Skip to content

GitLab Next

Why GitLab
Pricing
Contact Sales
Explore

Sign in
Get free trial

[CI] Pin image digests for more reliable review apps

Review changes
Download
Patches
Plain diff

Mitchell Nielsen requested to merge ci-pin-image-digest into master Sep 22, 2023

Overview 27
Commits 6
Pipelines 6
Changes 3

What does this MR do?

This MR adds a job before the review-related jobs trigger. It calculates the correct image to use (using existing logic), and then uses skopeo to retrieve the current image digest. It then includes this digest in a Helm values file that is saved as an artifact so it's available to the review app jobs.

This should make the review apps more reliable, as this avoids the scenario in which the global.image.pullPolicy=Always could lead to review apps running containers that are misaligned.

Related issues

Closes #4999 (closed)

Test plan

Confirm tag settings are applied

kubectl get pods -l release=rvw-ci-pin-image-digest --output=custom-columns="NAME:.metadata.name,IMAGE:.spec.containers[*].image"

This command will print the images used by each Pod's Containers. We're looking to make sure that all of the image tags we're configuring have a digest appended.

Author checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion.

Required

Merge Request Title and Description are up to date, accurate, and descriptive
MR targeting the appropriate branch
MR has a green pipeline on GitLab.com
When ready for review, follow the instructions in the "Reviewer Roulette" section of the Danger Bot MR comment, as per the Distribution experimental MR workflow

Expected (please provide an explanation if not completing)

Test plan indicating conditions for success has been posted and passes
~~Documentation created/updated~~
~~Tests added/updated~~
~~Integration tests added to GitLab QA~~
~~Equivalent MR/issue for omnibus-gitlab opened~~
Equivalent MR/issue for Gitlab Operator project opened (see Operator documentation on impact of Charts changes) -> The Operator deploys versioned/released GitLab Charts, which means the images already specify a versioned tag (vX.Y.Z). Because of this, I don't think this change would be as helpful.
Validate potential values for new configuration settings. Formats such as integer 10, duration 10s, URI scheme://user:passwd@host:port may require quotation or other special handling when rendered in a template and written to a configuration file.

Edited Sep 25, 2023 by Mitchell Nielsen

Merge request reports

Assignee

Select assignees

Reviewers

Request review from

Time tracking