From 09062ba31054739034a4705642263362edd56e60 Mon Sep 17 00:00:00 2001
From: Zehua Zhang <zhzhang@jihulab.com>
Date: Wed, 10 Aug 2022 23:41:24 +0000
Subject: [PATCH] Add CI_TEMPLATE_REGISTRY_HOST to predefined CI variables
Changelog: added
---
app/models/project.rb | 7 +++++++
ee/spec/lib/ee/gitlab/ci/config_spec.rb | 3 +--
.../security_orchestration_policies/processor_spec.rb | 6 ++----
.../gitlab/ci/templates/secure_binaries_ci_yaml_spec.rb | 2 +-
ee/spec/services/app_sec/dast/scans/run_service_spec.rb | 2 +-
.../ci_configuration_service_spec.rb | 8 +++-----
.../on_demand_scan_pipeline_configuration_service_spec.rb | 3 +--
.../ci/templates/5-Minute-Production-App.gitlab-ci.yml | 7 +++----
lib/gitlab/ci/templates/Indeni.Cloudrail.gitlab-ci.yml | 3 +--
lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml | 3 +--
lib/gitlab/ci/templates/Jobs/Build.latest.gitlab-ci.yml | 3 +--
lib/gitlab/ci/templates/Jobs/CF-Provision.gitlab-ci.yml | 5 +----
lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml | 3 +--
.../Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml | 5 ++---
.../ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml | 3 +--
lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml | 3 +--
lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml | 3 +--
lib/gitlab/ci/templates/Jobs/Deploy/EC2.gitlab-ci.yml | 5 +----
lib/gitlab/ci/templates/Jobs/Deploy/ECS.gitlab-ci.yml | 5 +----
lib/gitlab/ci/templates/Jobs/Helm-2to3.gitlab-ci.yml | 7 ++-----
.../ci/templates/Jobs/License-Scanning.gitlab-ci.yml | 3 +--
lib/gitlab/ci/templates/Jobs/SAST-IaC.gitlab-ci.yml | 3 +--
.../ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml | 3 +--
lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml | 3 +--
lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml | 3 +--
.../ci/templates/Jobs/Secret-Detection.gitlab-ci.yml | 3 +--
.../templates/Jobs/Secret-Detection.latest.gitlab-ci.yml | 3 +--
lib/gitlab/ci/templates/Pages/Hugo.gitlab-ci.yml | 3 +--
.../ci/templates/Security/API-Fuzzing.gitlab-ci.yml | 3 +--
.../templates/Security/API-Fuzzing.latest.gitlab-ci.yml | 3 +--
.../templates/Security/Container-Scanning.gitlab-ci.yml | 3 +--
lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml | 3 +--
.../ci/templates/Security/DAST-API.latest.gitlab-ci.yml | 3 +--
.../Security/DAST-On-Demand-API-Scan.gitlab-ci.yml | 3 +--
.../templates/Security/DAST-On-Demand-Scan.gitlab-ci.yml | 3 +--
.../Security/DAST-Runner-Validation.gitlab-ci.yml | 3 +--
lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml | 3 +--
.../ci/templates/Security/DAST.latest.gitlab-ci.yml | 3 +--
.../ci/templates/Security/Secure-Binaries.gitlab-ci.yml | 5 ++---
lib/gitlab/ci/templates/Terraform/Base.gitlab-ci.yml | 3 +--
.../ci/templates/Terraform/Base.latest.gitlab-ci.yml | 3 +--
.../ci/templates/Verify/Accessibility.gitlab-ci.yml | 6 +-----
spec/graphql/types/project_type_spec.rb | 4 ++--
spec/lib/gitlab/ci/variables/builder_spec.rb | 3 +++
spec/models/ci/build_spec.rb | 2 ++
.../security/ci_configuration/sast_parser_service_spec.rb | 2 +-
46 files changed, 64 insertions(+), 104 deletions(-)
diff --git a/app/models/project.rb b/app/models/project.rb
index 23e10a00e595..b0eb273e5266 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -2259,6 +2259,7 @@ def predefined_variables
.concat(dependency_proxy_variables)
.concat(auto_devops_variables)
.concat(api_variables)
+ .concat(ci_template_variables)
end
end
@@ -2312,6 +2313,12 @@ def api_variables
end
end
+ def ci_template_variables
+ Gitlab::Ci::Variables::Collection.new.tap do |variables|
+ variables.append(key: 'CI_TEMPLATE_REGISTRY_HOST', value: 'registry.gitlab.com')
+ end
+ end
+
def dependency_proxy_variables
Gitlab::Ci::Variables::Collection.new.tap do |variables|
break variables unless Gitlab.config.dependency_proxy.enabled
diff --git a/ee/spec/lib/ee/gitlab/ci/config_spec.rb b/ee/spec/lib/ee/gitlab/ci/config_spec.rb
index b61f5da115f6..5185b4b85d13 100644
--- a/ee/spec/lib/ee/gitlab/ci/config_spec.rb
+++ b/ee/spec/lib/ee/gitlab/ci/config_spec.rb
@@ -103,8 +103,7 @@
image: { name: '$SECURE_ANALYZERS_PREFIX/dast:$DAST_VERSION' },
variables: {
DAST_VERSION: 3,
- SECURE_ANALYZERS_PREFIX: '$TEMPLATE_REGISTRY_HOST/security-products',
- TEMPLATE_REGISTRY_HOST: template_registry_host,
+ SECURE_ANALYZERS_PREFIX: '$CI_TEMPLATE_REGISTRY_HOST/security-products',
GIT_STRATEGY: 'none'
},
allow_failure: true,
diff --git a/ee/spec/lib/gitlab/ci/config/security_orchestration_policies/processor_spec.rb b/ee/spec/lib/gitlab/ci/config/security_orchestration_policies/processor_spec.rb
index 6b0ad0cb273a..d6970d066d5f 100644
--- a/ee/spec/lib/gitlab/ci/config/security_orchestration_policies/processor_spec.rb
+++ b/ee/spec/lib/gitlab/ci/config/security_orchestration_policies/processor_spec.rb
@@ -201,8 +201,7 @@
},
variables: {
DAST_VERSION: 3,
- SECURE_ANALYZERS_PREFIX: '$TEMPLATE_REGISTRY_HOST/security-products',
- TEMPLATE_REGISTRY_HOST: template_registry_host,
+ SECURE_ANALYZERS_PREFIX: '$CI_TEMPLATE_REGISTRY_HOST/security-products',
GIT_STRATEGY: 'none'
},
allow_failure: true,
@@ -243,8 +242,7 @@
},
variables: {
GIT_DEPTH: '50',
- SECURE_ANALYZERS_PREFIX: '$TEMPLATE_REGISTRY_HOST/security-products',
- TEMPLATE_REGISTRY_HOST: template_registry_host,
+ SECURE_ANALYZERS_PREFIX: '$CI_TEMPLATE_REGISTRY_HOST/security-products',
SECRETS_ANALYZER_VERSION: '4',
SECRET_DETECTION_IMAGE_SUFFIX: '',
SECRET_DETECTION_EXCLUDED_PATHS: '',
diff --git a/ee/spec/lib/gitlab/ci/templates/secure_binaries_ci_yaml_spec.rb b/ee/spec/lib/gitlab/ci/templates/secure_binaries_ci_yaml_spec.rb
index be1c19f37427..7e9809073345 100644
--- a/ee/spec/lib/gitlab/ci/templates/secure_binaries_ci_yaml_spec.rb
+++ b/ee/spec/lib/gitlab/ci/templates/secure_binaries_ci_yaml_spec.rb
@@ -184,7 +184,7 @@
it_behaves_like 'an offline image download job' do
it 'sets SECURE_BINARIES_IMAGE explicitly' do
- image = "${TEMPLATE_REGISTRY_HOST}/security-products/${CI_JOB_NAME}:${SECURE_BINARIES_ANALYZER_VERSION}"
+ image = "${CI_TEMPLATE_REGISTRY_HOST}/security-products/${CI_JOB_NAME}:${SECURE_BINARIES_ANALYZER_VERSION}"
expect(build.variables.to_hash).to include('SECURE_BINARIES_IMAGE' => image)
end
diff --git a/ee/spec/services/app_sec/dast/scans/run_service_spec.rb b/ee/spec/services/app_sec/dast/scans/run_service_spec.rb
index 370fe31be6e9..0536b5030632 100644
--- a/ee/spec/services/app_sec/dast/scans/run_service_spec.rb
+++ b/ee/spec/services/app_sec/dast/scans/run_service_spec.rb
@@ -183,7 +183,7 @@
masked: false
}, {
key: 'SECURE_ANALYZERS_PREFIX',
- value: '$TEMPLATE_REGISTRY_HOST/security-products',
+ value: '$CI_TEMPLATE_REGISTRY_HOST/security-products',
public: true,
masked: false
}
diff --git a/ee/spec/services/security/security_orchestration_policies/ci_configuration_service_spec.rb b/ee/spec/services/security/security_orchestration_policies/ci_configuration_service_spec.rb
index b93355b4566f..360b7f7a50e9 100644
--- a/ee/spec/services/security/security_orchestration_policies/ci_configuration_service_spec.rb
+++ b/ee/spec/services/security/security_orchestration_policies/ci_configuration_service_spec.rb
@@ -43,8 +43,7 @@
},
variables: {
GIT_DEPTH: '50',
- SECURE_ANALYZERS_PREFIX: '$TEMPLATE_REGISTRY_HOST/security-products',
- TEMPLATE_REGISTRY_HOST: template_registry_host,
+ SECURE_ANALYZERS_PREFIX: '$CI_TEMPLATE_REGISTRY_HOST/security-products',
SECRETS_ANALYZER_VERSION: '4',
SECRET_DETECTION_IMAGE_SUFFIX: '',
SECRET_DETECTION_EXCLUDED_PATHS: '',
@@ -78,9 +77,8 @@
dependencies: [],
script: ['gtcs scan'],
variables: {
- CS_ANALYZER_IMAGE: "$TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5",
- GIT_STRATEGY: 'none',
- TEMPLATE_REGISTRY_HOST: Gitlab::Saas.registry_prefix
+ CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5",
+ GIT_STRATEGY: 'none'
},
rules: [
{ if: "$CONTAINER_SCANNING_DISABLED", when: "never" },
diff --git a/ee/spec/services/security/security_orchestration_policies/on_demand_scan_pipeline_configuration_service_spec.rb b/ee/spec/services/security/security_orchestration_policies/on_demand_scan_pipeline_configuration_service_spec.rb
index 0b95db4755b3..cce81b785fd3 100644
--- a/ee/spec/services/security/security_orchestration_policies/on_demand_scan_pipeline_configuration_service_spec.rb
+++ b/ee/spec/services/security/security_orchestration_policies/on_demand_scan_pipeline_configuration_service_spec.rb
@@ -63,8 +63,7 @@
image: { name: '$SECURE_ANALYZERS_PREFIX/dast:$DAST_VERSION' },
variables: {
DAST_VERSION: 3,
- SECURE_ANALYZERS_PREFIX: '$TEMPLATE_REGISTRY_HOST/security-products',
- TEMPLATE_REGISTRY_HOST: template_registry_host,
+ SECURE_ANALYZERS_PREFIX: '$CI_TEMPLATE_REGISTRY_HOST/security-products',
GIT_STRATEGY: 'none'
},
allow_failure: true,
diff --git a/lib/gitlab/ci/templates/5-Minute-Production-App.gitlab-ci.yml b/lib/gitlab/ci/templates/5-Minute-Production-App.gitlab-ci.yml
index 19d7f49aac0b..bb88bee91378 100644
--- a/lib/gitlab/ci/templates/5-Minute-Production-App.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/5-Minute-Production-App.gitlab-ci.yml
@@ -26,7 +26,6 @@ variables:
TF_VAR_SERVICE_DESK_EMAIL: incoming+${CI_PROJECT_PATH_SLUG}-${CI_PROJECT_ID}-issue-@incoming.gitlab.com
TF_VAR_SHORT_ENVIRONMENT_NAME: ${CI_PROJECT_ID}-${CI_COMMIT_REF_SLUG}
TF_VAR_SMTP_FROM: ${SMTP_FROM}
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
cache:
paths:
@@ -40,7 +39,7 @@ cache:
terraform_apply:
stage: provision
- image: "$TEMPLATE_REGISTRY_HOST/gitlab-org/5-minute-production-app/deploy-template/stable"
+ image: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/5-minute-production-app/deploy-template/stable"
extends: .needs_aws_vars
resource_group: terraform
before_script:
@@ -54,7 +53,7 @@ terraform_apply:
deploy:
stage: deploy
- image: "$TEMPLATE_REGISTRY_HOST/gitlab-org/5-minute-production-app/deploy-template/stable"
+ image: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/5-minute-production-app/deploy-template/stable"
extends: .needs_aws_vars
resource_group: deploy
before_script:
@@ -75,7 +74,7 @@ terraform_destroy:
variables:
GIT_STRATEGY: none
stage: destroy
- image: "$TEMPLATE_REGISTRY_HOST/gitlab-org/5-minute-production-app/deploy-template/stable"
+ image: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/5-minute-production-app/deploy-template/stable"
before_script:
- cp /*.tf .
- cp /deploy.sh .
diff --git a/lib/gitlab/ci/templates/Indeni.Cloudrail.gitlab-ci.yml b/lib/gitlab/ci/templates/Indeni.Cloudrail.gitlab-ci.yml
index a4fdd18aa406..34988fcdcde2 100644
--- a/lib/gitlab/ci/templates/Indeni.Cloudrail.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Indeni.Cloudrail.gitlab-ci.yml
@@ -24,7 +24,6 @@
variables:
TEST_ROOT: ${CI_PROJECT_DIR}/my_folder_with_terraform_content
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
default:
before_script:
@@ -32,7 +31,7 @@ default:
init_and_plan:
stage: build
- image: "$TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/releases/0.13"
+ image: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/releases/0.13"
rules:
- if: $SAST_DISABLED
when: never
diff --git a/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml
index 11447a360453..ce227bad19a2 100644
--- a/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml
@@ -1,10 +1,9 @@
variables:
AUTO_BUILD_IMAGE_VERSION: 'v1.14.0'
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
build:
stage: build
- image: '${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-build-image:${AUTO_BUILD_IMAGE_VERSION}'
+ image: '${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-build-image:${AUTO_BUILD_IMAGE_VERSION}'
variables:
DOCKER_TLS_CERTDIR: ''
services:
diff --git a/lib/gitlab/ci/templates/Jobs/Build.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Build.latest.gitlab-ci.yml
index 11447a360453..ce227bad19a2 100644
--- a/lib/gitlab/ci/templates/Jobs/Build.latest.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Build.latest.gitlab-ci.yml
@@ -1,10 +1,9 @@
variables:
AUTO_BUILD_IMAGE_VERSION: 'v1.14.0'
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
build:
stage: build
- image: '${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-build-image:${AUTO_BUILD_IMAGE_VERSION}'
+ image: '${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-build-image:${AUTO_BUILD_IMAGE_VERSION}'
variables:
DOCKER_TLS_CERTDIR: ''
services:
diff --git a/lib/gitlab/ci/templates/Jobs/CF-Provision.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/CF-Provision.gitlab-ci.yml
index b5efcb7bba3b..6e8cf15204aa 100644
--- a/lib/gitlab/ci/templates/Jobs/CF-Provision.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/CF-Provision.gitlab-ci.yml
@@ -1,11 +1,8 @@
-variables:
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
-
stages:
- provision
cloud_formation:
- image: '${TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-cloudformation:latest'
+ image: '${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-cloudformation:latest'
stage: provision
script:
- gl-cloudformation create-stack
diff --git a/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml
index dc46be4257f9..e278539d2143 100644
--- a/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml
@@ -8,8 +8,7 @@ code_quality:
variables:
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
- CODE_QUALITY_IMAGE: "$TEMPLATE_REGISTRY_HOST/gitlab-org/ci-cd/codequality:0.85.29"
+ CODE_QUALITY_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/ci-cd/codequality:0.85.29"
needs: []
script:
- export SOURCE_CODE=$PWD
diff --git a/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml
index a4baca12f59d..f0ddc4b4916d 100644
--- a/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml
@@ -1,9 +1,8 @@
variables:
DAST_AUTO_DEPLOY_IMAGE_VERSION: 'v2.33.0'
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
.dast-auto-deploy:
- image: "${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${DAST_AUTO_DEPLOY_IMAGE_VERSION}"
+ image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${DAST_AUTO_DEPLOY_IMAGE_VERSION}"
.common_rules: &common_rules
- if: $CI_DEFAULT_BRANCH != $CI_COMMIT_REF_NAME
@@ -58,7 +57,7 @@ stop_dast_environment:
when: always
.ecs_image:
- image: '${TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-ecs:latest'
+ image: '${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-ecs:latest'
.ecs_rules: &ecs_rules
- if: $AUTO_DEVOPS_PLATFORM_TARGET != "ECS"
diff --git a/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml
index 822995fa8b61..7cbc8e40b47d 100644
--- a/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml
@@ -11,8 +11,7 @@
variables:
# Setting this variable will affect all Security templates
# (SAST, Dependency Scanning, ...)
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
- SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
+ SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
DS_EXCLUDED_ANALYZERS: ""
DS_EXCLUDED_PATHS: "spec, test, tests, tmp"
DS_MAJOR_VERSION: 3
diff --git a/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml
index d4e1539ae39d..1a2a8b4edb48 100644
--- a/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml
@@ -1,9 +1,8 @@
variables:
AUTO_DEPLOY_IMAGE_VERSION: 'v2.33.0'
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
.auto-deploy:
- image: "${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}"
+ image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}"
dependencies: []
review:
diff --git a/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml
index 591ef49d1469..cb8818357a24 100644
--- a/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml
@@ -1,9 +1,8 @@
variables:
AUTO_DEPLOY_IMAGE_VERSION: 'v2.33.0'
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
.auto-deploy:
- image: "${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}"
+ image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}"
dependencies: []
review:
diff --git a/lib/gitlab/ci/templates/Jobs/Deploy/EC2.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Deploy/EC2.gitlab-ci.yml
index c5ae7d406ee0..8a349f751ea3 100644
--- a/lib/gitlab/ci/templates/Jobs/Deploy/EC2.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Deploy/EC2.gitlab-ci.yml
@@ -1,12 +1,9 @@
-variables:
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
-
stages:
- review
- production
.push-and-deploy:
- image: '${TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-ec2:latest'
+ image: '${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-ec2:latest'
script:
- gl-ec2 push-to-s3
- gl-ec2 deploy-to-ec2
diff --git a/lib/gitlab/ci/templates/Jobs/Deploy/ECS.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Deploy/ECS.gitlab-ci.yml
index 4cdd54dcc2ff..43dc44312dac 100644
--- a/lib/gitlab/ci/templates/Jobs/Deploy/ECS.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Deploy/ECS.gitlab-ci.yml
@@ -7,11 +7,8 @@
# then result in potentially breaking your future pipelines.
#
# More about including CI templates: https://docs.gitlab.com/ee/ci/yaml/#includetemplate
-variables:
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
-
.ecs_image:
- image: '${TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-ecs:latest'
+ image: '${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-ecs:latest'
.deploy_to_ecs:
extends: .ecs_image
diff --git a/lib/gitlab/ci/templates/Jobs/Helm-2to3.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Helm-2to3.gitlab-ci.yml
index 9940dab39895..b7735068680f 100644
--- a/lib/gitlab/ci/templates/Jobs/Helm-2to3.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Helm-2to3.gitlab-ci.yml
@@ -3,11 +3,8 @@
#
# To use, set the CI variable MIGRATE_HELM_2TO3 to "true".
# For more details, go to https://docs.gitlab.com/ee/topics/autodevops/upgrading_auto_deploy_dependencies.html#helm-v3
-variables:
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
-
.helm-2to3-migrate:
- image: "${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/helm-install-image/releases/helm-2to3-2.17.0-3.5.3-kube-1.16.15-alpine-3.12"
+ image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/helm-install-image/releases/helm-2to3-2.17.0-3.5.3-kube-1.16.15-alpine-3.12"
# NOTE: We use the deploy stage because:
# - It exists in all versions of Auto DevOps.
# - It is _empty_.
@@ -56,7 +53,7 @@ variables:
done
.helm-2to3-cleanup:
- image: "${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/helm-install-image/releases/helm-2to3-2.17.0-3.5.3-kube-1.16.15-alpine-3.12"
+ image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/helm-install-image/releases/helm-2to3-2.17.0-3.5.3-kube-1.16.15-alpine-3.12"
stage: cleanup
environment:
action: prepare
diff --git a/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml
index 40c05ffe92ae..f8668699fe55 100644
--- a/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml
@@ -11,8 +11,7 @@
variables:
# Setting this variable will affect all Security templates
# (SAST, Dependency Scanning, ...)
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
- SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
+ SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
LICENSE_MANAGEMENT_SETUP_CMD: '' # If needed, specify a command to setup your environment with a custom package manager.
LICENSE_MANAGEMENT_VERSION: 4
diff --git a/lib/gitlab/ci/templates/Jobs/SAST-IaC.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST-IaC.gitlab-ci.yml
index f09e4450703b..c195ecd8ee56 100644
--- a/lib/gitlab/ci/templates/Jobs/SAST-IaC.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/SAST-IaC.gitlab-ci.yml
@@ -6,8 +6,7 @@
variables:
# Setting this variable will affect all Security templates
# (SAST, Dependency Scanning, ...)
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
- SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
+ SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
SAST_IMAGE_SUFFIX: ""
SAST_EXCLUDED_PATHS: "spec, test, tests, tmp"
diff --git a/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml
index 52709fba7741..0513aae00a8e 100644
--- a/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml
@@ -6,8 +6,7 @@
variables:
# Setting this variable will affect all Security templates
# (SAST, Dependency Scanning, ...)
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
- SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
+ SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
SAST_IMAGE_SUFFIX: ""
SAST_EXCLUDED_PATHS: "spec, test, tests, tmp"
diff --git a/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml
index 91cbccbe3a7a..dd164c007246 100644
--- a/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml
@@ -6,8 +6,7 @@
variables:
# Setting this variable will affect all Security templates
# (SAST, Dependency Scanning, ...)
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
- SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
+ SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
SAST_IMAGE_SUFFIX: ""
SAST_EXCLUDED_ANALYZERS: ""
diff --git a/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml
index 076c0879128c..c6938920ea40 100644
--- a/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml
@@ -6,8 +6,7 @@
variables:
# Setting this variable will affect all Security templates
# (SAST, Dependency Scanning, ...)
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
- SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
+ SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
SAST_IMAGE_SUFFIX: ""
SAST_EXCLUDED_ANALYZERS: ""
diff --git a/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml
index 25fc2388f9ef..b7a9dbf7bc6e 100644
--- a/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml
@@ -5,8 +5,7 @@
# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
variables:
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
- SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
+ SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
SECRET_DETECTION_IMAGE_SUFFIX: ""
SECRETS_ANALYZER_VERSION: "4"
diff --git a/lib/gitlab/ci/templates/Jobs/Secret-Detection.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Secret-Detection.latest.gitlab-ci.yml
index 3491576a9f36..e6eba6f64067 100644
--- a/lib/gitlab/ci/templates/Jobs/Secret-Detection.latest.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Secret-Detection.latest.gitlab-ci.yml
@@ -5,8 +5,7 @@
# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
variables:
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
- SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
+ SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
SECRET_DETECTION_IMAGE_SUFFIX: ""
SECRETS_ANALYZER_VERSION: "4"
diff --git a/lib/gitlab/ci/templates/Pages/Hugo.gitlab-ci.yml b/lib/gitlab/ci/templates/Pages/Hugo.gitlab-ci.yml
index 77ebff5d5de8..591eebf9cd6c 100644
--- a/lib/gitlab/ci/templates/Pages/Hugo.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Pages/Hugo.gitlab-ci.yml
@@ -6,11 +6,10 @@
---
# All available Hugo versions are listed here:
# https://gitlab.com/pages/hugo/container_registry
-image: "${TEMPLATE_REGISTRY_HOST}/pages/hugo:latest"
+image: "${CI_TEMPLATE_REGISTRY_HOST}/pages/hugo:latest"
variables:
GIT_SUBMODULE_STRATEGY: recursive
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
test:
script:
diff --git a/lib/gitlab/ci/templates/Security/API-Fuzzing.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/API-Fuzzing.gitlab-ci.yml
index 38fb3394c957..cdfa45567698 100644
--- a/lib/gitlab/ci/templates/Security/API-Fuzzing.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/API-Fuzzing.gitlab-ci.yml
@@ -24,8 +24,7 @@
variables:
# Setting this variable affects all Security templates
# (SAST, Dependency Scanning, ...)
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
- SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
+ SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
#
FUZZAPI_VERSION: "2"
FUZZAPI_IMAGE_SUFFIX: ""
diff --git a/lib/gitlab/ci/templates/Security/API-Fuzzing.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/API-Fuzzing.latest.gitlab-ci.yml
index 1cbce8aaddda..8d6c191edc43 100644
--- a/lib/gitlab/ci/templates/Security/API-Fuzzing.latest.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/API-Fuzzing.latest.gitlab-ci.yml
@@ -24,8 +24,7 @@
variables:
# Setting this variable affects all Security templates
# (SAST, Dependency Scanning, ...)
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
- SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
+ SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
#
FUZZAPI_VERSION: "2"
FUZZAPI_IMAGE_SUFFIX: ""
diff --git a/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml
index 5d6c1b05976f..3d7883fb87a5 100644
--- a/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml
@@ -22,8 +22,7 @@
# List of available variables: https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables
variables:
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
- CS_ANALYZER_IMAGE: "$TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5"
+ CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5"
container_scanning:
image: "$CS_ANALYZER_IMAGE$CS_IMAGE_SUFFIX"
diff --git a/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml
index ca9c64fac475..1b33596baa0b 100644
--- a/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml
@@ -24,8 +24,7 @@
variables:
# Setting this variable affects all Security templates
# (SAST, Dependency Scanning, ...)
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
- SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
+ SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
#
DAST_API_VERSION: "2"
DAST_API_IMAGE_SUFFIX: ""
diff --git a/lib/gitlab/ci/templates/Security/DAST-API.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST-API.latest.gitlab-ci.yml
index e13d3e0f270d..8aabf20c5df5 100644
--- a/lib/gitlab/ci/templates/Security/DAST-API.latest.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/DAST-API.latest.gitlab-ci.yml
@@ -24,8 +24,7 @@
variables:
# Setting this variable affects all Security templates
# (SAST, Dependency Scanning, ...)
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
- SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
+ SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
#
DAST_API_VERSION: "2"
DAST_API_IMAGE_SUFFIX: ""
diff --git a/lib/gitlab/ci/templates/Security/DAST-On-Demand-API-Scan.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST-On-Demand-API-Scan.gitlab-ci.yml
index 8543ee90297e..1bd527a6ec0c 100644
--- a/lib/gitlab/ci/templates/Security/DAST-On-Demand-API-Scan.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/DAST-On-Demand-API-Scan.gitlab-ci.yml
@@ -10,8 +10,7 @@ stages:
- dast
variables:
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
- SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
+ SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
DAST_API_VERSION: "2"
DAST_API_IMAGE_SUFFIX: ""
DAST_API_IMAGE: api-security
diff --git a/lib/gitlab/ci/templates/Security/DAST-On-Demand-Scan.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST-On-Demand-Scan.gitlab-ci.yml
index 17961b49a30c..701e08ba56d7 100644
--- a/lib/gitlab/ci/templates/Security/DAST-On-Demand-Scan.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/DAST-On-Demand-Scan.gitlab-ci.yml
@@ -13,8 +13,7 @@ variables:
DAST_VERSION: 3
# Setting this variable will affect all Security templates
# (SAST, Dependency Scanning, ...)
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
- SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
+ SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
dast:
stage: dast
diff --git a/lib/gitlab/ci/templates/Security/DAST-Runner-Validation.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST-Runner-Validation.gitlab-ci.yml
index 62423e4134f0..5b6af37977e6 100644
--- a/lib/gitlab/ci/templates/Security/DAST-Runner-Validation.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/DAST-Runner-Validation.gitlab-ci.yml
@@ -11,12 +11,11 @@ stages:
variables:
DAST_RUNNER_VALIDATION_VERSION: 1
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
validation:
stage: dast
image:
- name: "$TEMPLATE_REGISTRY_HOST/security-products/dast-runner-validation:$DAST_RUNNER_VALIDATION_VERSION"
+ name: "$CI_TEMPLATE_REGISTRY_HOST/security-products/dast-runner-validation:$DAST_RUNNER_VALIDATION_VERSION"
variables:
GIT_STRATEGY: none
allow_failure: false
diff --git a/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml
index 7359c108f133..40060e96dff2 100644
--- a/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml
@@ -25,8 +25,7 @@ variables:
DAST_VERSION: 3
# Setting this variable will affect all Security templates
# (SAST, Dependency Scanning, ...)
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
- SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
+ SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
dast:
stage: dast
diff --git a/lib/gitlab/ci/templates/Security/DAST.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST.latest.gitlab-ci.yml
index 779cb2e5cf3c..9d3b1f4316e1 100644
--- a/lib/gitlab/ci/templates/Security/DAST.latest.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/DAST.latest.gitlab-ci.yml
@@ -25,8 +25,7 @@ variables:
DAST_VERSION: 3
# Setting this variable will affect all Security templates
# (SAST, Dependency Scanning, ...)
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
- SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
+ SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
dast:
stage: dast
diff --git a/lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml
index ad6cc6341763..fd04c86e6c75 100644
--- a/lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml
@@ -16,8 +16,7 @@
variables:
# Setting this variable will affect all Security templates
# (SAST, Dependency Scanning, ...)
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
- SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
+ SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
SECURE_BINARIES_ANALYZERS: >-
bandit, brakeman, gosec, spotbugs, flawfinder, phpcs-security-audit, security-code-scan, nodejs-scan, eslint, secrets, sobelow, pmd-apex, kics, kubesec, semgrep, gemnasium, gemnasium-maven, gemnasium-python,
license-finder,
@@ -247,7 +246,7 @@ dast-runner-validation:
extends: .download_images
variables:
SECURE_BINARIES_ANALYZER_VERSION: "1"
- SECURE_BINARIES_IMAGE: "${TEMPLATE_REGISTRY_HOST}/security-products/${CI_JOB_NAME}:${SECURE_BINARIES_ANALYZER_VERSION}"
+ SECURE_BINARIES_IMAGE: "${CI_TEMPLATE_REGISTRY_HOST}/security-products/${CI_JOB_NAME}:${SECURE_BINARIES_ANALYZER_VERSION}"
only:
variables:
- $SECURE_BINARIES_DOWNLOAD_IMAGES == "true" &&
diff --git a/lib/gitlab/ci/templates/Terraform/Base.gitlab-ci.yml b/lib/gitlab/ci/templates/Terraform/Base.gitlab-ci.yml
index ef6fd896bf5f..3a956ebfc492 100644
--- a/lib/gitlab/ci/templates/Terraform/Base.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Terraform/Base.gitlab-ci.yml
@@ -9,12 +9,11 @@
# There is a more opinionated template which we suggest the users to abide,
# which is the lib/gitlab/ci/templates/Terraform.gitlab-ci.yml
image:
- name: "$TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/releases/terraform:1.1.9"
+ name: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/releases/terraform:1.1.9"
variables:
TF_ROOT: ${CI_PROJECT_DIR} # The relative path to the root directory of the Terraform project
TF_STATE_NAME: ${TF_STATE_NAME:-default} # The name of the state file used by the GitLab Managed Terraform state backend
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
cache:
key: "${TF_ROOT}"
diff --git a/lib/gitlab/ci/templates/Terraform/Base.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Terraform/Base.latest.gitlab-ci.yml
index 3277442ea502..4579f31d7ac2 100644
--- a/lib/gitlab/ci/templates/Terraform/Base.latest.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Terraform/Base.latest.gitlab-ci.yml
@@ -10,12 +10,11 @@
# which is the lib/gitlab/ci/templates/Terraform.latest.gitlab-ci.yml
image:
- name: "$TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/stable:latest"
+ name: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/stable:latest"
variables:
TF_ROOT: ${CI_PROJECT_DIR} # The relative path to the root directory of the Terraform project
TF_STATE_NAME: ${TF_STATE_NAME:-default} # The name of the state file used by the GitLab Managed Terraform state backend
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
cache:
key: "${TF_ROOT}"
diff --git a/lib/gitlab/ci/templates/Verify/Accessibility.gitlab-ci.yml b/lib/gitlab/ci/templates/Verify/Accessibility.gitlab-ci.yml
index 9aa0cf94b94a..488b035d1898 100644
--- a/lib/gitlab/ci/templates/Verify/Accessibility.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Verify/Accessibility.gitlab-ci.yml
@@ -4,10 +4,6 @@
# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Verify/Accessibility.gitlab-ci.yml
# Read more about the feature here: https://docs.gitlab.com/ee/user/project/merge_requests/accessibility_testing.html
-
-variables:
- TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
-
stages:
- build
- test
@@ -16,7 +12,7 @@ stages:
a11y:
stage: accessibility
- image: "$TEMPLATE_REGISTRY_HOST/gitlab-org/ci-cd/accessibility:6.2.3"
+ image: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/ci-cd/accessibility:6.2.3"
script:
- /gitlab-accessibility.sh "$a11y_urls"
allow_failure: true
diff --git a/spec/graphql/types/project_type_spec.rb b/spec/graphql/types/project_type_spec.rb
index fbb3aca33768..94e6a90e8db5 100644
--- a/spec/graphql/types/project_type_spec.rb
+++ b/spec/graphql/types/project_type_spec.rb
@@ -194,8 +194,8 @@
expect(secure_analyzers['type']).to eq('string')
expect(secure_analyzers['field']).to eq('SECURE_ANALYZERS_PREFIX')
expect(secure_analyzers['label']).to eq('Image prefix')
- expect(secure_analyzers['defaultValue']).to eq('$TEMPLATE_REGISTRY_HOST/security-products')
- expect(secure_analyzers['value']).to eq('$TEMPLATE_REGISTRY_HOST/security-products')
+ expect(secure_analyzers['defaultValue']).to eq('$CI_TEMPLATE_REGISTRY_HOST/security-products')
+ expect(secure_analyzers['value']).to eq('$CI_TEMPLATE_REGISTRY_HOST/security-products')
expect(secure_analyzers['size']).to eq('LARGE')
expect(secure_analyzers['options']).to be_nil
end
diff --git a/spec/lib/gitlab/ci/variables/builder_spec.rb b/spec/lib/gitlab/ci/variables/builder_spec.rb
index 8ec0846bdcac..6ab2089cce8a 100644
--- a/spec/lib/gitlab/ci/variables/builder_spec.rb
+++ b/spec/lib/gitlab/ci/variables/builder_spec.rb
@@ -3,6 +3,7 @@
require 'spec_helper'
RSpec.describe Gitlab::Ci::Variables::Builder do
+ include Ci::TemplateHelpers
let_it_be(:group) { create(:group) }
let_it_be(:project) { create(:project, :repository, namespace: group) }
let_it_be_with_reload(:pipeline) { create(:ci_pipeline, project: project) }
@@ -92,6 +93,8 @@
value: project.pages_url },
{ key: 'CI_API_V4_URL',
value: API::Helpers::Version.new('v4').root_url },
+ { key: 'CI_TEMPLATE_REGISTRY_HOST',
+ value: template_registry_host },
{ key: 'CI_PIPELINE_IID',
value: pipeline.iid.to_s },
{ key: 'CI_PIPELINE_SOURCE',
diff --git a/spec/models/ci/build_spec.rb b/spec/models/ci/build_spec.rb
index 6cdc0ef9d9bf..546cfd80fcf5 100644
--- a/spec/models/ci/build_spec.rb
+++ b/spec/models/ci/build_spec.rb
@@ -3,6 +3,7 @@
require 'spec_helper'
RSpec.describe Ci::Build do
+ include Ci::TemplateHelpers
let_it_be(:user) { create(:user) }
let_it_be(:group, reload: true) { create(:group) }
let_it_be(:project, reload: true) { create(:project, :repository, group: group) }
@@ -2865,6 +2866,7 @@
public: true,
masked: false },
{ key: 'CI_API_V4_URL', value: 'http://localhost/api/v4', public: true, masked: false },
+ { key: 'CI_TEMPLATE_REGISTRY_HOST', value: template_registry_host, public: true, masked: false },
{ key: 'CI_PIPELINE_IID', value: pipeline.iid.to_s, public: true, masked: false },
{ key: 'CI_PIPELINE_SOURCE', value: pipeline.source, public: true, masked: false },
{ key: 'CI_PIPELINE_CREATED_AT', value: pipeline.created_at.iso8601, public: true, masked: false },
diff --git a/spec/services/security/ci_configuration/sast_parser_service_spec.rb b/spec/services/security/ci_configuration/sast_parser_service_spec.rb
index b11f31a9086c..1fd196cdcee8 100644
--- a/spec/services/security/ci_configuration/sast_parser_service_spec.rb
+++ b/spec/services/security/ci_configuration/sast_parser_service_spec.rb
@@ -16,7 +16,7 @@
let(:bandit) { configuration['analyzers'][0] }
let(:brakeman) { configuration['analyzers'][1] }
let(:sast_brakeman_level) { brakeman['variables'][0] }
- let(:secure_analyzers_prefix) { '$TEMPLATE_REGISTRY_HOST/security-products' }
+ let(:secure_analyzers_prefix) { '$CI_TEMPLATE_REGISTRY_HOST/security-products' }
it 'parses the configuration for SAST' do
expect(secure_analyzers['default_value']).to eql(secure_analyzers_prefix)
--
GitLab