feat: add proof of concept gitlab cicd

56kyle · 56kyle · commit 63ca7eb84e2a · 2025-07-28T02:05:15.000-04:00
diff --git a/{{cookiecutter.project_name}}/{% if cookiecutter.repository_provider == 'gitlab' %}.gitlab-ci.yml{% endif %} b/{{cookiecutter.project_name}}/{% if cookiecutter.repository_provider == 'gitlab' %}.gitlab-ci.yml{% endif %}
@@ -0,0 +1,229 @@
+# .gitlab-ci.yml
+# See https://docs.gitlab.com/ee/ci/yaml/
+
+# Global settings
+image: ghcr.io/astral-sh/uv:latest-python3.13-bookworm-slim
+
+variables:
+  UV_CACHE_DIR: .uv-cache
+  UV_LINK_MODE: copy
+  PIP_CACHE_DIR: $CI_PROJECT_DIR/.cache/pip
+
+# Define stages
+stages:
+  - quality
+  - test
+  - security
+  - build
+  - release
+
+# Global cache configuration for uv
+.uv-cache: &uv-cache
+  cache:
+    key:
+      files:
+        - pyproject.toml
+    paths:
+      - $UV_CACHE_DIR
+      - $PIP_CACHE_DIR
+    policy: pull-push
+
+# Shared rules for when to run jobs
+.on-merge-requests-and-main: &on-merge-requests-and-main
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == "main"
+    - if: $CI_PIPELINE_SOURCE == "web"
+
+# Base job template for Python quality checks
+.quality-job: &quality-job
+  stage: quality
+  <<: *uv-cache
+  <<: *on-merge-requests-and-main
+  before_script:
+    - uv --version
+  after_script:
+    - uv cache prune --ci
+
+# Python Quality Checks Jobs
+format-python:
+  <<: *quality-job
+  script:
+    - uvx nox -s format-python
+  changes:
+    - "src/**/*.py"
+    - "tests/**/*.py"
+    - "noxfile.py"
+    - "pyproject.toml"
+    - ".ruff.toml"
+    - ".pydocstyle"
+    - ".gitlab-ci.yml"
+
+lint-python:
+  <<: *quality-job
+  script:
+    - uvx nox -s lint-python
+  changes:
+    - "src/**/*.py"
+    - "tests/**/*.py"
+    - "noxfile.py"
+    - "pyproject.toml"
+    - ".ruff.toml"
+    - ".pydocstyle"
+    - ".gitlab-ci.yml"
+
+typecheck-python:
+  <<: *quality-job
+  script:
+    - uvx nox -s typecheck
+  changes:
+    - "src/**/*.py"
+    - "tests/**/*.py"
+    - "noxfile.py"
+    - "pyproject.toml"
+    - "pyrightconfig.json"
+    - ".gitlab-ci.yml"
+
+# Security Checks
+security-python:
+  stage: security
+  <<: *uv-cache
+  <<: *on-merge-requests-and-main
+  script:
+    - uvx nox -s security-python
+  after_script:
+    - uv cache prune --ci
+  allow_failure: true
+  changes:
+    - "src/**/*.py"
+    - "tests/**/*.py"
+    - "noxfile.py"
+    - "pyproject.toml"
+    - "bandit.yml"
+    - ".gitlab-ci.yml"
+
+# Python Tests - Using GitLab Matrix Strategy
+test-python:
+  stage: test
+  <<: *uv-cache
+  <<: *on-merge-requests-and-main
+  parallel:
+    matrix:
+      - PYTHON_VERSION: ["3.9", "3.10", "3.11", "3.12", "3.13"]
+        OS_IMAGE: ["bookworm-slim"]
+      # Add cross-platform testing for latest Python version
+      - PYTHON_VERSION: ["3.13"]
+        OS_IMAGE: ["alpine", "bookworm-slim"]
+  image: ghcr.io/astral-sh/uv:latest-python$PYTHON_VERSION-$OS_IMAGE
+  script:
+    - uvx nox -s tests-python-${PYTHON_VERSION//.}
+  after_script:
+    - uv cache prune --ci
+  artifacts:
+    reports:
+      junit: tests/results/*.xml
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
+    paths:
+      - tests/results/
+      - coverage.xml
+    expire_in: 5 days
+  changes:
+    - "src/**/*.py"
+    - "tests/**/*.py"
+    - "noxfile.py"
+    - "pyproject.toml"
+    - ".coveragerc"
+    - ".gitlab-ci.yml"
+
+{% if cookiecutter.add_rust_extension == 'y' -%}
+# Rust-specific jobs (conditional on rust extension flag)
+.rust-job: &rust-job
+  image: rust:latest
+  stage: quality
+  <<: *on-merge-requests-and-main
+  changes:
+    - "rust/**/*.rs"
+    - "Cargo.toml"
+    - ".gitlab-ci.yml"
+
+format-rust:
+  <<: *rust-job
+  before_script:
+    - rustup component add rustfmt
+    - curl -LsSf https://astral.sh/uv/install.sh | sh
+    - export PATH="$PATH:/root/.cargo/bin"
+  script:
+    - uvx nox -s format-rust
+
+lint-rust:
+  <<: *rust-job
+  before_script:
+    - rustup component add clippy
+    - curl -LsSf https://astral.sh/uv/install.sh | sh
+    - export PATH="$PATH:/root/.cargo/bin"
+  script:
+    - uvx nox -s lint-rust
+
+test-rust:
+  <<: *rust-job
+  stage: test
+  before_script:
+    - curl -LsSf https://astral.sh/uv/install.sh | sh
+    - export PATH="$PATH:/root/.cargo/bin"
+  script:
+    - uvx nox -s test-rust
+{%- endif %}
+
+# Build Stage
+build-python:
+  stage: build
+  <<: *uv-cache
+  script:
+    - uvx nox -s build-python
+  after_script:
+    - uv cache prune --ci
+  artifacts:
+    paths:
+      - dist/
+    expire_in: 30 days
+  rules:
+    - if: $CI_COMMIT_TAG
+    - if: $CI_COMMIT_BRANCH == "main"
+    - if: $CI_PIPELINE_SOURCE == "web"
+
+# Documentation build (GitLab Pages)
+pages:
+  stage: build
+  <<: *uv-cache
+  script:
+    - uvx nox -s build-docs
+    - mv docs/_build/html public
+  after_script:
+    - uv cache prune --ci
+  artifacts:
+    paths:
+      - public
+    expire_in: 30 days
+  rules:
+    - if: $CI_COMMIT_BRANCH == "main"
+  changes:
+    - "docs/**/*"
+    - "src/**/*.py"
+    - "noxfile.py"
+    - "pyproject.toml"
+
+# Release Job (only on tags)
+release-python:
+  stage: release
+  <<: *uv-cache
+  script:
+    - uvx nox -s publish-python
+  after_script:
+    - uv cache prune --ci
+  rules:
+    - if: $CI_COMMIT_TAG
+  environment:
+    name: production
+    url: https://pypi.org/project/{{ cookiecutter.package_name }}/
