summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2019-09-17 03:06:07 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2019-09-17 03:06:07 +0000
commit3d67f14ecb37274f1c269c0d50b61615788c7f16 (patch)
treee6d1817f892b70bee5319236666dfe376c9d515a
parent48c77599ca5d833ce01ca310af4887200875174f (diff)
downloadgitlab-ce-3d67f14ecb37274f1c269c0d50b61615788c7f16.tar.gz
Add latest changes from gitlab-org/gitlab@master
-rw-r--r--changelogs/unreleased/docs-document-auto-devops-docker-build-secret-forwarding.yml5
-rw-r--r--doc/topics/autodevops/index.md56
-rw-r--r--doc/user/clusters/applications.md5
-rw-r--r--doc/user/project/pipelines/job_artifacts.md6
-rw-r--r--qa/qa.rb1
-rw-r--r--qa/qa/page/project/wiki/git_access.rb13
-rw-r--r--qa/qa/resource/repository/wiki_push.rb9
-rw-r--r--qa/qa/resource/wiki.rb9
-rw-r--r--qa/qa/specs/features/browser_ui/2_plan/issue/mentions_spec.rb25
9 files changed, 97 insertions, 32 deletions
diff --git a/changelogs/unreleased/docs-document-auto-devops-docker-build-secret-forwarding.yml b/changelogs/unreleased/docs-document-auto-devops-docker-build-secret-forwarding.yml
new file mode 100644
index 00000000000..6b7146d7acb
--- /dev/null
+++ b/changelogs/unreleased/docs-document-auto-devops-docker-build-secret-forwarding.yml
@@ -0,0 +1,5 @@
+---
+title: Document forwarding CI variables to docker build in Auto DevOps
+merge_request: 16783
+author:
+type: added
diff --git a/doc/topics/autodevops/index.md b/doc/topics/autodevops/index.md
index 0cbd85fc568..3ced926a530 100644
--- a/doc/topics/autodevops/index.md
+++ b/doc/topics/autodevops/index.md
@@ -734,6 +734,40 @@ Avoid passing secrets as Docker build arguments if possible, as they may be
persisted in your image. See
[this discussion](https://github.com/moby/moby/issues/13490) for details.
+### Passing secrets to `docker build` (beta)
+
+CI environment variables can be passed as [build
+secrets](https://docs.docker.com/develop/develop-images/build_enhancements/#new-docker-build-secret-information) to the `docker build` command by listing them comma separated by name in the
+`AUTO_DEVOPS_BUILD_IMAGE_FORWARDED_CI_VARIABLES` variable. For example, in order to forward the variables `CI_COMMIT_SHA` and `CI_ENVIRONMENT_NAME`, one would set `AUTO_DEVOPS_BUILD_IMAGE_FORWARDED_CI_VARIABLES` to `CI_COMMIT_SHA,CI_ENVIRONMENT_NAME`.
+
+Unlike build arguments, these are not persisted by Docker in the final image
+(though you can still persist them yourself, so be careful).
+
+In projects:
+
+- Without a `Dockerfile`, these are available automatically as environment
+ variables.
+- With a `Dockerfile`, the following is required:
+
+ 1. Activate the experimental `Dockerfile` syntax by adding the following
+ to the top of the file:
+
+ ```Dockerfile
+ # syntax = docker/dockerfile:experimental
+ ```
+
+ 1. To make secrets available in any `RUN $COMMAND` in the `Dockerfile`, mount
+ the secret file and source it prior to running `$COMMAND`:
+
+ ```Dockerfile
+ RUN --mount=type=secret,id=auto-devops-build-secrets . /run/secrets/auto-devops-build-secrets && $COMMAND
+ ```
+
+NOTE: **Note:**
+When `AUTO_DEVOPS_BUILD_IMAGE_FORWARDED_CI_VARIABLES` is set, Auto DevOps
+enables the experimental [Docker BuildKit](https://docs.docker.com/develop/develop-images/build_enhancements/)
+feature to use the `--secret` flag.
+
### Custom Helm Chart
Auto DevOps uses [Helm](https://helm.sh/) to deploy your application to Kubernetes.
