Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • to-be-continuous/gcloud
  • contrib-tbc/gcloud
  • xavier.francois/gcloud
  • vincbon/gcloud
  • another15y/tbc/gcloud
5 results
Show changes
Commits on Source (4)
# [5.1.0](https://gitlab.com/to-be-continuous/gcloud/compare/5.0.2...5.1.0) (2023-12-8)
### Features
* use centralized service images (gitlab.com) ([f64e425](https://gitlab.com/to-be-continuous/gcloud/commit/f64e425f6bc3d16eda848936b8503071b064d201))
## [5.0.2](https://gitlab.com/to-be-continuous/gcloud/compare/5.0.1...5.0.2) (2023-12-2)
......
......@@ -9,7 +9,7 @@ In order to include this template in your project, add the following to your `gi
```yaml
include:
- project: 'to-be-continuous/gcloud'
ref: '5.0.2'
ref: '5.1.0'
file: '/templates/gitlab-ci-gcloud.yml'
```
......@@ -203,7 +203,7 @@ Here are some advices about your **secrets** (variables marked with a :lock:):
The Google Cloud template uses some global configuration used throughout all jobs.
| Name | description | default value |
| Name | Description | Default value |
| ------------------------ | -------------------------------------- | ----------------- |
| `GCP_CLI_IMAGE` | the Docker image used to run Google Cloud CLI commands| `gcr.io/google.com/cloudsdktool/cloud-sdk:latest` |
| :lock: `GCP_KEY_FILE` | Default [Service Account key file](https://cloud.google.com/bigquery/docs/authentication/service-account-file) | _none_ |
......@@ -220,7 +220,7 @@ They are **disabled by default** and can be enabled by setting the `GCP_REVIEW_P
Here are variables supported to configure review environments:
| Name | description | default value |
| Name | Description | Default value |
| ------------------------ | -------------------------------------- | ----------------- |
| `GCP_REVIEW_PROJECT` | Google Cloud project ID for `review` env | _none_ (disabled) |
| :lock: `GCP_REVIEW_KEY_FILE`| [Service Account key file](https://cloud.google.com/bigquery/docs/authentication/service-account-file) to authenticate on `review` env _(only define if different from default)_ | `$GCP_KEY_FILE` |
......@@ -236,7 +236,7 @@ It is **disabled by default** and can be enabled by setting the `GCP_INTEG_PROJE
Here are variables supported to configure the integration environment:
| Name | description | default value |
| Name | Description | Default value |
| ------------------------ | -------------------------------------- | ----------------- |
| `GCP_INTEG_PROJECT` | Google Cloud project ID for `integration` env | _none_ (disabled) |
| :lock: `GCP_INTEG_KEY_FILE`|[Service Account key file](https://cloud.google.com/bigquery/docs/authentication/service-account-file) to authenticate on `integration` env _(only define if different from default)_ | `$GCP_KEY_FILE` |
......@@ -252,7 +252,7 @@ It is **disabled by default** and can be enabled by setting the `GCP_STAGING_PRO
Here are variables supported to configure the staging environment:
| Name | description | default value |
| Name | Description | Default value |
| ------------------------ | -------------------------------------- | ----------------- |
| `GCP_STAGING_PROJECT` | Google Cloud project ID for `staging` env | _none_ (disabled) |
| :lock: `GCP_STAGING_KEY_FILE`|[Service Account key file](https://cloud.google.com/bigquery/docs/authentication/service-account-file) to authenticate on `staging` env _(only define if different from default)_ | `$GCP_KEY_FILE` |
......@@ -267,7 +267,7 @@ It is **disabled by default** and can be enabled by setting the `GCP_PROD_PROJEC
Here are variables supported to configure the production environment:
| Name | description | default value |
| Name | Description | Default value |
| ------------------------- | -------------------------------------- | ----------------- |
| `GCP_PROD_PROJECT` | Google Cloud project ID for `production` env | _none_ (disabled) |
| :lock: `GCP_PROD_KEY_FILE`|[Service Account key file](https://cloud.google.com/bigquery/docs/authentication/service-account-file) to authenticate on `production` env _(only define if different from default)_ | `$GCP_KEY_FILE` |
......@@ -295,7 +295,7 @@ Let's imagine a backend service:
include:
# Include Google Cloud template
- project: 'to-be-continuous/gcloud'
ref: '5.0.2'
ref: '5.1.0'
file: '/templates/gitlab-ci-gcloud.yml'
...
......@@ -411,7 +411,7 @@ The following commands may help you retrieve the different values:
The variant supports the following configuration:
| Name | description | default value |
| Name | Description | Default value |
| ----------------- | -------------------------------------- | ----------------- |
| `GCP_OIDC_AUD` | The `aud` claim for the JWT | `$CI_SERVER_URL` |
| `GCP_OIDC_PROVIDER` | Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) | _none_ |
......@@ -431,11 +431,11 @@ The variant supports the following configuration:
include:
# main template
- project: 'to-be-continuous/gcloud'
ref: '5.0.2'
ref: '5.1.0'
file: '/templates/gitlab-ci-gcloud.yml'
# Vault variant
- project: 'to-be-continuous/gcloud'
ref: '5.0.2'
ref: '5.1.0'
file: '/templates/gitlab-ci-gcloud-oidc.yml'
variables:
......@@ -457,9 +457,9 @@ This variant allows delegating your secrets management to a [Vault](https://www.
In order to be able to communicate with the Vault server, the variant requires the additional configuration parameters:
| Name | description | default value |
| Name | Description | Default value |
| ----------------- | -------------------------------------- | ----------------- |
| `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master` |
| `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master` |
| `VAULT_BASE_URL` | The Vault server base API url | _none_ |
| `VAULT_OIDC_AUD` | The `aud` claim for the JWT | `$CI_SERVER_URL` |
| :lock: `VAULT_ROLE_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | **must be defined** |
......@@ -475,7 +475,7 @@ Then you may retrieve any of your secret(s) from Vault using the following synta
With:
| Name | description |
| Name | Description |
| -------------------------------- | -------------------------------------- |
| `secret_path` (_path parameter_) | this is your secret location in the Vault server |
| `field` (_query parameter_) | parameter to access a single basic field from the secret JSON payload |
......@@ -486,11 +486,11 @@ With:
include:
# main template
- project: 'to-be-continuous/gcloud'
ref: '5.0.2'
ref: '5.1.0'
file: '/templates/gitlab-ci-gcloud.yml'
# Vault variant
- project: 'to-be-continuous/gcloud'
ref: '5.0.2'
ref: '5.1.0'
file: '/templates/gitlab-ci-gcloud-vault.yml'
variables:
......
......@@ -242,7 +242,7 @@
{
"name": "TBC_VAULT_IMAGE",
"description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",
"default": "$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master",
"default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",
"advanced": true
},
{
......
......@@ -3,7 +3,7 @@
# =====================================================================================================================
variables:
# variabilized vault-secrets-provider image
TBC_VAULT_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master"
TBC_VAULT_IMAGE: "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master"
# variables have to be explicitly declared in the YAML to be exported to the service
VAULT_JWT_TOKEN: "$VAULT_JWT_TOKEN"
VAULT_ROLE_ID: "$VAULT_ROLE_ID"
......@@ -13,7 +13,7 @@ variables:
.gcp-base:
services:
- name: "$TBC_TRACKING_IMAGE"
command: ["--service", "gcloud", "5.0.2" ]
command: ["--service", "gcloud", "5.1.0" ]
- name: "$TBC_VAULT_IMAGE"
alias: "vault-secrets-provider"
variables:
......
......@@ -37,7 +37,7 @@ workflow:
variables:
# variabilized tracking image
TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master"
TBC_TRACKING_IMAGE: "registry.gitlab.com/to-be-continuous/tools/tracking:master"
# Default Docker image (can be overridden)
GCP_CLI_IMAGE: "gcr.io/google.com/cloudsdktool/cloud-sdk:latest"
......@@ -401,9 +401,9 @@ stages:
image: $GCP_CLI_IMAGE
services:
- name: "$TBC_TRACKING_IMAGE"
command: ["--service", "gcloud", "5.0.2" ]
command: ["--service", "gcloud", "5.1.0" ]
before_script:
- *gcp-scripts
- !reference [.gcp-scripts]
- install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"
- gcp_auth
......