Pipeline Steps

Pipeline steps define the actual payloads that are run during job executions. Each pipeline step is run in a defined container image. Components may specify an arbitrary graph of steps. Some traits add steps to build jobs as well (see traits documentation).

Each build step must be given a unique name (per job). By default, an executable named .ci/<step_name> is expected in the main repository’s work tree. It is run inside a container with a specifiable container image with a defined set of environment variables.

The resulting exit code is used to determine whether or not the step execution has succeeded. A zero exit code is interpreted as success, wheras non-zero exit codes are interpreted as failures.

Accessing the path to a repository in your build step should be done using given environment variables as described in Environment Variables from repositories.

all job steps are executed in parallel by default
dependendencies between steps may be declared
job steps may publish changes to repositories

Attributes

name	required?	default	type	explanation
depends	no	set()	set	step names this step declares a dependency towards
trait_depends	no	set()	set	names of traits this step declares a dependency towards. This will result in a dependency towards all steps defined by these traits
execute	no	step name	str	The executable (with optional additional arguments) to run. The executable path is calculated relative to `<main_repo>/.ci`. Has two forms: scalar value (str in most cases) –> no shell-escaping is done list of scalar values -> used verbatim as ARGV
escape_argv	no	True	str	defines whether or not ARGV (execute attr) should be escaped setting to `False` will allow for e.g. environment-variable expansion
notifications_cfg	no	default	str	Configures build notification policies (see notifications trait)
image	no	None	str	the container image reference to use for the executing container. If not set, the default image will be used.
registry	no	None	str	The container image registry cfg_name. Required when retrieving container images from a non-default image registry that requires authentication.
inputs	no	{}	dict	a mapping of inputs produced by other build steps: { input_name: output_name } `input_name` is converted to UPPER_CASE and exposed to the step as an environment variable containing the relative path to the output.
output_dir	no	None	str	exposes a writable directory to the job. The directory is specified via environment variable named as the given value + _PATH (converted to UPPER-case and snake_case). Any files placed into this directory are passed to subsequent steps declaring the output as input. The unchanged value configured is used as input name. e.g.: `output_dir: out` results in env var `OUT_PATH`.
publish_to	no	{}	list	has two forms: list of logical repository names to which commits created by this step should be published. a dictionary: <name: options> The second form currently accepts exactly one argument: `force_push` (bool) and is used to specify that a force-push should be done. The step executable must only commit the changes in the repository’s worktree without pushing them. Example: steps: foo: publish_to: my_repo: force_push: true
vars	no	{}	str	pairs of {env_var_name: <python expression>} the specified python expressions are evaluated during pipeline replication. An instance of the current pipeline_model is accessible through the `pipeline_descriptor` symbol. The evaluation result is exposed to this build step via the specified environment variable.
cache_paths	no	[]	str	Warning EXPERIMENTAL - this attr might be removed or changed a list of paths (relative to initial PWD) that should be cached.
privilege_mode	no	`unprivileged`	PrivilegeMode	privilege mode for step. Use carefully when running potentially untrusted code.
timeout	no	None	str	go-style time interval (e.g.: ‘1h30m’) after which the step will be interrupted and fail.
retries	no	None	str	positive integer specifying the maximum amount of failures until the step is counted as failed
on_abort	no	None	str	The executable (with optional additional arguments) to run in case the job is aborted. The executable path is calculated relative to `<main_repo>/.ci`. Just like `execute` this has two forms: scalar value (str in most cases) –> no shell-escaping is done list of scalar values -> used verbatim as ARGV The resulting `on_abort` step will use the same container image reference as the job that defines it. Also, it will have the same in- and outputs available and access to the same env-vars. Note `on_abort`-steps themselves cannot be aborted. Beware.

privilege_mode Enumeration Values

privileged
unprivileged

Examples

steps:
  first_step: ~     # execute .ci/first_step

  custom_executable:
    execute:
      "my_script"   # execute .ci/my_script

  custom_image:
    image: 'alpine:3.6'

  executable_with_args:
    execute:
    - "another_executable"  # .ci/another_executable
    - "--with-an-option"
    - "args may contain whitespace characters"

  build_and_expose_output:
    output_dir: 'build_result_dir' # may be used e.g. by publish trait

  publish_commits:
    depends:
    - build_and_expose_output  # run only after build_and_expose_output finished
    publish_to:
    - source    # 'source' is the default name for the main repository

  force_push:
    publish_to:
      another_repo:
        force_push: true # use with caution!

  define_env_vars:
    vars:
      AN_ENV_VAR: '"my_important_value"'         # assign my_important_value to AN_ENV_VAR
      ANOTHER: 'pipeline_descriptor.get("name")' # assign pipeline name to ANOTHER