Merge branch 'init' into 'main'

include:

  # $TBC_NAMESPACE is a group variable; can be globally overridden

  # Docker template

  - component: "$CI_SERVER_FQDN/$TBC_NAMESPACE/docker/gitlab-ci-docker@8"

    inputs:

      healthcheck-disabled: true

      build-args: "--cache-ttl=6h"

      prod-publish-strategy: "auto"

      release-extra-tags: "latest \\g<major>.\\g<minor>\\g<build> \\g<major>\\g<build>"

      trivy-image: docker.io/aquasec/trivy@sha256:bcc376de8d77cfe086a917230e818dc9f8528e3c852f7b1aff648949b6258d1c

  # Python template

  - component: "$CI_SERVER_FQDN/$TBC_NAMESPACE/python/gitlab-ci-python@9"

    inputs:

      image: "docker.io/library/python:3.14-slim"

      ruff-enabled: true

      publish-enabled: true

  # semantic-release template

  - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/semantic-release/gitlab-ci-semrel@4

    inputs:

      # disable semrel for all synch'd repositories

      release-disabled: true

      auto-release-enabled: true

.test-scripts: &test-scripts |

  # BEGSCRIPT

  set -e

  function log_info() {

      echo -e "[\\e[1;94mINFO\\e[0m] $*"

  }

  function log_warn() {

      echo -e "[\\e[1;93mWARN\\e[0m] $*"

  }

  function log_error() {

      echo -e "[\\e[1;91mERROR\\e[0m] $*"

  }

  function fail() {

    log_error "$*"

    exit 1

  }

  function assert_eq() {

    local expected="$1"

    local actual="$2"

    local error_msg="$3"

    if [ "$expected" == "$actual" ]; then

      log_info "$expected == $actual"

      return 0

    else

      if [ -z "$error_msg" ]; then

        fail "$expected == $actual"

      else

        fail "$expected == $actual  msg: $error_msg"

      fi

      return 1

    fi

  }

  # ENDSCRIPT

.test-base:

  image: "docker.io/badouralix/curl-jq"

  stage: package-test

  variables:

    # TODO

  id_tokens:

    CI_JOB_JWT_V2:

      aud: "$CI_SERVER_URL"

  services:

    - name: "$DOCKER_SNAPSHOT_IMAGE"

      alias: "azure-auth-provider"

  before_script:

    - !reference [.test-scripts]

test-ping:

  extends: .test-base

  script:

    # test: ping responds pong

    - |

      response_status=`curl -s -o "resp.txt" -w "%{http_code}" http://azure-auth-provider/health`

      assert_eq "200" $response_status

      assert_eq "ok" $(cat resp.txt)

# test: get token with implicit TBC env detection fails if no TBC variables are set (error 400)

test-token-no-tbc-vars-fails:

  extends: .test-base

  variables:

    # TODO : set var

  script:

    - |

      response_status=$(curl -s -o "resp.txt" -w "%{http_code}" "http://azure-auth-provider/acr/auth/password")

      assert_eq "400" $response_status

# TODO : testing

---

default_install_hook_types:

  - pre-commit

  - commit-msg

repos:

  # See https://pre-commit.com/hooks.html

  - repo: https://github.com/pre-commit/pre-commit-hooks

    rev: v6.0.0

    hooks:

      - id: check-added-large-files

      - id: check-ast

      - id: check-case-conflict

      - id: check-executables-have-shebangs

      - id: check-json

      # - id: check-yaml

      - id: check-merge-conflict

      - id: debug-statements

      - id: detect-private-key

      - id: end-of-file-fixer

      - id: trailing-whitespace

        args: [ --markdown-linebreak-ext=md ]

      # - id: pretty-format-json

      #   args: [ --indent=4, --no-sort-keys, --autofix ]

  - repo: https://github.com/compilerla/conventional-pre-commit

    rev: v4.2.0

    hooks:

      - id: conventional-pre-commit

        name: conventional pre-commit

        stages:

          - commit-msg

  -   repo: https://github.com/python-poetry/poetry

    # Poetry version.

      rev: 2.1.4

      hooks:

      - id: poetry-check

      - id: poetry-lock

      # - id: poetry-export

      # - id: poetry-install

  - repo: https://github.com/astral-sh/ruff-pre-commit

    # Ruff version.

    rev: v0.12.8

    hooks:

      # Run the linter.

      - id: ruff-check

        args: [ --fix ]

      # Run the formatter.

      - id: ruff-format

plugins:

  - '@semantic-release/commit-analyzer'

  - '@semantic-release/release-notes-generator'

  - '@semantic-release/gitlab'

  # generates the CHANGELOG.md

  - '@semantic-release/changelog'

  # emulates bumpversion (replaces version in pyproject.toml)

  - - semantic-release-replace-plugin

    - replacements:

        - files:

            - pyproject.toml

          from:

            - ^version *= *"\d+\.\d+\.\d+"

          to: 'version = "${nextRelease.version}"'

          countMatches: true

  # git commit/push modified files (CHANGELOG.md & pyproject.toml)

  - - '@semantic-release/git'

    - assets:

        - '*.md'

        - '*.toml'

      # the commit MUST trigger a pipeline on tag (to perform publish jobs)

      # can be skipped on prod branch

      message: 'chore(semantic-release): release ${nextRelease.version} - [ci skip on prod]'

branches:

  - main

  - master

tagFormat: '${version}'

# Contributors guide

**Want to contribute? Great!**

We try to make it easy, and all contributions, even the smaller ones, are more than welcome.

This includes bug reports, fixes, documentation, examples...

But first, read this page (including the small print at the end).

Contributions are available on https://gitlab.com/to-be-continuous/tools/azure-auth-provider

## Legal

All original contributions to _to be continuous_ are licensed under the

[GNU Lesser General Public License](https://www.gnu.org/licenses/lgpl-3.0.html),

version 3.0 or later.

All contributions are subject to the [Developer Certificate of Origin](https://developercertificate.org/) (DCO).

The DCO is a lightweight way for contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project.

The DCO text is also included verbatim in the [DCO.txt](DCO.txt) file in the root directory of the repository.

Contributors **must** _sign-off_ that they adhere to these requirements by adding a `Signed-off-by` line to commit messages, as shown below:

```text

This is the commit message

Signed-off-by: John Dev <john.dev@developer.example.org>

```

Git has a handy [`-s` command line option](https://git-scm.com/docs/git-commit#Documentation/git-commit.txt---signoff) to append this automatically to your commit message:

```bash

$ git commit -s -m 'This is the commit message'

```

## Reporting an issue

This project uses GitLab issues to manage the issues.

Before creating an issue:

1. upgrade your project to the latest released template version, and check whether your bug is still present,

2. have a look in the opened issues if your problem is already known/tracked, and possibly contribute to the thread with your own information.

If none of the above was met, open an issue directly in GitLab, select the appropriate issue template and fill-in each section when applicable.

## Submitting a code change

### Git Setup

Before contributing, make sure you have set up your Git authorship correctly:

```bash

git config --global user.name "Your Full Name"

git config --global user.email your.email@example.com

```

### Workflow

All submissions, including submissions by project members, need to be reviewed before being merged.

To contribute:

1. Create an issue describing the bug or enhancement you want to propose (select the right issue template).

2. Make sure the issue has been reviewed and agreed.

3. Create a Merge Request, from your **own** fork (see [forking workflow](https://docs.gitlab.com/user/project/repository/forking_workflow/) documentation).

   Don't hesitate to mark your MR as `Draft` as long as you think it's not ready to be reviewed.

### Git Commit Conventions

In addition to being signed-off according the [Developer Certificate of Origin](https://developercertificate.org/) (see above),

Git commits in _to be continuous_ shall be:

1. **atomic** (1 commit `=` 1 and only 1 _thing_),

2. **semantic** (using [semantic-release commit message syntax](https://semantic-release.gitbook.io/semantic-release/#commit-message-format)).

You'll find extensive information about Git commit conventions on the [reference documentation website](https://to-be-continuous.gitlab.io/doc/dev/workflow/#git-commit-guidelines).

### Coding Guidelines

The extensive _to be continuous_ coding guidelines can be found on the [reference documentation website](https://to-be-continuous.gitlab.io/doc/dev/guidelines/).

Developer Certificate of Origin

Version 1.1

Copyright (C) 2004, 2006 The Linux Foundation and its contributors.

1 Letterman Drive

Suite D4700

San Francisco, CA, 94129

Everyone is permitted to copy and distribute verbatim copies of this

license document, but changing it is not allowed.

Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I

    have the right to submit it under the open source license

    indicated in the file; or

(b) The contribution is based upon previous work that, to the best

    of my knowledge, is covered under an appropriate open source

    license and I have the right under that license to submit that

    work with modifications, whether created in whole or in part

    by me, under the same open source license (unless I am

    permitted to submit under a different license), as indicated

    in the file; or

(c) The contribution was provided directly to me by some other

    person who certified (a), (b) or (c) and I have not modified

    it.

(d) I understand and agree that this project and the contribution

    are public and that a record of the contribution (including all

    personal information I submit with it, including my sign-off) is

    maintained indefinitely and may be redistributed consistent with

    this project or the open source license(s) involved.