feat(ci-image): bake ecosystem CI toolchain (lint + release)
Adds the toolchain the reusable ecosystem workflows (999_testing) need, so jobs don't install it per run: shellcheck + yamllint (apt), eslint (global), and semantic-release with the conventionalcommits PRESET + @semantic-release/ git + changelog — the plugin set Olsitec's GitLab release template uses (olsitec/gitlab ci_templates/release-automation/semantic-release.yaml). Pinned in VERSIONS for traceability (NOT in preflight's up-gating tool set — these are downstream-job tools, not foundation-deploy tools). Rebuild the image on the VM after this change. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
8603177096
commit
f5f9d1f8a5
2 changed files with 38 additions and 0 deletions
12
VERSIONS
12
VERSIONS
|
|
@ -120,3 +120,15 @@ TOOL_OPENSSH_MIN=8.0
|
||||||
|
|
||||||
# --- S3 / RustFS client (bucket ops, backup put/get). MinIO client `mc`. ---
|
# --- S3 / RustFS client (bucket ops, backup put/get). MinIO client `mc`. ---
|
||||||
TOOL_MC_MIN=2023.01.01
|
TOOL_MC_MIN=2023.01.01
|
||||||
|
|
||||||
|
# -----------------------------------------------------------------------------
|
||||||
|
# ECOSYSTEM CI TOOLCHAIN (999_testing — reusable lint/release workflows)
|
||||||
|
# Baked into the foundation-ci image (containers/ci-image/Dockerfile), NOT
|
||||||
|
# part of preflight's `up`-gating tool set (these are job tools for downstream
|
||||||
|
# projects, not foundation-deploy tools). Pinned here for traceability; the
|
||||||
|
# eslint/semantic-release pins mirror the Dockerfile ARGs.
|
||||||
|
# -----------------------------------------------------------------------------
|
||||||
|
TOOL_SHELLCHECK_MIN=0.9.0 # apt (debian bookworm)
|
||||||
|
TOOL_YAMLLINT_MIN=1.26.0 # apt (debian bookworm)
|
||||||
|
TOOL_ESLINT_MIN=9.18.0 # npm -g (Dockerfile ESLINT_VERSION)
|
||||||
|
TOOL_SEMANTIC_RELEASE_MIN=24.2.3 # npm -g (Dockerfile SEMANTIC_RELEASE_VERSION)
|
||||||
|
|
|
||||||
|
|
@ -59,6 +59,32 @@ RUN set -eux; \
|
||||||
curl -fsSL "https://dl.min.io/client/mc/release/linux-${TARGETARCH}/archive/mc.${MC_RELEASE}" -o /usr/local/bin/mc; \
|
curl -fsSL "https://dl.min.io/client/mc/release/linux-${TARGETARCH}/archive/mc.${MC_RELEASE}" -o /usr/local/bin/mc; \
|
||||||
chmod +x /usr/local/bin/mc; mc --version
|
chmod +x /usr/local/bin/mc; mc --version
|
||||||
|
|
||||||
|
# --- ecosystem CI toolchain (999_testing): linters + release tooling -----------------
|
||||||
|
# shellcheck + yamllint from apt; eslint + semantic-release as pinned global npm installs
|
||||||
|
# so the reusable lint/semantic-release workflows have a toolchain even for projects that
|
||||||
|
# do not vendor their own (projects MAY still `bunx`/`npx` a pinned local version, which
|
||||||
|
# wins). NOT part of preflight's `up`-gating tool set — these are job tools, not deploy
|
||||||
|
# tools — but pinned in VERSIONS for traceability.
|
||||||
|
ARG ESLINT_VERSION=9.18.0
|
||||||
|
ARG SEMANTIC_RELEASE_VERSION=24.2.3
|
||||||
|
RUN set -eux; \
|
||||||
|
apt-get update; \
|
||||||
|
apt-get install -y --no-install-recommends shellcheck yamllint; \
|
||||||
|
rm -rf /var/lib/apt/lists/*; \
|
||||||
|
shellcheck --version; yamllint --version
|
||||||
|
# semantic-release + the plugin set Olsitec's release config uses (olsitec/gitlab
|
||||||
|
# ci_templates/release-automation/semantic-release.yaml): the conventionalcommits
|
||||||
|
# PRESET (not bundled) drives the releaseRules; git/changelog support real releases.
|
||||||
|
# Installed in the SAME global root so semantic-release resolves them by name.
|
||||||
|
RUN set -eux; \
|
||||||
|
npm install -g \
|
||||||
|
"eslint@${ESLINT_VERSION}" \
|
||||||
|
"semantic-release@${SEMANTIC_RELEASE_VERSION}" \
|
||||||
|
conventional-changelog-conventionalcommits@8.0.0 \
|
||||||
|
@semantic-release/git@10.0.1 \
|
||||||
|
@semantic-release/changelog@6.0.3; \
|
||||||
|
eslint --version; semantic-release --version
|
||||||
|
|
||||||
# Forgejo Actions overrides the entrypoint with its job script; keep a sane default.
|
# Forgejo Actions overrides the entrypoint with its job script; keep a sane default.
|
||||||
WORKDIR /workspace
|
WORKDIR /workspace
|
||||||
CMD ["bash"]
|
CMD ["bash"]
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue