Skip to content

refactor(templates): split rules-free base bodies for build/deploy/lint#89

Open
universal-itengineer wants to merge 1 commit into
mainfrom
refactor/split-rules-free-base-templates
Open

refactor(templates): split rules-free base bodies for build/deploy/lint#89
universal-itengineer wants to merge 1 commit into
mainfrom
refactor/split-rules-free-base-templates

Conversation

@universal-itengineer

Copy link
Copy Markdown
Member

What

Split the three rules-baked hidden templates into a rules-free *_base body plus a thin wrapper that re-adds the rules:

  • .build.build_base (body) + .build (extends: .build_base + rules)
  • .deploy.deploy_base (body) + .deploy (extends + rules + when: manual)
  • .lint.lint_base (body + allow_failure) + .lint (extends + rules)

Why

.build / .deploy / .lint bake rules: directly into the job body. GitLab merges extends: rules parent-first, so a consuming project cannot override the inherited gating — it is forced to copy the whole body verbatim just to attach its own rules: (e.g. strict .dev / .main / .prod gating). Those verbatim copies then drift from upstream (the virtualization module's copy already predates the bundle-attestation change).

Every other body template in this repo (.go_linter, .go_tests, .cve_scan, .svace_analyze) is already rules-free and expects the consumer to attach a context mixin, e.g. extends: [.go_linter, .dev]. These three were the outliers; this change aligns them.

Backward compatibility

.build / .deploy / .lint resolve to byte-identical jobs after the split, so existing consumers (including examples/simple-module.gitlab-ci.yml and the README snippet) are unaffected. New consumers can now do:

build_dev:
  extends:
    - .build_base
    - .dev

Extract .build_base / .deploy_base / .lint_base carrying only the job body
(stage + script, plus allow_failure for lint). .build / .deploy / .lint now
extend their base and re-add the baked-in rules (and when: manual for deploy),
so existing consumers are unaffected.

This lets consuming projects gate these jobs with their own context mixin
(extends: [.build_base, .dev]) instead of copying the body verbatim to escape
the inherited rules, matching the existing .go_linter / .cve_scan convention.

Signed-off-by: Nikita Korolev <nikita.korolev@flant.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants