Commit 3d17733e authored by Cédric OLIVIER's avatar Cédric OLIVIER
Browse files

Merge branch 'feat/component' into 'master' 

feat: migrate to CI/CD component

See merge request to-be-continuous/semantic-release!47
parents f5bb796d 4ff79966

.gitlab-ci.yml

+1 −1
Original line number Diff line number Diff line
@@ -10,7 +10,7 @@ include: 
    file: '/templates/validation.yml'

  - project: 'to-be-continuous/bash'

    ref: '3.3'

    file: 'templates/gitlab-ci-bash.yml'

    file: '/templates/gitlab-ci-bash.yml'

  - local: "templates/gitlab-ci-semrel.yml"



stages:

README.md

+55 −37
Original line number Diff line number Diff line
@@ -11,29 +11,51 @@ This project implements a GitLab CI/CD template to automate your versioning and 


## Usage



In order to include this template in your project, add the following to your `gitlab-ci.yml`:

This template can be used both as a [CI/CD component](https://docs.gitlab.com/ee/ci/components/#use-a-component-in-a-cicd-configuration) or using the legacy [`include:project`](https://docs.gitlab.com/ee/ci/yaml/index.html#includeproject) syntax.



### Use as a CI/CD component



Add the following to your `gitlab-ci.yml`:



```yaml

include:

  # 1: include the component

  - component: gitlab.com/to-be-continuous/semantic-release/gitlab-ci-semrel@3.7.1

    # 2: set/override component inputs

    inputs:

      changelog-enabled: true # ⚠ this is only an example

```



### Use as a CI/CD template (legacy)



Add the following to your `gitlab-ci.yml`:



```yaml

include:

  # 1: include the template

  - project: 'to-be-continuous/semantic-release'

    ref: '3.7.1'

    file: '/templates/gitlab-ci-semrel.yml'



variables:

  # 2: set/override template variables

  SEMREL_CHANGELOG_ENABLED: "true" # ⚠ this is only an example

```



## Global configuration



The semantic-release template uses some global configuration used throughout all jobs.



| Name                  | Description                                   | Default value     |

| Input / Variable | Description                                   | Default value     |

| --------------------- | --------------------------------------------- | ----------------- |

| `SEMREL_IMAGE`        | The Docker image used to run semantic-release | `registry.hub.docker.com/library/node:latest` |

| `SEMREL_VERSION`      | The [semantic-release](https://www.npmjs.com/package/semantic-release) version to use | `latest` |

| `SEMREL_EXEC_VERSION` | The [@semantic-release/exec](https://www.npmjs.com/package/@semantic-release/exec) version to use | `latest` |

| `image` / `SEMREL_IMAGE` | The Docker image used to run semantic-release | `registry.hub.docker.com/library/node:latest` |

| `version` / `SEMREL_VERSION` | The [semantic-release](https://www.npmjs.com/package/semantic-release) version to use | `latest` |

| `exec-version` / `SEMREL_EXEC_VERSION` | The [@semantic-release/exec](https://www.npmjs.com/package/@semantic-release/exec) version to use | `latest` |

| :lock: `GITLAB_TOKEN` | A GitLab [project access token](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html) or [personal access token](https://docs.gitlab.com/ce/user/profile/personal_access_tokens.html) with `api`, `read_repository` and `write repository` scopes. :warning: This variable is **mandatory** and [defined by `semantic-release`](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/ci-configuration.md#push-access-to-the-remote-repository) itself. | _none_ |

| `GIT_AUTHOR_EMAIL` | A Git author email address associated with the `GITLAB_TOKEN` [bot user](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#bot-users-for-projects). This is [defined by `semantic-release`](https://semantic-release.gitbook.io/semantic-release/usage/configuration#git-environment-variables) itself, and **required if** the [verify-user push rules](https://docs.gitlab.com/ee/user/project/repository/push_rules.html#verify-users) enabled for the project | _none_ |

| `GIT_COMMITTER_EMAIL` | A Git committer email address associated with the `GITLAB_TOKEN` [bot user](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#bot-users-for-projects). This is [defined by `semantic-release`](https://semantic-release.gitbook.io/semantic-release/usage/configuration#git-environment-variables) itself, and **required if** the [verify-user push rules](https://docs.gitlab.com/ee/user/project/repository/push_rules.html#verify-users) enabled for the project | _none_ |

| `SEMREL_CONFIG_DIR`        |  directory containing your [semantic-release configuration](https://semantic-release.gitbook.io/semantic-release/usage/configuration#configuration-file) | `.` |

| `SEMREL_REQUIRED_PLUGINS_FILE`        | An optional file for additional npm packages to install | `semrel-required-plugins.txt` |

| :lock: `GIT_AUTHOR_EMAIL` | A Git author email address associated with the `GITLAB_TOKEN` [bot user](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#bot-users-for-projects). This is [defined by `semantic-release`](https://semantic-release.gitbook.io/semantic-release/usage/configuration#git-environment-variables) itself, and **required if** the [verify-user push rules](https://docs.gitlab.com/ee/user/project/repository/push_rules.html#verify-users) enabled for the project | _none_ |

| :lock: `GIT_COMMITTER_EMAIL` | A Git committer email address associated with the `GITLAB_TOKEN` [bot user](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#bot-users-for-projects). This is [defined by `semantic-release`](https://semantic-release.gitbook.io/semantic-release/usage/configuration#git-environment-variables) itself, and **required if** the [verify-user push rules](https://docs.gitlab.com/ee/user/project/repository/push_rules.html#verify-users) enabled for the project | _none_ |

| `config-dir` / `SEMREL_CONFIG_DIR` |  directory containing your [semantic-release configuration](https://semantic-release.gitbook.io/semantic-release/usage/configuration#configuration-file) | `.` |

| `required-plugins-file` / `SEMREL_REQUIRED_PLUGINS_FILE` | An optional file for additional npm packages to install | `semrel-required-plugins.txt` |



Jobs will extract required plugin packages from discovered configuration. If your configuration needs additional packages, add them, one per line, to `SEMREL_REQUIRED_PLUGINS_FILE` file. Each line must be a valid `npm install` package argument.
@@ -63,17 +85,17 @@ If no configuration is found, the template will generate one with the following 


As specified in the previous chapter, these variables are only used to generated a `.releaserc` when no configuration is found in the repository.



| Name                          | Description                                            | Default value |

| Input / Variable | Description                                            | Default value |

| ------------------------------| ------------------------------------------------------ | ------------- |

| `SEMREL_CHANGELOG_ENABLED`    | Add the [@semantic-release/changelog](https://github.com/semantic-release/changelog) plugin which will commit a changelog file in the repository if set to `true`. | _none_ |

| `SEMREL_CHANGELOG_FILE`    | [changelogFile @semantic-release/changelog option](https://github.com/semantic-release/changelog#options). | _none_ (use the plugin default value which is `CHANGELOG.md`). |

| `SEMREL_CHANGELOG_TITLE`   | [changelogTitle @semantic-release/changelog option](https://github.com/semantic-release/changelog#options). You might want to use markdown format (for example `# MyApp Changelog`). | _none_ |

| `SEMREL_DRY_RUN`              | Activate the [dryRun semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#dryrun) if present. | _none_ |

| `SEMREL_AUTO_RELEASE_ENABLED` | When set to `true` the job start automatically. When not set (default), the job is manual. | _none_ |

| `SEMREL_TAG_FORMAT`           | [tagFormat semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#tagformat). :warning: don't forget to double the `$` character so it is not interpreted by GitLab.                   | `$${version}` |

| `SEMREL_HOOKS_DIR`             | [Hook scripts](#hook_scripts) folder. | `.` |

| `SEMREL_COMMIT_MESSAGE`        | Add a custom commit message based on [semantic-release/git option](https://github.com/semantic-release/git#message). | _none_ (uses semantic-release default commit message) |

| `SEMREL_RELEASE_DISABLED`      | Disable this job. | _none_ |

| `changelog-enabled` / `SEMREL_CHANGELOG_ENABLED` | Add the [@semantic-release/changelog](https://github.com/semantic-release/changelog) plugin which will commit a changelog file in the repository if set to `true`. | _none_ |

| `changelog-file` / `SEMREL_CHANGELOG_FILE` | [changelogFile @semantic-release/changelog option](https://github.com/semantic-release/changelog#options). | _none_ (use the plugin default value which is `CHANGELOG.md`). |

| `changelog-title` / `SEMREL_CHANGELOG_TITLE` | [changelogTitle @semantic-release/changelog option](https://github.com/semantic-release/changelog#options). You might want to use markdown format (for example `# MyApp Changelog`). | _none_ |

| `dry-run` / `SEMREL_DRY_RUN` | Activate the [dryRun semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#dryrun) if present. | _none_ |

| `auto-release-enabled` / `SEMREL_AUTO_RELEASE_ENABLED` | When set to `true` the job start automatically. When not set (default), the job is manual. | _none_ |

| `tag-format` / `SEMREL_TAG_FORMAT` | [tagFormat semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#tagformat). :warning: don't forget to double the `$` character so it is not interpreted by GitLab.                   | `$${version}` |

| `hooks-dir` / `SEMREL_HOOKS_DIR` | [Hook scripts](#hook_scripts) folder. | `.` |

| `commit-message` / `SEMREL_COMMIT_MESSAGE` | Add a custom commit message based on [semantic-release/git option](https://github.com/semantic-release/git#message). | _none_ (uses semantic-release default commit message) |

| `release-disabled` / `SEMREL_RELEASE_DISABLED` | Disable this job. | _none_ |



#### Hook scripts
@@ -141,7 +163,7 @@ For an introduction on commit signing, see [GitLab documentation](https://docs.g 


To make semantic-release sign its commits, use the following variable.



| Name                 | Description                                                              | Default value |

| Input / Variable | Description                                                              | Default value |

| ---------------------| ------------------------------------------------------------------------ | ------------- |

| :lock: `SEMREL_GPG_SIGNKEY` | Path to the GPG signkey exported with `gpg --armor --export-secret-key`<br/>:warning: Declare as a masked [project variable of File type](https://docs.gitlab.com/ee/ci/variables/#cicd-variable-types). | _none_        |
@@ -176,7 +198,6 @@ Here are some advices about your **secrets** (variables marked with a :lock:): 
3. Don't forget to escape special characters (ex: `$` -> `$$`).

4. You can also manage secrets using Vault variant





## Variants



The Docker template can be used in conjunction with template variants to cover specific cases.
@@ -189,11 +210,11 @@ This variant allows delegating your secrets management to a [Vault](https://www. 


In order to be able to communicate with the Vault server, the variant requires the additional configuration parameters:



| Name              | Description                            | Default value     |

| Input / Variable | Description                            | Default value     |

| ----------------- | -------------------------------------- | ----------------- |

| `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master` |

| `VAULT_BASE_URL`  | The Vault server base API url          | _none_ |

| `VAULT_OIDC_AUD`  | The `aud` claim for the JWT | `$CI_SERVER_URL` |

| `vault-base-url` / `VAULT_BASE_URL` | The Vault server base API url          | _none_ |

| `vault-oidc-aud` / `VAULT_OIDC_AUD` | The `aud` claim for the JWT | `$CI_SERVER_URL` |

| :lock: `VAULT_ROLE_ID`   | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | **must be defined** |

| :lock: `VAULT_SECRET_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID | **must be defined** |
@@ -207,7 +228,7 @@ Then you may retrieve any of your secret(s) from Vault using the following synta 


With:



| Name                             | Description                            |

| Parameter                        | Description                            |

| -------------------------------- | -------------------------------------- |

| `secret_path` (_path parameter_) | this is your secret location in the Vault server |

| `field` (_query parameter_)      | parameter to access a single basic field from the secret JSON payload |
@@ -217,19 +238,16 @@ With: 
```yaml

include:

  # main template

  - project: 'to-be-continuous/semantic-release'

    ref: '3.7.1'

    file: '/templates/gitlab-ci-semrel.yml'

  - component: gitlab.com/to-be-continuous/semantic-release/gitlab-ci-semrel@3.7.1

  # Vault variant

  - project: 'to-be-continuous/semantic-release'

    ref: '3.7.1'

    file: '/templates/gitlab-ci-semrel-vault.yml'

  - component: gitlab.com/to-be-continuous/semantic-release/gitlab-ci-semrel-vault@3.7.1

    inputs:

      vault-base-url: "https://vault.acme.host/v1"

      # audience claim for JWT

      vault-oidc-aud: "https://vault.acme.host"



variables:

    # audience claim for JWT

    VAULT_OIDC_AUD: "https://vault.acme.host"

  # Secrets managed by Vault

  GITLAB_TOKEN: "@url@http://vault-secrets-provider/api/secrets/b7ecb6ebabc231/semantic-release/token?field=group-access-token"

    VAULT_BASE_URL: "https://vault.acme.host/v1"

  # $VAULT_ROLE_ID and $VAULT_SECRET_ID defined as a secret CI/CD variable

```

bumpversion.sh

+2 −2
Original line number Diff line number Diff line
@@ -27,13 +27,13 @@ if [[ "$curVer" ]]; then 
  log_info "Bump version from \\e[33;1m${curVer}\\e[0m to \\e[33;1m${nextVer}\\e[0m (release type: $relType)..."



  # replace in README

  sed -e "s/ref: '$curVer'/ref: '$nextVer'/" README.md > README.md.next

  sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\”/ref: \”$nextVer\”/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next

  mv -f README.md.next README.md



  # replace in template and variants

  for tmpl in templates/*.yml

  do

    sed -e "s/\"$curVer\"/\"$nextVer\"/" "$tmpl" > "$tmpl.next"

    sed -e "s/command: *\[\"--service\", \"\(.*\)\", \"$curVer\"\]/command: [\"--service\", \"\1\", \"$nextVer\"]/" "$tmpl" > "$tmpl.next"

    mv -f "$tmpl.next" "$tmpl"

  done

else

kicker.json

+2 −0
Original line number Diff line number Diff line
@@ -3,6 +3,8 @@ 
  "description": "Automate your versioning and release management with [semantic-release](https://github.com/semantic-release/semantic-release)",

  "template_path": "templates/gitlab-ci-semrel.yml",

  "kind": "publish",

  "prefix": "semrel",

  "is_component": true,

  "variables": [

    {

      "name": "SEMREL_IMAGE",

logo.png

−8.36 KiB (23.4 KiB)
Loading image diff...