Final slides for 20220519

nicholasdille · May 19, 2022 · a00e2bc · a00e2bc
1 parent a7e9001
commit a00e2bc
Show file tree

Hide file tree

Showing 9 changed files with 325 additions and 6 deletions.
diff --git a/000_introduction/02_bio.md b/000_introduction/02_bio.md
@@ -18,4 +18,6 @@
 
 <i class="fas fa-briefcase" style="width: 1.5em; text-align: center;"></i> [Haufe Group](https://www.haufe.com/) since 2016
 
+<i class="fas fa-person-chalkboard" style="width: 1.5em; text-align: center;"></i> Self-employed [trainer](https://dille.name) since 2020
+
 *Reach out via* [<i class="fab fa-twitter" style="width: 1.5em; text-align: center;"></i>](https://twitter.com/@NicholasDille) [<i class="fab fa-github" style="width: 1.5em; text-align: center;"></i>](https://github.com/nicholasdille) [<i class="fab fa-keybase" style="width: 1.5em; text-align: center;"></i>](https://keybase.io/nicholasdille)
diff --git a/160_gitlab_ci/060_artifacts/slides.md b/160_gitlab_ci/060_artifacts/slides.md
@@ -57,3 +57,7 @@ job_name:
   dependencies: []
   # ...
 ```
+
+### Download artifact from another pipeline
+
+See GitLab API [](https://docs.gitlab.com/ee/api/job_artifacts.html#download-the-artifacts-archive)
diff --git a/160_gitlab_ci/120_templates/slides.md b/160_gitlab_ci/120_templates/slides.md
@@ -14,8 +14,8 @@ Templates can be imported using `include` [](https://docs.gitlab.com/ee/ci/yaml/
 
 - The same `.gitlab-ci.yml`
 - Files in the same repository
-- Files in othe repositories of the same instance
-- Remote locations
+- Files in other repositories of the same instance
+- Remote locations (only unauthenticated)
 
 See also the development guide for templates [](https://docs.gitlab.com/ee/development/cicd/templates.html)
 

diff --git a/160_gitlab_ci/270_renovate/slides.md b/160_gitlab_ci/270_renovate/slides.md
@@ -34,3 +34,5 @@ Self-hosted Renovate (formerly paid product) [](https://www.whitesourcesoftware.
 1. Merge at least one change
 
 (See new `gitlab-ci.yml`)
+
+(With proper configuration Renovate can also automerge tested merge requests.)
diff --git a/160_gitlab_ci/280_security/.gitlab-ci.yml b/160_gitlab_ci/280_security/.gitlab-ci.yml
@@ -0,0 +1,125 @@
+include:
+- project: foo/template-go
+  ref: main
+  file: go.yaml
+- template: Security/Secret-Detection.gitlab-ci.yml
+- template: Security/SAST.gitlab-ci.yml
+
+stages:
+- check
+- build
+- test
+- deploy
+- package
+- trigger
+
+default:
+  image: golang:1.17.9
+
+renovate:
+  stage: check
+  rules:
+  - if: '$CI_PIPELINE_SOURCE == "schedule" && $RENOVATE'
+  image: renovate/renovate:32.52.2
+  variables:
+    LOG_LEVEL: debug
+  script: |
+    renovate --platform gitlab \
+        --endpoint https://gitlab.seat${SEAT_INDEX}.inmylab.de/api/v4 \
+        --token ${RENOVATE_TOKEN} \
+        --autodiscover true
+
+lint:
+  stage: check
+  rules:
+  - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"'
+  - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+  script:
+  - go fmt .
+
+audit:
+  stage: check
+  rules:
+  - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"'
+  - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+  script:
+  - go vet .
+
+build:
+  stage: build
+  rules:
+  - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"'
+  - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+  extends: .build-go
+  artifacts:
+    paths:
+    - hello*
+
+test:
+  stage: test
+  rules:
+  - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"'
+  - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+  image: alpine
+  script:
+  - ./hello-linux-amd64
+
+deploy:
+  stage: deploy
+  rules:
+  - if: '$CI_COMMIT_REF_NAME == "dev" || $CI_COMMIT_REF_NAME == "live"'
+  environment:
+    name: ${CI_COMMIT_REF_NAME}
+  before_script:
+  - apt-get update
+  - apt-get -y install curl ca-certificates
+  script:
+  - |
+    curl https://${CI_COMMIT_REF_NAME}.seat${SEAT_INDEX}.inmylab.de/ \
+        --fail \
+        --verbose \
+        --upload-file hello \
+        --user admin:${PASS}
+
+pages:
+  stage: deploy
+  rules:
+  - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH'
+  image: registry.gitlab.com/gitlab-org/release-cli:v0.11.0
+  release:
+    tag_name: ${CI_PIPELINE_IID}
+    name: Release ${CI_PIPELINE_IID}
+    description: |
+      Some multi
+      line text
+    ref: ${CI_COMMIT_SHA}
+  script:
+  - cp hello-linux-amd64 public/hello
+  artifacts:
+    paths:
+    - public
+
+package:
+  image: docker:20.10.16
+  stage: package
+  rules:
+  - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH'
+  services:
+  - name: docker:20.10.16-dind
+    command: [ "dockerd", "--host", "tcp://0.0.0.0:2375" ]
+  before_script:
+  - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}"
+  script:
+  - docker build --tag "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" .
+  - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}"
+
+trigger:
+  stage: trigger
+  rules:
+  - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"'
+  script: |
+    curl https://gitlab.seat${SEAT_INDEX}.inmylab.de/api/v4/projects/3/trigger/pipeline \
+        --request POST \
+        --fail \
+        -F token=${TRIGGER_BAZ} \
+        -F ref=dev
diff --git a/160_gitlab_ci/290_final/.gitlab-ci.yml b/160_gitlab_ci/290_final/.gitlab-ci.yml
@@ -0,0 +1,139 @@
+workflow:
+  rules:
+  - if: $CI_PIPELINE_SOURCE == 'api'
+    when: never
+  - if: $CI_PIPELINE_SOURCE == 'trigger'
+    when: never
+  - when: always
+
+stages:
+- check
+- build
+- test
+- deploy
+- package
+- trigger
+
+include:
+- project: workshop/template-go
+  ref: main
+  file: go.yaml
+- template: Security/Secret-Detection.gitlab-ci.yml
+- template: Security/SAST.gitlab-ci.yml
+
+.rules-main-or-mr:
+  rules:
+  - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH'
+  - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+  - if: '$CI_PIPELINE_SOURCE == "web"'
+
+.rules-dev-or-live:
+  rules:
+  - if: '$CI_COMMIT_REF_NAME == "dev" || $CI_COMMIT_REF_NAME == "live"'
+
+default:
+  image: golang:1.18.2@sha256:02c05351ed076c581854c554fa65cb2eca47b4389fb79a1fc36f21b8df59c24f
+
+renovate:
+  stage: check
+  rules:
+  - if: '$CI_PIPELINE_SOURCE == "schedule" && $RENOVATE'
+  image: renovate/renovate:32.52.2
+  variables:
+    LOG_LEVEL: debug
+  script: |
+    renovate --platform gitlab \
+        --endpoint https://gitlab.seat${SEAT_INDEX}.inmylab.de/api/v4 \
+        --token ${RENOVATE_TOKEN} \
+        --autodiscover true
+
+.lint:
+  stage: check
+  extends: .rules-main-or-mr
+  script:
+  - go fmt .
+
+.audit:
+  stage: check
+  extends: .rules-main-or-mr
+  script:
+  - go vet .
+
+build:
+  stage: build
+  extends:
+  - .build-go
+  - .rules-main-or-mr
+
+test:
+  stage: test
+  extends:
+  - .test-go
+  - .rules-main-or-mr
+
+deploy:
+  stage: deploy
+  extends: .rules-dev-or-live
+  environment:
+    name: ${CI_COMMIT_REF_NAME}
+  before_script:
+  - apt-get update
+  - apt-get -y install curl ca-certificates
+  script:
+  - test -n "${PASS}"
+  - |
+    curl https://${CI_COMMIT_REF_NAME}.seat${SEAT_INDEX}.inmylab.de/ \
+        --fail \
+        --verbose \
+        --upload-file hello \
+        --user admin:${PASS}
+
+pages:
+  stage: deploy
+  rules:
+  # Only run when pushed to main branch
+  - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH'
+  image: registry.gitlab.com/gitlab-org/release-cli:v0.11.0
+  release:
+    tag_name: ${CI_PIPELINE_IID}
+    name: Release ${CI_PIPELINE_IID}
+    description: |
+      Some multi
+      line text
+    ref: ${CI_COMMIT_SHA}
+    assets:
+      links:
+      - name: hello
+        url: https://workshop.gitlab.seat${SEAT_INDEX}.inmylab.de/hello-world/${CI_PIPELINE_IID}/hello
+  script:
+  - cp hello-linux-amd64 public/hello
+  - mkdir -p public/${CI_PIPELINE_IID}
+  - cp hello-linux-amd64 public/${CI_PIPELINE_IID}/hello
+  artifacts:
+    paths:
+    - public
+
+package:
+  image: docker:20.10.16
+  stage: package
+  extends: .go-targets
+  rules:
+  - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH'
+  variables:
+    DOCKER_BUILDKIT: 1
+  services:
+  - name: docker:20.10.16-dind
+    command: [ "dockerd", "--host", "tcp://0.0.0.0:2375" ]
+  before_script:
+  - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}"
+  script:
+  - docker build --tag "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}-${GOOS}-${GOARCH}" .
+  - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}-${GOOS}-${GOARCH}"
+
+trigger:
+  stage: trigger
+  rules:
+  - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH'
+  trigger:
+    include:
+    - local: child.yml
diff --git a/160_gitlab_ci/290_final/go.yaml b/160_gitlab_ci/290_final/go.yaml
@@ -0,0 +1,32 @@
+.go-targets:
+  parallel:
+    matrix:
+    - GOOS: linux
+      GOARCH: amd64
+    - GOOS: linux
+      GOARCH: arm64
+
+.build-go:
+  image: golang:1.17.9
+  extends:
+  - .go-targets
+  script:
+  - |
+    go build \
+        -o hello-${GOOS}-${GOARCH} \
+        -ldflags "-X main.Version=${CI_COMMIT_REF_NAME} -X 'main.Author=${AUTHOR}'" \
+        .
+  artifacts:
+    paths:
+    - hello-${GOOS}-${GOARCH}
+
+.test-go:
+  image: golang:1.17.9
+  extends:
+  - .go-targets
+  before_script:
+  - apt-get update
+  - apt-get -y install file
+  script:
+  - |
+    file hello-${GOOS}-${GOARCH}
diff --git a/heise-GitLab-CI.html b/heise-GitLab-CI.html
@@ -96,10 +96,8 @@
 | Virtual machines | ![Hetzner logo](images/hetzner.svg) <!-- .element: style="height: 1em;" --> |
 | DNS              | ![Hetzner logo](images/hetzner.svg) <!-- .element: style="height: 1em;" --> |
 | Certificates     | acme.sh and ![Let's Encrypt logo](images/letsencrypt.svg) <!-- .element: style="height: 1em;" --> |
-| Reverse proxy    | ![traefik labs logo](images/traefiklabs.svg) <!-- .element: style="height: 1em;" --> |
-| Web server       | ![nginx logo](images/nginx.svg) <!-- .element: style="height: 1em;" --> |
-| IDE              | [code-server](https://github.com/coder/code-server) by [coder](https://coder.com/) |
-| Repositories     | <i class="fab fa-github"></i> |
+| Slides           | ![](images/revealjs.svg) <!-- .element: style="height: 1em;" --> and <i class="fa-brands fa-font-awesome"></i> FontAwesome |
+| Repositories     | <i class="fab fa-github"></i> GitHub |
 | Tooling          | [docker-setup](https://github.com/nicholasdille/docker-setup) |
 | VM management    | [seatctl](https://github.com/nicholasdille/seatctl) |
 
@@ -164,6 +162,9 @@
 <li><span class="fa-li"><i class="fa-solid fa-ball-pile"></i></span> GitLab is packed with features</li>
 <li><span class="fa-li"><i class="fa-solid fa-gauge-min"></i></span> No plugins to support recurring tasks</li>
 <li><span class="fa-li"><i class="fa-solid fa-shield-check"></i></span> Useful security features even in free tier</li>
+<li><span class="fa-li"><i class="fa-solid fa-shield-check"></i></span> Useful security features even in free tier</li>
+
+Download the final [160_gitlab_ci/290_final/.gitlab-ci.yml](https://github.com/nicholasdille/container-slides/raw/20220519.1/160_gitlab_ci/290_final/.gitlab-ci.yml) and [160_gitlab_ci/290_final/go.yaml](https://github.com/nicholasdille/container-slides/raw/20220519.1/160_gitlab_ci/290_final/go.yaml)
 </ul>
 </textarea></section>
 

diff --git a/images/revealjs.svg b/images/revealjs.svg