From a7e900125eb0be2c3ce0c7bba34264cc94b371b1 Mon Sep 17 00:00:00 2001 From: Nicholas Dille Date: Thu, 19 May 2022 00:17:57 +0200 Subject: [PATCH] Finalized slides for 20220519 --- 160_gitlab_ci/000_rollout/slides.md | 27 +++- 160_gitlab_ci/010_jobs_and_stages/slides.md | 2 + 160_gitlab_ci/080_configuration/slides.md | 32 ++++- 160_gitlab_ci/100_environments/slides.md | 2 - 160_gitlab_ci/110_triggers/.gitlab-ci.yml | 3 +- .../110_triggers/multi-project/.gitlab-ci.yml | 58 +++++++++ .../110_triggers/parent-child/.gitlab-ci.yml | 41 ++++++ .../110_triggers/parent-child/child.yml | 3 + 160_gitlab_ci/110_triggers/slides.md | 31 ++++- .../120_templates/file/.gitlab-ci.yml | 26 +++- .../120_templates/inline/.gitlab-ci.yml | 24 +++- .../120_templates/{ => local}/go.yaml | 2 +- 160_gitlab_ci/120_templates/slides.md | 13 +- 160_gitlab_ci/130_rules/.gitlab-ci.yml | 36 ++++-- 160_gitlab_ci/130_rules/slides.md | 12 +- .../140_merge_requests/.gitlab-ci.yml | 88 +++++++++++++ 160_gitlab_ci/140_merge_requests/slides.md | 58 ++++++++- 160_gitlab_ci/150_matrix_jobs/.gitlab-ci.yml | 67 +++++++--- 160_gitlab_ci/150_matrix_jobs/slides.md | 28 ++++- 160_gitlab_ci/200_job_token/slides.md | 19 ++- 160_gitlab_ci/230_docker/.gitlab-ci.yml | 86 +++++++++---- 160_gitlab_ci/230_docker/Dockerfile | 2 +- 160_gitlab_ci/240_registries/.gitlab-ci.yml | 85 +++++++++---- 160_gitlab_ci/240_registries/slides.md | 30 ++++- 160_gitlab_ci/250_releases/.gitlab-ci.yml | 110 ++++++++++++++++ 160_gitlab_ci/250_releases/slides.md | 24 +++- 160_gitlab_ci/260_runners/shared.md | 2 +- 160_gitlab_ci/260_runners/specific.md | 2 - 160_gitlab_ci/270_renovate/.gitlab-ci.yml | 117 ++++++++++++------ 160_gitlab_ci/270_renovate/slides.md | 10 +- 160_gitlab_ci/280_security/slides.md | 5 +- heise-GitLab-CI.html | 22 +++- images/hetzner.svg | 19 +++ images/letsencrypt.svg | 38 ++++++ images/nginx.svg | 1 + images/traefiklabs.svg | 9 ++ 36 files changed, 951 insertions(+), 183 deletions(-) create mode 100644 160_gitlab_ci/110_triggers/multi-project/.gitlab-ci.yml create mode 100644 160_gitlab_ci/110_triggers/parent-child/.gitlab-ci.yml create mode 100644 160_gitlab_ci/110_triggers/parent-child/child.yml rename 160_gitlab_ci/120_templates/{ => local}/go.yaml (52%) create mode 100644 160_gitlab_ci/140_merge_requests/.gitlab-ci.yml create mode 100644 160_gitlab_ci/250_releases/.gitlab-ci.yml create mode 100755 images/hetzner.svg create mode 100755 images/letsencrypt.svg create mode 100755 images/nginx.svg create mode 100755 images/traefiklabs.svg diff --git a/160_gitlab_ci/000_rollout/slides.md b/160_gitlab_ci/000_rollout/slides.md index c5b7c51e..2d125e57 100644 --- a/160_gitlab_ci/000_rollout/slides.md +++ b/160_gitlab_ci/000_rollout/slides.md @@ -20,7 +20,26 @@ Portainer to manage Docker traefik routes requests to containers +--- + +## Rollout 2/ + +Use SSH to login to you VM + +```bash +ssh seat@seatN.inmylab.de +``` + +Clone repository with slides and demos + ```bash +git clone https://github.com/nicholasdille/container-slides +``` + +Deploy stack + +```bash +cd container-slides/160_gitlab_ci/000_rollout docker compose \ --project-name gitlab \ up -d @@ -30,7 +49,7 @@ Go to https://seatN.inmylab.de where seatN matches your subdomain --- -## Rollout 2/ +## Rollout 3/ Wait for GitLab to be available (status is `running (healthy)`): @@ -53,7 +72,7 @@ Login to GitLab --- -## Rollout step 3/3 +## Rollout step 4/4 Connect GitLab runner @@ -91,9 +110,9 @@ Containers are based on `alpine` by default --- -## Visual Studio Code +## IDE -XXX +Use the web-based Visual Studio Code 1. Go to https://vscode.seatN.inmylab.de 1. Authenticate using the user seat and your personal password diff --git a/160_gitlab_ci/010_jobs_and_stages/slides.md b/160_gitlab_ci/010_jobs_and_stages/slides.md index 825e5d46..cd99a7eb 100644 --- a/160_gitlab_ci/010_jobs_and_stages/slides.md +++ b/160_gitlab_ci/010_jobs_and_stages/slides.md @@ -16,6 +16,8 @@ Jobs in the same stage are executed in parallel ![](160_gitlab_ci/010_jobs_and_stages/jobs_and_stages.drawio.svg) +Described in `.gitlab-ci.yml` in YAML [](https://yaml.org/) + Special stages `.pre` and `.post` --- diff --git a/160_gitlab_ci/080_configuration/slides.md b/160_gitlab_ci/080_configuration/slides.md index 07195aa4..b0bc3e39 100644 --- a/160_gitlab_ci/080_configuration/slides.md +++ b/160_gitlab_ci/080_configuration/slides.md @@ -6,6 +6,34 @@ --- -## CI configuration +## CI configuration 1/ + +Some useful settings + +### General pipelines + +Git strategy is not relevant for executors like Docker and Kubernetes + +Get badges for pipelines status, coverage report and the latest release + +### Auto DevOps + +Audo DevOps [](https://docs.gitlab.com/ee/topics/autodevops/) provides preconfigured jobs for building, testing and scanning software projects + +### Runners + +Connect specific runners + +Disable shared runners + +--- + +## CI configuration 2/2 + +More useful settings + +### Deploy freezes + +Prevent unintentional deployments using Deploy Freeze [](https://docs.gitlab.com/ee/user/project/releases/index.html#prevent-unintentional-releases-by-setting-a-deploy-freeze) -XXX /-/settings/ci_cd +Use `$CI_DEPLOY_FREEZE` to check for deploy freeze diff --git a/160_gitlab_ci/100_environments/slides.md b/160_gitlab_ci/100_environments/slides.md index 4f4e70d6..3d01ab2d 100644 --- a/160_gitlab_ci/100_environments/slides.md +++ b/160_gitlab_ci/100_environments/slides.md @@ -12,8 +12,6 @@ Environments are deployment targets [](https://docs.gitlab.com/ee/ci/environment CI variables can be scoped to environments -XXX - ![](160_gitlab_ci/100_environments/webdav.drawio.svg) (Hint: Environments can also be assigned using branch names) diff --git a/160_gitlab_ci/110_triggers/.gitlab-ci.yml b/160_gitlab_ci/110_triggers/.gitlab-ci.yml index 9d976eeb..642e8f16 100644 --- a/160_gitlab_ci/110_triggers/.gitlab-ci.yml +++ b/160_gitlab_ci/110_triggers/.gitlab-ci.yml @@ -36,8 +36,9 @@ test: - ./hello trigger: + stage: trigger script: | - curl https://gitlab.seatN.inmylab.de/api/v4/projects//trigger/pipeline \ + curl https://gitlab.seat${SEAT_INDEX}.inmylab.de/api/v4/projects//trigger/pipeline \ --request POST \ --fail \ -F token= \ diff --git a/160_gitlab_ci/110_triggers/multi-project/.gitlab-ci.yml b/160_gitlab_ci/110_triggers/multi-project/.gitlab-ci.yml new file mode 100644 index 00000000..54a8159c --- /dev/null +++ b/160_gitlab_ci/110_triggers/multi-project/.gitlab-ci.yml @@ -0,0 +1,58 @@ +stages: +- check +- build +- test +- deploy +- trigger + +default: + image: golang:1.17.9 + +lint: + stage: check + script: + - go fmt . + +audit: + stage: check + script: + - go vet . + +build: + stage: build + script: + - | + go build \ + -ldflags "-X main.Version=${CI_COMMIT_REF_NAME} -X 'main.Author=${AUTHOR}'" \ + -o hello \ + . + artifacts: + paths: + - hello + +test: + stage: test + image: alpine + script: + - ./hello + +deploy: + stage: deploy + environment: + name: ${CI_COMMIT_REF_NAME} + before_script: + - apt-get update + - apt-get -y install curl ca-certificates + script: + - | + curl https://${CI_COMMIT_REF_NAME}.seat${SEAT_INDEX}.inmylab.de/ \ + --fail \ + --verbose \ + --upload-file hello \ + --user admin:${PASS} + +trigger: + stage: trigger + trigger: + project: / + branch: \ No newline at end of file diff --git a/160_gitlab_ci/110_triggers/parent-child/.gitlab-ci.yml b/160_gitlab_ci/110_triggers/parent-child/.gitlab-ci.yml new file mode 100644 index 00000000..314174a7 --- /dev/null +++ b/160_gitlab_ci/110_triggers/parent-child/.gitlab-ci.yml @@ -0,0 +1,41 @@ +stages: +- check +- build +- test +- trigger + +default: + image: golang:1.17.9 + +lint: + stage: check + script: + - go fmt . + +audit: + stage: check + script: + - go vet . + +build: + stage: build + script: + - | + go build \ + -ldflags "-X main.Version=${CI_COMMIT_REF_NAME} -X main.Author=${AUTHOR}" \ + -o hello \ + . + artifacts: + paths: + - hello + +test: + stage: test + image: alpine + script: + - ./hello + +trigger: + stage: trigger + trigger: + include: child.yml diff --git a/160_gitlab_ci/110_triggers/parent-child/child.yml b/160_gitlab_ci/110_triggers/parent-child/child.yml new file mode 100644 index 00000000..15a8b080 --- /dev/null +++ b/160_gitlab_ci/110_triggers/parent-child/child.yml @@ -0,0 +1,3 @@ +test: + script: + - printenv | sort \ No newline at end of file diff --git a/160_gitlab_ci/110_triggers/slides.md b/160_gitlab_ci/110_triggers/slides.md index bf72cddf..60481bfe 100644 --- a/160_gitlab_ci/110_triggers/slides.md +++ b/160_gitlab_ci/110_triggers/slides.md @@ -38,21 +38,42 @@ Run additional stages and jobs from a file [](https://docs.gitlab.com/ee/ci/pipe 1. Go back to previous project 1. Add new stage and job called `trigger` 1. Add curl snippet in `script` block -1. Store `TOKEN` as CI variable [](#/gitlab_ci_variable) +1. Store `TOKEN` as unprotected but masked CI variable [](#/gitlab_ci_variable) 1. Fill in `REF_NAME` with branch name (probably `main`) (See new `.gitlab-ci.yml`) -(Pass variables using `--form "variables[NAME]=VALUE"`) - --- ## Hands-On: Multi-project pipelines -XXX +1. Replace `script` with `trigger` keyword +1. Specify project and branch: + + ```yaml + job_name: + trigger: + project: foo/bar + branch: baz + ``` + +1. Check pipeline --- ## Hands-On: Parent-child pipelines -XXX +1. Add `parent/child/child.yml` to first project +1. Replace project and branch in `trigger` with `include` [](#/gitlab_templates) + + ```yaml + job_name: + trigger: + include: child.yml + ``` + +Child pipeline can be made from multiple files + +`include` supports `local` for files in the same repository + +`project`/`ref`/`file` for files in other repositories diff --git a/160_gitlab_ci/120_templates/file/.gitlab-ci.yml b/160_gitlab_ci/120_templates/file/.gitlab-ci.yml index ccafcfb8..6b9050b7 100644 --- a/160_gitlab_ci/120_templates/file/.gitlab-ci.yml +++ b/160_gitlab_ci/120_templates/file/.gitlab-ci.yml @@ -1,10 +1,14 @@ include: -- local: go.yaml +- project: foo/template-go + ref: main + file: go.yaml stages: - check - build - test +- deploy +- trigger default: image: golang:1.17.9 @@ -31,3 +35,23 @@ test: image: alpine script: - ./hello + +deploy: + stage: deploy + environment: + name: ${CI_COMMIT_REF_NAME} + before_script: + - apt-get update + - apt-get -y install curl ca-certificates + script: + - | + curl https://${CI_COMMIT_REF_NAME}.seat${SEAT_INDEX}.inmylab.de/ \ + --fail \ + --verbose \ + --upload-file hello \ + --user admin:${PASS} + +trigger: + stage: trigger + trigger: + include: child.yml \ No newline at end of file diff --git a/160_gitlab_ci/120_templates/inline/.gitlab-ci.yml b/160_gitlab_ci/120_templates/inline/.gitlab-ci.yml index e3ceafce..3edd93cd 100644 --- a/160_gitlab_ci/120_templates/inline/.gitlab-ci.yml +++ b/160_gitlab_ci/120_templates/inline/.gitlab-ci.yml @@ -2,6 +2,8 @@ stages: - check - build - test +- deploy +- trigger default: image: golang:1.17.9 @@ -20,7 +22,7 @@ audit: script: - | go build \ - -ldflags "-X main.Version=${CI_COMMIT_REF_NAME} -X main.Author=${AUTHOR}" \ + -ldflags "-X main.Version=${CI_COMMIT_REF_NAME} -X 'main.Author=${AUTHOR}'" \ -o hello \ . @@ -36,3 +38,23 @@ test: image: alpine script: - ./hello + +deploy: + stage: deploy + environment: + name: ${CI_COMMIT_REF_NAME} + before_script: + - apt-get update + - apt-get -y install curl ca-certificates + script: + - | + curl https://${CI_COMMIT_REF_NAME}.seat${SEAT_INDEX}.inmylab.de/ \ + --fail \ + --verbose \ + --upload-file hello \ + --user admin:${PASS} + +trigger: + stage: trigger + trigger: + include: child.yml \ No newline at end of file diff --git a/160_gitlab_ci/120_templates/go.yaml b/160_gitlab_ci/120_templates/local/go.yaml similarity index 52% rename from 160_gitlab_ci/120_templates/go.yaml rename to 160_gitlab_ci/120_templates/local/go.yaml index 8a3a3acd..f0e8d50e 100644 --- a/160_gitlab_ci/120_templates/go.yaml +++ b/160_gitlab_ci/120_templates/local/go.yaml @@ -3,6 +3,6 @@ script: - | go build \ - -ldflags "-X main.Version=${CI_COMMIT_REF_NAME} -X main.Author=${AUTHOR}" \ + -ldflags "-X main.Version=${CI_COMMIT_REF_NAME} -X 'main.Author=${AUTHOR}'" \ -o hello \ . diff --git a/160_gitlab_ci/120_templates/slides.md b/160_gitlab_ci/120_templates/slides.md index 72e2c107..ed11512e 100644 --- a/160_gitlab_ci/120_templates/slides.md +++ b/160_gitlab_ci/120_templates/slides.md @@ -8,13 +8,16 @@ ## Make jobs reusable -XXX include [](https://docs.gitlab.com/ee/ci/yaml/#include) +Job templates begin with a dot to prevent execution -XXX local +Templates can be imported using `include` [](https://docs.gitlab.com/ee/ci/yaml/#include) from... -XXX file +- The same `.gitlab-ci.yml` +- Files in the same repository +- Files in othe repositories of the same instance +- Remote locations -XXX remote +See also the development guide for templates [](https://docs.gitlab.com/ee/development/cicd/templates.html) --- @@ -27,7 +30,7 @@ XXX remote script: - | go build \ - -ldflags "-X main.Version=${CI_COMMIT_REF_NAME} -X main.Author=${AUTHOR}" \ + -ldflags "-X main.Version=${CI_COMMIT_REF_NAME} -X 'main.Author=${AUTHOR}'" \ -o hello \ . ``` diff --git a/160_gitlab_ci/130_rules/.gitlab-ci.yml b/160_gitlab_ci/130_rules/.gitlab-ci.yml index e8f71ed5..796753c0 100644 --- a/160_gitlab_ci/130_rules/.gitlab-ci.yml +++ b/160_gitlab_ci/130_rules/.gitlab-ci.yml @@ -3,6 +3,7 @@ stages: - build - test - deploy +- trigger default: image: golang:1.17.9 @@ -17,17 +18,14 @@ audit: script: - go vet . -.build-go: +build: + stage: build script: - | go build \ - -ldflags "-X main.Version=${CI_COMMIT_REF_NAME} -X main.Author=${AUTHOR}" \ + -ldflags "-X main.Version=${CI_COMMIT_REF_NAME} -X 'main.Author=${AUTHOR}'" \ -o hello \ . - -build: - stage: build - extends: .build-go artifacts: paths: - hello @@ -38,13 +36,37 @@ test: script: - ./hello +deploy: + stage: deploy + environment: + name: ${CI_COMMIT_REF_NAME} + before_script: + - apt-get update + - apt-get -y install curl ca-certificates + script: + - | + curl https://${CI_COMMIT_REF_NAME}.seat${SEAT_INDEX}.inmylab.de/ \ + --fail \ + --verbose \ + --upload-file hello \ + --user admin:${PASS} + pages: stage: deploy rules: - - if: $CI_PIPELINE_SOURCE == $CI_DEFAULT_BRANCH + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH' image: alpine script: - cp hello public artifacts: paths: - public + +trigger: + stage: trigger + script: | + curl https://gitlab.seat${SEAT_INDEX}.inmylab.de/api/v4/projects/3/trigger/pipeline \ + --request POST \ + --fail \ + -F token=${TRIGGER_BAZ} \ + -F ref=dev \ No newline at end of file diff --git a/160_gitlab_ci/130_rules/slides.md b/160_gitlab_ci/130_rules/slides.md index ba17ac58..a7613259 100644 --- a/160_gitlab_ci/130_rules/slides.md +++ b/160_gitlab_ci/130_rules/slides.md @@ -20,10 +20,10 @@ job_name: # ... ``` -XXX [](https://docs.gitlab.com/ee/ci/jobs/job_control.html) - Conditions are also used in workflow rules [](https://docs.gitlab.com/ee/ci/yaml/#workflow) +Official documentation of job control [](https://docs.gitlab.com/ee/ci/jobs/job_control.html) + Formerly `only`/`except` [](https://docs.gitlab.com/ee/ci/yaml/#only--except) but "not actively developed" --- @@ -32,15 +32,17 @@ Formerly `only`/`except` [](https://docs.gitlab.com/ee/ci/yaml/#only--except) bu Run the `deploy` job only for the `main` branch -1. Create folder `public` +1. Create folder `public` in repository 1. Add files from `public/` to new folder `public` 1. Update `.gitlab-ci.yml` 1. Check pipeline -1. Go to **Settings** > **Pages** > XXX -1. Open GitLab Pages [](https://docs.gitlab.com/ee/user/project/pages/index.html) +1. Go to **Settings** > **Pages** +1. Open URL for pages 1. Create branch 1. Check pipeline +Also see GitLab Pages [](https://docs.gitlab.com/ee/user/project/pages/index.html) + --- ## Hands-On: Workflow rules diff --git a/160_gitlab_ci/140_merge_requests/.gitlab-ci.yml b/160_gitlab_ci/140_merge_requests/.gitlab-ci.yml new file mode 100644 index 00000000..ce37afd0 --- /dev/null +++ b/160_gitlab_ci/140_merge_requests/.gitlab-ci.yml @@ -0,0 +1,88 @@ +stages: +- check +- build +- test +- deploy +- trigger + +default: + image: golang:1.17.9 + +lint: + stage: check + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' + script: + - go fmt . + +audit: + stage: check + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' + script: + - go vet . + +build: + stage: build + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' + script: + - | + go build \ + -ldflags "-X main.Version=${CI_COMMIT_REF_NAME} -X 'main.Author=${AUTHOR}'" \ + -o hello \ + . + artifacts: + paths: + - hello + +test: + stage: test + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' + image: alpine + script: + - ./hello + +deploy: + stage: deploy + rules: + - if: '$CI_COMMIT_REF_NAME == "dev" || $CI_COMMIT_REF_NAME == "live"' + environment: + name: ${CI_COMMIT_REF_NAME} + before_script: + - apt-get update + - apt-get -y install curl ca-certificates + script: + - | + curl https://${CI_COMMIT_REF_NAME}.seat${SEAT_INDEX}.inmylab.de/ \ + --fail \ + --verbose \ + --upload-file hello \ + --user admin:${PASS} + +pages: + stage: deploy + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH' + image: alpine + script: + - cp hello public + artifacts: + paths: + - public + +trigger: + stage: trigger + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + script: | + curl https://gitlab.seat${SEAT_INDEX}.inmylab.de/api/v4/projects/3/trigger/pipeline \ + --request POST \ + --fail \ + -F token=${TRIGGER_BAZ} \ + -F ref=dev diff --git a/160_gitlab_ci/140_merge_requests/slides.md b/160_gitlab_ci/140_merge_requests/slides.md index acd34dbc..664e6025 100644 --- a/160_gitlab_ci/140_merge_requests/slides.md +++ b/160_gitlab_ci/140_merge_requests/slides.md @@ -8,4 +8,60 @@ ## Merge requests -XXX +Merge requests enable collaboration + +Pipelines can automatically test merge requests [](https://docs.gitlab.com/ee/ci/pipelines/merge_request_pipelines.html) + +Use rules [](#/gitlab_rules) to decide which jobs to run when + +Jobs require a rule to run for merge requests + +Commits to a branch with merge request cause multiple events: + +1. Push event to branch +1. Merge request event + +Filter carefully! + +--- + +## Hands-On 1/ + +1. Enable `lint`, `audit`, `build` and `test` for merge requests and pushes + + ```yaml + job_name: + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' + # ... + ``` + +1. Prevent `deploy` in merge requests + + ```yaml + job_name: + rules: + - if: '$CI_COMMIT_REF_NAME == "dev" || $CI_COMMIT_REF_NAME == "live"' + # ... + ``` + +--- + +## Hands-On 2/2 + +3. Prevent `trigger` in merge requests + + ```yaml + job_name: + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + # ... + ``` + +1. Check pipeline +1. Create new branch +1. Make dummy change in new branch +1. Create merge requests + +(See new `.gitlab-ci.yml`) diff --git a/160_gitlab_ci/150_matrix_jobs/.gitlab-ci.yml b/160_gitlab_ci/150_matrix_jobs/.gitlab-ci.yml index 0fda7d98..797ac8fe 100644 --- a/160_gitlab_ci/150_matrix_jobs/.gitlab-ci.yml +++ b/160_gitlab_ci/150_matrix_jobs/.gitlab-ci.yml @@ -1,39 +1,39 @@ +include: +- project: foo/template-go + ref: main + file: go.yaml + stages: - check - build - test - deploy +- trigger default: image: golang:1.17.9 lint: stage: check + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' script: - go fmt . audit: stage: check + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' script: - go vet . -.build-go: - parallel: - matrix: - - GOOS: linux - GOARCH: amd64 - - GOOS: linux - GOARCH: arm64 - script: - - | - go build \ - -ldflags "-X main.Version=${CI_COMMIT_REF_NAME} -X main.Author=${AUTHOR}" \ - -o hello-${GOOS}-${GOARCH} \ - . - mv hello-$(go env GOOS)-$(go env GOARCH) hello - build: stage: build + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' extends: .build-go artifacts: paths: @@ -41,17 +41,48 @@ build: test: stage: test + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' image: alpine script: - - ./hello + - ./hello-linux-amd64 deploy: stage: deploy rules: - - if: $CI_PIPELINE_SOURCE == $CI_DEFAULT_BRANCH + - if: '$CI_COMMIT_REF_NAME == "dev" || $CI_COMMIT_REF_NAME == "live"' + environment: + name: ${CI_COMMIT_REF_NAME} + before_script: + - apt-get update + - apt-get -y install curl ca-certificates + script: + - | + curl https://${CI_COMMIT_REF_NAME}.seat${SEAT_INDEX}.inmylab.de/ \ + --fail \ + --verbose \ + --upload-file hello \ + --user admin:${PASS} + +pages: + stage: deploy + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH' image: alpine script: - - cp hello public + - cp hello-linux-amd64 public/hello artifacts: paths: - public + +trigger: + stage: trigger + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + script: | + curl https://gitlab.seat${SEAT_INDEX}.inmylab.de/api/v4/projects/3/trigger/pipeline \ + --request POST \ + --fail \ + -F token=${TRIGGER_BAZ} \ + -F ref=dev diff --git a/160_gitlab_ci/150_matrix_jobs/slides.md b/160_gitlab_ci/150_matrix_jobs/slides.md index 704eaefd..dd8d4dd2 100644 --- a/160_gitlab_ci/150_matrix_jobs/slides.md +++ b/160_gitlab_ci/150_matrix_jobs/slides.md @@ -8,11 +8,15 @@ ## Matrix jobs -XXX +Matrix jobs execute the same script with different inputs + +Matrix jobs are defined using `parallel` [](https://docs.gitlab.com/ee/ci/yaml/#parallel) + +The `matrix` keyword under `parallel` defines variables sets --- -## Hands-On +## Hands-On 1/ Cross-compile Go for multiple architectures @@ -20,19 +24,31 @@ Cross-compile Go for multiple architectures ```yaml .build-go: + # ... parallel: matrix: - GOOS: linux GOARCH: amd64 + - GOOS: linux + GOARCH: arm64 + script: + - go build -o hello-${GOOS}-${GOARCH} . \ + -ldflags "-X main.Version=${CI_COMMIT_REF_NAME} -X 'main.Author=${AUTHOR}'" ``` -1. Update the build command: +--- + +## Hands-On 2/2 + +2. Update the test job: ```yaml - .build-go: + test: + #... script: - - go build -o hello-${GOOS}-${GOARCH} . \ - -ldflags "-X main.Version=${CI_COMMIT_REF_NAME} -X main.Author=${AUTHOR}" + - ./hello-linux-amd64 ``` +1. Check pipeline + (See new `.gitlab-ci.yml`) diff --git a/160_gitlab_ci/200_job_token/slides.md b/160_gitlab_ci/200_job_token/slides.md index d8114307..c6c28696 100644 --- a/160_gitlab_ci/200_job_token/slides.md +++ b/160_gitlab_ci/200_job_token/slides.md @@ -8,18 +8,15 @@ ## Job token -XXX [](https://docs.gitlab.com/ee/ci/jobs/ci_job_token.html) +Every job has a dedicated job token [](https://docs.gitlab.com/ee/ci/jobs/ci_job_token.html) -XXX package registry [](https://docs.gitlab.com/ee/user/packages/package_registry/index.html#use-gitlab-cicd-to-build-packages) +Job tokens can be used to authenticate -XXX container registry (see later) +- Access the package registry [](https://docs.gitlab.com/ee/user/packages/package_registry/index.html#use-gitlab-cicd-to-build-packages) +- Access the container registry (see later [](#/gitlab_registries)) +- Download job artifacts [](https://docs.gitlab.com/ee/api/job_artifacts.html#get-job-artifacts) +- Get details of corresponding job [](https://docs.gitlab.com/ee/api/jobs.html#get-job-tokens-job) -XXX get job artifacts [](https://docs.gitlab.com/ee/api/job_artifacts.html#get-job-artifacts) +Job token inherits permissions of triggering user -XXX get corresponding job [](https://docs.gitlab.com/ee/api/jobs.html#get-job-tokens-job) - -XXX limit access [](https://docs.gitlab.com/ee/ci/jobs/ci_job_token.html#configure-the-job-token-scope-limit) - -### Hands-On - -XXX +Limit access to specific projects [](https://docs.gitlab.com/ee/ci/jobs/ci_job_token.html#configure-the-job-token-scope-limit) diff --git a/160_gitlab_ci/230_docker/.gitlab-ci.yml b/160_gitlab_ci/230_docker/.gitlab-ci.yml index a773be30..aa5eb24b 100644 --- a/160_gitlab_ci/230_docker/.gitlab-ci.yml +++ b/160_gitlab_ci/230_docker/.gitlab-ci.yml @@ -1,40 +1,40 @@ +include: +- project: foo/template-go + ref: main + file: go.yaml + stages: - check - build - test -- package - deploy +- package +- trigger default: image: golang:1.17.9 lint: stage: check + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' script: - go fmt . audit: stage: check + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' script: - go vet . -.build-go: - parallel: - matrix: - - GOOS: linux - GOARCH: amd64 - - GOOS: linux - GOARCH: arm64 - script: - - | - go build \ - -ldflags "-X main.Version=${CI_COMMIT_REF_NAME} -X main.Author=${AUTHOR}" \ - -o hello-${GOOS}-${GOARCH} \ - . - mv hello-$(go env GOOS)-$(go env GOARCH) hello - build: stage: build + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' extends: .build-go artifacts: paths: @@ -42,27 +42,59 @@ build: test: stage: test + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' image: alpine script: - - ./hello + - ./hello-linux-amd64 -package: - image: docker:20.10.16 - stage: package - services: - - name: docker:20.10.16-dind - command: [ "dockerd", "--host", "tcp://0.0.0.0:2375" ] +deploy: + stage: deploy + rules: + - if: '$CI_COMMIT_REF_NAME == "dev" || $CI_COMMIT_REF_NAME == "live"' + environment: + name: ${CI_COMMIT_REF_NAME} + before_script: + - apt-get update + - apt-get -y install curl ca-certificates script: - - docker build --tag hello . + - | + curl https://${CI_COMMIT_REF_NAME}.seat${SEAT_INDEX}.inmylab.de/ \ + --fail \ + --verbose \ + --upload-file hello \ + --user admin:${PASS} -deploy: +pages: stage: deploy rules: - - if: $CI_PIPELINE_SOURCE == $CI_DEFAULT_BRANCH + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH' image: alpine script: - - cp hello public + - cp hello-linux-amd64 public/hello artifacts: paths: - public +package: + image: docker:20.10.16 + stage: package + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH' + services: + - name: docker:20.10.16-dind + command: [ "dockerd", "--host", "tcp://0.0.0.0:2375" ] + script: + - docker build --tag hello . + +trigger: + stage: trigger + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + script: | + curl https://gitlab.seat${SEAT_INDEX}.inmylab.de/api/v4/projects/3/trigger/pipeline \ + --request POST \ + --fail \ + -F token=${TRIGGER_BAZ} \ + -F ref=dev diff --git a/160_gitlab_ci/230_docker/Dockerfile b/160_gitlab_ci/230_docker/Dockerfile index b4c5f4ec..e2393f67 100644 --- a/160_gitlab_ci/230_docker/Dockerfile +++ b/160_gitlab_ci/230_docker/Dockerfile @@ -1,3 +1,3 @@ FROM ubuntu:22.04 -COPY hello / +COPY hello-linux-amd64 /hello CMD [ "/hello" ] diff --git a/160_gitlab_ci/240_registries/.gitlab-ci.yml b/160_gitlab_ci/240_registries/.gitlab-ci.yml index 95b2ae97..ff31df6b 100644 --- a/160_gitlab_ci/240_registries/.gitlab-ci.yml +++ b/160_gitlab_ci/240_registries/.gitlab-ci.yml @@ -1,40 +1,40 @@ +include: +- project: foo/template-go + ref: main + file: go.yaml + stages: - check - build - test -- package - deploy +- package +- trigger default: image: golang:1.17.9 lint: stage: check + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' script: - go fmt . audit: stage: check + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' script: - go vet . -.build-go: - parallel: - matrix: - - GOOS: linux - GOARCH: amd64 - - GOOS: linux - GOARCH: arm64 - script: - - | - go build \ - -ldflags "-X main.Version=${CI_COMMIT_REF_NAME} -X main.Author=${AUTHOR}" \ - -o hello-${GOOS}-${GOARCH} \ - . - mv hello-$(go env GOOS)-$(go env GOARCH) hello - build: stage: build + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' extends: .build-go artifacts: paths: @@ -42,13 +42,46 @@ build: test: stage: test + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' image: alpine script: - - ./hello + - ./hello-linux-amd64 + +deploy: + stage: deploy + rules: + - if: '$CI_COMMIT_REF_NAME == "dev" || $CI_COMMIT_REF_NAME == "live"' + environment: + name: ${CI_COMMIT_REF_NAME} + before_script: + - apt-get update + - apt-get -y install curl ca-certificates + script: + - | + curl https://${CI_COMMIT_REF_NAME}.seat${SEAT_INDEX}.inmylab.de/ \ + --fail \ + --verbose \ + --upload-file hello \ + --user admin:${PASS} + +pages: + stage: deploy + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH' + image: alpine + script: + - cp hello-linux-amd64 public/hello + artifacts: + paths: + - public package: image: docker:20.10.16 stage: package + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH' services: - name: docker:20.10.16-dind command: [ "dockerd", "--host", "tcp://0.0.0.0:2375" ] @@ -58,13 +91,13 @@ package: - docker build --tag "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" . - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" -deploy: - stage: deploy +trigger: + stage: trigger rules: - - if: $CI_PIPELINE_SOURCE == $CI_DEFAULT_BRANCH - image: alpine - script: - - cp hello public - artifacts: - paths: - - public + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + script: | + curl https://gitlab.seat${SEAT_INDEX}.inmylab.de/api/v4/projects/3/trigger/pipeline \ + --request POST \ + --fail \ + -F token=${TRIGGER_BAZ} \ + -F ref=dev diff --git a/160_gitlab_ci/240_registries/slides.md b/160_gitlab_ci/240_registries/slides.md index 214ea9a3..d9b801cb 100644 --- a/160_gitlab_ci/240_registries/slides.md +++ b/160_gitlab_ci/240_registries/slides.md @@ -25,12 +25,40 @@ CI jobs receive environment variables: --- -## Hands-On +## Hands-On 1/ Upload the previously built container image 1. Add `before_script` to login to registry using `docker login` + + ```yaml + job_name: + before_script: + - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}" + ``` + 1. Update build command to assign a proper tag + + ```yaml + job_name: + script: + - docker build --tag "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" . + ``` + +--- + +## Hands-On 2/2 + 1. Add push command to upload container image + ```yaml + job_name: + script: + # ... + - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" + ``` + +1. Go to **Packages & Registries > Container Registry** +1. Check root image + (See new `.gitlab-ci.yml`) diff --git a/160_gitlab_ci/250_releases/.gitlab-ci.yml b/160_gitlab_ci/250_releases/.gitlab-ci.yml new file mode 100644 index 00000000..d79521d7 --- /dev/null +++ b/160_gitlab_ci/250_releases/.gitlab-ci.yml @@ -0,0 +1,110 @@ +include: +- project: foo/template-go + ref: main + file: go.yaml + +stages: +- check +- build +- test +- deploy +- package +- trigger + +default: + image: golang:1.17.9 + +lint: + stage: check + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' + script: + - go fmt . + +audit: + stage: check + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' + script: + - go vet . + +build: + stage: build + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' + extends: .build-go + artifacts: + paths: + - hello* + +test: + stage: test + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' + image: alpine + script: + - ./hello-linux-amd64 + +deploy: + stage: deploy + rules: + - if: '$CI_COMMIT_REF_NAME == "dev" || $CI_COMMIT_REF_NAME == "live"' + environment: + name: ${CI_COMMIT_REF_NAME} + before_script: + - apt-get update + - apt-get -y install curl ca-certificates + script: + - | + curl https://${CI_COMMIT_REF_NAME}.seat${SEAT_INDEX}.inmylab.de/ \ + --fail \ + --verbose \ + --upload-file hello \ + --user admin:${PASS} + +pages: + stage: deploy + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH' + image: registry.gitlab.com/gitlab-org/release-cli:v0.11.0 + release: + tag_name: ${CI_PIPELINE_IID} + name: Release ${CI_PIPELINE_IID} + description: | + Some multi + line text + ref: ${CI_COMMIT_SHA} + script: + - cp hello-linux-amd64 public/hello + artifacts: + paths: + - public + +package: + image: docker:20.10.16 + stage: package + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH' + services: + - name: docker:20.10.16-dind + command: [ "dockerd", "--host", "tcp://0.0.0.0:2375" ] + before_script: + - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}" + script: + - docker build --tag "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" . + - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" + +trigger: + stage: trigger + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + script: | + curl https://gitlab.seat${SEAT_INDEX}.inmylab.de/api/v4/projects/3/trigger/pipeline \ + --request POST \ + --fail \ + -F token=${TRIGGER_BAZ} \ + -F ref=dev diff --git a/160_gitlab_ci/250_releases/slides.md b/160_gitlab_ci/250_releases/slides.md index fc59a372..89ea485f 100644 --- a/160_gitlab_ci/250_releases/slides.md +++ b/160_gitlab_ci/250_releases/slides.md @@ -8,18 +8,28 @@ ## Releases -XXX [](https://docs.gitlab.com/ee/ci/yaml/#release) +Pipeline jobs can create releases [](https://docs.gitlab.com/ee/user/project/releases/index.html) -XXX [](https://docs.gitlab.com/ee/user/project/releases/index.html) +...by adding the `release` keyword [](https://docs.gitlab.com/ee/ci/yaml/#release) -XXX shell executor requires [release-cli](https://docs.gitlab.com/ee/user/project/releases/release_cli.html) +Release assets can be linked but must be stored elsewhere -### Hands-On +`release` uses `release-cli` [](https://docs.gitlab.com/ee/user/project/releases/release_cli.html) internally -1. Extends `deploy` in `.gitlab-ci.yml`: +Container images are publicly available [](https://gitlab.com/gitlab-org/release-cli/container_registry) + +`registry.gitlab.com/gitlab-org/release-cli:v0.11.0` + +Runners using the shell executor must have `release-cli` installed + +--- + +## Hands-On + +1. Extends `pages` in `.gitlab-ci.yml`: ```yaml - deploy: + pages: #... release: tag_name: ${CI_PIPELINE_IID} @@ -29,3 +39,5 @@ XXX shell executor requires [release-cli](https://docs.gitlab.com/ee/user/projec line text ref: ${CI_COMMIT_SHA} ``` + +1. Go to **Deployments > Releases** diff --git a/160_gitlab_ci/260_runners/shared.md b/160_gitlab_ci/260_runners/shared.md index e1d8032b..9288c343 100644 --- a/160_gitlab_ci/260_runners/shared.md +++ b/160_gitlab_ci/260_runners/shared.md @@ -8,4 +8,4 @@ Managed from admin area Privileges reserved for instance administrators -XXX +Can run untagged jobs diff --git a/160_gitlab_ci/260_runners/specific.md b/160_gitlab_ci/260_runners/specific.md index 82e43671..d69dd282 100644 --- a/160_gitlab_ci/260_runners/specific.md +++ b/160_gitlab_ci/260_runners/specific.md @@ -7,5 +7,3 @@ Runners can also be connected to groups or projects Accessible to members with **Owner** role Shared runners can be disabled on group- and project-level - -XXX diff --git a/160_gitlab_ci/270_renovate/.gitlab-ci.yml b/160_gitlab_ci/270_renovate/.gitlab-ci.yml index 59d45890..cd59b256 100644 --- a/160_gitlab_ci/270_renovate/.gitlab-ci.yml +++ b/160_gitlab_ci/270_renovate/.gitlab-ci.yml @@ -1,52 +1,53 @@ +include: +- project: foo/template-go + ref: main + file: go.yaml + stages: - check - build - test -- package - deploy +- package +- trigger default: image: golang:1.17.9 -lint: - stage: check - script: - - go fmt . - -audit: - stage: check - script: - - go vet . - renovate: stage: check rules: - if: '$CI_PIPELINE_SOURCE == "schedule" && $RENOVATE' image: renovate/renovate:32.52.2 + variables: + LOG_LEVEL: debug script: | renovate --platform gitlab \ - --endpoint https://gitlab.seatN.inmylab.de \ - --token $TOKEN \ - --autodiscover true \ - --autodiscover-filter "/" + --endpoint https://gitlab.seat${SEAT_INDEX}.inmylab.de/api/v4 \ + --token ${RENOVATE_TOKEN} \ + --autodiscover true -.build-go: - parallel: - matrix: - - GOOS: linux - GOARCH: amd64 - - GOOS: linux - GOARCH: arm64 +lint: + stage: check + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' script: - - | - go build \ - -ldflags "-X main.Version=${CI_COMMIT_REF_NAME} -X main.Author=${AUTHOR}" \ - -o hello-${GOOS}-${GOARCH} \ - . - mv hello-$(go env GOOS)-$(go env GOARCH) hello + - go fmt . + +audit: + stage: check + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' + script: + - go vet . build: stage: build + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' extends: .build-go artifacts: paths: @@ -54,13 +55,53 @@ build: test: stage: test + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' image: alpine script: - - ./hello + - ./hello-linux-amd64 + +deploy: + stage: deploy + rules: + - if: '$CI_COMMIT_REF_NAME == "dev" || $CI_COMMIT_REF_NAME == "live"' + environment: + name: ${CI_COMMIT_REF_NAME} + before_script: + - apt-get update + - apt-get -y install curl ca-certificates + script: + - | + curl https://${CI_COMMIT_REF_NAME}.seat${SEAT_INDEX}.inmylab.de/ \ + --fail \ + --verbose \ + --upload-file hello \ + --user admin:${PASS} + +pages: + stage: deploy + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH' + image: registry.gitlab.com/gitlab-org/release-cli:v0.11.0 + release: + tag_name: ${CI_PIPELINE_IID} + name: Release ${CI_PIPELINE_IID} + description: | + Some multi + line text + ref: ${CI_COMMIT_SHA} + script: + - cp hello-linux-amd64 public/hello + artifacts: + paths: + - public package: image: docker:20.10.16 stage: package + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH' services: - name: docker:20.10.16-dind command: [ "dockerd", "--host", "tcp://0.0.0.0:2375" ] @@ -70,13 +111,13 @@ package: - docker build --tag "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" . - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" -deploy: - stage: deploy +trigger: + stage: trigger rules: - - if: $CI_PIPELINE_SOURCE == $CI_DEFAULT_BRANCH - image: alpine - script: - - cp hello public - artifacts: - paths: - - public + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "main"' + script: | + curl https://gitlab.seat${SEAT_INDEX}.inmylab.de/api/v4/projects/3/trigger/pipeline \ + --request POST \ + --fail \ + -F token=${TRIGGER_BAZ} \ + -F ref=dev diff --git a/160_gitlab_ci/270_renovate/slides.md b/160_gitlab_ci/270_renovate/slides.md index 9a4f3e80..cbd1a3d0 100644 --- a/160_gitlab_ci/270_renovate/slides.md +++ b/160_gitlab_ci/270_renovate/slides.md @@ -14,19 +14,17 @@ Not integrated into GitLab ### Options -XXX pipeline-integrated +Pipeline-integrated optionally with official template [](https://gitlab.com/renovate-bot/renovate-runner) -XXX cron job +Cron job running separate from GitLab instance -XXX [](https://www.whitesourcesoftware.com/free-developer-tools/renovate/on-premises/) +Self-hosted Renovate (formerly paid product) [](https://www.whitesourcesoftware.com/free-developer-tools/renovate/on-premises/) --- ## Hands-On: Pipeline-integrated -XXX job token should be sufficient - -1. Create personal access token +1. Create personal access token and add unprotected CI variables called `RENOVATE_TOKEN` 1. Add `renovate.json` to root of project 1. Add new job called `renovate` 1. Create schedule with non-empty variable `RENOVATE` diff --git a/160_gitlab_ci/280_security/slides.md b/160_gitlab_ci/280_security/slides.md index 7f7e7db9..3445525f 100644 --- a/160_gitlab_ci/280_security/slides.md +++ b/160_gitlab_ci/280_security/slides.md @@ -15,6 +15,7 @@ Many are only in Ultimate: - Container scanning [](https://docs.gitlab.com/ee/user/application_security/container_scanning/index.html) based on trivy [](https://github.com/aquasecurity/trivy) and grype [](https://github.com/anchore/grype) - Dependency scanning [](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/) based on gemnasium [](https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium) - Dynamic Application Security Testing (DAST) [](https://docs.gitlab.com/ee/user/application_security/dast/index.html) based on the OWASP Zed Attack Proxy [](https://www.zaproxy.org/) +- Security dashboards [](https://docs.gitlab.com/ee/user/application_security/security_dashboard/) Available in all tiers: @@ -35,12 +36,13 @@ GitLab automatically adds a job in the stage called `test` ``` 1. Check pipeline +1. Check report --- ## Hands-On: SAST -XXX GitLab automatically adds a job in the stage called `test` +GitLab automatically adds jobs in the stage called `test` 1. Enable SAST: @@ -50,3 +52,4 @@ XXX GitLab automatically adds a job in the stage called `test` ``` 1. Check pipeline +1. Check reports diff --git a/heise-GitLab-CI.html b/heise-GitLab-CI.html index 8e2101e5..f6a674ee 100644 --- a/heise-GitLab-CI.html +++ b/heise-GitLab-CI.html @@ -89,6 +89,22 @@ --- +## Powered By + +| What | Where / Who | +|:-----------------|:------------:| +| Virtual machines | ![Hetzner logo](images/hetzner.svg) | +| DNS | ![Hetzner logo](images/hetzner.svg) | +| Certificates | acme.sh and ![Let's Encrypt logo](images/letsencrypt.svg) | +| Reverse proxy | ![traefik labs logo](images/traefiklabs.svg) | +| Web server | ![nginx logo](images/nginx.svg) | +| IDE | [code-server](https://github.com/coder/code-server) by [coder](https://coder.com/) | +| Repositories | | +| Tooling | [docker-setup](https://github.com/nicholasdille/docker-setup) | +| VM management | [seatctl](https://github.com/nicholasdille/seatctl) | + +--- + ## Quick links ### Fundamentals @@ -145,11 +161,9 @@
  • GitLab covers the whole DevOps process
    • -
  • Easily deployed using containers
  • GitLab is packed with features
    • -
  • Configuration is two-fold
    • -
  • Restarts are slow
    • -
  • Security issues are patched quickly
    • +
  • No plugins to support recurring tasks
    • +
  • Useful security features even in free tier
diff --git a/images/hetzner.svg b/images/hetzner.svg new file mode 100755 index 00000000..bc0e53ce --- /dev/null +++ b/images/hetzner.svg @@ -0,0 +1,19 @@ + + + + + + Element 1 + + + + + + + + + + + \ No newline at end of file diff --git a/images/letsencrypt.svg b/images/letsencrypt.svg new file mode 100755 index 00000000..0b424631 --- /dev/null +++ b/images/letsencrypt.svg @@ -0,0 +1,38 @@ + + + + + Layer 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/images/nginx.svg b/images/nginx.svg new file mode 100755 index 00000000..6b97441d --- /dev/null +++ b/images/nginx.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/images/traefiklabs.svg b/images/traefiklabs.svg new file mode 100755 index 00000000..cf3249b8 --- /dev/null +++ b/images/traefiklabs.svg @@ -0,0 +1,9 @@ + + + TraefikLabs-horizontal-logo-white + + + + \ No newline at end of file