Hi Team,
I’ve written shell script which will create Tag on release, develop , hotfix and main branch. Tagging is working fine on develop and release branch. When I’m merging my changes in hotfix branch MR pipeline didn’t create tag for hotfix changes.
Whenever I test with other newly created branch tag works. Even I checked on hotfix after removing branching rules and removed hotfix branch from protected branch.
Please assist me for the tagging issue on hotfix branch.
regards,
Rahul Rawat
Here is the .gitlab-ci.yml file
include:
default:
tags:
- internal
variables:
THRESHOLD_CODE_COVERAGE: 80
VAR_version_code: ${versioncode}
SAST_EXCLUDED_ANALYZERS: “spotbugs”
DS_EXCLUDED_ANALYZERS: “gemnasium-maven”
SAST_REPORT_FILE: “gl-sast-report.json”
GEMNASIUM_DS_REPORT_FILE: “gl-dependency-scanning-report.json”
COVERAGE_REPORT_FILE: “Pocket/coverage/cobertura-coverage.xml”
COVERAGE_REPORT_JSON: “Pocket/coverage/coverage-summary.json”
LICENSE_SC_REPORT_FILE: “gl-license-scanning-report.json”
SECRET_DETECTION_REPORT_FILE: “gl-secret-detection-report.json”
SAST_EXCLUDED_PATHS: Pocket/src/components/LoadingIndicator/reducer.js,Pocket/src/common/store/typeSafe.js,package-lock.json
DS_EXCLUDED_PATHS: Pocket/yarn.lock,Pocket/src/components/LoadingIndicator/reducer.js,Pocket/src/common/store/typeSafe.js,package-lock.json
image: reactnativecommunity/react-native-android:5.4
#stages
stages:
#ESLINT-SAST ANALYZER
eslint-sast:
stage: test
allow_failure: false
artifacts:
paths:
- $SAST_REPORT_FILE
expire_in: 1 day
#GEMNASIUM-DEPENDENCY_SCANNING ANALYZER
gemnasium-dependency_scanning:
stage: test
allow_failure: false
artifacts:
paths:
- $GEMNASIUM_DS_REPORT_FILE
expire_in: 1 day
#VERIFYING GEMNASIUM-DEPENDENCY_SCANNING VULNERABILITIES
verify-gemnasium-vulnerabilites:
stage: test
rules:
- if: $CI_COMMIT_TAG
when: never
needs:
- job: “gemnasium-dependency_scanning”
variables:
GIT_STRATEGY: none
cache: {}
before_script:
- sudo apt-get update
- sudo apt-get -y install jq
script:
- |
if [ -f “$GEMNASIUM_DS_REPORT_FILE” ]; then
if [[ “$CI_COMMIT_REF_NAME” = “main” ]]; then
if [[ “$(jq “.vulnerabilities | length” $GEMNASIUM_DS_REPORT_FILE)” -gt 0 ]]; then
echo “Vulnerabilities detected. Please check”
exit 1
fi
else
if [[ “$(jq “.vulnerabilities.severity” $GEMNASIUM_DS_REPORT_FILE | grep “High|Critical” | wc -l)” -gt 0 ]]; then
echo “High/Critical Vulnerabilities present”
exit 1
fi
fi
fi
#LICENSE_SCANNING ANALYZER
license_scanning:
stage: test
allow_failure: false
artifacts:
paths:
- $LICENSE_SC_REPORT_FILE
expire_in: 1 day
#VERIFYING LICENSE_SCANNING VULNERABILITIES
verify-license-scan-vulnerabilites:
stage: test
rules:
- if: $CI_COMMIT_TAG
when: never
needs:
- job: “license_scanning”
variables:
GIT_STRATEGY: none
cache: {}
before_script:
- sudo apt-get update
- sudo apt-get -y install jq
script:
- |
if [ -f “$LICENSE_SC_REPORT_FILE” ]; then
if [[ “$CI_COMMIT_REF_NAME” = “main” ]]; then
if [[ “$(jq “.vulnerabilities | length” $LICENSE_SC_REPORT_FILE)” -gt 0 ]]; then
echo “Vulnerabilities detected. Please check”
exit 1
fi
else
if [[ “$(jq “.vulnerabilities.severity” $LICENSE_SC_REPORT_FILE | grep “High|Critical” | wc -l)” -gt 0 ]]; then
echo “High/Critical Vulnerabilities present”
exit 1
fi
fi
fi
#NODEJS-SCAN-SAST ANALYZER
nodejs-scan-sast:
stage: test
allow_failure: false
artifacts:
paths:
- $SAST_REPORT_FILE
expire_in: 1 day
#SECRET_DETECTION ANALYZER
secret_detection:
stage: test
allow_failure: false
artifacts:
paths:
- $SECRET_DETECTION_REPORT_FILE
expire_in: 1 day
#VERIFYING SECRET_DETECTION VULNERABILITIES
verify-secret-detection-vulnerabilites:
stage: test
rules:
- if: $CI_COMMIT_TAG
when: never
needs:
- job: “secret_detection”
variables:
GIT_STRATEGY: none
cache: {}
before_script:
- sudo apt-get update
- sudo apt-get -y install jq
script:
- |
if [ -f “$SECRET_DETECTION_REPORT_FILE” ]; then
if [[ “$CI_COMMIT_REF_NAME” = “main” ]]; then
if [[ “$(jq “.vulnerabilities | length” $SECRET_DETECTION_REPORT_FILE)” -gt 0 ]]; then
echo “Vulnerabilities detected. Please check”
exit 1
fi
else
if [[ “$(jq “.vulnerabilities.severity” $SECRET_DETECTION_REPORT_FILE | grep “High|Critical” | wc -l)” -gt 0 ]]; then
echo “High/Critical Vulnerabilities present”
exit 1
fi
fi
fi
#SEMGREP-SAST ANALYZER
semgrep-sast:
stage: test
allow_failure: false
artifacts:
paths:
- $SAST_REPORT_FILE
expire_in: 1 day
#VERIFYING SAST VULNERABILITIES
verify-sast-vulnerabilites:
stage: test
rules:
- if: $CI_COMMIT_TAG
when: never
#Added artifacts
needs:
# - job: “eslint-sast”
- job: “nodejs-scan-sast”
- job: “semgrep-sast”
variables:
GIT_STRATEGY: none
cache: {}
before_script:
- sudo apt-get update
- sudo apt-get -y install jq
script:
- echo $(pwd)
- ls
- |
if [ -f “$SAST_REPORT_FILE” ]; then
if [[ “$CI_COMMIT_REF_NAME” = “main” ]]; then
if [[ “$(jq “.vulnerabilities | length” $SAST_REPORT_FILE)” -gt 0 ]]; then
echo “Vulnerabilities detected. Please check”
exit 1
fi
else
if [[ “$(jq “.vulnerabilities.severity” $SAST_REPORT_FILE | grep “High|Critical” | wc -l)” -gt 0 ]]; then
echo “High/Critical Vulnerabilities present”
exit 1
fi
fi
fi
#TEST AND CODE-COVERAGE
test:
stage: test
coverage: /All files[^|]|[^|]\s+([\d.]+)/
script:
- cd Pocket && yarn install
- yarn test:ci
artifacts:
expire_in: 1 week
paths:
- $COVERAGE_REPORT_JSON
reports:
junit:
- Pocket/junit.xml
coverage_report:
coverage_format: cobertura
path: $COVERAGE_REPORT_FILE
#verifying code-coverage
verify-code-coverage:
stage: test
rules:
- if: $CI_COMMIT_TAG
needs:
- job: “test”
variables:
GIT_STRATEGY: none
cache: {}
before_script:
- sudo apt-get update
- sudo apt-get -y install jq
script:
- echo $(pwd)
- ls
# - ls */
- |
if [[ -f “$COVERAGE_REPORT_JSON” ]]; then
CODE_COVERAGE_VALUE=$(jq “.total.statements.pct” $COVERAGE_REPORT_JSON | cut -d’.’ -f1)
echo “code coverage is $CODE_COVERAGE_VALUE”
if [[ $CODE_COVERAGE_VALUE -lt $THRESHOLD_CODE_COVERAGE ]];
then
echo “The code coverage is below $THRESHOLD_CODE_COVERAGE%”
exit 1
else
echo “The code coverage is great and above $THRESHOLD_CODE_COVERAGE%”
fi
fi
#BUILD
build:
stage: build
before_script:
- echo “JOB_ID=$CI_JOB_ID” >> build.env
- echo $JOB_ID
script:
- cd Pocket && yarn install
- cd android && chmod +x gradlew
- ./gradlew clean
- ./gradlew assembleRelease
artifacts:
paths:
- Pocket/android/app/build/outputs/
expire_in: never
reports:
dotenv: build.env
only:
- develop
- release
#- hotfix
- main
bundle_build:
stage: build
needs:
- job: build
artifacts: true
script:
- cd Pocket && yarn install
- cd android && chmod +x gradlew
- ./gradlew bundleRelease
- cd app/build/outputs/bundle/release
artifacts:
paths:
- Pocket/android/app/build/outputs/bundle/release
expire_in: never
only:
- main
create_version:
stage: build
script:
- |
source ./Pocket/scripts/create_tag.sh
only:
- develop
- release
- hotfix
- main
#Release job
release_job:
stage: release
image: registry.gitlab.com/gitlab-org/release-cli:latest
rules:
- if: $CI_COMMIT_TAG
when: always
needs:
- job: build
artifacts: true
script:
- echo $JOB_ID
release:
name: “$CI_COMMIT_TAG”
tag_name: “$CI_COMMIT_TAG”
description: “release”
ref: “$CI_COMMIT_SHA”
assets:
links:
- name: “Periscope-mobile-outputs-apk”
url: “https://gitlab.com/invafresh/platform/uxui/periscope-mobile/-/jobs/${JOB_ID}/artifacts/browse/Pocket/android/app/build/outputs/apk/release/”
- name: “Periscope-mobile-outputs-aab”
url: “https://gitlab.com/invafresh/platform/uxui/periscope-mobile/-/jobs/${JOB_ID}/artifacts/browse/Pocket/android/app/build/outputs/bundle/release/”
source ./Pocket/scripts/create_tag.sh
#!/bin/bash
source ./Pocket/scripts/read_version.sh
echo “$VERSION_CODE”
versionCode=$VERSION_CODE
if [[ ${CI_COMMIT_REF_NAME} = “release” ]]; then
versionPrefix=“$versionCode-beta”
versionSuffix=$(git tag | grep "$versionCode-beta.*" | sort -V | awk -F'.' '{print $NF}' | tail -1) | echo $versionSuffix | [ “$versionSuffix” == “” ] && echo versionSuffix=“Null” || echo versionSuffix=“Not Null”
if [ “$versionSuffix” == “Null” ]; then
versionSuffix=0
tagVersion=“$versionPrefix.$versionSuffix”
else
versionSuffix=$(git tag | grep “$versionCode-beta." | sort -V | awk -F’.’ ‘{print $NF}’ | tail -1)
versionSuffix=$(($versionSuffix + 1))
tagVersion=“$versionPrefix.$versionSuffix”
fi
elif [[ ${CI_COMMIT_REF_NAME} = “develop” ]]; then
versionPrefix=“$versionCode-alpha”
versionSuffix=$(git tag | grep "$versionCode-alpha.*" | sort -V | awk -F'.' '{print $NF}' | tail -1) | echo $versionSuffix | [ “$versionSuffix” == “” ] && echo versionSuffix=“Null” || echo versionSuffix=“Not Null”
if [ “$versionSuffix” == “Null” ]; then
versionSuffix=0
tagVersion=“$versionPrefix.$versionSuffix”
else
versionSuffix=$(git tag | grep "$versionCode-alpha.” | sort -V | awk -F’.’ ‘{print $NF}’ | tail -1)
versionSuffix=$(($versionSuffix + 1))
tagVersion=“$versionPrefix.$versionSuffix”
fi
elif [[ ${CI_COMMIT_REF_NAME} = “hotfix” ]]; then
versionPrefix=“$versionCode-beta”
echo “VersionPrefix: $versionPrefix”
versionSuffix=$(git tag | grep "$versionCode-beta.*" | sort -V | awk -F'.' '{print $NF}' | tail -1) | echo $versionSuffix | [ “$versionSuffix” == “” ] && echo versionSuffix=“Null” || echo versionSuffix=“NotNull”
if [ “$versionSuffix” == “Null” ]; then
versionSuffix=0
tagVersion=“$versionPrefix.$versionSuffix”
else
versionSuffix=$(git tag | grep “$versionCode-beta.*” | sort -V | awk -F’.’ ‘{print $NF}’ | tail -1)
versionSuffix=$(($versionSuffix + 1))
tagVersion=“$versionPrefix.$versionSuffix”
fi
elif [[ ${CI_COMMIT_REF_NAME} = “main” ]]; then
versionPrefix=“$versionCode”
versionPrefix=$(git tag -l | grep -oE '^[0-9.]+' | tail -1) | echo $versionPrefix | [ “$versionPrefix” == “” ] && echo versionPrefix=“Null” || echo versionPrefix=“Not Null”
if [ “$versionPrefix” == “Null” ]; then
versionPrefix=“$versionCode”
tagVersion=“$versionPrefix”
else
versionPrefix=$(git tag -l | grep -oE ‘[1]+’ | tail -1)
major=$(echo “$versionPrefix” | cut -d. -f1)
minor=$(echo “$versionPrefix” | cut -d. -f2)
patch=$(echo “$versionPrefix” | cut -d. -f3)
patch=$((patch + 1))
versionPrefix=“${major}.${minor}.${patch}”
tagVersion=“$versionPrefix”
fi
else
echo “tag creation not supported for branch: ${CI_COMMIT_REF_NAME}”
exit 1
fi
echo “creating tag for the branch: $tagVersion”
git config --global user.name “Rahul Rawat”
git config --global user.email “rahul.rawat@********.com”
git remote add api-origin https://oauth2:$GITLAB_TOKEN_NEW@gitlab.com/invafresh/platform/uxui/periscope-mobile.git
git tag -a $tagVersion -m “release version: $tagVersion”
git push api-origin --tags
0-9. ↩︎
@Rahu.Rawat Please use the tools available in the post creation box to format your posts properly. It’s extremely difficult to read your posts due to the lack of formatting. Like using code boxes like:
this is an example code box
If you want help, help yourself by formatting and make your posts easier to read. See this post: Community, first steps: Code, config, log block formatting in topics and replies
Hi @iwalker
Ohh, sorry for that.
create_tag.sh
#!/bin/bash
source ./Pocket/scripts/read_version.sh
echo "$VERSION_CODE"
versionCode=$VERSION_CODE
if [[ ${CI_COMMIT_REF_NAME} = "release" ]]; then
versionPrefix="$versionCode-beta"
versionSuffix=`$(git tag | grep "$versionCode-beta.*" | sort -V | awk -F'.' '{print $NF}' | tail -1)` | echo $versionSuffix | ["$versionSuffix" == ""] && echo versionSuffix="Null" || echo versionSuffix="Not Null"
if ["$versionSuffix" == "Null"]; then
versionSuffix=0
tagVersion="$versionPrefix.$versionSuffix"
else
versionSuffix=$(git tag | grep "$versionCode-beta.*" | sort -V | awk -F'.' '{print $NF}' | tail -1)
versionSuffix=$(($versionSuffix + 1))
tagVersion="$versionPrefix.$versionSuffix"
fi
elif [[ ${CI_COMMIT_REF_NAME} = "develop" ]]; then
versionPrefix="$versionCode-alpha"
versionSuffix=`$(git tag | grep "$versionCode-alpha.*" | sort -V | awk -F'.' '{print $NF}' | tail -1)` | echo $versionSuffix | ["$versionSuffix" == ""] && echo versionSuffix="Null" || echo versionSuffix="Not Null"
if ["$versionSuffix" == "Null"]; then
versionSuffix=0
tagVersion="$versionPrefix.$versionSuffix"
else
versionSuffix=$(git tag | grep "$versionCode-alpha.*" | sort -V | awk -F'.' '{print $NF}' | tail -1)
versionSuffix=$(($versionSuffix + 1))
tagVersion="$versionPrefix.$versionSuffix"
fi
elif [[ ${CI_COMMIT_REF_NAME} = "hotfix" ]]; then
versionPrefix="$versionCode-beta"
echo "VersionPrefix: $versionPrefix"
versionSuffix=`$(git tag | grep "$versionCode-beta.*" | sort -V | awk -F'.' '{print $NF}' | tail -1)` | echo $versionSuffix | ["$versionSuffix" == ""] && echo versionSuffix="Null" || echo versionSuffix="NotNull"
if [[ "$versionSuffix" == "Null" ]]; then
versionSuffix=0
tagVersion="$versionPrefix.$versionSuffix"
else
versionSuffix=$(git tag | grep "$versionCode-beta.*" | sort -V | awk -F'.' '{print $NF}' | tail -1)
versionSuffix=$(($versionSuffix + 1))
tagVersion="$versionPrefix.$versionSuffix"
fi
elif [[ ${CI_COMMIT_REF_NAME} = "main" ]]; then
versionPrefix="$versionCode"
versionPrefix=`$(git tag -l | grep -oE '^[0-9.]+' | tail -1)` | echo $versionPrefix | ["$versionPrefix" == ""] && echo versionPrefix="Null" || echo versionPrefix="Not Null"
if ["$versionPrefix" == "Null"]; then
versionPrefix="$versionCode"
tagVersion="$versionPrefix"
else
versionPrefix=$(git tag -l | grep -oE '^[0-9.]+' | tail -1)
major=$(echo "$versionPrefix" | cut -d. -f1)
minor=$(echo "$versionPrefix" | cut -d. -f2)
patch=$(echo "$versionPrefix" | cut -d. -f3)
patch=$((patch + 1))
versionPrefix="${major}.${minor}.${patch}"
tagVersion="$versionPrefix"
fi
else
echo "tag creation not supported for branch: ${CI_COMMIT_REF_NAME}"
exit 1
fi
echo "creating tag for the branch: $tagVersion"
git config --global user.name "Rahul Rawat"
git config --global user.email "rahul.rawat@********.com"
git remote add api-origin https://oauth2:$GITLAB_TOKEN_NEW@gitlab.com/invafresh/platform/uxui/periscope-mobile.git
git tag -a $tagVersion -m "release version: $tagVersion"
git push api-origin --tags
.gitlab-ci.yml
include:
- template: Security/SAST.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
- template: Security/License-Scanning.gitlab-ci.yml
default:
tags:
- internal
variables:
THRESHOLD_CODE_COVERAGE: 80
VAR_version_code: ${versioncode}
SAST_EXCLUDED_ANALYZERS: "spotbugs"
DS_EXCLUDED_ANALYZERS: "gemnasium-maven"
SAST_REPORT_FILE: "gl-sast-report.json"
GEMNASIUM_DS_REPORT_FILE: "gl-dependency-scanning-report.json"
COVERAGE_REPORT_FILE: "Pocket/coverage/cobertura-coverage.xml"
COVERAGE_REPORT_JSON: "Pocket/coverage/coverage-summary.json"
LICENSE_SC_REPORT_FILE: "gl-license-scanning-report.json"
SECRET_DETECTION_REPORT_FILE: "gl-secret-detection-report.json"
SAST_EXCLUDED_PATHS: Pocket/src/components/LoadingIndicator/reducer.js,Pocket/src/common/store/typeSafe.js,package-lock.json
# SECRET_DETECTION_EXCLUDED_PATHS: .gitlab-ci.yml
DS_EXCLUDED_PATHS: Pocket/yarn.lock,Pocket/src/components/LoadingIndicator/reducer.js,Pocket/src/common/store/typeSafe.js,package-lock.json
image: reactnativecommunity/react-native-android:5.4
#stages
stages:
- test
- build
- bundle_build
- release
#ESLINT-SAST ANALYZER
eslint-sast:
stage: test
allow_failure: false
artifacts:
paths:
- $SAST_REPORT_FILE
expire_in: 1 day
#GEMNASIUM-DEPENDENCY_SCANNING ANALYZER
gemnasium-dependency_scanning:
stage: test
allow_failure: false
artifacts:
paths:
- $GEMNASIUM_DS_REPORT_FILE
expire_in: 1 day
#VERIFYING GEMNASIUM-DEPENDENCY_SCANNING VULNERABILITIES
verify-gemnasium-vulnerabilites:
stage: test
rules:
- if: $CI_COMMIT_TAG
when: never
needs:
- job: "gemnasium-dependency_scanning"
variables:
GIT_STRATEGY: none
cache: {}
before_script:
- sudo apt-get update
- sudo apt-get -y install jq
script:
- |
if [ -f "$GEMNASIUM_DS_REPORT_FILE" ]; then
if [[ "$CI_COMMIT_REF_NAME" = "main" ]]; then
if [[ "$(jq ".vulnerabilities | length" $GEMNASIUM_DS_REPORT_FILE)" -gt 0 ]]; then
echo "Vulnerabilities detected. Please check"
exit 1
fi
else
if [[ "$(jq ".vulnerabilities[].severity" $GEMNASIUM_DS_REPORT_FILE | grep "High\|Critical" | wc -l)" -gt 0 ]]; then
echo "High/Critical Vulnerabilities present"
exit 1
fi
fi
fi
#LICENSE_SCANNING ANALYZER
license_scanning:
stage: test
allow_failure: false
artifacts:
paths:
- $LICENSE_SC_REPORT_FILE
expire_in: 1 day
#VERIFYING LICENSE_SCANNING VULNERABILITIES
verify-license-scan-vulnerabilites:
stage: test
rules:
- if: $CI_COMMIT_TAG
when: never
needs:
- job: "license_scanning"
variables:
GIT_STRATEGY: none
cache: {}
before_script:
- sudo apt-get update
- sudo apt-get -y install jq
script:
- |
if [ -f "$LICENSE_SC_REPORT_FILE" ]; then
if [[ "$CI_COMMIT_REF_NAME" = "main" ]]; then
if [[ "$(jq ".vulnerabilities | length" $LICENSE_SC_REPORT_FILE)" -gt 0 ]]; then
echo "Vulnerabilities detected. Please check"
exit 1
fi
else
if [[ "$(jq ".vulnerabilities[].severity" $LICENSE_SC_REPORT_FILE | grep "High\|Critical" | wc -l)" -gt 0 ]]; then
echo "High/Critical Vulnerabilities present"
exit 1
fi
fi
fi
#NODEJS-SCAN-SAST ANALYZER
nodejs-scan-sast:
stage: test
allow_failure: false
artifacts:
paths:
- $SAST_REPORT_FILE
expire_in: 1 day
#SECRET_DETECTION ANALYZER
secret_detection:
stage: test
allow_failure: false
artifacts:
paths:
- $SECRET_DETECTION_REPORT_FILE
expire_in: 1 day
#VERIFYING SECRET_DETECTION VULNERABILITIES
verify-secret-detection-vulnerabilites:
stage: test
rules:
- if: $CI_COMMIT_TAG
when: never
needs:
- job: "secret_detection"
variables:
GIT_STRATEGY: none
cache: {}
before_script:
- sudo apt-get update
- sudo apt-get -y install jq
script:
- |
if [ -f "$SECRET_DETECTION_REPORT_FILE" ]; then
if [[ "$CI_COMMIT_REF_NAME" = "main" ]]; then
if [[ "$(jq ".vulnerabilities | length" $SECRET_DETECTION_REPORT_FILE)" -gt 0 ]]; then
echo "Vulnerabilities detected. Please check"
exit 1
fi
else
if [[ "$(jq ".vulnerabilities[].severity" $SECRET_DETECTION_REPORT_FILE | grep "High\|Critical" | wc -l)" -gt 0 ]]; then
echo "High/Critical Vulnerabilities present"
exit 1
fi
fi
fi
#SEMGREP-SAST ANALYZER
semgrep-sast:
stage: test
allow_failure: false
artifacts:
paths:
- $SAST_REPORT_FILE
expire_in: 1 day
#VERIFYING SAST VULNERABILITIES
verify-sast-vulnerabilites:
stage: test
rules:
- if: $CI_COMMIT_TAG
when: never
#Added artifacts
# artifacts:
# name: sast
# paths:
# - gl-sast-report.json
# reports:
# sast: gl-sast-report.json
# when: always
needs:
# - job: "eslint-sast"
- job: "nodejs-scan-sast"
- job: "semgrep-sast"
variables:
GIT_STRATEGY: none
cache: {}
before_script:
- sudo apt-get update
- sudo apt-get -y install jq
script:
- echo $(pwd)
- ls
- |
if [ -f "$SAST_REPORT_FILE" ]; then
if [[ "$CI_COMMIT_REF_NAME" = "main" ]]; then
if [[ "$(jq ".vulnerabilities | length" $SAST_REPORT_FILE)" -gt 0 ]]; then
echo "Vulnerabilities detected. Please check"
exit 1
fi
else
if [[ "$(jq ".vulnerabilities[].severity" $SAST_REPORT_FILE | grep "High\|Critical" | wc -l)" -gt 0 ]]; then
echo "High/Critical Vulnerabilities present"
exit 1
fi
fi
fi
#TEST AND CODE-COVERAGE
test:
stage: test
coverage: /All files[^|]*\|[^|]*\s+([\d\.]+)/
script:
- cd Pocket && yarn install
- yarn test:ci
artifacts:
expire_in: 1 week
paths:
- $COVERAGE_REPORT_JSON
reports:
junit:
- Pocket/junit.xml
coverage_report:
coverage_format: cobertura
path: $COVERAGE_REPORT_FILE
#verifying code-coverage
verify-code-coverage:
stage: test
rules:
- if: $CI_COMMIT_TAG
needs:
- job: "test"
variables:
GIT_STRATEGY: none
cache: {}
before_script:
- sudo apt-get update
- sudo apt-get -y install jq
script:
- echo $(pwd)
- ls
# - ls */
- |
if [[ -f "$COVERAGE_REPORT_JSON" ]]; then
CODE_COVERAGE_VALUE=$(jq ".total.statements.pct" $COVERAGE_REPORT_JSON | cut -d'.' -f1)
echo "code coverage is $CODE_COVERAGE_VALUE"
if [[ $CODE_COVERAGE_VALUE -lt $THRESHOLD_CODE_COVERAGE ]];
then
echo "The code coverage is below $THRESHOLD_CODE_COVERAGE%"
exit 1
else
echo "The code coverage is great and above $THRESHOLD_CODE_COVERAGE%"
fi
fi
#BUILD
build:
stage: build
before_script:
- echo "JOB_ID=$CI_JOB_ID" >> build.env
- echo $JOB_ID
script:
- cd Pocket && yarn install
- cd android && chmod +x gradlew
- ./gradlew clean
- ./gradlew assembleRelease
artifacts:
paths:
- Pocket/android/app/build/outputs/
expire_in: never
reports:
dotenv: build.env
only:
- develop
- release
#- hotfix
- main
bundle_build:
stage: build
needs:
- job: build
artifacts: true
script:
- cd Pocket && yarn install
- cd android && chmod +x gradlew
- ./gradlew bundleRelease
- cd app/build/outputs/bundle/release
artifacts:
paths:
- Pocket/android/app/build/outputs/bundle/release
expire_in: never
only:
- main
create_version:
stage: build
# needs:
# - job: "build"
script:
- |
source ./Pocket/scripts/create_tag.sh
only:
- develop
- release
- hotfix
- main
#Release job
release_job:
stage: release
image: registry.gitlab.com/gitlab-org/release-cli:latest
rules:
- if: $CI_COMMIT_TAG
when: always
needs:
- job: build
artifacts: true
script:
- echo $JOB_ID
release:
name: "$CI_COMMIT_TAG"
tag_name: "$CI_COMMIT_TAG"
description: "release"
ref: "$CI_COMMIT_SHA"
assets:
links:
- name: "Periscope-mobile-outputs-apk"
url: "https://gitlab.com/invafresh/platform/uxui/periscope-mobile/-/jobs/${JOB_ID}/artifacts/browse/Pocket/android/app/build/outputs/apk/release/"
- name: "Periscope-mobile-outputs-aab"
url: "https://gitlab.com/invafresh/platform/uxui/periscope-mobile/-/jobs/${JOB_ID}/artifacts/browse/Pocket/android/app/build/outputs/bundle/release/"
Access Token used in shell script have maintainer role. But before some developer create access token with “Developer” role and even tagging is working for develop and release branch.
Even tried with deleting hotfix branching policy, remove hotfix from protected branch.
read_version.sh file which fetch the Version Code from build.gradle file.
#!/bin/bash
# Find the line range containing the getVersionName function definition
get_version_name_function=$(awk '/def getVersionName\(\)/,/}/' Pocket/android/app/build.gradle | grep -A1 "default" | tail -n 1)
# Extract the version name using a regex pattern
versionCode=$(echo "$get_version_name_function" | grep -oP 'return\s+"\K[\d.]+')
# versionCode=$(grep -oP "versionCode \K[0-9]+" Pocket/android/app/build.gradle | sed -n '1p')
# export VERSION_NAME="$version_name"
export VERSION_CODE="$versionCode"
Below is the error message while running from GitLab, not a detailed information 
it tried with set -x even though didn’t get detailed logs.
@Rahu.Rawat I’d say you have typo in your create_tag.sh. For the hotfix you have echo versionPrefix="NotNull" while everywhere else you have echo versionPrefix="Not Null"
Hi @balonik
I’ve updated the script and still tagging not fixed on hotfix branch. I’m running pipeline from hotfix.
#!/bin/bash
source ./Pocket/scripts/read_version.sh
echo "$VERSION_CODE"
versionCode=$VERSION_CODE
if [[ ${CI_COMMIT_REF_NAME} = "release" ]]; then
versionPrefix="$versionCode-beta"
versionSuffix=`$(git tag | grep "$versionCode-beta.*" | sort -V | awk -F'.' '{print $NF}' | tail -1)` | echo $versionSuffix | ["$versionSuffix" == ""] && echo versionSuffix="Null" || echo versionSuffix="Not Null"
if [ "$versionSuffix" == "Null" ]; then
versionSuffix=0
tagVersion="$versionPrefix.$versionSuffix"
else
versionSuffix=$(git tag | grep "$versionCode-beta.*" | sort -V | awk -F'.' '{print $NF}' | tail -1)
versionSuffix=$(($versionSuffix + 1))
tagVersion="$versionPrefix.$versionSuffix"
fi
elif [[ ${CI_COMMIT_REF_NAME} = "develop" ]]; then
versionPrefix="$versionCode-alpha"
versionSuffix=`$(git tag | grep "$versionCode-alpha.*" | sort -V | awk -F'.' '{print $NF}' | tail -1)` | echo $versionSuffix | ["$versionSuffix" == ""] && echo versionSuffix="Null" || echo versionSuffix="Not Null"
if [ "$versionSuffix" == "Null" ]; then
versionSuffix=0
tagVersion="$versionPrefix.$versionSuffix"
else
versionSuffix=$(git tag | grep "$versionCode-alpha.*" | sort -V | awk -F'.' '{print $NF}' | tail -1)
versionSuffix=$(($versionSuffix + 1))
tagVersion="$versionPrefix.$versionSuffix"
fi
elif [[ ${CI_COMMIT_REF_NAME} = "hotfix" ]]; then
versionPrefix="$versionCode-beta"
echo "VersionPrefix: $versionPrefix"
versionSuffix=`$(git tag | grep "$versionCode-beta.*" | sort -V | awk -F'.' '{print $NF}' | tail -1)` | echo $versionSuffix | ["$versionSuffix" == ""] && echo versionSuffix="Null" || echo versionSuffix="Not Null"
if [ "$versionSuffix" == "Null" ]; then
echo "Null if condition work"
versionSuffix="0"
tagVersion="$versionPrefix.$versionSuffix"
else
echo "Not Null if condition work"
versionSuffix=$(git tag | grep "$versionCode-beta.*" | sort -V | awk -F'.' '{print $NF}' | tail -1)
versionSuffix=$(($versionSuffix + 1))
tagVersion="$versionPrefix.$versionSuffix"
fi
elif [[ ${CI_COMMIT_REF_NAME} = "main" ]]; then
versionPrefix="$versionCode"
versionPrefix=`$(git tag -l | grep -oE '^[0-9.]+' | tail -1)` | echo $versionPrefix | ["$versionPrefix" == ""] && echo versionPrefix="Null" || echo versionPrefix="Not Null"
if [ "$versionPrefix" == "Null" ]; then
versionPrefix="$versionCode"
tagVersion="$versionPrefix"
else
versionPrefix=$(git tag -l | grep -oE '^[0-9.]+' | tail -1)
major=$(echo "$versionPrefix" | cut -d. -f1)
minor=$(echo "$versionPrefix" | cut -d. -f2)
patch=$(echo "$versionPrefix" | cut -d. -f3)
patch=$((patch + 1))
versionPrefix="${major}.${minor}.${patch}"
tagVersion="$versionPrefix"
fi
else
echo "tag creation not supported for branch: ${CI_COMMIT_REF_NAME}"
exit 1
fi
echo "creating tag for the branch: $tagVersion"
git config --global user.name "Rahul Rawat"
git config --global user.email "rahul.rawat@*********.com"
git remote add api-origin https://oauth2:$GITLAB_TOKEN@gitlab.com/invafresh/platform/uxui/periscope-mobile.git
git tag -a $tagVersion -m "release version: $tagVersion"
git push api-origin --tags
Although same script runs from Ubuntu machine when I hardcoded value for two variables.
