Documentation
¶
Overview ¶
Package cigen provides an analyze → CIPlan → render pipeline for generating CI/CD configuration files from workflow YAML configs.
Index ¶
- func RenderCircleCI(p *CIPlan) (map[string]string, error)
- func RenderGitHubActions(p *CIPlan) (map[string]string, error)
- func RenderGitLabCI(p *CIPlan) (map[string]string, error)
- func RenderJenkins(p *CIPlan) (map[string]string, error)
- type BuildSpec
- type CIPlan
- type DeployPhase
- type MigrationsSpec
- type Options
- type SecretRef
- type SmokeSpec
- type TriggerSpec
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RenderCircleCI ¶ added in v0.68.0
RenderCircleCI generates a CircleCI 2.1 configuration from a CIPlan. It returns a map with a single key ".circleci/config.yml".
The output mirrors the GitHub Actions renderer's job set — plan / per-phase apply (plan-guard + last-phase migrations) / smoke — as CircleCI jobs wired by a `workflows:` graph (plan jobs on PR branches, apply jobs on the default branch chained via `requires:`). CircleCI auto-injects project-level env vars into every job, so secrets are referenced, not re-declared. It deliberately emits no docker-build/deploy stage (ADR 0044).
func RenderGitHubActions ¶
RenderGitHubActions generates GitHub Actions workflow YAML files from a CIPlan. It returns a map of relative paths to YAML content.
func RenderGitLabCI ¶
RenderGitLabCI generates a GitLab CI YAML configuration from a CIPlan. It returns a map with a single key ".gitlab-ci.yml".
func RenderJenkins ¶ added in v0.68.0
RenderJenkins generates a declarative Jenkinsfile from a CIPlan. It returns a map with a single key "Jenkinsfile".
The output mirrors the GitHub Actions renderer's job set — plan / per-phase apply (scoped secrets + plan-guard + last-phase migrations) / smoke — mapped onto a single linear declarative `stages {}` block. Plan stages gate on changeRequest() (PR branches); apply/smoke stages gate on the default branch, which is correct only in a Jenkins Multibranch Pipeline (surfaced via a header comment). It deliberately emits no docker-build/deploy stage (ADR 0044).
Types ¶
type BuildSpec ¶
type BuildSpec struct {
// Docker is true when a Dockerfile was detected.
Docker bool `json:"docker"`
// Image is the image name to build (if derivable).
Image string `json:"image,omitempty"`
}
BuildSpec describes the build phase.
type CIPlan ¶
type CIPlan struct {
// Project is the name of the project (derived from config or directory).
Project string `json:"project"`
// WfctlVersion is the wfctl version to pin in generated CI files.
WfctlVersion string `json:"wfctl_version"`
// DefaultBranch is the branch that triggers apply jobs.
DefaultBranch string `json:"default_branch"`
// Runner is the runner label used for GitHub Actions jobs.
Runner string `json:"runner"`
// PluginInstall is true when wfctl plugin install should be run before deploy.
PluginInstall bool `json:"plugin_install"`
// Build describes the build phase, or nil when no build is needed.
Build *BuildSpec `json:"build,omitempty"`
// Secrets is the union of all secret references needed by CI.
Secrets []SecretRef `json:"secrets"`
// Phases is the ordered list of deploy phases.
Phases []DeployPhase `json:"phases"`
// Migrations describes database migration config, or nil when none.
Migrations *MigrationsSpec `json:"migrations,omitempty"`
// Smoke describes the smoke test, or nil when no smoke test can be derived.
Smoke *SmokeSpec `json:"smoke,omitempty"`
// PlanGuard is true when a protected resource requires a plan-before-apply gate.
PlanGuard bool `json:"plan_guard"`
// Triggers describes which GitHub events trigger CI jobs.
Triggers TriggerSpec `json:"triggers"`
// Warnings is a list of non-fatal advisory messages surfaced to the operator.
Warnings []string `json:"warnings"`
}
CIPlan is a platform-neutral representation of a CI/CD plan derived from one or more workflow config files.
type DeployPhase ¶
type DeployPhase struct {
// Name is the human-readable phase name (e.g. "prereq", "deploy").
Name string `json:"name"`
// ConfigPath is the workflow config file for this phase.
ConfigPath string `json:"config_path"`
// Include is an optional list of module names to include in this phase.
Include []string `json:"include,omitempty"`
// Secrets is the set of secrets this phase's apply job needs. Populated
// only when Scoped is true; otherwise the renderer uses CIPlan.Secrets.
Secrets []SecretRef `json:"secrets,omitempty"`
// Scoped is true when per-phase secret derivation ran against a real,
// loaded config for this phase. The renderer branches its env: source on
// this flag — NOT on len(Secrets) — so a genuinely zero-secret scoped
// phase emits no union, while an unscoped phase falls back to the union.
Scoped bool `json:"scoped,omitempty"`
}
DeployPhase is a single phase in a potentially multi-phase deploy pipeline.
type MigrationsSpec ¶
type MigrationsSpec struct {
// DBEnv is the environment variable name that holds the database URL.
DBEnv string `json:"db_env"`
// Source is the migrations source directory.
Source string `json:"source,omitempty"`
// Env is the deploy environment name passed to `wfctl migrations up --env`.
// Empty when no environment is configured; the --env flag is then omitted.
Env string `json:"env,omitempty"`
}
MigrationsSpec describes the database migration step.
type Options ¶
type Options struct {
// WfctlVersion is the version string to embed in the plan (e.g. "v0.66.0" or "latest").
WfctlVersion string
// DefaultBranch overrides the default branch (defaults to "main").
DefaultBranch string
// Runner overrides the GitHub Actions runner label (defaults to "ubuntu-latest").
Runner string
// PhaseConfig is an optional second config path that becomes a prereq DeployPhase
// inserted before the main phase.
PhaseConfig string
// Project overrides the project name derived from the config file.
Project string
// ConfigPathAlias, when set, is used verbatim as the primary phase's
// DeployPhase.ConfigPath instead of the real (possibly temporary or
// absolute) filesystem path Analyze was handed. Callers that read the
// config from a non-repo location — e.g. the MCP server, which writes
// yaml_content to an os.CreateTemp file — MUST set this to a stable,
// repo-relative logical name (e.g. "deploy.yaml" or the project name)
// so generated CI steps and path filters reference a real checkout path
// rather than a deleted /tmp file.
ConfigPathAlias string
// PhaseConfigAlias is the ConfigPathAlias equivalent for the prereq phase.
// When set, it is used verbatim as the prereq DeployPhase.ConfigPath
// instead of the relativized PhaseConfig filesystem path.
PhaseConfigAlias string
}
Options controls the behaviour of Analyze.
type SecretRef ¶
type SecretRef struct {
// Name is the secret name as it appears in the CI platform's secret store.
Name string `json:"name"`
}
SecretRef is a reference to a named secret required by CI.
type SmokeSpec ¶
type SmokeSpec struct {
// URL is the full URL to curl for a 2xx response.
URL string `json:"url"`
// Path is the HTTP path component (e.g. "/healthz").
Path string `json:"path"`
}
SmokeSpec describes the post-deploy smoke test.
type TriggerSpec ¶
type TriggerSpec struct {
// PR triggers plan/lint jobs on pull requests.
PR bool `json:"pr"`
// PushMain triggers apply jobs on push to the default branch.
PushMain bool `json:"push_main"`
// Dispatch allows manual workflow_dispatch triggers.
Dispatch bool `json:"dispatch"`
}
TriggerSpec describes which CI events should trigger each class of job.
Source Files