Add CI_TEMPLATE_REGISTRY_HOST to predefined CI variables

Changelog: added

Add CI_TEMPLATE_REGISTRY_HOST to predefined CI variables
09062ba3 · 张泽华 · Michael Kozono · fbb06e89 · 09062ba3 · 09062ba3
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -2259,6 +2259,7 @@ def predefined_variables
        .concat(dependency_proxy_variables)
        .concat(auto_devops_variables)
        .concat(api_variables)
+        .concat(ci_template_variables)
    end
  end
@@ -2312,6 +2313,12 @@ def api_variables
    end
  end
+  def ci_template_variables
+    Gitlab::Ci::Variables::Collection.new.tap do |variables|
+      variables.append(key: 'CI_TEMPLATE_REGISTRY_HOST', value: 'registry.gitlab.com')
+    end
+  end
  def dependency_proxy_variables
    Gitlab::Ci::Variables::Collection.new.tap do |variables|
      break variables unless Gitlab.config.dependency_proxy.enabled

--- a/ee/spec/lib/ee/gitlab/ci/config_spec.rb
+++ b/ee/spec/lib/ee/gitlab/ci/config_spec.rb
@@ -103,8 +103,7 @@
                image: { name: '$SECURE_ANALYZERS_PREFIX/dast:$DAST_VERSION' },
                variables: {
                  DAST_VERSION: 3,
-                  SECURE_ANALYZERS_PREFIX: '$TEMPLATE_REGISTRY_HOST/security-products',
+                  SECURE_ANALYZERS_PREFIX: '$CI_TEMPLATE_REGISTRY_HOST/security-products',
-                  TEMPLATE_REGISTRY_HOST: template_registry_host,
                  GIT_STRATEGY: 'none'
                },
                allow_failure: true,

--- a/ee/spec/lib/gitlab/ci/config/security_orchestration_policies/processor_spec.rb
+++ b/ee/spec/lib/gitlab/ci/config/security_orchestration_policies/processor_spec.rb
@@ -201,8 +201,7 @@
              },
              variables: {
                DAST_VERSION: 3,
-                SECURE_ANALYZERS_PREFIX: '$TEMPLATE_REGISTRY_HOST/security-products',
+                SECURE_ANALYZERS_PREFIX: '$CI_TEMPLATE_REGISTRY_HOST/security-products',
-                TEMPLATE_REGISTRY_HOST: template_registry_host,
                GIT_STRATEGY: 'none'
              },
              allow_failure: true,
@@ -243,8 +242,7 @@
              },
              variables: {
                GIT_DEPTH: '50',
-                SECURE_ANALYZERS_PREFIX: '$TEMPLATE_REGISTRY_HOST/security-products',
+                SECURE_ANALYZERS_PREFIX: '$CI_TEMPLATE_REGISTRY_HOST/security-products',
-                TEMPLATE_REGISTRY_HOST: template_registry_host,
                SECRETS_ANALYZER_VERSION: '4',
                SECRET_DETECTION_IMAGE_SUFFIX: '',
                SECRET_DETECTION_EXCLUDED_PATHS: '',

--- a/ee/spec/lib/gitlab/ci/templates/secure_binaries_ci_yaml_spec.rb
+++ b/ee/spec/lib/gitlab/ci/templates/secure_binaries_ci_yaml_spec.rb
@@ -184,7 +184,7 @@
      it_behaves_like 'an offline image download job' do
        it 'sets SECURE_BINARIES_IMAGE explicitly' do
-          image = "${TEMPLATE_REGISTRY_HOST}/security-products/${CI_JOB_NAME}:${SECURE_BINARIES_ANALYZER_VERSION}"
+          image = "${CI_TEMPLATE_REGISTRY_HOST}/security-products/${CI_JOB_NAME}:${SECURE_BINARIES_ANALYZER_VERSION}"
          expect(build.variables.to_hash).to include('SECURE_BINARIES_IMAGE' => image)
        end

--- a/ee/spec/services/app_sec/dast/scans/run_service_spec.rb
+++ b/ee/spec/services/app_sec/dast/scans/run_service_spec.rb
@@ -183,7 +183,7 @@
            masked: false
          }, {
            key: 'SECURE_ANALYZERS_PREFIX',
-            value: '$TEMPLATE_REGISTRY_HOST/security-products',
+            value: '$CI_TEMPLATE_REGISTRY_HOST/security-products',
            public: true,
            masked: false
          }

--- a/ee/spec/services/security/security_orchestration_policies/ci_configuration_service_spec.rb
+++ b/ee/spec/services/security/security_orchestration_policies/ci_configuration_service_spec.rb
@@ -43,8 +43,7 @@
            },
            variables: {
              GIT_DEPTH: '50',
-              SECURE_ANALYZERS_PREFIX: '$TEMPLATE_REGISTRY_HOST/security-products',
+              SECURE_ANALYZERS_PREFIX: '$CI_TEMPLATE_REGISTRY_HOST/security-products',
-              TEMPLATE_REGISTRY_HOST: template_registry_host,
              SECRETS_ANALYZER_VERSION: '4',
              SECRET_DETECTION_IMAGE_SUFFIX: '',
              SECRET_DETECTION_EXCLUDED_PATHS: '',
@@ -78,9 +77,8 @@
            dependencies: [],
            script: ['gtcs scan'],
            variables: {
-              CS_ANALYZER_IMAGE: "$TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5",
+              CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5",
-              GIT_STRATEGY: 'none',
+              GIT_STRATEGY: 'none'
-              TEMPLATE_REGISTRY_HOST: Gitlab::Saas.registry_prefix
            },
            rules: [
              { if: "$CONTAINER_SCANNING_DISABLED", when: "never" },

--- a/ee/spec/services/security/security_orchestration_policies/on_demand_scan_pipeline_configuration_service_spec.rb
+++ b/ee/spec/services/security/security_orchestration_policies/on_demand_scan_pipeline_configuration_service_spec.rb
@@ -63,8 +63,7 @@
          image: { name: '$SECURE_ANALYZERS_PREFIX/dast:$DAST_VERSION' },
          variables: {
            DAST_VERSION: 3,
-            SECURE_ANALYZERS_PREFIX: '$TEMPLATE_REGISTRY_HOST/security-products',
+            SECURE_ANALYZERS_PREFIX: '$CI_TEMPLATE_REGISTRY_HOST/security-products',
-            TEMPLATE_REGISTRY_HOST: template_registry_host,
            GIT_STRATEGY: 'none'
          },
          allow_failure: true,

--- a/lib/gitlab/ci/templates/5-Minute-Production-App.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/5-Minute-Production-App.gitlab-ci.yml
@@ -26,7 +26,6 @@ variables:
  TF_VAR_SERVICE_DESK_EMAIL: incoming+${CI_PROJECT_PATH_SLUG}-${CI_PROJECT_ID}-issue-@incoming.gitlab.com
  TF_VAR_SHORT_ENVIRONMENT_NAME: ${CI_PROJECT_ID}-${CI_COMMIT_REF_SLUG}
  TF_VAR_SMTP_FROM: ${SMTP_FROM}
-  TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
 cache:
  paths:
@@ -40,7 +39,7 @@ cache:
 terraform_apply:
  stage: provision
-  image: "$TEMPLATE_REGISTRY_HOST/gitlab-org/5-minute-production-app/deploy-template/stable"
+  image: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/5-minute-production-app/deploy-template/stable"
  extends: .needs_aws_vars
  resource_group: terraform
  before_script:
@@ -54,7 +53,7 @@ terraform_apply:
 deploy:
  stage: deploy
-  image: "$TEMPLATE_REGISTRY_HOST/gitlab-org/5-minute-production-app/deploy-template/stable"
+  image: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/5-minute-production-app/deploy-template/stable"
  extends: .needs_aws_vars
  resource_group: deploy
  before_script:
@@ -75,7 +74,7 @@ terraform_destroy:
  variables:
    GIT_STRATEGY: none
  stage: destroy
-  image: "$TEMPLATE_REGISTRY_HOST/gitlab-org/5-minute-production-app/deploy-template/stable"
+  image: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/5-minute-production-app/deploy-template/stable"
  before_script:
    - cp /*.tf .
    - cp /deploy.sh .

--- a/lib/gitlab/ci/templates/Indeni.Cloudrail.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Indeni.Cloudrail.gitlab-ci.yml
@@ -24,7 +24,6 @@
 variables:
  TEST_ROOT: ${CI_PROJECT_DIR}/my_folder_with_terraform_content
-  TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
 default:
  before_script:
@@ -32,7 +31,7 @@ default:
 init_and_plan:
  stage: build
-  image: "$TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/releases/0.13"
+  image: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/releases/0.13"
  rules:
    - if: $SAST_DISABLED
      when: never

--- a/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml
 variables:
  AUTO_BUILD_IMAGE_VERSION: 'v1.14.0'
-  TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
 build:
  stage: build
-  image: '${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-build-image:${AUTO_BUILD_IMAGE_VERSION}'
+  image: '${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-build-image:${AUTO_BUILD_IMAGE_VERSION}'
  variables:
    DOCKER_TLS_CERTDIR: ''
  services:

--- a/lib/gitlab/ci/templates/Jobs/Build.latest.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Build.latest.gitlab-ci.yml
 variables:
  AUTO_BUILD_IMAGE_VERSION: 'v1.14.0'
-  TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
 build:
  stage: build
-  image: '${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-build-image:${AUTO_BUILD_IMAGE_VERSION}'
+  image: '${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-build-image:${AUTO_BUILD_IMAGE_VERSION}'
  variables:
    DOCKER_TLS_CERTDIR: ''
  services:

