diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-20 21:38:24 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-20 21:38:24 +0300 |
commit | 983a0bba5d2a042c4a3bbb22432ec192c7501d82 (patch) | |
tree | b153cd387c14ba23bd5a07514c7c01fddf6a78a0 /lib/gitlab/ci | |
parent | a2bddee2cdb38673df0e004d5b32d9f77797de64 (diff) |
Add latest changes from gitlab-org/gitlab@12-10-stable-ee
Diffstat (limited to 'lib/gitlab/ci')
-rw-r--r-- | lib/gitlab/ci/jwt.rb | 95 | ||||
-rw-r--r-- | lib/gitlab/ci/status/bridge/factory.rb | 4 | ||||
-rw-r--r-- | lib/gitlab/ci/status/bridge/failed.rb | 12 | ||||
-rw-r--r-- | lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml | 2 | ||||
-rw-r--r-- | lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml | 2 | ||||
-rw-r--r-- | lib/gitlab/ci/templates/Managed-Cluster-Applications.gitlab-ci.yml | 4 | ||||
-rw-r--r-- | lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml | 2 |
7 files changed, 118 insertions, 3 deletions
diff --git a/lib/gitlab/ci/jwt.rb b/lib/gitlab/ci/jwt.rb new file mode 100644 index 00000000000..491facd0a43 --- /dev/null +++ b/lib/gitlab/ci/jwt.rb @@ -0,0 +1,95 @@ +# frozen_string_literal: true + +module Gitlab + module Ci + class Jwt + NOT_BEFORE_TIME = 5 + DEFAULT_EXPIRE_TIME = 60 * 5 + + def self.for_build(build) + self.new(build, ttl: build.metadata_timeout).encoded + end + + def initialize(build, ttl: nil) + @build = build + @ttl = ttl + end + + def payload + custom_claims.merge(reserved_claims) + end + + def encoded + headers = { kid: kid, typ: 'JWT' } + + JWT.encode(payload, key, 'RS256', headers) + end + + private + + attr_reader :build, :ttl, :key_data + + def reserved_claims + now = Time.now.to_i + + { + jti: SecureRandom.uuid, + iss: Settings.gitlab.host, + iat: now, + nbf: now - NOT_BEFORE_TIME, + exp: now + (ttl || DEFAULT_EXPIRE_TIME), + sub: "job_#{build.id}" + } + end + + def custom_claims + { + namespace_id: namespace.id.to_s, + namespace_path: namespace.full_path, + project_id: project.id.to_s, + project_path: project.full_path, + user_id: user&.id.to_s, + user_login: user&.username, + user_email: user&.email, + pipeline_id: build.pipeline.id.to_s, + job_id: build.id.to_s, + ref: source_ref, + ref_type: ref_type, + ref_protected: build.protected.to_s + } + end + + def key + @key ||= OpenSSL::PKey::RSA.new(Rails.application.secrets.openid_connect_signing_key) + end + + def public_key + key.public_key + end + + def kid + public_key.to_jwk[:kid] + end + + def project + build.project + end + + def namespace + project.namespace + end + + def user + build.user + end + + def source_ref + build.pipeline.source_ref + end + + def ref_type + ::Ci::BuildRunnerPresenter.new(build).ref_type + end + end + end +end diff --git a/lib/gitlab/ci/status/bridge/factory.rb b/lib/gitlab/ci/status/bridge/factory.rb index 910de865483..5d397dba0de 100644 --- a/lib/gitlab/ci/status/bridge/factory.rb +++ b/lib/gitlab/ci/status/bridge/factory.rb @@ -5,6 +5,10 @@ module Gitlab module Status module Bridge class Factory < Status::Factory + def self.extended_statuses + [Status::Bridge::Failed] + end + def self.common_helpers Status::Bridge::Common end diff --git a/lib/gitlab/ci/status/bridge/failed.rb b/lib/gitlab/ci/status/bridge/failed.rb new file mode 100644 index 00000000000..de7446c238c --- /dev/null +++ b/lib/gitlab/ci/status/bridge/failed.rb @@ -0,0 +1,12 @@ +# frozen_string_literal: true + +module Gitlab + module Ci + module Status + module Bridge + class Failed < Status::Build::Failed + end + end + end + end +end diff --git a/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml index 6b72db951ed..3949b87bbda 100644 --- a/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml @@ -1,6 +1,6 @@ build: stage: build - image: "registry.gitlab.com/gitlab-org/cluster-integration/auto-build-image:v0.2.1" + image: "registry.gitlab.com/gitlab-org/cluster-integration/auto-build-image:v0.2.2" variables: DOCKER_TLS_CERTDIR: "" services: diff --git a/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml index c6c8256b4bb..9bf0d31409a 100644 --- a/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml @@ -1,5 +1,5 @@ .auto-deploy: - image: "registry.gitlab.com/gitlab-org/cluster-integration/auto-deploy-image:v0.12.1" + image: "registry.gitlab.com/gitlab-org/cluster-integration/auto-deploy-image:v0.13.0" review: extends: .auto-deploy diff --git a/lib/gitlab/ci/templates/Managed-Cluster-Applications.gitlab-ci.yml b/lib/gitlab/ci/templates/Managed-Cluster-Applications.gitlab-ci.yml index 713b11c4d8f..54a29b04d39 100644 --- a/lib/gitlab/ci/templates/Managed-Cluster-Applications.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Managed-Cluster-Applications.gitlab-ci.yml @@ -1,6 +1,6 @@ apply: stage: deploy - image: "registry.gitlab.com/gitlab-org/cluster-integration/cluster-applications:v0.13.1" + image: "registry.gitlab.com/gitlab-org/cluster-integration/cluster-applications:v0.15.0" environment: name: production variables: @@ -17,6 +17,8 @@ apply: ELASTIC_STACK_VALUES_FILE: $CI_PROJECT_DIR/.gitlab/managed-apps/elastic-stack/values.yaml VAULT_VALUES_FILE: $CI_PROJECT_DIR/.gitlab/managed-apps/vault/values.yaml CROSSPLANE_VALUES_FILE: $CI_PROJECT_DIR/.gitlab/managed-apps/crossplane/values.yaml + FLUENTD_VALUES_FILE: $CI_PROJECT_DIR/.gitlab/managed-apps/fluentd/values.yaml + KNATIVE_VALUES_FILE: $CI_PROJECT_DIR/.gitlab/managed-apps/knative/values.yaml script: - gitlab-managed-apps /usr/local/share/gitlab-managed-apps/helmfile.yaml only: diff --git a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml index 717e91b3ae5..0ecf37b37a3 100644 --- a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml @@ -57,6 +57,8 @@ dependency_scanning: PIP_EXTRA_INDEX_URL \ PIP_REQUIREMENTS_FILE \ MAVEN_CLI_OPTS \ + GRADLE_CLI_OPTS \ + SBT_CLI_OPTS \ BUNDLER_AUDIT_UPDATE_DISABLED \ BUNDLER_AUDIT_ADVISORY_DB_URL \ BUNDLER_AUDIT_ADVISORY_DB_REF_NAME \ |