Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • 6
  • 6.7
  • 6.7.0
  • 6.6
  • 6.6.5
  • 6.6.4
  • 6.6.3
  • 6.6.2
  • 6.6.1
  • 6.6.0
  • 6.5
  • 6.5.0
  • 6.4
  • 6.4.1
  • 6.4.0
  • 6.3
  • 6.3.5
  • 6.3.4
  • 6.3.3
  • 6.3.2
21 results
Blame Permalink
gitlab-ci-python.yml 30.75 KiB 
# =========================================================================================
# Copyright (C) 2021 Orange & contributors
#
# This program is free software; you can redistribute it and/or modify it under the terms
# of the GNU Lesser General Public License as published by the Free Software Foundation;
# either version 3 of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
# without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along with this
# program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
# Floor, Boston, MA  02110-1301, USA.
# =========================================================================================
# default workflow rules
workflow:
  rules:
    # exclude merge requests
    - if: $CI_MERGE_REQUEST_ID
      when: never
    - when: always

variables:
  # variabilized tracking image
  TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master"

  # Change pip's cache directory to be inside the project directory since we can
  # only cache local items.
  PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
  # Poetry support: force virtualenv not in project dir & use local cache dir
  POETRY_CACHE_DIR: "$CI_PROJECT_DIR/.cache/poetry"
  POETRY_VIRTUALENVS_IN_PROJECT: "false"
  PIPENV_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pipenv"

  PYTHON_IMAGE: python:3
  # Default Python project root directory
  PYTHON_PROJECT_DIR: .

  PYTHON_REQS_FILE: requirements.txt
  PYTHON_EXTRA_REQS_FILES: "requirements-dev.txt"

  # default production ref name (pattern)
  PROD_REF: '/^(master|main)$/'
  # default integration ref name (pattern)
  INTEG_REF: '/^develop$/'

  # compileall
  PYTHON_COMPILE_ARGS: "*"

  BANDIT_ARGS: "--recursive ."

  # Safety tool
  SAFETY_ARGS: "--full-report"

  # Trivy tool
  PYTHON_TRIVY_IMAGE: aquasec/trivy:latest
  PYTHON_TRIVY_ARGS: "--vuln-type library"

  PYTHON_RELEASE_NEXT: "minor"

  # By default, publish on the Packages registry of the project
  # https://docs.gitlab.com/ee/user/packages/pypi_repository/#authenticate-with-a-ci-job-token
  PYTHON_REPOSITORY_URL: ${CI_SERVER_URL}/api/v4/projects/${CI_PROJECT_ID}/packages/pypi
  PYTHON_REPOSITORY_USERNAME: 'gitlab-ci-token'
  PYTHON_REPOSITORY_PASSWORD: $CI_JOB_TOKEN

.python-scripts: &python-scripts |
  # BEGSCRIPT
  set -e