](#hook_scripts) folder.                                                                                                                                                                                               | `.`                                                                                                                                   |
 | `commit-message` / `SEMREL_COMMIT_MESSAGE`             | Add a custom commit message based on [semantic-release/git option](https://github.com/semantic-release/git#message).                                                                                                                | _none_ (uses semantic-release default commit message)                                                                                 |
@@ -161,7 +161,7 @@ Parameters:
 #### Signing release commits with GPG
-For an introduction on commit signing, see [GitLab documentation](https://docs.gitlab.com/ee/user/project/repository/gpg_signed_commits/).
+For an introduction on commit signing, see [GitLab documentation](https://docs.gitlab.com/ee/user/project/repository/signed_commits/gpg.html).
 To make semantic-release sign its commits, use the following variable.
@@ -171,7 +171,7 @@ To make semantic-release sign its commits, use the following variable.
 ### `semantic-release-info` job
-This job (disabled by default) runs `semantic-release` with `dry-run` mode in `.pre` stage to save the following variables as [dotenv artifact](https://docs.gitlab.com/ee/ci/pipelines/job_artifacts.html#artifactsreportsdotenv) making them available for the next pipeline stages:
+This job (disabled by default) runs `semantic-release` with `dry-run` mode in `.pre` stage to save the following variables as [dotenv artifact](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportsdotenv) making them available for the next pipeline stages:
 * `SEMREL_INFO_LAST_VERSION`: latest released version
 * `SEMREL_INFO_NEXT_VERSION`: next release version (based on actual commits and comments)
@@ -355,10 +355,12 @@ In order to be able to communicate with the Vault server, the variant requires t
 | Input / Variable                    | Description                                                                                                                     | Default value                                                              |
 | ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------- |
 | `TBC_VAULT_IMAGE`                   | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest` |
-| `vault-base-url` / `VAULT_BASE_URL` | The Vault server base API url                                                                                                   | _none_                                                                     |
+| `vault-base-url` / `VAULT_BASE_URL` | The Vault server base API url                                                                                                   | **must be defined**                                                        |
 | `vault-oidc-aud` / `VAULT_OIDC_AUD` | The `aud` claim for the JWT                                                                                                     | `$CI_SERVER_URL`                                                           |
-| :lock: `VAULT_ROLE_ID`              | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID                                                             | **must be defined**                                                        |
+| :lock: `VAULT_ROLE_ID`              | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID                                                             | _none_                                                                     |
-| :lock: `VAULT_SECRET_ID`            | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID                                                           | **must be defined**                                                        |
+| :lock: `VAULT_SECRET_ID`            | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID                                                           | _none_                                                                     |
+By default, the variant will authentifacte using a [JWT ID token](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html). To use [AppRole](https://www.vaultproject.io/docs/auth/approle) instead the `VAULT_ROLE_ID` and `VAULT_SECRET_ID` should be defined as secret project variables.
 #### Usage
@@ -380,9 +382,9 @@ With:
 ```yaml
 include:
  # main template
-  - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.11.2
+  - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.11.5
  # Vault variant
-  - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel-vault@3.11.2
+  - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel-vault@3.11.5
    inputs:
      vault-base-url: "https://vault.acme.host/v1"
      # audience claim for JWT
@@ -391,5 +393,4 @@ include:
 variables:
  # Secrets managed by Vault
  GITLAB_TOKEN: "@url@http://vault-secrets-provider/api/secrets/b7ecb6ebabc231/semantic-release/token?field=group-access-token"
-  # $VAULT_ROLE_ID and $VAULT_SECRET_ID defined as a secret CI/CD variable
 ```
--- a/bumpversion.sh
+++ b/bumpversion.sh
@@ -27,7 +27,7 @@ if [[ "$curVer" ]]; then
  log_info "Bump version from \\e[33;1m${curVer}\\e[0m to \\e[33;1m${nextVer}\\e[0m (release type: $relType)..."
