diff options
Diffstat (limited to 'lib/gitlab/ci/templates')
11 files changed, 70 insertions, 24 deletions
diff --git a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml index 6e2faf33a2f..fa1d8bec7e6 100644 --- a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml @@ -65,6 +65,10 @@ variables: DOCKER_TLS_CERTDIR: "" # https://gitlab.com/gitlab-org/gitlab-runner/issues/4501 + # License-Scanning job is removed from GitLab 16.3 + # This is the fix for https://gitlab.com/gitlab-org/gitlab/-/issues/422791 + LICENSE_MANAGEMENT_DISABLED: "true" + stages: - build - test diff --git a/lib/gitlab/ci/templates/Cosign.gitlab-ci.yml b/lib/gitlab/ci/templates/Cosign.gitlab-ci.yml new file mode 100644 index 00000000000..48c9422b469 --- /dev/null +++ b/lib/gitlab/ci/templates/Cosign.gitlab-ci.yml @@ -0,0 +1,22 @@ +# To contribute improvements to CI/CD templates, please follow the Development guide at: +# https://docs.gitlab.com/ee/development/cicd/templates.html +# This specific template is located at: +# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Cosign.gitlab-ci.yml + +# This template extends Docker.gitlab-ci.yml to sign the image with Cosign after building. +# This allows you to verify that an image was built by a trusted pipeline before running it. +# See https://docs.gitlab.com/ee/ci/yaml/signing_examples.html for more details. + +include: + template: Docker.gitlab-ci.yml + +docker-build: + variables: + COSIGN_YES: "true" # Used by Cosign to skip confirmation prompts for non-destructive operations + id_tokens: + SIGSTORE_ID_TOKEN: # Used by Cosign to get certificate from Fulcio + aud: sigstore + after_script: + - apk add --update cosign + - IMAGE_DIGEST="$(docker inspect --format='{{index .RepoDigests 0}}' "$DOCKER_IMAGE_NAME")" + - cosign sign "$IMAGE_DIGEST" diff --git a/lib/gitlab/ci/templates/Docker.gitlab-ci.yml b/lib/gitlab/ci/templates/Docker.gitlab-ci.yml index 8f5f0e2c451..1aa346aec67 100644 --- a/lib/gitlab/ci/templates/Docker.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Docker.gitlab-ci.yml @@ -15,21 +15,20 @@ docker-build: stage: build services: - docker:dind + variables: + DOCKER_IMAGE_NAME: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG before_script: - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY - # Default branch leaves tag empty (= latest tag) - # All other branches are tagged with the escaped branch name (commit ref slug) + # All branches are tagged with $DOCKER_IMAGE_NAME (defaults to commit ref slug) + # Default branch is also tagged with `latest` script: + - docker build --pull -t "$DOCKER_IMAGE_NAME" . + - docker push "$DOCKER_IMAGE_NAME" - | if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then - tag="" - echo "Running on default branch '$CI_DEFAULT_BRANCH': tag = 'latest'" - else - tag=":$CI_COMMIT_REF_SLUG" - echo "Running on branch '$CI_COMMIT_BRANCH': tag = $tag" + docker tag "$DOCKER_IMAGE_NAME" "$CI_REGISTRY_IMAGE:latest" + docker push "$CI_REGISTRY_IMAGE:latest" fi - - docker build --pull -t "$CI_REGISTRY_IMAGE${tag}" . - - docker push "$CI_REGISTRY_IMAGE${tag}" # Run this job in a branch where a Dockerfile exists rules: - if: $CI_COMMIT_BRANCH diff --git a/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml index c1aedbe1111..07bc3fbe795 100644 --- a/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - AUTO_BUILD_IMAGE_VERSION: 'v1.38.1' + AUTO_BUILD_IMAGE_VERSION: 'v1.41.0' build: stage: build diff --git a/lib/gitlab/ci/templates/Jobs/Build.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Build.latest.gitlab-ci.yml index c1aedbe1111..07bc3fbe795 100644 --- a/lib/gitlab/ci/templates/Jobs/Build.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Build.latest.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - AUTO_BUILD_IMAGE_VERSION: 'v1.38.1' + AUTO_BUILD_IMAGE_VERSION: 'v1.41.0' build: stage: build diff --git a/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml index 192d06bfa14..5cee19a746c 100644 --- a/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml @@ -40,6 +40,7 @@ container_scanning: reports: container_scanning: gl-container-scanning-report.json dependency_scanning: gl-dependency-scanning-report.json + cyclonedx: "**/gl-sbom-*.cdx.json" paths: [gl-container-scanning-report.json, gl-dependency-scanning-report.json, "**/gl-sbom-*.cdx.json"] dependencies: [] script: diff --git a/lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml index 9a4c75e7402..ade4be99f18 100644 --- a/lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml @@ -40,6 +40,7 @@ container_scanning: reports: container_scanning: gl-container-scanning-report.json dependency_scanning: gl-dependency-scanning-report.json + cyclonedx: "**/gl-sbom-*.cdx.json" paths: [gl-container-scanning-report.json, gl-dependency-scanning-report.json, "**/gl-sbom-*.cdx.json"] dependencies: [] script: diff --git a/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml index 7b2fb49b65e..e9ba938142d 100644 --- a/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - DAST_AUTO_DEPLOY_IMAGE_VERSION: 'v2.53.0' + DAST_AUTO_DEPLOY_IMAGE_VERSION: 'v2.56.0' .dast-auto-deploy: image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${DAST_AUTO_DEPLOY_IMAGE_VERSION}" diff --git a/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml index 1e482ccca82..eaaf171e4b5 100644 --- a/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - AUTO_DEPLOY_IMAGE_VERSION: 'v2.53.0' + AUTO_DEPLOY_IMAGE_VERSION: 'v2.56.0' .auto-deploy: image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}" diff --git a/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml index 6eac691b293..d2e448fb6a1 100644 --- a/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - AUTO_DEPLOY_IMAGE_VERSION: 'v2.53.0' + AUTO_DEPLOY_IMAGE_VERSION: 'v2.56.0' .auto-deploy: image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}" diff --git a/lib/gitlab/ci/templates/MATLAB.gitlab-ci.yml b/lib/gitlab/ci/templates/MATLAB.gitlab-ci.yml index 30767e66649..1468cf9c7c6 100644 --- a/lib/gitlab/ci/templates/MATLAB.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/MATLAB.gitlab-ci.yml @@ -3,17 +3,17 @@ # This specific template is located at: # https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/MATLAB.gitlab-ci.yml -# Use this template to run MATLAB and Simulink as part of your CI/CD pipeline. The template includes three jobs: +# Use this template to build and test your MATLAB project as part of your CI/CD pipeline. The template includes four jobs: # - `command`: Run MATLAB scripts, functions, and statements. # - `test`: Run tests authored using the MATLAB unit testing framework or Simulink Test. # - `test_artifacts`: Run MATLAB and Simulink tests, and generate test and coverage artifacts. +# - `build`: Run a build using the MATLAB build tool. # # The jobs in the template use the `matlab -batch` syntax to start MATLAB. The `-batch` option is supported # in MATLAB R2019a and later. # # You can copy and paste one or more jobs in this template into your `.gitlab-ci.yml` file. # You should not add this template to an existing `.gitlab-ci.yml` file by using the `include:` keyword. -# # Your runner must use the Docker executor to run MATLAB within a container. The [MATLAB Container on Docker Hub][1] # lets you run your build using MATLAB R2020b or a later release. If your build requires additional toolboxes, use a @@ -24,7 +24,7 @@ # [2] https://www.mathworks.com/help/cloudcenter/ug/create-a-custom-matlab-container.html # The jobs in this template incorporate the contents of a hidden `.matlab_defaults` job. You need to -# configure this job before running the `command`, `test`, and `test_artifacts` jobs. To configure the job: +# configure this job before running the `command`, `test`, `test_artifacts`, and `build` jobs. To configure the job: # - Specify the name of the MATLAB container image you want to use. # - Set the `MLM_LICENSE_FILE` environment variable using the port number and DNS address for your network license manager. # @@ -40,17 +40,17 @@ # command: extends: .matlab_defaults - script: matlab -batch mycommand + script: matlab -batch "mycommand" # If you specify more than one script, function, or statement, use a comma or semicolon to separate them. # For example, to run `myscript.m` in a folder named `myfolder` located in the root of the repository, -# you can specify `mycommand` like this: +# you can specify `"mycommand"` like this: # # "addpath('myfolder'), myscript" # # MATLAB exits with exit code 0 if the specified script, function, or statement executes successfully without # error. Otherwise, MATLAB terminates with a nonzero exit code, which causes the job to fail. To have the -# job fail in certain conditions, use the [`assert`][3] or [`error`][4] functions. +# job fail in certain conditions, use the [`assert`][3] or [`error`][4] function. # # [3] https://www.mathworks.com/help/matlab/ref/assert.html # [4] https://www.mathworks.com/help/matlab/ref/error.html @@ -62,7 +62,7 @@ test: extends: .matlab_defaults script: matlab -batch "results = runtests('IncludeSubfolders',true), assertSuccess(results);" -# By default, the job includes any files in your [MATLAB Project][7] that have a `Test` label. If your repository +# By default, the job includes any files in your [MATLAB project][7] that have a `Test` label. If your repository # does not have a MATLAB project, then the job includes all tests in the root of your repository or in any of # its subfolders. # @@ -71,9 +71,9 @@ test: # [7] https://www.mathworks.com/help/matlab/projects.html # The `test_artifacts` job runs your tests and additionally generates test and coverage artifacts. -# It uses the plugin classes in the [`matlab.unittest.plugins`][8] package to generate a JUnit test results -# report and a Cobertura code coverage report. Like the `test` job, this job runs all the tests in your -# project and fails the build if any of the tests fail. +# It uses the plugin classes in the [`matlab.unittest.plugins`][8] package to produce test results +# in JUnit-style XML format and code coverage results in Cobertura XML format. Like the `test` job, +# this job runs all the tests in your project and fails the build if any of the tests fail. # test_artifacts: extends: .matlab_defaults @@ -110,3 +110,22 @@ test_artifacts: # # [8] https://www.mathworks.com/help/matlab/ref/matlab.unittest.plugins-package.html # [9] https://www.mathworks.com/help/matlab/matlab_prog/generate-artifacts-using-matlab-unit-test-plugins.html + +# Starting in R2022b, the `build` job runs a build using the MATLAB build tool. You can use this job to run the +# tasks specified in a file named `buildfile.m` in the root of your repository. +# +build: + extends: .matlab_defaults + script: matlab -batch "buildtool" + +# The job executes the [`buildtool`][10] command to run a build using the default tasks in `buildfile.m` +# as well as all the tasks on which they depend. To run specific tasks instead, specify them as a space-separated +# list in the job. For example, to run the tasks named `task1` and `task2` and their dependencies, substitute +# `"buildtool"` with `"buildtool task1 task2"`. +# +# MATLAB exits with exit code 0 if the build runs successfully. Otherwise, MATLAB terminates with a nonzero +# exit code, which causes the job to fail. For more information about the MATLAB build tool, +# see [Create and Run Tasks Using Build Tool][11]. +# +# [10] https://www.mathworks.com/help/matlab/ref/buildtool.html +# [11] https://www.mathworks.com/help/matlab/matlab_prog/create-and-run-tasks-using-build-tool.html |