.gitlab-ci.yml

 stages: [build, test, release]
 
+default:
+  interruptible: true
+
 variables:
   # Performs an error check after each Bash script command is executed, and exits if the previously executed command returned a non-zero exit code
   # https://gitlab.com/gitlab-org/gitlab-runner/-/merge_requests/2671
   FF_ENABLE_BASH_EXIT_CODE_CHECK: "true"
+  CHANGELOG_FILE: "changelog.md"
+
+.release-rules:
+  rules:
+    - if: $CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+$/
+
+generate-changelog:
+  extends: .release-rules
+  stage: release
+  image:
+    name: "gitlab/glab"
+    entrypoint: [""]
+  script:
+    - glab changelog generate --version "${CI_COMMIT_TAG}" > "${CHANGELOG_FILE}"
+  artifacts:
+    paths:
+      - "${CHANGELOG_FILE}"
 
 # If the pipeline is for a new tag with a semantic version, and all previous jobs succeed,
 # create the release.
 create-release:
+  extends: .release-rules
   stage: release
   image: registry.gitlab.com/gitlab-org/release-cli:latest
-  rules:
-    - if: $CI_COMMIT_TAG =~ /\d+/
+  needs: [generate-changelog]
   script: echo "Creating release $CI_COMMIT_TAG"
   release:
-    tag_name: $CI_COMMIT_TAG
-    description: "Release $CI_COMMIT_TAG of components repository $CI_PROJECT_PATH"
+    name: "${CI_COMMIT_TAG}"
+    tag_name: "${CI_COMMIT_TAG}"
+    description: "${CHANGELOG_FILE}"
 
 include:
   - template: "Workflows/MergeRequest-Pipelines.gitlab-ci.yml"

templates/danger-review/template.yml

@@ -15,7 +15,7 @@ spec:
     dry_run:
       default: false
       type: boolean
-      description: 'Run Danger in "dry run" mode with local only plugin inside a Dangerfile.'
+      description: 'Additionally, run Danger in "dry run" mode with local only plugin inside a Dangerfile.'
     job_stage:
       default: "test"
       description: 'CI Pipeline stage where danger-review job should run'
@@ -32,7 +32,7 @@ danger-review:
   needs: []
   allow_failure: $[[ inputs.job_allow_failure ]]
   variables:
-    GITLAB_API_TOKEN: $$[[ inputs.gitlab_api_token_variable_name ]]
+    DANGER_GITLAB_API_TOKEN: $$[[ inputs.gitlab_api_token_variable_name ]]
   retry:
     max: 2
     when:
@@ -56,17 +56,17 @@ danger-review:
     # $CI_REPOSITORY_URL because in merge trains, that will be the target
     # project's URL, but as explained, we need the source project.
     - >
-      if [[ "$CI_MERGE_REQUEST_PROJECT_URL" != "$CI_MERGE_REQUEST_SOURCE_PROJECT_URL" || -z "${GITLAB_API_TOKEN}" ]]; then
+      if [[ "$CI_MERGE_REQUEST_PROJECT_URL" != "$CI_MERGE_REQUEST_SOURCE_PROJECT_URL" || -z "${DANGER_GITLAB_API_TOKEN}" ]]; then
         git fetch "${CI_SERVER_PROTOCOL}://gitlab-ci-token:${CI_JOB_TOKEN}@${CI_SERVER_HOST}:${CI_SERVER_PORT}/${CI_MERGE_REQUEST_SOURCE_PROJECT_PATH}.git" "$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME"
       fi
     - >
-      if [ -z "${GITLAB_API_TOKEN}" ]; then
-        echo '`GITLAB_API_TOKEN` is not set. Skipping CI source GitLab and falling back to "local only git repo".'
+      if [ -z "${DANGER_GITLAB_API_TOKEN}" ]; then
+        echo '`DANGER_GITLAB_API_TOKEN` (via `$[[ inputs.gitlab_api_token_variable_name ]]`) is not set. Skipping CI source GitLab and falling back to "local only git repo".'
         unset GITLAB_CI;
         # We need to base SHA to help danger determine the base commit for this shallow clone.
         bundle exec danger dry_run --fail-on-errors=true --verbose --base="${CI_MERGE_REQUEST_DIFF_BASE_SHA}" --head="${CI_MERGE_REQUEST_SOURCE_BRANCH_SHA:-$CI_COMMIT_SHA}" --dangerfile="$[[ inputs.dangerfile ]]";
       else
-        danger_id=$(echo -n ${GITLAB_API_TOKEN} | md5sum | awk '{print $1}' | cut -c5-10);
+        danger_id=$(echo -n ${DANGER_GITLAB_API_TOKEN} | md5sum | awk '{print $1}' | cut -c5-10);
         bundle exec danger --fail-on-errors=true --verbose --danger_id="${danger_id}" --dangerfile="$[[ inputs.dangerfile ]]";
       fi
 
@@ -78,4 +78,4 @@ danger-review dry-run:
   extends: danger-review
   before_script:
     - !reference ["danger-review", "before_script"]
-    - unset GITLAB_API_TOKEN
+    - unset DANGER_GITLAB_API_TOKEN