secret-detection/.gitlab-ci.yml

include:
  component: $CI_SERVER_FQDN/$CI_PROJECT_PATH/secret-detection@$CI_COMMIT_SHA

stages: [test, release]

secret_detection:
  rules:
    - if: $CI_COMMIT_BRANCH
    - if: $CI_COMMIT_TAG # overriding rules to ensure it runs on tags before the release.

ensure-job-added:
  stage: test
  image: badouralix/curl-jq
  script:
    - echo "Expect that a job named 'secret_detection' is added to the pipeline"
    - |
      route="$CI_API_V4_URL/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs"
      count=`curl --silent $route | jq 'map(select(.name | contains("secret_detection"))) | length'`
      if [ "$count" != "1" ]; then
        exit 1
      fi
  rules:
    - if: ($CI_COMMIT_BRANCH || $CI_COMMIT_TAG) && $CI_SERVER_HOST =~ /gitlab.com/

# Ensure that a project description exists, because it will be important to display
# the resource in the catalog.
check-description:
  image: badouralix/curl-jq
  script:
    - |
      route="$CI_API_V4_URL/projects/$CI_PROJECT_ID"
      desc=`curl --silent $route | jq '.description'`
      if [ "$desc" = "null" ]; then
        echo "Description not set. Please set a projet description"
        exit 1
      else
        echo "Description set"
      fi
  rules:
    - if: $CI_SERVER_HOST =~ /gitlab.com/

# Ensure that a `README.md` exists in the root directory as it represents the
# documentation for the whole components repository.
check-readme:
  image: busybox
  script: ls README.md || (echo "Please add a README.md file" && exit 1)

# If we are tagging a release with a specific convention ("v" + number) and all
# previous checks succeeded, we proceed with creating a release automatically.
create-release:
  stage: release
  image: registry.gitlab.com/gitlab-org/release-cli:latest
  rules:
    - if: $CI_COMMIT_TAG =~ /\d+/
  script: echo "Creating release $CI_COMMIT_TAG"
  release:
    tag_name: $CI_COMMIT_TAG
    description: "Release $CI_COMMIT_TAG of components repository $CI_PROJECT_PATH"