PyPI - cici-tools - Versions diffs - 0.17.0__tar.gz → 0.18.0__tar.gz - Mend

cici-tools 0.17.0tar.gz → 0.18.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (205) hide show

{cici_tools-0.17.0 → cici_tools-0.18.0}/.gitlab-ci.yml RENAMED Viewed

@@ -16,7 +16,7 @@ include:
   - local: cici-bundle.yml
   - local: cici-update.yml
   - project: saferatday0/library/container
-    ref: 0.8.1
+    ref: 0.9.1
     file:
       - container-docker.yml
       - container-hadolint.yml

{cici_tools-0.17.0/cici_tools.egg-info → cici_tools-0.18.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cici-tools
-Version: 0.17.0
+Version: 0.18.0
 Summary: Continuous Integration Catalog Interface
 Author-email: Digital Safety Research Institute <contact@dsri.org>
 License: Apache-2.0

{cici_tools-0.17.0 → cici_tools-0.18.0}/cici/_version.py RENAMED Viewed

@@ -28,7 +28,7 @@ version_tuple: VERSION_TUPLE
 commit_id: COMMIT_ID
 __commit_id__: COMMIT_ID
-__version__ = version = '0.17.0'
-__version_tuple__ = version_tuple = (0, 17, 0)
+__version__ = version = '0.18.0'
+__version_tuple__ = version_tuple = (0, 18, 0)
-__commit_id__ = commit_id = 'ge723e80c8'
+__commit_id__ = commit_id = 'g36384f791'

{cici_tools-0.17.0 → cici_tools-0.18.0}/cici/config/project/serializers.py RENAMED Viewed

@@ -148,14 +148,19 @@ def loads(
     # verify targets exists even if empty
     data.setdefault("targets", [])
-    # Inject precommit/gitlab includes into each target
+    # Inject precommit/gitlab include references into each target
+    for target in data["targets"]:
+        name = target["name"]
-    # Debug to test injection
-    # print("Before injection:", data["targets"])
+        # if precommit hook exists in .pre-commit-hooks.yml, attach a pre-commit hook reference
+        # Injected object must match PreCommitHookTarget schema to keep msgspec happy
+        if name in precommit_hooks:
+            target["precommit_hook"] = {"name": name}
+        else:
+            # Remove key entirely when no hook exists so msgspec can apply
+            target.pop("precommit_hook", None)
-    for target in data["targets"]:
-        target["precommit_hook"] = {"name": target["name"]}
-        target["gitlab_include"] = {"name": target["name"]}
+        target["gitlab_include"] = {"name": name}
     # Debug to test injection
     # print("After injection:", data["targets"])

{cici_tools-0.17.0 → cici_tools-0.18.0}/cici/providers/gitlab/serializers.py RENAMED Viewed

@@ -327,13 +327,23 @@ def dump(
     data = unpack_jobs(data)
     data = style_scalars(data)
+    # DEBUG
+    # job = data.get("opentofu-trivy") or {}
+    # script = job.get("script") or []
+    # if script:
+    #     print("\n[DUMP DEBUG] opentofu-trivy script[0] type:", type(script[0]))
+    #     print("[DUMP DEBUG] script[0] repr:", repr(str(script[0])))
+    #     print("[DUMP DEBUG] contains \\n\\n?:", "\n\n" in str(script[0]))
+    #     print("[DUMP DEBUG] contains \\n?:", "\n" in str(script[0]))
+    # END DEBUG
     # user round trip mode to preserve ruamel scalar styles (FoldedScalarString etc)
     yaml = ruamel.yaml.YAML(typ="rt")
     yaml.default_flow_style = False
     yaml.explicit_start = False
     yaml.preserve_quotes = True  # respect the quotes set in style_scalars()
     yaml.indent(mapping=2, sequence=4, offset=2)
-    yaml.width = 1000  # prevent unwanted line wrapping
+    yaml.width = 120  # prevent unwanted line wrapping
     # makes sure ruamel.yml to always emit double quoted strings """"
     yaml.representer.add_representer(DoubleQuotedScalarString, always_double_quoted)

{cici_tools-0.17.0 → cici_tools-0.18.0}/cici/providers/gitlab/yaml_style.py RENAMED Viewed

@@ -54,9 +54,18 @@ def make_scalar_string(line: str, quote: bool = False):
         return FoldedScalarString(wrap_if_long(unindented))
-    # Commands and long lines get folded
+    # Folding long lines logic (like a script that is super long so that it does not do anything weird in the folding process)
     if unindented.startswith(("docker ", "helm ", "tar ", "curl ")):
-        return FoldedScalarString(wrap_if_long(unindented))
+        command_string = unindented.strip()
+        folded_scalar = FoldedScalarString(command_string)
+        if " | " in command_string:
+            pipe_position = command_string.index(" | ")
+            # mypy does not like fold_pos however it solves an issue that breaks the .gitlab-ci.yaml
+            folded_scalar.fold_pos = [pipe_position]  # type: ignore[attr-defined]
+        return folded_scalar
     # Multi-command sequences get folded
     if any(sym in unindented for sym in ("&&", ";", "\\")):
@@ -339,7 +348,7 @@ def style_scalars(
             "on_success",
             "on_failure",
             "manual",
-            "cobertura",  # :white_check_mark: coverage format
+            "cobertura",  # coverage format
             "sigstore",
         }
         if stripped in UNQUOTED_KEYWORDS:

{cici_tools-0.17.0 → cici_tools-0.18.0/cici_tools.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cici-tools
-Version: 0.17.0
+Version: 0.18.0
 Summary: Continuous Integration Catalog Interface
 Author-email: Digital Safety Research Institute <contact@dsri.org>
 License: Apache-2.0

{cici_tools-0.17.0 → cici_tools-0.18.0}/cici_tools.egg-info/SOURCES.txt RENAMED Viewed

@@ -83,7 +83,9 @@ tests/test_build.py
 tests/test_cli.py
 tests/test_expand_job_extends.py
 tests/test_import.py
+tests/test_precommit_hook_injection.py
 tests/test_resolve_targets.py
+tests/test_yaml_style.py
 tests/fixtures/gitlab/extends/simple-job.yml
 tests/fixtures/gitlab/extends/.cici/.gitlab-ci.yml
 tests/fixtures/gitlab/helm/helm-cm-push.yml

{cici_tools-0.17.0 → cici_tools-0.18.0}/pyproject.toml RENAMED Viewed

@@ -66,6 +66,7 @@ profile = "black"
 [tool.mypy]
 python_version = "3.10"
+exclude = '(^|/)(venv|\.venv)/'
 [tool.setuptools.package-data]
 "cici" = ["py.typed"]

{cici_tools-0.17.0 → cici_tools-0.18.0}/requirements.txt RENAMED Viewed

@@ -8,7 +8,7 @@ attrs==25.4.0
     #   referencing
 jinja2==3.1.6
     # via cici-tools (pyproject.toml)
-jsonschema==4.25.1
+jsonschema==4.26.0
     # via cici-tools (pyproject.toml)
 jsonschema-specifications==2025.9.1
     # via jsonschema

{cici_tools-0.17.0 → cici_tools-0.18.0}/tests/fixtures/gitlab/helm/helm-cm-push.yml RENAMED Viewed

@@ -30,7 +30,8 @@ helm-cm-push:
   before_script:
     - apk add --no-cache curl
     - >-
-      curl -sS -o - https://get.helm.sh/helm-v3.8.0-linux-amd64.tar.gz | tar --strip-components 1 -xzf - linux-amd64/helm
+      curl -sS -o - https://get.helm.sh/helm-v3.8.0-linux-amd64.tar.gz
+      | tar --strip-components 1 -xzf - linux-amd64/helm
     - install helm /usr/local/bin/
     - rm -f helm
     - >-
@@ -40,8 +41,6 @@ helm-cm-push:
     - >-
       helm plugin install https://github.com/chartmuseum/helm-push
     - >-
-      helm cm-push --version "$HELM_CHART_VERSION" --app-version "$HELM_CHART_VERSION" "$HELM_CHART_PATH"
-      "$HELM_REPOSITORY_URL"
+      helm cm-push --version "$HELM_CHART_VERSION" --app-version "$HELM_CHART_VERSION" "$HELM_CHART_PATH" "$HELM_REPOSITORY_URL"
   rules:
     - if: $CI_COMMIT_TAG

{cici_tools-0.17.0 → cici_tools-0.18.0}/tests/fixtures/gitlab/helm/helm-docs.yml RENAMED Viewed

@@ -27,9 +27,8 @@ helm-docs:
   before_script:
     - apk add --no-cache curl
     - >-
-      curl -sSL -o - https://github.com/norwoodj/helm-docs/releases/download/v1.7.0/helm-docs_1.7.0_Linux_x86_64.tar.gz | tar
-      xzf - helm-docs
+      curl -sSL -o - https://github.com/norwoodj/helm-docs/releases/download/v1.7.0/helm-docs_1.7.0_Linux_x86_64.tar.gz
+      | tar xzf - helm-docs
     - install helm-docs /usr/local/bin/
     - rm -f helm-docs
     - helm-docs --version

{cici_tools-0.17.0 → cici_tools-0.18.0}/tests/fixtures/gitlab/helm/helm-lint.yml RENAMED Viewed

@@ -27,7 +27,8 @@ helm-lint:
   before_script:
     - apk add --no-cache curl
     - >-
-      curl -sS -o - https://get.helm.sh/helm-v3.8.0-linux-amd64.tar.gz | tar --strip-components 1 -xzf - linux-amd64/helm
+      curl -sS -o - https://get.helm.sh/helm-v3.8.0-linux-amd64.tar.gz
+      | tar --strip-components 1 -xzf - linux-amd64/helm
     - install helm /usr/local/bin/
     - rm -f helm
     - >-

{cici_tools-0.17.0 → cici_tools-0.18.0}/tests/fixtures/gitlab/job-variables/opentofu-development-trivy.yml RENAMED Viewed

