1. Create an issue describing the bug or enhancement you want to propose (select the right issue template).
1. Create an issue describing the bug or enhancement you want to propose (select the right issue template).
2. Make sure the issue has been reviewed and agreed.
2. Make sure the issue has been reviewed and agreed.
3. Create a Merge Request, from your **own** fork (see [forking workflow](https://docs.gitlab.com/ee/user/project/repository/forking_workflow.html) documentation).
3. Create a Merge Request, from your **own** fork (see [forking workflow](https://docs.gitlab.com/user/project/repository/forking_workflow/) documentation).
Don't hesitate to mark your MR as `Draft` as long as you think it's not ready to be reviewed.
Don't hesitate to mark your MR as `Draft` as long as you think it's not ready to be reviewed.
When enabled, it deploys the result from upstream build stages to a dedicated and temporary environment.
When enabled, it deploys the result from upstream build stages to a dedicated and temporary environment.
It is only active for non-production, non-integration branches.
It is only active for non-production, non-integration branches.
It is a strict equivalent of GitLab's [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/) feature.
It is a strict equivalent of GitLab's [Review Apps](https://docs.gitlab.com/ci/review_apps/) feature.
It also comes with a _cleanup_ job (accessible either from the _environments_ page, or from the pipeline view).
It also comes with a _cleanup_ job (accessible either from the _environments_ page, or from the pipeline view).
...
@@ -244,8 +244,8 @@ Part of this complexity can be handled by the lookup strategies described above
...
@@ -244,8 +244,8 @@ Part of this complexity can be handled by the lookup strategies described above
*`${environment_type}`: the current environment type (`review`, `integration`, `staging` or `production`)
*`${environment_type}`: the current environment type (`review`, `integration`, `staging` or `production`)
*`${environment_name}`: the application name to use for the current environment (ex: `myproject-review-fix-bug-12` or `myproject-staging`)
*`${environment_name}`: the application name to use for the current environment (ex: `myproject-review-fix-bug-12` or `myproject-staging`)
*`${hostname}`: the environment hostname, extracted from the current environment url (after late variable expansion - see below)
*`${hostname}`: the environment hostname, extracted from the current environment url (after late variable expansion - see below)
2. any [GitLab CI variable](https://docs.gitlab.com/ee/ci/variables/predefined_variables.html)
2. any [GitLab CI variable](https://docs.gitlab.com/ci/variables/predefined_variables/)
3. any [custom variable](https://docs.gitlab.com/ee/ci/variables/#add-a-cicd-variable-to-a-docker-host)
3. any [custom variable](https://docs.gitlab.com/ci/variables/#add-a-cicd-variable-to-a-docker-host)
(ex: `${SECRET_TOKEN}` that you have set in your project CI/CD variables)
(ex: `${SECRET_TOKEN}` that you have set in your project CI/CD variables)
Be aware that environment variables may be freely used and substituted in [dotenv files](https://docs.docker.com/compose/environment-variables/env-file/)
Be aware that environment variables may be freely used and substituted in [dotenv files](https://docs.docker.com/compose/environment-variables/env-file/)
...
@@ -256,7 +256,7 @@ using the appropriate [interpolation syntax](https://docs.docker.com/compose/env
...
@@ -256,7 +256,7 @@ using the appropriate [interpolation syntax](https://docs.docker.com/compose/env
The Docker Compose template supports two ways of providing your environments url:
The Docker Compose template supports two ways of providing your environments url:
* a **static way**: when the environments url can be determined in advance, probably because you're exposing your routes through a DNS you manage,
* a **static way**: when the environments url can be determined in advance, probably because you're exposing your routes through a DNS you manage,
* a [**dynamic way**](https://docs.gitlab.com/ee/ci/environments/#set-a-dynamic-environment-url): when the url cannot be known before the
* a [**dynamic way**](https://docs.gitlab.com/ci/environments/#set-a-dynamic-environment-url): when the url cannot be known before the
deployment job is executed.
deployment job is executed.
The **static way** can be implemented simply by setting the appropriate configuration variable(s) depending on the environment (see environments configuration chapters):
The **static way** can be implemented simply by setting the appropriate configuration variable(s) depending on the environment (see environments configuration chapters):
...
@@ -285,7 +285,7 @@ the dynamically generated url. When detected by the template, it will use it as
...
@@ -285,7 +285,7 @@ the dynamically generated url. When detected by the template, it will use it as
### Deployment output variables
### Deployment output variables
Each deployment job produces _output variables_ that are propagated to downstream jobs (using [dotenv artifacts](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportsdotenv)):
Each deployment job produces _output variables_ that are propagated to downstream jobs (using [dotenv artifacts](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportsdotenv)):
*`$environment_type`: set to the type of environment (`review`, `integration`, `staging` or `production`),
*`$environment_type`: set to the type of environment (`review`, `integration`, `staging` or `production`),
*`$environment_name`: the application name (see below),
*`$environment_name`: the application name (see below),
...
@@ -301,12 +301,12 @@ You may also add and propagate your own custom variables, by pushing them to the
...
@@ -301,12 +301,12 @@ You may also add and propagate your own custom variables, by pushing them to the
Here are some advices about your **secrets** (variables marked with a :lock:):
Here are some advices about your **secrets** (variables marked with a :lock:):
1. Manage them as [project or group CI/CD variables](https://docs.gitlab.com/ee/ci/variables/#add-a-cicd-variable-to-a-docker-host):
1. Manage them as [project or group CI/CD variables](https://docs.gitlab.com/ci/variables/#add-a-cicd-variable-to-a-docker-host):
*[**masked**](https://docs.gitlab.com/ee/ci/variables/#mask-a-cicd-variable) to prevent them from being inadvertently
*[**masked**](https://docs.gitlab.com/ci/variables/#mask-a-cicd-variable) to prevent them from being inadvertently
displayed in your job logs,
displayed in your job logs,
*[**protected**](https://docs.gitlab.com/ee/ci/variables/#protected-cicd-variables) if you want to secure some secrets
*[**protected**](https://docs.gitlab.com/ci/variables/#protected-cicd-variables) if you want to secure some secrets
you don't want everyone in the project to have access to (for instance production secrets).
you don't want everyone in the project to have access to (for instance production secrets).
2. In case a secret contains [characters that prevent it from being masked](https://docs.gitlab.com/ee/ci/variables/#mask-a-cicd-variable),
2. In case a secret contains [characters that prevent it from being masked](https://docs.gitlab.com/ci/variables/#mask-a-cicd-variable),
simply define its value as the [Base64](https://en.wikipedia.org/wiki/Base64) encoded value prefixed with `@b64@`:
simply define its value as the [Base64](https://en.wikipedia.org/wiki/Base64) encoded value prefixed with `@b64@`:
it will then be possible to mask it and the template will automatically decode it prior to using it.
it will then be possible to mask it and the template will automatically decode it prior to using it.
3. Don't forget to escape special characters (ex: `$` -> `$$`).
3. Don't forget to escape special characters (ex: `$` -> `$$`).
...
@@ -319,7 +319,7 @@ The Docker Compose template uses some global configuration used throughout all j
...
@@ -319,7 +319,7 @@ The Docker Compose template uses some global configuration used throughout all j
| `image` / `DCMP_IMAGE` | The Docker image used to run Docker Compose CLI commands | `registry.hub.docker.com/library/docker:latest`<br/>[](https://to-be-continuous.gitlab.io/doc/secu/trivy-DCMP_IMAGE) |
| `image` / `DCMP_IMAGE` | The Docker image used to run Docker Compose CLI commands | `registry.hub.docker.com/library/docker:latest`<br/>[](https://to-be-continuous.gitlab.io/doc/secu/trivy-DCMP_IMAGE) |
| `cmd` / `DCMP_CMD` | The docker compose or stack command (`docker compose`, `docker-compose` or `docker stack`) | _none_ (auto) |
| `cmd` / `DCMP_CMD` | The docker compose or stack command (`docker compose`, `docker-compose` or `docker stack`) | _none_ (auto) |
| `base-app-name` / `DCMP_BASE_APP_NAME`| Base application name | `$CI_PROJECT_NAME` ([see GitLab doc](https://docs.gitlab.com/ee/ci/variables/predefined_variables.html)) |
| `base-app-name` / `DCMP_BASE_APP_NAME`| Base application name | `$CI_PROJECT_NAME` ([see GitLab doc](https://docs.gitlab.com/ci/variables/predefined_variables/)) |