chore(release): 1.7.4 [skip ci]

## [1.7.4](https://gitlab.evanrichardsonphotography.com/erichardson/py-eagle-mqtt/compare/v1.7.3...v1.7.4) (2021-05-09)

### Build

* cleanup long install line ([de1d073](de1d073c6d))

### ci

* Add git to node image ([6eb2d01](6eb2d0145e))
* change semantic release image to alpine to save space, updated to node 16 ([b1ca049](b1ca0497b0))
* Update DinD base to 20.10.6 and semantic release to node:15.  Also pin sonar-scanner-cli to 4.6 ([589fb4f](589fb4fcf7))

.gitlab-ci.yml

@@ -11,12 +11,14 @@ stages:
 - push_dockerhub
 
 .docker_base:
-  image: docker:18.09.7-dind
+  image: docker:20.10.6-dind
   services:
-    - docker:18.09.7-dind
+    - name: docker:20.10.6-dind
+      command: ["--tls=false"]
   variables:
     DOCKER_DRIVER: overlay
-    DOCKER_HOST: tcp://localhost:2375/
+    DOCKER_HOST: tcp://127.0.0.1:2375/
+    DOCKER_TLS_CERTDIR: ""
     IMAGE_TAG: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
     FF_GITLAB_REGISTRY_HELPER_IMAGE: 1
   before_script:
@@ -71,7 +73,7 @@ push dockerhub:
   - docker push $CI_DOCKERHUB_IMAGE
 
 release:
-  image: node:13
+  image: node:16-alpine3.13
   stage: release
   only:
     refs:
@@ -83,7 +85,9 @@ release:
     - /^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$/ 
   script:
     - touch CHANGELOG.md
-    - npm install @semantic-release/gitlab @semantic-release/changelog @semantic-release/git
+    - apk add --no-cache git
+    - npm install @semantic-release/gitlab @semantic-release/changelog
+      @semantic-release/git conventional-changelog-eslint
     - npx semantic-release
   artifacts:
     paths:
@@ -93,3 +97,48 @@ sast:
   stage: test
 include:
 - template: Security/SAST.gitlab-ci.yml
+
+sonarqube-check:
+  stage: test
+  image: 
+    name: sonarsource/sonar-scanner-cli:4.6
+    entrypoint: [""]
+  variables:
+    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"  # Defines the location of the analysis task cache
+    GIT_DEPTH: "0"  # Tells git to fetch all the branches of the project, required by the analysis task
+  cache:
+    key: "${CI_JOB_NAME}"
+    paths:
+      - .sonar/cache
+  script: 
+    - sonar-scanner
+  allow_failure: true
+  only:
+    - master # or the name of your main branch
+    - branches
+
+trivy:
+  stage: test
+  extends:
+    - .docker_base
+  before_script:
+    - export TRIVY_VERSION=$(wget -qO - "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/')
+    - echo $TRIVY_VERSION
+    - wget --no-verbose https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz -O - | tar -zxvf -
+  allow_failure: true
+  script:
+    # Build image
+    - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA ./Docker/
+    # Build report
+    - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+    # Print report
+    - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --severity HIGH image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+    # Fail on severe vulnerabilities
+    - ./trivy --exit-code 1 --cache-dir .trivycache/ --severity CRITICAL --no-progress image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+  cache:
+    paths:
+      - .trivycache/
+  # Enables https://docs.gitlab.com/ee/user/application_security/container_scanning/ (Container Scanning report is available on GitLab EE Ultimate or GitLab.com Gold)
+  artifacts:
+    reports:
+      container_scanning: gl-container-scanning-report.json

.releaserc.yml

@@ -1,6 +1,38 @@
 plugins:
-  - "@semantic-release/commit-analyzer"
-  - "@semantic-release/release-notes-generator"
+  - - "@semantic-release/commit-analyzer"
+    - preset: eslint
+      releaseRules:
+      - tag: Breaking
+        release: major
+      - tag: Build
+        release: patch
+      - tag: Chore
+        release: minor
+      - tag: Fix
+        release: patch
+      - tag: New
+        release: minor
+      - tag: Update
+        release: minor
+      - tag: Upgrade
+        release: minor
+  - - "@semantic-release/release-notes-generator"
+    - preset: eslint
+      releaseRules:
+      - tag: Breaking
+        release: major
+      - tag: Build
+        release: patch
+      - tag: Chore
+        release: minor
+      - tag: Fix
+        release: patch
+      - tag: New
+        release: minor
+      - tag: Update
+        release: minor
+      - tag: Upgrade
+        release: minor
   - - "@semantic-release/changelog"
     - changelogFile: CHANGELOG.md
   - "@semantic-release/gitlab"

CHANGELOG.md

@@ -1,3 +1,16 @@
+## [1.7.4](https://gitlab.evanrichardsonphotography.com/erichardson/py-eagle-mqtt/compare/v1.7.3...v1.7.4) (2021-05-09)
+
+
+### Build
+
+* cleanup long install line ([de1d073](https://gitlab.evanrichardsonphotography.com/erichardson/py-eagle-mqtt/commit/de1d073c6daf5d43fb7d9b7dafddd3b0cbcffc9b))
+
+### ci
+
+* Add git to node image ([6eb2d01](https://gitlab.evanrichardsonphotography.com/erichardson/py-eagle-mqtt/commit/6eb2d0145eff50c3243a364d821e769ae2ee06c9))
+* change semantic release image to alpine to save space, updated to node 16 ([b1ca049](https://gitlab.evanrichardsonphotography.com/erichardson/py-eagle-mqtt/commit/b1ca0497b0b51e0c50ca1e5f99e5c8abd4224d53))
+* Update DinD base to 20.10.6 and semantic release to node:15.  Also pin sonar-scanner-cli to 4.6 ([589fb4f](https://gitlab.evanrichardsonphotography.com/erichardson/py-eagle-mqtt/commit/589fb4fcf7841d3c5f08327d7fb5d5c107562ed6))
+
 ## [1.7.3](https://gitlab.evanrichardsonphotography.com/erichardson/py-eagle-mqtt/compare/v1.7.2...v1.7.3) (2021-04-12)
 
 

sonar-project.properties

@@ -0,0 +1,3 @@
+sonar.projectKey=erichardson_py-eagle-mqtt_AXkgI9tRLcemhRz3NCjo
+sonar.qualitygate.wait=true
+sonar.projectBaseDir=Docker/src