  # replace in README
-  sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\”/ref: \”$nextVer\”/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next
+  sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\"/ref: \"$nextVer\"/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next
  mv -f README.md.next README.md
  # replace in template and variants

--- a/templates/gitlab-ci-semrel-vault.yml
+++ b/templates/gitlab-ci-semrel-vault.yml
@@ -22,7 +22,7 @@ variables:
 .semrel-base:
  services:
    - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "semrel", "3.11.2"]
+      command: ["--service", "semrel", "3.11.5"]
    - name: "$TBC_VAULT_IMAGE"
      alias: "vault-secrets-provider"
  variables:

--- a/templates/gitlab-ci-semrel.yml
+++ b/templates/gitlab-ci-semrel.yml
@@ -383,6 +383,8 @@ stages:
        fi
      elif command -v node > /dev/null
      then
+        decoded=$(mktemp)
+        errors=$(mktemp)      
        if node -e "const fs=require('fs');function dlFile(url,file,maxRedir=5){return new Promise((resolve,reject)=>{let redirCount=0;const req=require(url.split(':')[0]).get(url,res=>{res.statusCode>=300&&res.statusCode<400&&res.headers.location&&redirCount<maxRedir?(redirCount++,console.log('Follow redirect ('+redirCount+'): '+res.headers.location),dlFile(res.headers.location,file,maxRedir).then(resolve).catch(reject)):200===res.statusCode?(res.pipe(fs.createWriteStream(file)).on('finish',()=>resolve()),res.on('error',reject)):reject(new Error('HTTP error: '+res.statusCode))});req.on('error',reject)})}dlFile('$url','$decoded').then(()=>{console.log('Download complete'),process.exit(0)}).catch(e=>{console.error('Error:',e),process.exit(1)});" 2> "${errors}"
        then
          # shellcheck disable=SC2086
@@ -698,7 +700,7 @@ stages:
    # Generating the hook scripts that will generate the dotenv file
    # The dotenv file is generated in $TMPDIR so it will survive the git reset
    dotenv_tmp="$(mktemp -t semrel-info-XXXXXXXXXX.dotenv)"
+    commitPresetConfig=$(generate_commit_preset_conf)
    export_last_version_hook_script="./export-last-version.sh"
    {
      echo "#!/bin/bash"
@@ -730,16 +732,13 @@ stages:
      echo ""
      echo "# injected (replace your plugins) plugins by the template to generate dotenv"
      echo ""
-      echo "plugins: ["
+      echo "plugins:"
-      echo "  \"@semantic-release/commit-analyzer\","
+      echo "  - - '@semantic-release/commit-analyzer'"
-      echo "  ["
+      echo "${commitPresetConfig}"
-      echo "    \"@semantic-release/exec\","
+      echo "  - - '@semantic-release/exec'"
-      echo "    {"
+      echo "    - analyzeCommitsCmd: '\"${export_last_version_hook_script}\" \"\${lastRelease.version}\"'"
-      echo "      \"analyzeCommitsCmd\": \"${export_last_version_hook_script} \\\"\${lastRelease.version}\\\"\"",
+      echo "      verifyReleaseCmd: '\"${export_next_version_hook_script}\" \"\${nextRelease.version}\" \"\${nextRelease.type}\"'"
-      echo "      \"verifyReleaseCmd\": \"${export_next_version_hook_script} \\\"\${nextRelease.version}\\\" \\\"\${nextRelease.type}\\\"\""
+      echo ""
-      echo "    }"
-      echo "  ],"
-      echo "]"
    } >> "${releaserc_file}.new"
    mv -f "${releaserc_file}.new" ".releaserc"
@@ -804,12 +803,12 @@ stages:
  image: $SEMREL_IMAGE
  services:
    - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "semrel", "3.11.2"]
+      command: ["--service", "semrel", "3.11.5"]
  before_script:
    - !reference [.semrel-scripts]
    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"
    # install git and OpenSSH
-    - maybe_install_packages ca-certificates git openssh-client gpg
+    - maybe_install_packages ca-certificates git openssh-client gpg gpg-agent
    - maybe_install_yq
    - cd "${SEMREL_CONFIG_DIR}"
    - prepare_semantic_release