3

I have a project filled with various pipeline templates that other projects can use for their work, keeping my CI DRY. These are not in a .gitlab-ci.yml file, but separate ./templates/language.yml files.

I'm already using yaml lint to make sure it is valid yaml, but I want to make sure I'm using valid GitLab CI syntax also.

I'd like to lint my CI templates when I'm merging. I have rejected running gitlab-runner exec shell because I can't figure out how to trigger specific copies. It looks like there might be something in the API with this, but I haven't been able to nail down the secret sauce.

How are you doing this?

Josiah
  • 2,666
  • 5
  • 30
  • 40
  • This is not possible through API. But they have a nice UI for validation. See https://docs.gitlab.com/ee/ci/lint.html – Shiplu Mokaddim Oct 15 '21 at 20:15
  • coming to this after 5 years and no real solution. sad. Their current docs do not provide much better: https://docs.gitlab.com/ee/api/lint.html – Inbar Rose Dec 19 '21 at 19:13

1 Answers1

0

We are using two different approach to achieve this.

  1. via API - https://docs.gitlab.com/ee/api/lint.html
  2. with a fake project setup within my templates
  3. with gitlab-ci-local

via API

The first approach is using the linter from gitlab via API:

curl --header "Content-Type: application/json" --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/ci/lint" --data '{"content": "{ \"image\": \"ruby:2.6\", \"services\": [\"postgres\"], \"before_script\": [\"bundle install\", \"bundle exec rake db:create\"], \"variables\": {\"DB_NAME\": \"postgres\"}, \"types\": [\"test\", \"deploy\", \"notify\"], \"rspec\": { \"script\": \"rake spec\", \"tags\": [\"ruby\", \"postgres\"], \"only\": [\"branches\"]}}"}'

The problem here, is that you can not utilize the JOB_TOKEN to do this, therefore you need to inject a secret and generate a token to achieve this. there is even a linting library available - https://github.com/BuBuaBu/gitlab-ci-lint

fake project

The second approach mimics the setup, with an own .gitlab-ci.yml which includes the templates and executes it. Like normal merge request pipelines. This way we ensure the scripts do not have any failure and are save to use them. We do this for docker images as well for gradle build templates etc.

eg. for docker images we build the image, include the template, and overwrite the image property of the jobs to the temporary docker image.

gitlab-ci-local

The third approach is not as sufficient and depending on the feature, lacks functionality. There is the tool gitlab-ci-local https://github.com/firecow/gitlab-ci-local which can be used to verify gitlab ci builds and execute them. But it is not an official implementation and not all features are present. In the end you also need again some kind of project setup.

If i can choose i would go with the first approach. In our case it has proven to be useful. The initial effort of faking a project is not that much, for the benefit of a long term save solution.

Simon Schrottner
  • 4,146
  • 1
  • 24
  • 36