Compare revisions

Clement Bois · Pierre Smeyers · Pierre Smeyers · Clement Bois · Pierre Smeyers · Pierre Smeyers
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
+## [7.5.2](https://gitlab.com/to-be-continuous/python/compare/7.5.1...7.5.2) (2024-12-22)
+
+
+### Bug Fixes
+
+* **test:** handle decimal coverage ([4fb81f8](https://gitlab.com/to-be-continuous/python/commit/4fb81f8b66bf285f173a2335f8c34523d0f7ca3d))
+
 ## [7.5.1](https://gitlab.com/to-be-continuous/python/compare/7.5.0...7.5.1) (2024-11-21)



--- a/README.md
+++ b/README.md
@@ -14,7 +14,7 @@ Add the following to your `.gitlab-ci.yml`:
 ```yaml
 include:
  # 1: include the component
-  - component: $CI_SERVER_FQDN/to-be-continuous/python/gitlab-ci-python@7.5.1
+  - component: $CI_SERVER_FQDN/to-be-continuous/python/gitlab-ci-python@7.5.2
    # 2: set/override component inputs
    inputs:
      image: registry.hub.docker.com/library/python:3.12-slim
@@ -29,7 +29,7 @@ Add the following to your `.gitlab-ci.yml`:
 include:
  # 1: include the template
  - project: 'to-be-continuous/python'
-    ref: '7.5.1'
+    ref: '7.5.2'
    file: '/templates/gitlab-ci-python.yml'

 variables:
@@ -103,7 +103,7 @@ In addition to a textual report in the console, this job produces the following
 | Report         | Format                                                                       | Usage             |
 | -------------- | ---------------------------------------------------------------------------- | ----------------- |
 | `$PYTHON_PROJECT_DIR/reports/py-lint.codeclimate.json` | [Code Climate](https://docs.codeclimate.com/docs/pylint) | [GitLab integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscodequality) |
-| `$PYTHON_PROJECT_DIR/reports/py-lint.parseable.txt` | [parseable](https://pylint.pycqa.org/en/latest/user_guide/usage/output.html) | [SonarQube integration](https://docs.sonarqube.org/latest/analysis/external-issues/) |
+| `$PYTHON_PROJECT_DIR/reports/py-lint.parseable.txt` | [parseable](https://pylint.pycqa.org/en/latest/user_guide/usage/output.html) | [SonarQube integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/importing-external-issues/external-analyzer-reports/) |

 ### Test jobs

@@ -146,8 +146,8 @@ In addition to a textual report in the console, this job produces the following

 | Report         | Format                                                                       | Usage             |
 | -------------- | ---------------------------------------------------------------------------- | ----------------- |
-| `$PYTHON_PROJECT_DIR/reports/TEST-*.xml` | [xUnit](https://en.wikipedia.org/wiki/XUnit) test report(s) | [GitLab integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportsjunit) & [SonarQube integration](https://docs.sonarqube.org/latest/analysis/test-coverage/test-execution-parameters/#header-8) |
-| `$PYTHON_PROJECT_DIR/reports/py-coverage.cobertura.xml` | [Cobertura XML](https://gcovr.com/en/stable/output/cobertura.html) coverage report | [GitLab integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscoverage_report) & [SonarQube integration](https://docs.sonarqube.org/latest/analysis/test-coverage/python-test-coverage/) |
+| `$PYTHON_PROJECT_DIR/reports/TEST-*.xml` | [xUnit](https://en.wikipedia.org/wiki/XUnit) test report(s) | [GitLab integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportsjunit) & [SonarQube integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/test-execution-parameters/#python) |
+| `$PYTHON_PROJECT_DIR/reports/py-coverage.cobertura.xml` | [Cobertura XML](https://gcovr.com/en/stable/output/cobertura.html) coverage report | [GitLab integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscoverage_report) & [SonarQube integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/python-test-coverage/) |

 #### `py-pytest` job

@@ -179,8 +179,8 @@ In addition to a textual report in the console, this job produces the following

 | Report         | Format                                                                       | Usage             |
 | -------------- | ---------------------------------------------------------------------------- | ----------------- |
-| `$PYTHON_PROJECT_DIR/reports/TEST-*.xml` | [xUnit](https://en.wikipedia.org/wiki/XUnit) test report(s) | [GitLab integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportsjunit) & [SonarQube integration](https://docs.sonarqube.org/latest/analysis/test-coverage/test-execution-parameters/#header-8) |
