From fdac01ca9020190f3e199ecf0183c1ecdcecc78d Mon Sep 17 00:00:00 2001 From: meskio Date: Wed, 26 Feb 2025 19:25:49 +0100 Subject: [PATCH] CI: use Dependency Proxy when available This sets up CI to allow the use of the GitLab Dependency Proxy which caches images pulled from DockerHub, in order to bypass rate-limiting. The DOCKER_REGISTRY_URL variable is set dynamically by the check_dependency_proxy_access job defined in dependency_proxy.yml such that only pipelines triggered by users with the requisite access will be configured to use the proxy, while all others will continue to pull from DockerHub as before. When DOCKER_REGISTRY_URL is pre-set in a project's CI/CD variable settings, the extra job is skipped and the dependency proxy is used always, unconditionally. To avoid breaking CI pipelines on 3rd-party GitLab instances, we only include the dependency proxy template on gitlab.tpo See: https://gitlab.torproject.org/tpo/tpa/team/-/issues/40335 --- .gitlab-ci.yml | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8c03390..a0fac79 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,3 +1,10 @@ +include: + - project: tpo/tpa/ci-templates + file: [ dependency_proxy.yml ] + inputs: { namespace: tpo/anti-censorship } + rules: + - if: $CI_PROJECT_URL =~ /gitlab.torproject.org/ + stages: - test - deploy @@ -9,6 +16,9 @@ variables: DEBIAN_OLD_STABLE: buster DEBIAN_STABLE: bullseye REPRODUCIBLE_FLAGS: -trimpath -ldflags=-buildid= + # Don't fail pulling images if dependency_proxy.yml is not included + DOCKER_REGISTRY_URL: "docker.io" + # set up apt for automated use .apt-template: &apt-template @@ -92,7 +102,7 @@ variables: # -- jobs ------------------------------------------------------------ android: - image: containers.torproject.org/tpo/anti-censorship/duplicatedcontainerimages:golang-1.23-$DEBIAN_STABLE + image: ${DOCKER_REGISTRY_URL}/golang:1.23-$DEBIAN_STABLE variables: ANDROID_HOME: /usr/lib/android-sdk LANG: C.UTF-8 @@ -143,28 +153,28 @@ android: - gomobile bind -v -target=android $REPRODUCIBLE_FLAGS . go-1.21: - image: containers.torproject.org/tpo/anti-censorship/duplicatedcontainerimages:golang-1.21-$DEBIAN_STABLE + image: ${DOCKER_REGISTRY_URL}/golang:1.21-$DEBIAN_STABLE <<: *golang-docker-debian-template <<: *test-template script: - *go-test go-1.23: - image: containers.torproject.org/tpo/anti-censorship/duplicatedcontainerimages:golang-1.23-$DEBIAN_STABLE + image: ${DOCKER_REGISTRY_URL}/golang:1.23-$DEBIAN_STABLE <<: *golang-docker-debian-template <<: *test-template script: - *go-test debian-testing: - image: debian:testing + image: containers.torproject.org/tpo/tpa/base-images/debian:testing <<: *debian-native-template <<: *test-template script: - *go-test shadow-integration: - image: containers.torproject.org/tpo/anti-censorship/duplicatedcontainerimages:golang-1.21-$DEBIAN_STABLE + image: ${DOCKER_REGISTRY_URL}/golang:1.21-$DEBIAN_STABLE variables: SHADOW_VERSION: "193924aae0dab30ffda0abe29467f552949849fa" TGEN_VERSION: "v1.1.2" @@ -253,7 +263,7 @@ shadow-integration: generate_tarball: stage: deploy - image: golang:1.21-$DEBIAN_STABLE + image: ${DOCKER_REGISTRY_URL}/golang:1.21-$DEBIAN_STABLE rules: - if: $CI_COMMIT_TAG script: @@ -323,7 +333,7 @@ merge-manifests: - job: build-container artifacts: false image: - name: containers.torproject.org/tpo/anti-censorship/duplicatedcontainerimages:mplatform-manifest-tool-alpine + name: ${DOCKER_REGISTRY_URL}/mplatform/manifest-tool:alpine entrypoint: [""] script: - if [ $CI_COMMIT_REF_NAME == "main" ]; then export TAG='nightly'; fi