37db8e97ca
- refuse to release when the clone is shallow and no previous release tag is found: tags beyond the fetch depth would silently restart versioning at X.Y.0; --allow-shallow bypasses the guard for a true first release - new --check preflight validates the release environment without releasing: branch resolution + pattern, working tree, tag discovery, shallow clone, remote origin URL parse (same parse the push performs), push auth method, version files, release target — all problems reported at once, non-zero exit on failure - .releaser.gitlab-ci.yml gains an optional .releaser:check MR-pipeline job; CI examples now set GIT_DEPTH: 0 Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
66 lines
2.0 KiB
YAML
66 lines
2.0 KiB
YAML
# releaser — GitLab CI component template
|
|
#
|
|
# Usage in your project's .gitlab-ci.yml:
|
|
#
|
|
# include:
|
|
# - project: 'your-group/releaser'
|
|
# ref: main
|
|
# file: '.releaser.gitlab-ci.yml'
|
|
#
|
|
# stages:
|
|
# - build
|
|
# - test
|
|
# - release
|
|
#
|
|
# release:
|
|
# extends: .releaser:release
|
|
#
|
|
# Required CI variable (set at project or group level):
|
|
# RELEASE_TOKEN — a GitLab project/group access token with scopes:
|
|
# api + write_repository
|
|
# (do NOT use CI_JOB_TOKEN — it cannot push tags back)
|
|
|
|
# Optional preflight job for merge-request pipelines: validates the release
|
|
# environment (branch pattern, remote URL, auth, version files, release
|
|
# target) without releasing anything.
|
|
.releaser:check:
|
|
stage: test
|
|
image: ${RELEASER_IMAGE:-registry.example.com/releaser:latest}
|
|
variables:
|
|
GIT_DEPTH: 0
|
|
rules:
|
|
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
|
script:
|
|
- releaser --check --branch "release/0.0"
|
|
|
|
.releaser:release:
|
|
stage: release
|
|
image: ${RELEASER_IMAGE:-registry.example.com/releaser:latest}
|
|
|
|
variables:
|
|
# Override in your job to change defaults
|
|
RELEASER_EXTRA_ARGS: "" # e.g. "--no-push" or "--tag-prefix ''"
|
|
GIT_DEPTH: 0 # full clone — required to find ancestor tags
|
|
|
|
rules:
|
|
- if: $CI_COMMIT_BRANCH =~ /^release\/.+$/
|
|
|
|
before_script:
|
|
# Configure git to push back using the release token over HTTPS.
|
|
# CI_JOB_TOKEN cannot push tags, so a dedicated access token is required.
|
|
- git remote set-url origin
|
|
"https://oauth2:${RELEASE_TOKEN}@${CI_SERVER_HOST}/${CI_PROJECT_PATH}.git"
|
|
- git config user.email "${GITLAB_USER_EMAIL:-ci@releaser}"
|
|
- git config user.name "${GITLAB_USER_NAME:-Releaser CI}"
|
|
|
|
script:
|
|
# No --branch needed: releaser falls back to CI_COMMIT_BRANCH on detached HEAD.
|
|
- releaser $RELEASER_EXTRA_ARGS
|
|
|
|
artifacts:
|
|
reports:
|
|
dotenv: release.env # exposes NEXT_VERSION to downstream jobs
|
|
|
|
environment:
|
|
name: release/$CI_COMMIT_BRANCH
|