Final slides for 20231114

Author: nicholasdille

160_gitlab_ci/000_rollout/bootstrap.sh

@@ -11,8 +11,8 @@ if test -f .env; then
 fi
 
 export GIT_USER=seat
-export GIT_EMAIL="seat@seat${SEAT_INDEX}.inmylab.de"
-export GIT_CRED="https://seat:${SEAT_PASS}@gitlab.seat${SEAT_INDEX}.inmylab.de"
+export GIT_EMAIL="seat@seat${SEAT_INDEX}.${DOMAIN}"
+export GIT_CRED="https://seat:${SEAT_PASS}@gitlab.seat${SEAT_INDEX}.${DOMAIN}"
 
 echo
 echo "### Removing previous deployment on seat ${SEAT_INDEX}"
@@ -145,17 +145,17 @@ if ! docker compose exec -T gitlab \
     echo "done."
 fi
 git config --global user.name "seat"
-git config --global user.email "seat@seat${SEAT_INDEX}.inmylab.de"
+git config --global user.email "seat@seat${SEAT_INDEX}.${DOMAIN}"
 git config --global credential.helper store
-echo "https://seat:${SEAT_PASS}@gitlab.seat${SEAT_INDEX}.inmylab.de" >"${HOME}/.git-credentials"
+echo "https://seat:${SEAT_PASS}@gitlab.seat${SEAT_INDEX}.${DOMAIN}" >"${HOME}/.git-credentials"
 if test -d /tmp/demo; then
     rm -rf /tmp/demo
 fi
 (
     mkdir -p /tmp/demo
     cd /tmp/demo
     git clone https://github.com/nicholasdille/container-slides .
-    git remote add downstream "https://gitlab.seat${SEAT_INDEX}.inmylab.de/seat/demo"
+    git remote add downstream "https://gitlab.seat${SEAT_INDEX}.${DOMAIN}/seat/demo"
     CURRENT_BRANCH="$(git branch --show-current)"
     git branch --remotes --list \
     | grep -v downstream \
@@ -188,7 +188,7 @@ echo
 echo "### Retrieving runner registration token on seat ${SEAT_INDEX}"
 export REGISTRATION_TOKEN="$(
     curl \
-        --url "https://gitlab.seat${SEAT_INDEX}/api/v4/user/runners" \
+        --url "https://gitlab.seat${SEAT_INDEX}.${DOMAIN}/api/v4/user/runners" \
         --silent \
         --show-error \
         --request POST \

160_gitlab_ci/000_rollout/compose.yaml

@@ -217,10 +217,10 @@ services:
       traefik.http.routers.registry-s.service: registry
       traefik.http.routers.registry-s.tls: "true"
       # SSH: service port
-      traefik.tcp.services.ssh.loadbalancer.server.port: 2222
+      traefik.tcp.services.ssh.loadbalancer.server.port: 22
       # SSH: TLS passthrough
       traefik.tcp.routers.ssh.entrypoints: ssh
-      traefik.tcp.routers.ssh.rule: HostSNI(`gitlab.${DOMAIN:?You must supply DOMAIN}`)
+      traefik.tcp.routers.ssh.rule: HostSNI(`*`)
       traefik.tcp.routers.ssh.service: ssh
       traefik.tcp.routers.ssh.tls.passthrough: "true"
 

160_gitlab_ci/010_jobs_and_stages/slides.md

@@ -121,7 +121,7 @@ docker run --interactive --tty --rm \
 1. Add files to root of project:
 
     ```bash
-    git checkout 160_gitlab_ci/010_jobs_and_stages/build -- '*'
+    git checkout origin/160_gitlab_ci/010_jobs_and_stages/build -- '*'
     ```
     <!-- .element: style="width: 40em;" -->
 
@@ -136,7 +136,7 @@ docker run --interactive --tty --rm \
 1. Add `lint/.gitlab-ci.yml` to root of project:
 
     ```bash
-    git checkout 160_gitlab_ci/010_jobs_and_stages/lint -- '*'
+    git checkout origin/160_gitlab_ci/010_jobs_and_stages/lint -- '*'
     ```
     <!-- .element: style="width: 40em;" -->
 
@@ -151,7 +151,7 @@ docker run --interactive --tty --rm \
 1. Add `parallel/.gitlab-ci.yml` to root of project:
 
     ```bash
-    git checkout 160_gitlab_ci/010_jobs_and_stages/parallel -- '*'
+    git checkout origin/160_gitlab_ci/010_jobs_and_stages/parallel -- '*'
     ```
     <!-- .element: style="width: 40em;" -->
 

160_gitlab_ci/020_variables/ci.md

@@ -10,6 +10,8 @@ Available in project-, group- and instance-level
 
 Careful with protected variables
 
+Loops are detected, e.g. `FOO=$BAR` and `BAR=$FOO`
+
 ---
 
 ## Hands-On [<i class="fa fa-comment-code"></i>](https://github.com/nicholasdille/container-slides/tree/160_gitlab_ci/020_variables/ci "020_variables/ci")
@@ -32,7 +34,7 @@ Careful with protected variables
 1. Fetch change:
 
