Skip to content
Snippets Groups Projects
Commit 1d8420dd authored by Corné Lukken's avatar Corné Lukken
Browse files

CWG-75: Secure jobs with secrets and raise awareness

parent 3d2edde7
No related branches found
No related tags found
No related merge requests found
Pipeline #65516 passed with warnings
Pipeline: Python Binary Wheel Package

#65517

    ...@@ -41,6 +41,14 @@ cookiecutter https://git.astron.nl/templates/python-binary-wheel-package.git ...@@ -41,6 +41,14 @@ cookiecutter https://git.astron.nl/templates/python-binary-wheel-package.git
    # Next follow a set of prompts (such as the name and description of the package) # Next follow a set of prompts (such as the name and description of the package)
    ``` ```
    ## Gitlab security, secrets and role configuration
    When using these templates for a repository on git.astron.nl please read the following
    pages to configure Gitlab appropriately:
    1. [Gitlab Repository Configuration](https://git.astron.nl/groups/templates/-/wikis/Gitlab-Repository-Configuration)
    2. [Continuous delivery guideline](https://git.astron.nl/groups/templates/-/wikis/Continuous%20Delivery%20Guideline)
    ## License ## License
    This project is licensed under the Apache License Version 2.0 This project is licensed under the Apache License Version 2.0
    \ No newline at end of file
    ...@@ -155,6 +155,7 @@ publish_on_test_pypi: ...@@ -155,6 +155,7 @@ publish_on_test_pypi:
    when: manual when: manual
    rules: rules:
    - if: $CI_COMMIT_TAG - if: $CI_COMMIT_TAG
    allow_failure: true
    script: script:
    - echo "run twine for test pypi" - echo "run twine for test pypi"
    # - | # - |
    ...@@ -163,6 +164,7 @@ publish_on_test_pypi: ...@@ -163,6 +164,7 @@ publish_on_test_pypi:
    # TODO: replace URL with a pipy URL # TODO: replace URL with a pipy URL
    # python -m twine upload \ # python -m twine upload \
    # --repository-url ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/pypi dist/* # --repository-url ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/pypi dist/*
    - exit 1
    publish_on_pypi: publish_on_pypi:
    stage: publish stage: publish
    ...@@ -172,6 +174,7 @@ publish_on_pypi: ...@@ -172,6 +174,7 @@ publish_on_pypi:
    when: manual when: manual
    rules: rules:
    - if: $CI_COMMIT_TAG - if: $CI_COMMIT_TAG
    allow_failure: true
    script: script:
    - echo "run twine for pypi" - echo "run twine for pypi"
    # - | # - |
    ...@@ -180,6 +183,7 @@ publish_on_pypi: ...@@ -180,6 +183,7 @@ publish_on_pypi:
    # TODO: replace URL with a pipy URL # TODO: replace URL with a pipy URL
    # python -m twine upload \ # python -m twine upload \
    # --repository-url ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/pypi dist/* # --repository-url ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/pypi dist/*
    - exit 1
    publish_to_readthedocs: publish_to_readthedocs:
    stage: publish stage: publish
    ...@@ -193,3 +197,14 @@ publish_to_readthedocs: ...@@ -193,3 +197,14 @@ publish_to_readthedocs:
    script: script:
    - echo "scp docs/* ???" - echo "scp docs/* ???"
    - exit 1 - exit 1
    release_job:
    stage: publish
    image: registry.gitlab.com/gitlab-org/release-cli:latest
    rules:
    - if: '$CI_COMMIT_TAG && $CI_COMMIT_REF_PROTECTED == "true"'
    script:
    - echo "running release_job"
    release:
    tag_name: '$CI_COMMIT_TAG'
    description: '$CI_COMMIT_TAG'
    0% Loading or .
    You are about to add 0 people to the discussion. Proceed with caution.
    Please register or to comment