Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
bc872593ce
commit
4a6e201d83
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
title: Add '!reference' YAML tag to help merge CI configurations
|
||||||
|
merge_request: 54198
|
||||||
|
author:
|
||||||
|
type: added
|
|
@ -1,8 +0,0 @@
|
||||||
---
|
|
||||||
name: ci_custom_yaml_tags
|
|
||||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/52104
|
|
||||||
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/300155
|
|
||||||
milestone: '13.9'
|
|
||||||
type: development
|
|
||||||
group: group::pipeline authoring
|
|
||||||
default_enabled: false
|
|
|
@ -144,41 +144,10 @@ will take to finish syncing. An example message would be:
|
||||||
|
|
||||||
## Prevent updates to the **primary** node
|
## Prevent updates to the **primary** node
|
||||||
|
|
||||||
Until a [read-only mode](https://gitlab.com/gitlab-org/gitlab/-/issues/14609) is implemented, updates must be prevented
|
To ensure that all data is replicated to a secondary site, updates (write requests) need to
|
||||||
from happening manually. Note that your **secondary** node still needs read-only
|
be disabled on the primary site:
|
||||||
access to the **primary** node during the maintenance window.
|
|
||||||
|
|
||||||
1. At the scheduled time, using your cloud provider or your node's firewall, block
|
1. Enable [maintenance mode](../../maintenance_mode/index.md).
|
||||||
all HTTP, HTTPS and SSH traffic to/from the **primary** node, **except** for your IP and
|
|
||||||
the **secondary** node's IP.
|
|
||||||
|
|
||||||
For instance, you might run the following commands on the server(s) making up your **primary** node:
|
|
||||||
|
|
||||||
```shell
|
|
||||||
sudo iptables -A INPUT -p tcp -s <secondary_node_ip> --destination-port 22 -j ACCEPT
|
|
||||||
sudo iptables -A INPUT -p tcp -s <your_ip> --destination-port 22 -j ACCEPT
|
|
||||||
sudo iptables -A INPUT --destination-port 22 -j REJECT
|
|
||||||
|
|
||||||
sudo iptables -A INPUT -p tcp -s <secondary_node_ip> --destination-port 80 -j ACCEPT
|
|
||||||
sudo iptables -A INPUT -p tcp -s <your_ip> --destination-port 80 -j ACCEPT
|
|
||||||
sudo iptables -A INPUT --tcp-dport 80 -j REJECT
|
|
||||||
|
|
||||||
sudo iptables -A INPUT -p tcp -s <secondary_node_ip> --destination-port 443 -j ACCEPT
|
|
||||||
sudo iptables -A INPUT -p tcp -s <your_ip> --destination-port 443 -j ACCEPT
|
|
||||||
sudo iptables -A INPUT --tcp-dport 443 -j REJECT
|
|
||||||
```
|
|
||||||
|
|
||||||
From this point, users will be unable to view their data or make changes on the
|
|
||||||
**primary** node. They will also be unable to log in to the **secondary** node.
|
|
||||||
However, existing sessions will work for the remainder of the maintenance period, and
|
|
||||||
public data will be accessible throughout.
|
|
||||||
|
|
||||||
1. Verify the **primary** node is blocked to HTTP traffic by visiting it in browser via
|
|
||||||
another IP. The server should refuse connection.
|
|
||||||
|
|
||||||
1. Verify the **primary** node is blocked to Git over SSH traffic by attempting to pull an
|
|
||||||
existing Git repository with an SSH remote URL. The server should refuse
|
|
||||||
connection.
|
|
||||||
|
|
||||||
1. Disable non-Geo periodic background jobs on the **primary** node by navigating
|
1. Disable non-Geo periodic background jobs on the **primary** node by navigating
|
||||||
to **Admin Area > Monitoring > Background Jobs > Cron**, pressing `Disable All`,
|
to **Admin Area > Monitoring > Background Jobs > Cron**, pressing `Disable All`,
|
||||||
|
|
|
@ -4600,13 +4600,6 @@ into templates.
|
||||||
### `!reference` tags
|
### `!reference` tags
|
||||||
|
|
||||||
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/266173) in GitLab 13.9.
|
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/266173) in GitLab 13.9.
|
||||||
> - It's [deployed behind a feature flag](../../user/feature_flags.md), disabled by default.
|
|
||||||
> - It's disabled on GitLab.com.
|
|
||||||
> - It's not recommended for production use.
|
|
||||||
> - To use it in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-reference-tags). **(FREE SELF)**
|
|
||||||
|
|
||||||
WARNING:
|
|
||||||
This feature might not be available to you. Check the **version history** note above for details.
|
|
||||||
|
|
||||||
Use the `!reference` custom YAML tag to select keyword configuration from other job
|
Use the `!reference` custom YAML tag to select keyword configuration from other job
|
||||||
sections and reuse it in the current section. Unlike [YAML anchors](#anchors), you can
|
sections and reuse it in the current section. Unlike [YAML anchors](#anchors), you can
|
||||||
|
@ -4666,25 +4659,6 @@ test-vars-2:
|
||||||
You can't reuse a section that already includes a `!reference` tag. Only one level
|
You can't reuse a section that already includes a `!reference` tag. Only one level
|
||||||
of nesting is supported.
|
of nesting is supported.
|
||||||
|
|
||||||
#### Enable or disable `!reference` tags **(FREE SELF)**
|
|
||||||
|
|
||||||
The `!reference` tag is under development and not ready for production use. It is
|
|
||||||
deployed behind a feature flag that is **disabled by default**.
|
|
||||||
[GitLab administrators with access to the GitLab Rails console](../../administration/feature_flags.md)
|
|
||||||
can enable it.
|
|
||||||
|
|
||||||
To enable it:
|
|
||||||
|
|
||||||
```ruby
|
|
||||||
Feature.enable(:ci_custom_yaml_tags)
|
|
||||||
```
|
|
||||||
|
|
||||||
To disable it:
|
|
||||||
|
|
||||||
```ruby
|
|
||||||
Feature.disable(:ci_custom_yaml_tags)
|
|
||||||
```
|
|
||||||
|
|
||||||
## Skip Pipeline
|
## Skip Pipeline
|
||||||
|
|
||||||
To push a commit without triggering a pipeline, add `[ci skip]` or `[skip ci]`, using any
|
To push a commit without triggering a pipeline, add `[ci skip]` or `[skip ci]`, using any
|
||||||
|
|
|
@ -90,15 +90,7 @@ module Gitlab
|
||||||
end
|
end
|
||||||
|
|
||||||
def build_config(config)
|
def build_config(config)
|
||||||
if ::Feature.enabled?(:ci_custom_yaml_tags, @context.project, default_enabled: :yaml)
|
initial_config = Config::Yaml.load!(config)
|
||||||
build_config_with_custom_tags(config)
|
|
||||||
else
|
|
||||||
build_config_without_custom_tags(config)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def build_config_with_custom_tags(config)
|
|
||||||
initial_config = Config::Yaml.load!(config, project: @context.project)
|
|
||||||
initial_config = Config::External::Processor.new(initial_config, @context).perform
|
initial_config = Config::External::Processor.new(initial_config, @context).perform
|
||||||
initial_config = Config::Extendable.new(initial_config).to_hash
|
initial_config = Config::Extendable.new(initial_config).to_hash
|
||||||
initial_config = Config::Yaml::Tags::Resolver.new(initial_config).to_hash
|
initial_config = Config::Yaml::Tags::Resolver.new(initial_config).to_hash
|
||||||
|
@ -107,15 +99,6 @@ module Gitlab
|
||||||
initial_config
|
initial_config
|
||||||
end
|
end
|
||||||
|
|
||||||
def build_config_without_custom_tags(config)
|
|
||||||
initial_config = Gitlab::Config::Loader::Yaml.new(config).load!
|
|
||||||
initial_config = Config::External::Processor.new(initial_config, @context).perform
|
|
||||||
initial_config = Config::Extendable.new(initial_config).to_hash
|
|
||||||
initial_config = Config::EdgeStagesInjector.new(initial_config).to_hash
|
|
||||||
|
|
||||||
initial_config
|
|
||||||
end
|
|
||||||
|
|
||||||
def build_context(project:, sha:, user:, parent_pipeline:)
|
def build_context(project:, sha:, user:, parent_pipeline:)
|
||||||
Config::External::Context.new(
|
Config::External::Context.new(
|
||||||
project: project,
|
project: project,
|
||||||
|
|
|
@ -60,11 +60,7 @@ module Gitlab
|
||||||
|
|
||||||
def content_hash
|
def content_hash
|
||||||
strong_memoize(:content_yaml) do
|
strong_memoize(:content_yaml) do
|
||||||
if ::Feature.enabled?(:ci_custom_yaml_tags, context.project, default_enabled: :yaml)
|
|
||||||
::Gitlab::Ci::Config::Yaml.load!(content)
|
::Gitlab::Ci::Config::Yaml.load!(content)
|
||||||
else
|
|
||||||
Gitlab::Config::Loader::Yaml.new(content).load!
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
rescue Gitlab::Config::Loader::FormatError
|
rescue Gitlab::Config::Loader::FormatError
|
||||||
nil
|
nil
|
||||||
|
|
|
@ -7,7 +7,7 @@ module Gitlab
|
||||||
AVAILABLE_TAGS = [Config::Yaml::Tags::Reference].freeze
|
AVAILABLE_TAGS = [Config::Yaml::Tags::Reference].freeze
|
||||||
|
|
||||||
class << self
|
class << self
|
||||||
def load!(content, project: nil)
|
def load!(content)
|
||||||
ensure_custom_tags
|
ensure_custom_tags
|
||||||
|
|
||||||
Gitlab::Config::Loader::Yaml.new(content, additional_permitted_classes: AVAILABLE_TAGS).load!
|
Gitlab::Config::Loader::Yaml.new(content, additional_permitted_classes: AVAILABLE_TAGS).load!
|
||||||
|
|
Loading…
Reference in New Issue