GitLab - GradedJestRisk/cicd-training GitHub Wiki

Gitlab

API

Get file

Get blob_id https://docs.gitlab.com/ee/api/repository_files.html

curl --silent --header "PRIVATE-TOKEN: <PAT>" "https://gitlab.com/api/v4/projects/<PROJECT-ID>/repository/files/README.md?ref=<BRANCH>" | jq -r .blob_id

Get content https://docs.gitlab.com/ee/api/repositories.html#get-a-blob-from-repository

curl --header "PRIVATE-TOKEN: <PAT>" "https://gitlab.com/api/v4/projects/<PROJECT-ID>/repository/blobs/<BLOB_ID>/raw"

CI

Variables

https://docs.gitlab.com/ee/ci/variables/predefined_variables.html

CI_DEFAULT_BRANCH # The name of the project’s default branch.

File

Create .gitlab-ci.yml in your repository root

[https://docs.gitlab.com/ee/ci/caching/#how-archiving-and-extracting-works Cache introduction]

Template

In same file

.$TEMPLATE_NAME:
  image: $IMAGE_NAME

$JOB :
  extends:
    - .$TEMPLATE_NAME
  script:
    - echo "Hello, world !"

From another Gitlab project

include:
  - project: $PROJECT
    ref: $SHA
    file: '$FILE.yml'

Service

service = anything that can be exposed through network.

Services are started and health-check by Gitlab in the before script.

Access a service

Services inherit the same DNS servers, search domains, and additional hosts as the CI container itself.

To do so, they use a linking system on docker, which is a legacy version (--link flag) which should be replaced by se user-defined networks doc here

You can access services using a hostname, generated from its image name.

For unslashed images, the host name is the image name: redis:6-alpine will be available on redis https://docs.gitlab.com/ee/ci/services/#accessing-the-services

database

redis

Restart job if it fails

There is no retry by default. Use retry and specify 1 or 2.

https://docs.gitlab.com/ee/ci/yaml/#retry

Slack notification

Use application "Slack" and notify on a Slack webhook

Docker in docker

Sample application

https://forum.gitlab.com/t/dind-problem/70683

*** WARNING: Service runner–project-0-concurrent-0-docker-0 probably didn’t start properly.
ip: can’t find device ‘ip_tables’
ip_tables 32768 0
x_tables 53248 5 xt_conntrack,xt_MASQUERADE,xt_addrtype,nft_compat,ip_tables
modprobe: can’t change directory to ‘/lib/modules’: No such file or directory
mount: permission denied (are you root?)
Could not mount /sys/kernel/security.
AppArmor detection and --privileged mode might break.
mount: permission denied (are you root?)

Workflow

Monorepo

  • [https://aarongorka.com/blog/gitlab-monorepo-pipelines/ using DAG]
  • [https://darekkay.com/blog/gitlab-ci-monorepo-config/ single-step]

CLI

Install

sudo snap install glab
glab auth login

Clone

Clone a repository

glab repo clone

Clone all repositories of a group

glab repo clone --group <group> --paginate --preserve-namespace --archived=false

Merge request

glab mr list

UI

Search

Search all json files containing max_connections

max_connections file:\.json$

Diff between tags

https://gitlab.com/erpc-group/transverse/ptm/apps/ptm-visualisation/-/compare/RC-551...RC-559

List my merge request

https://gitlab.com/gitlab-org/cli/-/tree/main/docs/source/mr

Display reports

Dependency-check

https://github.com/jeremylong/DependencyCheck/pull/5920 https://gitlab.com/gitlab-ci-utils/docker-dependency-check#gitlab-ci-usage

owasp_dependency_check:
  image:
    name: registry.gitlab.com/gitlab-ci-utils/docker-dependency-check:latest
  artifacts:
    when: always
    paths:
      - "./dependency-check-report.html"
      - "./dependency-check-report.json"

Junit

https://docs.gitlab.com/ee/ci/testing/unit_test_report_examples.html#gradle

java:
  stage: test
  script:
    - gradle test
  artifacts:
    when: always
    reports:
      junit: build/test-results/test/**/TEST-*.xml

Scripts

From SO https://stackoverflow.com/questions/29099456/how-to-clone-all-projects-of-a-group-at-once-in-gitlab

Get group id

Clone all repositories in group

From SO https://stackoverflow.com/questions/29099456/how-to-clone-all-projects-of-a-group-at-once-in-gitlab

adroste/gitlab-clone-group

https://github.com/adroste/gitlab-clone-group

Clone on the current directory:

  • including subgroups
  • preserving structure
cd /tmp
mkdir test
curl https://raw.githubusercontent.com/adroste/gitlab-clone-group/main/gitlab-clone-group.py --output gitlab-clone-group.py
chmod +x gitlab-clone-group.py
export GITLAB_PAT=<TOKEN>
export GITLAB_GROUP_ID=<GROUP_ID>
./gitlab-clone-group.py --token $GITLAB_PAT $GITLAB_GROUP_ID .

https://docs.gitlab.com/ee/api/groups.html

List repositories that will be cloned

curl --silent --header "PRIVATE-TOKEN: glpat-yy6PcUq65EkJMEPHiT-y" https://gitlab.com/api/v4/groups/7618168/projects\?include_subgroups\=true\&archived\=false\&per_page\=1000\&page=3  \
 jq -r ".[].ssh_url_to_repo"

With subgroups (does not work)

curl --silent --header "PRIVATE-TOKEN: $GITLAB_PAT" https://gitlab.com/api/v4/groups/$GROUP_ID\?include_subgroups\=true \
 | jq -r ".projects[].ssh_url_to_repo"

Actually clone

for repo in $(curl -s --header "PRIVATE-TOKEN: $GITLAB_PAT" https://gitlab.com/api/v4/groups/$GROUP_ID | jq -r ".projects[].ssh_url_to_repo";  do git clone $repo; 
done;

Gitlabber

To clone whole group trees

No longer maintained (2021) https://github.com/ezbz/gitlabber

Clone repo (dry-run)

gitlabber --token <TOKEN> --method ssh --archived exclude --url https://gitlab.com/<GROUP-ID> --print
⚠️ **GitHub.com Fallback** ⚠️