@@ -47,9 +47,8 @@ opentofu-development-trivy:
     - cd "${OPENTOFU_ROOT}"
   script:
     - >-
-      curl -sSL https://github.com/aquasecurity/trivy/releases/download/v0.49.1/trivy_0.49.1_Linux-64bit.tar.gz | tar -C
-      /usr/local/bin/ -xzf - trivy
+      curl -sSL https://github.com/aquasecurity/trivy/releases/download/v0.49.1/trivy_0.49.1_Linux-64bit.tar.gz
+      | tar -C /usr/local/bin/ -xzf - trivy
     - trivy config "${OPENTOFU_ROOT}/plan.json"
   cache:
     key: $OPENTOFU_STATE_NAME

{cici_tools-0.17.0/tests/fixtures/gitlab/targets-dir → cici_tools-0.18.0/tests/fixtures/gitlab/job-variables}/opentofu-module-build.yml RENAMED Viewed

@@ -41,17 +41,11 @@ opentofu-module-build:
   script:
     - OPENTOFU_MODULE_NAME=$(echo "${OPENTOFU_MODULE_NAME}" | tr " _" -)
     - >-
-      tar -vczf /tmp/${OPENTOFU_MODULE_NAME}-${OPENTOFU_MODULE_SYSTEM}-${OPENTOFU_MODULE_VERSION}.tgz -C
-      ${OPENTOFU_MODULE_DIR} --exclude=./.git .
+      tar -vczf /tmp/${OPENTOFU_MODULE_NAME}-${OPENTOFU_MODULE_SYSTEM}-${OPENTOFU_MODULE_VERSION}.tgz -C ${OPENTOFU_MODULE_DIR}
+      --exclude=./.git .
     - >-
-      curl --fail-with-body --location --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file
-      /tmp/${OPENTOFU_MODULE_NAME}-${OPENTOFU_MODULE_SYSTEM}-${OPENTOFU_MODULE_VERSION}.tgz
-      ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/terraform/modules/${OPENTOFU_MODULE_NAME}/${OPENTOFU_MODULE_SYSTEM}/
-      ${OPENTOFU_MODULE_VERSION}/file
+      curl --fail-with-body --location --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file /tmp/${OPENTOFU_MODULE_NAME}-${OPENTOFU_MODULE_SYSTEM}-${OPENTOFU_MODULE_VERSION}.tgz
+      ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/terraform/modules/${OPENTOFU_MODULE_NAME}/${OPENTOFU_MODULE_SYSTEM}/${OPENTOFU_MODULE_VERSION}/file
   cache: {}
   dependencies: []
   rules:

{cici_tools-0.17.0/tests/fixtures/gitlab/targets-dir → cici_tools-0.18.0/tests/fixtures/gitlab/job-variables}/opentofu-production-trivy.yml RENAMED Viewed

@@ -47,9 +47,8 @@ opentofu-production-trivy:
     - cd "${OPENTOFU_ROOT}"
   script:
     - >-
-      curl -sSL https://github.com/aquasecurity/trivy/releases/download/v0.49.1/trivy_0.49.1_Linux-64bit.tar.gz | tar -C
-      /usr/local/bin/ -xzf - trivy
+      curl -sSL https://github.com/aquasecurity/trivy/releases/download/v0.49.1/trivy_0.49.1_Linux-64bit.tar.gz
+      | tar -C /usr/local/bin/ -xzf - trivy
     - trivy config "${OPENTOFU_ROOT}/plan.json"
   cache:
     key: $OPENTOFU_STATE_NAME

{cici_tools-0.17.0/tests/fixtures/gitlab/targets-dir → cici_tools-0.18.0/tests/fixtures/gitlab/job-variables}/opentofu-staging-trivy.yml RENAMED Viewed

@@ -47,9 +47,8 @@ opentofu-staging-trivy:
     - cd "${OPENTOFU_ROOT}"
   script:
     - >-
-      curl -sSL https://github.com/aquasecurity/trivy/releases/download/v0.49.1/trivy_0.49.1_Linux-64bit.tar.gz | tar -C
-      /usr/local/bin/ -xzf - trivy
+      curl -sSL https://github.com/aquasecurity/trivy/releases/download/v0.49.1/trivy_0.49.1_Linux-64bit.tar.gz
+      | tar -C /usr/local/bin/ -xzf - trivy
     - trivy config "${OPENTOFU_ROOT}/plan.json"
   cache:
     key: $OPENTOFU_STATE_NAME

{cici_tools-0.17.0/tests/fixtures/gitlab/targets-dir → cici_tools-0.18.0/tests/fixtures/gitlab/job-variables}/opentofu-trivy.yml RENAMED Viewed

