.pre-commit-config.yaml

@@ -23,7 +23,7 @@ repos:
         args: [--autofix, --no-sort-keys]
 
   - repo: https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks
-    rev: v2.39.1  # renovate:managed:self
+    rev: v2.40.1  # renovate:managed:self
     hooks:
       - id: shellcheck  # Run shellcheck for changed Shell files
       - id: shfmt  # Run shellcheck for changed Shell files

appsec-container-scan.md

@@ -15,7 +15,7 @@ include:
   # and include the container scanning results in the project that is triggering this scan.
   # see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/appsec-container-scan.md
   - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v2.40.1  # renovate:managed
+    ref: v2.40.2  # renovate:managed
     file: appsec-container-scan.yml
 
 container_image_scan:

asdf-tool-versions.md

@@ -31,6 +31,6 @@ include:
   # and that asdf and mise are generally working
   # see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/asdf-tool-versions.md
   - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v2.40.1  # renovate:managed
+    ref: v2.40.2  # renovate:managed
     file: asdf-tool-versions.yml
 ```

asdf-tool-versions.yml

@@ -6,7 +6,7 @@ spec:
 validate_mise_tool_versions:
   stage: $[[ inputs.stage ]]
   image:
-    name: registry.gitlab.com/gitlab-com/gl-infra/common-ci-tasks/mise:v2.40.1
+    name: registry.gitlab.com/gitlab-com/gl-infra/common-ci-tasks/mise:v2.40.2
     entrypoint: [""]
   needs: []
   variables:

checkov.md

@@ -25,6 +25,6 @@ include:
   # Runs checkov on all terraform module directories
   # see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/checkov.md
   - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v2.40.1  # renovate:managed
+    ref: v2.40.2  # renovate:managed
     file: checkov.yml
 ```

container-diff.md

@@ -7,7 +7,7 @@ This can help to determine how much a container image has changed in size due to
 ```yaml
 include:
   - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v2.40.1  # renovate:managed
+    ref: v2.40.2  # renovate:managed
     file: 'container-diff.yml'
     inputs:
       job_name: container-diff # The name of the job this template will create

danger.md

@@ -13,7 +13,7 @@ variables:
 include:
   # Run Danger during merge requests to alert on messages, warnings and errors.
   - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v2.40.1  # renovate:managed
+    ref: v2.40.2  # renovate:managed
     file: 'danger.yml'
     # inputs:
     #   stage: defaults to `validate`

docker.md

@@ -21,7 +21,7 @@ include:
   # Includes a base template for running an opinionated docker buildx build
   # see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/docker.md
   - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v2.40.1  # renovate:managed
+    ref: v2.40.2  # renovate:managed
     file: 'docker.yml'
 
 .container_builds:
@@ -72,7 +72,7 @@ logs:
 ```
 ------------------------------------------------------------
 Verify this container image using:
-cosign verify registry.gitlab.com/gitlab-com/gl-infra/common-ci-tasks/asdf:v2.40.1 \
+cosign verify registry.gitlab.com/gitlab-com/gl-infra/common-ci-tasks/asdf:v2.40.2 \
   --certificate-identity https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks//.gitlab-ci.yml@refs/tags/v1.2.3 \
   --certificate-oidc-issuer https://gitlab.com
 ------------------------------------------------------------

editorconfig-check.md

@@ -13,7 +13,7 @@ include:
   # validate .editorconfig
   # see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/editorconfig-check.md
   - project: "gitlab-com/gl-infra/common-ci-tasks"
-    ref: v2.40.1  # renovate:managed
+    ref: v2.40.2  # renovate:managed
     file: "editorconfig-check.yml"
 ```
 

gitlab-scanners.md

@@ -11,6 +11,6 @@ stages:
 include:
   # see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/gitlab-scanners.md
   - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v2.40.1  # renovate:managed
+    ref: v2.40.2  # renovate:managed
     file: 'gitlab-scanners.yml'
 ```

gitleaks.md

@@ -37,6 +37,6 @@ include:
   # Ensure that all shell-scripts are formatted according to a
   # standard canonical format
   - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v2.40.1  # renovate:managed
+    ref: v2.40.2  # renovate:managed
     file: gitleaks.yml
 ```

gitlint.md

@@ -14,6 +14,6 @@ include:
   # Runs gitlint on all terraform module directories
   # see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/gitlint.md
   - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v2.40.1  # renovate:managed
+    ref: v2.40.2  # renovate:managed
     file: gitlint.yml
 ```

go-mod-tidy.md

@@ -19,7 +19,7 @@ include:
   # Perform `go mod tidy` and ensure that go.mod and go.sum are tidy.
   # see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/go-mod-tidy.md
   - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v2.40.1  # renovate:managed
+    ref: v2.40.2  # renovate:managed
     file: go-mod-tidy.yml
 ```
 ## A note on compatibility

go-unittests.md

@@ -20,7 +20,7 @@ include:
   # Runs Go unit tests
   # see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/go-unittests.md
   - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v2.40.1  # renovate:managed
+    ref: v2.40.2  # renovate:managed
     file: go-unittests.yml
 ```
 

golangci-lint.md

@@ -13,6 +13,6 @@ include:
   # Runs golangci-lint on the project.
   # see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/golangci-lint.md
   - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v2.40.1  # renovate:managed
+    ref: v2.40.2  # renovate:managed
     file: 'golangci-lint.yml'
 ```

goreleaser.md

@@ -102,7 +102,7 @@ include:
   # build binary release artifacts with goreleaser
   # see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/goreleaser.md
   - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v2.40.1  # renovate:managed
+    ref: v2.40.2  # renovate:managed
     file: goreleaser.yml
 ```
 
