Add direct group dependency proxy predefined variable
What does this MR do?
Adds a new predefined environment variable for use with the dependency proxy.
$CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX
is similar to the existing $CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX
, but the new variable uses the path of the direct namespace or subgroup that the project belongs to, whereas the existing variable uses the root namespace.
This addresses #337781 (closed) where a variable for the direct group is desired.
Screenshots or Screencasts (strongly suggested)
Using the CI script shown in the example below, this is the job output:
Job output
Running with gitlab-runner 13.7.0 (943fc252)
on Steves-MacBook-Pro.local hqWp257p
Resolving secrets
00:00
Preparing the "docker" executor
00:10
Using Docker executor with image gdk.test:3001/dp-test/dp-test-sub/dependency_proxy/containers/alpine:latest ...
WARNING: Pulling GitLab Runner helper image from Docker Hub. Helper image is migrating to registry.gitlab.com, for more information see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#migrating-helper-image-to-registrygitlabcom
Pulling docker image gitlab/gitlab-runner-helper:x86_64-943fc252 ...
Using docker image sha256:bab187236b3bbcefe6211970f695c37a74dbe2d9915a7cdbd554683e408539ca for gitlab/gitlab-runner-helper:x86_64-943fc252 with digest gitlab/gitlab-runner-helper@sha256:c276d4be3e859594276b70a195d2431dd8e18a164452139dd1599779de2ff4e5 ...
Authenticating with credentials from /Users/steveabrams/.docker/config.json
Pulling docker image gdk.test:3001/dp-test/dp-test-sub/dependency_proxy/containers/alpine:latest ...
Using docker image sha256:021b3423115ff662225e83d7e2606475217de7b55fde83ce3447a54019a77aa2 for gdk.test:3001/dp-test/dp-test-sub/dependency_proxy/containers/alpine:latest with digest gdk.test:3001/dp-test/dp-test-sub/dependency_proxy/containers/alpine@sha256:be9bdc0ef8e96dbc428dc189b31e2e3b05523d96d12ed627c37aa2936653258c ...
Preparing environment
00:01
Running on runner-hqwp257p-project-83-concurrent-0 via Steves-MacBook-Pro.local...
Getting source from Git repository
00:04
Fetching changes with git depth set to 50...
Initialized empty Git repository in /builds/dp-test/dp-test-sub/asdfasdf/.git/
Created fresh repository.
Checking out 69ba6d60 as main...
Skipping Git submodules setup
Executing "step_script" stage of the job script
00:01
$ echo "it works"
it works
Job succeeded
We see the subgroup is used when pulling from the dependency proxy: Pulling docker image gdk.test:3001/dp-test/dp-test-sub/dependency_proxy/containers/alpine:latest ...
How to setup and validate locally (strongly suggested)
-
Set up the dependency proxy with GDK
-
Create a project in a subgroup
-
Create a
.gitlab-ci.yml
script like the following:image: $CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX/alpine:latest stages: - deploy deploy: stage: deploy script: - echo "it works"
-
Run a pipeline and look at the job output, you should see the image is pulled using your subgroup's full path:
gdk.test:3000/<your-group>/<your-sub-group>/dependency_proxy/containers/alpine:latest
Does this MR meet the acceptance criteria?
Conformity
-
I have included changelog trailers, or none are needed. (Does this MR need a changelog?) -
I have added/updated documentation, or it's not needed. (Is documentation required?) - [-] I have properly separated EE content from FOSS, or this MR is FOSS only. (Where should EE code go?)
- [-] I have added information for database reviewers in the MR description, or it's not needed. (Does this MR have database related changes?)
-
I have self-reviewed this MR per code review guidelines. -
This MR does not harm performance, or I have asked a reviewer to help assess the performance impact. (Merge request performance guidelines) -
I have followed the style guides. -
This change is backwards compatible across updates, or this does not apply.
Availability and Testing
-
I have added/updated tests following the Testing Guide, or it's not needed. (Consider all test levels. See the Test Planning Process.) - [-] I have tested this MR in all supported browsers, or it's not needed.
- [-] I have informed the Infrastructure department of a default or new setting change per definition of done, or it's not needed.
Security
Does this MR contain changes to processing or storing of credentials or tokens, authorization and authentication methods or other items described in the security review guidelines? If not, then delete this Security section.
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec
- [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team
Related to #337781 (closed)