Skip to content
Commits on Source (80)
......@@ -37,7 +37,7 @@ variables:
# AUTO_DEVOPS_DOMAIN: domain.example.com
GIT_CLONE_PATH: $CI_BUILDS_DIR/gitlab
HELM_MAX_HISTORY: 20
TEST_BACKUP_PREFIX: "16.1.0"
TEST_BACKUP_PREFIX: "1699372374_2023_11_07_16.6.0-pre"
NAMESPACE: $KUBE_NAMESPACE
REVIEW_REF_PREFIX: ""
ISSUE_BOT_LABELS_EXTRA: "group::distribution,type::maintenance,maintenance::pipelines"
......@@ -50,7 +50,7 @@ variables:
DEBIAN_VERSION: bullseye
RUBY_VERSION: "3.0"
CI_TOOLS_VERSION: "4.22.0"
GITLAB_QA_VERSION: "12.4.1"
GITLAB_QA_VERSION: "12.5.0"
# STRICT_VERSIONS is used in RSpecs to ensure exact version match for tools like "helm" and "kubectl"
STRICT_VERSIONS: "true"
KUBE_CRD_SCHEMA_URL: "https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/v3/apis__apiextensions.k8s.io__v1_openapi.json"
......@@ -68,6 +68,7 @@ stages:
- prepare
- test
- preflight
- prepare-review
- review
- staging
- canary
......@@ -84,6 +85,7 @@ stages:
include:
- local: '/.gitlab/ci/rules.gitlab-ci.yml'
- local: '/.gitlab/ci/review-apps.gitlab-ci.yml'
- template: Jobs/Dependency-Scanning.latest.gitlab-ci.yml
- template: Jobs/Secret-Detection.latest.gitlab-ci.yml
- template: Jobs/SAST.latest.gitlab-ci.yml
......@@ -171,6 +173,7 @@ lint_package:
paths:
- build
rules:
- if: '$PIPELINE_TYPE == "DOCS_PIPELINE"'
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
- if: '$PIPELINE_TYPE =~ /_BRANCH_PIPELINE$/'
- if: '$PIPELINE_TYPE == "NIGHTLY_PIPELINE"'
......@@ -198,16 +201,12 @@ lint_package:
--output json
.
rules:
- if: '$PIPELINE_TYPE == "DOCS_PIPELINE"'
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
- if: '$PIPELINE_TYPE =~ /_BRANCH_PIPELINE$/'
- if: '$PIPELINE_TYPE == "NIGHTLY_PIPELINE"'
needs: ['lint_package']
"Validate 1.19.16":
extends: .kubeconform
variables:
KUBE_VERSION: "1.19.16"
"Validate 1.20.7":
extends: .kubeconform
variables:
......@@ -238,30 +237,79 @@ lint_package:
cronJob:
apiVersion: batch/v1
.review_template:
stage: review
pin_image_versions:
stage: prepare-review
script:
- apk add skopeo
- bash ./scripts/ci/pin_image_digests.sh
artifacts:
paths:
- ci.digests.yaml
rules:
# Rules from .stable
- if: '$PIPELINE_TYPE =~ /DEFAULT_BRANCH_PIPELINE$/'
# Rules from .review_template
- if: '$PIPELINE_TYPE =~ /MR_PIPELINE$/'
- if: '$PIPELINE_TYPE =~ /STABLE_BRANCH_PIPELINE$/'
- if: '$PIPELINE_TYPE =~ /FEATURE_BRANCH_PIPELINE$/'
- if: '$PIPELINE_TYPE == "QA_KNAPSACK_UPDATE_PIPELINE"'
"Validate 1.26.8":
extends: .kubeconform
variables:
HOST_SUFFIX: "$CI_ENVIRONMENT_SLUG"
DOMAIN: "-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN"
VARIABLES_FILE: "variables/${CI_JOB_NAME}"
extends: .source_autodevops
KUBE_VERSION: "1.26.8"
HELM_SETTINGS: !reference ["Validate 1.25.7", variables, HELM_SETTINGS]
"Validate 1.27.5":
extends: .kubeconform
variables:
KUBE_VERSION: "1.27.5"
HELM_SETTINGS: !reference ["Validate 1.25.7", variables, HELM_SETTINGS]