@@ -142,7 +142,7 @@ include:
   # build binary release artifacts with goreleaser
   # see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/goreleaser.md
   - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v2.40.1  # renovate:managed
+    ref: v2.40.2  # renovate:managed
     file: goreleaser.yml
 ```
 

goreleaser.yml

@@ -71,16 +71,16 @@ goreleaser_validate:
 .goreleaser_base:
   extends:
     - .goreleaser_common
-  image: $[[ inputs.docker_hub_host ]]/docker:stable
+  image: $[[ inputs.docker_hub_host ]]/docker:27
   services:
-    - name: $[[ inputs.docker_hub_host ]]/docker:${DOCKER_VERSION}-dind
+    - name: $[[ inputs.docker_hub_host ]]/docker:27-dind
       alias: docker
   variables:
-    DOCKER_VERSION: "24.0.6" # Pinning due to https://github.com/docker-library/docker/issues/467
     DOCKER_REGISTRY: $CI_REGISTRY
     DOCKER_USERNAME: $CI_REGISTRY_USER
     DOCKER_PASSWORD: $CI_REGISTRY_PASSWORD
     GIT_DEPTH: 0
+    DOCKER_AUTH_SHARED_PATH: /builds/shared/$CI_PROJECT_PATH
 
   # See https://goreleaser.com/ci/gitlab/ for documentation
   script: |
@@ -88,18 +88,12 @@ goreleaser_validate:
     echo "Cache size at start:"
     du -h -d0 "${GOMODCACHE}"
 
-    mkdir -p /builds/shared
-    cat > /builds/shared/docker-creds.json <<-EOF
-    {
-      "registries": [
-        {
-          "user": "$CI_REGISTRY_USER",
-          "pass": "$CI_REGISTRY_PASSWORD",
-          "registry": "$CI_REGISTRY"
-        }
-      ]
-    }
-    EOF
+    echo "Note: Goreleaser variables configured via $GORELEASER_AUTH_SOURCE"
+
+    # Log into docker and copy the auth file to a shared location
+    echo "$CI_REGISTRY_PASSWORD" | docker login "$CI_REGISTRY" -u "$CI_REGISTRY_USER" --password-stdin
+    mkdir -p $DOCKER_AUTH_SHARED_PATH
+    cp /root/.docker/config.json $DOCKER_AUTH_SHARED_PATH/
 
     cat <<-EOD
     ----------------------------------------------------------
@@ -112,22 +106,27 @@ goreleaser_validate:
       -v $PWD:$PWD \
       -w $PWD \
       -v /var/run/docker.sock:/var/run/docker.sock \
-      -v /builds/shared/docker-creds.json:/docker-creds.json \
+      -v $DOCKER_AUTH_SHARED_PATH/config.json:/root/.docker/config.json \
       -e DOCKER_USERNAME -e DOCKER_PASSWORD -e DOCKER_REGISTRY  \
-      -e GITLAB_TOKEN -e CI_REGISTRY_IMAGE \
+      -e GITLAB_TOKEN \
+      -e CI_REGISTRY \
+      -e CI_REGISTRY_IMAGE \
+      -e CI_JOB_TOKEN \
       -e CI_SERVER_URL \
       -e CI_PROJECT_NAME \
       -e CI_PROJECT_NAMESPACE \
       -e FIPS_MODE \
       -e GOMODCACHE \
-      -e DOCKER_CREDS_FILE=/docker-creds.json \
+      -e DOCKER_CONFIG=/root/.docker/ \
+      -e DOCKER_CREDS_FILE=/root/.docker/config.json \
+      -e REGISTRY_AUTH_FILE=/root/.docker/config.json \
       -e GOLANG_VERSION=${GL_ASDF_GOLANG_VERSION} \
       -e GOTOOLCHAIN=go${GL_ASDF_GOLANG_VERSION} \
       -e COSIGN_YES \
       -e SIGSTORE_ID_TOKEN \
       ${GORELEASER_DOCKER_EXTRA_ARGS:-} \
       ${GL_COMMON_CI_TASKS_GORELEASER_IMAGE} \
-      $GL_COMMON_CI_TASKS_GORELEASER_ARGUMENTS \
+      ${GL_COMMON_CI_TASKS_GORELEASER_ARGUMENTS} \
       ${GORELEASER_EXTRA_ARGS:-}
 
     set +x

hclfmt.md

@@ -10,7 +10,7 @@ include:
   # Ensures that all terraform files are correctly formatted
   # see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/hclfmt.md
   - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v2.40.1  # renovate:managed
+    ref: v2.40.2  # renovate:managed
     file: hclfmt.yml
 ```
 

internal/goreleaser/variable.yml

 # DO NOT INCLUDE DIRECTLY!
 ---
 .goreleaser_auth_config:
-  # We can't specify an empty job, so
-  # repeat something that is invariant
-  needs: []
+  variables:
+    GORELEASER_AUTH_SOURCE: "CI/CD Variables"

internal/goreleaser/vault.yml

@@ -9,3 +9,5 @@
       file: false
       vault: "access_tokens/${VAULT_SECRETS_PATH}/goreleaser/token@ci"
       token: $VAULT_ID_TOKEN
+  variables:
+    GORELEASER_AUTH_SOURCE: "Vault"