package gitlabci import ( "net" "list" "strings" "struct" "time" "regexp" ) #Pipeline: { @jsonschema(schema="http://json-schema.org/draft-07/schema#") @jsonschema(id="https://gitlab.com/.gitlab-ci.yml") "$schema"?: net.AbsURL "spec"?: close({ "inputs"?: #configInputs }) "image"?: #image "services"?: #services "before_script"?: #before_script "after_script"?: #after_script "variables"?: #globalVariables "cache"?: #cache "!reference"?: #."!reference" "default"?: close({ "after_script"?: #after_script "artifacts"?: #artifacts "before_script"?: #before_script "hooks"?: #hooks "cache"?: #cache "image"?: #image "interruptible"?: #interruptible "id_tokens"?: #id_tokens "identity"?: #identity "retry"?: #retry "services"?: #services "tags"?: #tags "timeout"?: #timeout "!reference"?: #."!reference" }) "stages"?: list.UniqueItems() & [...matchN(>=1, [string, [...string]])] & [_, ...] "include"?: matchN(1, [#include_item, [...#include_item]]) "pages"?: #job "workflow"?: { "name"?: #workflowName "auto_cancel"?: #workflowAutoCancel "rules"?: [...matchN(>=1, [{ ... }, [_, ...] & [...string]]) & ([...] | close({ "if"?: #if "changes"?: #changes "exists"?: #exists "variables"?: #rulesVariables "when"?: "always" | "never" "auto_cancel"?: #workflowAutoCancel }))] ... } {[=~"^[.]" & !~"^(\\$schema|spec|image|services|before_script|after_script|variables|cache|!reference|default|stages|include|pages|workflow)$"]: matchN(>=1, [#job_template, _])} {[!~"^[.]" & !~"^(\\$schema|spec|image|services|before_script|after_script|variables|cache|!reference|default|stages|include|pages|workflow)$"]: #job} #: "!reference": [...strings.MinRunes(1)] #after_script: #optional_script #allow_failure: matchN(1, [bool, close({ "exit_codes"!: int }), close({ "exit_codes"!: list.UniqueItems() & [_, ...] & [...int] })]) #artifacts: null | close({ "paths"?: [...string] & [_, ...] "exclude"?: [...string] & [_, ...] "expose_as"?: string "name"?: string "untracked"?: bool "when"?: "on_success" | "on_failure" | "always" "access"?: "none" | "developer" | "maintainer" | "all" "expire_in"?: string "reports"?: close({ // Path to JSON file with accessibility report. "accessibility"?: string // Path to JSON file with annotations report. "annotations"?: string // Path for file(s) that should be parsed as JUnit XML result "junit"?: matchN(1, [string, [...string] & [_, ...]]) // Path to a single file with browser performance metric // report(s). "browser_performance"?: string // Used to collect coverage reports from the job. "coverage_report"?: null | { // Code coverage format used by the test framework. "coverage_format"?: "cobertura" | "jacoco" // Path to the coverage report file that should be parsed. "path"?: strings.MinRunes(1) ... } "codequality"?: #string_file_list "dotenv"?: #string_file_list "lsif"?: #string_file_list "sast"?: #string_file_list "dependency_scanning"?: #string_file_list "container_scanning"?: #string_file_list "dast"?: #string_file_list "license_management"?: #string_file_list "license_scanning"?: #string_file_list "requirements"?: #string_file_list "secret_detection"?: #string_file_list "metrics"?: #string_file_list "terraform"?: #string_file_list "cyclonedx"?: #string_file_list "load_performance"?: #string_file_list "repository_xray"?: #string_file_list }) }) #baseInput: { "type"?: "array" | "boolean" | "number" | "string" "description"?: strings.MaxRunes(1024) "options"?: [...bool | number | string] "regex"?: string "default"?: _ ... } #before_script: #optional_script #cache: matchN(1, [#cache_item, [...#cache_item]]) #cache_item: { "key"?: matchN(1, [=~"^[^/]*[^./][^/]*$", { "files"?: list.MaxItems(2) & [...string] & [_, ...] "files_commits"?: list.MaxItems(2) & [...string] & [_, ...] "prefix"?: string ... }]) "paths"?: [...string] "policy"?: =~"pull-push|pull|push|\\$\\w{1,255}" "unprotect"?: bool "untracked"?: bool "when"?: "on_success" | "on_failure" | "always" "fallback_keys"?: list.MaxItems(5) & [...string] ... } #changes: matchN(>=1, [close({ // List of file paths. "paths"!: [...string] // Ref for comparing changes. "compare_to"?: string }), [...string]]) #configInputs: { {[=~".*"]: matchN(1, [matchN(3, [#baseInput, null | bool | number | string | [...] | { "rules"?: [...{ ... }] ... }, matchN(4, [matchIf(null | bool | number | string | [...] | { "type"?: "string" ... }, null | bool | number | string | [...] | { "default"?: null | string ... }, _), matchIf(null | bool | number | string | [...] | { "type"?: "number" ... }, null | bool | number | string | [...] | { "default"?: null | number ... }, _), matchIf(null | bool | number | string | [...] | { "type"?: "boolean" ... }, null | bool | number | string | [...] | { "default"?: null | bool ... }, _), matchIf(null | bool | number | string | [...] | { "type"?: "array" ... }, null | bool | number | string | [...] | { "default"?: null | [...] ... }, _)])]), null]) } ... } #exists: matchN(>=1, [[...string], close({ // List of file paths. "paths"!: [...string] // Path of the project to search in. "project"?: string }), close({ // List of file paths. "paths"!: [...string] // Path of the project to search in. "project"!: string // Ref of the project to search in. "ref"?: string })]) #filter: matchN(1, [null, #filter_refs, close({ "refs"?: #filter_refs // Filter job based on if Kubernetes integration is active. "kubernetes"?: "active" "variables"?: [...string] // Filter job creation based on files that were modified in a git // push. "changes"?: [...string] })]) // Filter job by different keywords that determine origin or // state, or by supplying string/regex to check against // branch/tag names. #filter_refs: [...matchN(>=1, [matchN(1, ["branches", "tags", "api", "external", "pipelines", "pushes", "schedules", "triggers", "web"]), string])] #globalVariables: { {[=~".*"]: matchN(1, [bool | number | string, close({ "value"?: string "options"?: list.UniqueItems() & [...string] & [_, ...] "description"?: string "expand"?: bool })]) } ... } #hooks: close({ "pre_get_sources_script"?: #optional_script }) #id_tokens: { {[=~".*"]: close({ "aud"!: matchN(1, [string, list.UniqueItems() & [...string] & [_, ...]]) }) } ... } #identity: "google_cloud" #if: string #image: matchN(1, [strings.MinRunes(1), close({ // Full name of the image that should be used. It should contain // the Registry part if needed. "name"!: strings.MinRunes(1) // Command or script that should be executed as the container's // entrypoint. It will be translated to Docker's --entrypoint // option while creating the container. The syntax is similar to // Dockerfile's ENTRYPOINT directive, where each shell token is a // separate string in the array. "entrypoint"?: [_, ...] "docker"?: close({ // Image architecture to pull. "platform"?: strings.MinRunes(1) // Username or UID to use for the container. "user"?: strings.MinRunes(1) & strings.MaxRunes(255) }) "kubernetes"?: close({ // Username or UID to use for the container. It also supports the // UID:GID format. "user"?: int | strings.MinRunes(1) & strings.MaxRunes(255) }) "pull_policy"?: matchN(1, ["always" | "never" | "if-not-present", list.UniqueItems() & [..."always" | "never" | "if-not-present"] & [_, ...]]) })]) #includeRules: null | [...matchN(>=1, [close({ "if"?: #if "changes"?: #changes "exists"?: #exists "when"?: matchN(1, ["never" | "always", null]) }), strings.MinRunes(1), [_, ...] & [...string]])] #include_item: matchN(1, [matchN(>=1, [=~"^https?://", matchN(0, [null | bool | number | =~"^\\w+://" | [...] | { ... }]) & string]) & (net.URL & =~"\\w\\.ya?ml$"), close({ // Relative path from local repository root (`/`) to the // `yaml`/`yml` file template. The file must be on the same // branch, and does not work across git submodules. "local"!: net.URL & =~"\\.ya?ml$" "rules"?: #includeRules "inputs"?: #inputs }), close({ // Path to the project, e.g. `group/project`, or // `group/sub-group/project` [Learn // more](https://docs.gitlab.com/ci/yaml/#includeproject). "project"!: =~"(?:\\S/\\S|\\$\\S+)" // Branch/Tag/Commit-hash for the target project. "ref"?: string "file"!: matchN(1, [=~"\\.ya?ml$", [...=~"\\.ya?ml$"]]) "rules"?: #includeRules "inputs"?: #inputs }), close({ // Use a `.gitlab-ci.yml` template as a base, e.g. // `Nodejs.gitlab-ci.yml`. "template"!: net.URL & =~"\\.ya?ml$" "rules"?: #includeRules "inputs"?: #inputs }), close({ // Local path to component directory or full path to external // component directory. "component"!: net.URL "rules"?: #includeRules "inputs"?: #inputs }), close({ // URL to a `yaml`/`yml` template file using HTTP/HTTPS. "remote"!: net.URL & =~"^https?://.+\\.ya?ml$" // SHA256 integrity hash of the remote file content. "integrity"?: =~"^sha256-[A-Za-z0-9+/]{43}=$" "rules"?: #includeRules "inputs"?: #inputs })]) #inputs: close({ {[=~"^[a-zA-Z0-9_-]+$"]: matchN(1, [strings.MaxRunes(1024), number, bool, [...matchN(1, [string, number, bool, { ... }, [...null | bool | number | string | [...] | { ... }]])], { ... }, null]) } }) #interruptible: bool #job: #job_template #jobInputs: struct.MaxFields(50) & { {[=~".*"]: matchN(3, [#baseInput, null | bool | number | string | [...] | { "default"!: _ ... }, matchN(4, [matchIf(null | bool | number | string | [...] | { "type"?: "string" ... }, null | bool | number | string | [...] | { "default"?: string ... }, _), matchIf(null | bool | number | string | [...] | { "type"?: "number" ... }, null | bool | number | string | [...] | { "default"?: number ... }, _), matchIf(null | bool | number | string | [...] | { "type"?: "boolean" ... }, null | bool | number | string | [...] | { "default"?: bool ... }, _), matchIf(null | bool | number | string | [...] | { "type"?: "array" ... }, null | bool | number | string | [...] | { "default"?: [...] ... }, _)])]) } ... } #jobVariables: { {[=~".*"]: matchN(1, [bool | number | string, close({ "value"?: string "expand"?: bool })]) } ... } #job_template: matchN(1, [{ "when"!: "delayed" "start_in"!: _ ... }, { "when"?: matchN(0, ["delayed"]) ... }]) & close({ "image"?: #image "services"?: #services "before_script"?: #before_script "after_script"?: #after_script "hooks"?: #hooks "rules"?: #rules "variables"?: #jobVariables "cache"?: #cache "id_tokens"?: #id_tokens "identity"?: #identity "inputs"?: #jobInputs "secrets"?: #secrets "script"?: #script "run"?: #steps // Define what stage the job will run in. "stage"?: matchN(>=1, [strings.MinRunes(1), [_, ...] & [...string]]) "only"?: #filter // The name of one or more jobs to inherit configuration from. "extends"?: matchN(1, [string, [...string] & [_, ...]]) // The list of jobs in previous stages whose sole completion is // needed to start the current job. "needs"?: [...matchN(1, [string, close({ "job"!: string "artifacts"?: bool "optional"?: bool "parallel"?: #parallel_matrix }), close({ "pipeline"!: string "job"!: string "artifacts"?: bool "parallel"?: #parallel_matrix }), close({ "job"!: string "project"!: string "ref"!: string "artifacts"?: bool "parallel"?: #parallel_matrix }), #."!reference"])] "except"?: #filter "tags"?: #tags "allow_failure"?: #allow_failure "timeout"?: #timeout "when"?: #when "start_in"?: #start_in "manual_confirmation"?: string // Specify a list of job names from earlier stages from which // artifacts should be loaded. By default, all previous artifacts // are passed. Use an empty array to skip downloading artifacts. "dependencies"?: [...string] "artifacts"?: #artifacts // Used to associate environment metadata with a deploy. // Environment can have a name and URL attached to it, and will // be displayed under /environments under the project. "environment"?: matchN(1, [string, close({ // The name of the environment, e.g. 'qa', 'staging', // 'production'. "name"!: strings.MinRunes(1) // When set, this will expose buttons in various places for the // current environment in GitLab, that will take you to the // defined URL. "url"?: net.AbsURL & =~"^(https?://.+|\\$[A-Za-z]+)" // The name of a job to execute when the environment is about to // be stopped. "on_stop"?: string // Specifies what this job will do. 'start' (default) indicates // the job will start the deployment. 'prepare'/'verify'/'access' // indicates this will not affect the deployment. 'stop' // indicates this will stop the deployment. "action"?: "start" | "prepare" | "stop" | "verify" | "access" // The amount of time it should take before GitLab will // automatically stop the environment. Supports a wide variety of // formats, e.g. '1 week', '3 mins 4 sec', '2 hrs 20 min', // '2h20min', '6 mos 1 day', '47 yrs 6 mos and 4d', '3 weeks and // 2 days'. "auto_stop_in"?: string // Used to configure the kubernetes deployment for this // environment. This is currently not supported for kubernetes // clusters that are managed by GitLab. "kubernetes"?: { // Specifies the GitLab Agent for Kubernetes. The format is // `path/to/agent/project:agent-name`. "agent"?: string // Deprecated. Use `dashboard.namespace` instead. The kubernetes // namespace where this environment's dashboard should be // deployed to. "namespace"?: strings.MinRunes(1) // Deprecated. Use `dashboard.flux_resource_path` instead. The // Flux resource path to associate with this environment. This // must be the full resource path. For example, // 'helm.toolkit.fluxcd.io/v2/namespaces/gitlab-agent/helmreleases/gitlab-agent'. "flux_resource_path"?: string // Used to configure the managed resources for this environment. "managed_resources"?: { // Indicates whether the managed resources are enabled for this // environment. "enabled"?: bool ... } // Used to configure the dashboard for this environment. "dashboard"?: { // The kubernetes namespace where the dashboard for this // environment should be deployed to. "namespace"?: strings.MinRunes(1) // The Flux resource path to associate with this environment. This // must be the full resource path. For example, // 'helm.toolkit.fluxcd.io/v2/namespaces/gitlab-agent/helmreleases/gitlab-agent'. "flux_resource_path"?: string ... } ... } // Explicitly specifies the tier of the deployment environment if // non-standard environment name is used. "deployment_tier"?: string })]) // Indicates that the job creates a Release. "release"?: close({ // The tag_name must be specified. It can refer to an existing Git // tag or can be specified by the user. "tag_name"!: strings.MinRunes(1) // Message to use if creating a new annotated tag. "tag_message"?: string // Specifies the longer description of the Release. "description"!: strings.MinRunes(1) // The Release name. If omitted, it is populated with the value of // release: tag_name. "name"?: string // If the release: tag_name doesn’t exist yet, the release is // created from ref. ref can be a commit SHA, another tag name, // or a branch name. "ref"?: string // The title of each milestone the release is associated with. "milestones"?: [...string] // The date and time when the release is ready. Defaults to the // current date and time if not defined. Should be enclosed in // quotes and expressed in ISO 8601 format. "released_at"?: time.Time & =~"^(?:[1-9]\\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)|(?:[1-9]\\d(?:0[48]|[2468][048]|[13579][26])|(?:[2468][048]|[13579][26])00)-02-29)T(?:[01]\\d|2[0-3]):[0-5]\\d:[0-5]\\d(?:Z|[+-][01]\\d:[0-5]\\d)$" "assets"?: close({ // Include asset links in the release. "links"!: [...close({ // The name of the link. "name"!: strings.MinRunes(1) // The URL to download a file. "url"!: strings.MinRunes(1) // The redirect link to the url. "filepath"?: string // The content kind of what users can download via url. "link_type"?: "runbook" | "package" | "image" | "other" })] & [_, ...] }) }) // Must be a regular expression, optionally but recommended to be // quoted, and must be surrounded with '/'. Example: '/Code // coverage: \d+\.\d+/' "coverage"?: regexp.Valid & =~"^/.+/$" "retry"?: #retry "parallel"?: #parallel "interruptible"?: #interruptible // Limit job concurrency. Can be used to ensure that the Runner // will not run certain jobs simultaneously. "resource_group"?: string "trigger"?: matchN(1, [close({ // Path to the project, e.g. `group/project`, or // `group/sub-group/project`. "project"!: =~"(?:\\S/\\S|\\$\\S+)" // The branch name that a downstream pipeline will use "branch"?: string // You can mirror or depend on the pipeline status from the // triggered pipeline to the source bridge job by using strategy: // `depend` or `mirror` "strategy"?: "depend" | "mirror" "inputs"?: #inputs // Specify what to forward to the downstream pipeline. "forward"?: close({ // Variables defined in the trigger job are passed to downstream // pipelines. "yaml_variables"?: bool // Variables added for manual pipeline runs and scheduled // pipelines are passed to downstream pipelines. "pipeline_variables"?: bool }) branch?: _ if branch != _|_ { "project"!: _ } {} }), close({ "include"?: matchN(1, [net.URL & =~"\\.ya?ml$", list.MaxItems(3) & [...matchN(1, [close({ // Relative path from local repository root (`/`) to the local // YAML file to define the pipeline configuration. "local"!: net.URL & =~"\\.ya?ml$" "inputs"?: #inputs }), close({ // Name of the template YAML file to use in the pipeline // configuration. "template"!: net.URL & =~"\\.ya?ml$" "inputs"?: #inputs }), close({ // Relative path to the generated YAML file which is extracted // from the artifacts and used as the configuration for // triggering the child pipeline. "artifact"!: net.URL & =~"\\.ya?ml$" // Job name which generates the artifact "job"!: string "inputs"?: #inputs }), close({ // Path to another private project under the same GitLab instance, // like `group/project` or `group/sub-group/project`. "project"!: =~"(?:\\S/\\S|\\$\\S+)" // Branch/Tag/Commit hash for the target project. "ref"?: strings.MinRunes(1) // Relative path from repository root (`/`) to the pipeline // configuration YAML file. "file"!: net.URL & =~"\\.ya?ml$" "inputs"?: #inputs }), close({ // Local path to component directory or full path to external // component directory. "component"!: net.URL "inputs"?: #inputs }), close({ // URL to a `yaml`/`yml` template file using HTTP/HTTPS. "remote"!: net.URL & =~"^https?://.+\\.ya?ml$" "inputs"?: #inputs })])]]) // You can mirror or depend on the pipeline status from the // triggered pipeline to the source bridge job by using strategy: // `depend` or `mirror` "strategy"?: "depend" | "mirror" // Specify what to forward to the downstream pipeline. "forward"?: close({ // Variables defined in the trigger job are passed to downstream // pipelines. "yaml_variables"?: bool // Variables added for manual pipeline runs and scheduled // pipelines are passed to downstream pipelines. "pipeline_variables"?: bool }) }), =~"(?:\\S/\\S|\\$\\S+)"]) "inherit"?: close({ "default"?: matchN(1, [bool, [..."after_script" | "artifacts" | "before_script" | "cache" | "image" | "interruptible" | "retry" | "services" | "tags" | "timeout"]]) "variables"?: matchN(1, [bool, [...string]]) }) // Deprecated. Use `pages.publish` instead. A path to a directory // that contains the files to be published with Pages. "publish"?: string "pages"?: matchN(1, [close({ "path_prefix"?: string "expire_in"?: string "publish"?: string }), bool]) }) #optional_script: matchN(1, [string, [...matchN(>=1, [string, [...string]])]]) // Splits up a single job into multiple that run in parallel. // Provides `CI_NODE_INDEX` and `CI_NODE_TOTAL` environment // variables to the jobs. #parallel: matchN(1, [int & >=1 & <=200, close({ // Defines different variables for jobs that are running in // parallel. "matrix"!: list.MaxItems(200) & [...{ [string]: number | string | [...] }] })]) // Use the `needs:parallel:matrix` keyword to specify parallelized // jobs needed to be completed for the job to run. [Learn // More](https://docs.gitlab.com/ci/yaml/#needsparallelmatrix) #parallel_matrix: close({ // Defines different variables for jobs that are running in // parallel. "matrix"!: list.MaxItems(200) & [...{ [string]: number | string | [...] }] }) #retry: matchN(1, [#retry_max, close({ "max"?: #retry_max "when"?: matchN(1, [#retry_errors, [...#retry_errors]]) "exit_codes"?: matchN(1, [list.UniqueItems() & [_, ...] & [...int], int]) })]) #retry_errors: matchN(1, ["always", "unknown_failure", "script_failure", "api_failure", "stuck_or_timeout_failure", "runner_system_failure", "runner_unsupported", "stale_schedule", "job_execution_timeout", "archived_failure", "unmet_prerequisites", "scheduler_failure", "data_integrity_failure"]) // The number of times the job will be retried if it fails. // Defaults to 0 and can max be retried 2 times (3 times total). #retry_max: int & >=0 & <=2 #rules: null | [...matchN(>=1, [close({ "if"?: #if "changes"?: #changes "exists"?: #exists "variables"?: #rulesVariables "when"?: #when "start_in"?: #start_in "allow_failure"?: #allow_failure "needs"?: #rulesNeeds "interruptible"?: #interruptible }), strings.MinRunes(1), [_, ...] & [...string]])] #rulesNeeds: [...matchN(1, [string, close({ // Name of a job that is defined in the pipeline. "job"!: strings.MinRunes(1) // Download artifacts of the job in needs. "artifacts"?: bool // Whether the job needs to be present in the pipeline to run // ahead of the current job. "optional"?: bool })])] #rulesVariables: { {[=~".*"]: bool | number | string} ... } #script: matchN(1, [strings.MinRunes(1), [...matchN(>=1, [string, [...string]])] & [_, ...]]) #secrets: { {[=~".*"]: matchN(>=1, [{ "vault"!: _ ... }, { "azure_key_vault"!: _ ... }, { "gcp_secret_manager"!: _ ... }, { "aws_secrets_manager"!: _ ... }, { "gitlab_secrets_manager"!: _ ... }]) & close({ "vault"?: matchN(1, [string, close({ "engine"!: { "name"!: string "path"!: string ... } "path"!: string "field"!: string })]) "gcp_secret_manager"?: close({ "name"!: string "version"?: matchN(1, [string, int]) }) "azure_key_vault"?: close({ "name"!: string "version"?: string }) "aws_secrets_manager"?: matchN(1, [string, close({ // The ARN or name of the secret to retrieve. To retrieve a secret // from another account, you must use an ARN. "secret_id"!: string // The unique identifier of the version of the secret to retrieve. // If you include both this parameter and VersionStage, the two // parameters must refer to the same secret version. If you don't // specify either a VersionStage or VersionId, Secrets Manager // returns the AWSCURRENT version. "version_id"?: string // The staging label of the version of the secret to retrieve. If // you include both this parameter and VersionStage, the two // parameters must refer to the same secret version. If you don't // specify either a VersionStage or VersionId, Secrets Manager // returns the AWSCURRENT version. "version_stage"?: string // The AWS region where the secret is stored. Use this to override // the region for a specific