$re = '/\s+# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( VersionTemplate=(?<VersionTemplate>.*?))?\s+-\s+(?<currentValue>\d+.\d+.\d+).*
/';
$str = '---
workflow:
rules:
- if: $CI_COMMIT_TAG
variables:
OCI_TAG_FORMAT: "$CI_COMMIT_TAG"
- when: always
variables:
OCI_TAG_FORMAT: "0.0.0-git-$CI_COMMIT_SHORT_SHA"
variables:
REPO_URL: "$CI_REGISTRY_IMAGE"
REPO_IMAGE: $REPO_URL/$DISK_IMAGE_NAME:$OCI_TAG_FORMAT
REPO_IMAGE_SNAPSHOT: $REPO_URL/snapshots/$DISK_IMAGE_NAME:$OCI_TAG_FORMAT
IMAGE_FORMAT: raw
DISK_IMAGE_NAME: $OS-$OS_RELEASE-$FLAVOR-$K8S_FLAVOR
GITLEAKS_ARGS: \'--verbose --log-opts=$CI_COMMIT_SHA\'
DIB_SHOW_IMAGE_USAGE: 1
DIB_DEBUG_TRACE: 1
KANOD_OPTIONS_BASE: "-b no_kanod_network -b lvm -b growpart"
# renovate: datasource=docker
UBUNTU_CI_IMAGE: registry.gitlab.com/sylva-projects/sylva-elements/container-images/ci-disk-image-builder/ubuntu:v2.0.8
# renovate: datasource=docker
SUSE_CI_IMAGE: registry.gitlab.com/sylva-projects/sylva-elements/container-images/ci-disk-image-builder/suse:v2.0.8
# renovate: datasource=docker
GENERATE_OS_SBOM_CI_IMAGE: registry.gitlab.com/sylva-projects/sylva-elements/container-images/trivy-libguestfs:1.0.0
stages:
- test
- build
- release
- gitleaks
include:
- project: \'renovate-bot/renovate-runner\'
ref: v18.64.1
file: \'/templates/renovate-config-validator.gitlab-ci.yml\'
rules:
- if: $CI_PIPELINE_SOURCE == \'merge_request_event\'
changes:
paths:
- .gitlab-ci.yml
- renovate.json
- project: \'sylva-projects/sylva-elements/renovate\'
ref: 1.0.0
file: \'/templates/renovate-dry-run.gitlab-ci.yml\'
rules:
- if: $CI_PIPELINE_SOURCE == \'merge_request_event\'
changes:
paths:
- renovate.json
- project: "to-be-continuous/gitleaks"
ref: 2.5.2
file: "templates/gitlab-ci-gitleaks.yml"
- project: \'sylva-projects/sylva-elements/ci-tooling/ci-templates\'
ref: 1.0.22
file:
- \'templates/release-notes.yml\'
# Override the release notes suffix to add the images produced during the build
.release-notes-after-script:
- |
apk add curl bash jq
curl -sS --header "PRIVATE-TOKEN: $RELEASE_NOTES_READ_API_TOKEN" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/pipelines/${CI_PIPELINE_ID}/bridges" \\
| jq ".[].downstream_pipeline.id" \\
| grep -v null \\
| xargs -i curl -sS --header "PRIVATE-TOKEN: $RELEASE_NOTES_READ_API_TOKEN" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/pipelines/{}/jobs" \\
| jq \'.[] | select(.name == "promote") | .id\' \\
| xargs -i curl --location --header "PRIVATE-TOKEN: $RELEASE_NOTES_READ_API_TOKEN" --output artifacts-{}.zip "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/jobs/{}/artifacts"
ls
for z in *.zip; do unzip -o $z; done
echo "## Produced images:" >> release-notes.md
echo " " >> release-notes.md
cat *release.md | tee -a release-notes.md
# Override the stage to run the release notes creation after the build of the images
prepare-release-notes:
stage: release
# Override the stage to run the release notes creation after the build of the images
create-release-notes:
stage: release
gitleaks:
rules:
- when: never
# Customize gitleak job imported from to-be-continuous in order to checkout main
# (needed for git to be able to retrieve commits from this branch not in main)
gitleaks-custom:
stage: gitleaks
extends: gitleaks
needs: []
before_script:
- echo GITLEAKS_ARGS=$GITLEAKS_ARGS
- !reference [gitleaks, before_script]
variables:
GITLEAKS_ARGS: \'--verbose --log-opts=origin/main..HEAD\'
rules:
- if: \'$CI_PIPELINE_SOURCE == "pipeline"\' # Do not trigger gitleaks for cross-repo pipelines
when: never
- if: $CI_BRANCH_NAME == "main"
variables:
GITLEAKS_ARGS: \'--verbose\' # on main, detect leaks on whole repo
- when: always
.kubeadm_settings:
variables:
K8S_FLAVOR: kubeadm
KANOD_OPTIONS_K8S: "-b kubeadm"
parallel:
matrix:
- K8S_VERSION:
# renovate: datasource=github-releases depName=kubernetes/kubernetes VersionTemplate=v
- 1.29.9
# renovate: datasource=github-releases depName=kubernetes/kubernetes VersionTemplate=v
- 1.28.14
# renovate: datasource=github-releases depName=kubernetes/kubernetes VersionTemplate=v
- 1.27.16
.rke2_settings:
variables:
K8S_FLAVOR: rke2
KANOD_OPTIONS_K8S: "-b rke2_airgapped"
parallel:
matrix:
- K8S_VERSION:
# renovate: datasource=github-releases depName=rancher/rke2 VersionTemplate=v
- 1.29.9-rke2r1
# renovate: datasource=github-releases depName=rancher/rke2 VersionTemplate=v
- 1.28.14-rke2r1
# renovate: datasource=github-releases depName=rancher/rke2 VersionTemplate=v
- 1.27.16-rke2r2
.ubuntu_settings:
variables:
OS: ubuntu
OS_RELEASE: jammy
.opensuse_settings:
variables:
OS: opensuse
OS_RELEASE: "15.5"
.default-trigger:
trigger:
include: .gitlab/ci/pipeline-build-and-test.yml
strategy: depend
forward:
pipeline_variables: true
rules:
- if: $CI_COMMIT_TAG
- if: $CI_PIPELINE_SOURCE == \'merge_request_event\' && $CI_MERGE_REQUEST_LABELS =~ /AutoMerge/
- if: $CI_PIPELINE_SOURCE == \'merge_request_event\'
when: manual
- if: $CI_PIPELINE_SOURCE == \'pipeline\'
when: manual
build-ubuntu-hardened-rke2:
extends:
- .default-trigger
- .rke2_settings
- .ubuntu_settings
variables:
FLAVOR: hardened
KANOD_OPTIONS: "$KANOD_OPTIONS_BASE $KANOD_OPTIONS_K8S -b cis_remediation"
build-ubuntu-plain-rke2:
extends:
- .default-trigger
- .rke2_settings
- .ubuntu_settings
variables:
FLAVOR: plain
KANOD_OPTIONS: "$KANOD_OPTIONS_BASE $KANOD_OPTIONS_K8S"
build-ubuntu-plain-kubeadm:
extends:
- .default-trigger
- .kubeadm_settings
- .ubuntu_settings
variables:
FLAVOR: plain
KANOD_OPTIONS: "$KANOD_OPTIONS_BASE $KANOD_OPTIONS_K8S"
build-opensuse-plain-rke2:
extends:
- .default-trigger
- .rke2_settings
- .opensuse_settings
trigger:
include: .gitlab/ci/pipeline-build-and-test-suse.yml
strategy: depend
variables:
FLAVOR: plain
KANOD_OPTIONS: "$KANOD_OPTIONS_BASE $KANOD_OPTIONS_K8S"
build-opensuse-plain-kubeadm:
extends:
- .default-trigger
- .kubeadm_settings
- .opensuse_settings
trigger:
include: .gitlab/ci/pipeline-build-and-test-suse.yml
strategy: depend
variables:
FLAVOR: plain
KANOD_OPTIONS: "$KANOD_OPTIONS_BASE $KANOD_OPTIONS_K8S"
build-opensuse-hardened-rke2:
extends:
- .default-trigger
- .rke2_settings
- .opensuse_settings
trigger:
include: .gitlab/ci/pipeline-build-and-test-suse.yml
strategy: depend
variables:
FLAVOR: hardened
KANOD_OPTIONS: "$KANOD_OPTIONS_BASE $KANOD_OPTIONS_K8S -b cis_remediation_opensuse"
';
preg_match_all($re, $str, $matches, PREG_SET_ORDER, 0);
// Print the entire match result
var_dump($matches);
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for PHP, please visit: http://php.net/manual/en/ref.pcre.php