scripts/lib/azure.sh

@@ -9,7 +9,6 @@ if [[ -v AGENT_NAME ]]; then
   CI_COMMIT_SHA="${BUILD_SOURCEVERSION}"
   CI_COMMIT_SHORT_SHA="$( echo -n "${BUILD_SOURCEVERSION}" | sha256sum | cut -c1-8 )"
   export CONTAINER_RUNTIME="nerdctl"
-  export CONTAINER_RUNTIME_PULL="nerdctl pull"
   export CONTAINER_RUNTIME_PUSH="nerdctl push"
   export CONTAINER_BUILD="nerdctl build"
   # @TODO  

scripts/lib/ci.sh

@@ -18,45 +18,30 @@ export CI_PATTERN_SEMVER_BUILD='(-(('$CI_PATTERN_SEMVER_DIGIT'|'$CI_PATTERN_SEMV
 export CI_PATTERN_SEMVER=${CI_PATTERN_SEMVER_VERSION}${CI_PATTERN_SEMVER_BUILD}
 
 function ci_init() {
-    if [[ -v CI_JOB_NAME ]]; then
-      echo "[info] Documentation of job '${CI_JOB_NAME}': https://xrow-public.gitlab.io/ci-tools/#${CI_JOB_NAME}"
-    fi
-    [ "${BASH_VERSINFO:-0}" -lt 4 ] && echo "Bash versions lesser 5 are not supported." && exit 1
-
-
-    export BUILD_CACHE_DIR="${BUILD_CACHE_DIR:-/cache}"
-    if [[ -d $BUILD_CACHE_DIR ]]; then
-      echo "[info] Cache dir $BUILD_CACHE_DIR is present."
-      export XDG_CACHE_HOME=$BUILD_CACHE_DIR
-      # mkdir -p /cache/dnf || true
-      # mount --rbind /cache/dnf /var/cache/dnf
-    else
-      echo "[info] Cache dir $BUILD_CACHE_DIR is not present."
-      unset BUILD_CACHE_DIR
-    fi;
-    if [[ ${CI_DEBUG_TRACE} == "true" ]]; then
-      echo "[info] Debug mode is enabled. Set 'CI_DEBUG_TRACE=false' to disable."
-      ci_debug
-      # New implementation for a trap lib.
-      # source $TOOLS_DIR/scripts/lib/trap.sh
-    else
-      echo "[info] Debug mode is disabled. Set 'CI_DEBUG_TRACE=true' to enable."
-      # Trap lib has issues can needs to get replaced or improved. 
-
-      # Old implementation for a trap lib.
-
-      # set -e
-      # trap 'catch $? $LINENO' EXIT
-      # function catch() {
-      #  if [ "$1" != "0" ]; then
-      #    echo "Error $1 occurred on $2"
-      #    echo "exit in 15 sec"
-      #    sleep 15
-      #    exit 1
-      #  else
-      #    echo "No error $1 occurred on $2"
-      #  fi
-      # }
+  if [[ ${CI_DEBUG_TRACE} == "true" ]]; then
+    echo "[error] Do not run any pipeline with debuging enabled. Set 'CI_DEBUG_TRACE=false' to disable"
+  fi
+  if [[ -v CI_JOB_NAME ]]; then
+    echo "[info] Documentation of job '${CI_JOB_NAME}': https://xrow-public.gitlab.io/ci-tools/#${CI_JOB_NAME}"
+  fi
+  [ "${BASH_VERSINFO:-0}" -lt 4 ] && echo "Bash versions lesser 5 are not supported." && exit 1
+
+
+  export BUILD_CACHE_DIR="${BUILD_CACHE_DIR:-/cache}"
+  if [[ -d $BUILD_CACHE_DIR ]]; then
+    echo "[info] Cache dir $BUILD_CACHE_DIR is present."
+    export XDG_CACHE_HOME=$BUILD_CACHE_DIR
+    # mkdir -p /cache/dnf || true
+    # mount --rbind /cache/dnf /var/cache/dnf
+  else
+    echo "[info] Cache dir $BUILD_CACHE_DIR is not present."
+    unset BUILD_CACHE_DIR
+  fi;
+  if [[ ${CI_DEBUG_TRACE} == "true" ]]; then
+    echo "[warn] Debug mode is enabled. Debug mode exposes security tokens. Set 'CI_DEBUG_TRACE=false' to disable"
+    ci_debug
+  else
+    echo "[info] Debug mode is disabled. Set 'CI_DEBUG_TRACE=true' to enable."
   fi
   return 0
 }

scripts/lib/container.sh

 #!/bin/bash
 
 export CONTAINER_RUNTIME="${CONTAINER_RUNTIME:-podman --events-backend=file}"
-export CONTAINER_RUNTIME_PULL="${CONTAINER_RUNTIME_PULL:-podman pull}"
 export CONTAINER_RUNTIME_PUSH="${CONTAINER_RUNTIME_PUSH:-podman push --format oci}"
 export CONTAINER_BUILD_OPTIONS="${CONTAINER_BUILD_OPTIONS:-}"
 # @TODO find a way to cache to work with --squash:  --layers --cache-to $CI_REGISTRY/$CI_PROJECT_PATH/cache --cache-from $CI_REGISTRY/$CI_PROJECT_PATH/cache
@@ -120,6 +119,7 @@ function ci_container_build() {
   fi
 
   if [[ "$(ci_container_exists)" == "1" ]]; then
+    ci_container_export_appversion
     return 0
   fi;
 
@@ -127,10 +127,26 @@ function ci_container_build() {
   echo "Full build command: $CONTAINER_BUILD $CONTAINER_BUILD_OPTIONS $CONTAINER_BUILD_ARGS $args -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $dir"
   rm -Rf ~/.local/share/containers/
   $CONTAINER_BUILD $CONTAINER_BUILD_OPTIONS $CONTAINER_BUILD_ARGS $args -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $dir
-
+  ci_container_export_appversion
   echo "[info] Build done."
 }
 
+function ci_container_export_appversion() {
+  local version
+  version="$( $CONTAINER_RUNTIME run -i $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA bash -c 'if [[ -f /opt/appversion ]]; then cat /opt/appversion; fi' )"
+  if [[ -n "$version" ]]; then
+    echo "[info] Found appversion: $version"
+    mkdir release || true
+    echo "$version" >> release/appversion
+  elif [[ -v CI_COMMIT_TAG ]]; then
+    version=$(cat container/appversion)
+    echo "[info] Usning container version as appversion: $CI_COMMIT_TAG"
+    echo "$CI_COMMIT_TAG" >> release/appversion
+  else
+    echo "[info] Found no appversion"
+  fi
+}
+
 function ci_container_exists() {
   ci_registry_token_login
   set +e

scripts/lib/dev.sh

@@ -5,9 +5,9 @@ function ci_debug() {
   echo "[info] Loaded Library to temp dir $TOOLS_DIR"
   echo "CWD: $(pwd)"
   echo "HOME: ${HOME}"
-  echo "--- export ----"
-  export
-  echo "--- export ----"
+  echo "[info] env ist stored in /tmp/env. Reload via: source /tmp/env"
+  export > /tmp/env
+  set -x
 }
 
 function ci_dev_env {

scripts/lib/git.sh

@@ -4,11 +4,27 @@ if [[ -x "$(command -v git)" ]]; then
   echo "[info] Init global git settings"
   git config --global --add safe.directory '*'
   if [[ -v GITLAB_USER_EMAIL ]]; then
-    git config --global user.email "$GITLAB_USER_EMAIL"
-    git config --global user.name "$GITLAB_USER_NAME"
+    git config --global user.email "${GITLAB_USER_EMAIL}"
+    git config --global user.name "${GITLAB_USER_NAME}"
   fi
 fi
 
+function ci_git_last_tag() {
+  git fetch --unshallow &> /dev/null || true
+  version=$(git describe --tags --abbrev=0)
+  echo "${version}"
+  return 0 
+}
+
+function ci_git_empty_commit() {
+  local message="${1:-chore: Automatic empty commit}"
+  git fetch --unshallow &> /dev/null || true
+  git checkout "${CI_DEFAULT_BRANCH}"
+  git remote set-url origin "git@${CI_SERVER_SHELL_SSH_HOST}:${CI_PROJECT_PATH}.git"
+  git commit --allow-empty -m "${message}"
+  git push origin
+}
+
 function ci_git_push() {
   ci_ssh_init
   if [[ ! -x "$(command -v git)" ]]; then

scripts/lib/gitlab.sh

 #!/bin/bash
 
-
 function ci_gitlab_semantic_versioning() {
   if [[ -z "$CI_PROJECT_DESCRIPTION" ]]; then
     echo "Project must have a description. In order to use semantic versioning."

