Merge branch 'create-wrapper-automate-builds' into 'master'

Create Manual Tooling for GKE Marketplace Release Closes gitlab#1041 See merge request charts/deploy-image-helm-base!48

Merge branch 'create-wrapper-automate-builds' into 'master'
c9f6908b · Joshua Lambert · e6056545 · a91331bf · c9f6908b · c9f6908b
Commit c9f6908b authored 5 years ago by Joshua Lambert
--- a/.gitignore
+++ b/.gitignore
+.DS_Store
 build-scripts/rbac-exporter/bin/*
 build-scripts/rbac-exporter/.ruby-version
 build-scripts/rbac-exporter/.bundle/
 build-scripts/rbac-exporter/.rspec
+container/schema.yaml
+container/schema.yaml-e
+.scratch/*
+container/chart/gitlab-mp/charts/*
+container/chart/gitlab-mp/requirements.lock
+container/chart/gitlab-mp/requirements.yaml-e
+container/chart/gitlab-mp/requirements.yaml
+conf/user_env
+conf/mapping.yaml
+conf/mapping.yaml-e
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
 stages:
  - build
-  - test
 variables:
-  BUILDER_IMAGE_REVISION: "0.0.19"
+  BUILDER_IMAGE_REVISION: "0.0.35"
  GCR_REGISTRY: "gcr.io/top-chain-204115/gitlab"
  GCR_REGISTRY_PUBLIC: "launcher.gcr.io/gitlab/gitlab"
-  HELM_VERSION: "2.8.2"
+  HELM_VERSION: "2.12.0"
  HELM_URL: "https://kubernetes-helm.storage.googleapis.com/helm-v${HELM_VERSION}-linux-amd64.tar.gz"
 before_script:
  - echo "https://gitlab-ci-token:$CI_JOB_TOKEN@gitlab.com" > ~/.git-credentials
  - git config --global credential.helper 'store'
-  - git submodule sync --recursive
+  # Install Helm for usage
-  - git submodule update --init --recursive
-  - mkdir -p $HOME/.docker
-  - . build-scripts/build.sh
  - curl -s ${HELM_URL} | tar zxf -
  - mv linux-amd64/helm /usr/bin/
  - chmod +x /usr/bin/helm
@@ -23,15 +19,18 @@ before_script:
  # Login to Gitlab, Google image registries
  - docker login -u _json_key -p "$GCR_AUTH_CONFIG" https://gcr.io
  - docker login -u gitlab-ci-token -p "$CI_JOB_TOKEN" "$CI_REGISTRY"
+  # yq is required by the image listing helper script
  - apt-get update && apt-get install -y jq python-pip python-dev build-essential
  - pip install yq
+  # Set GL_RELEASE_VERSION - no tag means use latest upstream Cloud Native Gitlab chart
+  - . ci-scripts/set-release-version.sh
+  - . ci-scripts/set-container-tag.sh
 build:
  image: "registry.gitlab.com/gitlab-org/gitlab-omnibus-builder/ruby_docker:${BUILDER_IMAGE_REVISION}"
  stage: build
  script:
-    - docker build -t "$CI_REGISTRY_IMAGE/deployer:$CI_COMMIT_REF_NAME" -t deployer -t $GCR_REGISTRY/deployer:$CI_COMMIT_REF_NAME -f deployer/Dockerfile  --build-arg TAG=$CI_COMMIT_REF_NAME --build-arg REGISTRY=$GCR_REGISTRY .
+    - build-scripts/build-marketplace-release.sh
  tags:
  - docker
  variables:
@@ -39,28 +38,28 @@ build:
    DOCKER_HOST: tcp://docker:2375
  services:
  - docker:dind
-  except:
+    #  except:
-  - tags
+    #  - tags
-publish:
+    # publish:
-  image: "registry.gitlab.com/gitlab-org/gitlab-omnibus-builder/ruby_docker:${BUILDER_IMAGE_REVISION}"
+    #   image: "registry.gitlab.com/gitlab-org/gitlab-omnibus-builder/ruby_docker:${BUILDER_IMAGE_REVISION}"
-  stage: build
+    #   stage: build
-  script:
+    #   script:
-    - MAJOR_VERSION_NUMBER="$(major_version_number "${CI_COMMIT_REF_NAME}")"
+    #     - MAJOR_VERSION_NUMBER="$(ci-scripts/get-major-version.sh "${CI_COMMIT_REF_NAME}")"
-    - docker build -t "$CI_REGISTRY_IMAGE/deployer:latest" -t "$CI_REGISTRY_IMAGE/deployer:$MAJOR_VERSION_NUMBER" -t deployer -t $GCR_REGISTRY/deployer:$MAJOR_VERSION_NUMBER -f deployer/Dockerfile  --build-arg TAG=$MAJOR_VERSION_NUMBER  --build-arg REGISTRY=$GCR_REGISTRY .
+    #     - docker build -t "$CI_REGISTRY_IMAGE/deployer:latest" -t "$CI_REGISTRY_IMAGE/deployer:$MAJOR_VERSION_NUMBER" -t deployer -t $GCR_REGISTRY/deployer:$MAJOR_VERSION_NUMBER -f deployer/Dockerfile  --build-arg TAG=$MAJOR_VERSION_NUMBER  --build-arg REGISTRY=$GCR_REGISTRY .
-    # Push to Gitlab registry
+    #     # Push to Gitlab registry
-    - docker push "$CI_REGISTRY_IMAGE/deployer:$MAJOR_VERSION_NUMBER"
+    #     - docker push "$CI_REGISTRY_IMAGE/deployer:$MAJOR_VERSION_NUMBER"
-    - docker push "$CI_REGISTRY_IMAGE/deployer:latest"
+    #     - docker push "$CI_REGISTRY_IMAGE/deployer:latest"
-    # Push to Google registry
+    #     # Push to Google registry
-    - docker push "$GCR_REGISTRY/deployer:$MAJOR_VERSION_NUMBER"
+    #     - docker push "$GCR_REGISTRY/deployer:$MAJOR_VERSION_NUMBER"
-    # Push all images referenced in the Helm images
+    #     # Push all images referenced in the Helm images
-    - TAG="$MAJOR_VERSION_NUMBER" build-scripts/mirror-helm-images.sh
+    #     - TAG="$MAJOR_VERSION_NUMBER" build-scripts/mirror-helm-images.sh
-  tags:
+    #   tags:
-  - docker
+    #   - docker
-  variables:
+    #   variables:
-    DOCKER_DRIVER: overlay2
+    #     DOCKER_DRIVER: overlay2
-    DOCKER_HOST: tcp://docker:2375
+    #     DOCKER_HOST: tcp://docker:2375
-  services:
+    #   services:
-  - docker:dind
+    #   - docker:dind
-  only:
+    #   only:
-  - tags
+    #   - tags
--- a/.gitlab_gke_marketplace_build_env
+++ b/.gitlab_gke_marketplace_build_env
+#!/usr/bin/env bash
+# vim: set filetype=bash:
+# Defines shared functions and environment variables.
+# This file should only be sourced, never directly invoked.
+# verifies that the user has a defined registry to upload built deployer
+# images
+verify_registry_defined() {
+    if [ -z "${GL_MP_REGISTRY}" ]; then
+        display_failure "GL_MP_REGISTRY is not defined in the environment"
+    fi
+    if [ -z "${GL_MP_APP_NAME}" ]; then
+        display_failure "GL_MP_APP_NAME is not defined in the environment"
+    fi
+}
+# place a text string centered in a field of the specified length
+# usage: center FIELD_WIDTH TEXT_STRING
+center() {
+    field_width=$1
+    txt=$2
+    awk -v fw="${field_width}" -v t="${txt}" \
+        'BEGIN {
+             ws=fw-length(t)
+             rpad=int(ws/2)
+             lpad=ws-rpad
+             for(i=1; i <= lpad; i++)
+                 printf FS
+             printf t
+             for(i=1; i <= rpad; i++)
+                 printf FS
+         }'
+}
+# display progress messages to stderr so that other scripts which may rely
+# on reading from stdout are not impacted
+display_output() {
+    src=$(center 50 "$(basename "$0")")
+    msg=$1
+    exit_type=$2
+    if [ -n "${msg}" ]; then
+        echo "[${src}] ${msg}" >&2
+    fi
+    if [ "${exit_type}" = "failure" ]; then
+      # run the cleanup before exit
+      post_cleanup
+      exit 1
+    fi
+}
+display_task() {
+  display_output "$1" "success"
+}
+display_failure() {
+  msg="        $1"
+  display_output "$1" "failure"
+}
+display_success() {
+  msg="        $1"
+  display_output "${msg}" "success"
+}
+display_warning() {
+  msg="        $1"
+  display_output "${msg}" "warning"
+}
+################################################################################
+# Constants
+################################################################################
+REPOSITORY_BUILD="BUILD_FROM_REPOSITORY"
+CHART_BUILD="BUILD_FROM_CHART"
+################################################################################
+# Directory Paths
+################################################################################
+repo_path="$(git rev-parse --show-toplevel)"
+export GL_MP_REPO="${repo_path}"
+export GL_MP_SCRIPTS="${GL_MP_REPO}/build-scripts"
+export GL_MP_SCRIPT_LIBS="${GL_MP_SCRIPTS}/lib"
+export GL_MP_CHART="${GL_MP_REPO}/container/chart/gitlab-mp"
+export GL_MP_SCRATCH="${GL_MP_REPO}/.scratch"
+export GL_MP_CONTAINER_CONTEXT="${GL_MP_REPO}/container"
+export GL_MP_TEMPLATES="${GL_MP_REPO}/templates"
+export GL_MP_CONF="${GL_MP_REPO}/conf"
+export GL_MP_UPSTREAM_CHART_REPO="${GL_MP_SCRATCH}/gitlab"
+export GL_MP_HELM_PREPARED="${GL_MP_SCRATCH}/.chart_source_ready"
+export GL_MP_UPSTREAM_CHART_URL="https://gitlab.com/charts/gitlab.git"
+################################################################################
+# Config Files
+################################################################################
+export GL_MP_USER_ENV="${GL_MP_CONF}/user_env"
+export GL_MP_VALUES_YAML="${GL_MP_CHART}/values.yaml"
+################################################################################
+# Template Files
+################################################################################
+export GL_MP_SCHEMA_TEMPLATE="${GL_MP_TEMPLATES}/schema.yaml.template"
+export GL_MP_REQUIREMENTS_TEMPLATE="${GL_MP_TEMPLATES}/requirements.yaml.template"
+export GL_MP_SA_MAPPING_YAML_TEMPLATE="${GL_MP_TEMPLATES}/mapping.yaml.template"
+################################################################################
+# Script Paths
+################################################################################
+export GL_MP_UPDATE_REQUIREMENTS="${GL_MP_SCRIPT_LIBS}/update-requirements-yml.sh"
+export GL_MP_UPDATE_SCHEMA="${GL_MP_SCRIPT_LIBS}/update-schema-yml.sh"
+export GL_MP_UPDATE_SA_MAPPING="${GL_MP_SCRIPT_LIBS}/update-mapping-yml.sh"
+export GL_MP_RBAC_EXPORTER="${GL_MP_SCRIPTS}/rbac-exporter/convert_chart_roles_to_schema.rb"
+export GL_MP_LIST_IMAGES="${GL_MP_SCRIPT_LIBS}/list-helm-images.sh"
+export GL_MP_CHECKOUT_GL_UPSTREAM="${GL_MP_SCRIPT_LIBS}/checkout-upstream-branch.sh"
+export GL_MP_PREPARE_HELM_SOURCE="${GL_MP_SCRIPT_LIBS}/prepare-helm-source.sh"
+export GL_MP_BUILD_TARBALLS="${GL_MP_SCRIPT_LIBS}/build-gitlab-marketplace-chart-tarballs.sh"
+################################################################################
+# Files Created During Build Process
+################################################################################
+export GL_MP_SCHEMA_FILE="${GL_MP_CONTAINER_CONTEXT}/schema.yaml"
+export GL_MP_REQUIREMENTS_FILE="${GL_MP_CHART}/requirements.yaml"
+export GL_MP_REQUIREMENTS_LOCK_FILE="${GL_MP_CHART}/requirements.lock"
+export GL_MP_SA_MAPPING_YAML="${GL_MP_CONF}/mapping.yaml"
+export GL_MP_HELM_TARBALL_PATH="${GL_MP_CHART}/charts/"
+export GL_MP_DEAD_FILES="${GL_MP_SCRATCH}/.dead_files"
+################################################################################
+# Read User Environment Data
+################################################################################
+if [ -f "${GL_MP_USER_ENV}" ]; then
+    # shellcheck source=/dev/null
+    . "${GL_MP_USER_ENV}"
+fi
+################################################################################
+# Configure the Environment
+################################################################################
+# enable debugging if configured
+if [ "${GL_MP_DEBUG}" = "yes" ]; then
+    set -x
+fi
+# determine what kind of build is about to happen
+if [ -z "${GL_MP_BUILD_TYPE}" ]; then
+    if [ -n "${GITLAB_BRANCH_NAME}" ]; then
+        GL_MP_BUILD_TYPE="${REPOSITORY_BUILD}"
+        build_message="Using Cloud Native Gitlab branch ${GITLAB_BRANCH_NAME}"
+    elif [ -n "${GL_CHART_VERSION}" ]; then
+        GL_MP_BUILD_TYPE="${CHART_BUILD}"
+        build_message="Using Cloud Native GitLab v${GL_CHART_VERSION}"
+    else
+        GL_MP_BUILD_TYPE="${REPOSITORY_BUILD}"
+        GITLAB_BRANCH_NAME="master"
+        build_message="Using Cloud Native GitLab master branch"
+        export GITLAB_BRANCH_NAME
+    fi
+    display_task "${build_message}"
+fi
+export GL_MP_BUILD_TYPE
+# Define this if not already defined in the environment
+if [ -z "${GCR_REGISTRY}" ]; then
+    verify_registry_defined
+    export GCR_REGISTRY="${GL_MP_REGISTRY}/${GL_MP_APP_NAME}"
+fi
+# Define this if not already defined in the environment
+if [ -z "${DEPLOYER_TAG}" ]; then
+    branch_name=$(git rev-parse --abbrev-ref HEAD)
+    # Use the commit SHA as the tag if no branch name found
+    if [ "${branch_name}" = "HEAD" ]; then
+        branch_name=$(git rev-prase HEAD)
+    fi
+    [ -z "${branch_name}" ] && display_failure "Could not figure out the tag"
+    export DEPLOYER_TAG="${branch_name}"
+fi
+if [ -n "${CI_REGISTRY:-}" ]; then
+    export BUILD_REGISTRY="${CI_REGISTRY}"
+fi
+# CI Environment needs this set
+if [ -n "${CI}" ] && [ -z "${GL_MP_APP_INSTANCE_NAME}" ]; then
+    GL_MP_APP_INSTANCE_NAME="gl-mp-ci"
+fi
+# Create everything required for a build in case it's missing
+[ ! -d "${GL_MP_SCRATCH}" ] && mkdir -p "${GL_MP_SCRATCH}"
+[ ! -d "${GL_MP_HELM_TARBALL_PATH}" ] && mkdir -p "${GL_MP_HELM_TARBALL_PATH}"
+################################################################################
+# Function Definitions
+################################################################################
+remove_file() {
+    file_name="$1"
+    if [ -n "${file_name}" ]; then
+        if [ -f "${file_name}" ]; then
+            if rm "${file_name}"; then
+                display_success "Removed ${file_name}"
+            else
+                display_failure "Could not remove ${file_name}"
+            fi
+        fi
+    fi
+}
+add_dead_file() {
+    dead_file="$1"
+    if [ -n "${dead_file}" ]; then
+        echo "${dead_file}" >> "${GL_MP_DEAD_FILES}"
+    fi
+}
+# remove files that should not be cached between builds
+post_cleanup() {
+    if [ -f "${GL_MP_DEAD_FILES}" ]; then
+      while IFS= read -r file_name
+      do
+        remove_file "${file_name}"
+      done < "${GL_MP_DEAD_FILES}"
+      remove_file "${GL_MP_DEAD_FILES}"
+    fi
+    remove_file "${GL_MP_HELM_PREPARED}"
+}
+get_gitlab_helm_chart_path() {
+    if [ "${GL_MP_BUILD_TYPE}" = "${REPOSITORY_BUILD}" ]; then
+        echo "${GL_MP_UPSTREAM_CHART_REPO}"
+    else
+        echo "${GL_MP_CHART}"
+    fi
+}
+get_gitlab_versions() {
+    version_number=$(helm template "${GL_MP_CHART}" | yq -r ". | select( .kind == \"Application\" )| .spec.descriptor.version")
+    check_number=$(echo "${version_number}" |sed -n 's/^\([0-9]*\)[.]\([0-9]*\)[.]\([0-9]*\)$/\1.\2.\3/p')
+    if [ "${version_number}" = "${check_number}" ]; then
+        major_minor=$(echo "${version_number}" |sed -n 's/^\([0-9]*\)[.]\([0-9]*\)[.]\([0-9]*\)$/\1.\2/p')
+        echo "${version_number} ${major_minor}"
+    else
+        display_failure "${version_number} is not a semantic version"
+    fi
+}
+get_container_tags() {
+    registries=()
+    if [ -z "$1" ]; then
+        registries+=("deployer")
+    fi
+    if [ -n "${GL_REGISTRY_TAG}" ]; then
+        registries+=("${GL_REGISTRY_TAG}/deployer")
+    fi
+    registries+=("${GCR_REGISTRY}/deployer")
+    container_tags=()
+    if [ "${GL_MP_BUILD_TYPE}" = "${REPOSITORY_BUILD}" ]; then
+        tags=("${GITLAB_BRANCH_NAME}")
+    else
+        tags=()
+        for version in $(get_gitlab_versions); do
+            tags+=("${version}")
+        done
+    fi
+    for tag in "${tags[@]}"; do
+        for registry in "${registries[@]}"; do
+            display_success "adding ${version} ${registry}"
+            container_tags+=("${registry}:${tag}")
+        done
+    done
+    echo "${container_tags[@]}"
+}
--- a/.gitmodules
+++ b/.gitmodules
-[submodule "gitlab"]
-	path = gitlab
-	url = https://gitlab.com/charts/gitlab-marketplace-app.git
-[submodule "deployer/source/s3cmd"]
-	path = deployer/source/s3cmd
-	url = https://github.com/s3tools/s3cmd.git
-[submodule "deployer/source/sidekiq"]
-	path = deployer/source/sidekiq
-	url = https://github.com/mperham/sidekiq.git
-[submodule "deployer/source/ruby-gpgme"]
-	path = deployer/source/ruby-gpgme
-	url = https://github.com/ueno/ruby-gpgme.git
-[submodule "deployer/source/device_detector"]
-	path = deployer/source/device_detector
-	url = https://github.com/podigee/device_detector.git
-[submodule "deployer/source/krb5-auth"]
-	path = deployer/source/krb5-auth
-	url = https://github.com/timfel/krb5-auth.git
-[submodule "deployer/source/raindrops"]
-	path = deployer/source/raindrops
-	url = https://bogomips.org/raindrops.git
-[submodule "deployer/source/licensee"]
-	path = deployer/source/licensee
-	url = https://github.com/benbalter/licensee.git
-[submodule "deployer/source/kgio"]
-	path = deployer/source/kgio
-	url = https://bogomips.org/kgio.git
-[submodule "deployer/source/gitlab-workhorse"]
-	path = deployer/source/gitlab-workhorse
-	url = https://gitlab.com/gitlab-org/gitlab-workhorse.git
-[submodule "deployer/source/gitlab-shell"]
-	path = deployer/source/gitlab-shell
-	url = https://gitlab.com/gitlab-org/gitlab-shell.git
-[submodule "deployer/source/gitaly"]
-	path = deployer/source/gitaly
-	url = https://gitlab.com/gitlab-org/gitaly.git
--- a/README.md
+++ b/README.md
-# Deploying GitLab to GKE via Google Cloud Marketplace
+# GitLab Chart for Google GKE Marketplace
-[GitLab](https://about.gitlab.com) is a single application for the complete DevOps lifecycle from project planning and source code management to CI/CD and monitoring.
+## For Developers
-The [Google Cloud Marketplace](https://cloud.google.com/launcher/) is a easy way to deploy apps like GitLab to a [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/) cluster, with just a few clicks.
+Developers should consult
+[the instructions for building and testing](doc/building-deployer.md) for
+more information about how to use the included build tooling.
-> **Note:** For production deployments, we recommend using the [`gitlab` Helm chart](https://docs.gitlab.com/ee/install/kubernetes/gitlab_chart.html) and configuring [external PostgreSQL, Redis, and object storage services](https://gitlab.com/charts/gitlab/tree/master/doc/advanced).
+## For Users and Administrators
-# Installation
+Consult the [documentation about installing GitLab from the Marketplace](doc/installing.md).
-## Quick install with Google Cloud Marketplace
-Deploy GitLab to Google Kubernetes Engine using Google Cloud Marketplace, by following the [on-screen instructions](https://console.cloud.google.com/marketplace/details/gitlab-public/gitlab).
-## Command line instructions
-### Prerequisites
-#### Set up command-line tools
-You'll need the following tools in your development environment:
- [gcloud](https://cloud.google.com/sdk/gcloud/)
- [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/)
- [Helm](https://github.com/kubernetes/helm/blob/master/docs/install.md)
- [docker](https://docs.docker.com/install/)
- [git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
-Configure `gcloud` as a Docker credential helper:
-```shell
-gcloud auth configure-docker
-```
-#### Create a Google Kubernetes Engine cluster
-Create a new cluster from the command-line.
-```shell
-export CLUSTER=marketplace-cluster
-export ZONE=us-west1-a
-gcloud container clusters create "$CLUSTER" --zone "$ZONE"
-```
-Configure `kubectl` to talk to the new cluster.
-```shell
-gcloud container clusters get-credentials "$CLUSTER" --zone "$ZONE"
-```
-#### Clone this repo
-Clone this repo and the associated tools repo.
-```shell
-git clone --recurse-submodules https://gitlab.com/charts/deploy-image-helm-base.git
-gcloud source repos clone google-marketplace-k8s-app-tools --project=k8s-marketplace-eap
-```
-#### Install the Application resource definition
-Do a one-time setup for your cluster to understand Application resources.
-```shell
-kubectl apply -f google-marketplace-k8s-app-tools/crd/*
-```
-The Application resource is defined by the
-[Kubernetes SIG-apps](https://github.com/kubernetes/community/tree/master/sig-apps)
-community. The source code can be found on
-[github.com/kubernetes-sigs/application](https://github.com/kubernetes-sigs/application).
-#### Configure the app
-Open and edit `deploy-image-helm-base/gitlab/values.yaml` to customize the settings and desired container images. Additional information on the available settings is available in the `deploy-image-helm-base/gitlab/docs/` folder.
-#### Expand the manifest template and apply to Kubernetes
-```shell
-helm template gitlab --set APP_INSTANCE_NAME=$APP_INSTANCE_NAME,NAMESPACE=$NAMESPACE > expanded.yaml
-kubectl apply -f expanded.yaml
-```
-### Setting up DNS
-Retrieve the IP address GitLab is available at, note it may take a few minutes for the IP address to populate:
-```shell
-kubectl get \
--namespace <namespace> \
-ing <name>-unicorn \
-o jsonpath='{.status.loadBalancer.ingress[0].ip}'
-```
-Then configure a DNS record for the domain you provided during installation, resolving to the IP address you retrieved above.
-### Signing in
-Browse to https://`gitlab.<yourdomain>`.
-GitLab is provisioned with a randomly generated administrator password. To retrieve it: 
-```shell
-# specify the variables values matching your installation:
-export APP_INSTANCE_NAME=gitlab-1
-export NAMESPACE=default
-kubectl get secret -n $NAMESPACE $APP_INSTANCE_NAME-gitlab-initial-root-password -ojsonpath={.data.password} | base64 --decode
-```
-# Administration of GitLab
-GitLab offers a number of different options to customize the behavior to your needs. More information is available in our [administration documentation](https://docs.gitlab.com/ee/administration/index.html#configuring-gitlab).
-## Configuring a valid TLS certificate
-By default GitLab will utilize self-signed certificates. To utilize your own certificate:
-```shell
-# specify the variables values matching your installation:
-export APP_INSTANCE_NAME=gitlab-1
-export NAMESPACE=default
-kubectl create secret tls -n $NAMESPACE $APP_INSTANCE_NAME-wildcard-tls --cert=<path/to-full-chain.crt> --key=<path/to.key> --dry-run -o json | kubectl apply -f -
-```
-## Update GitLab
-GitLab is made up of multiple containers, each with their own images. These individual containers should be updated together, to ensure proper functionality. Database migrations also need to be run, to update the schema and any required data.
-Because of this, the best way to perform an upgrade is to clone this repo: 
-```shell
-# specify the variables values matching your installation:
-export APP_INSTANCE_NAME=gitlab-1
-export NAMESPACE=default
-git clone --recurse-submodules https://gitlab.com/charts/deploy-image-helm-base.git
-```
-Next, edit `gitlab/values.yaml` and be sure that any changes made during installation, or after, have been applied. Once complete, expand the Helm chart and apply it:
-```shell
-helm template gitlab --set APP_INSTANCE_NAME=$APP_INSTANCE_NAME,NAMESPACE=$NAMESPACE > expanded.yaml
-kubectl apply -f expanded.yaml
-```
-## Backup and Restore
-Detailed documentation on backup and restore is available [here](https://gitlab.com/charts/gitlab/tree/master/doc/backup-restore).
-## Scaling
-To make it easier to scale GitLab we include [horizontal pod autoscalers](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/), which add additional replicas as load increases.
-By default, these are limited to single replica. To view the current scaling status:
-```shell
-# specify the variables values matching your installation:
-export APP_INSTANCE_NAME=gitlab-1
-export NAMESPACE=default
-kubectl get hpa \
-  --namespace $NAMESPACE
-  --selector app.kubernetes.io/name=$APP_INSTANCE_NAME
-```
-You can then change the parameters by deleting the autoscaler and recreating it. For example, to change the minimum pods to 2 and maximum pods to 10 for `gitlab-unicorn`:
-```shell
-kubectl patch hpa -n $NAMESPACE $APP_INSTANCE_NAME-unicorn --patch '{"spec":{"maxReplicas":10}}'
-kubectl patch hpa -n $NAMESPACE $APP_INSTANCE_NAME-unicorn --patch '{"spec":{"minReplicas":2}}'
-```
-# Uninstall the Application
-## Using GKE UI
-Navigate to `GKE > Applications` in GCP console. From the list of applications, click on the one that you wish to uninstall.
-On the new screen, click on the `Delete` button located in the top menu. It will remove
-the resources attached to this application.
-## Using the command line
-### Prepare the environment
-Set your installation name and Kubernetes namespace:
-```shell
-export APP_INSTANCE_NAME=gitlab-1
-export NAMESPACE=default
-```
-### Delete the resources
-> **NOTE:** Please keep in mind that `kubectl` guarantees support for Kubernetes server in +/- 1 versions.
-> It means that for instance if you have `kubectl` in version 1.10.&ast; and Kubernetes 1.8.&ast;,
-> you may experience incompatibility issues, like not removing the StatefulSets with
-> apiVersion of apps/v1beta2.
-If you still have the expanded manifest file used for the installation, you can use it to delete the resources.
-Run `kubectl` on expanded manifest file matching your installation:
-```shell
-kubectl delete -f $APP_INSTANCE_NAME_manifest.yaml --namespace $NAMESPACE
-```
-Otherwise, delete the resources by indication of types and a label:
-```shell
-kubectl delete configmap,ingress,hpa,pdb,deployment,job,statefulset,secret,service \
-  --namespace $NAMESPACE \
-  --selector app.kubernetes.io/name=$APP_INSTANCE_NAME
-```
-### Delete the persistent volumes of your installation
-By design, removal of resources in Kubernetes does not remove the PersistentVolumeClaims that
-were attached to their Pods. It protects your installations from mistakenly deleting important data.
-If you wish to remove the PersistentVolumeClaims with their attached persistent disks, run the
-following `kubectl` commands:
-```shell
-# specify the variables values matching your installation:
-export APP_INSTANCE_NAME=gitlab-1
-export NAMESPACE=default
-kubectl delete persistentvolumeclaims \
-  --namespace $NAMESPACE
-  --selector app.kubernetes.io/name=$APP_INSTANCE_NAME
-```
\ No newline at end of file
--- a/build-scripts/.gitkeep
+++ b/build-scripts/.gitkeep
--- a/build-scripts/build-marketplace-release.sh
+++ b/build-scripts/build-marketplace-release.sh
+#!/usr/bin/env bash
+# build-release.sh
+#
+# Builds a release for GKE Marketplace
+# expects no arguments
+set -eo pipefail
+# Import Environment Setup
+GL_MP_ENV="$(git rev-parse --show-toplevel)"
+GL_MP_ENV_CONFIG="${GL_MP_ENV}/.gitlab_gke_marketplace_build_env"
+[ ! -f "${GL_MP_ENV_CONFIG}" ] && echo "Missing ${GL_MP_ENV_CONFIG}" && exit 1
+# shellcheck source=/dev/null
+. "${GL_MP_ENV_CONFIG}"
+################################################################################
+# Validate Build Variables from Environment
+################################################################################
+[ ! -f "${GL_MP_SCHEMA_TEMPLATE}" ] && display_failure "${GL_MP_SCHEMA_TEMPLATE} is missing"
+[ ! -d "${GL_MP_CONTAINER_CONTEXT}" ] && display_failure "${GL_MP_CHART} does not exist"
+[ ! -d "${GL_MP_CHART}" ] && display_failure "${GL_MP_CHART} does not exist"
+################################################################################
+# Add tarballs with charts to gitlab-mp
+################################################################################
+display_task "Generating GitLab Marketplace Chart Dependency Tarballs"
+if "${GL_MP_BUILD_TARBALLS}"; then
+    display_success "complete"
+else
+    display_failure "failed"
+fi
+################################################################################
+# Update mapping.yaml
+################################################################################
+display_task "Copying template to operational mapping file"
+if cp -a "${GL_MP_SA_MAPPING_YAML_TEMPLATE}" "${GL_MP_SA_MAPPING_YAML}"; then
+    display_success "completed"
+else
+    display_failure "failed"
+fi
+display_task "Updating Service Account data in mapping.yaml"
+if "${GL_MP_UPDATE_SA_MAPPING}"; then
+    display_success "mapping.yaml updated"
+else
+    display_failure "mapping.yaml update failed"
+fi
+################################################################################
+# Update schema.yaml
+################################################################################
+display_task "Copying template to operational schema file"
+if cp -a "${GL_MP_SCHEMA_TEMPLATE}" "${GL_MP_SCHEMA_FILE}"; then
+    display_success "completed"
+else
+    display_failure "failed"
+fi
+display_task "Updating image tags and RBAC configurations in schema.yaml"
+if "${GL_MP_UPDATE_SCHEMA}"; then
+    display_success "schema.yaml update complete"
+else
+    display_failure "schema.yaml updating failed"
+fi
+################################################################################
+# Remove temporary build files
+################################################################################
+display_task "Remove temporary build files"
+post_cleanup
+################################################################################
+# Build the Deployer Container
+################################################################################
+# We are not using $TAG and $REGISTRY in the same way as defined in the
+# Google GKE Marketplace documentation so we don't pass it here. If we
+# were to pass it, it would also have to be in the schema.yaml
+docker_build=("docker" "build")
+for tag in $(get_container_tags); do
+    display_success "build will generate container ${tag}"
+    docker_build+=("-t" "${tag}")
+done
+docker_build+=("${GL_MP_CONTAINER_CONTEXT}")
+display_task "Attempting to build GitLab Marketplace deployer container"
+if "${docker_build[@]}" > /dev/null 2>&1; then
+    display_success "deployer container build complete"
+else
+    display_failure "deployer container build failed"
+fi
+display_task "Build Complete!"
--- a/build-scripts/build.sh
+++ b/build-scripts/build.sh
-function major_version_number() {
-  echo "$1" | cut -d"." -f 1
-}
\ No newline at end of file
--- a/build-scripts/env-config-marketplace.sh
+++ b/build-scripts/env-config-marketplace.sh
+#!/usr/bin/env bash
+# Make sure certain sections of the environment contain the proper items
+# for building marketplace
+# Defaults to dry run; add --commit to actually apply to the environment
+task_list=""
+merge_task()
+{
+  task="$1"
+  echo -en "${task_list}\n${task}"
+}
+add_task() {
+    task="$1"
+    if [ -z "${task_list}" ]; then
+        task_list="$(echo -e "${task}")"
+    else
+        task_list=$(merge_task "${task}")
+    fi
+}
+# extracted to function because trying to run it as a heredoc
+# variable was terrible
+install_mpdev() {
+    BIN_FILE="$HOME/bin/mpdev"
+    docker run \
+        gcr.io/cloud-marketplace-tools/k8s/dev \
+        cat /scripts/dev > "$BIN_FILE"
+    chmod +x "$BIN_FILE"
+}
+is_dry_run="true"
+if [ "$1" = "--commit" ]; then
+    is_dry_run="false"
+fi
+if kubectl get crd --all-namespaces|grep -q 'kapplications.app.k8s.io' > /dev/null 2>&1; then
+    echo "The Marketplace Application Custom Resource Definition present"
+else
+    add_task "kubectl apply -f https://raw.githubusercontent.com/GoogleCloudPlatform/marketplace-k8s-app-tools/master/crd/app-crd.yaml"
+fi
+add_task "docker pull gcr.io/cloud-marketplace-tools/k8s/dev"
+add_task "docker pull gcr.io/cloud-marketplace-tools/k8s/deployer_helm_tiller/onbuild:latest"
+add_task "install_mpdev"
+echo "Starting Run..."
+printf '=%.0s' {1..80}
+echo ""
+while IFS= read -r task
+do
+    if [ "${is_dry_run}" = "false" ]; then
+        ${task}
+    else
+        echo -e "${task}"
+    fi
+done < <(printf '%s\n' "${task_list}")
+if [ "${is_dry_run}" = "true" ]; then
+  printf '=%.0s' {1..80}
+  echo ""
+  echo -e "NOTE: Run with --commit to apply changes"
+fi
--- a/build-scripts/env-doctor.sh
+++ b/build-scripts/env-doctor.sh
+#!/usr/bin/env bash
+# Check the environment to be sure the user can actually build and use the
+# tooling included with this repository.
+problem_list=""
+runtime_warning=""
+merge_problem()
+{
+  problem="$1"
+  echo -en "${problem_list}\n${problem}"
+}
+add_problem() {
+    problem="$1"
+    if [ -z "${problem_list}" ]; then
+        problem_list="$(echo -e "${problem}")"
+    else
+        problem_list=$(merge_problem "${problem}")
+    fi
+}
+REQUIRED_COMMANDS="git gcloud kubectl helm mpdev podman docker ruby"
+# environment configuration must exist
+GL_MP_ENV="$(git rev-parse --show-toplevel)"
+GL_MP_ENV_CONFIG="${GL_MP_ENV}/.gitlab_gke_marketplace_build_env"
+if [ ! -f "${GL_MP_ENV_CONFIG}" ]; then
+    echo "Missing ${GL_MP_ENV_CONFIG}"
+    exit 1
+fi
+echo "[START] Checking environment for tools necessary to build a GitLab GKE Marketplace release..."
+found_runtime="no"
+active_runtime="no"
+for app in $REQUIRED_COMMANDS; do
+    found_it="Found"
+    if ! command -v "${app}" > /dev/null 2>&1; then
+        found_it="Not Found"
+        if [ "${app}" != "docker" ] && [ "${app}" != "podman" ]; then
+            add_problem "${app} is not installed"
+        fi
+    else
+        if [ "${app}" = "docker" ] || [ "${app}" = "podman" ]; then
+            found_runtime="yes"
+            if command -v "${app}" ps > /dev/null 2>&1; then
+                active_runtime="yes"
+                if [ "${app}" = "podman" ]; then
+                  runtime_warning="Marketplace Tools invoke 'docker', alias podman to docker for compatibility"
+                fi
+            fi
+        fi
+    fi
+    echo "Checking for ${app}...${found_it}"
+done
+# container runtime is required
+if [ "${found_runtime}" = "no" ]; then
+    add_problem "Install a container runtime"
+fi
+if [ "${active_runtime}" = "no" ]; then
+    add_problem "Container runtime service is not active"
+fi
+if kubectl get crd --all-namespaces|grep -q 'applications.app.k8s.io' > /dev/null 2>&1; then
+    echo "The GKE Marketplace Application CRD has been applied"
+else
+    add_problem "Missing the GKE Marketplace Application CRD"
+fi
+# make sure the right yq is installed
+# behavioral test for posterity in case this ever breaks
+#yq_test=$(echo '{"test": "works"}'|yq -r ".| .test" 2>/dev/null)
+if ! yq --help | grep -q kislyuk; then
+    add_problem "Expect python version of yq"
+fi
+if [ -n "${runtime_warning}" ]; then
+    echo "[WARNING] ${runtime_warning}"
+fi
+if [ -z "${problem_list}" ]; then
+    echo "[SUCCESS] Environment is ready to build GitLab GKE Marketplace"
+else
+    echo "[PROBLEMS]"
+    echo "${problem_list}"
+    echo "[FAILURE] Resolve above issues to build GitLab GKE Marketplace"
+    exit 1
+fi
--- a/build-scripts/lib/build-gitlab-marketplace-chart-tarballs.sh
+++ b/build-scripts/lib/build-gitlab-marketplace-chart-tarballs.sh
+#!/usr/bin/env bash
+set -eo pipefail
+################################################################################
+# Environment Setup
+################################################################################
+GL_MP_ENV="$(git rev-parse --show-toplevel)"
+GL_MP_ENV_CONFIG="${GL_MP_ENV}/.gitlab_gke_marketplace_build_env"
+[ ! -f "${GL_MP_ENV_CONFIG}" ] && echo "Missing ${GL_MP_ENV_CONFIG}" && exit 1
+# shellcheck source=/dev/null
+. "${GL_MP_ENV_CONFIG}"
+################################################################################
+# Main Script
+################################################################################
+display_task "Building required tarballs for GitLab Marketplace Charts"
+"${GL_MP_PREPARE_HELM_SOURCE}" || display_failure "Could not prepare helm source"
+chart_path=$(get_gitlab_helm_chart_path)
+[ ! -d "${chart_path}" ] && display_failure "Cannot find ${chart_path}"
+if [ -d "${GL_MP_HELM_TARBALL_PATH}" ]; then
+    if rm -Rf "${GL_MP_HELM_TARBALL_PATH:?}"/*; then
+        display_success "Cleared out stale chart tarballs"
+    else
+        display_failure "Failed to clear out stale chart tarballs"
+    fi
+else
+    display_failure "Could not find ${GL_MP_HELM_TARBALL_PATH}"
+fi
+if [ "${GL_MP_BUILD_TYPE}" = "${CHART_BUILD}" ]; then
+    "${GL_MP_UPDATE_REQUIREMENTS}" "${GL_CHART_VERSION}"
+    if helm dependency build "${chart_path}" > /dev/null; then
+        display_success "complete"
+    else
+        display_failure "failed"
+    fi
+else
+    chart_version=$(helm package "${chart_path}" -d "${GL_MP_HELM_TARBALL_PATH}" | sed -n 's/.*\/gitlab-\([0-9.]*\)[.][a-zA-Z]*$/\1/p')
+    display_success "I HAVE CHART VERSION ${chart_version}"
+    # write a requirements file with only the GKE Marketplace tools required
+    "${GL_MP_UPDATE_REQUIREMENTS}" "${chart_version}" "marketplace only"
+    # adds the GKE Marketplace required chart tarballs
+    # helm does not remove tarballs not specified in requirements thus
+    # there is no danger to the GitLab requirements generated by the
+    # previous call to helm package
+    if helm dependency build "${GL_MP_CHART}" > /dev/null; then
+        display_success "Added Marketplace Integration tarballs"
+    else
+        display_failure "Failed adding Marketplace Integration tarballs"
+    fi
+    # create the real requirements file
+    "${GL_MP_UPDATE_REQUIREMENTS}" "${chart_version}"
+fi
--- a/build-scripts/lib/checkout-upstream-branch.sh
+++ b/build-scripts/lib/checkout-upstream-branch.sh
+#!/usr/bin/env bash
+# Script to check out the latest GitLab Cloud Native upstream branch
+# If the repository is already cloned, ensure it is the latest master.
+set -eo pipefail
+GL_MP_ENV="$(git rev-parse --show-toplevel)"
+GL_MP_ENV_CONFIG="${GL_MP_ENV}/.gitlab_gke_marketplace_build_env"
+[ ! -f "${GL_MP_ENV_CONFIG}" ] && echo "Missing ${GL_MP_ENV_CONFIG}" && exit 1
+# shellcheck source=/dev/null
+. "${GL_MP_ENV_CONFIG}"
+[ ! -d "${GL_MP_SCRATCH}" ] && mkdir -p "${GL_MP_SCRATCH}"
+needs_cloned="no"
+if [ -d "${GL_MP_UPSTREAM_CHART_REPO}" ]; then
+    pushd "${GL_MP_UPSTREAM_CHART_REPO}" > /dev/null
+    # no need to guard the next statement; if it fails origin_url is going
+    # to correct assume that the directory should be removed/replaced with
+    # an actual git repository
+    origin_url=$(git config --get remote.origin.url)
+    popd > /dev/null
+    if [ "${origin_url}" != "${GL_MP_UPSTREAM_CHART_URL}" ]; then
+        display_task "Attempting to remove ${GL_MP_UPSTREAM_CHART_REPO} [incorrect origin]"
+        # safe because we already know this directory exists
+        if rm -Rf "${GL_MP_UPSTREAM_CHART_REPO}"; then
+            display_success "removal succeeded"
+        else
+            display_failure "removal failed"
+        fi
+        needs_cloned="yes"
+    else
+        pushd "${GL_MP_UPSTREAM_CHART_REPO}" > /dev/null
+        display_task "Checking local GitLab Chart repository for updates"
+        if git fetch origin > /dev/null 2>&1; then
+            display_success "local repository updated successfully"
+        else
+            display_failure "failed to retrieve updates from ${GL_MP_UPSTREAM_CHART_URL}"
+        fi
+        display_task "Verifying current branch is ${GITLAB_BRANCH_NAME}"
+        if git checkout "${GITLAB_BRANCH_NAME}" > /dev/null 2>&1; then
+            display_success "${GITLAB_BRANCH_NAME} is the current branch"
+        else
+            display_failure "failed to get to the ${GITLAB_BRANCH_NAME} branch"
+        fi
+        display_task "Updating local branch ${GITLAB_BRANCH_NAME}"
+        if git pull origin "${GITLAB_BRANCH_NAME}" > /dev/null 2>&1; then
+            display_success "${GITLAB_BRANCH_NAME} branch updated successfully"
+        else
+            display_failure "${GITLAB_BRANCH_NAME} branch update failed"
+        fi
+        popd > /dev/null
+    fi
+else
+    needs_cloned="yes"
+fi
+if [ "${needs_cloned}" = "yes" ]; then
+    pushd "${GL_MP_SCRATCH}" > /dev/null
+    display_task "Attempting to clone from ${GL_MP_UPSTREAM_CHART_URL}"
+    if git clone "${GL_MP_UPSTREAM_CHART_URL}"; then
+        display_success "cloning suceeded."
+        pushd "${GL_MP_UPSTREAM_CHART_REPO}" > /dev/null
+        display_task "Attempting to checkout ${GITLAB_BRANCH_NAME}"
+        if git checkout "${GITLAB_BRANCH_NAME}"; then
+            display_success "checkout of ${GITLAB_BRANCH_NAME} succeeded"
+        else
+            display_failure "checkout of ${GITLAB_BRANCH_NAME} failed"
+        fi
+        popd > /dev/null
+    else
+        display_failure "cloning failed."
+    fi
+    popd > /dev/null
+fi
--- a/build-scripts/lib/list-helm-images.sh
+++ b/build-scripts/lib/list-helm-images.sh
+#!/usr/bin/env bash
+set -eo pipefail
+GL_MP_ENV="$(git rev-parse --show-toplevel)"
+GL_MP_ENV_CONFIG="${GL_MP_ENV}/.gitlab_gke_marketplace_build_env"
+[ ! -f "${GL_MP_ENV_CONFIG}" ] && echo "Missing ${GL_MP_ENV_CONFIG}" && exit 1
+# shellcheck source=/dev/null
+. "${GL_MP_ENV_CONFIG}"
+"${GL_MP_PREPARE_HELM_SOURCE}" || display_failure "Could not prepare helm source"
+chart_path=$(get_gitlab_helm_chart_path)
+[ ! -d "${chart_path}" ] && display_failure "Cannot find ${chart_path}"
+pushd "${chart_path}" > /dev/null
+display_task "Generating list of container images"
+if helm template . --set certmanager-issuer.email=none@none.com -f "${GL_MP_VALUES_YAML}" | \
+        yq -r ". | select( .kind == \"Job\" or .kind == \"Deployment\" or .kind == \"StatefulSet\" or .kind == \"DaemonSet\" ) | .spec.template.spec | [.containers,.initContainers] | .[] | select(.!=null) | .[].image" | \
+   sort | uniq; then
+    display_success "complete"
+else
+    display_failure "failed"
+fi
+popd > /dev/null
--- a/build-scripts/lib/prepare-helm-source.sh
+++ b/build-scripts/lib/prepare-helm-source.sh
+#!/usr/bin/env bash
+set -eo pipefail
+################################################################################
+# Environment Setup
+################################################################################
+GL_MP_ENV="$(git rev-parse --show-toplevel)"
+GL_MP_ENV_CONFIG="${GL_MP_ENV}/.gitlab_gke_marketplace_build_env"
+[ ! -f "${GL_MP_ENV_CONFIG}" ] && echo "Missing ${GL_MP_ENV_CONFIG}" && exit 1
+# shellcheck source=/dev/null
+. "${GL_MP_ENV_CONFIG}"
+################################################################################
+# Main Script
+################################################################################
+display_task "Preparing data sources for helm"
+if [ ! -f "${GL_MP_HELM_PREPARED}" ]; then
+    if [ "${GL_MP_BUILD_TYPE}" = "${REPOSITORY_BUILD}" ]; then
+        "${GL_MP_CHECKOUT_GL_UPSTREAM}"
+    fi
+    gitlab_chart_path=$(get_gitlab_helm_chart_path)
+    [ -d "${gitlab_chart_path}" ] || display_failure "Could not find ${gitlab_chart_path}"
+    pushd "${gitlab_chart_path}" > /dev/null
+    display_task "Configure helm for templating"
+    if helm init --client-only > /dev/null; then
+        display_success "complete"
+    else
+        display_failure "failed"
+    fi
+    display_task "Adding GitLab charts helm repository"
+    if helm repo add gitlab https://charts.gitlab.io/ > /dev/null; then
+        display_success "complete"
+    else
+        display_failure "failed"
+    fi
+    display_task "Adding Google Marketplace Integration Tools helm repository"
+    if helm repo add gke-marketplace-tools https://cloud-marketplace-tools.storage.googleapis.com/charts > /dev/null; then
+        display_success "complete"
+    else
+        display_failure "failed"
+    fi
+    display_task "Updating helm repository"
+    if helm repo update > /dev/null; then
+        display_success "complete"
+    else
+        display_failure "failed"
+    fi
+    display_task "Updating helm chart dependencies"
+    if helm dep update > /dev/null; then
+        display_success "complete"
+    else
+        display_failure "failed"
+    fi
+    popd > /dev/null
+    touch "${GL_MP_HELM_PREPARED}"
+fi
--- a/build-scripts/lib/update-mapping-yml.sh
+++ b/build-scripts/lib/update-mapping-yml.sh
+#!/usr/bin/env bash
+# update-mapping-yml
+# Script to update the APP INSTANCE NAME in the mapping file
+set -e
+GL_MP_ENV="$(git rev-parse --show-toplevel)"
+GL_MP_ENV_CONFIG="${GL_MP_ENV}/.gitlab_gke_marketplace_build_env"
+[ ! -f "${GL_MP_ENV_CONFIG}" ] && echo "Missing ${GL_MP_ENV_CONFIG}" && exit 1
+# shellcheck source=/dev/null
+. "${GL_MP_ENV_CONFIG}"
+[ -f "${GL_MP_SA_MAPPING_YAML}" ] || display_failure "${GL_MP_SA_MAPPING_YAML} missing!"
+[ -z "${GL_MP_APP_INSTANCE_NAME}" ] && display_failure "GL_MP_APP_INSTANCE_NAME is not defined in the environment."
+pattern="s/\$GL_MP_APP_INSTANCE_NAME/${GL_MP_APP_INSTANCE_NAME}/"
+add_dead_file "${GL_MP_SA_MAPPING_YAML}-e"
+sed -i -e "${pattern}" "${GL_MP_SA_MAPPING_YAML}" || display_failure "Insertion of ${GL_MP_APP_INSTANCE_NAME} failed"
--- a/build-scripts/lib/update-requirements-yml.sh
+++ b/build-scripts/lib/update-requirements-yml.sh
+#!/usr/bin/env bash
+# update-requirements-yml
+# Script to update the GitLab version number in the requirements.yaml
+# Optional takes an argument to set the version if needed
+set -e
+GL_MP_ENV="$(git rev-parse --show-toplevel)"
+GL_MP_ENV_CONFIG="${GL_MP_ENV}/.gitlab_gke_marketplace_build_env"
+[ ! -f "${GL_MP_ENV_CONFIG}" ] && echo "Missing ${GL_MP_ENV_CONFIG}" && exit 1
+# shellcheck source=/dev/null
+. "${GL_MP_ENV_CONFIG}"
+append_partial() {
+    partial="$1"
+    [ -n "${partial}" ] || display_failure "append_partial expects a filepath"
+    [ -f "${partial}" ] || display_failure "No such file ${partial}"
+    if cat "${partial}" >> "${GL_MP_REQUIREMENTS_FILE}"; then
+        display_success "Injected ${partial} to requirements"
+    else
+        display_failure "Injection of ${partial} failed"
+    fi
+}
+################################################################################
+# Main Script
+################################################################################
+if [ -n "$1" ]; then
+    version_number="$1"
+else
+    display_failure "Must pass chart version number"
+fi
+remove_file "${GL_MP_REQUIREMENTS_FILE}"
+remove_file "${GL_MP_REQUIREMENTS_LOCK_FILE}"
+echo "dependencies:" > "${GL_MP_REQUIREMENTS_FILE}"
+partials_path="${GL_MP_TEMPLATES}/requirements/"
+# assume GitLab upstream chart version written unless second argument passed
+if [ -z "$2" ]; then
+    append_partial "${partials_path}gitlab-reqs.yaml"
+    add_dead_file "${GL_MP_REQUIREMENTS_FILE}-e"
+    pattern="s/\$GL_RELEASE_VERSION/${version_number}/"
+    if sed -i -e "${pattern}" "${GL_MP_REQUIREMENTS_FILE}"; then
+        display_success "GitLab Chart required version set to ${version_number}"
+    else
+        display_failure "Failed setting GitLab Chart version to ${version_number}"
+    fi
+fi
+append_partial "${partials_path}gke-marketplace-reqs.yaml"
+display_success "requirements.yaml built succesfully"
--- a/build-scripts/lib/update-schema-yml.sh
+++ b/build-scripts/lib/update-schema-yml.sh
+#!/usr/bin/env bash
+# update-schema-yml
+# Script to update the image tags of schema.yml based on the image tags
+# of the rendered helm template.
