[go: up one dir, main page]

Draft: Test delivery metrics secret

Reuben Pereirarequested to merge
rp/test-secrets1 into master

What does this MR do and why?

Describe in detail what your merge request does and why.

Content

  • Test including in templates

  • moving the templates.gitlab-ci.yml include

  • moving the include files around

  • moving the secrets.gitlab-ci.yml include and fixing workflow.gitlab

  • configuring the .common-ci-tokens job

We will be loading shared and protected tokens by extending the .common-ci-tokens job. This job will be defined in different files, this is being done because the tokens are stored in different locations in vault. The file is included based on the $CI_SERVER_HOST and whether the $CI_COMMIT_REF_PROTECTED is true or false. These rules are defined in the templates.gitlab-ci.yml.

  • removing unneeded extend

  • configuring the .common-ci-tokens job

We will be loading shared and protected tokens by extending the .common-ci-tokens job. This job will be defined in different files, this is being done because the tokens are stored in different locations in vault. The file is included based on the $CI_SERVER_HOST and whether the $CI_COMMIT_REF_PROTECTED is true or false. These rules are defined in the templates.gitlab-ci.yml.

  • commit with protected branch and disabled merge result pipelines

  • use include with rules:if to add vault tokens

When adding tokens from vault we need to add tokens based on the instance (.com or ops). We will be selecting which file to include based on the CI_SERVER_HOST

  • testing with an unprotected secret

use include with rules:if to add vault tokens

When adding tokens from vault we need to add tokens based on the instance (.com or ops). We will be selecting which file to include based on the CI_SERVER_HOST

  • amend the .id-tokens extended job

  • remove the full path

switch to a protected branch

  • removing the full path

  • use include with rules:if to add vault tokens

When adding tokens from vault we need to add tokens based on the instance (.com or ops). We will be selecting which file to include based on the CI_SERVER_HOST

  • use include with rules:if to add vault tokens

When adding tokens from vault we need to add tokens based on the instance (.com or ops). We will be selecting which file to include based on the CI_SERVER_HOST

testing with an unprotected secret

  • use include with rules:if to add vault tokens

When adding tokens from vault we need to add tokens based on the instance (.com or ops). We will be selecting which file to include based on the CI_SERVER_HOST

squash cleaning

  • protected branch with CI_SERVER_URL rule

  • test with a protected branch

  • add the secrets to the delivery-metrics-ops job

  • test secrets in a single job

  • remove .with-bundle from release-managers: test

remove .with-bundle from jobs with only: key for tests

  • add rules to execute secret jobs on ops only

  • Draft: add delivery metrics secret

Use the secrets keyword to read the DELIVERY_METRICS_TOKEN from vault and store it as a CI variable.

Related Issue: gitlab-com/gl-infra/delivery#20257 (closed)

Author Check-list

  • Has documentation been updated?

Merge request reports