From 0f57cdd75c71dc2d3e76d9676ce13cb11ea53362 Mon Sep 17 00:00:00 2001 From: Pierre Smeyers <pierre.smeyers@gmail.com> Date: Wed, 3 Apr 2024 08:23:07 +0200 Subject: [PATCH] fix(variants): use service containers "latest" image tag (vault, GCP & AWS) --- README.md | 6 +++--- kicker.json | 6 +++--- templates/gitlab-ci-docker-ecr.yml | 2 +- templates/gitlab-ci-docker-gcp.yml | 2 +- templates/gitlab-ci-docker-vault.yml | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index ef7cfc3..c6bfa8a 100644 --- a/README.md +++ b/README.md @@ -571,7 +571,7 @@ In order to be able to communicate with the Vault server, the variant requires t | Input / Variable | Description | Default value | | ----------------- | -------------------------------------- | ----------------- | -| `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master` | +| `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest` | | `vault-base-url` / `VAULT_BASE_URL` | The Vault server base API url | _none_ | | `vault-oidc-aud` / `VAULT_OIDC_AUD` | The `aud` claim for the JWT | `$CI_SERVER_URL` | | :lock: `VAULT_ROLE_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | **must be defined** | @@ -630,7 +630,7 @@ List of requirements before using this variant for publishing your container ima | Input / Variable | Description | Default value | | ------------------------ | -------------------------------------- | ----------------- | -| `TBC_GCP_PROVIDER_IMAGE` | The [GCP Auth Provider](https://gitlab.com/to-be-continuous/tools/gcp-auth-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:main` | +| `TBC_GCP_PROVIDER_IMAGE` | The [GCP Auth Provider](https://gitlab.com/to-be-continuous/tools/gcp-auth-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:latest` | | `gcp-oidc-aud` / `GCP_OIDC_AUD` | The `aud` claim for the JWT token | `$CI_SERVER_URL` | | `gcp-oidc-provider` / `GCP_OIDC_PROVIDER` | Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) | _none_ | | `gcp-oidc-account` / `GCP_OIDC_ACCOUNT` | Default Service Account to which impersonate with OpenID Connect authentication | _none_ | @@ -684,7 +684,7 @@ In order to use the AWS APIs, the variant supports two authentication methods: | Input / Variable | Description | Default value | | ------------------------ | -------------------------------------- | ----------------- | -| `TBC_AWS_PROVIDER_IMAGE` | The [AWS Auth Provider](https://gitlab.com/to-be-continuous/tools/aws-auth-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:master` | +| `TBC_AWS_PROVIDER_IMAGE` | The [AWS Auth Provider](https://gitlab.com/to-be-continuous/tools/aws-auth-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:latest` | | `aws-region` / `AWS_REGION` | Default region (where the ECR registry is located) | _none_ | | `aws-snapshot-region` / `AWS_SNAPSHOT_REGION` | Region of the ECR registry for the snapshot image _(only define to override default)_ | _none_ | | `aws-release-region` / `AWS_RELEASE_REGION` | Region of the ECR registry for the release image _(only define to override default)_ | _none_ | diff --git a/kicker.json b/kicker.json index 78f79b4..ffd0a49 100644 --- a/kicker.json +++ b/kicker.json @@ -237,7 +237,7 @@ { "name": "TBC_VAULT_IMAGE", "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use", - "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master", + "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest", "advanced": true }, { @@ -273,7 +273,7 @@ { "name": "TBC_GCP_PROVIDER_IMAGE", "description": "The [GCP Auth Provider](https://gitlab.com/to-be-continuous/tools/gcp-auth-provider) image to use", - "default": "registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:main", + "default": "registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:latest", "advanced": true }, { @@ -321,7 +321,7 @@ { "name": "TBC_AWS_PROVIDER_IMAGE", "description": "The [AWS Auth Provider](https://gitlab.com/to-be-continuous/tools/aws-auth-provider) image to use", - "default": "registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:master", + "default": "registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:latest", "advanced": true }, { diff --git a/templates/gitlab-ci-docker-ecr.yml b/templates/gitlab-ci-docker-ecr.yml index 87583d5..fb4be9a 100644 --- a/templates/gitlab-ci-docker-ecr.yml +++ b/templates/gitlab-ci-docker-ecr.yml @@ -33,7 +33,7 @@ spec: default: '' --- variables: - TBC_AWS_PROVIDER_IMAGE: registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:master + TBC_AWS_PROVIDER_IMAGE: registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:latest AWS_OIDC_AUD: $[[ inputs.aws-oidc-aud ]] AWS_REGION: $[[ inputs.aws-region ]] AWS_SNAPSHOT_REGION: $[[ inputs.aws-snapshot-region ]] diff --git a/templates/gitlab-ci-docker-gcp.yml b/templates/gitlab-ci-docker-gcp.yml index 7da4f37..a0cbd3d 100644 --- a/templates/gitlab-ci-docker-gcp.yml +++ b/templates/gitlab-ci-docker-gcp.yml @@ -32,7 +32,7 @@ spec: default: '' --- variables: - TBC_GCP_PROVIDER_IMAGE: registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:main + TBC_GCP_PROVIDER_IMAGE: registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:latest GCP_OIDC_AUD: $[[ inputs.gcp-oidc-aud ]] GCP_OIDC_ACCOUNT: $[[ inputs.gcp-oidc-account ]] GCP_OIDC_PROVIDER: $[[ inputs.gcp-oidc-provider ]] diff --git a/templates/gitlab-ci-docker-vault.yml b/templates/gitlab-ci-docker-vault.yml index 78c2c8f..4c5e1ac 100644 --- a/templates/gitlab-ci-docker-vault.yml +++ b/templates/gitlab-ci-docker-vault.yml @@ -12,7 +12,7 @@ spec: --- variables: # variabilized vault-secrets-provider image - TBC_VAULT_IMAGE: registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master + TBC_VAULT_IMAGE: registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest VAULT_BASE_URL: $[[ inputs.vault-base-url ]] # variables have to be explicitly declared in the YAML to be exported to the service VAULT_ROLE_ID: "$VAULT_ROLE_ID" -- GitLab