"Validate 1.28.3":
extends: .kubeconform
variables:
KUBE_VERSION: "1.28.3"
HELM_SETTINGS: !reference ["Validate 1.25.7", variables, HELM_SETTINGS]
.set_up_varfile_and_kubecontext:
script:
- mkdir -p $(dirname "${VARIABLES_FILE}")
- set_context
- check_kube_domain
- kubectl version
.set_up_namespace_secret_and_deploy:
script:
- ensure_namespace
- create_secret
- deploy
- wait_for_deploy
.get_qa_revision:
script:
- kubectl wait pods -n $NAMESPACE -l app=toolbox,release=$RELEASE_NAME --for condition=Ready --timeout=60s
- echo "export QA_GITLAB_REVISION=`kubectl exec -i $(kubectl get pods -lrelease=$RELEASE_NAME,app=toolbox -o custom-columns=":metadata.name") -c toolbox -- cat /srv/gitlab/REVISION`" >> "${VARIABLES_FILE}"
.review_template:
stage: review
variables:
HOST_SUFFIX: "$CI_ENVIRONMENT_SLUG"
DOMAIN: "-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN"
VARIABLES_FILE: "variables/${CI_JOB_NAME}"
extends: .source_autodevops
dependencies:
- pin_image_versions
script:
- !reference [.set_up_varfile_and_kubecontext, script]
- kubectl version
- !reference [.set_up_namespace_secret_and_deploy, script]
- restart_toolbox
- echo "export QA_ENVIRONMENT_URL=gitlab-$HOST_SUFFIX.$KUBE_INGRESS_BASE_DOMAIN" >> "${VARIABLES_FILE}"
- echo "export GITLAB_ROOT_DOMAIN=$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN" >> "${VARIABLES_FILE}"
- echo "export GITLAB_URL=gitlab-$HOST_SUFFIX.$KUBE_INGRESS_BASE_DOMAIN" >> "${VARIABLES_FILE}"
- echo "export REGISTRY_URL=registry-$HOST_SUFFIX.$KUBE_INGRESS_BASE_DOMAIN" >> "${VARIABLES_FILE}"
- echo "export S3_ENDPOINT=https://minio-$HOST_SUFFIX.$KUBE_INGRESS_BASE_DOMAIN" >> "${VARIABLES_FILE}"
- kubectl wait pods -n $NAMESPACE -l app=toolbox,release=$RELEASE_NAME --for condition=Ready --timeout=60s
- echo "export QA_GITLAB_REVISION=`kubectl exec -i $(kubectl get pods -lrelease=$RELEASE_NAME,app=toolbox -o custom-columns=":metadata.name") -c toolbox -- cat /srv/gitlab/REVISION`" >> "${VARIABLES_FILE}"
- !reference [.get_qa_revision, script]
artifacts:
when: always
paths:
......@@ -399,19 +447,17 @@ stop_review_eks:
.stable:
stage: stable
extends: .source_autodevops
dependencies:
- pin_image_versions
script:
- mkdir -p $(dirname "${VARIABLES_FILE}")
- set_context
- check_kube_domain
- ensure_namespace
- create_secret
- deploy
- wait_for_deploy
- !reference [.set_up_varfile_and_kubecontext, script]
- !reference [.set_up_namespace_secret_and_deploy, script]
- check_domain_ip
- restart_toolbox
- echo "export QA_ENVIRONMENT_URL=gitlab.$KUBE_INGRESS_BASE_DOMAIN" >> "${VARIABLES_FILE}"
- echo "export GITLAB_ROOT_DOMAIN=$KUBE_INGRESS_BASE_DOMAIN" >> "${VARIABLES_FILE}"
- echo "export S3_ENDPOINT=https://minio.$KUBE_INGRESS_BASE_DOMAIN" >> "${VARIABLES_FILE}"
- !reference [.get_qa_revision, script]
artifacts:
paths:
- variables
......@@ -523,7 +569,7 @@ debug_review_gke122:
- if: '$PIPELINE_TYPE =~ /FEATURE_BRANCH_PIPELINE$/'
rubocop:
image: ruby:3.0-alpine
image: ruby:3.1-alpine
stage: prepare
dependencies: []
before_script:
......@@ -544,7 +590,7 @@ rubocop:
# Perform documentation linting on Markdown files
check_docs_markdown:
image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.18-vale-2.27.0-markdownlint-0.35.0-markdownlint2-0.8.1
image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.18-vale-2.29.6-markdownlint-0.37.0-markdownlint2-0.10.0
stage: prepare
cache: {}
dependencies: []
......@@ -562,7 +608,7 @@ check_docs_markdown:
# Perform link checks on published HTML files
check_docs_links:
image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.18-ruby-3.2.2-6a53d93b
image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.18-ruby-3.2.2-08fa6df8
stage: prepare
cache: {}
dependencies: []
......@@ -580,7 +626,7 @@ check_docs_links:
- if: '$PIPELINE_TYPE =~ /BRANCH_PIPELINE$/'
.review-docs:
image: ruby:3.0-alpine
image: ruby:3.1-alpine
stage: review
cache: {}
dependencies: []
......
.review_app_common:
stage: review
variables:
AGENT_NAME: "gke125-ci-cluster" # connect to 1.25 cluster until we have a dedicated cluster
environment:
name: gke125_vcluster/${VCLUSTER_NAME}
auto_stop_in: 1 hour
before_script:
- source scripts/ci/vcluster.sh
allow_failure: true
rules:
- !reference [.rule:skip_if_no_cluster]
- if: '$PIPELINE_TYPE =~ /MR_PIPELINE$/'
- if: '$PIPELINE_TYPE =~ /FEATURE_BRANCH_PIPELINE$/'
.review_app_template:
extends: .review_app_common
script:
- cluster_connect
- kubectl version
- vcluster_create
- vcluster_run kubectl version
- vcluster_helm_deploy
- vcluster_helm_rollout_status
- vcluster_info
.stop_review_app_template:
extends: .review_app_common
dependencies: []
script:
- cluster_connect
- vcluster_delete
environment:
action: stop
when: manual
# Below, create two jobs for each Kubernetes version:
# - one to create the environment
# - one to stop the environment
# Kubernetes 1.27
review_vcluster_127:
extends: .review_app_template
variables:
VCLUSTER_K8S_VERSION: "1.27"
VCLUSTER_NAME: vcluster-1-27-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_SLUG}
environment:
on_stop: stop_review_vcluster_127
stop_review_vcluster_127:
extends: .stop_review_app_template
variables: !reference [review_vcluster_127, variables]
# Kubernetes 1.28
review_vcluster_128:
extends: .review_app_template
variables:
VCLUSTER_K8S_VERSION: "1.28"
VCLUSTER_NAME: vcluster-1-28-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_SLUG}
environment:
on_stop: stop_review_vcluster_128
stop_review_vcluster_128:
extends: .stop_review_app_template
variables: !reference [review_vcluster_128, variables]
......@@ -16,4 +16,4 @@ Related issue(s):
<!-- Any additional context, questions, or notes for the technical writer. -->
/label ~documentation ~"section::enablement" ~"devops::systems" ~"group::distribution"
/label ~documentation ~"section::core platform" ~"devops::systems" ~"group::distribution"
......@@ -40,4 +40,4 @@
<!-- E.g. related GitLab issues/MRs -->
/label ~documentation ~"section::enablement" ~"devops::systems" ~"group::distribution"
/label ~documentation ~"section::core platform" ~"devops::systems" ~"group::distribution"
......@@ -4,4 +4,4 @@ helm 3.11.0
stern 1.23.0
yq 4.34.2
gomplate v3.11.5
vale 2.27.0
vale 2.29.6
......@@ -2,6 +2,71 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 7.6.0 (2023-11-15)
### Fixed (2 changes)
- [Add custom static IP key for Geo NGINX controller](gitlab-org/charts/gitlab@e68ef0041ce05615acdff3cfb87da5c005f92ee0) ([merge request](gitlab-org/charts/gitlab!3407))
- [Fix runner secret templating](gitlab-org/charts/gitlab@a974ffcbc415d49295b88455ffa09e8a7e16c9b1) ([merge request](gitlab-org/charts/gitlab!3445))
### Changed (10 changes)
- [Update gitlab-org/container-registry from 3.85.0-gitlab to 3.86.1-gitlab](gitlab-org/charts/gitlab@2568a6d03fac5dcee08e80ee09e941fc7de0efcd) ([merge request](gitlab-org/charts/gitlab!3466))
- [Update cert-manager/cert-manager from 1.12.5 to 1.12.6](gitlab-org/charts/gitlab@3b1164b195b831444c9f7baa7fa61b8a836cfe46) ([merge request](gitlab-org/charts/gitlab!3478))
- [Update gitlab-org/container-registry from 3.85.0-gitlab to 3.86.0-gitlab](gitlab-org/charts/gitlab@639394504513cc18f5aaeedf0e676226087d1213) ([merge request](gitlab-org/charts/gitlab!3466))
- [Update gitlab-org/charts/gitlab-runner from 0.58.1 to 0.58.2](gitlab-org/charts/gitlab@fa3f2024db1e9fbb31800c2a56ada5dd434f6a6a) ([merge request](gitlab-org/charts/gitlab!3465))
- [Add k8s 1.26 to documented support and drop k8s 1.19](gitlab-org/charts/gitlab@9cbad96b5340c92f50a60899483b8f1da34a56bc) by @twk3 ([merge request](gitlab-org/charts/gitlab!3444))
- [Update gitlab-org/gitlab-qa from 12.4.1 to 12.5.0](gitlab-org/charts/gitlab@94d93fdf1ef79af1355c41a978f0ee92b21c7dc8) ([merge request](gitlab-org/charts/gitlab!3450))
- [Bump gitlab-exporter to version 13.4.1](gitlab-org/charts/gitlab@0c35e7baaf7fc72fac088205202a87c74be8e536) ([merge request](gitlab-org/charts/gitlab!3432))
- [Update gitlab-org/charts/gitlab-runner from 0.57.1 to 0.58.1](gitlab-org/charts/gitlab@895ba3c786d3b303f804779feb7aa287eda61a21) ([merge request](gitlab-org/charts/gitlab!3445))
- [Update cert-manager from 1.11.1 to 1.12.5](gitlab-org/charts/gitlab@033b69ed2429807aabbd94e89293938fc9bf6651) ([merge request](gitlab-org/charts/gitlab!3446))
- [Update gitlab-org/charts/gitlab-runner from 0.57.1 to 0.58.0](gitlab-org/charts/gitlab@ba5295e5f2deeb93b126ca9da7b9f99d871de72f) ([merge request](gitlab-org/charts/gitlab!3445))
### Other (1 change)
- [Deprecate namespace in mailroom.yml](gitlab-org/charts/gitlab@781a94d070a5ae221c33f1a31fdd9ecde15f2be6) ([merge request](gitlab-org/charts/gitlab!3419))
## 7.5.2 (2023-11-14)
No changes.
