This component needs to be present in each pipeline.
Usage
include:
- component: $CI_SERVER_FQDN/xrow-public/ci-tools/common@stable
Common pipeline stages
The following stages are implemented by default:
| Name | Description |
|---|---|
.pre | default reserved special stage that is executed before all other stages and is used by some helper tasks |
lint | Linting stage for all linting jobs before build |
build | Build stage for all software builds |
test | Test stage to validate all software builds |
deploy | Deploy stage to ship a build to environments |
release | Release stage to publish software releases |
.post | default post pipeline stage in GitLab used by some helper tasks |
Validation
When validate-enabled is true, the .pre validation job checks common project settings. If KUBECONFIG is set as a file variable or base64 text variable, the job also validates that the credentials can reach the Kubernetes API server and have the namespace permissions required by CI Tools. The Kubernetes check is skipped when KUBECONFIG is unset.
Load the library from a protected repository
A bootloader token is not required when loading the library with the default images in this library.
- Set the global variable
CI_BOOTLOADER_TOKENin your GitLab instance with the value
Inputs
| Name | Description | Default | Type |
| --- | --- | --- | --- |
| bootloader | The internal bootloader to load the CI library. See scripts/bootloader.sh for details. | IyEvYmluL2Jhc2gKCiMgZ2VuZXJhdGUgaGFzaCBhbmQgcmVwbGFjZSBpbiB0ZW1wbGF0ZS9jb21tb24vdGVtcGxhdGUueW1sCiMgY2F0IHNjcmlwdHMvYm9vdGxvYWRlci5zaCB8IGJhc2U2NCAtdyAwCgojIFNldCB0byBlbXB0eSB2YWx1ZSBpZiBDSV9CT09UTE9BREVSX1RPS0VOIHdhcyBub3QgZXhwYW5kZWQKaWYgW1sgIiR7Q0lfQk9PVExPQURFUl9UT0tFTn0iID1+IENJX0JPT1RMT0FERVJfVE9LRU4gXV07IHRoZW4KICBleHBvcnQgQ0lfQk9PVExPQURFUl9UT0tFTj0iIgpmaQoKaWYgW1sgLXYgMSBdXTsgdGhlbgogIGV4cG9ydCBDSV9UT09MU19WRVJTSU9OPSIkezF9IgplbHNlCiAgZXhwb3J0IENJX1RPT0xTX1ZFUlNJT049IiR7Q0lfVE9PTFNfVkVSU0lPTjotbWFpbn0iCmZpCgpmdW5jdGlvbiBjaV9sb2FkX2xpYiB7CiAgaWYgW1sgLXggIiQoY29tbWFuZCAtdiBjdXJsKSIgJiYgLXggIiQoY29tbWFuZCAtdiB0YXIpIiAmJiAoIC1uICIke0NJX0JPT1RMT0FERVJfVE9LRU59IiB8fCAiJHtDSV9TRVJWRVJfRlFETn0iID09ICJnaXRsYWIuY29tIiApIF1dOyB0aGVuCiAgICBpZiBbWyAtbiAiJHtDSV9CT09UTE9BREVSX1RPS0VOfSIgXV07IHRoZW4KICAgICAgYXV0aD0iLS1oZWFkZXIgXCJQUklWQVRFLVRPS0VOOiAke0NJX0JPT1RMT0FERVJfVE9LRU59XCIiCiAgICBmaQogICAgbWtkaXIgIiR7Q0lfVE9PTFNfRElSfSIKICAgICMgQWxzbyB3b3JrcyB3aXRoIHRhZyBhbmQgYnJhbmNoIG5hbWVzCiAgICBjdXJsIC1mIC1MIC1zIC0tdXJsICJodHRwczovLyR7Q0lfU0VSVkVSX0ZRRE59L2FwaS92NC9wcm9qZWN0cy94cm93LXB1YmxpYyUyRmNpLXRvb2xzL3JlcG9zaXRvcnkvYXJjaGl2ZS50Z3o/c2hhPSR7Q0lfVE9PTFNfVkVSU0lPTn0iIFwKICAgIC0tb3V0cHV0IC0gfCB0YXIgLXh6IC1DICIke0NJX1RPT0xTX0RJUn0iIC0tc3RyaXAtY29tcG9uZW50cz0xCiAgICByZXR1cm4gMAogIGZpCiAgaWYgW1sgISAteCAiJChjb21tYW5kIC12IGdpdCkiICYmIC14ICIkKGNvbW1hbmQgLXYgZG5mKSIgJiYgIiQod2hvYW1pKSIgPT0gInJvb3QiIF1dOyB0aGVuCiAgICBkbmYgaW5zdGFsbCAteSBnaXQ7CiAgZmkKICBpZiBbWyAhIC14ICIkKGNvbW1hbmQgLXYgZ2l0KSIgJiYgLXggIiQoY29tbWFuZCAtdiBtaWNyb2RuZikiICYmICIkKHdob2FtaSkiID09ICJyb290IiBdXTsgdGhlbgogICAgbWljcm9kbmYgaW5zdGFsbCAteSBnaXQ7CiAgZmkKICBpZiBbWyAhIC14ICIkKGNvbW1hbmQgLXYgZ2l0KSIgJiYgLXggIiQoY29tbWFuZCAtdiBhcHQtZ2V0KSIgJiYgIiQod2hvYW1pKSIgPT0gInJvb3QiIF1dOyB0aGVuCiAgICBhcHQtZ2V0IGluc3RhbGwgLXkgZ2l0CiAgZmkKICBpZiBbWyAteCAiJChjb21tYW5kIC12IGdpdCkiICYmIC12IENJX0pPQl9UT0tFTiBdXTsgdGhlbgogICAgdXJsPSJodHRwczovL2dpdGxhYi1jaS10b2tlbjoke0NJX0pPQl9UT0tFTn1AJENJX1NFUlZFUl9GUUROL3hyb3ctcHVibGljL2NpLXRvb2xzLmdpdCIKICAgIHRtcGRpcj0kKG1rdGVtcCAtZCAtcCAvdG1wKTsKICAgIGdpdCBjb25maWcgLS1nbG9iYWwgYWR2aWNlLmRldGFjaGVkSGVhZCBmYWxzZSB8fCB0cnVlCiAgICBpZiBbWyAiJHtDSV9UT09MU19WRVJTSU9OfSIgPX4gXlthLWYwLTldezQwfSQgXV07IHRoZW4KICAgICAgZ2l0IGNsb25lICR7dXJsfSAke0NJX1RPT0xTX0RJUn0KICAgICAgZ2l0IC1DICR7Q0lfVE9PTFNfRElSfSByZXNldCAke0NJX1RPT0xTX1ZFUlNJT059IC0taGFyZAogICAgZWxzZQogICAgICBnaXQgY2xvbmUgLS1icmFuY2ggJHtDSV9UT09MU19WRVJTSU9OfSAtLXNpbmdsZS1icmFuY2ggJHt1cmx9ICR7Q0lfVE9PTFNfRElSfQogICAgZmkKICAgIGlmIFtbICEgLWQgIiR7Q0lfVE9PTFNfRElSfSIgJiYgJENJX1NFUlZFUl9GUUROICE9ICJnaXRsYWIuY29tIiBdXTsgdGhlbgogICAgICBlY2hvICJbZXJyb3JdIENvdWxkIG5vdCBjbG9uZSBDSSB0b29scyBsaWJyYXJ5IGZyb20gJHtDSV9TRVJWRVJfRlFETn0iCiAgICAgIHJldHVybiAxCiAgICBmaQogICAgcmV0dXJuIDAKICBmaQogIHJldHVybiAxCn0KCmV4cG9ydCBDSV9TRVJWRVJfRlFETj0iJHtDSV9TRVJWRVJfRlFETjotZ2l0bGFiLmNvbX0iCnRtcGRpcj0kKG1rdGVtcCAtZCAtcCAvdG1wKTsKZXhwb3J0IENJX1RPT0xTX0RJUj0iJHt0bXBkaXJ9L2NpLXRvb2xzIgplY2hvICJbaW5mb10gTG9hZCBsaWJyYXJ5OiBob3N0ICR7Q0lfU0VSVkVSX0ZRRE59OyB2ZXJzaW9uICcke0NJX1RPT0xTX1ZFUlNJT059JzsgZGlyZWN0b3J5ICR7Q0lfVE9PTFNfRElSfSIKY2lfbG9hZF9saWIgfHwgewogIGVjaG8gIltlcnJvcl0gQ291bGQgbm90IGxvYWQgQ0kgdG9vbHMgbGlicmFyeSIKICBleGl0IDEKfQpzb3VyY2UgIiR7Q0lfVE9PTFNfRElSfS9zY3JpcHRzL2xpYnJhcnkuc2giCg== | string |
| bootloader-token | The deployment token to use for the bootloader to fetch the CI library from private repositories. Needs to be unmasked if used. | ${CI_BOOTLOADER_TOKEN} | string |
| ca-bundle-path | The path to the CA bundle file with additional CA certificates. | string | |
| registry | Registry to store container image releases in | $CI_REGISTRY | string |
| repo | registry.gitlab.com/xrow-public/ci-tools | string | |
| repository-path | Repository to store container image releases in | $CI_PROJECT_PATH | string |
| stages | The stages available in the pipeline. | ["lint","build","test","release","deploy"] | array |
| trivy-repository | The image repository to use for trivy. | ghcr.io/aquasecurity | string |
| validate-allow-failure | Should the pipeline continue if linting fails? | false | boolean |
| validate-enabled | Enable validation of the GitLab CI configuration | false | boolean |
| validate-needs | The jobs that the validate job depends on. | [] | array |
| validate-script | Enable validation of the GitLab CI configuration | string |