Update dast-fips runner setup/registration script
What does this MR do?
-
Migrate to the new runner registration workflow.
-
Pins docker package versions which are confirmed to support DNS lookups against/inside of GitLab Service Containers while using the
docker:20.10.5-dindimage for CI/CD jobs.Package Version Repo docker-ce3:23.0.6-1.el8docker-ce docker-ce-cli1:23.0.6-1.el8docker-ce -
Removing the ability to accidentally use the legacy-compatible runner registration process which can lead to confusion for whoever is provisioning the runner instance in a GitLab sandbox GCP project.
WARNING: You have specified an authentication token in the legacy parameter --registration-token. To ensure minimal disruption to your workflow, this has triggered the 'legacy-compatible registration process' which has resulted in the following command line parameters being ignored: --locked, --access-level, --run-untagged, --maximum-timeout, --paused, --tag-list, and --maintenance-note. These parameters and the legacy-compatible registration process will be removed in GitLab Runner 17.0.
How do I get the required token to create a fips runner?
- A user with the Maintainer role must create a project runner with a runner authentication token
Project Who creates the project runner gitlab-org/security-products/dast DAST maintainers gitlab-community/security-products/dast DAST community fork maintainers^ - ask in the #contributor-successSlack channel (internal). - Once the Runner is created inside of GitLab anyone with access to Sandbox Cloud can provision an instance and input the runner authentication token to register their new dast-fips runner.