CHANGELOG.md

+# [5.1.0](https://gitlab.com/to-be-continuous/gcloud/compare/5.0.2...5.1.0) (2023-12-8)
+
+
+### Features
+
+* use centralized service images (gitlab.com) ([f64e425](https://gitlab.com/to-be-continuous/gcloud/commit/f64e425f6bc3d16eda848936b8503071b064d201))
+
 ## [5.0.2](https://gitlab.com/to-be-continuous/gcloud/compare/5.0.1...5.0.2) (2023-12-2)
 
 

README.md

@@ -9,7 +9,7 @@ In order to include this template in your project, add the following to your `gi
 ```yaml
 include:
   - project: 'to-be-continuous/gcloud'
-    ref: '5.0.2'
+    ref: '5.1.0'
     file: '/templates/gitlab-ci-gcloud.yml'
 ```
 
@@ -203,7 +203,7 @@ Here are some advices about your **secrets** (variables marked with a :lock:):
 
 The Google Cloud template uses some global configuration used throughout all jobs.
 
-| Name                     | description                            | default value     |
+| Name                     | Description                            | Default value     |
 | ------------------------ | -------------------------------------- | ----------------- |
 | `GCP_CLI_IMAGE`          | the Docker image used to run Google Cloud CLI commands| `gcr.io/google.com/cloudsdktool/cloud-sdk:latest` |
 | :lock: `GCP_KEY_FILE`    | Default [Service Account key file](https://cloud.google.com/bigquery/docs/authentication/service-account-file) | _none_ |
@@ -220,7 +220,7 @@ They are **disabled by default** and can be enabled by setting the `GCP_REVIEW_P
 
 Here are variables supported to configure review environments:
 
-| Name                     | description                            | default value     |
+| Name                     | Description                            | Default value     |
 | ------------------------ | -------------------------------------- | ----------------- |
 | `GCP_REVIEW_PROJECT`     | Google Cloud project ID for `review` env | _none_ (disabled) |
 | :lock: `GCP_REVIEW_KEY_FILE`| [Service Account key file](https://cloud.google.com/bigquery/docs/authentication/service-account-file) to authenticate on `review` env  _(only define if different from default)_    | `$GCP_KEY_FILE` |
@@ -236,7 +236,7 @@ It is **disabled by default** and can be enabled by setting the `GCP_INTEG_PROJE
 
 Here are variables supported to configure the integration environment:
 
-| Name                     | description                            | default value     |
+| Name                     | Description                            | Default value     |
 | ------------------------ | -------------------------------------- | ----------------- |
 | `GCP_INTEG_PROJECT`      | Google Cloud project ID for `integration` env | _none_ (disabled) |
 | :lock: `GCP_INTEG_KEY_FILE`|[Service Account key file](https://cloud.google.com/bigquery/docs/authentication/service-account-file) to authenticate on `integration` env  _(only define if different from default)_    | `$GCP_KEY_FILE` |
@@ -252,7 +252,7 @@ It is **disabled by default** and can be enabled by setting the `GCP_STAGING_PRO
 
 Here are variables supported to configure the staging environment:
 
-| Name                     | description                            | default value     |
+| Name                     | Description                            | Default value     |
 | ------------------------ | -------------------------------------- | ----------------- |
 | `GCP_STAGING_PROJECT`    | Google Cloud project ID for `staging` env | _none_ (disabled) |
 | :lock: `GCP_STAGING_KEY_FILE`|[Service Account key file](https://cloud.google.com/bigquery/docs/authentication/service-account-file) to authenticate on `staging` env  _(only define if different from default)_    | `$GCP_KEY_FILE` |
@@ -267,7 +267,7 @@ It is **disabled by default** and can be enabled by setting the `GCP_PROD_PROJEC
 
 Here are variables supported to configure the production environment:
 
-| Name                      | description                            | default value     |
+| Name                      | Description                            | Default value     |
 | ------------------------- | -------------------------------------- | ----------------- |
 | `GCP_PROD_PROJECT`        | Google Cloud project ID for `production` env | _none_ (disabled) |
 | :lock: `GCP_PROD_KEY_FILE`|[Service Account key file](https://cloud.google.com/bigquery/docs/authentication/service-account-file) to authenticate on `production` env  _(only define if different from default)_    | `$GCP_KEY_FILE` |
@@ -295,7 +295,7 @@ Let's imagine a backend service:
 include:
   # Include Google Cloud template
   - project: 'to-be-continuous/gcloud'
-    ref: '5.0.2'
+    ref: '5.1.0'
     file: '/templates/gitlab-ci-gcloud.yml'
   ...
 
@@ -411,7 +411,7 @@ The following commands may help you retrieve the different values:
 
 The variant supports the following configuration:
 
-| Name              | description                            | default value     |
+| Name              | Description                            | Default value     |
 | ----------------- | -------------------------------------- | ----------------- |
 | `GCP_OIDC_AUD`    | The `aud` claim for the JWT | `$CI_SERVER_URL` |
 | `GCP_OIDC_PROVIDER`      | Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) | _none_ |
@@ -431,11 +431,11 @@ The variant supports the following configuration:
 include:
   # main template
   - project: 'to-be-continuous/gcloud'
-    ref: '5.0.2'
+    ref: '5.1.0'
     file: '/templates/gitlab-ci-gcloud.yml'
   # Vault variant
   - project: 'to-be-continuous/gcloud'
-    ref: '5.0.2'
+    ref: '5.1.0'
     file: '/templates/gitlab-ci-gcloud-oidc.yml'
 
 variables:
@@ -457,9 +457,9 @@ This variant allows delegating your secrets management to a [Vault](https://www.
 
 In order to be able to communicate with the Vault server, the variant requires the additional configuration parameters:
 
-| Name              | description                            | default value     |
+| Name              | Description                            | Default value     |
 | ----------------- | -------------------------------------- | ----------------- |
-| `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master` |
+| `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master` |
 | `VAULT_BASE_URL`  | The Vault server base API url          | _none_ |
 | `VAULT_OIDC_AUD`  | The `aud` claim for the JWT | `$CI_SERVER_URL` |
 | :lock: `VAULT_ROLE_ID`   | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | **must be defined** |
@@ -475,7 +475,7 @@ Then you may retrieve any of your secret(s) from Vault using the following synta
 
 With:
 
-| Name                             | description                            |
+| Name                             | Description                            |
 | -------------------------------- | -------------------------------------- |
 | `secret_path` (_path parameter_) | this is your secret location in the Vault server |
 | `field` (_query parameter_)      | parameter to access a single basic field from the secret JSON payload |
@@ -486,11 +486,11 @@ With:
 include:
   # main template
   - project: 'to-be-continuous/gcloud'
-    ref: '5.0.2'
+    ref: '5.1.0'
     file: '/templates/gitlab-ci-gcloud.yml'
   # Vault variant
   - project: 'to-be-continuous/gcloud'
-    ref: '5.0.2'
+    ref: '5.1.0'
     file: '/templates/gitlab-ci-gcloud-vault.yml'
 
 variables:

kicker.json

@@ -242,7 +242,7 @@
         {
           "name": "TBC_VAULT_IMAGE",
           "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",
-          "default": "$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master",
+          "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",
           "advanced": true
         },
         {

templates/gitlab-ci-gcloud-vault.yml

@@ -3,7 +3,7 @@
 # =====================================================================================================================
 variables:
   # variabilized vault-secrets-provider image
-  TBC_VAULT_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master"
+  TBC_VAULT_IMAGE: "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master"
   # variables have to be explicitly declared in the YAML to be exported to the service
   VAULT_JWT_TOKEN: "$VAULT_JWT_TOKEN"
   VAULT_ROLE_ID: "$VAULT_ROLE_ID"
@@ -13,7 +13,7 @@ variables:
 .gcp-base:
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "gcloud", "5.0.2" ]
+      command: ["--service", "gcloud", "5.1.0" ]
     - name: "$TBC_VAULT_IMAGE"
       alias: "vault-secrets-provider"
   variables:

templates/gitlab-ci-gcloud.yml

@@ -37,7 +37,7 @@ workflow:
 
 variables:
   # variabilized tracking image
-  TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master"
+  TBC_TRACKING_IMAGE: "registry.gitlab.com/to-be-continuous/tools/tracking:master"
 
   # Default Docker image (can be overridden)
   GCP_CLI_IMAGE: "gcr.io/google.com/cloudsdktool/cloud-sdk:latest"
@@ -401,9 +401,9 @@ stages:
   image: $GCP_CLI_IMAGE
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "gcloud", "5.0.2" ]
+      command: ["--service", "gcloud", "5.1.0" ]
   before_script:
-    - *gcp-scripts
+    - !reference [.gcp-scripts]
     - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"
     - gcp_auth