All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning.
[4] - on future date... somewhat unreleased but promises to have a new 5 be created for any breaking change
- PULL_REQUEST_TEMPLATE.md with a checklist of requirements for pull requests.
- Added kaniko_publish_arm pipeline job. It extends the standard Kaniko publish job for ARM-based architectures.
- Added multiarch_manifest_publish job. It publishes a multi-architecture Docker manifest using the Docker CLI. It merges two platform-specific images (amd64 and arm64) into a single unified image tag (multiarch).
- Breaking change moving the chmod +x out directly into jobs. This includes deleting GradleWrapperSetup.yml and its .configure_gradle_wrapper job.
- Breaking change of migrating to jobs used in GradleJavaPipeline.yml to new .gradle_java_base hidden job. This new job can be used for adding custom scripting for service account credential setup in a DRY manner.
- Moved manner include statements from pipeline templates to job templates so that the jobs can be independently run.
- Removed $PUBLISH_SNAPSHOT_GRADLE_FLAGS from publish_release_jar and also corrected Publish Jar README.md documented variables.
- Updated Kaniko.yml from exit 1 to exit 0 if image already exists
- Allowed publish_helm_chart to not require GPG signing.
- Caching for the .gradle/ folder to allow jobs across the pipeline to share downloaded artifacts to speed up pipelines.
- Coverage Report Aggregator Plugin (CRAP) integration improvements for Jacoco Gitlab Pages creation
- Install4J 11 and ejt.ks license server auth file encryption support
- Kaniko build args option
- Saving the reports generated by Gitlab's secret_detection and semgrep-sast jobs as artifacts
- Artifact of "**/build/reports/tests" to test_java Gitlab job to assist with debugging unit test failures
- Python pipeline with unit tests, unit test coverage, linting, formatting, and documentation checking
- Gitlab SAST job to Helm and Android pipelines
- Job to publish apk/aars to Artifactory in the Android template
- Job to combine unit and instrumented tests to the Android GitLab template.
- Job to visualize test reports created with the jacoco plugin.
- Job to create a Gitlab Release and added this job to the all pipeline templates.
- Artifact of "**/gl-sbom-*.cdx.json" so that the Gitlab generated CycloneDX is available for developers if needed.
- Breaking change of changing Android template's pipeline stages from assembleApk and deployApk to assemble and deploy since now handling apks and aars.
- Replaced jangrewe/gitlab-ci-android with theimpulson/gitlab-ci-android image in AndroidTemplate.yml
- Replaced jangrewe/gitlab-ci-android with theimpulson/gitlab-ci-android image in AndroidTemplateExt.yml
- Test coverage job from exit 0 to exit 1
- Junit report path to be more generic in Android Instrumentation Test Job
- Replaced semgrep-sast report name from dependency_scanning to sast
- Harbor robot accounts with $ in usernames to work for Helm push.
- Android pipeline would not work when RELEASE equaled true since combineCoverageReports needed testDebug which wasn't running since a release not a debug.
- Added Bash Gitlab pipeline template with linting and secret detection.
- Added IS_TERRAFORM_MODULE variable so Terraform Gitlab pipeline can run checks, but avoid deploying, Terraform modules.
- Updated Mega Linter Docker image from 7.5.0 to latest to more easily keep up to date with security updates.
- Added generic Trufflehog Gitlab job that can be used to search for secrets.
- Added needs to dependency_scanning_validation, secret_detection_validation, and static_application_security_testing_validation Gitlab jobs for speed.
- Various simple speed improvements to pipelines involving adding artifacts between jobs and moving jobs to different stages for parallelism.
- Updated several Docker images to smaller images for speed improvements.
- Added secret detection to multiple pipeline templates.
- Made all Gitlab pipelines interruptible.
- Updated PublishHelmChart.yml to support signing
- Moved Helm Gitlab job from custom devops image to alpine/helm.
- Added variable to easily be able to create signed Android apks without having to use git tags.
- Moved spotbugs sast to semgrep because spotbugs end of life for Gitlab for Java.
- Changed variable DEPLOY_DEBUG_APK_NAME to DEPLOY_DEBUG_APK_NAMES to now support multiple Android flavors.
- Automatically set Gradle Gitlab license and quality job's gradlew permissions.
- Updated Terraform pipeline's default Docker image from light to latest tag since light is deprecated.
- Fixed trivy sbom Gitlab job not working in merge request by changing rules so kaniko publish runs with trivy sbom and container scan jobs run, adding checks to not overwrite docker image in repo, adding publish of latest on main branch for docker.
- Added Helm OCI compatibility for Harbor 2.7 and later.
- Fixed gradle sast job which was calling the wrong python script.
- Updated sast python script to list all sast vulnerabilities found instead of failing on the first vulnerability found.
- Updated Mega Linter Docker image from nvuillam to oxsecurity Docker repo.
- Fixed bug in Android Ext pipeline where couldn't add gradle extra flags.
- Fixed bug by removing and creating public directory for Gitlab pages for NPM Gitlab pipelines.
- Added
mainbranch to dev regexes. - Added Android lint and instrumentation test jobs.
- Added test, assemble, and deploy jobs for Android release builds.
- Unified DEV_REGEX and DEV_OR_RELEASE_REGEX for Gradle Java pipeline.
- Added spotbugs, code quality, and secrete detection to NPM pipeline.
- Added AsciiDoc Gradle job.
- Added Helm Pipeline.
- Added Checkov scanning job for IaC SAST scanning.
- Added Mega Linter scanning job for generic linting.
- Added Trivy SBOM Docker job.
- Added Docker pipeline.
- Added n-tier gradle subproject handling for quality and license pages.
- Added Fortify scanning job.
- Updated the vanilla Android pipeline to work properly and send releases over Slack.
- Moved
SSH_PRIVATE_KEYtoBASE64_ENCODED_SSH_PRIVATE_KEYto handle base 64 encoded SSH keys for Ansible.
- Added
HTTP_CONNECTION_TIMEOUT_MSandHTTP_SOCKET_TIMEOUT_MSvariables to Install4J job to increase timeouts for large installer publishes.
- Added NPM pipeline.
- Added WebTAK pipeline.
- Added Terraform pipeline.
- Added Ansible pipeline.
- Added Packer pipeline.
- Added license report multi-module aggregation.
- Added report generation for gl-sast-report.json.
- Added aggregation of JavaDocs for multimodule projects.
- Integrated SAST into Gradle Java pipeline.
- Added a license scanning job.
- Updated quality reporting to support multimodule repos.
- Added Gradle Plugin release pipeline.
- Added support for multiple page generation.
- Added a quality check job.
- Added Jacoco report coverage.
- Updated docker
jibjob to take credentials as an argument if config file is not present
- Initial release mirroring the capabilities pulled from existing standardized pipelines used at CTI.
- Initial migration and publication of templates to a public repo for shared usage across GitLab instances