     ```bash
-    git checkout 160_gitlab_ci/020_variables/ci -- '*'
+    git checkout origin/160_gitlab_ci/020_variables/ci -- '*'
     ```
     <!-- .element: style="width: 47em;" -->
 

160_gitlab_ci/020_variables/predefined.md

@@ -15,7 +15,7 @@ Some help interacting with the GitLab server
 1. Remove `variables` directive
 
     ```bash
-    git checkout 160_gitlab_ci/020_variables/predefined -- '*'
+    git checkout origin/160_gitlab_ci/020_variables/predefined -- '*'
     ```
     <!-- .element: style="width: 35em;" -->
 

160_gitlab_ci/020_variables/slides.md

@@ -21,7 +21,7 @@ Variables [](https://docs.gitlab.com/ee/ci/yaml/#variables) can be...
 1. Update files:
 
     ```yaml
-    git checkout 160_gitlab_ci/020_variables/inline -- '*'
+    git checkout origin/160_gitlab_ci/020_variables/inline -- '*'
     ```
     <!-- .element: style="width: 40em;" -->
 

160_gitlab_ci/030_script_blocks/slides.md

@@ -33,6 +33,8 @@ job_name:
 
 `after_script` runs even if the job failed (useful for cleanup)
 
+Beware of collapsed multi-line commands in the job log
+
 ---
 
 ## Hands-On [<i class="fa fa-comment-code"></i>](https://github.com/nicholasdille/container-slides/tree/160_gitlab_ci/030_script_blocks "030_script_blocks")
@@ -48,7 +50,7 @@ Move `apk` operations into `before_script`
 See new `.gitlab-ci.yml`:
 
 ```bash
-git checkout 160_gitlab_ci/030_script_blocks -- '*'
+git checkout origin/160_gitlab_ci/030_script_blocks -- '*'
 ```
 
 Yes, this is still repetetive <i class="fa-duotone fa-face-smile-tongue fa-duotone-colors"></i>

160_gitlab_ci/040_image/slides.md

@@ -18,6 +18,10 @@ Do not use community images
 
 Avoid maintaining custom image
 
+### Image allowlist
+
+XXX [](https://docs.gitlab.com/runner/executors/kubernetes.html#restrict-docker-images-and-services)
+
 ---
 
 ## Hands-On [<i class="fa fa-comment-code"></i>](https://github.com/nicholasdille/container-slides/tree/160_gitlab_ci/040_image "040_image")
@@ -30,5 +34,5 @@ Use `image` instead of `before_script`
 See new `.gitlab-ci.yml`:
 
 ```bash
-git checkout 160_gitlab_ci/040_image -- '*'
+git checkout origin/160_gitlab_ci/040_image -- '*'
 ```

160_gitlab_ci/050_defaults/slides.md

@@ -17,9 +17,13 @@ Apply settings to all jobs using `default` [](https://docs.gitlab.com/ee/ci/yaml
 - `after_script`
 - and some more we will explore later <i class="fa-duotone fa-face-smile-halo fa-duotone-colors"></i>
 
+### Global variables
+
+XXX separate field `variables`
+
 ---
 
-## Hands-On [<i class="fa fa-comment-code"></i>]https://github.com/nicholasdille/container-slides/tree/160_gitlab_ci/050_default "050_default")
+## Hands-On [<i class="fa fa-comment-code"></i>](https://github.com/nicholasdille/container-slides/tree/160_gitlab_ci/050_default "050_default")
 
 1. Add `default` for `image`
 1. Remove `image` from all jobs
@@ -28,5 +32,5 @@ Apply settings to all jobs using `default` [](https://docs.gitlab.com/ee/ci/yaml
 See new `.gitlab-ci.yml`:
 
 ```bash
-git checkout 160_gitlab_ci/050_default -- '*'
+git checkout origin/160_gitlab_ci/050_default -- '*'
 ```

160_gitlab_ci/060_artifacts/slides.md

@@ -28,6 +28,8 @@ Add untracked files
 
 `artifacts` can be in `default` [<i class="fa-solid fa-arrow-right-to-bracket"></i>](#/gitlab_default)
 
+Circular dependencies are detected
+
 ---
 
 ## Hands-On [<i class="fa fa-comment-code"></i>](https://github.com/nicholasdille/container-slides/tree/160_gitlab_ci/060_artifact "060_artifact")
@@ -42,7 +44,7 @@ Test binary in a new job and stage
 See new `.gitlab-ci.yml`:
 
 ```bash
-git checkout 160_gitlab_ci/060_artifact -- '*'
+git checkout origin/160_gitlab_ci/060_artifact -- '*'
 ```
 
 ---

160_gitlab_ci/070_schedules/slides.md

@@ -18,6 +18,10 @@ Scheduled pipelines run on a specific branch...
 
 Creator is referenced and shown as the triggerer
 
+Creator must have role Developer or have merge permissions on protected branches
+
+Maximum frequency configured during instance rollout [](https://docs.gitlab.com/ee/administration/cicd.html#change-maximum-scheduled-pipeline-frequency)
+
 ### Hands-On
 
 1. Schedule pipeline to run in 5 minutes

160_gitlab_ci/100_environments/slides.md

@@ -35,7 +35,7 @@ WebDAV endpoints emulate deployment targets
 See new `.gitlab-ci.yml`:
 
 ```bash
-git checkout 160_gitlab_ci/100_environments/demo1 -- '*'
+git checkout origin/160_gitlab_ci/100_environments/demo1 -- '*'
 ```
 
 ---
@@ -60,15 +60,38 @@ Branches can be used to represent target environments:
 See new `.gitlab-ci.yml`:
 
 ```bash
-git checkout 160_gitlab_ci/100_environments/demo2 -- '*'
+git checkout origin/160_gitlab_ci/100_environments/demo2 -- '*'
 ```
 
 ---
 
-## Pro tip: Disposable environments a.k.a. review apps
+## Pro tip: Disposable environments
 
 Additonal use of environments: disposable review apps
 
 Environments can have a [stop action](https://docs.gitlab.com/ee/ci/environments/index.html#stopping-an-environment) for disposal
 
 Environments can have an [expiration time](https://docs.gitlab.com/ee/ci/yaml/#environmentauto_stop_in)
+
+```yaml
+vscode:
+  when: manual
+  environment:
+    name: quick-help
+    url: https://quick-help.vscode.inmylab.de
+    on_stop: vscode-cleanup
+    auto_stop_in: 1h
+  script: echo DEPLOY
+
+vscode-cleanup:
+  needs:
+  - vscode
+  environment:
+    name: quick-help
+    url: https://quick-help.vscode.inmylab.de
+    action: stop
+  when: manual
+  script: echo DESTROY
+```
+
+<!-- .element: style="font-size: x-large;" -->

160_gitlab_ci/110_triggers/slides.md

@@ -12,7 +12,7 @@ Ability to split automation across multiple pipeline
 
 ### Trigger tokens
 
-Trigger pipelines using trigger tokens [](https://docs.gitlab.com/ee/ci/triggers/)
+Trigger pipelines through the API [](https://docs.gitlab.com/ee/ci/triggers/)
 
 Fire and forget
 
@@ -45,7 +45,7 @@ Load stages and jobs from a file using `include` [](https://docs.gitlab.com/ee/c
 See new `.gitlab-ci.yml`:
 
 ```bash
-git checkout 160_gitlab_ci/110_triggers/curl -- '*'
+git checkout origin/160_gitlab_ci/110_triggers/curl -- '*'
 ```
 
 ---
@@ -104,7 +104,7 @@ Included file can also be generated before job start [](https://docs.gitlab.com/
 
 ---
 
-## Pro tip: Variable inheritence
+## Pro tip 1: Variable inheritence
 
 Downstream pipelines inherit some variables [](https://docs.gitlab.com/ee/ci/pipelines/downstream_pipelines.html#pass-cicd-variables-to-a-downstream-pipeline)
 
@@ -127,3 +127,101 @@ job_name:
 ```
 
 Do not redefined masked variables - **they will not be masked**
+
+---
+
+## Pro tip 2: Wait for downstream pipeline
+
+Upstream pipeline only waits for successful trigger
+
+Wait for successul downstream pipeline using `strategy` [](https://docs.gitlab.com/ee/ci/yaml/#triggerstrategy)
+
+```yaml
+job_name:
+  trigger:
+    include: child.ymal
+    strategy: depend
+```
+
+---
+
+## Dynamic includes
+
+Include can be generated on-demand:
+
+```yaml
+generate:
+  script:
+  - |
+    cat <<EOF >child.yaml
+    test:
+      script:
+      - printenv
+    EOF
+  artifacts:
+    paths:
+    - child.yaml
+
+use:
+  trigger:
+    include:
+    - artifact: child.yaml
+      job: generate
+```
+
+---
+
+## Pro tip: Artifacts from parent pipeline
+
+Generate artifact and trigger child pipeline:
+
+```yaml
+build_artifacts:
+  stage: build
+  script: echo "This is a test artifact!" >> artifact.txt
+  artifacts:
+    paths:
+    - artifact.txt
+
+deploy:
+  stage: deploy
+  trigger:
+    include:
+    - local: path/to/child-pipeline.yml
+  variables:
+    PARENT_PIPELINE_ID: $CI_PIPELINE_ID
+```
+
+<!-- .element: style="font-size: medium;" -->
+
+Fetch artifact from parent pipeline
+
+```yaml
+test:
+  stage: test
+  script: cat artifact.txt
+  needs:
+  - pipeline: $PARENT_PIPELINE_ID
+    job: build_artifacts
+```
+<!-- .element: style="font-size: medium;" -->
+
+---
+
+## Pro tip: Do not pass global variables
+
+Only allow job variables to be passed to downstream pipelines:
+
+```yaml
+variables:
+  GLOBAL_VAR: value
+
+trigger-job:
+  inherit:
+    variables: false
+  variables:
+    JOB_VAR: value
+  trigger:
+    include:
+    - local: path/to/child-pipeline.yml
+```