1. Create an issue describing the bug or enhancement you want to propose (select the right issue template).
2. Make sure the issue has been reviewed and agreed.
3. Create a Merge Request, from your **own** fork (see [forking workflow](https://docs.gitlab.com/ee/user/project/repository/forking_workflow.html) documentation).
3. Create a Merge Request, from your **own** fork (see [forking workflow](https://docs.gitlab.com/user/project/repository/forking_workflow/) documentation).
Don't hesitate to mark your MR as `Draft` as long as you think it's not ready to be reviewed.
| `$PYTHON_PROJECT_DIR/reports/py-ruff.native.json` | [JSON](https://docs.astral.sh/ruff/settings/#output-format) | [SonarQube integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/importing-external-issues/external-analyzer-reports/)<br/>_This report is generated only if SonarQube template is detected_ |
### `py-ruff-format` job
@@ -346,7 +346,7 @@ In addition to a textual report in the console, this job produces the following
@@ -391,7 +391,7 @@ This job is **disabled by default** and allows to perform a complete release of
1. increase the Python project version,
2. Git commit changes and create a Git tag with the new version number,
3. build the [Python packages](https://packaging.python.org/),
4. publish the built packages to a PyPI compatible repository ([GitLab packages](https://docs.gitlab.com/ee/user/packages/pypi_repository/) by default).
4. publish the built packages to a PyPI compatible repository ([GitLab packages](https://docs.gitlab.com/user/packages/pypi_repository/) by default).
The Python template supports three packaging systems:
@@ -416,7 +416,7 @@ When `py-release` job is enabled, `py-publish` job is automatically enabled too.
### `py-publish` job
This job is **disabled by default** and allow to publish the built packages to a PyPI compatible repository ([GitLab packages](https://docs.gitlab.com/ee/user/packages/pypi_repository/) by default.
This job is **disabled by default** and allow to publish the built packages to a PyPI compatible repository ([GitLab packages](https://docs.gitlab.com/user/packages/pypi_repository/) by default.
The Python template supports three packaging systems:
@@ -429,7 +429,7 @@ The publish job is bound to the `publish` stage, is executed on a Git tag matchi
| Input / Variable | Description | Default value |
@@ -479,9 +479,9 @@ You can either use a SSH key or user/password credentials.
##### Using a SSH key
We recommend you to use a [project deploy key](https://docs.gitlab.com/ee/user/project/deploy_keys/#project-deploy-keys) with write access to your project.
We recommend you to use a [project deploy key](https://docs.gitlab.com/user/project/deploy_keys/#project-deploy-keys) with write access to your project.
The key should not have a passphrase (see [how to generate a new SSH key pair](https://docs.gitlab.com/ee/user/ssh.html#generate-an-ssh-key-pair)).
The key should not have a passphrase (see [how to generate a new SSH key pair](https://docs.gitlab.com/user/ssh/#generate-an-ssh-key-pair)).
Specify :lock: `$GIT_PRIVATE_KEY` as secret project variable with the private part of the deploy key.
@@ -497,11 +497,11 @@ The template handles both classic variable and file variable.
Simply specify :lock: `$GIT_USERNAME` and :lock: `$GIT_PASSWORD` as secret project variables.
Note that the password should be an access token (preferably a [project](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html) or [group](https://docs.gitlab.com/ee/user/group/settings/group_access_tokens.html) access token) with `write_repository` scope and `Maintainer` role.
Note that the password should be an access token (preferably a [project](https://docs.gitlab.com/user/project/settings/project_access_tokens/) or [group](https://docs.gitlab.com/user/group/settings/group_access_tokens/) access token) with `write_repository` scope and `Maintainer` role.
#### Pip repositories
When depending on Python packages published in [GitLab's packages registry](https://docs.gitlab.com/ee/user/packages/pypi_repository/), it could be useful to configure a group level Package.
When depending on Python packages published in [GitLab's packages registry](https://docs.gitlab.com/user/packages/pypi_repository/), it could be useful to configure a group level Package.
But such repository will require an authenticated access.
To do so, simply set the `PIP_INDEX_URL` and use the CI job token.
@@ -541,7 +541,7 @@ In order to be able to communicate with the Vault server, the variant requires t
| :lock: `VAULT_ROLE_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | _none_ |
| :lock: `VAULT_SECRET_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID | _none_ |
By default, the variant will authentifacte using a [JWT ID token](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html). To use [AppRole](https://www.vaultproject.io/docs/auth/approle) instead the `VAULT_ROLE_ID` and `VAULT_SECRET_ID` should be defined as secret project variables.
By default, the variant will authentifacte using a [JWT ID token](https://docs.gitlab.com/ci/secrets/id_token_authentication/). To use [AppRole](https://www.vaultproject.io/docs/auth/approle) instead the `VAULT_ROLE_ID` and `VAULT_SECRET_ID` should be defined as secret project variables.
#### Usage
@@ -596,8 +596,8 @@ The variant requires the additional configuration parameters:
| Input / Variable | Description | Default value |
| `gcp-oidc-aud` / `GCP_OIDC_AUD` | The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/))_ | `$CI_SERVER_URL` |
| `gcp-oidc-provider` / `GCP_OIDC_PROVIDER` | Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) | _none_ |
| `gcp-oidc-aud` / `GCP_OIDC_AUD` | The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ci/cloud_services/google_cloud/))_ | `$CI_SERVER_URL` |
| `gcp-oidc-provider` / `GCP_OIDC_PROVIDER` | Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ci/cloud_services/google_cloud/) | _none_ |
| `gcp-oidc-account` / `GCP_OIDC_ACCOUNT` | Default Service Account to which impersonate with OpenID Connect authentication | _none_ |
#### Example
@@ -631,7 +631,7 @@ Most importantly, the variant sets the `pip global.index-url` to the CodeArtifac
The variant supports two authentication methods:
1.[federated authentication using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/)(**recommended method**),
1.[federated authentication using OpenID Connect](https://docs.gitlab.com/ci/cloud_services/aws/)(**recommended method**),
2. or basic authentication with AWS access key ID & secret access key.
:warning: when using this variant, you must have created the CodeArtifact repository.
@@ -650,7 +650,7 @@ The variant *requires* the additional configuration parameters:
##### OIDC authentication config
This is the recommended authentication method. In order to use it, first carefuly follow [GitLab's documentation](https://docs.gitlab.com/ee/ci/cloud_services/aws/),
This is the recommended authentication method. In order to use it, first carefuly follow [GitLab's documentation](https://docs.gitlab.com/ci/cloud_services/aws/),
then set the required configuration.
| Input / Variable | Description | Default value |
"description":"This job allows publishing the built packages to a PyPI compatible repository ([GitLab packages](https://docs.gitlab.com/ee/user/packages/pypi_repository/) by default.",
"description":"This job allows publishing the built packages to a PyPI compatible repository ([GitLab packages](https://docs.gitlab.com/user/packages/pypi_repository/) by default.",
"enable_with":"PYTHON_PUBLISH_ENABLED"
},
{
@@ -244,7 +244,7 @@
{
"name":"PYTHON_REPOSITORY_URL",
"type":"url",
"description":"Target PyPI repository to publish packages.\n\n_defaults to [GitLab project's packages repository](https://docs.gitlab.com/ee/user/packages/pypi_repository/)_",
"description":"Target PyPI repository to publish packages.\n\n_defaults to [GitLab project's packages repository](https://docs.gitlab.com/user/packages/pypi_repository/)_",
"description":"The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/))_",
"description":"The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ci/cloud_services/google_cloud/))_",
"default":"$CI_SERVER_URL",
"advanced":true
},
@@ -368,7 +368,7 @@
},
{
"name":"GCP_OIDC_PROVIDER",
"description":"Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/)"
"description":"Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ci/cloud_services/google_cloud/)"
}
]
},
@@ -390,13 +390,13 @@
},
{
"name":"AWS_OIDC_AUD",
"description":"The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/))_",
"description":"The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ci/cloud_services/aws/))_",
"default":"$CI_SERVER_URL",
"advanced":true
},
{
"name":"AWS_OIDC_ROLE_ARN",
"description":"Default IAM Role ARN associated with GitLab _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/))_"
"description":"Default IAM Role ARN associated with GitLab _(only required for [OIDC authentication](https://docs.gitlab.com/ci/cloud_services/aws/))_"