CI_COMMIT_REF_NAME=“hotfix”
versionCode=1.6.1
But that would be find because not running from GitLab pipeline. I’m getting issue when running from pipeline.
versionPrefix=“NotNull” is a echo message doesn’t make any sense as it will run in else part if $versionSuffix get any tags.
Hi @balonik
Seems like else condition work but failed as 1.6.1-beta doesn’t have any tag with this name, in this case Null condition should work and first tag should be 1.6.1-beta.0
regards,
Rahul Rawat
It has to fail on hotfix and release branches. It works on other branches only because there are no tags matching the search pattern.
I don’t know what are you trying to achieve here:
versionSuffix=`$(git tag | grep "$versionCode-beta.*" | sort -V | awk -F'.' '{print $NF}' | tail -1)` | echo $versionSuffix | ["$versionSuffix" == ""] && echo versionSuffix="Null" || echo versionSuffix="Not Null"
but this fails if there is already tag matching the search pattern. Because you are trying to execute output of git tag | grep "$versionCode-beta.*" | sort -V | awk -F'.' '{print $NF}' | tail -1 in another subshell. You invoke two subshells, first with ` and second with $() so it fails with 1-beta.4: command not found
If you want to find if there is any tag matching the search pattern, why not just use grep -c?
versionPrefix="$versionCode-beta"
git tag | grep -c "$versionCode-beta.*" > /dev/null
versionSuffix=$? # this is exit code from the command above
if [ "$versionSuffix" == 1 ]; then # if not found
...
else # if found
...
fi
Hi @balonik
Updated code for hotfix to test, still pipeline get failed.
Below are the updated scripts for hotfix.
#!/bin/bash
source ./Pocket/scripts/read_version.sh
echo "$VERSION_CODE"
versionCode=$VERSION_CODE
if [[ ${CI_COMMIT_REF_NAME} = "release" ]]; then
versionPrefix="$versionCode-beta"
versionSuffix=`$(git tag | grep "$versionCode-beta.*" | sort -V | awk -F'.' '{print $NF}' | tail -1)` | echo $versionSuffix | ["$versionSuffix" == ""] && echo versionSuffix="Null" || echo versionSuffix="Not Null"
if [ "$versionSuffix" == "Null" ]; then
versionSuffix=0
tagVersion="$versionPrefix.$versionSuffix"
else
versionSuffix=$(git tag | grep "$versionCode-beta.*" | sort -V | awk -F'.' '{print $NF}' | tail -1)
versionSuffix=$(($versionSuffix + 1))
tagVersion="$versionPrefix.$versionSuffix"
fi
elif [[ ${CI_COMMIT_REF_NAME} = "develop" ]]; then
versionPrefix="$versionCode-alpha"
versionSuffix=`$(git tag | grep "$versionCode-alpha.*" | sort -V | awk -F'.' '{print $NF}' | tail -1)` | echo $versionSuffix | ["$versionSuffix" == ""] && echo versionSuffix="Null" || echo versionSuffix="Not Null"
if [ "$versionSuffix" == "Null" ]; then
versionSuffix=0
tagVersion="$versionPrefix.$versionSuffix"
else
versionSuffix=$(git tag | grep "$versionCode-alpha.*" | sort -V | awk -F'.' '{print $NF}' | tail -1)
versionSuffix=$(($versionSuffix + 1))
tagVersion="$versionPrefix.$versionSuffix"
fi
elif [[ ${CI_COMMIT_REF_NAME} = "hotfix" ]]; then
versionPrefix="$versionCode-beta"
git tag | grep -c "$versionCode-beta.*" >> /dev/null
versionSuffix=$? # this is exit code from the command above
if [ "$versionSuffix" -eq 1 ]; then # if not found
versionSuffix="0"
versionSuffix=$(($versionSuffix + 1))
tagVersion="$versionPrefix.$versionSuffix"
else # if found
versionSuffix=$(git tag | grep "$versionCode-beta.*" | sort -V | awk -F'.' '{print $NF}' | tail -1)
tagVersion="$versionPrefix.$versionSuffix"
fi
elif [[ ${CI_COMMIT_REF_NAME} = "main" ]]; then
versionPrefix="$versionCode"
versionPrefix=`$(git tag -l | grep -oE '^[0-9.]+' | tail -1)` | echo $versionPrefix | ["$versionPrefix" == ""] && echo versionPrefix="Null" || echo versionPrefix="Not Null"
if [ "$versionPrefix" == "Null" ]; then
versionPrefix="$versionCode"
tagVersion="$versionPrefix"
else
versionPrefix=$(git tag -l | grep -oE '^[0-9.]+' | tail -1)
major=$(echo "$versionPrefix" | cut -d. -f1)
minor=$(echo "$versionPrefix" | cut -d. -f2)
patch=$(echo "$versionPrefix" | cut -d. -f3)
patch=$((patch + 1))
versionPrefix="${major}.${minor}.${patch}"
tagVersion="$versionPrefix"
fi
else
echo "tag creation not supported for branch: ${CI_COMMIT_REF_NAME}"
exit 1
fi
echo "creating tag for the branch: $tagVersion"
git config --global user.name "Rahul Rawat"
git config --global user.email "rahul.rawat@invafresh.com"
git remote add api-origin https://oauth2:$GITLAB_TOKEN@gitlab.com/invafresh/platform/uxui/periscope-mobile.git
git tag -a $tagVersion -m "release version: $tagVersion"
git push api-origin --tags
Below script I checked on Ubuntu machine after pulling repo. it’s works fine for me there.
#!/bin/bash
versionCode="1.6.1"
git tag | grep -c "$versionCode-beta.*" >> /dev/null
versionSuffix=$? # this is exit code from the command above
echo $versionSuffix
if [ "$versionSuffix" -eq 1 ]; then # if not found
echo "VersionCode: 1.6.1 doesn't have any tags available"
else # if found
versionSuffix=$(git tag | grep "$versionCode-beta.*" | sort -V | awk -F'.' '{print $NF}' | tail -1)
echo $versionSuffix
fi
Output:
From machine tagging is working.
#!/bin/bash
versionCode="444.43.1"
versionPrefix="$versionCode-beta"
git tag | grep -c "$versionCode-beta.*" >> /dev/null
tag=$? # this is exit code from the command above
echo $tag
if [ "$tag" -eq 1 ]; then # if not found
echo "VersionCode: 1.6.1 doesn't have any tags available"
versionSuffix=0
#versionSuffix=$(($versionSuffix + 1))
tagVersion="$versionPrefix.$versionSuffix"
echo "tagversion: $tagVersion"
else # if found
versionSuffix=$(git tag | grep "$versionCode-beta.*" | sort -V | awk -F'.' '{print $NF}' | tail -1)
versionSuffix=$(($versionSuffix + 1))
tagVersion="$versionPrefix.$versionSuffix"
echo "tagversion: $tagVersion"
fi
echo "creating tag for the branch: $tagVersion"
git config --global user.name "Rahul Rawat"
git config --global user.email "rahul.rawat@invafresh.com"
git remote add api-origin https://oauth2:$GITLAB_TOKEN@gitlab.com/invafresh/platform/uxui/periscope-mobile.git
git tag -a $tagVersion -m "release version: $tagVersion"
git push api-origin --tags
Terminal Output:
root@ubuntutest:/home/ubuntu/periscope-mobile# sh test.sh
1
VersionCode: 1.6.1 doesn't have any tags available
tagversion: 444.43.1-beta.0
creating tag for the branch: 444.43.1-beta.0
fatal: remote api-origin already exists.
Enumerating objects: 1, done.
Counting objects: 100% (1/1), done.
Writing objects: 100% (1/1), 182 bytes | 182.00 KiB/s, done.
Total 1 (delta 0), reused 0 (delta 0)
To https://gitlab.com/invafresh/platform/uxui/periscope-mobile.git
* [new tag] 444.43.1-beta.0 -> 444.43.1-beta.0
Remove all ` from your script.
Hi @balonik
You help me to optimize the code, but unfortunately tagging on hotfix branch not worked at all. Below is my updated script.
I’m looking for git flow branching strategy as well, not sure GitLab allow us to tagged hotfix branch because hotfix branch lifecycle is shorter based on git flow.
Really it’s painful for me. I can’t understand why my initial and optimize scripts work for other branch but not for hotfix.
#!/bin/bash
source ./Pocket/scripts/read_version.sh
echo "$VERSION_CODE"
versionCode=$VERSION_CODE
if [[ ${CI_COMMIT_REF_NAME} = "release" ]]; then
versionPrefix="$versionCode-beta"
git tag | grep -c "$versionCode-beta.*" >> /dev/null
tag=$? # this is exit code from the command above
if [ "$tag" -eq 1 ]; then # if not found
versionSuffix=0
tagVersion="$versionPrefix.$versionSuffix"
else # if found
versionSuffix=$(git tag | grep -c "$versionCode-beta.*")
tagVersion="$versionPrefix.$versionSuffix"
fi
elif [[ ${CI_COMMIT_REF_NAME} = "develop" ]]; then
versionPrefix="$versionCode-alpha"
git tag | grep -c "$versionCode-alpha.*" >> /dev/null
tag=$? # this is exit code from the command above
if [ "$tag" -eq 1 ]; then # if not found
versionSuffix=0
tagVersion="$versionPrefix.$versionSuffix"
else # if found
versionSuffix=$(git tag | grep -c "$versionCode-alpha.*")
tagVersion="$versionPrefix.$versionSuffix"
fi
elif [[ ${CI_COMMIT_REF_NAME} = "hotfix" ]]; then
versionPrefix="$versionCode-beta"
git tag | grep -c "$versionCode-beta.*" >> /dev/null
tag=$? # this is exit code from the command above
if [ "$tag" -eq 1 ]; then # if not found
versionSuffix=0
tagVersion="$versionPrefix.$versionSuffix"
else # if found
versionSuffix=$(git tag | grep -c "$versionCode-beta.*")
tagVersion="$versionPrefix.$versionSuffix"
fi
else
echo "tag creation not supported for branch: ${CI_COMMIT_REF_NAME}"
exit 1
fi
echo "creating tag for the branch: $tagVersion"
git config --global user.name "Rahul Rawat"
git config --global user.email "rahul.rawat@*********.com"
#git remote add api-origin https://oauth2:$GITLAB_TOKEN@gitlab.com/invafresh/platform/uxui/periscope-mobile.git
git tag -a $tagVersion -m "release version: $tagVersion"
git push api-origin --tags
Seems like below sets of code is not working, when there is not tag available in remote repository e.g. 1.6.1-beta.**
if [ "$tag" -eq 1 ]; then # if not found
versionSuffix=0
tagVersion="$versionPrefix.$versionSuffix"