Commit 3d67f14e authored by GitLab Bot's avatar GitLab Bot

Add latest changes from gitlab-org/gitlab@master

parent 48c77599
---
title: Document forwarding CI variables to docker build in Auto DevOps
merge_request: 16783
author:
type: added
...@@ -734,6 +734,40 @@ Avoid passing secrets as Docker build arguments if possible, as they may be ...@@ -734,6 +734,40 @@ Avoid passing secrets as Docker build arguments if possible, as they may be
persisted in your image. See persisted in your image. See
[this discussion](https://github.com/moby/moby/issues/13490) for details. [this discussion](https://github.com/moby/moby/issues/13490) for details.
### Passing secrets to `docker build` (beta)
CI environment variables can be passed as [build
secrets](https://docs.docker.com/develop/develop-images/build_enhancements/#new-docker-build-secret-information) to the `docker build` command by listing them comma separated by name in the
`AUTO_DEVOPS_BUILD_IMAGE_FORWARDED_CI_VARIABLES` variable. For example, in order to forward the variables `CI_COMMIT_SHA` and `CI_ENVIRONMENT_NAME`, one would set `AUTO_DEVOPS_BUILD_IMAGE_FORWARDED_CI_VARIABLES` to `CI_COMMIT_SHA,CI_ENVIRONMENT_NAME`.
Unlike build arguments, these are not persisted by Docker in the final image
(though you can still persist them yourself, so be careful).
In projects:
- Without a `Dockerfile`, these are available automatically as environment
variables.
- With a `Dockerfile`, the following is required:
1. Activate the experimental `Dockerfile` syntax by adding the following
to the top of the file:
```Dockerfile
# syntax = docker/dockerfile:experimental
```
1. To make secrets available in any `RUN $COMMAND` in the `Dockerfile`, mount
the secret file and source it prior to running `$COMMAND`:
```Dockerfile
RUN --mount=type=secret,id=auto-devops-build-secrets . /run/secrets/auto-devops-build-secrets && $COMMAND
```
NOTE: **Note:**
When `AUTO_DEVOPS_BUILD_IMAGE_FORWARDED_CI_VARIABLES` is set, Auto DevOps
enables the experimental [Docker BuildKit](https://docs.docker.com/develop/develop-images/build_enhancements/)
feature to use the `--secret` flag.
### Custom Helm Chart ### Custom Helm Chart
Auto DevOps uses [Helm](https://helm.sh/) to deploy your application to Kubernetes. Auto DevOps uses [Helm](https://helm.sh/) to deploy your application to Kubernetes.
...@@ -827,6 +861,7 @@ applications. ...@@ -827,6 +861,7 @@ applications.
| `ADDITIONAL_HOSTS` | Fully qualified domain names specified as a comma-separated list that are added to the ingress hosts. | | `ADDITIONAL_HOSTS` | Fully qualified domain names specified as a comma-separated list that are added to the ingress hosts. |
| `<ENVIRONMENT>_ADDITIONAL_HOSTS` | For a specific environment, the fully qualified domain names specified as a comma-separated list that are added to the ingress hosts. This takes precedence over `ADDITIONAL_HOSTS`. | | `<ENVIRONMENT>_ADDITIONAL_HOSTS` | For a specific environment, the fully qualified domain names specified as a comma-separated list that are added to the ingress hosts. This takes precedence over `ADDITIONAL_HOSTS`. |
| `AUTO_DEVOPS_BUILD_IMAGE_EXTRA_ARGS` | Extra arguments to be passed to the `docker build` command. Note that using quotes will not prevent word splitting. [More details](#passing-arguments-to-docker-build). | | `AUTO_DEVOPS_BUILD_IMAGE_EXTRA_ARGS` | Extra arguments to be passed to the `docker build` command. Note that using quotes will not prevent word splitting. [More details](#passing-arguments-to-docker-build). |
| `AUTO_DEVOPS_BUILD_IMAGE_FORWARDED_CI_VARIABLES` | A [comma-separated list of CI variable names](#passing-secrets-to-docker-build-beta) to be passed to the `docker build` command as secrets. |
| `AUTO_DEVOPS_CHART` | Helm Chart used to deploy your apps. Defaults to the one [provided by GitLab](https://gitlab.com/gitlab-org/charts/auto-deploy-app). | | `AUTO_DEVOPS_CHART` | Helm Chart used to deploy your apps. Defaults to the one [provided by GitLab](https://gitlab.com/gitlab-org/charts/auto-deploy-app). |
| `AUTO_DEVOPS_CHART_REPOSITORY` | Helm Chart repository used to search for charts. Defaults to `https://charts.gitlab.io`. | | `AUTO_DEVOPS_CHART_REPOSITORY` | Helm Chart repository used to search for charts. Defaults to `https://charts.gitlab.io`. |
| `AUTO_DEVOPS_CHART_REPOSITORY_NAME` | From Gitlab 11.11, used to set the name of the helm repository. Defaults to `gitlab`. | | `AUTO_DEVOPS_CHART_REPOSITORY_NAME` | From Gitlab 11.11, used to set the name of the helm repository. Defaults to `gitlab`. |
...@@ -1168,6 +1203,27 @@ There is no documented way of using private container registry with Auto DevOps. ...@@ -1168,6 +1203,27 @@ There is no documented way of using private container registry with Auto DevOps.
We strongly advise using GitLab Container Registry with Auto DevOps in order to We strongly advise using GitLab Container Registry with Auto DevOps in order to
simplify configuration and prevent any unforeseen issues. simplify configuration and prevent any unforeseen issues.
### Installing Helm behind a proxy
GitLab does not yet support installing [Helm as a GitLab-managed App](../../user/clusters/applications.md#helm) when
behind a proxy. Users who wish to do so must inject their proxy settings
into the installation pods at runtime, for example by using a
[`PodPreset`](https://kubernetes.io/docs/concepts/workloads/pods/podpreset/):
```yml
apiVersion: settings.k8s.io/v1alpha1
kind: PodPreset
metadata:
name: gitlab-managed-apps-default-proxy
namespace: gitlab-managed-apps
spec:
env:
- name: http_proxy
value: "PUT_YOUR_HTTP_PROXY_HERE"
- name: https_proxy
value: "PUT_YOUR_HTTPS_PROXY_HERE"
```
## Troubleshooting ## Troubleshooting
- Auto Build and Auto Test may fail in detecting your language/framework. There - Auto Build and Auto Test may fail in detecting your language/framework. There
......
...@@ -67,6 +67,11 @@ required to install all the other applications. It is installed in its ...@@ -67,6 +67,11 @@ required to install all the other applications. It is installed in its
own pod inside the cluster which can run the `helm` CLI in a safe own pod inside the cluster which can run the `helm` CLI in a safe
environment. environment.
NOTE: **Note:**
Installing Helm as a GitLab-managed App behind a proxy is not supported,
but a [workaround](../../topics/autodevops/index.md#installing-helm-behind-a-proxy)
is available.
### Cert-Manager ### Cert-Manager
> Introduced in GitLab 11.6 for project- and group-level clusters. > Introduced in GitLab 11.6 for project- and group-level clusters.
......
...@@ -9,11 +9,11 @@ type: reference, howto ...@@ -9,11 +9,11 @@ type: reference, howto
> - In GitLab 8.17, builds were renamed to jobs. > - In GitLab 8.17, builds were renamed to jobs.
> - The artifacts browser will be available only for new artifacts that are sent to GitLab using GitLab Runner version 1.0 and up. It will not be possible to browse old artifacts already uploaded to GitLab. > - The artifacts browser will be available only for new artifacts that are sent to GitLab using GitLab Runner version 1.0 and up. It will not be possible to browse old artifacts already uploaded to GitLab.
Artifacts are a list of files and directories which created by a job Job artifacts are a list of files and directories created by a job
once it finishes. This feature is [enabled by default](../../../administration/job_artifacts.md) in all once it finishes. This feature is [enabled by default](../../../administration/job_artifacts.md) in all
GitLab installations. GitLab installations.
Job artifacts that are created by GitLab Runner are uploaded to GitLab and are downloadable as a single archive using the GitLab UI. Job artifacts created by GitLab Runner are uploaded to GitLab and are downloadable as a single archive using the GitLab UI or the [GitLab API](../../../api/jobs.md#get-job-artifacts).
<i class="fa fa-youtube-play youtube" aria-hidden="true"></i> <i class="fa fa-youtube-play youtube" aria-hidden="true"></i>
For an overview, watch the video [GitLab CI Pipeline, Artifacts, and Environments](https://www.youtube.com/watch?v=PCKDICEe10s). For an overview, watch the video [GitLab CI Pipeline, Artifacts, and Environments](https://www.youtube.com/watch?v=PCKDICEe10s).
...@@ -78,7 +78,7 @@ one HTML file that you can view directly online when ...@@ -78,7 +78,7 @@ one HTML file that you can view directly online when
## Downloading artifacts ## Downloading artifacts
If you need to download the whole archive, there are buttons in various places If you need to download the whole archive, there are buttons in various places
inside GitLab that make that possible. in the GitLab UI to do this:
1. While on the pipelines page, you can see the download icon for each job's 1. While on the pipelines page, you can see the download icon for each job's
artifacts archive in the right corner: artifacts archive in the right corner:
......
...@@ -275,6 +275,7 @@ module QA ...@@ -275,6 +275,7 @@ module QA
autoload :Edit, 'qa/page/project/wiki/edit' autoload :Edit, 'qa/page/project/wiki/edit'
autoload :New, 'qa/page/project/wiki/new' autoload :New, 'qa/page/project/wiki/new'
autoload :Show, 'qa/page/project/wiki/show' autoload :Show, 'qa/page/project/wiki/show'
autoload :GitAccess, 'qa/page/project/wiki/git_access'
end end
module WebIDE module WebIDE
......
# frozen_string_literal: true
module QA
module Page
module Project
module Wiki
class GitAccess < Page::Base
include Page::Component::LegacyClonePanel
end
end
end
end
end
...@@ -21,14 +21,7 @@ module QA ...@@ -21,14 +21,7 @@ module QA
end end
def repository_http_uri def repository_http_uri
@repository_http_uri ||= begin @repository_http_uri ||= wiki.repository_http_location.uri
wiki.visit!
Page::Project::Wiki::Show.act do
click_clone_repository
choose_repository_clone_http
repository_location.uri
end
end
end end
def repository_ssh_uri def repository_ssh_uri
......
...@@ -12,6 +12,15 @@ module QA ...@@ -12,6 +12,15 @@ module QA
end end
end end
attribute :repository_http_location do
Page::Project::Wiki::Show.perform(&:click_clone_repository)
Page::Project::Wiki::GitAccess.perform do |git_access|
git_access.choose_repository_clone_http
git_access.repository_location
end
end
def fabricate! def fabricate!
project.visit! project.visit!
......
...@@ -3,29 +3,12 @@ ...@@ -3,29 +3,12 @@
module QA module QA
context 'Plan', :smoke do context 'Plan', :smoke do
describe 'mention' do describe 'mention' do
let(:user) do
Resource::User.fabricate_via_api! do |user|
user.name = "bob"
user.password = "1234test"
end
end
before do before do
QA::Runtime::Env.personal_access_token = QA::Runtime::Env.admin_personal_access_token
unless QA::Runtime::Env.personal_access_token
Runtime::Browser.visit(:gitlab, Page::Main::Login) Runtime::Browser.visit(:gitlab, Page::Main::Login)
Page::Main::Login.perform(&:sign_in_using_admin_credentials)
end
QA::Runtime::Env.personal_access_token = nil
Page::Main::Menu.perform(&:sign_out) if Page::Main::Menu.perform { |p| p.has_personal_area?(wait: 0) }
Runtime::Browser.visit(:gitlab, Page::Main::Login)
Page::Main::Login.perform(&:sign_in_using_credentials) Page::Main::Login.perform(&:sign_in_using_credentials)
@user = Resource::User.fabricate_or_use(Runtime::Env.gitlab_qa_username_1, Runtime::Env.gitlab_qa_password_1)
project = Resource::Project.fabricate_via_api! do |resource| project = Resource::Project.fabricate_via_api! do |resource|
resource.name = 'project-to-test-mention' resource.name = 'project-to-test-mention'
end end
...@@ -33,7 +16,7 @@ module QA ...@@ -33,7 +16,7 @@ module QA
Page::Project::Show.perform(&:go_to_members_settings) Page::Project::Show.perform(&:go_to_members_settings)
Page::Project::Settings::Members.perform do |members| Page::Project::Settings::Members.perform do |members|
members.add_member(user.username) members.add_member(@user.username)
end end
issue = Resource::Issue.fabricate_via_api! do |issue| issue = Resource::Issue.fabricate_via_api! do |issue|
...@@ -45,7 +28,7 @@ module QA ...@@ -45,7 +28,7 @@ module QA
it 'user mentions another user in an issue' do it 'user mentions another user in an issue' do
Page::Project::Issue::Show.perform do |show| Page::Project::Issue::Show.perform do |show|
at_username = "@#{user.username}" at_username = "@#{@user.username}"
show.select_all_activities_filter show.select_all_activities_filter
show.comment(at_username) show.comment(at_username)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment