Use a dedicated project token for the 'review-cleanup' job

Signed-off-by: Rémy Coutable <remy@rymai.me>

scripts/review_apps/automated_cleanup.rb

@@ -22,7 +22,8 @@ class AutomatedCleanup
     %w[gitlab gitlab-ee].include?(ENV['CI_PROJECT_NAME'])
   end
 
-  def initialize(project_path: ENV['CI_PROJECT_PATH'], gitlab_token: ENV['GITLAB_BOT_REVIEW_APPS_CLEANUP_TOKEN'])
+  # $GITLAB_PROJECT_REVIEW_APP_CLEANUP_API_TOKEN => `Automated Review App Cleanup` project token
+  def initialize(project_path: ENV['CI_PROJECT_PATH'], gitlab_token: ENV['GITLAB_PROJECT_REVIEW_APP_CLEANUP_API_TOKEN'])
     @project_path = project_path
     @gitlab_token = gitlab_token
   end

spec/tooling/lib/tooling/kubernetes_client_spec.rb

@@ -29,7 +29,7 @@ RSpec.describe Tooling::KubernetesClient do
       specify do
         expect(Gitlab::Popen).to receive(:popen_with_detail)
           .with(["kubectl delete #{described_class::RESOURCE_LIST} " +
-            %(--namespace "#{namespace}" --now --ignore-not-found --include-uninitialized --wait=#{wait} #{release_names_in_command})])
+            %(--namespace "#{namespace}" --now --ignore-not-found --wait=#{wait} #{release_names_in_command})])
           .and_return(Gitlab::Popen::Result.new([], '', '', double(success?: true)))
 
         expect(Gitlab::Popen).to receive(:popen_with_detail)
@@ -44,7 +44,7 @@ RSpec.describe Tooling::KubernetesClient do
     it 'raises an error if the Kubernetes command fails' do
       expect(Gitlab::Popen).to receive(:popen_with_detail)
         .with(["kubectl delete #{described_class::RESOURCE_LIST} " +
-          %(--namespace "#{namespace}" --now --ignore-not-found --include-uninitialized --wait=true -l release="#{release_name}")])
+          %(--namespace "#{namespace}" --now --ignore-not-found --wait=true -l release="#{release_name}")])
         .and_return(Gitlab::Popen::Result.new([], '', '', double(success?: false)))
 
       expect { subject.cleanup_by_release(release_name: release_name) }.to raise_error(described_class::CommandFailedError)
@@ -81,7 +81,7 @@ RSpec.describe Tooling::KubernetesClient do
       specify do
         expect(Gitlab::Popen).to receive(:popen_with_detail)
           .with(["kubectl delete #{resource_type} ".squeeze(' ') +
-            %(--namespace "#{namespace}" --now --ignore-not-found --include-uninitialized --wait=#{wait} #{release_names_in_command})])
+            %(--namespace "#{namespace}" --now --ignore-not-found --wait=#{wait} #{release_names_in_command})])
           .and_return(Gitlab::Popen::Result.new([], '', '', double(success?: true)))
 
         # We're not verifying the output here, just silencing it
@@ -92,7 +92,7 @@ RSpec.describe Tooling::KubernetesClient do
     it 'raises an error if the Kubernetes command fails' do
       expect(Gitlab::Popen).to receive(:popen_with_detail)
         .with(["kubectl delete #{resource_type} " +
-          %(--namespace "#{namespace}" --now --ignore-not-found --include-uninitialized --wait=true #{pod_for_release})])
+          %(--namespace "#{namespace}" --now --ignore-not-found --wait=true #{pod_for_release})])
         .and_return(Gitlab::Popen::Result.new([], '', '', double(success?: false)))
 
       expect { subject.cleanup_by_created_at(resource_type: resource_type, created_before: two_days_ago) }.to raise_error(described_class::CommandFailedError)

tooling/lib/tooling/kubernetes_client.rb

@@ -43,7 +43,6 @@ module Tooling
         %(--namespace "#{namespace}"),
         '--now',
         '--ignore-not-found',
-        '--include-uninitialized',
         %(--wait=#{wait}),
         selector
       ]
@@ -58,7 +57,6 @@ module Tooling
         %(--namespace "#{namespace}"),
         '--now',
         '--ignore-not-found',
-        '--include-uninitialized',
         %(--wait=#{wait}),
         resource_names.join(' ')
       ]