From 0b14ed8eb53ab6078708872efdf173df82745d08 Mon Sep 17 00:00:00 2001
From: Lucas Charles <me@lucascharles.me>
Date: Fri, 27 Mar 2020 09:28:19 -0700
Subject: [PATCH] Tag all CI jobs requiring docker-in-docker
Adds the appropriate `docker` tag to all CI jobs requiring
docker-in-docker, to ensure they are picked up by privileged runners
---
.gitlab-ci.yml | 5 ++++-
.gitlab/ci/frontend.gitlab-ci.yml | 8 +-------
.gitlab/ci/global.gitlab-ci.yml | 12 ++++++++++++
.gitlab/ci/reports.gitlab-ci.yml | 27 ++++++++++++---------------
.gitlab/ci/review.gitlab-ci.yml | 8 +-------
5 files changed, 30 insertions(+), 30 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4f91bdd27b116..9e808cc7a9b1d 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -12,7 +12,9 @@ stages:
- post-qa
- pages
-# always use `gitlab-org` runners
+# always use `gitlab-org` runners, however
+# in cases where jobs require Docker-in-Docker, the job
+# definition must be extended with `.use-docker-in-docker`
default:
tags:
- gitlab-org
@@ -49,6 +51,7 @@ variables:
BUILD_ASSETS_IMAGE: "false"
ES_JAVA_OPTS: "-Xms256m -Xmx256m"
ELASTIC_URL: "http://elastic:changeme@elasticsearch:9200"
+ DOCKER_VERSION: "19.03.0"
include:
- local: .gitlab/ci/cache-repo.gitlab-ci.yml
diff --git a/.gitlab/ci/frontend.gitlab-ci.yml b/.gitlab/ci/frontend.gitlab-ci.yml
index d1fe9c6241d80..f465099195be6 100644
--- a/.gitlab/ci/frontend.gitlab-ci.yml
+++ b/.gitlab/ci/frontend.gitlab-ci.yml
@@ -15,10 +15,9 @@
- .default-retry
- .default-before_script
- .assets-compile-cache
+ - .use-docker-in-docker
image: registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-git-2.26-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-graphicsmagick-1.3.34-docker-19.03.1
stage: prepare
- services:
- - docker:19.03.0-dind
variables:
NODE_ENV: "production"
RAILS_ENV: "production"
@@ -27,8 +26,6 @@
WEBPACK_REPORT: "true"
# we override the max_old_space_size to prevent OOM errors
NODE_OPTIONS: --max_old_space_size=3584
- DOCKER_DRIVER: overlay2
- DOCKER_HOST: tcp://docker:2375
cache:
key: "assets-compile:production:v1"
artifacts:
@@ -53,9 +50,6 @@
- time scripts/build_assets_image
- scripts/clean-old-cached-assets
- rm -f /etc/apt/sources.list.d/google*.list # We don't need to update Chrome here
- tags:
- - gitlab-org
- - docker
gitlab:assets:compile pull-push-cache:
extends:
diff --git a/.gitlab/ci/global.gitlab-ci.yml b/.gitlab/ci/global.gitlab-ci.yml
index b557624d34525..9e566d78e9542 100644
--- a/.gitlab/ci/global.gitlab-ci.yml
+++ b/.gitlab/ci/global.gitlab-ci.yml
@@ -101,3 +101,15 @@
.as-if-foss:
variables:
FOSS_ONLY: '1'
+
+.use-docker-in-docker:
+ image: docker:${DOCKER_VERSION}
+ services:
+ - docker:${DOCKER_VERSION}-dind
+ variables:
+ DOCKER_DRIVER: overlay2
+ DOCKER_HOST: tcp://docker:2375
+ DOCKER_TLS_CERTDIR: ""
+ tags:
+ # See https://gitlab.com/gitlab-com/www-gitlab-com/-/issues/7019 for tag descriptions
+ - gitlab-org-docker
diff --git a/.gitlab/ci/reports.gitlab-ci.yml b/.gitlab/ci/reports.gitlab-ci.yml
index 77ad938a0ef78..b1343afdb5e6a 100644
--- a/.gitlab/ci/reports.gitlab-ci.yml
+++ b/.gitlab/ci/reports.gitlab-ci.yml
@@ -11,15 +11,14 @@ code_quality:
extends:
- .default-retry
- .reports:rules:code_quality
+ - .use-docker-in-docker
stage: test
needs: []
- image: docker:stable
allow_failure: true
- services:
- - docker:stable-dind
variables:
- DOCKER_DRIVER: overlay2
- DOCKER_TLS_CERTDIR: ""
+ # emptying DOCKER_HOST so it can be detected properly on kubernetes executor
+ # with the script below
+ DOCKER_HOST: ""
CODE_QUALITY_IMAGE: "registry.gitlab.com/gitlab-org/ci-cd/codequality:0.85.9"
script:
- |
@@ -50,6 +49,7 @@ sast:
extends:
- .default-retry
- .reports:rules:sast
+ - .use-docker-in-docker
stage: test
allow_failure: true
needs: []
@@ -59,14 +59,12 @@ sast:
reports:
sast: gl-sast-report.json
expire_in: 1 week # GitLab-specific
- image: docker:stable
variables:
- DOCKER_DRIVER: overlay2
- DOCKER_TLS_CERTDIR: ""
+ # emptying DOCKER_HOST so it can be detected properly on kubernetes executor
+ # with the script below
+ DOCKER_HOST: ""
SAST_BRAKEMAN_LEVEL: 2 # GitLab-specific
SAST_EXCLUDED_PATHS: qa,spec,doc,ee/spec # GitLab-specific
- services:
- - docker:stable-dind
script:
- export SAST_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')}
- |
@@ -89,16 +87,15 @@ dependency_scanning:
extends:
- .default-retry
- .reports:rules:dependency_scanning
+ - .use-docker-in-docker
stage: test
needs: []
- image: docker:stable
variables:
- DOCKER_DRIVER: overlay2
- DOCKER_TLS_CERTDIR: ""
+ # emptying DOCKER_HOST so it can be detected properly on kubernetes executor
+ # with the script below
+ DOCKER_HOST: ""
DS_EXCLUDED_PATHS: "qa/qa/ee/fixtures/secure_premade_reports,spec,ee/spec" # GitLab-specific
allow_failure: true
- services:
- - docker:stable-dind
script:
- export DS_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')}
- |
diff --git a/.gitlab/ci/review.gitlab-ci.yml b/.gitlab/ci/review.gitlab-ci.yml
index 8148b044eb46c..0ca27c52083b1 100644
--- a/.gitlab/ci/review.gitlab-ci.yml
+++ b/.gitlab/ci/review.gitlab-ci.yml
@@ -1,15 +1,9 @@
.review-docker:
extends:
- .default-retry
+ - .use-docker-in-docker
image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-qa-alpine-ruby-2.6
- services:
- - docker:19.03.0-dind
- tags:
- - gitlab-org
- - docker
variables:
- DOCKER_DRIVER: overlay2
- DOCKER_HOST: tcp://docker:2375
GITLAB_EDITION: "ce"
build-qa-image:
--
GitLab