v4 VS charts

#!/bin/bash # list-tags.sh # List all Gitlab tags for a given project. # $CI_PROJECT_ID is a Gitlab pre-defined variable # $GITLAB_TOKEN is a project access token that needs to be # a defined CI/CD variable. GITLAB_API_URL="https://gitlab.com/api/v4/projects/${CI_PROJECT_ID}" curl -k --header "PRIVATE-TOKEN: $GITLAB_TOKEN" "${GITLAB_API_URL}/repository/tags"

# ~/.npmrc @doppelmutzi:registry=https://gitlab.com/api/v4/projects//packages/npm/ //gitlab.com/api/v4/projects//packages/npm/:_authToken=

GITLAB_API_URL = "https://gitlab.com/api/v4" PRIVATE_TOKEN = "" NAMESPACE = "mycompany" PROJECT_NAME = "test-project"

import requests app = FastAPI() # GitLab API configuration GITLAB_API_URL = "https://gitlab.com/api/v4" PRIVATE_TOKEN = "" PROJECT_ID = "vinod827_1391/awesome" def grant_developer_access(username: str): # Get user details from GitLab user_url = f"{GITLAB_API_URL}/users?username={username}" response = requests.get(user_url, headers={"PRIVATE-TOKEN": PRIVATE_TOKEN}) user_data = response.json() if not user_data: raise HTTPException(status_code=404, detail=f"User {username} not found.") user_id = user_data[0]["id"] # Grant developer access to the project access_data = {"user_id": user_id, "access_level": 30} # 30 is the access level for developer access_url = f"{GITLAB_API_URL}/projects/{PROJECT_ID}/access_requests" response = requests.post(access_url, headers={"PRIVATE-TOKEN": PRIVATE_TOKEN}, json=access_data) print('response->', response) if response.status_code != 201: raise HTTPException(status_code=response.status_code, detail=response.text)

Invoke-RestMethod -Uri "https://gitlab.com/api/v4/projects/12345/repository/tags" -Headers $headers -Method POST -Body $jsonBody

Hello everyone i'm trying to install Librewolf on my M1 MBA running fedora39 with gnome on wayland, I downloaded librewolf's compressed archive from https://gitlab.com/api/v4/projects/44042130/packages/generic/librewolf/120.0.1-1/librewolf-120.0.1-1-linux-arm64-package.tar.bz2

repositories { maven { url "https://gitlab.com/api/v4/projects/PROJEC-ID/packages/maven" credentials(HttpHeaderCredentials) { name = "Private-Token" value = gitLabPrivateToken } authentication { header(HttpHeaderAuthentication) } } } }

Pagina da Gitlab: https://gitlab.com/api/v4/projects/44042130/packages/generic/librewolf/116.0-1/librewolf-116.0-1-windows-x86_64-setup.exe

.base: image: alpine:3.18 before_script: - echo "Project is $CI_PROJECT_NAME" script: - apk update - apk --no-cache add git openssl ca-certificates curl perl https://$GITLAB_USER_NAME:$SVC_ACCESS_TOKEN@$CI_SERVER_HOST/$CI_PROJECT_PATH.git - mkdir -p /usr/local/share/ca-certificates/extra - openssl s_client -connect ${CI_SERVER_HOST}:${CI_SERVER_PORT} -servername ${CI_SERVER_HOST} -showcerts /dev/null | sed -e '/-----BEGIN/,/-----END/!d' | tee "/usr/local/share/ca-certificates/${CI_SERVER_HOST}.crt" >/dev/null - update-ca-certificates - curl --location --output /usr/local/bin/release-cli "https://gitlab.com/api/v4/projects/gitlab-org%2Frelease-cli/packages/generic/release-cli/latest/release-cli-linux-amd64" - chmod +x /usr/local/bin/release-cli - release-cli -v Versioning: stage: Version extends: - .base script: - if [[ "$CI_COMMIT_BRANCH" == *"feature/"* ]]; then IMAGE_TAG="nightly" ; elif [ "$CI_COMMIT_BRANCH" == "develop" ]; then IMAGE_TAG="devel"; else echo "Master/Main branch"; fi - echo "Version found is ${IMAGE_TAG}" allow_failure: false rules: - if: '$CI_COMMIT_BRANCH =~ /^(develop|main|feature.*$)$/' artifacts: paths: - $IMAGE_TAG expire_in: 1 minute