@@ -827,6 +861,7 @@ applications.
| `ADDITIONAL_HOSTS` | Fully qualified domain names specified as a comma-separated list that are added to the ingress hosts. |
| `<ENVIRONMENT>_ADDITIONAL_HOSTS` | For a specific environment, the fully qualified domain names specified as a comma-separated list that are added to the ingress hosts. This takes precedence over `ADDITIONAL_HOSTS`. |
| `AUTO_DEVOPS_BUILD_IMAGE_EXTRA_ARGS` | Extra arguments to be passed to the `docker build` command. Note that using quotes will not prevent word splitting. [More details](#passing-arguments-to-docker-build). |
+| `AUTO_DEVOPS_BUILD_IMAGE_FORWARDED_CI_VARIABLES` | A [comma-separated list of CI variable names](#passing-secrets-to-docker-build-beta) to be passed to the `docker build` command as secrets. |
| `AUTO_DEVOPS_CHART` | Helm Chart used to deploy your apps. Defaults to the one [provided by GitLab](https://gitlab.com/gitlab-org/charts/auto-deploy-app). |
| `AUTO_DEVOPS_CHART_REPOSITORY` | Helm Chart repository used to search for charts. Defaults to `https://charts.gitlab.io`. |
| `AUTO_DEVOPS_CHART_REPOSITORY_NAME` | From Gitlab 11.11, used to set the name of the helm repository. Defaults to `gitlab`. |
@@ -1168,6 +1203,27 @@ There is no documented way of using private container registry with Auto DevOps.
We strongly advise using GitLab Container Registry with Auto DevOps in order to
simplify configuration and prevent any unforeseen issues.
+### Installing Helm behind a proxy
+
+GitLab does not yet support installing [Helm as a GitLab-managed App](../../user/clusters/applications.md#helm) when
+behind a proxy. Users who wish to do so must inject their proxy settings
+into the installation pods at runtime, for example by using a
+[`PodPreset`](https://kubernetes.io/docs/concepts/workloads/pods/podpreset/):
+
+```yml
+apiVersion: settings.k8s.io/v1alpha1
+kind: PodPreset
+metadata:
+ name: gitlab-managed-apps-default-proxy
+ namespace: gitlab-managed-apps
+spec:
+ env:
+ - name: http_proxy
+ value: "PUT_YOUR_HTTP_PROXY_HERE"
+ - name: https_proxy
+ value: "PUT_YOUR_HTTPS_PROXY_HERE"
+```
+
## Troubleshooting
- Auto Build and Auto Test may fail in detecting your language/framework. There
diff --git a/doc/user/clusters/applications.md b/doc/user/clusters/applications.md
index e43b1ca6826..17d430cf1f2 100644
--- a/doc/user/clusters/applications.md
+++ b/doc/user/clusters/applications.md
@@ -67,6 +67,11 @@ required to install all the other applications. It is installed in its
own pod inside the cluster which can run the `helm` CLI in a safe
environment.
+NOTE: **Note:**
+Installing Helm as a GitLab-managed App behind a proxy is not supported,
+but a [workaround](../../topics/autodevops/index.md#installing-helm-behind-a-proxy)
+is available.
+
### Cert-Manager
> Introduced in GitLab 11.6 for project- and group-level clusters.
diff --git a/doc/user/project/pipelines/job_artifacts.md b/doc/user/project/pipelines/job_artifacts.md
index ef90899c512..3c15d41e1ba 100644
--- a/doc/user/project/pipelines/job_artifacts.md
+++ b/doc/user/project/pipelines/job_artifacts.md
@@ -9,11 +9,11 @@ type: reference, howto
> - In GitLab 8.17, builds were renamed to jobs.
> - The artifacts browser will be available only for new artifacts that are sent to GitLab using GitLab Runner version 1.0 and up. It will not be possible to browse old artifacts already uploaded to GitLab.
-Artifacts are a list of files and directories which created by a job
+Job artifacts are a list of files and directories created by a job
once it finishes. This feature is [enabled by default](../../../administration/job_artifacts.md) in all
GitLab installations.
-Job artifacts that are created by GitLab Runner are uploaded to GitLab and are downloadable as a single archive using the GitLab UI.
+Job artifacts created by GitLab Runner are uploaded to GitLab and are downloadable as a single archive using the GitLab UI or the [GitLab API](../../../api/jobs.md#get-job-artifacts).
<i class="fa fa-youtube-play youtube" aria-hidden="true"></i>
For an overview, watch the video [GitLab CI Pipeline, Artifacts, and Environments](https://www.youtube.com/watch?v=PCKDICEe10s).
@@ -78,7 +78,7 @@ one HTML file that you can view directly online when
## Downloading artifacts
If you need to download the whole archive, there are buttons in various places
-inside GitLab that make that possible.
+in the GitLab UI to do this:
1. While on the pipelines page, you can see the download icon for each job's
artifacts archive in the right corner:
diff --git a/qa/qa.rb b/qa/qa.rb
index fed2dbeade3..6e87129641a 100644
--- a/qa/qa.rb
+++ b/qa/qa.rb
@@ -275,6 +275,7 @@ module QA
autoload :Edit, 'qa/page/project/wiki/edit'
autoload :New, 'qa/page/project/wiki/new'
autoload :Show, 'qa/page/project/wiki/show'
+ autoload :GitAccess, 'qa/page/project/wiki/git_access'
end
module WebIDE
diff --git a/qa/qa/page/project/wiki/git_access.rb b/qa/qa/page/project/wiki/git_access.rb
new file mode 100644
index 00000000000..28cb21be4e3
--- /dev/null
+++ b/qa/qa/page/project/wiki/git_access.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module QA
+ module Page
+ module Project
+ module Wiki
+ class GitAccess < Page::Base
+ include Page::Component::LegacyClonePanel
+ end
+ end
+ end
+ end
+end
diff --git a/qa/qa/resource/repository/wiki_push.rb b/qa/qa/resource/repository/wiki_push.rb
index 06cca85cbb2..8edaff70ac6 100644
--- a/qa/qa/resource/repository/wiki_push.rb
+++ b/qa/qa/resource/repository/wiki_push.rb
@@ -21,14 +21,7 @@ module QA
end
def repository_http_uri
- @repository_http_uri ||= begin
- wiki.visit!
- Page::Project::Wiki::Show.act do
- click_clone_repository
- choose_repository_clone_http
- repository_location.uri
- end
- end
+ @repository_http_uri ||= wiki.repository_http_location.uri
end
def repository_ssh_uri
diff --git a/qa/qa/resource/wiki.rb b/qa/qa/resource/wiki.rb
index 0a776f22e25..6e3648dba0b 100644
--- a/qa/qa/resource/wiki.rb
+++ b/qa/qa/resource/wiki.rb
@@ -12,6 +12,15 @@ module QA
end
end
+ attribute :repository_http_location do
+ Page::Project::Wiki::Show.perform(&:click_clone_repository)
+
+ Page::Project::Wiki::GitAccess.perform do |git_access|
+ git_access.choose_repository_clone_http
+ git_access.repository_location
+ end
+ end
+
def fabricate!
project.visit!
diff --git a/qa/qa/specs/features/browser_ui/2_plan/issue/mentions_spec.rb b/qa/qa/specs/features/browser_ui/2_plan/issue/mentions_spec.rb
index 925c601f869..e3fd835bb01 100644
--- a/qa/qa/specs/features/browser_ui/2_plan/issue/mentions_spec.rb
+++ b/qa/qa/specs/features/browser_ui/2_plan/issue/mentions_spec.rb
@@ -3,29 +3,12 @@
module QA
context 'Plan', :smoke do
describe 'mention' do
- let(:user) do
- Resource::User.fabricate_via_api! do |user|
- user.name = "bob"
- user.password = "1234test"
- end
- end
-
before do
- QA::Runtime::Env.personal_access_token = QA::Runtime::Env.admin_personal_access_token
-
- unless QA::Runtime::Env.personal_access_token
- Runtime::Browser.visit(:gitlab, Page::Main::Login)
- Page::Main::Login.perform(&:sign_in_using_admin_credentials)
- end
-
- QA::Runtime::Env.personal_access_token = nil
-
- Page::Main::Menu.perform(&:sign_out) if Page::Main::Menu.perform { |p| p.has_personal_area?(wait: 0) }
-
Runtime::Browser.visit(:gitlab, Page::Main::Login)
-
Page::Main::Login.perform(&:sign_in_using_credentials)
+ @user = Resource::User.fabricate_or_use(Runtime::Env.gitlab_qa_username_1, Runtime::Env.gitlab_qa_password_1)
+
project = Resource::Project.fabricate_via_api! do |resource|
resource.name = 'project-to-test-mention'
end
@@ -33,7 +16,7 @@ module QA
Page::Project::Show.perform(&:go_to_members_settings)
Page::Project::Settings::Members.perform do |members|
- members.add_member(user.username)
+ members.add_member(@user.username)
end
issue = Resource::Issue.fabricate_via_api! do |issue|
@@ -45,7 +28,7 @@ module QA
it 'user mentions another user in an issue' do
Page::Project::Issue::Show.perform do |show|
- at_username = "@#{user.username}"
+ at_username = "@#{@user.username}"
show.select_all_activities_filter
show.comment(at_username)