@intentius/chant-lexicon-gitlab 0.0.1 → 0.0.3

package/README.md

@@ -0,0 +1,59 @@
+# @intentius/chant-lexicon-gitlab
+
+> Part of the [chant](../../README.md) monorepo. Published as [`@intentius/chant-lexicon-gitlab`](https://www.npmjs.com/package/@intentius/chant-lexicon-gitlab) on npm.
+
+GitLab CI lexicon for chant — declare CI/CD pipelines as flat, typed TypeScript that serializes to `.gitlab-ci.yml`.
+
+## Overview
+
+This package provides:
+
+- **GitLab CI serializer** — converts chant declarables to GitLab CI YAML
+- **Resource types** — typed constructors for `Job`, `Default`, `Workflow`, and all GitLab CI keywords
+- **Property types** — `Artifacts`, `Cache`, `Image`, `Rule`, `Retry`, `Environment`, `Trigger`, and more
+- **Lint rules** — GitLab-specific validation (e.g. missing script, deprecated only/except)
+- **Code generation** — generates TypeScript types from the GitLab CI JSON schema
+- **LSP/MCP support** — completions and hover for GitLab CI keywords
+
+## Usage
+
+```typescript
+import { Job, Artifacts, Image } from "@intentius/chant-lexicon-gitlab";
+
+export const testJob = new Job({
+  stage: "test",
+  image: new Image({ name: "node:20" }),
+  script: ["npm ci", "npm test"],
+  artifacts: new Artifacts({
+    paths: ["coverage/"],
+    expireIn: "1 week",
+  }),
+});
+```
+
+## Lint Rules
+
+| Rule | Description |
+|------|-------------|
+| `missing-script` | Job must have a `script` keyword |
+| `missing-stage` | Job should declare a `stage` |
+| `deprecated-only-except` | Flags use of deprecated `only`/`except` keywords |
+| `artifact-no-expiry` | Artifacts should have `expire_in` set |
+
+## Code Generation
+
+The GitLab lexicon generates types from the [GitLab CI JSON schema](https://gitlab.com/gitlab-org/gitlab/-/raw/master/app/assets/javascripts/editor/schema/ci.json):
+
+- `codegen/generate.ts` — calls core `generatePipeline<GitLabParseResult>` with GitLab callbacks
+- `codegen/naming.ts` — extends core `NamingStrategy` for GitLab CI keywords
+- `codegen/package.ts` — calls core `packagePipeline` with GitLab manifest
+- `codegen/parse.ts` — parses the GitLab CI JSON schema into typed entities
+
+## Related Packages
+
+- `@intentius/chant` — core functionality, type system, and CLI
+- `@intentius/chant-lexicon-aws` — AWS CloudFormation lexicon
+
+## License
+
+See the main project LICENSE file.

package/dist/integrity.json

@@ -0,0 +1,17 @@
+{
+  "algorithm": "xxhash64",
+  "artifacts": {
+    "manifest.json": "ebbf7a6ac4cb48ce",
+    "meta.json": "3a60a5c15437a93b",
+    "types/index.d.ts": "2ab52d25cd1a5a14",
+    "rules/missing-stage.ts": "6d5379e74209a735",
+    "rules/missing-script.ts": "923dde9acb46cc28",
+    "rules/deprecated-only-except.ts": "1f5a8c785777fb03",
+    "rules/artifact-no-expiry.ts": "26874cb6adfbca26",
+    "rules/wgl011.ts": "b6b97e5104d91267",
+    "rules/wgl010.ts": "1548cad287cdf286",
+    "rules/yaml-helpers.ts": "a66cc193b4ef4f0a",
+    "skills/gitlab-ci.md": "f860e40c2643c327"
+  },
+  "composite": "93408e2ccfc0086a"
+}

package/dist/manifest.json

@@ -0,0 +1,15 @@
+{
+  "name": "gitlab",
+  "version": "0.0.3",
+  "chantVersion": ">=0.1.0",
+  "namespace": "GitLab",
+  "intrinsics": [
+    {
+      "name": "reference",
+      "description": "!reference tag — reference another job's properties",
+      "outputKey": "!reference",
+      "isTag": true
+    }
+  ],
+  "pseudoParameters": {}
+}

package/dist/meta.json

@@ -0,0 +1,77 @@
+{
+  "AllowFailure": {
+    "resourceType": "GitLab::CI::AllowFailure",
+    "kind": "property",
+    "lexicon": "gitlab"
+  },
+  "Artifacts": {
+    "resourceType": "GitLab::CI::Artifacts",
+    "kind": "property",
+    "lexicon": "gitlab"
+  },
+  "AutoCancel": {
+    "resourceType": "GitLab::CI::AutoCancel",
+    "kind": "property",
+    "lexicon": "gitlab"
+  },
+  "Cache": {
+    "resourceType": "GitLab::CI::Cache",
+    "kind": "property",
+    "lexicon": "gitlab"
+  },
+  "Default": {
+    "resourceType": "GitLab::CI::Default",
+    "kind": "resource",
+    "lexicon": "gitlab"
+  },
+  "Environment": {
+    "resourceType": "GitLab::CI::Environment",
+    "kind": "property",
+    "lexicon": "gitlab"
+  },
+  "Image": {
+    "resourceType": "GitLab::CI::Image",
+    "kind": "property",
+    "lexicon": "gitlab"
+  },
+  "Include": {
+    "resourceType": "GitLab::CI::Include",
+    "kind": "property",
+    "lexicon": "gitlab"
+  },
+  "Job": {
+    "resourceType": "GitLab::CI::Job",
+    "kind": "resource",
+    "lexicon": "gitlab"
+  },
+  "Parallel": {
+    "resourceType": "GitLab::CI::Parallel",
+    "kind": "property",
+    "lexicon": "gitlab"
+  },
+  "Release": {
+    "resourceType": "GitLab::CI::Release",
+    "kind": "property",
+    "lexicon": "gitlab"
+  },
+  "Retry": {
+    "resourceType": "GitLab::CI::Retry",
+    "kind": "property",
+    "lexicon": "gitlab"
+  },
+  "Rule": {
+    "resourceType": "GitLab::CI::Rule",
+    "kind": "property",
+    "lexicon": "gitlab"
+  },
+  "Trigger": {
+    "resourceType": "GitLab::CI::Trigger",
+    "kind": "property",
+    "lexicon": "gitlab"
+  },
+  "Workflow": {
+    "resourceType": "GitLab::CI::Workflow",
+    "kind": "resource",
+    "lexicon": "gitlab"
+  }
+}

package/dist/rules/artifact-no-expiry.ts

@@ -0,0 +1,62 @@
+/**
+ * WGL004: Artifacts without expiry
+ *
+ * Artifacts without `expireIn` (or `expire_in`) will be kept indefinitely,
+ * wasting storage. Always set an expiry for job artifacts.
+ */
+
+import type { LintRule, LintDiagnostic, LintContext } from "@intentius/chant/lint/rule";
+import * as ts from "typescript";
+
+export const artifactNoExpiryRule: LintRule = {
+  id: "WGL004",
+  severity: "warning",
+  category: "performance",
+
+  check(context: LintContext): LintDiagnostic[] {
+    const { sourceFile } = context;
+    const diagnostics: LintDiagnostic[] = [];
+
+    function visit(node: ts.Node): void {
+      if (ts.isNewExpression(node)) {
+        let isArtifacts = false;
+        const expression = node.expression;
+
+        if (ts.isIdentifier(expression) && expression.text === "Artifacts") {
+          isArtifacts = true;
+        } else if (ts.isPropertyAccessExpression(expression) && expression.name.text === "Artifacts") {
+          isArtifacts = true;
+        }
+
+        if (isArtifacts && node.arguments && node.arguments.length > 0) {
+          const props = node.arguments[0];
+          if (ts.isObjectLiteralExpression(props)) {
+            const hasExpiry = props.properties.some((prop) => {
+              if (ts.isPropertyAssignment(prop) && ts.isIdentifier(prop.name)) {
+                return prop.name.text === "expireIn" || prop.name.text === "expire_in";
+              }
+              return false;
+            });
+
+            if (!hasExpiry) {
+              const { line, character } = sourceFile.getLineAndCharacterOfPosition(node.getStart());
+              diagnostics.push({
+                file: sourceFile.fileName,
+                line: line + 1,
+                column: character + 1,
+                ruleId: "WGL004",
+                severity: "warning",
+                message: 'Artifacts without "expireIn" will be kept indefinitely. Set an expiry to save storage.',
+              });
+            }
+          }
+        }
+      }
+
+      ts.forEachChild(node, visit);
+    }
+
+    visit(sourceFile);
+    return diagnostics;
+  },
+};

package/dist/rules/deprecated-only-except.ts

@@ -0,0 +1,53 @@
+/**
+ * WGL001: Deprecated only/except keywords
+ *
+ * Flags usage of `only:` and `except:` in GitLab CI jobs.
+ * These keywords are deprecated in favor of `rules:` which provides
+ * more flexible conditional execution.
+ */
+
+import type { LintRule, LintDiagnostic, LintContext } from "@intentius/chant/lint/rule";
+import * as ts from "typescript";
+
+export const deprecatedOnlyExceptRule: LintRule = {
+  id: "WGL001",
+  severity: "warning",
+  category: "style",
+
+  check(context: LintContext): LintDiagnostic[] {
+    const { sourceFile } = context;
+    const diagnostics: LintDiagnostic[] = [];
+
+    function visit(node: ts.Node): void {
+      // Look for property assignments named "only" or "except"
+      // inside new Job(...) or similar constructor calls
+      if (ts.isPropertyAssignment(node) && ts.isIdentifier(node.name)) {
+        const propName = node.name.text;
+        if (propName === "only" || propName === "except") {
+          // Check if this is inside a new expression (Job constructor)
+          let parent: ts.Node | undefined = node.parent;
+          while (parent) {
+            if (ts.isNewExpression(parent)) {
+              const { line, character } = sourceFile.getLineAndCharacterOfPosition(node.getStart());
+              diagnostics.push({
+                file: sourceFile.fileName,
+                line: line + 1,
+                column: character + 1,
+                ruleId: "WGL001",
+                severity: "warning",
+                message: `"${propName}" is deprecated. Use "rules" for conditional job execution instead.`,
+              });
+              break;
+            }
+            parent = parent.parent;
+          }
+        }
+      }
+
+      ts.forEachChild(node, visit);
+    }
+
+    visit(sourceFile);
+    return diagnostics;
+  },
+};

package/dist/rules/missing-script.ts

@@ -0,0 +1,65 @@
+/**
+ * WGL002: Missing script
+ *
+ * A GitLab CI job must have `script`, `trigger`, or `run` defined.
+ * Jobs without any of these will fail pipeline validation.
+ */
+
+import type { LintRule, LintDiagnostic, LintContext } from "@intentius/chant/lint/rule";
+import * as ts from "typescript";
+
+const VALID_EXECUTION_PROPS = new Set(["script", "trigger", "run"]);
+
+export const missingScriptRule: LintRule = {
+  id: "WGL002",
+  severity: "error",
+  category: "correctness",
+
+  check(context: LintContext): LintDiagnostic[] {
+    const { sourceFile } = context;
+    const diagnostics: LintDiagnostic[] = [];
+
+    function visit(node: ts.Node): void {
+      if (ts.isNewExpression(node)) {
+        // Check for `new Job(...)` or `new gl.Job(...)`
+        let isJob = false;
+        const expression = node.expression;
+
+        if (ts.isIdentifier(expression) && expression.text === "Job") {
+          isJob = true;
+        } else if (ts.isPropertyAccessExpression(expression) && expression.name.text === "Job") {
+          isJob = true;
+        }
+
+        if (isJob && node.arguments && node.arguments.length > 0) {
+          const props = node.arguments[0];
+          if (ts.isObjectLiteralExpression(props)) {
+            const hasExecution = props.properties.some((prop) => {
+              if (ts.isPropertyAssignment(prop) && ts.isIdentifier(prop.name)) {
+                return VALID_EXECUTION_PROPS.has(prop.name.text);
+              }
+              return false;
+            });
+
+            if (!hasExecution) {
+              const { line, character } = sourceFile.getLineAndCharacterOfPosition(node.getStart());
+              diagnostics.push({
+                file: sourceFile.fileName,
+                line: line + 1,
+                column: character + 1,
+                ruleId: "WGL002",
+                severity: "error",
+                message: 'Job must have "script", "trigger", or "run" defined.',
+              });
+            }
+          }
+        }
+      }
+
+      ts.forEachChild(node, visit);
+    }
+
+    visit(sourceFile);
+    return diagnostics;
+  },
+};

package/dist/rules/missing-stage.ts

@@ -0,0 +1,62 @@
+/**
+ * WGL003: Missing stage
+ *
+ * Jobs should declare a `stage` property. Without it, the job defaults
+ * to the "test" stage which may not be the intended behavior.
+ */
+
+import type { LintRule, LintDiagnostic, LintContext } from "@intentius/chant/lint/rule";
+import * as ts from "typescript";
+
+export const missingStageRule: LintRule = {
+  id: "WGL003",
+  severity: "info",
+  category: "style",
+
+  check(context: LintContext): LintDiagnostic[] {
+    const { sourceFile } = context;
+    const diagnostics: LintDiagnostic[] = [];
+
+    function visit(node: ts.Node): void {
+      if (ts.isNewExpression(node)) {
+        let isJob = false;
+        const expression = node.expression;
+
+        if (ts.isIdentifier(expression) && expression.text === "Job") {
+          isJob = true;
+        } else if (ts.isPropertyAccessExpression(expression) && expression.name.text === "Job") {
+          isJob = true;
+        }
+
+        if (isJob && node.arguments && node.arguments.length > 0) {
+          const props = node.arguments[0];
+          if (ts.isObjectLiteralExpression(props)) {
+            const hasStage = props.properties.some((prop) => {
+              if (ts.isPropertyAssignment(prop) && ts.isIdentifier(prop.name)) {
+                return prop.name.text === "stage";
+              }
+              return false;
+            });
+
+            if (!hasStage) {
+              const { line, character } = sourceFile.getLineAndCharacterOfPosition(node.getStart());
+              diagnostics.push({
+                file: sourceFile.fileName,
+                line: line + 1,
+                column: character + 1,
+                ruleId: "WGL003",
+                severity: "info",
+                message: 'Job does not declare a "stage". It will default to "test".',
+              });
+            }
+          }
+        }
+      }
+
+      ts.forEachChild(node, visit);
+    }
+
+    visit(sourceFile);
+    return diagnostics;
+  },
+};

package/dist/rules/wgl010.ts

@@ -0,0 +1,41 @@
+/**
+ * WGL010: Undefined stage
+ *
+ * Detects jobs that reference a stage not declared in the `stages:` list.
+ * This will cause a pipeline validation error in GitLab.
+ */
+
+import type { PostSynthCheck, PostSynthContext, PostSynthDiagnostic } from "@intentius/chant/lint/post-synth";
+import { getPrimaryOutput, extractStages, extractJobs } from "./yaml-helpers";
+
+export const wgl010: PostSynthCheck = {
+  id: "WGL010",
+  description: "Job references a stage not in the stages list",
+
+  check(ctx: PostSynthContext): PostSynthDiagnostic[] {
+    const diagnostics: PostSynthDiagnostic[] = [];
+
+    for (const [, output] of ctx.outputs) {
+      const yaml = getPrimaryOutput(output);
+      const stages = extractStages(yaml);
+      if (stages.length === 0) continue; // No explicit stages — GitLab uses defaults
+
+      const stageSet = new Set(stages);
+      const jobs = extractJobs(yaml);
+
+      for (const [jobName, job] of jobs) {
+        if (job.stage && !stageSet.has(job.stage)) {
+          diagnostics.push({
+            checkId: "WGL010",
+            severity: "error",
+            message: `Job "${jobName}" references undefined stage "${job.stage}". Add it to the stages list.`,
+            entity: jobName,
+            lexicon: "gitlab",
+          });
+        }
+      }
+    }
+
+    return diagnostics;
+  },
+};

package/dist/rules/wgl011.ts

@@ -0,0 +1,54 @@
+/**
+ * WGL011: Unreachable job
+ *
+ * Detects jobs where all `rules:` entries evaluate to `when: never`,
+ * making the job unreachable. This usually indicates a configuration error.
+ *
+ * Note: This is a simple static check — it only catches the obvious case
+ * where every rule has `when: "never"` literally set. Complex conditions
+ * with `if:` expressions are not evaluated.
+ */
+
+import type { PostSynthCheck, PostSynthContext, PostSynthDiagnostic } from "@intentius/chant/lint/post-synth";
+import { isPropertyDeclarable } from "@intentius/chant/declarable";
+
+export const wgl011: PostSynthCheck = {
+  id: "WGL011",
+  description: "Job has rules that always evaluate to never (unreachable)",
+
+  check(ctx: PostSynthContext): PostSynthDiagnostic[] {
+    const diagnostics: PostSynthDiagnostic[] = [];
+
+    for (const [entityName, entity] of ctx.entities) {
+      if (isPropertyDeclarable(entity)) continue;
+      const entityType = (entity as Record<string, unknown>).entityType as string;
+      if (entityType !== "GitLab::CI::Job") continue;
+
+      const props = (entity as Record<string, unknown>).props as Record<string, unknown> | undefined;
+      if (!props?.rules || !Array.isArray(props.rules)) continue;
+
+      const rules = props.rules as Array<Record<string, unknown>>;
+      if (rules.length === 0) continue;
+
+      // Check if ALL rules have when: "never"
+      const allNever = rules.every((rule) => {
+        // If the rule is a declarable (e.g. new Rule({...})), check its props
+        const ruleProps = (rule as Record<string, unknown>).props as Record<string, unknown> | undefined;
+        const when = ruleProps?.when ?? (rule as Record<string, unknown>).when;
+        return when === "never";
+      });
+
+      if (allNever) {
+        diagnostics.push({
+          checkId: "WGL011",
+          severity: "warning",
+          message: `Job "${entityName}" has rules that all evaluate to "never" — this job will never run.`,
+          entity: entityName,
+          lexicon: "gitlab",
+        });
+      }
+    }
+
+    return diagnostics;
+  },
+};

