Skip to content
Commits on Source (124)
......@@ -25,11 +25,12 @@
# Note: Auto CI does not work with multiple buildpacks yet
default:
image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base-helm-3.7
image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base-helm-3.9
variables:
AUTO_DEPLOY_TAG_REGEX: '^[0-9]+\.[0-9]+\.[0-9]+\+[a-z0-9]{7,}$'
HELM_VERSION: "3.5.2"
DOCKER_VERSION: "24.0.6"
HELM_VERSION: "3.9.4"
KUBECTL_VERSION: "1.26.7"
STABLE_REPO_URL: "https://charts.helm.sh/stable"
GOOGLE_APPLICATION_CREDENTIALS: ${CI_PROJECT_DIR}/.google_keyfile.json
......@@ -50,7 +51,7 @@ variables:
DEBIAN_VERSION: bullseye
RUBY_VERSION: "3.0"
CI_TOOLS_VERSION: "4.22.0"
GITLAB_QA_VERSION: "12.5.0"
GITLAB_QA_VERSION: "13.0.0"
# STRICT_VERSIONS is used in RSpecs to ensure exact version match for tools like "helm" and "kubectl"
STRICT_VERSIONS: "true"
KUBE_CRD_SCHEMA_URL: "https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/v3/apis__apiextensions.k8s.io__v1_openapi.json"
......@@ -63,6 +64,7 @@ variables:
cron:
enabled: true
GITLAB_AUTH_TOKEN: $DANGER_GITLAB_API_TOKEN
REVIEW_APPS_AUTO_STOP_IN: "2 days"
stages:
- prepare
......@@ -342,6 +344,32 @@ pin_image_versions:
.review_eks_common_vars: &review_eks_common_vars
DNS_PROVIDER: "aws"
# Jobs using auto_stop_in that exit with a failure will not execute the on_stop
# action. We get frequent failures during review_* jobs. Their accompanying
# partially deployed environments then hang around forever which may eventually
# cause resource exhaustion. These deployments must be manually cleaned up. See
# https://gitlab.com/gitlab-org/charts/gitlab/-/issues/2185 for details. Issue
# https://gitlab.com/gitlab-org/gitlab/-/issues/382549 should address this
# problem in the future.
#
# To ensure that deployment cleanup always occurs, we create the environment
# using this job. It is designed to never fail and will always execute the
# on_stop action either when manually performed or when
# $REVIEW_APPS_AUTO_STOP_IN expires. The actual deployment is left to the
# associated review_* job.
create_review_gke122:
stage: review
variables:
<<: *review_gke122_common_vars
GIT_STRATEGY: none
script:
- echo "Configuring gke122_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG to automatically stop in $REVIEW_APPS_AUTO_STOP_IN."
environment:
name: gke122_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG
on_stop: stop_review_gke122
auto_stop_in: $REVIEW_APPS_AUTO_STOP_IN
action: start
review_gke122:
variables:
<<: *review_gke122_common_vars
......@@ -350,9 +378,24 @@ review_gke122:
name: gke122_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG
url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN
on_stop: stop_review_gke122
auto_stop_in: 2 days
auto_stop_in: "${REVIEW_APPS_AUTO_STOP_IN}"
action: access
resource_group: "gke122-review-app-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_SLUG}"
# See comments in create_review_gke122.
create_review_gke125:
stage: review
variables:
<<: *review_gke125_common_vars
GIT_STRATEGY: none
script:
- echo "Configuring gke125_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG to automatically stop in $REVIEW_APPS_AUTO_STOP_IN."
environment:
name: gke125_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG
on_stop: stop_review_gke125
auto_stop_in: $REVIEW_APPS_AUTO_STOP_IN
action: start
review_gke125:
variables:
<<: *review_gke125_common_vars
......@@ -361,9 +404,25 @@ review_gke125:
name: gke125_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG
url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN
on_stop: stop_review_gke125
auto_stop_in: 2 days
auto_stop_in: "${REVIEW_APPS_AUTO_STOP_IN}"
action: access
resource_group: "gke125-review-app-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_SLUG}"
# See comments in create_review_gke122.
create_review_gke126:
stage: review
variables:
<<: *review_gke126_common_vars
GIT_STRATEGY: none
script:
- echo "Configuring gke126_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG to automatically stop in $REVIEW_APPS_AUTO_STOP_IN."
environment:
name: gke126_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG
url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN
on_stop: stop_review_gke126
auto_stop_in: $REVIEW_APPS_AUTO_STOP_IN
action: start
review_gke126:
variables:
<<: *review_gke126_common_vars
......@@ -372,9 +431,24 @@ review_gke126:
name: gke126_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG
url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN
on_stop: stop_review_gke126
auto_stop_in: 2 days
auto_stop_in: "${REVIEW_APPS_AUTO_STOP_IN}"
action: access
resource_group: "gke126-review-app-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_SLUG}"
# See comments in create_review_gke122.
create_review_eks:
stage: review
variables:
<<: *review_eks_common_vars
GIT_STRATEGY: none
script:
- echo "Configuring eks_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG to automatically stop in $REVIEW_APPS_AUTO_STOP_IN."
environment:
name: eks_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG
on_stop: stop_review_eks
auto_stop_in: $REVIEW_APPS_AUTO_STOP_IN
action: start
review_eks:
variables:
<<: *review_eks_common_vars
......@@ -383,7 +457,8 @@ review_eks:
name: eks_review/$REVIEW_REF_PREFIX$CI_COMMIT_REF_SLUG
url: https://gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN
on_stop: stop_review_eks
auto_stop_in: 2 days
auto_stop_in: "${REVIEW_APPS_AUTO_STOP_IN}"
action: access
resource_group: "eks-review-app-${REVIEW_REF_PREFIX}${CI_COMMIT_REF_SLUG}"
.stop_review_template:
......@@ -683,7 +758,7 @@ review-docs-cleanup:
image: registry.gitlab.com/gitlab-org/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-2.7.patched-golang-1.18-node-16.14-postgresql-11:git-2.33-lfs-2.9-chrome-109-yarn-1.22-graphicsmagick-1.3.36-kubectl-1.23-helm-3.5
stage: specs
services:
- docker:dind
- docker:${DOCKER_VERSION}-dind
variables:
DOCKER_HOST: tcp://docker:2375
GITLAB_PASSWORD: $ROOT_PASSWORD
......@@ -857,7 +932,7 @@ production_specs_eks:
image: registry.gitlab.com/gitlab-org/gitlab-omnibus-builder/distribution_ci_tools:${CI_TOOLS_VERSION}
stage: qa
services:
- docker:dind
- docker:${DOCKER_VERSION}-dind
variables:
QA_GENERATE_ALLURE_REPORT: "true"
DOCKER_HOST: tcp://docker:2375
......@@ -897,7 +972,7 @@ wait_for_dev_images:
image: registry.gitlab.com/gitlab-org/gitlab-omnibus-builder/distribution_ci_tools:${CI_TOOLS_VERSION}
stage: prepare
services:
- docker:dind
- docker:${DOCKER_VERSION}-dind
before_script: []
variables:
DOCKER_HOST: tcp://docker:2375
......@@ -910,7 +985,7 @@ wait_for_dev_images:
.publish_chart_package:
# publish chart into repo's Packages
stage: package
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base-helm-3.7"
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base-helm-3.9"
dependencies: []
variables:
# **Required** variable to set channel to which chart will be published:
......
......@@ -15,6 +15,8 @@
.review_app_template:
extends: .review_app_common
dependencies:
- pin_image_versions
script:
- cluster_connect
- kubectl version
......
workflow:
name: '$PIPELINE_TYPE'
rules:
# Set `TEST_BRANCH=true` to execute a pipeline for a branch without a merge request.
# Avoid duplicate pipeline when an MR is open
- if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS && $CI_PIPELINE_SOURCE == "push"'
when: never
......
......@@ -20,6 +20,13 @@ For anything in this list which will not be completed, please provide a reason i
- [ ] MR has a green pipeline on GitLab.com
- [ ] When ready for review, follow the instructions in the "Reviewer Roulette" section of the Danger Bot MR comment, as per the [Distribution experimental MR workflow](https://about.gitlab.com/handbook/engineering/development/enablement/systems/distribution/merge_requests.html)
For merge requests from forks, consider the following options for Danger to work properly:
- Consider using our [community forks](https://gitlab.com/gitlab-community/meta) instead of forking
your own project. These community forks have the GitLab API token preconfigured.
- Alternatively, see our documentation on
[configuring Danger for personal forks](https://docs.gitlab.com/ee/development/dangerbot.html#configuring-danger-for-personal-forks).
### Expected (please provide an explanation if not completing)
- [ ] Test plan indicating conditions for success has been posted and passes
- [ ] Documentation created/updated
......
......@@ -2,6 +2,75 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 7.7.0 (2023-12-20)
### Added (1 change)
- [Add auth-timeout flag in Gitlab Pages](gitlab-org/charts/gitlab@6586cebcd3f813eb07c97c81986701d4a694b86b) ([merge request](gitlab-org/charts/gitlab!3502))
### Fixed (1 change)
- [Fix newline in NGINX DaemonSet](gitlab-org/charts/gitlab@1b13e056c27ebbb7a125fe44aef6a7615e996680) ([merge request](gitlab-org/charts/gitlab!3517))
### Changed (7 changes)
- [Update gitlab-org/container-registry from 3.87.0-gitlab to 3.88.0-gitlab](gitlab-org/charts/gitlab@759c49e581fc56612f4884d07bf48ae2956091fc) ([merge request](gitlab-org/charts/gitlab!3543))
- [Update gitlab-org/gitlab-qa from 12.5.0 to 13.0.0](gitlab-org/charts/gitlab@c4f25d89b33e8eb241b6ad607e78d869a865c681) ([merge request](gitlab-org/charts/gitlab!3522))
- [Update gitlab-org/container-registry from 3.86.2-gitlab to 3.87.0-gitlab](gitlab-org/charts/gitlab@3a73a280d03c0b665f720b64eb0963f0223d5c8b) ([merge request](gitlab-org/charts/gitlab!3521))
- [Update gitlab-org/charts/gitlab-runner from 0.59.0 to 0.59.1](gitlab-org/charts/gitlab@1f0269179b4b313aa044be4de3a7cfd684e30ba7) ([merge request](gitlab-org/charts/gitlab!3498))
- [Update gitlab-org/charts/gitlab-runner from 0.58.2 to 0.59.0](gitlab-org/charts/gitlab@561480190777e575ed794e41c5de62c44e920cf6) ([merge request](gitlab-org/charts/gitlab!3493))
- [Update gitlab-org/gitlab-exporter from 13.4.1 to 13.5.0](gitlab-org/charts/gitlab@7a12945b9146898967ce80158fbd32a51eda27ac) ([merge request](gitlab-org/charts/gitlab!3484))
- [Update gitlab-org/container-registry from 3.86.1-gitlab to 3.86.2-gitlab](gitlab-org/charts/gitlab@d9be455eb43298cdf385a1afb86881bc7b65ce14) ([merge request](gitlab-org/charts/gitlab!3488))
### Other (1 change)
- [Doc: FIPS Add note of UBI expectations for FIPS mode host](gitlab-org/charts/gitlab@4274d077ab7d6b08b9ac640182640b02ea22b4f7) ([merge request](gitlab-org/charts/gitlab!3487))
## 7.6.2 (2023-12-13)
No changes.
