2022-10-21 17:21:38 +00:00
# run the pipeline only on MRs, tags, and default branch
2020-10-25 17:10:44 +00:00
workflow :
rules :
2022-10-21 17:21:38 +00:00
- if : $CI_PIPELINE_SOURCE == "merge_request_event"
- if : $CI_COMMIT_TAG
- if : $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
2020-10-25 17:10:44 +00:00
default :
2022-06-09 08:16:10 +00:00
image : golang:1.18
2020-10-25 17:10:44 +00:00
2022-07-13 17:06:30 +00:00
stages :
2022-10-28 19:55:09 +00:00
- documentation
2022-07-13 17:06:30 +00:00
- test
- release
2020-10-25 17:10:44 +00:00
variables :
2022-06-06 18:39:19 +00:00
SAST_EXCLUDED_ANALYZERS : "bandit,gosec,eslint"
2020-10-25 17:10:44 +00:00
include :
- template : Security/SAST.gitlab-ci.yml
- template : Security/Dependency-Scanning.gitlab-ci.yml
2022-07-27 14:22:00 +00:00
- template : Security/Secret-Detection.gitlab-ci.yml
2020-10-25 17:10:44 +00:00
2022-10-04 19:30:12 +00:00
# From: https://docs.gitlab.com/ee/ci/caching/#cache-go-dependencies
.go-cache :
variables :
GOPATH : $CI_PROJECT_DIR/.go
before_script :
- mkdir -p .go
cache :
paths :
- .go/pkg/mod/
2022-10-28 18:13:35 +00:00
2022-10-28 19:55:09 +00:00
.documentation :
stage : documentation
2022-10-28 19:47:50 +00:00
rules :
- if : $CI_PIPELINE_SOURCE == "merge_request_event"
2022-10-28 19:55:09 +00:00
check_docs_update :
extends : .documentation
2022-10-28 18:13:35 +00:00
script :
- git fetch origin $CI_MERGE_REQUEST_TARGET_BRANCH_NAME && git checkout $CI_MERGE_REQUEST_TARGET_BRANCH_NAME && git checkout $CI_COMMIT_SHA
- go run cmd/gen-docs/docs.go
- |-
2022-11-09 17:09:14 +00:00
git status
2022-10-28 18:13:35 +00:00
if [[ $(git add -A --dry-run) ]]; then
echo '✖ ERROR : Documentation changes detected!';
echo '✖ These changes require a documentation update. To regenerate the docs, read https://gitlab.com/gitlab-org/cli/-/tree/main/docs#generating-the-docs.';
exit 1;
else
echo '✔ No documentation updates detected.';
exit 0;
fi
2022-10-21 14:38:48 +00:00
check_docs_markdown :
image : registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.16-vale-2.20.1-markdownlint-0.32.2
2022-10-28 19:55:09 +00:00
extends : .documentation
2022-10-21 14:38:48 +00:00
script :
# Lint prose
- vale --minAlertLevel error docs README.md
# Lint Markdown
- markdownlint --config .markdownlint.yml 'docs/**/*.md' README.md
2022-10-04 19:30:12 +00:00
2022-10-21 20:02:28 +00:00
lint_commit :
stage : test
image : node:16-slim
script :
- apt-get update && apt-get install -y git
- git fetch origin $CI_MERGE_REQUEST_TARGET_BRANCH_NAME && git checkout $CI_MERGE_REQUEST_TARGET_BRANCH_NAME && git checkout $CI_COMMIT_SHA
- cd scripts/commit-lint && npm ci
- node lint.js
rules :
- if : '$CI_MERGE_REQUEST_IID && $CI_PROJECT_VISIBILITY == "public"' # lint.js script makes an API call without authentication
when : always
2020-10-25 17:10:44 +00:00
code_navigation :
2022-07-13 17:06:30 +00:00
stage : test
2020-10-25 17:10:44 +00:00
image : golang:latest
allow_failure : true
script :
2022-08-01 18:17:12 +00:00
- go install github.com/sourcegraph/lsif-go/cmd/lsif-go@latest
2020-10-25 17:10:44 +00:00
- lsif-go
artifacts :
reports :
lsif : dump.lsif
2022-06-09 08:16:10 +00:00
run_tests :
2022-07-13 17:06:30 +00:00
stage : test
2022-10-04 19:30:12 +00:00
extends : .go-cache
2022-06-09 08:16:10 +00:00
before_script :
## Adding private SSH key to the executor, more information: https://docs.gitlab.com/ee/ci/ssh_keys/#ssh-keys-when-using-the-docker-executor
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- ssh-keyscan gitlab.com >> ~/.ssh/known_hosts
- chmod 600 ~/.ssh/known_hosts
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
script :
2022-07-13 17:06:30 +00:00
# `goreleaser` also uses GITLAB_TOKEN and so we need to distinguish between
# the GITLAB_TOKEN_TEST with less privilege used for testing and the GITLAB_TOKEN_RELEASE token
- GITLAB_TOKEN=$GITLAB_TOKEN_TEST make test
2022-10-04 19:30:12 +00:00
coverage: '/coverage : \d+.\d+% of statements/'
artifacts :
2022-10-21 20:02:28 +00:00
reports :
junit : coverage.xml
2022-07-27 14:22:00 +00:00
secret_detection :
rules :
- if : $SECRET_DETECTION_DISABLED
when : never
- if : '$CI_MERGE_REQUEST_IID'
- if : $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
needs : [ ]
dependencies : [ ] # Don't download artifacts, especially `./public/`
2022-07-13 17:06:30 +00:00
.release :
stage : release
image : docker:stable
services :
- docker:dind
variables :
# Disable shallow cloning so that goreleaser can diff between tags to
# generate a changelog.
GIT_DEPTH : 0
release_test :
extends : .release
2022-10-28 18:13:35 +00:00
rules :
- if : $CI_COMMIT_TAG
when : never
- if : $CI_PIPELINE_SOURCE == "merge_request_event"
- if : $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
2022-07-13 17:06:30 +00:00
script : |
docker run --rm --privileged \
-v $PWD:/go/src/gitlab.com/gitlab-org/cli \
-w /go/src/gitlab.com/gitlab-org/cli \
-v /var/run/docker.sock:/var/run/docker.sock \
goreleaser/goreleaser release --snapshot --rm-dist
release :
extends : .release
2022-10-28 18:13:35 +00:00
rules :
- if : $CI_COMMIT_TAG
2022-07-13 17:06:30 +00:00
variables :
DOCKER_REGISTRY : $CI_REGISTRY
DOCKER_USERNAME : $CI_REGISTRY_USER
DOCKER_PASSWORD : $CI_REGISTRY_PASSWORD
script : |
docker run --rm --privileged \
-v $PWD:/go/src/gitlab.com/gitlab-org/cli \
-w /go/src/gitlab.com/gitlab-org/cli \
-v /var/run/docker.sock:/var/run/docker.sock \
-e DOCKER_USERNAME -e DOCKER_PASSWORD -e DOCKER_REGISTRY \
-e GITLAB_TOKEN=$GITLAB_TOKEN_RELEASE \
goreleaser/goreleaser release