-| `$PYTHON_PROJECT_DIR/reports/py-coverage.cobertura.xml` | [Cobertura XML](https://gcovr.com/en/stable/output/cobertura.html) coverage report | [GitLab integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscoverage_report) & [SonarQube integration](https://docs.sonarqube.org/latest/analysis/test-coverage/python-test-coverage/) |
+| `$PYTHON_PROJECT_DIR/reports/TEST-*.xml` | [xUnit](https://en.wikipedia.org/wiki/XUnit) test report(s) | [GitLab integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportsjunit) & [SonarQube integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/test-execution-parameters/#python) |
+| `$PYTHON_PROJECT_DIR/reports/py-coverage.cobertura.xml` | [Cobertura XML](https://gcovr.com/en/stable/output/cobertura.html) coverage report | [GitLab integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscoverage_report) & [SonarQube integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/python-test-coverage/) |

 #### `py-nosetests` job

@@ -203,8 +203,8 @@ In addition to a textual report in the console, this job produces the following

 | Report         | Format                                                                       | Usage             |
 | -------------- | ---------------------------------------------------------------------------- | ----------------- |
-| `$PYTHON_PROJECT_DIR/reports/TEST-*.xml` | [xUnit](https://en.wikipedia.org/wiki/XUnit) test report(s) | [GitLab integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportsjunit) & [SonarQube integration](https://docs.sonarqube.org/latest/analysis/test-coverage/test-execution-parameters/#header-8) |
-| `$PYTHON_PROJECT_DIR/reports/py-coverage.cobertura.xml` | [Cobertura XML](https://gcovr.com/en/stable/output/cobertura.html) coverage report | [GitLab integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscoverage_report) & [SonarQube integration](https://docs.sonarqube.org/latest/analysis/test-coverage/python-test-coverage/) |
+| `$PYTHON_PROJECT_DIR/reports/TEST-*.xml` | [xUnit](https://en.wikipedia.org/wiki/XUnit) test report(s) | [GitLab integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportsjunit) & [SonarQube integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/test-execution-parameters/#python) |
+| `$PYTHON_PROJECT_DIR/reports/py-coverage.cobertura.xml` | [Cobertura XML](https://gcovr.com/en/stable/output/cobertura.html) coverage report | [GitLab integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscoverage_report) & [SonarQube integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/python-test-coverage/) |

 #### `py-compile` job

@@ -232,8 +232,8 @@ In addition to a textual report in the console, this job produces the following

 | Report         | Format                                                                       | Usage             |
 | -------------- | ---------------------------------------------------------------------------- | ----------------- |
-| `$PYTHON_PROJECT_DIR/reports/py-bandit.bandit.csv` | [CSV](https://bandit.readthedocs.io/en/latest/formatters/csv.html) | [SonarQube integration](https://docs.sonarqube.org/latest/analysis/external-issues/)<br/>_This report is generated only if SonarQube template is detected_ |
-| `$PYTHON_PROJECT_DIR/reports/py-bandit.bandit.json` | [JSON](https://bandit.readthedocs.io/en/latest/formatters/json.html) | [DefectDojo integration](https://defectdojo.github.io/django-DefectDojo/integrations/parsers/#bandit)<br/>_This report is generated only if DefectDojo template is detected_ |
+| `$PYTHON_PROJECT_DIR/reports/py-bandit.bandit.csv` | [CSV](https://bandit.readthedocs.io/en/latest/formatters/csv.html) | [SonarQube integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/importing-external-issues/external-analyzer-reports/)<br/>_This report is generated only if SonarQube template is detected_ |
+| `$PYTHON_PROJECT_DIR/reports/py-bandit.bandit.json` | [JSON](https://bandit.readthedocs.io/en/latest/formatters/json.html) | [DefectDojo integration](https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/bandit/)<br/>_This report is generated only if DefectDojo template is detected_ |

 ### `py-trivy` job (dependency check)

@@ -247,13 +247,23 @@ It is bound to the `test` stage, and uses the following variables:
 | ---------------- | ----------------------------------------------------------------------- | ----------------- |
 | `trivy-disabled` / `PYTHON_TRIVY_DISABLED` | Set to `true` to disable Trivy job                                 | _none_ (enabled) |
 | `trivy-dist-url` / `PYTHON_TRIVY_DIST_URL` | Url to the `tar.gz` package for `linux_amd64` of Trivy to use (ex: `https://github.com/aquasecurity/trivy/releases/download/v0.51.1/trivy_0.51.1_Linux-64bit.tar.gz`)<br/>_When unset, the latest version will be used_ | _none_ |
-| `trivy-args` / `PYTHON_TRIVY_ARGS`       | Additional [Trivy CLI options](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_filesystem/) | `--ignore-unfixed --pkg-types library --detection-priority comprehensive`   |
+| `trivy-args` / `PYTHON_TRIVY_ARGS`       | Additional [Trivy CLI options](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_filesystem/#options) | `--ignore-unfixed --pkg-types library --detection-priority comprehensive`   |
+
+Other Trivy parameters shall be configured using [Trivy environment variables](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_filesystem/#options).
+Examples:
+* `TRIVY_SEVERITY`: severities of security issues to be displayed (comma separated values: `UNKNOWN`, `LOW`, `MEDIUM`, `HIGH`, `CRITICAL`)
+* `TRIVY_SERVER`: server address (enables [client/server mode](https://trivy.dev/latest/docs/references/modes/client-server/))
+* `TRIVY_DB_REPOSITORY`: OCI repository to retrieve Trivy Database from
+* ...
+
+:warning: if you're using Trivy in multiple templates with different parameter values (ex: different `TRIVY_SEVERITY` threshold with Python and - says - Docker templates), then it is
+recommanded to pass the configuration as CLI options using the `trivy-args` input / `PYTHON_TRIVY_ARGS` variable.

 In addition to a textual report in the console, this job produces the following reports, kept for one day and only available for download by users with the Developer role or higher:

 | Report         | Format                                                                       | Usage             |
 | -------------- | ---------------------------------------------------------------------------- | ----------------- |
-| `$PYTHON_PROJECT_DIR/reports/py-trivy.trivy.json` | [JSON](https://aquasecurity.github.io/trivy/latest/docs/configuration/reporting/#json) | [DefectDojo integration](https://defectdojo.github.io/django-DefectDojo/integrations/parsers/#trivy)<br/>_This report is generated only if DefectDojo template is detected_ |
+| `$PYTHON_PROJECT_DIR/reports/py-trivy.trivy.json` | [JSON](https://aquasecurity.github.io/trivy/latest/docs/configuration/reporting/#json) | [DefectDojo integration](https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/trivy/)<br/>_This report is generated only if DefectDojo template is detected_ |

 ### `py-sbom` job

@@ -306,7 +316,7 @@ In addition to logs in the console, this job produces the following reports, kep
 | Report         | Format                                                                       | Usage             |
 | -------------- | ---------------------------------------------------------------------------- | ----------------- |
 | `$PYTHON_PROJECT_DIR/reports/py-ruff.gitlab.json` | [GitLab](https://docs.astral.sh/ruff/settings/#output-format) | [GitLab integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscodequality) |
-| `$PYTHON_PROJECT_DIR/reports/py-ruff.native.json` | [JSON](https://docs.astral.sh/ruff/settings/#output-format) | [SonarQube integration](https://docs.sonarqube.org/latest/analysis/external-issues/)<br/>_This report is generated only if SonarQube template is detected_ |
+| `$PYTHON_PROJECT_DIR/reports/py-ruff.native.json` | [JSON](https://docs.astral.sh/ruff/settings/#output-format) | [SonarQube integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/importing-external-issues/external-analyzer-reports/)<br/>_This report is generated only if SonarQube template is detected_ |

 ### `py-ruff-format` job

@@ -336,14 +346,14 @@ In addition to a textual report in the console, this job produces the following
 | Report         | Format                                                                       | Usage             |
 | -------------- | ---------------------------------------------------------------------------- | ----------------- |
 | `$PYTHON_PROJECT_DIR/reports/py-mypy.codeclimate.json` | [Code Climate](https://github.com/soul-catcher/mypy-gitlab-code-quality) | [GitLab integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscodequality) |
-| `$PYTHON_PROJECT_DIR/reports/py-mypy.console.txt` | [mypy console output](https://mypy.readthedocs.io/) | [SonarQube integration](https://docs.sonarqube.org/latest/analysis/external-issues/) |
+| `$PYTHON_PROJECT_DIR/reports/py-mypy.console.txt` | [mypy console output](https://mypy.readthedocs.io/) | [SonarQube integration](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/importing-external-issues/external-analyzer-reports/) |

 ### SonarQube analysis

 If you're using the SonarQube template to analyse your Python code, here is a sample `sonar-project.properties` file:

 ```properties
-# see: https://docs.sonarqube.org/latest/analyzing-source-code/test-coverage/python-test-coverage/
+# see: https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/python-test-coverage/
 # set your source directory(ies) here (relative to the sonar-project.properties file)
 sonar.sources=.
 # exclude unwanted directories and files from being analysed
@@ -369,9 +379,9 @@ sonar.python.mypy.reportPaths=reports/py-mypy.console.txt

 More info:

-* [Python language support](https://docs.sonarqube.org/latest/analyzing-source-code/test-coverage/python-test-coverage/)
-* [test coverage & execution parameters](https://docs.sonarqube.org/latest/analysis/coverage/)
-* [third-party issues](https://docs.sonarqube.org/latest/analysis/external-issues/)
+* [Python language support](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/python-test-coverage/)
+* [test coverage](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/test-coverage-parameters/) & [test execution](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/test-coverage/test-execution-parameters/) parameters
+* [external analyzer reports](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/importing-external-issues/external-analyzer-reports/)

 ### `py-release` job

@@ -505,10 +515,12 @@ In order to be able to communicate with the Vault server, the variant requires t
 | Input / Variable  | Description                            | Default value     |
 | ----------------- | -------------------------------------- | ----------------- |
 | `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest` |
-| `vault-base-url` / `VAULT_BASE_URL`  | The Vault server base API url          | _none_ |
+| `vault-base-url` / `VAULT_BASE_URL`  | The Vault server base API url          | **must be defined** |
 | `vault-oidc-aud` / `VAULT_OIDC_AUD`  | The `aud` claim for the JWT | `$CI_SERVER_URL` |
-| :lock: `VAULT_ROLE_ID`   | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | **must be defined** |
-| :lock: `VAULT_SECRET_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID | **must be defined** |
+| :lock: `VAULT_ROLE_ID`   | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | _none_ |
+| :lock: `VAULT_SECRET_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID | _none_ |
+
+By default, the variant will authentifacte using a [JWT ID token](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html). To use [AppRole](https://www.vaultproject.io/docs/auth/approle) instead the `VAULT_ROLE_ID` and `VAULT_SECRET_ID` should be defined as secret project variables.

 #### Usage

@@ -530,9 +542,9 @@ With:
 ```yaml
 include:
  # main component
-  - component: $CI_SERVER_FQDN/to-be-continuous/python/gitlab-ci-python@7.5.1
+  - component: $CI_SERVER_FQDN/to-be-continuous/python/gitlab-ci-python@7.5.2
  # Vault variant
-  - component: $CI_SERVER_FQDN/to-be-continuous/python/gitlab-ci-python-vault@7.5.1
+  - component: $CI_SERVER_FQDN/to-be-continuous/python/gitlab-ci-python-vault@7.5.2
    inputs:
      vault-base-url: "https://vault.acme.host/v1"
      # audience claim for JWT
@@ -543,7 +555,6 @@ variables:
    GIT_PASSWORD: "@url@http://vault-secrets-provider/api/secrets/b7ecb6ebabc231/git/semantic-release?field=group-access-token"
    GIT_PRIVATE_KEY: "@url@http://vault-secrets-provider/api/secrets/b7ecb6ebabc231/git/semantic-release?field=private-key"
    PYTHON_REPOSITORY_PASSWORD: "@url@http://vault-secrets-provider/api/secrets/b7ecb6ebabc231/pip-repo/repository?field=password"
-    # $VAULT_ROLE_ID and $VAULT_SECRET_ID defined as a secret CI/CD variable
 ```

 ### Google Cloud variant
@@ -572,13 +583,13 @@ The variant requires the additional configuration parameters:

 ```yaml
 include:
-  - component: $CI_SERVER_FQDN/to-be-continuous/python/gitlab-ci-python@7.5.1
+  - component: $CI_SERVER_FQDN/to-be-continuous/python/gitlab-ci-python@7.5.2
    # 2: set/override component inputs
    inputs:
      image: registry.hub.docker.com/library/python:3.12-slim
      pytest-enabled: true

-  - component: $CI_SERVER_FQDN/to-be-continuous/python/gitlab-ci-python-gcp@7.5.1
+  - component: $CI_SERVER_FQDN/to-be-continuous/python/gitlab-ci-python-gcp@7.5.2
    inputs:
      # common OIDC config for non-prod envs
      gcp-oidc-provider: "projects/<gcp_nonprod_proj_id>/locations/global/workloadIdentityPools/<pool_id>/providers/<provider_id>"
@@ -638,13 +649,13 @@ then set the required configuration.

 ```yaml
 include:
-  - component: $CI_SERVER_FQDN/to-be-continuous/python/gitlab-ci-python@7.5.1
+  - component: $CI_SERVER_FQDN/to-be-continuous/python/gitlab-ci-python@7.5.2
    # 2: set/override component inputs
    inputs:
      image: registry.hub.docker.com/library/python:3.12-slim
      pytest-enabled: true

-  - component: $CI_SERVER_FQDN/to-be-continuous/python/gitlab-ci-python-aws-codeartifact@7.5.1
+  - component: $CI_SERVER_FQDN/to-be-continuous/python/gitlab-ci-python-aws-codeartifact@7.5.2
    inputs:
      aws-region: "us-east-1"
      aws-codeartifact-domain: "acme"

--- a/bumpversion.sh
+++ b/bumpversion.sh
@@ -27,7 +27,7 @@ if [[ "$curVer" ]]; then
  log_info "Bump version from \\e[33;1m${curVer}\\e[0m to \\e[33;1m${nextVer}\\e[0m (release type: $relType)..."

  # replace in README
-  sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\”/ref: \”$nextVer\”/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next
+  sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\"/ref: \"$nextVer\"/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next
  mv -f README.md.next README.md

  # replace in template and variants

--- a/templates/gitlab-ci-python-gcp.yml
+++ b/templates/gitlab-ci-python-gcp.yml
@@ -44,7 +44,7 @@ variables:
  image: $PYTHON_IMAGE
  services:
    - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "python", "7.5.1"]
+      command: ["--service", "python", "7.5.2"]
  variables:
    GCP_JWT: $GCP_JWT
  before_script:

--- a/templates/gitlab-ci-python-vault.yml
+++ b/templates/gitlab-ci-python-vault.yml
@@ -22,7 +22,7 @@ variables:
 .python-base:
  services:
    - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "python", "7.5.1"]
+      command: ["--service", "python", "7.5.2"]
    - name: "$TBC_VAULT_IMAGE"
      alias: "vault-secrets-provider"
  variables:

--- a/templates/gitlab-ci-python.yml
+++ b/templates/gitlab-ci-python.yml
@@ -955,13 +955,13 @@ stages:
  - production

 ###############################################################################################
-#                                      Generic python job                                     #
+#                                      Generic python jobs                                    #
 ###############################################################################################
 .python-base:
  image: $PYTHON_IMAGE
  services:
    - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "python", "7.5.1"]
+      command: ["--service", "python", "7.5.2"]
  variables:
    # set local cache dir; most Python tools honour XDG specs
    XDG_CACHE_HOME: "$CI_PROJECT_DIR/.cache"
@@ -980,6 +980,25 @@ stages:
    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"
    - cd ${PYTHON_PROJECT_DIR}
    - guess_build_system
+    - mkdir -p -m 777 reports
+
+.python-test:
+  extends: .python-base
+  stage: build
+  coverage: /^TOTAL.+?(\d+(?:\.\d+)?\%)$/
+  artifacts:
+    name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
+    expire_in: 1 day
+    when: always
+    reports:
+      junit:
+        - "$PYTHON_PROJECT_DIR/reports/TEST-*.xml"
+      coverage_report:
+        coverage_format: cobertura
+        path: "$PYTHON_PROJECT_DIR/reports/py-coverage.cobertura.xml"
+    paths:
+      - "$PYTHON_PROJECT_DIR/reports/TEST-*.xml"
+      - "$PYTHON_PROJECT_DIR/reports/py-coverage.*"

 ###############################################################################################
 #                                      build stage                                             #
@@ -1001,7 +1020,6 @@ py-lint:
  extends: .python-base
  stage: build
  script:
-    - mkdir -p -m 777 reports
    - install_requirements
    - _pip install pylint_gitlab # codeclimate reports
    # run pylint and generate reports all at once
@@ -1062,7 +1080,6 @@ py-ruff:
  extends: .python-base
  stage: build
  script:
-    - mkdir -p -m 777 reports
    - |
      if [[ ${BANDIT_ENABLED} == "true" || ${PYLINT_ENABLED} == "true" || ${PYTHON_ISORT_ENABLED} == "true" ]]; then
        log_warn "Ruff can replace isort, Bandit, Pylint"
@@ -1095,7 +1112,6 @@ py-ruff-format:
  extends: .python-base
  stage: build
  script:
-    - mkdir -p -m 777 reports
    - |
      if [[ ${PYTHON_BLACK_ENABLED} == "true" ]]; then
        log_warn "Ruff can replace Black"
@@ -1115,7 +1131,6 @@ py-mypy:
  variables:
    MYPY_CACHE_DIR: "$CI_PROJECT_DIR/.cache/mypy"
  script:
-    - mkdir -p -m 777 reports
    - install_requirements
    - _pip install mypy mypy-to-codeclimate
    - _run mypy ${MYPY_ARGS} ${MYPY_FILES:-$(find -type f -name "*.py" -not -path "./.cache/*" -not -path "./.venv/*")} | tee reports/py-mypy.console.txt || true
@@ -1139,10 +1154,8 @@ py-mypy:
 #                                      test stage                                             #
 ###############################################################################################
 py-unittest:
-  extends: .python-base
-  stage: build
+  extends: .python-test
  script:
-    - mkdir -p -m 777 reports
    - install_requirements
    # code coverage
    - _pip install coverage
@@ -1151,20 +1164,6 @@ py-unittest:
    - _run coverage run -m xmlrunner discover -o "reports/" $UNITTEST_ARGS
    - _run coverage report -m
    - _run coverage xml -o "reports/py-coverage.cobertura.xml"
-  coverage: /^TOTAL.+?(\d+\%)$/
-  artifacts:
-    name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
-    expire_in: 1 day
-    when: always
-    reports:
-      junit:
-        - "$PYTHON_PROJECT_DIR/reports/TEST-*.xml"
-      coverage_report:
-        coverage_format: cobertura
-        path: "$PYTHON_PROJECT_DIR/reports/py-coverage.cobertura.xml"
-    paths:
-      - "$PYTHON_PROJECT_DIR/reports/TEST-*.xml"
-      - "$PYTHON_PROJECT_DIR/reports/py-coverage.*"
  rules:
    # skip if $UNITTEST_ENABLED not set
    - if: '$UNITTEST_ENABLED != "true"'
@@ -1172,27 +1171,11 @@ py-unittest:
    - !reference [.test-policy, rules]

 py-pytest:
-  extends: .python-base
-  stage: build
+  extends: .python-test
  script:
-    - mkdir -p -m 777 reports
    - install_requirements
    - _pip install pytest pytest-cov coverage
    - _python -m pytest --junit-xml=reports/TEST-pytests.xml --cov --cov-report term  --cov-report xml:reports/py-coverage.cobertura.xml ${PYTEST_ARGS}
-  coverage: /^TOTAL.+?(\d+\%)$/
-  artifacts:
-    name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
-    expire_in: 1 day
-    when: always
-    reports:
-      junit:
-        - "$PYTHON_PROJECT_DIR/reports/TEST-*.xml"
-      coverage_report:
-        coverage_format: cobertura
-        path: "$PYTHON_PROJECT_DIR/reports/py-coverage.cobertura.xml"
-    paths:
-      - "$PYTHON_PROJECT_DIR/reports/TEST-*.xml"
-      - "$PYTHON_PROJECT_DIR/reports/py-coverage.*"
  rules:
    # skip if $PYTEST_ENABLED not set
    - if: '$PYTEST_ENABLED != "true"'
@@ -1200,26 +1183,10 @@ py-pytest:
    - !reference [.test-policy, rules]

 py-nosetests:
-  extends: .python-base
-  stage: build
+  extends: .python-test
  script:
-    - mkdir -p -m 777 reports
    - install_requirements
    - _run nosetests --with-xunit --xunit-file=reports/TEST-nosetests.xml --with-coverage --cover-erase --cover-xml --cover-xml-file=reports/py-coverage.cobertura.xml ${NOSETESTS_ARGS}
-  coverage: /^TOTAL.+?(\d+\%)$/
-  artifacts:
-    name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
-    expire_in: 1 day
-    when: always
-    reports:
-      junit:
-        - "$PYTHON_PROJECT_DIR/reports/TEST-*.xml"
-      coverage_report:
-        coverage_format: cobertura
-        path: "$PYTHON_PROJECT_DIR/reports/py-coverage.cobertura.xml"
-    paths:
-      - "$PYTHON_PROJECT_DIR/reports/TEST-*.xml"
-      - "$PYTHON_PROJECT_DIR/reports/py-coverage.*"
  rules:
    # skip if $NOSETESTS_ENABLED not set
    - if: '$NOSETESTS_ENABLED != "true"'
@@ -1233,7 +1200,6 @@ py-bandit:
  # force no dependencies
  dependencies: []
  script:
-    - mkdir -p -m 777 reports
    - install_requirements
    - _pip install bandit
    # CSV (for SonarQube)
@@ -1269,7 +1235,6 @@ py-trivy:
  # force no dependencies
  dependencies: []
  script:
-    - mkdir -p -m 777 reports
    - |
      if [[ -z "$PYTHON_TRIVY_DIST_URL" ]]
      then
@@ -1348,7 +1313,6 @@ py-sbom:
  dependencies: []
  needs: []
  script:
-    - mkdir -p -m 777 reports
    - |
      case "$PYTHON_BUILD_SYSTEM" in
        poetry*|pipenv*)
No results found