package/dist/rules/yaml-helpers.ts

@@ -0,0 +1,88 @@
+/**
+ * Helpers for parsing serialized GitLab CI YAML in post-synth checks.
+ *
+ * Since GitLab CI output is YAML (not JSON like CloudFormation), we parse
+ * the YAML sections structurally using simple regex/string parsing. The
+ * serializer emits a predictable format so we can extract what we need
+ * without a full YAML parser dependency.
+ */
+
+import type { SerializerResult } from "@intentius/chant/serializer";
+
+/**
+ * Extract the primary output string from a serializer result.
+ */
+export function getPrimaryOutput(output: string | SerializerResult): string {
+  return typeof output === "string" ? output : output.primary;
+}
+
+/**
+ * Parse a serialized GitLab CI YAML into a structured object.
+ * Returns null if the output can't be parsed.
+ */
+export interface ParsedGitLabCI {
+  stages: string[];
+  jobs: Map<string, ParsedJob>;
+}
+
+export interface ParsedJob {
+  name: string;
+  stage?: string;
+  rules?: ParsedRule[];
+}
+
+export interface ParsedRule {
+  when?: string;
+  if?: string;
+}
+
+/**
+ * Extract stages list from serialized YAML.
+ */
+export function extractStages(yaml: string): string[] {
+  const stages: string[] = [];
+  const stagesMatch = yaml.match(/^stages:\n((?:\s+- .+\n?)+)/m);
+  if (stagesMatch) {
+    for (const line of stagesMatch[1].split("\n")) {
+      const item = line.match(/^\s+- (.+)$/);
+      if (item) stages.push(item[1].trim().replace(/^'|'$/g, ""));
+    }
+  }
+  return stages;
+}
+
+/**
+ * Extract job names and their stage values from serialized YAML.
+ */
+export function extractJobs(yaml: string): Map<string, ParsedJob> {
+  const jobs = new Map<string, ParsedJob>();
+
+  // Split into sections by double newlines
+  const sections = yaml.split("\n\n");
+  for (const section of sections) {
+    const lines = section.split("\n");
+    if (lines.length === 0) continue;
+
+    // Top-level key
+    const topMatch = lines[0].match(/^([a-z][a-z0-9_-]*):/);
+    if (!topMatch) continue;
+
+    const name = topMatch[1];
+    // Skip reserved keys
+    if (["stages", "default", "workflow", "variables", "include"].includes(name)) continue;
+
+    const job: ParsedJob = { name };
+
+    // Find stage within the section
+    for (const line of lines) {
+      const stageMatch = line.match(/^\s+stage:\s+(.+)$/);
+      if (stageMatch) {
+        job.stage = stageMatch[1].trim().replace(/^'|'$/g, "");
+      }
+    }
+
+    jobs.set(name, job);
+  }
+
+  return jobs;
+}