scripts/lib/helm.sh

 #!/bin/bash
 
 export HELM_EXPERIMENTAL_OCI="1"
-export HELM_TIMEOUT="${HELM_TIMEOUT:-30m}"
+export HELM_TIMEOUT="${HELM_TIMEOUT:-10m}"
 export CI_SHARED_REPOID="40219561"
 export CI_PUBLIC_REPOID="29805218"
 export CI_SHARED_REPO_URL="https://$CI_SERVER_HOST/xrow-shared/repository/-/packages"
@@ -232,7 +232,14 @@ function ci_helm_test_chart() {
     RETURN_UPGRADE=$?
     set -e
 
-    if [[ $RETURN_INSTALL != 0 || $RETURN_UPGRADE != 0  ]] ; then
+    echo "[info] Start helm test:"
+    echo helm test $release $file 
+    set +e
+    helm helm test $release $file 
+    RETURN_TEST=$?
+    set -e
+
+    if [[ $RETURN_INSTALL != 0 || $RETURN_UPGRADE != 0 || $RETURN_TEST != 0  ]] ; then
       mkdir -p release/logs || true
       helm template $release $file $HELM_OPTS > release/logs/$chartname.log
       echo "[error] Test failed, see release/logs/$chartname.log";

scripts/lib/ssh.sh

 #!/bin/bash
 
-function ci_ssh_init() {
+function ci_ssh_agent_start() {
   if [[ ! -x "$(command -v ssh-agent)" ]]; then
     dnf install -y openssh-clients
   fi
-  eval $(ssh-agent -s)
-  mkdir -p ${HOME}/.ssh
-  echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ${HOME}/.ssh/config
-  mkdir -p ${HOME}/.ssh
-  chmod 700 ${HOME}/.ssh
-  touch ${HOME}/.ssh/known_hosts
-  chmod 600 ${HOME}/.ssh/known_hosts
-  ssh-keyscan github.com >> ${HOME}/.ssh/known_hosts
-  ssh-keyscan ssh.dev.azure.com >> ${HOME}/.ssh/known_hosts
-  ssh-keyscan $CI_SERVER_HOST >> ${HOME}/.ssh/known_hosts
+  if [[ ! -v SSH_AGENT_PID ]]; then
+    eval $(ssh-agent -s)
+    mkdir -p ${HOME}/.ssh
+    echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ${HOME}/.ssh/config
+    mkdir -p ${HOME}/.ssh
+    chmod 700 ${HOME}/.ssh
+    touch ${HOME}/.ssh/known_hosts
+    chmod 600 ${HOME}/.ssh/known_hosts
+    ssh-keyscan github.com >> ${HOME}/.ssh/known_hosts
+    ssh-keyscan gitlab.com >> ${HOME}/.ssh/known_hosts
+    ssh-keyscan ssh.dev.azure.com >> ${HOME}/.ssh/known_hosts
+    if [[ -v CI_SERVER_HOST && "$CI_SERVER_HOST" != "gitlab.com" ]]; then
+      ssh-keyscan $CI_SERVER_HOST >> ${HOME}/.ssh/known_hosts
+    fi
+  fi
+}
 
+function ci_ssh_init() {
   if [ -v GIT_SSH_KEY ]; then
     ci_ssh_add_key $GIT_SSH_KEY
   fi
@@ -23,12 +30,13 @@ function ci_ssh_init() {
   fi
 }
 function ci_ssh_add_key() {
+  ci_ssh_agent_start
   if [[ ! -z "$1" ]]; then
     if [[ -f "$1" ]]; then
       cp "$1" /tmp/$(basename $1)
+      sed -i -e '$a\' /tmp/$(basename $1)
       chmod 600 /tmp/$(basename $1)
       ssh-add "/tmp/$(basename $1)"
-      rm -f /tmp/$(basename $1)
       return 0
     fi
     local key=$(openssl enc -base64 -d <<< $1 | tr -d ' ' )

scripts/library.sh

 #!/bin/bash
 
-if [[ -z "$BASH" ]]; then echo "[error] Please run this script $0 with bash"; exit; fi
 
-if [[ ${CI_DEBUG_TRACE} == "true" ]]; then
-  set -x
-fi
+
+if [[ -z "$BASH" ]]; then echo "[error] Please run this script $0 with bash"; exit; fi
 
 # Library usage: 
 # [root@localhost]# source <(curl -s -k https://gitlab.com/xrow-public/ci-tools/-/raw/main/scripts/library.sh)
@@ -17,9 +15,9 @@ if [[ -x "$(command -v dnf)" && $CI_CONFIG_FLAG_FASTESTMIRROR = "true" ]]; then
   dnf config-manager --save --setopt=fastestmirror=True
 fi
 
-if [[ ! -v CI_SERVER_HOST ]]; then
-  CI_SERVER_HOST="gitlab.com"
-fi
+export CI_SERVER_HOST="${CI_SERVER_HOST:-gitlab.com}"
+export CI_TOOLS_VERSION="${CI_TOOLS_VERSION:-main}"
+export CI_TOOLS_DOWNLOAD="${CI_TOOLS_DOWNLOAD:-https://${CI_SERVER_HOST}/xrow-public/ci-tools/-/archive/${CI_TOOLS_VERSION}/ci-tools-${CI_TOOLS_VERSION}.tar.gz}"
 
 # Check if the library is already available on the os
 if [[ -f scripts/library.sh ]]; then
@@ -32,9 +30,9 @@ elif [[ -f /scm/ci-tools/scripts/library.sh ]]; then
   export TOOLS_DIR="/scm/ci-tools"
   echo "[info] Using ci-tools from ${TOOLS_DIR}"
 else
-  echo "[info] Loading ci-tools from ${CI_SERVER_HOST}"
+  echo "[info] Loading ci-tools from ${CI_TOOLS_DOWNLOAD}"
   export TOOLS_DIR=$(mktemp -d -p /tmp)
-  curl -s -k https://$CI_SERVER_HOST/xrow-public/ci-tools/-/archive/main/ci-tools-main.tar.gz | tar -xz --strip-components=1 -C $TOOLS_DIR
+  curl -s -k ${CI_TOOLS_DOWNLOAD} | tar -xz --strip-components=1 -C $TOOLS_DIR
 fi
 source $TOOLS_DIR/scripts/lib/ci.sh
 source $TOOLS_DIR/scripts/lib/certificate.sh

templates/container/template.yml

@@ -59,6 +59,10 @@ build:$[[ inputs.name ]]:
       source <(curl -s https://$CI_SERVER_HOST/xrow-public/ci-tools/-/raw/main/scripts/library.sh)
       ci_container_build $[[ inputs.path ]] $[[ inputs.name ]]
       ci_container_push_build $[[ inputs.latest ]] $[[ inputs.release-repository-enabled ]]
+  artifacts:
+    paths: 
+      - release/appversion
+    when: always
   rules:
   - !reference [.build_rules, rules]
   - when: on_success

templates/helm/template.yml

@@ -43,6 +43,8 @@ lint:helm:$[[ inputs.name ]]:
       source <(curl -s https://$CI_SERVER_HOST/xrow-public/ci-tools/-/raw/main/scripts/library.sh)
       ci_helm_lint $[[ inputs.path ]]
   rules:
+  - if: '$CI_PIPELINE_SOURCE == "schedule"'
+    when: never
   - exists:
     - $[[ inputs.path ]]Chart.yaml
   - when: never
@@ -73,6 +75,8 @@ build:helm:$[[ inputs.name ]]:
       - release/charts
       - release/chart
   rules:
+  - if: '$CI_PIPELINE_SOURCE == "schedule"'
+    when: never
   - when: on_success
   cache:
     key: cache-helm
@@ -100,6 +104,8 @@ test:helm:$[[ inputs.name ]]:
     paths:
     - release/logs
   rules:
+  - if: '$CI_PIPELINE_SOURCE == "schedule"'
+    when: never
   - if: '"$[[ inputs.review-domain ]]" == ""'
     when: never
   - exists: