Skip to content
Commits on Source (7)
......@@ -12,9 +12,9 @@ variables:
# These are versions used in the Renovate runner image
GL_COMMON_RENOVATE_GIT_VERSION: "2.46.0" # datasource=github-tags depName=git/git
GL_COMMON_RENOVATE_GOLANG_VERSION: "1.23.0" # datasource=golang-version depName=golang/go
GL_COMMON_RENOVATE_JB_VERSION: "0.5.1" # datasource=github-releases depName=jsonnet-bundler/jsonnet-bundler
GL_COMMON_RENOVATE_JB_VERSION: "0.6.0" # datasource=github-releases depName=jsonnet-bundler/jsonnet-bundler
GL_COMMON_RENOVATE_JSONNET_TOOL_VERSION: "1.15.7" # datasource=gitlab-releases depName=gitlab-com/gl-infra/jsonnet-tool
GL_COMMON_RENOVATE_NODEJS_VERSION: "20.16.0" # datasource=node depName=nodejs/node
GL_COMMON_RENOVATE_NODEJS_VERSION: "20.17.0" # datasource=node depName=nodejs/node
GL_COMMON_RENOVATE_RUBY_VERSION: "3.3.4" # datasource=ruby-version depName=ruby/ruby
GL_COMMON_RENOVATE_YARN_VERSION: "1.22.22" # datasource=github-tags depName=yarnpkg/yarn
GL_COMMON_RENOVATE_YQ_VERSION: "4.44.3" # datasource=github-releases depName=mikefarah/yq
......
......@@ -31,6 +31,6 @@ include:
# and that asdf and mise are generally working
# see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/asdf-tool-versions.md
- project: 'gitlab-com/gl-infra/common-ci-tasks'
ref: v2.31.0 # renovate:managed
ref: v2.32.0 # renovate:managed
file: asdf-tool-versions.yml
```
......@@ -6,7 +6,7 @@ spec:
validate_mise_tool_versions:
stage: $[[ inputs.stage ]]
image:
name: registry.gitlab.com/gitlab-com/gl-infra/common-ci-tasks/mise:v2.31.0
name: registry.gitlab.com/gitlab-com/gl-infra/common-ci-tasks/mise:v2.32.0
entrypoint: [""]
needs: []
script:
......
......@@ -25,6 +25,6 @@ include:
# Runs checkov on all terraform module directories
# see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/checkov.md
- project: 'gitlab-com/gl-infra/common-ci-tasks'
ref: v2.31.0 # renovate:managed
ref: v2.32.0 # renovate:managed
file: checkov.yml
```
......@@ -7,7 +7,7 @@ This can help to determine how much a container image has changed in size due to
```yaml
include:
- project: 'gitlab-com/gl-infra/common-ci-tasks'
ref: v2.31.0 # renovate:managed
ref: v2.32.0 # renovate:managed
file: 'container-diff.yml'
inputs:
job_name: container-diff # The name of the job this template will create
......
......@@ -13,7 +13,7 @@ variables:
include:
# Run Danger during merge requests to alert on messages, warnings and errors.
- project: 'gitlab-com/gl-infra/common-ci-tasks'
ref: v2.31.0 # renovate:managed
ref: v2.32.0 # renovate:managed
file: 'danger.yml'
# inputs:
# stage: defaults to `validate`
......
......@@ -21,7 +21,7 @@ include:
# Includes a base template for running an opinionated docker buildx build
# see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/docker.md
- project: 'gitlab-com/gl-infra/common-ci-tasks'
ref: v2.31.0 # renovate:managed
ref: v2.32.0 # renovate:managed
file: 'docker.yml'
.container_builds:
......@@ -72,7 +72,7 @@ logs:
```
------------------------------------------------------------
Verify this container image using:
cosign verify registry.gitlab.com/gitlab-com/gl-infra/common-ci-tasks/asdf:v2.31.0 \
cosign verify registry.gitlab.com/gitlab-com/gl-infra/common-ci-tasks/asdf:v2.32.0 \
--certificate-identity https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks//.gitlab-ci.yml@refs/tags/v1.2.3 \
--certificate-oidc-issuer https://gitlab.com
------------------------------------------------------------
......
......@@ -13,7 +13,7 @@ include:
# validate .editorconfig
# see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/editorconfig-check.md
- project: "gitlab-com/gl-infra/common-ci-tasks"
ref: v2.31.0 # renovate:managed
ref: v2.32.0 # renovate:managed
file: "editorconfig-check.yml"
```
......
......@@ -11,6 +11,6 @@ stages:
include:
# see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/gitlab-scanners.md
- project: 'gitlab-com/gl-infra/common-ci-tasks'
ref: v2.31.0 # renovate:managed
ref: v2.32.0 # renovate:managed
file: 'gitlab-scanners.yml'
```
......@@ -37,6 +37,6 @@ include:
# Ensure that all shell-scripts are formatted according to a
# standard canonical format
- project: 'gitlab-com/gl-infra/common-ci-tasks'
ref: v2.31.0 # renovate:managed
ref: v2.32.0 # renovate:managed
file: gitleaks.yml
```
......@@ -14,6 +14,6 @@ include:
# Runs gitlint on all terraform module directories
# see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/gitlint.md
- project: 'gitlab-com/gl-infra/common-ci-tasks'
ref: v2.31.0 # renovate:managed
ref: v2.32.0 # renovate:managed
file: gitlint.yml
```
......@@ -19,7 +19,7 @@ include:
# Perform `go mod tidy` and ensure that go.mod and go.sum are tidy.
# see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/go-mod-tidy.md
- project: 'gitlab-com/gl-infra/common-ci-tasks'
ref: v2.31.0 # renovate:managed
ref: v2.32.0 # renovate:managed
file: go-mod-tidy.yml
```
## A note on compatibility
......
......@@ -20,7 +20,7 @@ include:
# Runs Go unit tests
# see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/go-unittests.md
- project: 'gitlab-com/gl-infra/common-ci-tasks'
ref: v2.31.0 # renovate:managed
ref: v2.32.0 # renovate:managed
file: go-unittests.yml
```
......
......@@ -5,12 +5,21 @@ spec:
docker_hub_host:
default: docker.io
---
include:
- local: 'internal/go/caching.yml'
go_unittests:
image: $[[ inputs.docker_hub_host ]]/golang:${GL_ASDF_GOLANG_VERSION}
stage: $[[ inputs.stage ]]
needs: []
extends:
- .go-mod-cache
script:
- |
mkdir -p "${GOMODCACHE}"
echo "Cache size at start:"
du -h -d0 "${GOMODCACHE}"
- GOBIN=/usr/bin/ go install -v gotest.tools/gotestsum@latest || go get gotest.tools/gotestsum
- packages=$(go list ./...|grep -Ev "${GO_UNITTESTS_EXCLUDE_PACKAGES_REGEXP:-__ignored__}" || true)
- if [[ -n "$packages" ]]; then
......
......@@ -13,6 +13,6 @@ include:
# Runs golangci-lint on the project.
# see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/golangci-lint.md
- project: 'gitlab-com/gl-infra/common-ci-tasks'
ref: v2.31.0 # renovate:managed
ref: v2.32.0 # renovate:managed
file: 'golangci-lint.yml'
```
......@@ -102,7 +102,7 @@ include:
# build binary release artifacts with goreleaser
# see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/goreleaser.md
- project: 'gitlab-com/gl-infra/common-ci-tasks'
ref: v2.31.0 # renovate:managed
ref: v2.32.0 # renovate:managed
file: goreleaser.yml
```
......@@ -136,7 +136,7 @@ include:
# build binary release artifacts with goreleaser
# see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/goreleaser.md
- project: 'gitlab-com/gl-infra/common-ci-tasks'
ref: v2.31.0 # renovate:managed
ref: v2.32.0 # renovate:managed
file: goreleaser.yml
```
......
......@@ -19,6 +19,9 @@ include:
rules:
- if: '$VAULT_SECRETS_PATH != null && $VAULT_SECRETS_PATH != ""'
# Add caching for go modules
- local: 'internal/go/caching.yml'
.goreleaser_common:
variables:
COSIGN_YES: "true" # Used by Cosign to skip confirmation prompts for non-destructive operations
......@@ -28,7 +31,8 @@ include:
id_tokens:
SIGSTORE_ID_TOKEN: # Used by Cosign to get certificate from Fulcio
aud: sigstore
extends:
- .go-mod-cache
after_script:
- |
cat <<-EOD
......@@ -82,6 +86,11 @@ goreleaser_validate-fips:
needs: []
script:
# TODO: add prebaked images specifically containing cosign+git+golang
- |
mkdir -p "${GOMODCACHE}"
echo "Cache size at start:"
du -h -d0 "${GOMODCACHE}"
- apk add cosign git
- module_suffix=$( [[ "${GL_ASDF_GORELEASER_VERSION:0:1}" == "1" ]] && echo "" || echo "/v${GL_ASDF_GORELEASER_VERSION:0:1}" )
- go install github.com/goreleaser/goreleaser${module_suffix}@v${GL_ASDF_GORELEASER_VERSION}
......@@ -128,6 +137,10 @@ goreleaser:
- .goreleaser.yml
# See https://goreleaser.com/ci/gitlab/ for documentation
script: |
mkdir -p "${GOMODCACHE}"
echo "Cache size at start:"
du -h -d0 "${GOMODCACHE}"
docker run --rm --privileged \
-v $PWD:$PWD \
-w $PWD \
......@@ -135,6 +148,7 @@ goreleaser:
-e DOCKER_USERNAME -e DOCKER_PASSWORD -e DOCKER_REGISTRY \
-e GITLAB_TOKEN -e CI_REGISTRY_IMAGE \
-e CI_SERVER_URL \
-e GOMODCACHE \
-e GOLANG_VERSION=${GL_ASDF_GOLANG_VERSION} \
-e GOTOOLCHAIN=go${GL_ASDF_GOLANG_VERSION} \
-e COSIGN_YES \
......@@ -162,6 +176,11 @@ goreleaser-fips:
Running go-releaser in fips mode
EOD
mkdir -p /builds/shared
mkdir -p "${GOMODCACHE}"
echo "Cache size at start:"
du -h -d0 "${GOMODCACHE}"
cat > /builds/shared/docker-creds.json <<-EOF
{
"registries": [
......@@ -180,6 +199,7 @@ goreleaser-fips:
-v /builds/shared/docker-creds.json:/docker-creds.json \
-e GITLAB_TOKEN -e CI_REGISTRY_IMAGE \
-e CI_SERVER_URL \
-e GOMODCACHE \
-e DOCKER_CREDS_FILE=/docker-creds.json \
-e GOLANG_VERSION=${GL_ASDF_GOLANG_VERSION} \
-e GOTOOLCHAIN=go${GL_ASDF_GOLANG_VERSION} \
......
......@@ -10,7 +10,7 @@ include:
# Ensures that all terraform files are correctly formatted
# see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/hclfmt.md
- project: 'gitlab-com/gl-infra/common-ci-tasks'
ref: v2.31.0 # renovate:managed
ref: v2.32.0 # renovate:managed
file: hclfmt.yml
```
......
.go-mod-cache:
variables:
GOMODCACHE: $CI_PROJECT_DIR/.gomodcache
cache:
key:
files:
- go.sum
- go.mod
paths:
- ${GOMODCACHE}/
......@@ -19,6 +19,6 @@ include:
# canonical manner with sorted keys
# see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/jsonfmt.md
- project: "gitlab-com/gl-infra/common-ci-tasks"
ref: v2.31.0 # renovate:managed
ref: v2.32.0 # renovate:managed
file: jsonfmt.yml
```