Get ready for switch to gitlab-internal.builder.ai
The idea of this MR is to make all the changes in preparation for the switch to gitlab-internal.builder.ai. This MR doesn't make the actual switch, that will happen as part of another MR (https://gitlab.builder.ai/public-tools/deploy-templates/-/merge_requests/487).
Summary of changes:
- Remove all dependency on instance level variables for secrets. This change pulls it from Vault instead.
- New helper function
builder_gitlab_netrc_setupfor setting up~/.netrcfile using credentials pulled from Vault. This is an important change, previously we used theCI_JOB_TOKENhowever, to support pulling from internal Gitlab into main Gitlab, we will use theplatform-automationuser. - Use
${RO_REGISTRY}everywhere we pull images. - Instead of hardcoding the Gitlab host eg.
gitlab.builder.ai, use${CI_SERVER_HOST}in most places instead - Use
VAULT_AUTH_PATHenv var forvault-secrets.py, this env var is set at an instance level to the correct auth path for that specific Gitlab instance. - Allow configuring
VAULT_SCRIPT_HOMEso that.builder_vault_functionsworks in images where permissions are limited eg. build-images/child-pipeline-generator`
Testing
All testing was done using the gitlab-internal-support branches in PAT, PAL, and PAE. See the following MR's:
- https://gitlab.builder.ai/devops/platform-automation-tools/-/merge_requests/266
- https://gitlab.builder.ai/devops/platform-automation-libs/-/merge_requests/61
- https://gitlab.builder.ai/devops/platform-automation-extended/-/merge_requests/60
cluster
| Test case | Pipeline | Notes |
|---|---|---|
| Deploy new Azure cluster | https://gitlab.builder.ai/devsecops/waquidvp/test-infra-dev/-/pipelines/7712200 | |
| Re-run on existing Azure cluster | https://gitlab.builder.ai/devsecops/waquidvp/test-infra-dev/-/pipelines/7715717 | |
| Deploy Azure cluster with extended infra | https://gitlab.builder.ai/devsecops/waquidvp/test-infra-uat/-/pipelines/7718929 | |
| Decomission Azure cluster | https://gitlab.builder.ai/devsecops/waquidvp/test-infra-uat/-/pipelines/7746753 |
app
| Test case | Pipeline | Notes |
|---|---|---|
| Master branch | https://gitlab.builder.ai/devsecops/waquidvp/test-app/-/pipelines/7715971 | |
| Feature branch | https://gitlab.builder.ai/devsecops/waquidvp/test-app/-/pipelines/7720307 | |
| MR pipeline | https://gitlab.builder.ai/devsecops/waquidvp/test-app/-/pipelines/7720311 | |
| Deploy to UAT | https://gitlab.builder.ai/devsecops/waquidvp/test-app/-/pipelines/7720042 | |
| Compliance scan | https://gitlab.builder.ai/devsecops/waquidvp/test-app/-/pipelines/7768299 |
app-fe
| Test case | Pipeline | Notes |
|---|---|---|
| Web - master branch | https://gitlab.builder.ai/devsecops/waquidvp/test-app-web/-/pipelines/7716435 | |
| Web - feature branch | https://gitlab.builder.ai/devsecops/waquidvp/test-app-web/-/pipelines/7719352 | |
| Web - MR pipeline | https://gitlab.builder.ai/devsecops/waquidvp/test-app-web/-/pipelines/7719363 | |
| Web - deploy to UAT | https://gitlab.builder.ai/devsecops/waquidvp/test-app-web/-/pipelines/7719964 | |
| Mobile - master branch | https://gitlab.builder.ai/builder/builder-bx/Bx/assembler_projects/stg/onuruber1501-1322298-react-native/-/pipelines/7737662 | |
| Mobile - feature branch | https://gitlab.builder.ai/builder/builder-bx/Bx/assembler_projects/stg/onuruber1501-1322298-react-native/-/pipelines/7744122 | |
| Mobile - MR pipeline | https://gitlab.builder.ai/builder/builder-bx/Bx/assembler_projects/stg/onuruber1501-1322298-react-native/-/pipelines/7744132 |
Edited by Waquid Valiya Peedikakkal