--- a/lib/gitlab/ci/templates/Jobs/CF-Provision.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/CF-Provision.gitlab-ci.yml
-variables:
-  TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
 stages:
  - provision
 cloud_formation:
-  image: '${TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-cloudformation:latest'
+  image: '${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-cloudformation:latest'
  stage: provision
  script:
    - gl-cloudformation create-stack

--- a/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml
@@ -8,8 +8,7 @@ code_quality:
  variables:
    DOCKER_DRIVER: overlay2
    DOCKER_TLS_CERTDIR: ""
-    TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
+    CODE_QUALITY_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/ci-cd/codequality:0.85.29"
-    CODE_QUALITY_IMAGE: "$TEMPLATE_REGISTRY_HOST/gitlab-org/ci-cd/codequality:0.85.29"
  needs: []
  script:
    - export SOURCE_CODE=$PWD

--- a/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml
 variables:
  DAST_AUTO_DEPLOY_IMAGE_VERSION: 'v2.33.0'
-  TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
 .dast-auto-deploy:
-  image: "${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${DAST_AUTO_DEPLOY_IMAGE_VERSION}"
+  image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${DAST_AUTO_DEPLOY_IMAGE_VERSION}"
 .common_rules: &common_rules
  - if: $CI_DEFAULT_BRANCH != $CI_COMMIT_REF_NAME
@@ -58,7 +57,7 @@ stop_dast_environment:
      when: always
 .ecs_image:
-  image: '${TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-ecs:latest'
+  image: '${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-ecs:latest'
 .ecs_rules: &ecs_rules
  - if: $AUTO_DEVOPS_PLATFORM_TARGET != "ECS"

--- a/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml
@@ -11,8 +11,7 @@
 variables:
  # Setting this variable will affect all Security templates
  # (SAST, Dependency Scanning, ...)
-  TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
+  SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
-  SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
  DS_EXCLUDED_ANALYZERS: ""
  DS_EXCLUDED_PATHS: "spec, test, tests, tmp"
  DS_MAJOR_VERSION: 3

--- a/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml
 variables:
  AUTO_DEPLOY_IMAGE_VERSION: 'v2.33.0'
-  TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
 .auto-deploy:
-  image: "${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}"
+  image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}"
  dependencies: []
 review:

--- a/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml
 variables:
  AUTO_DEPLOY_IMAGE_VERSION: 'v2.33.0'
-  TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
 .auto-deploy:
-  image: "${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}"
+  image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}"
  dependencies: []
 review:

--- a/lib/gitlab/ci/templates/Jobs/Deploy/EC2.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Deploy/EC2.gitlab-ci.yml
-variables:
-  TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
 stages:
  - review
  - production
 .push-and-deploy:
-  image: '${TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-ec2:latest'
+  image: '${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-ec2:latest'
  script:
    - gl-ec2 push-to-s3
    - gl-ec2 deploy-to-ec2

--- a/lib/gitlab/ci/templates/Jobs/Deploy/ECS.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Deploy/ECS.gitlab-ci.yml
@@ -7,11 +7,8 @@
 # then result in potentially breaking your future pipelines.
 #
 # More about including CI templates: https://docs.gitlab.com/ee/ci/yaml/#includetemplate
-variables:
-  TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
 .ecs_image:
-  image: '${TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-ecs:latest'
+  image: '${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-ecs:latest'
 .deploy_to_ecs:
  extends: .ecs_image

--- a/lib/gitlab/ci/templates/Jobs/Helm-2to3.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Helm-2to3.gitlab-ci.yml
@@ -3,11 +3,8 @@
 #
 # To use, set the CI variable MIGRATE_HELM_2TO3 to "true".
 # For more details, go to https://docs.gitlab.com/ee/topics/autodevops/upgrading_auto_deploy_dependencies.html#helm-v3
-variables:
-  TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
 .helm-2to3-migrate:
-  image: "${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/helm-install-image/releases/helm-2to3-2.17.0-3.5.3-kube-1.16.15-alpine-3.12"
+  image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/helm-install-image/releases/helm-2to3-2.17.0-3.5.3-kube-1.16.15-alpine-3.12"
  # NOTE: We use the deploy stage because:
  #   - It exists in all versions of Auto DevOps.
  #   - It is _empty_.
@@ -56,7 +53,7 @@ variables:
      done
 .helm-2to3-cleanup:
-  image: "${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/helm-install-image/releases/helm-2to3-2.17.0-3.5.3-kube-1.16.15-alpine-3.12"
+  image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/helm-install-image/releases/helm-2to3-2.17.0-3.5.3-kube-1.16.15-alpine-3.12"
  stage: cleanup
  environment:
    action: prepare