## 7.5.1 (2023-10-30)
### Changed (1 change)
- [Update gitlab-org/charts/gitlab-runner from 0.57.1 to 0.58.0](gitlab-org/security/charts/gitlab@f22baeb579a3ed2caa78ae1fefc7566ffd71f8db)
## 7.5.0 (2023-10-20)
### Added (1 change)
- [Add template to guard Monitoring objects](gitlab-org/charts/gitlab@cd06e2a6c1ccbadf28cd85e7781fa27a0ff17628) ([merge request](gitlab-org/charts/gitlab!3390))
### Fixed (2 changes)
- [Exclude HAProxy and Traefik templates when gitlab-shell is disabled](gitlab-org/charts/gitlab@4a3295dd4f63ff8895fe3bd70b5ece637e5e5ec4) by @jbblache ([merge request](gitlab-org/charts/gitlab!3433))
- [Fix templating error in KEDA templates for Sidekiq and Web](gitlab-org/charts/gitlab@5611885e7e7720f1b9ce003f2893735863bfad18) ([merge request](gitlab-org/charts/gitlab!3425))
### Changed (7 changes)
- [Update gitlab-org/container-registry from 3.84.0-gitlab to 3.85.0-gitlab](gitlab-org/charts/gitlab@529399631d87ce5108a205f990d3ed10b4acd9fb) ([merge request](gitlab-org/charts/gitlab!3436))
- [Update gitlab-org/gitlab-exporter from 13.3.0 to 13.4.0](gitlab-org/charts/gitlab@ba51e4978ad00f1b8d16f76aa87463b7c462adc3) ([merge request](gitlab-org/charts/gitlab!3420))
- [Update gitlab-org/charts/gitlab-runner from 0.57.0 to 0.57.1](gitlab-org/charts/gitlab@88fbdbfcf1176f660947756998496efeb3513ef1) ([merge request](gitlab-org/charts/gitlab!3423))
- [Update gitlab-org/gitlab-exporter from 13.2.0 to 13.3.0](gitlab-org/charts/gitlab@2de53f8855fbff484b007a2a99485f2ec978b80c) ([merge request](gitlab-org/charts/gitlab!3413))
- [Update gitlab-org/container-registry from 3.83.0-gitlab to 3.84.0-gitlab](gitlab-org/charts/gitlab@8d5c2d3386a9a576529fd72c934de704af1d484f) ([merge request](gitlab-org/charts/gitlab!3412))
- [Update gitlab-org/charts/gitlab-runner from 0.56.0 to 0.57.0](gitlab-org/charts/gitlab@d8e4d0c39ce28a73fcf838f4c06ec0928f25a8f8) ([merge request](gitlab-org/charts/gitlab!3399))
- [Update gitlab-org/charts/gitlab-runner from 0.56.0 to 0.56.1](gitlab-org/charts/gitlab@39351c74a18bf92d577bc675914a900e6c62eb89) ([merge request](gitlab-org/charts/gitlab!3399))
### Other (1 change)
- [Enable dual-namespace polling for sidekiq probe in gitlab-exporter](gitlab-org/charts/gitlab@08e94769a6169bdc380e7d46b3ed300aa9c9cfab) ([merge request](gitlab-org/charts/gitlab!3388))
## 7.4.2 (2023-10-30)
### Changed (1 change)
- [Update gitlab-org/charts/gitlab-runner from 0.56.0 to 0.57.1](gitlab-org/security/charts/gitlab@31e21355635bd7767122652673cca0964d04bbd1)
## 7.4.1 (2023-09-28)
No changes.
......@@ -31,6 +96,10 @@ No changes.
- [Update gitlab-org/container-registry from 3.79.0-gitlab to 3.80.0-gitlab](gitlab-org/charts/gitlab@7f61401aaa147497b4a9a32fa25a1c6896bfe394) ([merge request](gitlab-org/charts/gitlab!3341))
- [Update gitlab-org/gitlab-qa from 12.2.1 to 12.3.0](gitlab-org/charts/gitlab@021b652e4100e94f0f59985cdb21022015275b61) ([merge request](gitlab-org/charts/gitlab!3349))
## 7.3.6 (2023-10-30)
No changes.
## 7.3.5 (2023-09-28)
No changes.
......
---
apiVersion: v1
name: gitlab
version: 7.4.1
appVersion: master
version: 7.6.0
appVersion: v16.6.0
description: GitLab is the most comprehensive AI-powered DevSecOps Platform.
keywords:
- gitlab
......
---
apiVersion: v1
name: geo-logcursor
version: 7.4.1
appVersion: master
version: 7.6.0
appVersion: v16.6.0
description: GitLab Geo logcursor
keywords:
- gitlab
......
---
apiVersion: v1
name: gitaly
version: 7.4.1
appVersion: master
version: 7.6.0
appVersion: 16.6.0
description: Git RPC service for handling all the git calls made by GitLab
keywords:
- gitlab
......
---
apiVersion: v1
name: gitlab-exporter
version: 7.4.1
appVersion: 13.4.0
version: 7.6.0
appVersion: 13.4.1
description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors)
keywords:
- gitlab
......
---
apiVersion: v1
name: gitlab-pages
version: 7.4.1
appVersion: master
version: 7.6.0
appVersion: 16.6.0
description: Daemon for serving static websites from GitLab projects
keywords:
- gitlab
......
---
apiVersion: v1
name: gitlab-shell
version: 7.4.1
appVersion: main
version: 7.6.0
appVersion: 14.30.0
description: sshd for Gitlab
keywords:
- gitlab
......
---
apiVersion: v1
name: kas
version: 7.4.1
appVersion: master
version: 7.6.0
appVersion: v16.6.0
description: GitLab Agent Server
keywords:
- agent
......
---
apiVersion: v1
name: mailroom
version: 7.4.1
appVersion: master
version: 7.6.0
appVersion: v16.6.0
description: Handling incoming emails
keywords:
- gitlab
......
......@@ -48,7 +48,6 @@ data:
:delivery_method: sidekiq
:delivery_options:
:redis_url: {{ include "gitlab.mailroom.redis.url" $ }}
:namespace: resque:gitlab
:queue: email_receiver
:worker: EmailReceiverWorker
{{- include "gitlab.mailroom.redis.sentinels" $ | nindent 10 }}
......@@ -104,7 +103,6 @@ data:
:delivery_method: sidekiq
:delivery_options:
:redis_url: {{ template "gitlab.redis.url" $ }}
:namespace: resque:gitlab
:queue: service_desk_email_receiver
:worker: ServiceDeskEmailReceiverWorker
{{- include "gitlab.mailroom.redis.sentinels" $ | nindent 10 }}
......
---
apiVersion: v1
name: migrations
version: 7.4.1
appVersion: master
version: 7.6.0
appVersion: v16.6.0
description: Database migrations and other versioning tasks for upgrading Gitlab
keywords:
- gitlab
......
---
apiVersion: v1
name: praefect
version: 7.4.1
appVersion: master
version: 7.6.0
appVersion: 16.6.0
description: Praefect is a router and transaction manager for Gitaly, and a required
component for running a Gitaly Cluster.
keywords:
......
---
apiVersion: v1
name: sidekiq
version: 7.4.1
appVersion: master
version: 7.6.0
appVersion: v16.6.0
description: Gitlab Sidekiq for asynchronous task processing in rails
keywords:
- gitlab
......
---
apiVersion: v1
name: spamcheck
version: 7.4.1
version: 7.6.0
appVersion: 1.2.3
description: GitLab Anti-Spam Engine
keywords:
......
---
apiVersion: v1
name: toolbox
version: 7.4.1
appVersion: master
version: 7.6.0
appVersion: v16.6.0
description: For manually running rake tasks through kubectl
keywords:
- gitlab
......