Skip to content
Snippets Groups Projects
Commit f40ecaa0 authored by Corné Lukken's avatar Corné Lukken Committed by Corné Lukken
Browse files

CWG-75: Secure jobs with secrets and raise awareness

parent d07d007a
No related branches found
No related tags found
1 merge request!5CWG-75: Secure jobs with secrets and raise awareness
This commit is part of merge request !5. Comments created here will be created in the context of that merge request.
Show whitespace changes
Inline Side-by-side
README.md
+ 8
0
View file @ f40ecaa0
...@@ -41,6 +41,14 @@ cookiecutter https://git.astron.nl/templates/python-binary-wheel-package.git ...@@ -41,6 +41,14 @@ cookiecutter https://git.astron.nl/templates/python-binary-wheel-package.git
# Next follow a set of prompts (such as the name and description of the package) # Next follow a set of prompts (such as the name and description of the package)
``` ```
## Gitlab security, secrets and role configuration
When using these templates for a repository on git.astron.nl please read the following
pages to configure Gitlab appropriately:
1. [Gitlab Repository Configuration](https://git.astron.nl/groups/templates/-/wikis/Gitlab-Repository-Configuration)
2. [Continuous delivery guideline](https://git.astron.nl/groups/templates/-/wikis/Continuous%20Delivery%20Guideline)
## License ## License
This project is licensed under the Apache License Version 2.0 This project is licensed under the Apache License Version 2.0
\ No newline at end of file
{{cookiecutter.project_slug}}/.gitlab-ci.yml
+ 15
0
View file @ f40ecaa0
...@@ -156,6 +156,7 @@ publish_on_test_pypi: ...@@ -156,6 +156,7 @@ publish_on_test_pypi:
when: manual when: manual
rules: rules:
- if: $CI_COMMIT_TAG - if: $CI_COMMIT_TAG
allow_failure: true
script: script:
- echo "run twine for test pypi" - echo "run twine for test pypi"
# - | # - |
...@@ -164,6 +165,7 @@ publish_on_test_pypi: ...@@ -164,6 +165,7 @@ publish_on_test_pypi:
# TODO: replace URL with a pipy URL # TODO: replace URL with a pipy URL
# python -m twine upload \ # python -m twine upload \
# --repository-url ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/pypi dist/* # --repository-url ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/pypi dist/*
- exit 1
publish_on_pypi: publish_on_pypi:
stage: publish stage: publish
...@@ -173,6 +175,7 @@ publish_on_pypi: ...@@ -173,6 +175,7 @@ publish_on_pypi:
when: manual when: manual
rules: rules:
- if: $CI_COMMIT_TAG - if: $CI_COMMIT_TAG
allow_failure: true
script: script:
- echo "run twine for pypi" - echo "run twine for pypi"
# - | # - |
...@@ -181,6 +184,7 @@ publish_on_pypi: ...@@ -181,6 +184,7 @@ publish_on_pypi:
# TODO: replace URL with a pipy URL # TODO: replace URL with a pipy URL
# python -m twine upload \ # python -m twine upload \
# --repository-url ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/pypi dist/* # --repository-url ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/pypi dist/*
- exit 1
publish_to_readthedocs: publish_to_readthedocs:
stage: publish stage: publish
...@@ -194,3 +198,14 @@ publish_to_readthedocs: ...@@ -194,3 +198,14 @@ publish_to_readthedocs:
script: script:
- echo "scp docs/* ???" - echo "scp docs/* ???"
- exit 1 - exit 1
release_job:
stage: publish
image: registry.gitlab.com/gitlab-org/release-cli:latest
rules:
- if: '$CI_COMMIT_TAG && $CI_COMMIT_REF_PROTECTED == "true"'
script:
- echo "running release_job"
release:
tag_name: '$CI_COMMIT_TAG'
description: '$CI_COMMIT_TAG'
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment