From 8d588eaa6576fb0e0949f5caaf15d26cd9e2232e Mon Sep 17 00:00:00 2001
From: Dat Tang <dattang@gitlab.com>
Date: Fri, 28 Jun 2024 08:23:23 +0200
Subject: [PATCH] Correct image tags in VERSIONS variable
The images built in security mirror has no `security` in the image tag,
but only in the registry link. Thus, this change implement it, so that
when passing to the `release-environments` pipeline, the right version
tags are used.
---
.gitlab/ci/cng/security.gitlab-ci.yml | 4 +---
.gitlab/ci/release-environments.gitlab-ci.yml | 2 +-
...construct-release-environments-versions.rb | 23 ++++++++++++-------
3 files changed, 17 insertions(+), 12 deletions(-)
diff --git a/.gitlab/ci/cng/security.gitlab-ci.yml b/.gitlab/ci/cng/security.gitlab-ci.yml
index 3f61a2879f749..37cb32ea440cd 100644
--- a/.gitlab/ci/cng/security.gitlab-ci.yml
+++ b/.gitlab/ci/cng/security.gitlab-ci.yml
@@ -1,6 +1,3 @@
-# Similar to .gitlab/ci/cng/main.gitlab-ci.yml, to be used in security mirror pipelines
-# Used by .gitlab/ci/release-environments.gitlab-ci.yml
-# Images from the security mirror should be built in gitlab-org/security/charts/components/images
---
default:
interruptible: true
@@ -29,6 +26,7 @@ include:
- echo "GITLAB_ASSETS_TAG=$(assets_image_tag)" >> $BUILD_ENV
- ruby -e 'puts "FULL_RUBY_VERSION=#{RUBY_VERSION}"' >> $BUILD_ENV
- cat $BUILD_ENV
+ - echo "CI_PROJECT_NAMESPACE is defined as ${CI_PROJECT_NAMESPACE}"
artifacts:
reports:
dotenv: $BUILD_ENV
diff --git a/.gitlab/ci/release-environments.gitlab-ci.yml b/.gitlab/ci/release-environments.gitlab-ci.yml
index 3de91d5e339d8..bcd1a3b047c3b 100644
--- a/.gitlab/ci/release-environments.gitlab-ci.yml
+++ b/.gitlab/ci/release-environments.gitlab-ci.yml
@@ -46,7 +46,7 @@ start-release-environments-security-pipeline:
# They need to be explicitly passed on to the child pipeline.
# https://docs.gitlab.com/ee/ci/pipelines/multi_project_pipelines.html#pass-cicd-variables-to-a-downstream-pipeline-by-using-the-variables-keyword
variables:
- # This is needed by `release-environments-build-cng-env` (`.gitlab/ci/release-environments/main.gitlab-ci.yml`).
+ # This is needed by `release-environments-build-cng-env` (`.gitlab/ci/release-environments/security.gitlab-ci.yml`).
PARENT_PIPELINE_ID: $CI_PIPELINE_ID
trigger:
strategy: depend
diff --git a/scripts/release_environment/construct-release-environments-versions.rb b/scripts/release_environment/construct-release-environments-versions.rb
index 6996fc49c2801..095a541e57fd2 100755
--- a/scripts/release_environment/construct-release-environments-versions.rb
+++ b/scripts/release_environment/construct-release-environments-versions.rb
@@ -21,7 +21,7 @@ class ReleaseEnvironmentsModel
def generate_json
output_json = {}
COMPONENTS.each do |component|
- output_json[component.to_s] = "#{environment}-#{ENV['CI_COMMIT_SHORT_SHA']}"
+ output_json[component.to_s] = image_tag.to_s
end
JSON.generate(output_json)
end
@@ -42,15 +42,22 @@ def environment
@environment ||= generate_environment
end
+ def image_tag
+ @image_tag ||= "#{environment_base}-#{ENV['CI_COMMIT_SHORT_SHA']}"
+ end
+
def generate_environment
- environment = if release_tag_match
- "#{release_tag_match[1]}-#{release_tag_match[2]}-stable"
- else
- ENV['CI_COMMIT_REF_SLUG'].sub(/-ee$/, '')
- end
+ base = environment_base
+ base + (security_project? ? "-security" : "")
+ end
- environment += "-security" if security_project?
- environment
+ # This is to generate the environment name without "-security". It is used by the image tag
+ def environment_base
+ @environment_base ||= if release_tag_match
+ "#{release_tag_match[1]}-#{release_tag_match[2]}-stable"
+ else
+ ENV['CI_COMMIT_REF_SLUG'].sub(/-ee$/, '')
+ end
end
private
--
GitLab