secret. Defaults to AWS_REGION // variable. "region"?: string // The ARN of the IAM role to assume before retrieving the secret. // Use this to override the ARN. Defaults to AWS_ROLE_ARN // variable. "role_arn"?: string // The name of the session to use when assuming the role. Use this // to override the session name. Defaults to // AWS_ROLE_SESSION_NAME variable. "role_session_name"?: string // The name of the field to retrieve from the secret. If not // specified, the entire secret is retrieved. "field"?: string })]) "gitlab_secrets_manager"?: close({ "name"!: string // Source of the secret. Defaults to the current project if not // given. For fetching a secret from a group, provide // group/ "source"?: string }) "file"?: bool // Specifies the JWT variable that should be used to authenticate // with the secret provider. "token"?: string gcp_secret_manager?: _ if gcp_secret_manager != _|_ { "token"!: _ } {} }) } ... } #services: [...matchN(1, [strings.MinRunes(1), close({ // Full name of the image that should be used. It should contain // the Registry part if needed. "name"!: strings.MinRunes(1) "entrypoint"?: [_, ...] & [...string] "docker"?: close({ // Image architecture to pull. "platform"?: strings.MinRunes(1) // Username or UID to use for the container. "user"?: strings.MinRunes(1) & strings.MaxRunes(255) }) "kubernetes"?: close({ // Username or UID to use for the container. It also supports the // UID:GID format. "user"?: int | strings.MinRunes(1) & strings.MaxRunes(255) }) "pull_policy"?: matchN(1, ["always" | "never" | "if-not-present", list.UniqueItems() & [..."always" | "never" | "if-not-present"] & [_, ...]]) "command"?: #script "alias"?: strings.MinRunes(1) "variables"?: #jobVariables })])] #start_in: strings.MinRunes(1) // Any of these function use cases are valid. #step: matchN(1, [matchN(1, [matchN(0, [null | bool | number | string | [...] | { "func"!: _ ... }]) & { "step"!: _ ... }, matchN(0, [null | bool | number | string | [...] | { "step"!: _ ... }]) & { "func"!: _ ... }]) & close({ "name"!: #stepName "env"?: #stepNamedStrings "inputs"?: #stepNamedValues "step"?: #stepFuncReference "func"?: #stepFuncReference }), close({ "name"!: #stepName "env"?: #stepNamedStrings "script"!: strings.MinRunes(1) })]) #stepFuncReference: matchN(1, [string, #stepGitReference, #stepOciReference]) // GitReference is a reference to a function in a Git repository. #stepGitReference: close({ "git"!: close({ "url"!: string "dir"?: string "rev"!: string "file"?: string }) }) #stepName: =~"^[a-zA-Z_][a-zA-Z0-9_]*$" #stepNamedStrings: close({ {[=~"^[a-zA-Z_][a-zA-Z0-9_]*$"]: string} }) #stepNamedValues: close({ {[=~"^[a-zA-Z_][a-zA-Z0-9_]*$"]: _} }) // OCIReference is a reference to a function hosted in an OCI // repository. #stepOciReference: close({ "oci"!: close({ // The [:] of the container registry server. "registry"!: string // A path within the registry containing related OCI images. // Typically the namespace, project, and image name. "repository"!: string // A pointer to the image manifest hosted in the OCI repository. "tag"!: string // A directory inside the OCI image where the function can be // found. "dir"?: string // The name of the file that defines the function, defaults to // func.yml. "file"?: string }) }) #steps: [...#step] #string_file_list: matchN(1, [string, [...string]]) #tags: [_, ...] & [...matchN(>=1, [strings.MinRunes(1), [_, ...] & [...string]])] #timeout: strings.MinRunes(1) #when: "on_success" | "on_failure" | "always" | "never" | "manual" | "delayed" // Define the rules for when pipeline should be automatically // cancelled. #workflowAutoCancel: close({ "on_job_failure"?: "none" | "all" "on_new_commit"?: "conservative" | "interruptible" | "none" }) #workflowName: strings.MinRunes(1) & strings.MaxRunes(255) }