package/dist/skills/gitlab-ci.md

@@ -0,0 +1,37 @@
+---
+name: gitlab-ci
+description: GitLab CI/CD best practices and common patterns
+---
+
+# GitLab CI/CD with Chant
+
+## Common Entity Types
+
+- `Job` — Pipeline job definition
+- `Default` — Default settings inherited by all jobs
+- `Workflow` — Pipeline-level configuration
+- `Artifacts` — Job artifact configuration
+- `Cache` — Cache configuration
+- `Image` — Docker image for a job
+- `Rule` — Conditional execution rule
+- `Environment` — Deployment environment
+- `Trigger` — Trigger downstream pipeline
+- `Include` — Include external CI configuration
+
+## Predefined Variables
+
+- `CI.CommitBranch` — Current branch name
+- `CI.CommitSha` — Current commit SHA
+- `CI.PipelineSource` — What triggered the pipeline
+- `CI.ProjectPath` — Project path (group/project)
+- `CI.Registry` — Container registry URL
+- `CI.MergeRequestIid` — MR internal ID
+
+## Best Practices
+
+1. **Use stages** — Organize jobs into logical stages (build, test, deploy)
+2. **Cache dependencies** — Cache node_modules, pip packages, etc.
+3. **Use rules** — Prefer `rules:` over `only:/except:` for conditional execution
+4. **Minimize artifacts** — Only preserve files needed by later stages
+5. **Use includes** — Share common configuration across projects
+6. **Set timeouts** — Prevent stuck jobs from blocking pipelines

package/dist/types/index.d.ts

@@ -0,0 +1,248 @@
+// Code generated by chant gitlab generate. DO NOT EDIT.
+
+// --- CI Entity classes ---
+
+export declare class AllowFailure {
+  constructor(props: {
+    exit_codes: number;
+  });
+}
+
+export declare class Artifacts {
+  constructor(props: {
+    access?: "none" | "developer" | "all";
+    exclude?: string[];
+    expire_in?: string;
+    expose_as?: string;
+    name?: string;
+    paths?: string[];
+    reports?: Record<string, unknown>;
+    untracked?: boolean;
+    when?: "on_success" | "on_failure" | "always";
+  });
+}
+
+export declare class AutoCancel {
+  constructor(props: {
+    on_job_failure?: "none" | "all";
+    on_new_commit?: "conservative" | "interruptible" | "none";
+  });
+}
+
+export declare class Cache {
+  constructor(props: {
+    fallback_keys?: string[];
+    key?: string | Record<string, any>;
+    paths?: string[];
+    policy?: string;
+    unprotect?: boolean;
+    untracked?: boolean;
+    when?: "on_success" | "on_failure" | "always";
+  });
+}
+
+export declare class Default {
+  constructor(props: {
+    after_script?: string | string[];
+    artifacts?: Artifacts;
+    before_script?: string | string[];
+    cache?: Cache | Cache[];
+    hooks?: Record<string, unknown>;
+    id_tokens?: Record<string, unknown>;
+    identity?: "google_cloud";
+    image?: Image;
+    interruptible?: boolean;
+    retry?: Retry | number;
+    services?: Service[];
+    tags?: any[];
+    timeout?: string;
+  });
+}
+
+export declare class Environment {
+  constructor(props: {
+    /** The name of the environment, e.g. 'qa', 'staging', 'production'. */
+    name: string;
+    /** Specifies what this job will do. 'start' (default) indicates the job will start the deployment. 'prepare'/'verify'/'access' indicates this will not affect the deployment. 'stop' indicates this will stop the deployment. */
+    action?: "start" | "prepare" | "stop" | "verify" | "access";
+    /** The amount of time it should take before Gitlab will automatically stop the environment. Supports a wide variety of formats, e.g. '1 week', '3 mins 4 sec', '2 hrs 20 min', '2h20min', '6 mos 1 day', '47 yrs 6 mos and 4d', '3 weeks and 2 days'. */
+    auto_stop_in?: string;
+    /** Explicitly specifies the tier of the deployment environment if non-standard environment name is used. */
+    deployment_tier?: "production" | "staging" | "testing" | "development" | "other";
+    /** Used to configure the kubernetes deployment for this environment. This is currently not supported for kubernetes clusters that are managed by Gitlab. */
+    kubernetes?: Record<string, unknown>;
+    /** The name of a job to execute when the environment is about to be stopped. */
+    on_stop?: string;
+    /** When set, this will expose buttons in various places for the current environment in Gitlab, that will take you to the defined URL. */
+    url?: string;
+  });
+}
+
+export declare class Image {
+  constructor(props: {
+    /** Full name of the image that should be used. It should contain the Registry part if needed. */
+    name: string;
+    docker?: Record<string, unknown>;
+    /** Command or script that should be executed as the container's entrypoint. It will be translated to Docker's --entrypoint option while creating the container. The syntax is similar to Dockerfile's ENTRYPOINT directive, where each shell token is a separate string in the array. */
+    entrypoint?: any[];
+    pull_policy?: "always" | "never" | "if-not-present" | "always" | "never" | "if-not-present"[];
+  });
+}
+
+export declare class Include {
+  constructor(props: {
+    file: string | string[];
+    /** Path to the project, e.g. `group/project`, or `group/sub-group/project` [Learn more](https://docs.gitlab.com/ee/ci/yaml/index.html#includefile). */
+    project: string;
+    inputs?: Record<string, unknown>;
+    /** Branch/Tag/Commit-hash for the target project. */
+    ref?: string;
+    rules?: any[];
+  });
+}
+
+export declare class Job {
+  constructor(props: {
+    after_script?: string | string[];
+    allow_failure?: AllowFailure | boolean;
+    artifacts?: Artifacts;
+    before_script?: string | string[];
+    cache?: Cache | Cache[];
+    /** Must be a regular expression, optionally but recommended to be quoted, and must be surrounded with '/'. Example: '/Code coverage: \d+\.\d+/' */
+    coverage?: string;
+    /** Specify a list of job names from earlier stages from which artifacts should be loaded. By default, all previous artifacts are passed. Use an empty array to skip downloading artifacts. */
+    dependencies?: string[];
+    /** Used to associate environment metadata with a deploy. Environment can have a name and URL attached to it, and will be displayed under /environments under the project. */
+    environment?: string | Record<string, any>;
+    /** Job will run *except* for when these filtering options match. */
+    except?: any;
+    /** The name of one or more jobs to inherit configuration from. */
+    extends?: string | string[];
+    hooks?: Record<string, unknown>;
+    id_tokens?: Record<string, unknown>;
+    identity?: "google_cloud";
+    image?: Image;
+    inherit?: Record<string, unknown>;
+    interruptible?: boolean;
+    manual_confirmation?: string;
+    /** The list of jobs in previous stages whose sole completion is needed to start the current job. */
+    needs?: string | Record<string, any> | any[][];
+    /** Job will run *only* when these filtering options match. */
+    only?: any;
+    pages?: Record<string, any> | boolean;
+    parallel?: Parallel | number;
+    /** A path to a directory that contains the files to be published with Pages */
+    publish?: string;
+    /** Indicates that the job creates a Release. */
+    release?: Record<string, unknown>;
+    /** Limit job concurrency. Can be used to ensure that the Runner will not run certain jobs simultaneously. */
+    resource_group?: string;
+    retry?: Retry | number;
+    rules?: Rule[];
+    run?: any[];
+    script?: string | string[];
+    secrets?: Record<string, unknown>;
+    services?: Service[];
+    /** Define what stage the job will run in. */
+    stage?: string | string[];
+    start_in?: string;
+    tags?: any[];
+    timeout?: string;
+    trigger?: Record<string, any> | string;
+    variables?: Record<string, unknown>;
+    when?: "on_success" | "on_failure" | "always" | "never" | "manual" | "delayed";
+  });
+}
+
+export declare class Parallel {
+  constructor(props: {
+    /** Defines different variables for jobs that are running in parallel. */
+    matrix: Record<string, unknown>[];
+  });
+}
+
+export declare class Release {
+  constructor(props: {
+    /** Specifies the longer description of the Release. */
+    description: string;
+    /** The tag_name must be specified. It can refer to an existing Git tag or can be specified by the user. */
+    tag_name: string;
+    assets?: Record<string, unknown>;
+    /** The title of each milestone the release is associated with. */
+    milestones?: string[];
+    /** The Release name. If omitted, it is populated with the value of release: tag_name. */
+    name?: string;
+    /** If the release: tag_name doesn’t exist yet, the release is created from ref. ref can be a commit SHA, another tag name, or a branch name. */
+    ref?: string;
+    /** The date and time when the release is ready. Defaults to the current date and time if not defined. Should be enclosed in quotes and expressed in ISO 8601 format. */
+    released_at?: string;
+    /** Message to use if creating a new annotated tag. */
+    tag_message?: string;
+  });
+}
+
+export declare class Retry {
+  constructor(props: {
+    exit_codes?: number[] | number;
+    max?: number;
+    when?: any[];
+  });
+}
+
+export declare class Rule {
+  constructor(props: {
+    allow_failure?: AllowFailure | boolean;
+    changes?: any;
+    exists?: any;
+    if?: string;
+    interruptible?: boolean;
+    needs?: any[];
+    start_in?: string;
+    variables?: Record<string, unknown>;
+    when?: "on_success" | "on_failure" | "always" | "never" | "manual" | "delayed";
+  });
+}
+
+export declare class Trigger {
+  constructor(props: {
+    /** Path to the project, e.g. `group/project`, or `group/sub-group/project`. */
+    project: string;
+    /** The branch name that a downstream pipeline will use */
+    branch?: string;
+    /** Specify what to forward to the downstream pipeline. */
+    forward?: Record<string, unknown>;
+    /** You can mirror the pipeline status from the triggered pipeline to the source bridge job by using strategy: depend */
+    strategy?: "depend";
+  });
+}
+
+export declare class Workflow {
+  constructor(props: {
+    auto_cancel?: AutoCancel;
+    name?: string;
+    rules?: Record<string, any> | string[][];
+  });
+}
+
+// --- CI/CD Variables ---
+
+export declare const CI: {
+  readonly CommitBranch: string;
+  readonly CommitRef: string;
+  readonly CommitSha: string;
+  readonly CommitTag: string;
+  readonly DefaultBranch: string;
+  readonly Environment: string;
+  readonly JobId: string;
+  readonly JobName: string;
+  readonly JobStage: string;
+  readonly MergeRequestIid: string;
+  readonly PipelineId: string;
+  readonly PipelineSource: string;
+  readonly ProjectDir: string;
+  readonly ProjectId: string;
+  readonly ProjectName: string;
+  readonly ProjectPath: string;
+  readonly Registry: string;
+  readonly RegistryImage: string;
+};

