Merge branch 'feat/improvements' into 'master'

  [

    "@semantic-release/exec",

    {

      "prepareCmd": "./bumpversion.sh \"${lastRelease.version}\" \"${nextRelease.version}\" \"${nextRelease.type}\""

      "prepareCmd": "./bumpversion.sh \"${lastRelease.version}\" \"${nextRelease.version}\" \"${nextRelease.type}\"",

      "successCmd": "./post-release.sh \"${nextRelease.version}\""

    }

  ],

  [

#!/usr/bin/env bash

function log_info() {

  >&2 echo -e "[\\e[1;94mINFO\\e[0m] $*"

}

function log_warn() {

  >&2 echo -e "[\\e[1;93mWARN\\e[0m] $*"

}

function log_error() {

  >&2 echo -e "[\\e[1;91mERROR\\e[0m] $*"

}

# check number of arguments

if [[ "$#" -lt 1 ]]; then

  log_error "Missing arguments"

  log_error "Usage: $0 <next version>"

  exit 1

fi

nextVer=$1

minorVer=${nextVer%\.[0-9]*}

majorVer=${nextVer%\.[0-9]*\.[0-9]*}

log_info "Creating minor version tag alias \\e[33;1m${minorVer}\\e[0m from $nextVer..."

git tag --force -a "$minorVer" "$nextVer" -m "Minor version alias (targets $nextVer)"

log_info "Creating major version tag alias \\e[33;1m${majorVer}\\e[0m from $nextVer..."

git tag --force -a "$majorVer" "$nextVer" -m "Major version alias (targets $nextVer)"

log_info "Pushing tags..."

git_base_url=$(echo "$CI_REPOSITORY_URL" | cut -d\@ -f2)

git_auth_url="https://token:${GITLAB_TOKEN}@${git_base_url}"

git push --tags --force "$git_auth_url"

{

  "$schema": "https://docs.renovatebot.com/renovate-schema.json",

  "extends": [

    "config:base"

    "config:base", 

    ":disableDependencyDashboard"

  ]

}

# program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth 

# Floor, Boston, MA  02110-1301, USA.

# =========================================================================================

# default workflow rules

workflow:

  rules:

    # exclude merge requests

    - if: $CI_MERGE_REQUEST_ID

      when: never

    - when: always

variables:

  # variabilized tracking image

  TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master"

  # Change pip's cache directory to be inside the project directory since we can

  # only cache local items.

  PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"

  PYTHON_REPOSITORY_USERNAME: 'gitlab-ci-token'

  PYTHON_REPOSITORY_PASSWORD: $CI_JOB_TOKEN

.python-scripts: &python-scripts |

  # BEGSCRIPT

  set -e

    # 3: Git commit, tag and push

    log_info "--- git push commit and tag..."

    git push "$git_auth_url" "$CI_BUILD_REF_NAME"

    git push "$git_auth_url" "$CI_COMMIT_REF_NAME"

    git push "$git_auth_url" --tags

    # 4: build new version distribution

    fi

  }

  function get_latest_template_version() {

    tag_json=$(wget -T 5 -q -O - "$CI_API_V4_URL/projects/to-be-continuous%2F$1/repository/tags?per_page=1" || echo "")

    echo "$tag_json" | sed -rn 's/^.*"name":"([^"]*)".*$/\1/p'

  }

  function check_for_update() {

    template="$1"

    actual="$2"

    latest=$(get_latest_template_version "$template")

    if [[ -n "$latest" ]] && [[ "$latest" != "$actual" ]]

    then

      log_warn "\\e[1;93m=======================================================================================================\\e[0m"

      log_warn "\\e[93mThe template \\e[32m$template\\e[93m:\\e[33m$actual\\e[93m you're using is not up-to-date: consider upgrading to version \\e[32m$latest\\e[0m"

      log_warn "\\e[93m(set \$TEMPLATE_CHECK_UPDATE_DISABLED to disable this message)\\e[0m"

      log_warn "\\e[1;93m=======================================================================================================\\e[0m"

    fi

  }

  if [[ "$TEMPLATE_CHECK_UPDATE_DISABLED" != "true" ]]; then check_for_update python "4.0.1"; fi

  unscope_variables

  # ENDSCRIPT

.python-base:

  image: $PYTHON_IMAGE

  services:

    - name: "$CI_REGISTRY/to-be-continuous/tools/tracking:master"

    - name: "$TBC_TRACKING_IMAGE"

      command: ["--service", "python", "4.0.1"]

  # Cache downloaded dependencies and plugins between builds.

  # To keep cache across branches add 'key: "$CI_JOB_NAME"'

    paths:

      - $PYTHON_PROJECT_DIR/dist/*

  rules:

    # exclude merge requests

    - if: $CI_MERGE_REQUEST_ID

      when: never

    - if: '$PYTHON_PACKAGE_ENABLED == "true"'

py-lint:

    paths:

      - $PYTHON_PROJECT_DIR/reports/

  rules:

    # exclude merge requests

    - if: $CI_MERGE_REQUEST_ID

    # exclude if $PYLINT_ENABLED not set

    - if: '$PYLINT_ENABLED != "true"'

      when: never

    # on production branch(es): if $PYLINT_ENABLED is set

    - if: '$PYLINT_ENABLED == "true" && $CI_COMMIT_REF_NAME =~ $PROD_REF'

    # on integration branch(es): if $PYLINT_ENABLED is set

    - if: '$PYLINT_ENABLED == "true" && $CI_COMMIT_REF_NAME =~ $INTEG_REF'

    # on non-production, non-integration branches, with $PYLINT_ENABLED set: auto & non-blocking

    - if: '$PYLINT_ENABLED == "true"'

    # on non-production, non-integration branches: manual & non-blocking

    - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF'

      when: manual

      allow_failure: true

    # else: manual & non-blocking

    - when: always

py-compile:

  extends: .python-base

    - install_requirements

    - _python -m compileall $PYTHON_COMPILE_ARGS

  rules:

    # exclude merge requests

    - if: $CI_MERGE_REQUEST_ID

      when: never

    # on any branch: only when none of supported unit test framework is enabled

    - if: '$UNITTEST_ENABLED != "true" && $PYTEST_ENABLED != "true" && $NOSETESTS_ENABLED != "true"'

    paths:

      - $PYTHON_PROJECT_DIR/reports/

  rules:

    # exclude merge requests

    - if: $CI_MERGE_REQUEST_ID

      when: never

    # on any branch: when $UNITTEST_ENABLED is set

    - if: '$UNITTEST_ENABLED == "true"'

    paths:

      - $PYTHON_PROJECT_DIR/reports/

  rules:

    # exclude merge requests

    - if: $CI_MERGE_REQUEST_ID

      when: never

    # on any branch: when $PYTEST_ENABLED is set

    - if: '$PYTEST_ENABLED == "true"'

    paths:

      - $PYTHON_PROJECT_DIR/reports/

  rules:

    # exclude merge requests

    - if: $CI_MERGE_REQUEST_ID

      when: never

    # on any branch: when $NOSETESTS_ENABLED is set

    - if: '$NOSETESTS_ENABLED == "true"'

    paths:

      - $PYTHON_PROJECT_DIR/reports/

  rules:

    # exclude merge requests

    - if: $CI_MERGE_REQUEST_ID

    # exclude if $BANDIT_ENABLED not set

    - if: '$BANDIT_ENABLED != "true"'

      when: never

    # on production branch(es): if $BANDIT_ENABLED is set

    - if: '$BANDIT_ENABLED == "true" && $CI_COMMIT_REF_NAME =~ $PROD_REF'

    # on integration branch(es): if $BANDIT_ENABLED is set

    - if: '$BANDIT_ENABLED == "true" && $CI_COMMIT_REF_NAME =~ $INTEG_REF'

    # on non-production, non-integration branches, with $BANDIT_ENABLED set: manual & non-blocking

    - if: '$BANDIT_ENABLED == "true"'

    # on non-production, non-integration branches: manual & non-blocking

    - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF'

      when: manual

      allow_failure: true

    # else: manual & non-blocking

    - when: always

# Safety (dependency check)

py-safety:

    paths:

      - $PYTHON_PROJECT_DIR/reports/

  rules:

    # exclude merge requests

    - if: $CI_MERGE_REQUEST_ID

    # exclude if $SAFETY_ENABLED not set

    - if: '$SAFETY_ENABLED != "true"'

      when: never

    # on production branch(es): if $SAFETY_ENABLED is set

    - if: '$SAFETY_ENABLED == "true" && $CI_COMMIT_REF_NAME =~ $PROD_REF'

    # on integration branch(es): if $SAFETY_ENABLED is set

    - if: '$SAFETY_ENABLED == "true" && $CI_COMMIT_REF_NAME =~ $INTEG_REF'

    # on non-production, non-integration branches, with $SAFETY_ENABLED set: manual & non-blocking

    - if: '$SAFETY_ENABLED == "true"'

    # on non-production, non-integration branches: manual & non-blocking

    - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF'

      when: manual

      allow_failure: true

    # else: manual & non-blocking

    - when: always

# Trivy (dependency check)

py-trivy:

    paths:

      - $PYTHON_PROJECT_DIR/reports/

  rules:

    # exclude merge requests

    - if: $CI_MERGE_REQUEST_ID

      when: never

    # on production branch(es): if $TRIVY_ENABLED is set

    # exclude if $PYTHON_TRIVY_ENABLED not set

    - if: '$PYTHON_TRIVY_ENABLED != "true"'

      when: never

    # on production or integration branches: auto

    - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'

    # on non-production, non-integration branches: manual & non-blocking

    - if: '$PYTHON_TRIVY_ENABLED == "true"' # useless but prevents GitLab warning

    - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF'

      when: manual

      allow_failure: true

    # else: manual & non-blocking

    - when: always

# (manual from master branch): triggers a release (tag creation)

py-release:

  script:

    - git config --global user.email "$GITLAB_USER_EMAIL"

    - git config --global user.name "$GITLAB_USER_LOGIN"

    - git checkout -B $CI_BUILD_REF_NAME

    - git checkout -B $CI_COMMIT_REF_NAME

    - configure_scm_auth

    - _release

  artifacts:

    paths:

      - $PYTHON_PROJECT_DIR/dist/*

  rules:

    # exclude merge requests

    - if: $CI_MERGE_REQUEST_ID

      when: never

    # exclude if $PYTHON_RELEASE_ENABLED not set

    - if: '$PYTHON_RELEASE_ENABLED != "true"'

      when: never

    # exclude on non-prod, non-integ branches

    - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF'

      when: never

    # else: manual

    - if: '$PYTHON_RELEASE_ENABLED == "true"' # useless but prevents GitLab warning

    # on production or integration branch: manual, non blocking

    - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'

      when: manual

      allow_failure: true