Draft: WIP: POC: Public CI Catalog server (!150846) · Merge requests · GitLab.org / GitLab

Furkan Ayhan requested to merge 456843-poc-external-component-server into master Apr 25, 2024

What does this MR do and why?

Draft: WIP: POC: Public CI Catalog server

This is a POC of how a Cell can serve a CI Catalog via a public API. There are many TODOs to be resolved.

Related to #456843

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Setup Cells

https://gitlab.com/gitlab-org/tenant-scale-group/pocs/routing/rules-router

Main cell (existing one)

gdk config set hostname gdk.test

gdk config set gitlab.rails.session_store.cookie_key _gitlab_session
gdk config set gitlab.rails.session_store.unique_cookie_key_postfix false
gdk config set gitlab.rails.session_store.session_cookie_token_prefix cell_1_

gdk reconfigure

gdk restart

new cell

git clone git@gitlab.com:gitlab-org/gitlab-development-kit.git gitlab-development-kit-01
cd gitlab-development-kit-01/

cp ../gitlab-development-kit-00/gdk.yml . # copy existing config
cp ../gitlab-development-kit-00/lefthook-local.yml . # copy any local lefthook (like disabling asdf)

gdk config set port 3001
gdk config set gitlab.rails.session_store.cookie_key _gitlab_session
gdk config set gitlab.rails.session_store.unique_cookie_key_postfix false
gdk config set gitlab.rails.session_store.session_cookie_token_prefix cell_2_
gdk config set postgresql.port 5433

gdk install shallow_clone=true gitlab_repo=git@gitlab.com:gitlab-org/gitlab.git

gdk restart

Proxy

git clone git@gitlab.com:gitlab-org/tenant-scale-group/pocs/routing/rules-router.git
cd rules-router
npm install
npx wrangler dev --port 9393

http://gdk.test:9393/

To access the 2nd cell; document.cookie = 'cell_2=true;path=/;domain=gdk.test';
To access the 1st cell; delete cell_2 and _gitlab_session.

Requirements

Cell 2

http://gdk.test:9393/admin/application_settings/network
Allow requests to the local network from webhooks and integrations

Utils

Cache clear: bundle exec rake cache:clear

Screenshots or screen recordings

https://www.youtube.com/watch?v=9mfmBbodDko

Future work

1- The Cell Routing Service will redirect requests to the correct cell based on the project path.

For example; http://gdk.test:9393/api/v4/projects/namespace%2Fproject-path/components/sast?version=1.1.2 will be redirected to the Cell that has the namespace/project-path project.

2- We need to define EXTERNAL_SERVER_ALLOWLIST as an application setting.

3- Improve the cache system.

4- Better error handling.

Edited Jun 03, 2024 by Furkan Ayhan