diff --git a/VERSIONS b/VERSIONS index 527f8e3..f703028 100644 --- a/VERSIONS +++ b/VERSIONS @@ -120,3 +120,15 @@ TOOL_OPENSSH_MIN=8.0 # --- S3 / RustFS client (bucket ops, backup put/get). MinIO client `mc`. --- TOOL_MC_MIN=2023.01.01 + +# ----------------------------------------------------------------------------- +# ECOSYSTEM CI TOOLCHAIN (999_testing — reusable lint/release workflows) +# Baked into the foundation-ci image (containers/ci-image/Dockerfile), NOT +# part of preflight's `up`-gating tool set (these are job tools for downstream +# projects, not foundation-deploy tools). Pinned here for traceability; the +# eslint/semantic-release pins mirror the Dockerfile ARGs. +# ----------------------------------------------------------------------------- +TOOL_SHELLCHECK_MIN=0.9.0 # apt (debian bookworm) +TOOL_YAMLLINT_MIN=1.26.0 # apt (debian bookworm) +TOOL_ESLINT_MIN=9.18.0 # npm -g (Dockerfile ESLINT_VERSION) +TOOL_SEMANTIC_RELEASE_MIN=24.2.3 # npm -g (Dockerfile SEMANTIC_RELEASE_VERSION) diff --git a/containers/ci-image/Dockerfile b/containers/ci-image/Dockerfile index 00dc17a..bf7eda2 100644 --- a/containers/ci-image/Dockerfile +++ b/containers/ci-image/Dockerfile @@ -59,6 +59,32 @@ RUN set -eux; \ curl -fsSL "https://dl.min.io/client/mc/release/linux-${TARGETARCH}/archive/mc.${MC_RELEASE}" -o /usr/local/bin/mc; \ chmod +x /usr/local/bin/mc; mc --version +# --- ecosystem CI toolchain (999_testing): linters + release tooling ----------------- +# shellcheck + yamllint from apt; eslint + semantic-release as pinned global npm installs +# so the reusable lint/semantic-release workflows have a toolchain even for projects that +# do not vendor their own (projects MAY still `bunx`/`npx` a pinned local version, which +# wins). NOT part of preflight's `up`-gating tool set — these are job tools, not deploy +# tools — but pinned in VERSIONS for traceability. +ARG ESLINT_VERSION=9.18.0 +ARG SEMANTIC_RELEASE_VERSION=24.2.3 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends shellcheck yamllint; \ + rm -rf /var/lib/apt/lists/*; \ + shellcheck --version; yamllint --version +# semantic-release + the plugin set Olsitec's release config uses (olsitec/gitlab +# ci_templates/release-automation/semantic-release.yaml): the conventionalcommits +# PRESET (not bundled) drives the releaseRules; git/changelog support real releases. +# Installed in the SAME global root so semantic-release resolves them by name. +RUN set -eux; \ + npm install -g \ + "eslint@${ESLINT_VERSION}" \ + "semantic-release@${SEMANTIC_RELEASE_VERSION}" \ + conventional-changelog-conventionalcommits@8.0.0 \ + @semantic-release/git@10.0.1 \ + @semantic-release/changelog@6.0.3; \ + eslint --version; semantic-release --version + # Forgejo Actions overrides the entrypoint with its job script; keep a sane default. WORKDIR /workspace CMD ["bash"]