Skip to content
Snippets Groups Projects
Commit 8a0d56b7 authored by Benguria Elguezabal, Gorka's avatar Benguria Elguezabal, Gorka
Browse files

Merge remote-tracking branch 'upstream/master'

# Conflicts:
#	.gitlab-ci.yml
parents 1ee56dfc 042f506e
No related branches found
No related tags found
No related merge requests found
Pipeline #169116 passed
...@@ -352,7 +352,7 @@ the dynamically generated url. When detected by the template, it will use it as ...@@ -352,7 +352,7 @@ the dynamically generated url. When detected by the template, it will use it as
### Deployment output variables ### Deployment output variables
Each deployment job produces _output variables_ that are propagated to downstream jobs (using [dotenv artifacts](https://docs.gitlab.com/ee/ci/pipelines/job_artifacts.html#artifactsreportsdotenv)): Each deployment job produces _output variables_ that are propagated to downstream jobs (using [dotenv artifacts](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportsdotenv)):
* `$environment_type`: set to the type of environment (`review`, `integration`, `staging` or `production`), * `$environment_type`: set to the type of environment (`review`, `integration`, `staging` or `production`),
* `$environment_name`: the application name (see below), * `$environment_name`: the application name (see below),
...@@ -513,10 +513,12 @@ In order to be able to communicate with the Vault server, the variant requires t ...@@ -513,10 +513,12 @@ In order to be able to communicate with the Vault server, the variant requires t
| Input / Variable | Description | Default value | | Input / Variable | Description | Default value |
| ----------------- | -------------------------------------- | ----------------- | | ----------------- | -------------------------------------- | ----------------- |
| `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest` | | `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest` |
| `vault-base-url` / `VAULT_BASE_URL` | The Vault server base API url | _none_ | | `vault-base-url` / `VAULT_BASE_URL` | The Vault server base API url | **must be defined** |
| `vault-oidc-aud` / `VAULT_OIDC_AUD` | The `aud` claim for the JWT | `$CI_SERVER_URL` | | `vault-oidc-aud` / `VAULT_OIDC_AUD` | The `aud` claim for the JWT | `$CI_SERVER_URL` |
| :lock: `VAULT_ROLE_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | **must be defined** | | :lock: `VAULT_ROLE_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | _none_ |
| :lock: `VAULT_SECRET_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID | **must be defined** | | :lock: `VAULT_SECRET_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID | _none_ |
By default, the variant will authentifacte using a [JWT ID token](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html). To use [AppRole](https://www.vaultproject.io/docs/auth/approle) instead the `VAULT_ROLE_ID` and `VAULT_SECRET_ID` should be defined as secret project variables.
#### Usage #### Usage
...@@ -548,7 +550,6 @@ include: ...@@ -548,7 +550,6 @@ include:
# audience claim for JWT # audience claim for JWT
vault-oidc-aud: "https://vault.acme.host" vault-oidc-aud: "https://vault.acme.host"
vault-base-url: "https://vault.acme.host/v1" vault-base-url: "https://vault.acme.host/v1"
# $VAULT_ROLE_ID and $VAULT_SECRET_ID defined as a secret CI/CD variable
variables: variables:
# Secrets managed by Vault # Secrets managed by Vault
......
...@@ -27,7 +27,7 @@ if [[ "$curVer" ]]; then ...@@ -27,7 +27,7 @@ if [[ "$curVer" ]]; then
log_info "Bump version from \\e[33;1m${curVer}\\e[0m to \\e[33;1m${nextVer}\\e[0m (release type: $relType)..." log_info "Bump version from \\e[33;1m${curVer}\\e[0m to \\e[33;1m${nextVer}\\e[0m (release type: $relType)..."
# replace in README # replace in README
sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\/ref: \$nextVer\/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\"/ref: \"$nextVer\"/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next
mv -f README.md.next README.md mv -f README.md.next README.md
# replace in template and variants # replace in template and variants
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment