Replace all registry.gitlab.com with environment variables
Proposal
In jh/ there is a directory which holds copies of Gitlab/Ci/Templates. The reason why we need the copies is because registry.gitlab.com is blocked in China - since it's on GCP - we have to manually upload the docker images to Tencent Cloud then modify corresponding templates to make sure they work in China.
For these reasons above, we need sync the images from registry.gitlab.com
. As a result of the discussion, the final plan is:
The final plan: We are going to create a new repo under gitlab.cn/jihu, in which we maintain images <-> repo mapping https://jihulab.com/jihulab/engineering/ci-image-sync
* It will have a mechanism to scan every CI template of `main-jh` branch to ensure their existence in the mapping.
* It will fetch tags through [this API](https://gitlab.com/api/v4/projects/9762266/registry/repositories/304739/tags), and compare them to existing tags in `registry.gitlab.cn`(or maybe another registry)
* It will pull & push images which tags are not present in `registry.gitlab.cn`(or maybe another registry)
* It will be scheduled several times a day in runners with stable cross-boarder network
Now we can already sync the images from registry.gitlab.com
to our space, I think now we need to replace all the domain names in the .gitlab-ci.yml file with environment variables so that we can flexibly configure the domain name. I noticed that we have replaced some of the image hosts in the.gitlab directory, like this .gitlab/ci/frontend.gitlab-ci.yml
.compile-assets-base:
extends:
- .default-retry
- .default-before_script
- .assets-compile-cache
image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:debian-${DEBIAN_VERSION}-ruby-2.7-git-2.33-lfs-2.9-node-14.15-yarn-1.22-graphicsmagick-1.3.36
variables:
SETUP_DB: "false"
WEBPACK_VENDOR_DLL: "true"
# Disable warnings in browserslist which can break on backports
# https://github.com/browserslist/browserslist/blob/a287ec6/node.js#L367-L384
BROWSERSLIST_IGNORE_OLD_DATA: "true"
stage: prepare
script:
- *yarn-install
- run_timed_command "bin/rake gitlab:assets:compile"
- run_timed_command "scripts/clean-old-cached-assets"
And I also noticed that there are some images from registry.gitlab.com/gitlab-org/security-products/analyzers
moved to registry.gitlab.com/security-products
382bd94d. We are also planning to migrate the image from Tencent TCR to registry.jihulab.com
. So I wonder if we have any plan to replace the domain name of the image. @godfat-gitlab @shinya.maeda @kwiebers cc @prajnamas