Skip to content

Add direct group dependency proxy predefined variable

Steve Abrams requested to merge 337781-dp-direct-variable into master

What does this MR do?

Adds a new predefined environment variable for use with the dependency proxy.

$CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX is similar to the existing $CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX, but the new variable uses the path of the direct namespace or subgroup that the project belongs to, whereas the existing variable uses the root namespace.

This addresses #337781 (closed) where a variable for the direct group is desired.

Screenshots or Screencasts (strongly suggested)

Using the CI script shown in the example below, this is the job output:

Job output

Running with gitlab-runner 13.7.0 (943fc252)
  on Steves-MacBook-Pro.local hqWp257p
Resolving secrets
00:00
Preparing the "docker" executor
00:10
Using Docker executor with image gdk.test:3001/dp-test/dp-test-sub/dependency_proxy/containers/alpine:latest ...
WARNING: Pulling GitLab Runner helper image from Docker Hub. Helper image is migrating to registry.gitlab.com, for more information see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#migrating-helper-image-to-registrygitlabcom
Pulling docker image gitlab/gitlab-runner-helper:x86_64-943fc252 ...
Using docker image sha256:bab187236b3bbcefe6211970f695c37a74dbe2d9915a7cdbd554683e408539ca for gitlab/gitlab-runner-helper:x86_64-943fc252 with digest gitlab/gitlab-runner-helper@sha256:c276d4be3e859594276b70a195d2431dd8e18a164452139dd1599779de2ff4e5 ...
Authenticating with credentials from /Users/steveabrams/.docker/config.json
Pulling docker image gdk.test:3001/dp-test/dp-test-sub/dependency_proxy/containers/alpine:latest ...
Using docker image sha256:021b3423115ff662225e83d7e2606475217de7b55fde83ce3447a54019a77aa2 for gdk.test:3001/dp-test/dp-test-sub/dependency_proxy/containers/alpine:latest with digest gdk.test:3001/dp-test/dp-test-sub/dependency_proxy/containers/alpine@sha256:be9bdc0ef8e96dbc428dc189b31e2e3b05523d96d12ed627c37aa2936653258c ...
Preparing environment
00:01
Running on runner-hqwp257p-project-83-concurrent-0 via Steves-MacBook-Pro.local...
Getting source from Git repository
00:04
Fetching changes with git depth set to 50...
Initialized empty Git repository in /builds/dp-test/dp-test-sub/asdfasdf/.git/
Created fresh repository.
Checking out 69ba6d60 as main...
Skipping Git submodules setup
Executing "step_script" stage of the job script
00:01
$ echo "it works"
it works
Job succeeded

We see the subgroup is used when pulling from the dependency proxy: Pulling docker image gdk.test:3001/dp-test/dp-test-sub/dependency_proxy/containers/alpine:latest ...

How to setup and validate locally (strongly suggested)

  1. Set up the dependency proxy with GDK

  2. Create a project in a subgroup

  3. Create a .gitlab-ci.yml script like the following:

    image: $CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX/alpine:latest
    
    stages:
      - deploy
    
    deploy:
      stage: deploy
      script:
        - echo "it works"
  4. Run a pipeline and look at the job output, you should see the image is pulled using your subgroup's full path: gdk.test:3000/<your-group>/<your-sub-group>/dependency_proxy/containers/alpine:latest

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

Does this MR contain changes to processing or storing of credentials or tokens, authorization and authentication methods or other items described in the security review guidelines? If not, then delete this Security section.

  • [-] Label as security and @ mention @gitlab-com/gl-security/appsec
  • [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • [-] Security reports checked/validated by a reviewer from the AppSec team

Related to #337781 (closed)

Edited by Steve Abrams

Merge request reports

Loading