+set -e
+GL_MP_ENV="$(git rev-parse --show-toplevel)"
+GL_MP_ENV_CONFIG="${GL_MP_ENV}/.gitlab_gke_marketplace_build_env"
+[ ! -f "${GL_MP_ENV_CONFIG}" ] && echo "Missing ${GL_MP_ENV_CONFIG}" && exit 1
+# shellcheck source=/dev/null
+. "${GL_MP_ENV_CONFIG}"
+export GL_MP_HELM_RBAC_TEMPLATE="${GL_MP_SCRATCH}/helm_template_with_rbac.yaml"
+export GL_MP_SCHEMA_HEAD="${GL_MP_SCRATCH}/.schema.head.yaml"
+export GL_MP_SCHEMA_RBAC_ENTRIES="${GL_MP_SCRATCH}/.rbac_entries.yaml"
+export GL_MP_SCHEMA_TAIL="${GL_MP_SCRATCH}/.schema.tail.yaml"
+function reset_schema_yaml() {
+    [ -f "${GL_MP_SCHEMA_HEAD}" ] && rm "${GL_MP_SCHEMA_HEAD}"
+    [ -f "${GL_MP_SCHEMA_RBAC_ENTRIES}" ] && rm "${GL_MP_SCHEMA_RBAC_ENTRIES}"
+    [ -f "${GL_MP_SCHEMA_TAIL}" ] && rm "${GL_MP_SCHEMA_TAIL}"
+    return 0
+}
+function findImage() {
+    grep -q "default: [\"]\{0,1\}\$REGISTRY/$1" "${GL_MP_SCHEMA_FILE}"
+}
+function replaceTagOnImage() {
+    IMAGE=$1
+    TAG=$2
+    pattern="s/[\"]\{0,1\}\$REGISTRY\/${IMAGE}:.*[\"]\{0,1\}$/\"\$REGISTRY\/${IMAGE}:${TAG}\"/"
+    add_dead_file "${GL_MP_SCHEMA_FILE}-e"
+    sed -i -e "${pattern}" "${GL_MP_SCHEMA_FILE}"
+}
+if [ ! -f "${GL_MP_SCHEMA_FILE}" ]; then
+  display_failure "Unable to find file: ${GL_MP_SCHEMA_FILE}"
+fi
+display_task "Resetting schema partials in scratch environment"
+if [ -e "${GL_MP_SCRATCH}" ]; then
+   if [ -d "${GL_MP_SCRATCH}" ]; then
+       if reset_schema_yaml; then
+           display_success "old schema partials removed"
+       else
+           display_failure "failed to remove old schema partials"
+       fi
+   else
+       display_failure "${GL_MP_SCRATCH} exists and is not a directory"
+   fi
+fi
+mkdir -p "${GL_MP_SCRATCH}" || display_failure "scratch reset failed"
+has_failed_image="no"
+for image in $("${GL_MP_LIST_IMAGES}"); do
+    sourceImageName="$(echo "${image##*/}" | cut -d':' -f1 | cut -d'@' -f1)"
+    sourceImageTag="${image//*:}"
+    image_msg="Image: ${sourceImageName}"
+    if ! findImage "${sourceImageName}"; then
+        image_msg="${image_msg} !! NOT FOUND"
+        has_failed_image="yes"
+    else
+        replaceTagOnImage "${sourceImageName}" "${sourceImageTag}"
+    fi
+    display_success "${image_msg}"
+done
+if [ ${has_failed_image} = "yes" ]; then
+    display_failure "Failed to locate some images, review logs above"
+fi
+helm_chart_path=$(get_gitlab_helm_chart_path)
+pushd "${helm_chart_path}" > /dev/null
+display_task "Generating helm template containing RBAC entries"
+if helm template . -f "${GL_MP_VALUES_YAML}" \
+    --set certmanager-issuer.email=none@none.com,gitlab.nginx-ingress.serviceAccount.create=true,gitlab.shared-secrets.serviceAccount.create=true \
+    --name "${GL_MP_APP_INSTANCE_NAME}" > "${GL_MP_HELM_RBAC_TEMPLATE}" ; then
+    display_success "generated yaml from helm template invocation"
+else
+    display_failure "failed to generate yaml from helm template invocation"
+fi
+popd > /dev/null
+display_task "Exporting RBAC schema entries from Helm Template"
+if "${GL_MP_RBAC_EXPORTER}" -t "${GL_MP_HELM_RBAC_TEMPLATE}" -i 2 -m "${GL_MP_SA_MAPPING_YAML}"> "${GL_MP_SCHEMA_RBAC_ENTRIES}"; then
+    display_success "generated RBAC schema entries"
+else
+    display_failure "failed to generate RBAC schema entries"
+fi
+# TODO: How to wrap this up for a guard?
+#       Would prefer to set the variable & verify grep came back with
+#       non-zero at same time
+#       For now, it will fail if grep fails because of -e
+line_number=$(grep -n "\$RBAC_ENTRIES" "${GL_MP_SCHEMA_FILE}"|cut -d ':' -f 1)
+display_task "Exporting Schema Head"
+if head -n $((line_number-1)) "${GL_MP_SCHEMA_FILE}" > "${GL_MP_SCHEMA_HEAD}"; then
+    display_success "succeeded"
+else
+    display_failure "failed"
+fi
+display_task "Exporting Schema Tail"
+if sed -n $((line_number+1))', $p' "${GL_MP_SCHEMA_FILE}" > "${GL_MP_SCHEMA_TAIL}"; then
+    display_success "succeeded"
+else
+    display_failure "failed"
+fi
+display_task "Re-assembling Schema with RBAC entries"
+if  cp "${GL_MP_SCHEMA_HEAD}" "${GL_MP_SCHEMA_FILE}"; then
+    display_success "schema head injected"
+else
+    display_failure "schema head injection failed"
+fi
+if cat "${GL_MP_SCHEMA_RBAC_ENTRIES}" >> "${GL_MP_SCHEMA_FILE}"; then
+    display_success "schema RBAC entries injected"
+else
+    display_failure "schema RBAC entries injection failed"
+fi
+if cat "${GL_MP_SCHEMA_TAIL}" >> "${GL_MP_SCHEMA_FILE}"; then
+    display_success "schema tail injected"
+else
+    display_failure "schema tail injection failed"
+fi
--- a/build-scripts/list-helm-images.sh
+++ b/build-scripts/list-helm-images.sh
-#!/bin/bash
-set -exo pipefail
-cd gitlab
-helm init --client-only > /dev/null
-helm repo add gitlab https://charts.gitlab.io/ > /dev/null
-helm repo update > /dev/null
-helm dep update > /dev/null
-helm template . --set certmanager-issuer.email=none@none.com | \
-   yq -r ". | select( .kind == \"Job\" or .kind == \"Deployment\" or .kind == \"StatefulSet\" or .kind == \"DaemonSet\" ) | .spec.template.spec | [.containers,.initContainers] | .[] | select(.!=null) | .[].image" | \
-   sort | uniq
-cd ..
\ No newline at end of file
--- a/build-scripts/mirror-helm-images.sh
+++ b/build-scripts/mirror-helm-images.sh
-#!/usr/bin/env bash
-set -e
-GCR_REGISTRY=${GCR_REGISTRY:-"gcr.io/top-chain-204115/gitlab"}
-for image in $(build-scripts/list-helm-images.sh); do
-    SOURCE_IMAGE_NAME="$(echo "${image##*/}" | cut -d':' -f1 | cut -d'@' -f1)"
-    SOURCE_IMAGE_TAG="${image//*:}"
-    MIRRORED_IMAGE="${GCR_REGISTRY}/${SOURCE_IMAGE_NAME}:${SOURCE_IMAGE_TAG}"
-    docker pull "$image"
-    docker tag "$image" "$MIRRORED_IMAGE"
-    docker push "$MIRRORED_IMAGE"
-done
--- a/build-scripts/push-container-dependencies.sh
+++ b/build-scripts/push-container-dependencies.sh
+#!/usr/bin/env bash
+set -e
+GL_MP_ENV="$(git rev-parse --show-toplevel)"
+GL_MP_ENV_CONFIG="${GL_MP_ENV}/.gitlab_gke_marketplace_build_env"
+[ ! -f "${GL_MP_ENV_CONFIG}" ] && echo "Missing ${GL_MP_ENV_CONFIG}" && exit 1
+# shellcheck source=/dev/null
+. "${GL_MP_ENV_CONFIG}"
+display_task "Pushing Container Dependencies"
+for image in $("${GL_MP_LIST_IMAGES}"); do
+    source_image_name="$(echo "${image##*/}" | cut -d':' -f1 | cut -d'@' -f1)"
+    source_image_tag="${image//*:}"
+    mirrored_image="${GCR_REGISTRY}/${source_image_name}:${source_image_tag}"
+    if docker pull "${image}" > /dev/null 2>&1; then
+        display_success "Pulled ${image} to local container registry"
+    else
+        display_failure "Unable to pull ${image} to local container registry"
+    fi
+    if docker tag "${image}" "${mirrored_image}" > /dev/null 2>&1; then
+        display_success "Created tag ${mirrored_image} referring to ${image}"
+    else
+        display_failure "Unable to create tag ${mirrored_image} referring to ${image}"
+    fi
+    if docker push "${mirrored_image}" > /dev/null 2>&1; then
+        display_success "Pushed ${mirrored_image}"
+    else
+        display_failure "Unable to push ${mirrored_image}"
+    fi
+done