Skip to content

Reference

Reference pages are information-oriented: the facts, laid out for looking up. One page per component, mirroring templates/<name>.yml 1:1. If you want a guided lesson instead, see Tutorials; for a task-oriented recipe, see How-To Guides; for the why behind a design, see Explanation.

Every component is included the same way:

include:
  - component: gitlab.com/phpboyscout/cicd/<name>@vX.Y.Z

Pin to a @vX.Y.Z tag — never @~latest or a branch. Pre-1.0: a minor bump may change input shape (see Versioning).

Terraform / OpenTofu

Component Purpose
tofu-lint tofu fmt -check, tflint --recursive, terraform-docs --check drift.
tofu-security trivy config, checkov, gitleaks detect against the IaC.
tofu-validate tofu init -backend=false && tofu validate walked across consumer-specified paths.
tofu-plan OIDC-authenticated tofu plan against AWS; produces a reviewable plan artifact + MR widget.
tofu-apply Consumes a tofu-plan artifact, runs tofu apply; same-pipeline or cross-pipeline plan retrieval.
tofu-module-publish Publishes the repo to the GitLab Terraform Module Registry on release tags.

Go

Component Purpose
go-lint golangci-lint run with a stable per-project cache.
go-test go test -race -coverprofile, with an optional e2e job.
go-security Five MR-time scanners: govulncheck, trivy, gitleaks, osv-scanner, semgrep.
goreleaser Tag-gated goreleaser release --clean, with transient-failure auto-retry.

Rust

Component Purpose
rust-lint cargo fmt --check + cargo clippy.
rust-test cargo-nextest matrix: Linux always-on, opt-in cross-OS / integration / coverage.
rust-security cargo-deny, cargo-audit, trivy, gitleaks.
rust-docs cargo doc --no-deps --all-features with RUSTDOCFLAGS=-D warnings.
release-plz Rust release driver — Release MR, then publish + tag when it merges.

Svelte

Component Purpose
svelte-build Builds the frontend bundle and hands it to the release job as an artifact.
svelte-lint svelte-check, eslint, prettier — the project's own tool versions.
svelte-test vitest run, with an opt-in Playwright e2e job.
svelte-security Eight scanners: semgrep, osv-scanner, npm-audit, retire.js, audit-signatures, lockfile-lint, SBOM, gitleaks. Always-on.

Static sites

Component Purpose
zensical-pages Build a Zensical microsite and deploy to GitLab Pages. (This site.)
hugo-pages Build a Hugo site and deploy to GitLab Pages — the one component that deploys on a schedule.

Release & dependency automation

Component Purpose
renovate-self Schedule-driven Renovate run; pairs with the bundled preset that tracks component pins.
releaser-pleaser Release-MR-driven releases for Conventional-Commits projects (the Go-track sibling of release-plz).

AI skills & instruction files

Component Purpose
skill-security Hidden-char, injection-heuristic, plugin-schema, and gitleaks scans for Claude skills / CLAUDE.md / similar instruction-file repos.