Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • 3
  • 3.12
  • 3.12.0
  • 3.11
  • 3.11.5
  • 3.11.4
  • 3.11.3
  • 3.11.2
  • 3.11.1
  • 3.11.0
  • 3.10.3
  • 3.10.2
  • 3.10.1
  • 3.10.0
  • 3.9.1
  • 3.9
  • 3.9.0
  • 3.8.3
19 results
Compare
Name Last commit Last update
.gitlab
templates
.gitignore
.gitlab-ci.yml
.releaserc.yml
CHANGELOG.md
CONTRIBUTING.md
DCO.txt
LICENSE.txt
README.md
SECURITY.md
bumpversion.sh
kicker.json
logo.png
post-release.sh
renovate.json
semantic-release.r2.yml
README.md

GitLab CI template for semantic-release

This project implements a GitLab CI/CD template to automate your versioning and release management with semantic-release, supporting one or several of the following features:

  • determine the next release version number,
  • generate the changelog,
  • commit any changed resource to the Git repository,
  • create and push the Git tag,
  • publish the packages (in GitLab or any other package repository of your choice),
  • any additional custom behavior you are able to script, triggered on the release steps.

Usage

In order to include this template in your project, add the following to your gitlab-ci.yml:

include:
  - project: 'to-be-continuous/semantic-release'
    ref: '3.5.1'
    file: '/templates/gitlab-ci-semrel.yml'

Global configuration

The semantic-release template uses some global configuration used throughout all jobs.

Name description default value
SEMREL_IMAGE The Docker image used to run semantic-release registry.hub.docker.com/library/node:latest
SEMREL_VERSION The semantic-release version to use latest
SEMREL_EXEC_VERSION The @semantic-release/exec version to use latest
🔒 GITLAB_TOKEN A GitLab project access token or personal access token with api, read_repository and write repository scopes. ⚠️ This variable is mandatory and defined by semantic-release itself. none
GIT_AUTHOR_EMAIL A Git author email address associated with the GITLAB_TOKEN bot user. This is defined by semantic-release itself, and required if the verify-user push rules enabled for the project none
GIT_COMMITTER_EMAIL A Git committer email address associated with the GITLAB_TOKEN bot user. This is defined by semantic-release itself, and required if the verify-user push rules enabled for the project none
SEMREL_CONFIG_DIR directory containing your semantic-release configuration .
SEMREL_REQUIRED_PLUGINS_FILE An optional file for additional npm packages to install semrel-required-plugins.txt

Jobs will extract required plugin packages from discovered configuration. If your configuration needs additional packages, add them, one per line, to SEMREL_REQUIRED_PLUGINS_FILE file. Each line must be a valid npm install package argument.

Jobs

semantic-release job

This job runs semantic-release in ci mode.

⚠️ This template supports all semantic-release configuration files except for release.config.js and custom CLI arguments.

If no configuration is found, the template will generate one with the following options:

Variables

As specified in the previous chapter, these variables are only used to generated a .releaserc when no configuration is found in the repository.

Name description default value
SEMREL_CHANGELOG_ENABLED Add the @semantic-release/changelog plugin which will commit a changelog file in the repository if set to true. none
SEMREL_CHANGELOG_FILE changelogFile @semantic-release/changelog option. none (use the plugin default value which is CHANGELOG.md).
SEMREL_CHANGELOG_TITLE changelogTitle @semantic-release/changelog option. You might want to use markdown format (for example # MyApp Changelog). none
SEMREL_DRY_RUN Activate the dryRun semantic-release option if present. none
SEMREL_AUTO_RELEASE_ENABLED When set to true the job start automatically. When not set (default), the job is manual. none
SEMREL_TAG_FORMAT tagFormat semantic-release option. ⚠️ don't forget to double the $ character so it is not interpreted by GitLab. $${version}
SEMREL_HOOKS_DIR Hook scripts folder. .
SEMREL_COMMIT_MESSAGE Add a custom commit message based on semantic-release/git option. none (uses semantic-release default commit message)
SEMREL_RELEASE_DISABLED Disable this job. none

Hook scripts

The generated .releaserc will include the @semantic-release/exec plugin if any of the following scripts is found in the $SEMREL_HOOKS_DIR folder:

verify-conditions.sh

See exec verifyConditionsCmd.

Parameters: none

verify-release.sh

See exec verifyReleaseCmd.

Parameters:

  1. Last release version
  2. next release version
  3. next release type
prepare.sh

See exec prepareCmd.

Parameters:

  1. Last release version
  2. next release version
  3. next release type
publish.sh

See exec publishCmd.

Parameters:

  1. Last release version
  2. next release version
  3. release branch
  4. commits count
  5. current date
success.sh

See exec successCmd.

Parameters:

  1. Last release version
  2. next release version
fail.sh

See exec failcmd.

Parameters:

  1. Last release version
  2. next release version

Signing release commits with GPG

For an introduction on commit signing, see GitLab documentation.

To make semantic-release sign its commits, use the following variable.

Name description default value
🔒 SEMREL_GPG_SIGNKEY Path to the GPG signkey exported with gpg --armor --export-secret-key
⚠️ Declare as a masked project variable of File type.		 none

semantic-release-info job

This job (disabled by default) runs semantic-release with dry-run mode in .pre stage to save the following variables as dotenv artifact making them available for the next pipeline stages:

  • SEMREL_INFO_LAST_VERSION: latest released version
  • SEMREL_INFO_NEXT_VERSION: next release version (based on actual commits and comments)
  • SEMREL_INFO_NEXT_VERSION_TYPE: next release type (major|minor|patch)

⚠️ SEMREL_INFO_NEXT_VERSION and SEMREL_INFO_NEXT_VERSION_TYPE wont be available when semantic-release commits analysis determine that no release will be performed.

This job can be enabled by defining the SEMREL_INFO_ON variable:

  • prod to enable on production branch only (main or master by default)
  • protected to enable on protected references
  • all to enable on all Git references. ⚠️ Beware that this job requires the GITLAB_TOKEN variable so you must unprotect it (this will make privilege escalation possible from developer to maintainer).

Secrets management

Here are some advices about your secrets (variables marked with a 🔒):

  1. Manage them as project or group CI/CD variables:
    • masked to prevent them from being inadvertently displayed in your job logs,
    • protected if you want to secure some secrets you don't want everyone in the project to have access to (for instance production secrets).
  2. In case a secret contains characters that prevent it from being masked, simply define its value as the Base64 encoded value prefixed with @b64@: it will then be possible to mask it and the template will automatically decode it prior to using it.
  3. Don't forget to escape special characters (ex: $ -> $$).