## 7.6.1 (2023-11-30)
### Changed (2 changes)
- [Update gitlab-org/charts/gitlab-runner from 0.59.0 to 0.59.2](gitlab-org/security/charts/gitlab@b69ce97c14be61d7734a65b0a64f117f563158ca)
- [Update gitlab-runner from 0.58.2 to 0.59.0](gitlab-org/security/charts/gitlab@520f8d9dace33be52b1b3cf50ba400b0c5e12e94)
## 7.6.0 (2023-11-15)
### Fixed (2 changes)
- [Add custom static IP key for Geo NGINX controller](gitlab-org/charts/gitlab@e68ef0041ce05615acdff3cfb87da5c005f92ee0) ([merge request](gitlab-org/charts/gitlab!3407))
- [Fix runner secret templating](gitlab-org/charts/gitlab@a974ffcbc415d49295b88455ffa09e8a7e16c9b1) ([merge request](gitlab-org/charts/gitlab!3445))
### Changed (10 changes)
- [Update gitlab-org/container-registry from 3.85.0-gitlab to 3.86.1-gitlab](gitlab-org/charts/gitlab@2568a6d03fac5dcee08e80ee09e941fc7de0efcd) ([merge request](gitlab-org/charts/gitlab!3466))
- [Update cert-manager/cert-manager from 1.12.5 to 1.12.6](gitlab-org/charts/gitlab@3b1164b195b831444c9f7baa7fa61b8a836cfe46) ([merge request](gitlab-org/charts/gitlab!3478))
- [Update gitlab-org/container-registry from 3.85.0-gitlab to 3.86.0-gitlab](gitlab-org/charts/gitlab@639394504513cc18f5aaeedf0e676226087d1213) ([merge request](gitlab-org/charts/gitlab!3466))
- [Update gitlab-org/charts/gitlab-runner from 0.58.1 to 0.58.2](gitlab-org/charts/gitlab@fa3f2024db1e9fbb31800c2a56ada5dd434f6a6a) ([merge request](gitlab-org/charts/gitlab!3465))
- [Add k8s 1.26 to documented support and drop k8s 1.19](gitlab-org/charts/gitlab@9cbad96b5340c92f50a60899483b8f1da34a56bc) by @twk3 ([merge request](gitlab-org/charts/gitlab!3444))
- [Update gitlab-org/gitlab-qa from 12.4.1 to 12.5.0](gitlab-org/charts/gitlab@94d93fdf1ef79af1355c41a978f0ee92b21c7dc8) ([merge request](gitlab-org/charts/gitlab!3450))
- [Bump gitlab-exporter to version 13.4.1](gitlab-org/charts/gitlab@0c35e7baaf7fc72fac088205202a87c74be8e536) ([merge request](gitlab-org/charts/gitlab!3432))
- [Update gitlab-org/charts/gitlab-runner from 0.57.1 to 0.58.1](gitlab-org/charts/gitlab@895ba3c786d3b303f804779feb7aa287eda61a21) ([merge request](gitlab-org/charts/gitlab!3445))
- [Update cert-manager from 1.11.1 to 1.12.5](gitlab-org/charts/gitlab@033b69ed2429807aabbd94e89293938fc9bf6651) ([merge request](gitlab-org/charts/gitlab!3446))
- [Update gitlab-org/charts/gitlab-runner from 0.57.1 to 0.58.0](gitlab-org/charts/gitlab@ba5295e5f2deeb93b126ca9da7b9f99d871de72f) ([merge request](gitlab-org/charts/gitlab!3445))
### Other (1 change)
- [Deprecate namespace in mailroom.yml](gitlab-org/charts/gitlab@781a94d070a5ae221c33f1a31fdd9ecde15f2be6) ([merge request](gitlab-org/charts/gitlab!3419))
## 7.5.4 (2023-12-13)
No changes.
## 7.5.3 (2023-11-30)
### Changed (1 change)
- [Update gitlab-runner chart from 0.58.1 to 0.58.2](gitlab-org/security/charts/gitlab@d5cb0431d91e4cb95645b7a7c692ed4658445e6f)
## 7.5.2 (2023-11-14)
No changes.
......@@ -37,6 +106,14 @@ No changes.
- [Enable dual-namespace polling for sidekiq probe in gitlab-exporter](gitlab-org/charts/gitlab@08e94769a6169bdc380e7d46b3ed300aa9c9cfab) ([merge request](gitlab-org/charts/gitlab!3388))
## 7.4.4 (2023-12-13)
No changes.
## 7.4.3 (2023-11-30)
No changes.
## 7.4.2 (2023-10-30)
### Changed (1 change)
......
---
apiVersion: v1
name: gitlab
version: 7.5.2
appVersion: master
version: 7.7.0
appVersion: v16.7.0
description: GitLab is the most comprehensive AI-powered DevSecOps Platform.
keywords:
- gitlab
......
---
apiVersion: v1
name: geo-logcursor
version: 7.5.2
appVersion: master
version: 7.7.0
appVersion: v16.7.0
description: GitLab Geo logcursor
keywords:
- gitlab
......
---
apiVersion: v1
name: gitaly
version: 7.5.2
appVersion: master
version: 7.7.0
appVersion: 16.7.0
description: Git RPC service for handling all the git calls made by GitLab
keywords:
- gitlab
......
---
apiVersion: v1
name: gitlab-exporter
version: 7.5.2
appVersion: 13.4.1
version: 7.7.0
appVersion: 13.5.0
description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors)
keywords:
- gitlab
......
---
apiVersion: v1
name: gitlab-pages
version: 7.5.2
appVersion: master
version: 7.7.0
appVersion: 16.7.0
description: Daemon for serving static websites from GitLab projects
keywords:
- gitlab
......
......@@ -111,6 +111,9 @@ data:
auth-secret={% file.Read "/etc/gitlab-secrets/pages/auth_secret" %}
auth-scope={{ template "oauth.gitlab-pages.authScope" . }}
{{- end }}
{{- if .Values.authTimeout }}
auth-timeout={{ .Values.authTimeout }}
{{- end }}
{{- if .Values.authCookieSessionTimeout }}
auth-cookie-session-timeout={{ .Values.authCookieSessionTimeout }}
{{- end }}
......
......@@ -234,6 +234,7 @@ affinity:
podAntiAffinity:
topologyKey:
# authTimeout:
# authCookieSessionTimeout:
# rateLimitSourceIP:
......
---
apiVersion: v1
name: gitlab-shell
version: 7.5.2
appVersion: main
version: 7.7.0
appVersion: 14.32.0
description: sshd for Gitlab
keywords:
- gitlab
......
---
apiVersion: v1
name: kas
version: 7.5.2
appVersion: master
version: 7.7.0
appVersion: v16.8.0-rc1
description: GitLab Agent Server
keywords:
- agent
......
---
apiVersion: v1
name: mailroom
version: 7.5.2
appVersion: master
version: 7.7.0
appVersion: v16.7.0
description: Handling incoming emails
keywords:
- gitlab
......
---
apiVersion: v1
name: migrations
version: 7.5.2
appVersion: master
version: 7.7.0
appVersion: v16.7.0
description: Database migrations and other versioning tasks for upgrading Gitlab
keywords:
- gitlab
......
---
apiVersion: v1
name: praefect
version: 7.5.2
appVersion: master
version: 7.7.0
appVersion: 16.7.0
description: Praefect is a router and transaction manager for Gitaly, and a required
component for running a Gitaly Cluster.
keywords:
......
---
apiVersion: v1
name: sidekiq
version: 7.5.2
appVersion: master
version: 7.7.0
appVersion: v16.7.0
description: Gitlab Sidekiq for asynchronous task processing in rails
keywords:
- gitlab
......
---
apiVersion: v1
name: spamcheck
version: 7.5.2
version: 7.7.0
appVersion: 1.2.3
description: GitLab Anti-Spam Engine
keywords:
......
---
apiVersion: v1
name: toolbox
version: 7.5.2
appVersion: master
version: 7.7.0
appVersion: v16.7.0
description: For manually running rake tasks through kubectl
keywords:
- gitlab
......