image: name: hashicorp/terraform:1.5 entrypoint: - '/usr/bin/env' - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' stages: - Test and Lint - Build and Push - Staging Plan - Staging Apply - Staging Update App - Production Plan - Production Apply - Destroy before_script: - alias convert_report="jq -r '([.resource_changes[]?.change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'" - apk add openssh-client - eval $(ssh-agent -s) - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - - mkdir -p ~/.ssh - chmod 700 ~/.ssh - echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa - ls ~/.ssh Test and Lint: image: docker:19.03.5 .............. Validate Terraform: stage: Test and Lint script: - echo "Validate Terraform" - cd deploy/ - terraform init --backend=false - terraform validate rules: - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ /^(main|production)$/ || $CI_COMMIT_BRANCH =~ /^(main|production)$/' Build and Push: stage: Build and Push ............... Staging Plan: stage: Staging Plan script: - echo "Run Terraform Plan for Staging" - cd deploy/ - export TF_VAR_image_api=$CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA - export GITLAB_ACCESS_TOKEN=XXXXXXXXXXXXXXXXXXXXXXXXX - export STATE_NAME=Staging - terraform init -backend-config="address=https://gitlab.com/api/v4/projects/47021553/terraform/state/$STATE_NAME" -backend-config="lock_address=https://gitlab.com/api/v4/projects/47021553/terraform/state/$STATE_NAME/lock" -backend-config="unlock_address=https://gitlab.com/api/v4/projects/47021553/terraform/state/$STATE_NAME/lock" -backend-config="username=XXXXXXXXX" -backend-config="password=$GITLAB_ACCESS_TOKEN" -backend-config="lock_method=POST" -backend-config="unlock_method=DELETE" -backend-config="retry_wait_min=5" #- terraform workspace select staging || terraform workspace new staging - terraform plan rules: - if: '$CI_COMMIT_BRANCH =~ /^(main|production)$/' Staging Apply: stage: Staging Apply environment: name: Staging url: XXXXXXXXXXXXXXXXX on_stop: Staging Destroy script: - echo "Run Terraform Apply for Staging" - cd deploy/ - export TF_VAR_image_api=$CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA - export GITLAB_ACCESS_TOKEN=XXXXXXXXXXXXXXXXXXXXXXX - export STATE_NAME=Staging - terraform init -backend-config="address=https://gitlab.com/api/v4/projects/47021553/terraform/state/$STATE_NAME" -backend-config="lock_address=https://gitlab.com/api/v4/projects/47021553/terraform/state/$STATE_NAME/lock" -backend-config="unlock_address=https://gitlab.com/api/v4/projects/47021553/terraform/state/$STATE_NAME/lock" -backend-config="username=XXXXXXXXXXXXX" -backend-config="password=$GITLAB_ACCESS_TOKEN" -backend-config="lock_method=POST" -backend-config="unlock_method=DELETE" -backend-config="retry_wait_min=5" - terraform apply -auto-approve -input=false rules: - if: '$CI_COMMIT_BRANCH =~ /^(main|production)$/' Staging Update App: stage: Staging Update App ............... Production Plan: stage: Production Plan ............. Production Apply: stage: Production Apply .......... Staging Destroy: stage: Destroy ............... Production Destroy: stage: Destroy ...............

This may be quite clear in its simplicity, and particularly to those familiar with etcha/jsonnet. However, what invariably happens is that you start seeing things like vars embedded in templates, embedded in the config mgmt implementation language, embedded in strings. The source of the values becomes incredibly difficult to reason about and to make changes against; does the value come from the target host's env, from the runner's env, from the packaging step's env, from a network request made by one of these stages (eg to a secret server), etc.

Take a look at an example of what, IMO, is an absolutely horrid helm chart that Gitlab ships for installing their CI/CD runner: https://gitlab.com/gitlab-org/charts/gitlab-runner/-/blob/ma...

Bash code, in yaml, in golang template. Besides even the most advanced IDEs failing to grok such a freak of technical nature, there's no way I would believe any dev that told me they understand what the state of their system will be given some input to this morass.

In a recent position I was asked to try and make a nomad installation viable in a pretty standard corporate environment (not some special operational space e.g. cloudflare), and it was even worse; some configuration expansion was 5 layers deep, with 3 different templating engines, once consul templates were involved in generating an app's config, and the nomad config being env-generalized through generation by a higher-level helm-like tooling.

Re state bag:

I'm glad you mentioned nix, as I think it, and to a looser extent containers, really approach the issue in the only humanly-tenable fashion (again IMO): starting mutation from a known state. In a lot of cases that state is "nothing" as it's the simplest known state not only to position the beginning of some configuration flow at, but also the most straight-forward from which to deterministically derive a desired end state from.

I definitely applaud having tests as a core component of your system, the problem is that you can not derive determinism from nondeterminism even with the best tests.

Because you are operating over a nondeterministic bag of state, you can never guarantee that your tests provide a representation of a transfrom from any potential state to the desired end state, only for some particular input state (or set) which may or may not representative of what is found on the actual targets.

Here is the source for the GitLab Helm Chart. GitLab doesn't store the images for the GitLab Helm Chart on DockerHub; they store them in GitLab Registry. For example, the web service image by default is registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ee. This is listed here.

It kind of feels like Sid is lying through his teeth here, as a person who deploys and maintains a private Gitlab installation, along with a whole host of other core platform services for internal use. Gitlab is by far the most modular off-the-shelf product I've encountered outside of JFrog's Xray. Look at their official Helm chart: https://gitlab.com/gitlab-org/charts/gitlab. Gitlab itself consists of 14 sub-charts and it also bundles 4 third-party sub-charts for object storage, a web proxy and ingress controller, certificate management, and the internal container registry. Gitlab without the third parties I believe consists of 15 distinct containers.

I don't think it matches what most people think of when they hear "monolith." It is absolutely not a single process only communicating between components via function calls. Many of the Gitlab core services, such as Gitaly, are written in Go, as well, not Ruby, though they also have "gitaly-ruby" as a testing service that can be used by developers not comfortable with Go.

https://docs.gitlab.com/charts/ https://gitlab.com/gitlab-org/charts/gitlab

The GitLab Docker install instructions are for a monolithic image, but they do have separate images at https://gitlab.com/gitlab-org/build/CNG with Helm charts to configure them at https://gitlab.com/gitlab-org/charts/gitlab/-/tree/master/

[1] https://www.scaleway.com/en/docs/compute/kubernetes/api-cli/creating-managing-kubernetes-lifecycle-cliv2/ [2] https://gitlab.com/gitlab-org/charts/gitlab-runner/-/blob/main/values.yaml [3] https://about.gitlab.com/blog/2017/09/05/how-to-automatically-create-a-new-mr-on-gitlab-with-gitlab-ci/

For work we're on Gitlab Enterprise, but I run custom ci runners from the chart. They're registered to my org, so any project in my org can issue jobs.

Error logging in to endpoint, trying next endpoint" error="Get https://registry.192.168.49.2.nip.io/v2/: x509: certificate signed by unknown authority" Looking at the certificate: - Issuer: O = default, OU = gitlab, CN = GitLab Helm Chart - Subject: CN = 192.168.49.2.nip.io Steps to reproduce: (1) minikube start --addons=registry,dashboard,ingress \ --apiserver-names=apiserver.k8s,apiserver.kube-system.svc.cluster.local \ --apiserver-ips=192.168.49.2 (2) https://gitlab.com/gitlab-org/charts/gitlab.git (3) cd gitlab helm dep update helm upgrade --install gitlab . \ --timeout 600s \-f values-examples/values-minikube.yaml \ --set global.hosts.domain=$(minikube ip).nip.io \ --set global.hosts.externalIP=$(minikube ip) (4) push a random spring job into it https://github.com/paulczar/spring-helloworld

https://gitlab.com/gitlab-org/charts/gitlab-runner/blob/master/values.yaml#L432