@@ -46,9 +46,8 @@ opentofu-trivy:
     - cd "${OPENTOFU_ROOT}"
   script:
     - >-
-      curl -sSL https://github.com/aquasecurity/trivy/releases/download/v0.49.1/trivy_0.49.1_Linux-64bit.tar.gz | tar -C
-      /usr/local/bin/ -xzf - trivy
+      curl -sSL https://github.com/aquasecurity/trivy/releases/download/v0.49.1/trivy_0.49.1_Linux-64bit.tar.gz
+      | tar -C /usr/local/bin/ -xzf - trivy
     - trivy config .
   cache:
     key: $OPENTOFU_STATE_NAME

{cici_tools-0.17.0 → cici_tools-0.18.0}/tests/fixtures/gitlab/service-key/container-docker-multiarch-amd64.yml RENAMED Viewed

@@ -106,14 +106,11 @@ container-docker-multiarch-amd64:
         _CONTAINER_OPTS="$_CONTAINER_OPTS --tag ${CONTAINER_NAME}:latest-${CONTAINER_DOCKER_ARCH}"
       fi
     - >-
-      docker buildx build --build-arg "CONTAINER_NAME=$CONTAINER_NAME" --build-arg
-      "CONTAINER_DOCKER_MACHINE_ARCH=$CONTAINER_DOCKER_MACHINE_ARCH" --build-arg "CONTAINER_VERSION=$CONTAINER_VERSION"
-      --file "${CONTAINER_DOCKERFILE}" --platform "$CONTAINER_DOCKER_PLATFORM" --progress plain --push --tag
-      "${CONTAINER_IMAGE}-${CONTAINER_DOCKER_ARCH}" $_CONTAINER_OPTS "${CONTAINER_CONTEXT}"
-    - COSIGN_IMAGE_DIGEST="$(docker inspect --format='{{index .RepoDigests 0}}' "${CONTAINER_IMAGE}-${CONTAINER_DOCKER_ARCH}")"
+      docker buildx build --build-arg "CONTAINER_NAME=$CONTAINER_NAME" --build-arg "CONTAINER_DOCKER_MACHINE_ARCH=$CONTAINER_DOCKER_MACHINE_ARCH"
+      --build-arg "CONTAINER_VERSION=$CONTAINER_VERSION" --file "${CONTAINER_DOCKERFILE}" --platform "$CONTAINER_DOCKER_PLATFORM"
+      --progress plain --push --tag "${CONTAINER_IMAGE}-${CONTAINER_DOCKER_ARCH}" $_CONTAINER_OPTS "${CONTAINER_CONTEXT}"
+    - COSIGN_IMAGE_DIGEST="$(docker inspect --format='{{index .RepoDigests 0}}'
+      "${CONTAINER_IMAGE}-${CONTAINER_DOCKER_ARCH}")"
     - cosign sign --yes "$COSIGN_IMAGE_DIGEST"
     - mkdir -p dist/container/arch
     - touch "dist/container/arch/${CONTAINER_DOCKER_ARCH}"

{cici_tools-0.17.0 → cici_tools-0.18.0}/tests/fixtures/gitlab/service-key/container-docker-multiarch-arm32v6.yml RENAMED Viewed

@@ -106,14 +106,11 @@ container-docker-multiarch-arm32v6:
         _CONTAINER_OPTS="$_CONTAINER_OPTS --tag ${CONTAINER_NAME}:latest-${CONTAINER_DOCKER_ARCH}"
       fi
     - >-
-      docker buildx build --build-arg "CONTAINER_NAME=$CONTAINER_NAME" --build-arg
-      "CONTAINER_DOCKER_MACHINE_ARCH=$CONTAINER_DOCKER_MACHINE_ARCH" --build-arg "CONTAINER_VERSION=$CONTAINER_VERSION"
-      --file "${CONTAINER_DOCKERFILE}" --platform "$CONTAINER_DOCKER_PLATFORM" --progress plain --push --tag
-      "${CONTAINER_IMAGE}-${CONTAINER_DOCKER_ARCH}" $_CONTAINER_OPTS "${CONTAINER_CONTEXT}"
-    - COSIGN_IMAGE_DIGEST="$(docker inspect --format='{{index .RepoDigests 0}}' "${CONTAINER_IMAGE}-${CONTAINER_DOCKER_ARCH}")"
+      docker buildx build --build-arg "CONTAINER_NAME=$CONTAINER_NAME" --build-arg "CONTAINER_DOCKER_MACHINE_ARCH=$CONTAINER_DOCKER_MACHINE_ARCH"
+      --build-arg "CONTAINER_VERSION=$CONTAINER_VERSION" --file "${CONTAINER_DOCKERFILE}" --platform "$CONTAINER_DOCKER_PLATFORM"
+      --progress plain --push --tag "${CONTAINER_IMAGE}-${CONTAINER_DOCKER_ARCH}" $_CONTAINER_OPTS "${CONTAINER_CONTEXT}"
+    - COSIGN_IMAGE_DIGEST="$(docker inspect --format='{{index .RepoDigests 0}}'
+      "${CONTAINER_IMAGE}-${CONTAINER_DOCKER_ARCH}")"
     - cosign sign --yes "$COSIGN_IMAGE_DIGEST"
     - mkdir -p dist/container/arch
     - touch "dist/container/arch/${CONTAINER_DOCKER_ARCH}"

{cici_tools-0.17.0 → cici_tools-0.18.0}/tests/fixtures/gitlab/service-key/container-docker-multiarch-arm32v7.yml RENAMED Viewed

@@ -106,14 +106,11 @@ container-docker-multiarch-arm32v7:
         _CONTAINER_OPTS="$_CONTAINER_OPTS --tag ${CONTAINER_NAME}:latest-${CONTAINER_DOCKER_ARCH}"
       fi
     - >-
-      docker buildx build --build-arg "CONTAINER_NAME=$CONTAINER_NAME" --build-arg
-      "CONTAINER_DOCKER_MACHINE_ARCH=$CONTAINER_DOCKER_MACHINE_ARCH" --build-arg "CONTAINER_VERSION=$CONTAINER_VERSION"
-      --file "${CONTAINER_DOCKERFILE}" --platform "$CONTAINER_DOCKER_PLATFORM" --progress plain --push --tag
-      "${CONTAINER_IMAGE}-${CONTAINER_DOCKER_ARCH}" $_CONTAINER_OPTS "${CONTAINER_CONTEXT}"
-    - COSIGN_IMAGE_DIGEST="$(docker inspect --format='{{index .RepoDigests 0}}' "${CONTAINER_IMAGE}-${CONTAINER_DOCKER_ARCH}")"
+      docker buildx build --build-arg "CONTAINER_NAME=$CONTAINER_NAME" --build-arg "CONTAINER_DOCKER_MACHINE_ARCH=$CONTAINER_DOCKER_MACHINE_ARCH"
+      --build-arg "CONTAINER_VERSION=$CONTAINER_VERSION" --file "${CONTAINER_DOCKERFILE}" --platform "$CONTAINER_DOCKER_PLATFORM"
+      --progress plain --push --tag "${CONTAINER_IMAGE}-${CONTAINER_DOCKER_ARCH}" $_CONTAINER_OPTS "${CONTAINER_CONTEXT}"
+    - COSIGN_IMAGE_DIGEST="$(docker inspect --format='{{index .RepoDigests 0}}'
+      "${CONTAINER_IMAGE}-${CONTAINER_DOCKER_ARCH}")"
     - cosign sign --yes "$COSIGN_IMAGE_DIGEST"
     - mkdir -p dist/container/arch
     - touch "dist/container/arch/${CONTAINER_DOCKER_ARCH}"

{cici_tools-0.17.0 → cici_tools-0.18.0}/tests/fixtures/gitlab/service-key/container-docker-multiarch-arm64v8.yml RENAMED Viewed

@@ -106,14 +106,11 @@ container-docker-multiarch-arm64v8:
         _CONTAINER_OPTS="$_CONTAINER_OPTS --tag ${CONTAINER_NAME}:latest-${CONTAINER_DOCKER_ARCH}"
       fi
     - >-
-      docker buildx build --build-arg "CONTAINER_NAME=$CONTAINER_NAME" --build-arg
-      "CONTAINER_DOCKER_MACHINE_ARCH=$CONTAINER_DOCKER_MACHINE_ARCH" --build-arg "CONTAINER_VERSION=$CONTAINER_VERSION"
-      --file "${CONTAINER_DOCKERFILE}" --platform "$CONTAINER_DOCKER_PLATFORM" --progress plain --push --tag
-      "${CONTAINER_IMAGE}-${CONTAINER_DOCKER_ARCH}" $_CONTAINER_OPTS "${CONTAINER_CONTEXT}"
-    - COSIGN_IMAGE_DIGEST="$(docker inspect --format='{{index .RepoDigests 0}}' "${CONTAINER_IMAGE}-${CONTAINER_DOCKER_ARCH}")"
+      docker buildx build --build-arg "CONTAINER_NAME=$CONTAINER_NAME" --build-arg "CONTAINER_DOCKER_MACHINE_ARCH=$CONTAINER_DOCKER_MACHINE_ARCH"
+      --build-arg "CONTAINER_VERSION=$CONTAINER_VERSION" --file "${CONTAINER_DOCKERFILE}" --platform "$CONTAINER_DOCKER_PLATFORM"
+      --progress plain --push --tag "${CONTAINER_IMAGE}-${CONTAINER_DOCKER_ARCH}" $_CONTAINER_OPTS "${CONTAINER_CONTEXT}"
+    - COSIGN_IMAGE_DIGEST="$(docker inspect --format='{{index .RepoDigests 0}}'
+      "${CONTAINER_IMAGE}-${CONTAINER_DOCKER_ARCH}")"
     - cosign sign --yes "$COSIGN_IMAGE_DIGEST"
     - mkdir -p dist/container/arch
     - touch "dist/container/arch/${CONTAINER_DOCKER_ARCH}"

{cici_tools-0.17.0 → cici_tools-0.18.0}/tests/fixtures/gitlab/service-key/container-docker-multiarch-i386.yml RENAMED Viewed

@@ -106,14 +106,11 @@ container-docker-multiarch-i386:
         _CONTAINER_OPTS="$_CONTAINER_OPTS --tag ${CONTAINER_NAME}:latest-${CONTAINER_DOCKER_ARCH}"
       fi
     - >-
-      docker buildx build --build-arg "CONTAINER_NAME=$CONTAINER_NAME" --build-arg
-      "CONTAINER_DOCKER_MACHINE_ARCH=$CONTAINER_DOCKER_MACHINE_ARCH" --build-arg "CONTAINER_VERSION=$CONTAINER_VERSION"
-      --file "${CONTAINER_DOCKERFILE}" --platform "$CONTAINER_DOCKER_PLATFORM" --progress plain --push --tag
-      "${CONTAINER_IMAGE}-${CONTAINER_DOCKER_ARCH}" $_CONTAINER_OPTS "${CONTAINER_CONTEXT}"
-    - COSIGN_IMAGE_DIGEST="$(docker inspect --format='{{index .RepoDigests 0}}' "${CONTAINER_IMAGE}-${CONTAINER_DOCKER_ARCH}")"
+      docker buildx build --build-arg "CONTAINER_NAME=$CONTAINER_NAME" --build-arg "CONTAINER_DOCKER_MACHINE_ARCH=$CONTAINER_DOCKER_MACHINE_ARCH"
+      --build-arg "CONTAINER_VERSION=$CONTAINER_VERSION" --file "${CONTAINER_DOCKERFILE}" --platform "$CONTAINER_DOCKER_PLATFORM"
+      --progress plain --push --tag "${CONTAINER_IMAGE}-${CONTAINER_DOCKER_ARCH}" $_CONTAINER_OPTS "${CONTAINER_CONTEXT}"
+    - COSIGN_IMAGE_DIGEST="$(docker inspect --format='{{index .RepoDigests 0}}'
+      "${CONTAINER_IMAGE}-${CONTAINER_DOCKER_ARCH}")"
     - cosign sign --yes "$COSIGN_IMAGE_DIGEST"
     - mkdir -p dist/container/arch
     - touch "dist/container/arch/${CONTAINER_DOCKER_ARCH}"

{cici_tools-0.17.0 → cici_tools-0.18.0}/tests/fixtures/gitlab/service-key/container-docker-multiarch.yml RENAMED Viewed

@@ -103,14 +103,11 @@ container-docker-multiarch:
         _CONTAINER_OPTS="$_CONTAINER_OPTS --tag ${CONTAINER_NAME}:latest-${CONTAINER_DOCKER_ARCH}"
       fi
     - >-
-      docker buildx build --build-arg "CONTAINER_NAME=$CONTAINER_NAME" --build-arg
-      "CONTAINER_DOCKER_MACHINE_ARCH=$CONTAINER_DOCKER_MACHINE_ARCH" --build-arg "CONTAINER_VERSION=$CONTAINER_VERSION"
-      --file "${CONTAINER_DOCKERFILE}" --platform "$CONTAINER_DOCKER_PLATFORM" --progress plain --push --tag
-      "${CONTAINER_IMAGE}-${CONTAINER_DOCKER_ARCH}" $_CONTAINER_OPTS "${CONTAINER_CONTEXT}"
-    - COSIGN_IMAGE_DIGEST="$(docker inspect --format='{{index .RepoDigests 0}}' "${CONTAINER_IMAGE}-${CONTAINER_DOCKER_ARCH}")"
+      docker buildx build --build-arg "CONTAINER_NAME=$CONTAINER_NAME" --build-arg "CONTAINER_DOCKER_MACHINE_ARCH=$CONTAINER_DOCKER_MACHINE_ARCH"
+      --build-arg "CONTAINER_VERSION=$CONTAINER_VERSION" --file "${CONTAINER_DOCKERFILE}" --platform "$CONTAINER_DOCKER_PLATFORM"
+      --progress plain --push --tag "${CONTAINER_IMAGE}-${CONTAINER_DOCKER_ARCH}" $_CONTAINER_OPTS "${CONTAINER_CONTEXT}"
+    - COSIGN_IMAGE_DIGEST="$(docker inspect --format='{{index .RepoDigests 0}}'
+      "${CONTAINER_IMAGE}-${CONTAINER_DOCKER_ARCH}")"
     - cosign sign --yes "$COSIGN_IMAGE_DIGEST"
     - mkdir -p dist/container/arch
     - touch "dist/container/arch/${CONTAINER_DOCKER_ARCH}"

{cici_tools-0.17.0 → cici_tools-0.18.0}/tests/fixtures/gitlab/service-key/container-docker.yml RENAMED Viewed

@@ -103,11 +103,9 @@ container-docker:
         _CONTAINER_OPTS="$_CONTAINER_OPTS --tag ${CONTAINER_NAME}:latest"
       fi
     - >-
-      docker buildx build --build-arg "CONTAINER_NAME=$CONTAINER_NAME" --build-arg "CONTAINER_PROXY=$CONTAINER_PROXY"
-      --build-arg "CONTAINER_VERSION=$CONTAINER_VERSION" --file "${CONTAINER_DOCKERFILE}" --progress plain --push --tag
-      "${CONTAINER_IMAGE}" $_CONTAINER_OPTS "${CONTAINER_CONTEXT}"
+      docker buildx build --build-arg "CONTAINER_NAME=$CONTAINER_NAME" --build-arg "CONTAINER_PROXY=$CONTAINER_PROXY" --build-arg
+      "CONTAINER_VERSION=$CONTAINER_VERSION" --file "${CONTAINER_DOCKERFILE}" --progress plain --push --tag "${CONTAINER_IMAGE}"
+      $_CONTAINER_OPTS "${CONTAINER_CONTEXT}"
     - COSIGN_IMAGE_DIGEST="$(docker inspect --format='{{index .RepoDigests 0}}' "$CONTAINER_IMAGE")"
     - cosign sign --yes "$COSIGN_IMAGE_DIGEST"
   id_tokens:

{cici_tools-0.17.0 → cici_tools-0.18.0}/tests/fixtures/gitlab/service-key/container-trivy.yml RENAMED Viewed

@@ -97,15 +97,16 @@ container-trivy:
       echo "$CI_DEPENDENCY_PROXY_PASSWORD" | docker login "$CI_SERVER_HOST" -u "$CI_DEPENDENCY_PROXY_USER" --password-stdin
     - apk add --no-cache curl
     - >-
-      curl -sSL https://github.com/aquasecurity/trivy/releases/download/v0.49.1/trivy_0.49.1_Linux-64bit.tar.gz | tar -xzf -
-      -C /usr/local/bin/
+      curl -sSL https://github.com/aquasecurity/trivy/releases/download/v0.49.1/trivy_0.49.1_Linux-64bit.tar.gz
+      | tar -xzf - -C /usr/local/bin/
     - >-
       docker pull "${CONTAINER_IMAGE}"
     - trivy image "${CONTAINER_IMAGE}" --format json --no-progress -o "${CI_JOB_NAME_SLUG}.json"
     - trivy convert "${CI_JOB_NAME_SLUG}.json"
-    - trivy convert "${CI_JOB_NAME_SLUG}.json" --format template --template "@/usr/local/bin/contrib/gitlab.tpl" -o "${CI_JOB_NAME_SLUG}-gitlab.json"
-    - trivy convert "${CI_JOB_NAME_SLUG}.json" --format template --template "@/usr/local/bin/contrib/html.tpl" -o "${CI_JOB_NAME_SLUG}.html"
+    - trivy convert "${CI_JOB_NAME_SLUG}.json" --format template --template "@/usr/local/bin/contrib/gitlab.tpl" -o
+      "${CI_JOB_NAME_SLUG}-gitlab.json"
+    - trivy convert "${CI_JOB_NAME_SLUG}.json" --format template --template "@/usr/local/bin/contrib/html.tpl" -o
+      "${CI_JOB_NAME_SLUG}.html"
   artifacts:
     paths:
       - ${CI_JOB_NAME_SLUG}.json

{cici_tools-0.17.0 → cici_tools-0.18.0}/tests/fixtures/gitlab/targets-dir/opentofu-development-trivy.yml RENAMED Viewed

@@ -47,9 +47,8 @@ opentofu-development-trivy:
     - cd "${OPENTOFU_ROOT}"
   script:
     - >-
-      curl -sSL https://github.com/aquasecurity/trivy/releases/download/v0.49.1/trivy_0.49.1_Linux-64bit.tar.gz | tar -C
-      /usr/local/bin/ -xzf - trivy
+      curl -sSL https://github.com/aquasecurity/trivy/releases/download/v0.49.1/trivy_0.49.1_Linux-64bit.tar.gz
+      | tar -C /usr/local/bin/ -xzf - trivy
     - trivy config "${OPENTOFU_ROOT}/plan.json"
   cache:
     key: $OPENTOFU_STATE_NAME

{cici_tools-0.17.0/tests/fixtures/gitlab/job-variables → cici_tools-0.18.0/tests/fixtures/gitlab/targets-dir}/opentofu-module-build.yml RENAMED Viewed

@@ -41,17 +41,11 @@ opentofu-module-build:
   script:
     - OPENTOFU_MODULE_NAME=$(echo "${OPENTOFU_MODULE_NAME}" | tr " _" -)
     - >-
-      tar -vczf /tmp/${OPENTOFU_MODULE_NAME}-${OPENTOFU_MODULE_SYSTEM}-${OPENTOFU_MODULE_VERSION}.tgz -C
-      ${OPENTOFU_MODULE_DIR} --exclude=./.git .
+      tar -vczf /tmp/${OPENTOFU_MODULE_NAME}-${OPENTOFU_MODULE_SYSTEM}-${OPENTOFU_MODULE_VERSION}.tgz -C ${OPENTOFU_MODULE_DIR}
+      --exclude=./.git .
     - >-
-      curl --fail-with-body --location --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file
-      /tmp/${OPENTOFU_MODULE_NAME}-${OPENTOFU_MODULE_SYSTEM}-${OPENTOFU_MODULE_VERSION}.tgz
-      ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/terraform/modules/${OPENTOFU_MODULE_NAME}/${OPENTOFU_MODULE_SYSTEM}/
-      ${OPENTOFU_MODULE_VERSION}/file
+      curl --fail-with-body --location --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file /tmp/${OPENTOFU_MODULE_NAME}-${OPENTOFU_MODULE_SYSTEM}-${OPENTOFU_MODULE_VERSION}.tgz
+      ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/terraform/modules/${OPENTOFU_MODULE_NAME}/${OPENTOFU_MODULE_SYSTEM}/${OPENTOFU_MODULE_VERSION}/file
   cache: {}
   dependencies: []
   rules:

{cici_tools-0.17.0/tests/fixtures/gitlab/job-variables → cici_tools-0.18.0/tests/fixtures/gitlab/targets-dir}/opentofu-production-trivy.yml RENAMED Viewed

@@ -47,9 +47,8 @@ opentofu-production-trivy:
     - cd "${OPENTOFU_ROOT}"
   script:
     - >-
-      curl -sSL https://github.com/aquasecurity/trivy/releases/download/v0.49.1/trivy_0.49.1_Linux-64bit.tar.gz | tar -C
-      /usr/local/bin/ -xzf - trivy
+      curl -sSL https://github.com/aquasecurity/trivy/releases/download/v0.49.1/trivy_0.49.1_Linux-64bit.tar.gz
+      | tar -C /usr/local/bin/ -xzf - trivy
     - trivy config "${OPENTOFU_ROOT}/plan.json"
   cache:
     key: $OPENTOFU_STATE_NAME

{cici_tools-0.17.0/tests/fixtures/gitlab/job-variables → cici_tools-0.18.0/tests/fixtures/gitlab/targets-dir}/opentofu-staging-trivy.yml RENAMED Viewed

@@ -47,9 +47,8 @@ opentofu-staging-trivy:
     - cd "${OPENTOFU_ROOT}"
   script:
     - >-
-      curl -sSL https://github.com/aquasecurity/trivy/releases/download/v0.49.1/trivy_0.49.1_Linux-64bit.tar.gz | tar -C
-      /usr/local/bin/ -xzf - trivy
+      curl -sSL https://github.com/aquasecurity/trivy/releases/download/v0.49.1/trivy_0.49.1_Linux-64bit.tar.gz
+      | tar -C /usr/local/bin/ -xzf - trivy
     - trivy config "${OPENTOFU_ROOT}/plan.json"
   cache:
     key: $OPENTOFU_STATE_NAME

{cici_tools-0.17.0/tests/fixtures/gitlab/job-variables → cici_tools-0.18.0/tests/fixtures/gitlab/targets-dir}/opentofu-trivy.yml RENAMED Viewed

@@ -46,9 +46,8 @@ opentofu-trivy:
     - cd "${OPENTOFU_ROOT}"
   script:
     - >-
-      curl -sSL https://github.com/aquasecurity/trivy/releases/download/v0.49.1/trivy_0.49.1_Linux-64bit.tar.gz | tar -C
-      /usr/local/bin/ -xzf - trivy
+      curl -sSL https://github.com/aquasecurity/trivy/releases/download/v0.49.1/trivy_0.49.1_Linux-64bit.tar.gz
+      | tar -C /usr/local/bin/ -xzf - trivy
     - trivy config .
   cache:
     key: $OPENTOFU_STATE_NAME

cici_tools-0.18.0/tests/test_precommit_hook_injection.py ADDED Viewed

@@ -0,0 +1,47 @@
+# SPDX-FileCopyrightText: UL Research Institutes
+# SPDX-License-Identifier: Apache-2.0
+import pytest
+from cici.config.project.serializers import loads
+CONFIG_YAML = """
+name: test-pipeline
+targets:
+  - name: A
+  - name: B
+  - name: C
+  - name: D
+"""
+# Only some targets have hooks
+PRECOMMIT_HOOKS = {"A": {}, "C": {}}  # type: ignore[var-annotated]
+def _target_by_name(file_obj, name: str):
+    for t in file_obj.targets:
+        if t.name == name:
+            return t
+    raise AssertionError(f"Target not found: {name}")
+@pytest.mark.parametrize(
+    "target_name, expected_has_hook",
+    [
+        ("A", True),
+        ("B", False),
+        ("C", True),
+        ("D", False),
+    ],
+)
+def test_precommit_hook_injection_is_name_based(
+    target_name: str,
+    expected_has_hook: bool,
+):
+    file_obj = loads(
+        CONFIG_YAML,
+        gitlab_ci_jobs={},  # irrelevant for this test
+        precommit_hooks=PRECOMMIT_HOOKS,
+    )
+    target = _target_by_name(file_obj, target_name)
+    # dict-or-None version
+    assert (target.precommit_hook is not None) == expected_has_hook

cici-tools 0.17.0__tar.gz → 0.18.0__tar.gz

cici-tools 0.17.0tar.gz → 0.18.0tar.gz