From 17a0adb67c6b73127c0c95a6c9bec2daf79b34ba Mon Sep 17 00:00:00 2001 From: Dominik Kaminski Date: Tue, 18 Feb 2025 14:05:43 +0100 Subject: [PATCH] ci(gitlab): Add docs back to release and split ci file up --- .gitlab-ci.yml | 112 +------------------ .gitlab/lint/lint-common.yml | 16 ++- .gitlab/lint/lint-reuse.yml | 10 ++ .gitlab/release/release-common.yml | 8 ++ .gitlab/release/release-generate-version.yml | 11 ++ .gitlab/release/release-semantic.yml | 63 +++++++++++ .gitlab/renovate/renovate.yml | 19 ++++ 7 files changed, 132 insertions(+), 107 deletions(-) create mode 100644 .gitlab/lint/lint-reuse.yml create mode 100644 .gitlab/release/release-common.yml create mode 100644 .gitlab/release/release-generate-version.yml create mode 100644 .gitlab/release/release-semantic.yml create mode 100644 .gitlab/renovate/renovate.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3d6848f6..1a97f04b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -9,6 +9,12 @@ include: - "ci/common/lint.yml" - "ci/release-automation/semantic-release.yml" - local: "/.gitlab/generate/generate-docs.yml" + - local: "/.gitlab/renovate/renovate.yml" + - local: "/.gitlab/release/release-common.yml" + - local: "/.gitlab/release/release-generate-version.yml" + - local: "/.gitlab/release/release-semantic.yml" + - local: "/.gitlab/lint/lint-common.yml" + - local: "/.gitlab/lint/lint-reuse.yml" - project: "${PROJECT_PATH_CUSTOM_ENVIRONMENT_CONFIG}" file: "gitlab/environments.yaml" ref: "main" @@ -653,110 +659,4 @@ avscan-start: - artifact: "dynamic-scans.yml" job: "avscan-prepare" strategy: "depend" - -# Overwrite shared settings -.common-semantic-release: - image: "registry.opencode.de/bmi/opendesk/components/platform-development/images/semantic-release:1.1.0" - tags: [] - -conventional-commits-linter: - rules: - - if: > - $RUN_RENOVATE == "yes" || - $JOB_CONVENTIONAL_COMMITS_LINTER_ENABLED == 'false' || - $CI_PIPELINE_SOURCE =~ 'tags|merge_request_event' - when: "never" - - when: "always" - -common-yaml-linter: - rules: - - if: "$JOB_COMMON_YAML_LINTER_ENABLED == 'false' || $CI_PIPELINE_SOURCE =~ 'tags|web|merge_request_event'" - when: "never" - - when: "always" - -reuse-linter: - allow_failure: false - rules: - - if: "$JOB_REUSE_LINTER_ENABLED == 'false' || $CI_PIPELINE_SOURCE =~ 'tags|web|merge_request_event'" - when: "never" - - when: "always" - -generate-release-version: - rules: - - if: > - $JOB_RELEASE_ENABLED != 'false' && - $CI_COMMIT_BRANCH == $RELEASE_BRANCH && - $CI_PIPELINE_SOURCE =~ "push|merge_request_event" - when: "on_success" - -release: - rules: - - if: > - $JOB_AVSCAN_ENABLED != 'false' && - $CI_COMMIT_BRANCH == $RELEASE_BRANCH && - $CI_PIPELINE_SOURCE =~ "push|merge_request_event" - when: "on_success" - script: - - > - export RELEASE_VERSION=$(semantic-release --dry-run --branches $CI_COMMIT_REF_NAME --plugins - "@semantic-release/gitlab" | grep -oP "Published release [0-9]+\.[0-9]+\.[0-9]+ on" | - grep -oP "[0-9]+\.[0-9]+\.[0-9]+") - - | - if [ -z "${RELEASE_VERSION}" ]; then - echo "RELEASE_VERSION=$(git describe --tags --abbrev=0 | sed s@^v@@g )" - else - echo "RELEASE_VERSION=${RELEASE_VERSION}" - fi - - | - echo -e "\n[INFO] Writing data to helm value file..." - cat <helmfile/environments/default/global.generated.yaml.gotmpl - # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH - # SPDX-License-Identifier: Apache-2.0 - --- - global: - systemInformation: - releaseVersion: "v$(echo -E "$RELEASE_VERSION")" - ... - EOF - - | - cat << 'EOF' > ${CI_PROJECT_DIR}/.releaserc - { - "branches": ["main"], - "plugins": [ - "@semantic-release/gitlab", - "@semantic-release/release-notes-generator", - "@semantic-release/changelog", - ["@semantic-release/git", { - "assets": [ - "charts/**/Chart.yaml", - "CHANGELOG.md", - "charts/**/README.md", - "helmfile/environments/default/global.generated.yaml.gotmpl", - ".kyverno/kyverno-test.yaml", - "docs" - ], - "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}" - }] - ] - } - EOF - - "semantic-release" - needs: - - "generate-docs" - -renovate: - rules: - - if: > - $RUN_RENOVATE == "yes" - when: "on_success" - # The `-full` image does not install the dependencies on the fly, that is our preferred approach - image: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/renovate/renovate:37.356-full" - variables: - RENOVATE_CONFIG_FILE: "${CI_PROJECT_DIR}/.renovate/config.yaml" - RENOVATE_ENDPOINT: "${CI_API_V4_URL}" - # Increase the renovatebot log level on stdout - LOG_LEVEL: "DEBUG" - script: - - "renovate ${RENOVATE_EXTRA_FLAGS}" - stage: "renovate" ... diff --git a/.gitlab/lint/lint-common.yml b/.gitlab/lint/lint-common.yml index d1185789..a792bd24 100644 --- a/.gitlab/lint/lint-common.yml +++ b/.gitlab/lint/lint-common.yml @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2024 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +# SPDX-FileCopyrightText: 2024-2025 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0 --- include: @@ -8,4 +8,18 @@ include: extends: ".common" stage: "lint" +common-yaml-linter: + rules: + - if: "$JOB_COMMON_YAML_LINTER_ENABLED == 'false' || $CI_PIPELINE_SOURCE =~ 'tags|web|merge_request_event'" + when: "never" + - when: "always" + +conventional-commits-linter: + rules: + - if: > + $RUN_RENOVATE == "yes" || + $JOB_CONVENTIONAL_COMMITS_LINTER_ENABLED == 'false' || + $CI_PIPELINE_SOURCE =~ 'tags|merge_request_event' + when: "never" + - when: "always" ... diff --git a/.gitlab/lint/lint-reuse.yml b/.gitlab/lint/lint-reuse.yml new file mode 100644 index 00000000..64c42b0d --- /dev/null +++ b/.gitlab/lint/lint-reuse.yml @@ -0,0 +1,10 @@ +# SPDX-FileCopyrightText: 2025 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +# SPDX-License-Identifier: Apache-2.0 +--- +reuse-linter: + allow_failure: false + rules: + - if: "$JOB_REUSE_LINTER_ENABLED == 'false' || $CI_PIPELINE_SOURCE =~ 'tags|web|merge_request_event'" + when: "never" + - when: "always" +... diff --git a/.gitlab/release/release-common.yml b/.gitlab/release/release-common.yml new file mode 100644 index 00000000..a3ff477a --- /dev/null +++ b/.gitlab/release/release-common.yml @@ -0,0 +1,8 @@ +# SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +# SPDX-License-Identifier: Apache-2.0 +--- +# Overwrite shared settings +.common-semantic-release: + image: "registry.opencode.de/bmi/opendesk/components/platform-development/images/semantic-release:1.1.0" + tags: [] +... diff --git a/.gitlab/release/release-generate-version.yml b/.gitlab/release/release-generate-version.yml new file mode 100644 index 00000000..9bae3c02 --- /dev/null +++ b/.gitlab/release/release-generate-version.yml @@ -0,0 +1,11 @@ +# SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +# SPDX-License-Identifier: Apache-2.0 +--- +generate-release-version: + rules: + - if: > + $JOB_RELEASE_ENABLED != 'false' && + $CI_COMMIT_BRANCH == $RELEASE_BRANCH && + $CI_PIPELINE_SOURCE =~ "push|merge_request_event" + when: "on_success" +... diff --git a/.gitlab/release/release-semantic.yml b/.gitlab/release/release-semantic.yml new file mode 100644 index 00000000..df25e80c --- /dev/null +++ b/.gitlab/release/release-semantic.yml @@ -0,0 +1,63 @@ +# SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +# SPDX-License-Identifier: Apache-2.0 +--- +release: + cache: + - key: "generate-docs-${CI_COMMIT_REF_SLUG}" + paths: + - "${CI_PROJECT_DIR}/docs" + policy: "pull" + rules: + - if: > + $JOB_AVSCAN_ENABLED != 'false' && + $CI_COMMIT_BRANCH == $RELEASE_BRANCH && + $CI_PIPELINE_SOURCE =~ "push|merge_request_event" + when: "on_success" + script: + - > + export RELEASE_VERSION=$(semantic-release --dry-run --branches $CI_COMMIT_REF_NAME --plugins + "@semantic-release/gitlab" | grep -oP "Published release [0-9]+\.[0-9]+\.[0-9]+ on" | + grep -oP "[0-9]+\.[0-9]+\.[0-9]+") + - | + if [ -z "${RELEASE_VERSION}" ]; then + echo "RELEASE_VERSION=$(git describe --tags --abbrev=0 | sed s@^v@@g )" + else + echo "RELEASE_VERSION=${RELEASE_VERSION}" + fi + - | + echo -e "\n[INFO] Writing data to helm value file..." + cat <helmfile/environments/default/global.generated.yaml.gotmpl + # SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH + # SPDX-License-Identifier: Apache-2.0 + --- + global: + systemInformation: + releaseVersion: "v$(echo -E "$RELEASE_VERSION")" + ... + EOF + - | + cat << 'EOF' > ${CI_PROJECT_DIR}/.releaserc + { + "branches": ["main"], + "plugins": [ + "@semantic-release/gitlab", + "@semantic-release/release-notes-generator", + "@semantic-release/changelog", + ["@semantic-release/git", { + "assets": [ + "charts/**/Chart.yaml", + "CHANGELOG.md", + "charts/**/README.md", + "helmfile/environments/default/global.generated.yaml.gotmpl", + ".kyverno/kyverno-test.yaml", + "docs" + ], + "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}" + }] + ] + } + EOF + - "semantic-release" + needs: + - "generate-docs" +... diff --git a/.gitlab/renovate/renovate.yml b/.gitlab/renovate/renovate.yml new file mode 100644 index 00000000..e1d242fe --- /dev/null +++ b/.gitlab/renovate/renovate.yml @@ -0,0 +1,19 @@ +# SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +# SPDX-License-Identifier: Apache-2.0 +--- +renovate: + rules: + - if: > + $RUN_RENOVATE == "yes" + when: "on_success" + # The `-full` image does not install the dependencies on the fly, that is our preferred approach + image: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/renovate/renovate:37.356-full" + variables: + RENOVATE_CONFIG_FILE: "${CI_PROJECT_DIR}/.renovate/config.yaml" + RENOVATE_ENDPOINT: "${CI_API_V4_URL}" + # Increase the renovatebot log level on stdout + LOG_LEVEL: "DEBUG" + script: + - "renovate ${RENOVATE_EXTRA_FLAGS}" + stage: "renovate" +...