feat: use centralized service images (gitlab.com)

d218fff9 · Pierre Smeyers · ff324b9c · d218fff9 · d218fff9 · d218fff9
Commit d218fff9 authored Dec 8, 2023 by Pierre Smeyers
--- a/README.md
+++ b/README.md
@@ -554,7 +554,7 @@ In order to be able to communicate with the Vault server, the variant requires t
 | Name              | Description                            | Default value     |
 | ----------------- | -------------------------------------- | ----------------- |
-| `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master` |
+| `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master` |
 | `VAULT_BASE_URL`  | The Vault server base API url          | _none_ |
 | `VAULT_OIDC_AUD`  | The `aud` claim for the JWT | `$CI_SERVER_URL` |
 | :lock: `VAULT_ROLE_ID`   | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | **must be defined** |
@@ -616,7 +616,7 @@ List of requirements before using this variant for publishing your container ima
 | Name                     | description                            | default value     |
 | ------------------------ | -------------------------------------- | ----------------- |
-| `TBC_GCP_PROVIDER_IMAGE` | The [GCP Auth Provider](https://gitlab.com/to-be-continuous/tools/gcp-auth-provider) image to use (can be overridden) | `$CI_REGISTRY/to-be-continuous/tools/gcp-auth-provider:main` |
+| `TBC_GCP_PROVIDER_IMAGE` | The [GCP Auth Provider](https://gitlab.com/to-be-continuous/tools/gcp-auth-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:main` |
 | `GCP_OIDC_PROVIDER`      | Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) | _none_ |
 | `GCP_OIDC_ACCOUNT`       | Default Service Account to which impersonate with OpenID Connect authentication | _none_ |
 | `GCP_SNAPSHOT_OIDC_PROVIDER` | Workload Identity Provider to push the snapshot image _(only define if different from default)_ | _none_ |
@@ -673,7 +673,7 @@ In order to use the AWS APIs, the variant supports two authentication methods:
 | Name                     | description                            | default value     |
 | ------------------------ | -------------------------------------- | ----------------- |
-| `TBC_AWS_PROVIDER_IMAGE` | The [AWS Auth Provider](https://gitlab.com/to-be-continuous/tools/aws-auth-provider) image to use (can be overridden) | `$CI_REGISTRY/to-be-continuous/tools/aws-auth-provider:master` |
+| `TBC_AWS_PROVIDER_IMAGE` | The [AWS Auth Provider](https://gitlab.com/to-be-continuous/tools/aws-auth-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:master` |
 | `AWS_REGION`             | Default region (where the ECR registry is located) | _none_ |
 | `AWS_SNAPSHOT_REGION`    | Region of the ECR registry for the snapshot image _(only define if different from default)_ | _none_ |
 | `AWS_RELEASE_REGION`     | Region of the ECR registry for the release image _(only define if different from default)_ | _none_ |

--- a/kicker.json
+++ b/kicker.json
@@ -226,7 +226,7 @@
        {
          "name": "TBC_VAULT_IMAGE",
          "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",
-          "default": "$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master",
+          "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",
          "advanced": true
        },
        {
@@ -262,7 +262,7 @@
        {
          "name": "TBC_GCP_PROVIDER_IMAGE",
          "description": "The [GCP Auth Provider](https://gitlab.com/to-be-continuous/tools/gcp-auth-provider) image to use",
-          "default": "$CI_REGISTRY/to-be-continuous/tools/gcp-auth-provider:main",
+          "default": "registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:main",
          "advanced": true
        },
        {
@@ -304,7 +304,7 @@
        {
          "name": "TBC_AWS_PROVIDER_IMAGE",
          "description": "The [AWS Auth Provider](https://gitlab.com/to-be-continuous/tools/aws-auth-provider) image to use",
-          "default": "$CI_REGISTRY/to-be-continuous/tools/aws-auth-provider:master",
+          "default": "registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:master",
          "advanced": true
        },
        {

--- a/templates/gitlab-ci-docker-ecr.yml
+++ b/templates/gitlab-ci-docker-ecr.yml
@@ -2,7 +2,7 @@
 # === AWS Auth template variant
 # =====================================================================================================================
 variables:
-  TBC_AWS_PROVIDER_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/aws-auth-provider:master"
+  TBC_AWS_PROVIDER_IMAGE: "registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:master"
  AWS_OIDC_AUD: "$CI_SERVER_URL"
 .docker-base:

--- a/templates/gitlab-ci-docker-gcp.yml
+++ b/templates/gitlab-ci-docker-gcp.yml
@@ -2,7 +2,7 @@
 # === GCP Auth template variant
 # =====================================================================================================================
 variables:
-  TBC_GCP_PROVIDER_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/gcp-auth-provider:main"
+  TBC_GCP_PROVIDER_IMAGE: "registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:main"
  GCP_OIDC_AUD: "$CI_SERVER_URL"
 .docker-base:

--- a/templates/gitlab-ci-docker-vault.yml
+++ b/templates/gitlab-ci-docker-vault.yml
@@ -3,7 +3,7 @@
 # =====================================================================================================================
 variables:
  # variabilized vault-secrets-provider image
-  TBC_VAULT_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master"
+  TBC_VAULT_IMAGE: "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master"
  # variables have to be explicitly declared in the YAML to be exported to the service
  VAULT_ROLE_ID: "$VAULT_ROLE_ID"
  VAULT_SECRET_ID: "$VAULT_SECRET_ID"

--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -57,7 +57,7 @@ workflow:
 variables:
  # variabilized tracking image
-  TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master"
+  TBC_TRACKING_IMAGE: "registry.gitlab.com/to-be-continuous/tools/tracking:master"
  DOCKER_HADOLINT_IMAGE: "registry.hub.docker.com/hadolint/hadolint:latest-alpine"
  DOCKER_IMAGE: "registry.hub.docker.com/library/docker:latest"