package/package.json

@@ -1,6 +1,7 @@
 {
   "name": "@intentius/chant-lexicon-gitlab",
-  "version": "0.0.1",
+  "version": "0.0.3",
+  "license": "Apache-2.0",
   "type": "module",
   "files": ["src/", "dist/"],
   "publishConfig": {
@@ -15,8 +16,9 @@
 },
 "scripts": {
   "generate": "bun run src/codegen/generate-cli.ts",
+  "bundle": "bun run src/package-cli.ts",
   "validate": "bun run src/validate-cli.ts",
-  "prepack": "bun run generate && bun run validate"
+  "prepack": "bun run bundle && bun run validate"
 },
 "dependencies": {
   "@intentius/chant": "0.0.1"

package/src/codegen/docs.ts

@@ -948,7 +948,7 @@ deploy:
 `,
       },
     ],
-    basePath: "/lexicons/gitlab/",
+    basePath: "/chant/lexicons/gitlab/",
   };
 
   const result = await docsPipeline(config);

package/src/package-cli.ts

@@ -0,0 +1,43 @@
+#!/usr/bin/env bun
+/**
+ * Thin entry point for `bun run bundle` in lexicon-gitlab.
+ * Generates src/generated/ files and writes dist/ bundle.
+ */
+import { generate, writeGeneratedFiles } from "./codegen/generate";
+import { packageLexicon } from "./codegen/package";
+import { writeFileSync, mkdirSync } from "fs";
+import { join, dirname } from "path";
+import { fileURLToPath } from "url";
+
+const pkgDir = dirname(dirname(fileURLToPath(import.meta.url)));
+
+// 1. Generate src/generated/ files
+const genResult = await generate({ verbose: true });
+writeGeneratedFiles(genResult, pkgDir);
+console.error(`Generated ${genResult.resources} entities, ${genResult.properties} property types, ${genResult.enums} enums`);
+
+// 2. Run package pipeline and write dist/
+const { spec, stats } = await packageLexicon({ verbose: true });
+
+const distDir = join(pkgDir, "dist");
+mkdirSync(join(distDir, "types"), { recursive: true });
+mkdirSync(join(distDir, "rules"), { recursive: true });
+mkdirSync(join(distDir, "skills"), { recursive: true });
+
+writeFileSync(join(distDir, "manifest.json"), JSON.stringify(spec.manifest, null, 2));
+writeFileSync(join(distDir, "meta.json"), spec.registry);
+writeFileSync(join(distDir, "types", "index.d.ts"), spec.typesDTS);
+
+for (const [name, content] of spec.rules) {
+  writeFileSync(join(distDir, "rules", name), content);
+}
+for (const [name, content] of spec.skills) {
+  writeFileSync(join(distDir, "skills", name), content);
+}
+
+if (spec.integrity) {
+  writeFileSync(join(distDir, "integrity.json"), JSON.stringify(spec.integrity, null, 2));
+}
+
+console.error(`Packaged ${stats.resources} entities, ${stats.ruleCount} rules, ${stats.skillCount} skills`);
+console.error(`dist/ written to ${distDir}`);