fix(variants): use service containers "latest" image tag (vault, GCP & AWS) (0f57cdd7) · Commits · to be continuous... / Docker

README.md

+3 −3

Original line number	Diff line number	Diff line
		@@ -571,7 +571,7 @@ In order to be able to communicate with the Vault server, the variant requires t

		\| Input / Variable \| Description \| Default value \|
		\| ----------------- \| -------------------------------------- \| ----------------- \|
		\| `TBC_VAULT_IMAGE` \| The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) \| `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master` \|
		\| `TBC_VAULT_IMAGE` \| The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) \| `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest` \|
		\| `vault-base-url` / `VAULT_BASE_URL` \| The Vault server base API url \| _none_ \|
		\| `vault-oidc-aud` / `VAULT_OIDC_AUD` \| The `aud` claim for the JWT \| `$CI_SERVER_URL` \|
		\| :lock: `VAULT_ROLE_ID` \| The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID \| must be defined \|
		@@ -630,7 +630,7 @@ List of requirements before using this variant for publishing your container ima

		\| Input / Variable \| Description \| Default value \|
		\| ------------------------ \| -------------------------------------- \| ----------------- \|
		\| `TBC_GCP_PROVIDER_IMAGE` \| The [GCP Auth Provider](https://gitlab.com/to-be-continuous/tools/gcp-auth-provider) image to use (can be overridden) \| `registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:main` \|
		\| `TBC_GCP_PROVIDER_IMAGE` \| The [GCP Auth Provider](https://gitlab.com/to-be-continuous/tools/gcp-auth-provider) image to use (can be overridden) \| `registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:latest` \|
		\| `gcp-oidc-aud` / `GCP_OIDC_AUD` \| The `aud` claim for the JWT token \| `$CI_SERVER_URL` \|
		\| `gcp-oidc-provider` / `GCP_OIDC_PROVIDER` \| Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) \| _none_ \|
		\| `gcp-oidc-account` / `GCP_OIDC_ACCOUNT` \| Default Service Account to which impersonate with OpenID Connect authentication \| _none_ \|
		@@ -684,7 +684,7 @@ In order to use the AWS APIs, the variant supports two authentication methods:

		\| Input / Variable \| Description \| Default value \|
		\| ------------------------ \| -------------------------------------- \| ----------------- \|
		\| `TBC_AWS_PROVIDER_IMAGE` \| The [AWS Auth Provider](https://gitlab.com/to-be-continuous/tools/aws-auth-provider) image to use (can be overridden) \| `registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:master` \|
		\| `TBC_AWS_PROVIDER_IMAGE` \| The [AWS Auth Provider](https://gitlab.com/to-be-continuous/tools/aws-auth-provider) image to use (can be overridden) \| `registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:latest` \|
		\| `aws-region` / `AWS_REGION` \| Default region (where the ECR registry is located) \| _none_ \|
		\| `aws-snapshot-region` / `AWS_SNAPSHOT_REGION` \| Region of the ECR registry for the snapshot image _(only define to override default)_ \| _none_ \|
		\| `aws-release-region` / `AWS_RELEASE_REGION` \| Region of the ECR registry for the release image _(only define to override default)_ \| _none_ \|

kicker.json

+3 −3

Original line number	Diff line number	Diff line
		@@ -237,7 +237,7 @@
		{
		"name": "TBC_VAULT_IMAGE",
		"description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",
		"default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",
		"default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest",
		"advanced": true
		},
		{
		@@ -273,7 +273,7 @@
		{
		"name": "TBC_GCP_PROVIDER_IMAGE",
		"description": "The [GCP Auth Provider](https://gitlab.com/to-be-continuous/tools/gcp-auth-provider) image to use",
		"default": "registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:main",
		"default": "registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:latest",
		"advanced": true
		},
		{
		@@ -321,7 +321,7 @@
		{
		"name": "TBC_AWS_PROVIDER_IMAGE",
		"description": "The [AWS Auth Provider](https://gitlab.com/to-be-continuous/tools/aws-auth-provider) image to use",
		"default": "registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:master",
		"default": "registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:latest",
		"advanced": true
		},
		{

templates/gitlab-ci-docker-ecr.yml

+1 −1

Original line number	Diff line number	Diff line
		@@ -33,7 +33,7 @@ spec:
		default: ''
		---
		variables:
		TBC_AWS_PROVIDER_IMAGE: registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:master
		TBC_AWS_PROVIDER_IMAGE: registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:latest
		AWS_OIDC_AUD: $[[ inputs.aws-oidc-aud ]]
		AWS_REGION: $[[ inputs.aws-region ]]
		AWS_SNAPSHOT_REGION: $[[ inputs.aws-snapshot-region ]]

templates/gitlab-ci-docker-gcp.yml

+1 −1

Original line number	Diff line number	Diff line
		@@ -32,7 +32,7 @@ spec:
		default: ''
		---
		variables:
		TBC_GCP_PROVIDER_IMAGE: registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:main
		TBC_GCP_PROVIDER_IMAGE: registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:latest
		GCP_OIDC_AUD: $[[ inputs.gcp-oidc-aud ]]
		GCP_OIDC_ACCOUNT: $[[ inputs.gcp-oidc-account ]]
		GCP_OIDC_PROVIDER: $[[ inputs.gcp-oidc-provider ]]

templates/gitlab-ci-docker-vault.yml

+1 −1

Original line number	Diff line number	Diff line
		@@ -12,7 +12,7 @@ spec:
		---
		variables:
		# variabilized vault-secrets-provider image
		TBC_VAULT_IMAGE: registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master
		TBC_VAULT_IMAGE: registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest
		VAULT_BASE_URL: $[[ inputs.vault-base-url ]]
		# variables have to be explicitly declared in the YAML to be exported to the service
		VAULT_ROLE_ID: "$VAULT_ROLE_ID"

Original line number	Diff line number	Diff line
		@@ -571,7 +571,7 @@ In order to be able to communicate with the Vault server, the variant requires t

		\| Input / Variable \| Description \| Default value \|
		\| ----------------- \| -------------------------------------- \| ----------------- \|
		\| `TBC_VAULT_IMAGE` \| The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) \| `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master` \|
		\| `TBC_VAULT_IMAGE` \| The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) \| `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest` \|
		\| `vault-base-url` / `VAULT_BASE_URL` \| The Vault server base API url \| _none_ \|
		\| `vault-oidc-aud` / `VAULT_OIDC_AUD` \| The `aud` claim for the JWT \| `$CI_SERVER_URL` \|
		\| :lock: `VAULT_ROLE_ID` \| The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID \| must be defined \|
		@@ -630,7 +630,7 @@ List of requirements before using this variant for publishing your container ima

		\| Input / Variable \| Description \| Default value \|
		\| ------------------------ \| -------------------------------------- \| ----------------- \|
		\| `TBC_GCP_PROVIDER_IMAGE` \| The [GCP Auth Provider](https://gitlab.com/to-be-continuous/tools/gcp-auth-provider) image to use (can be overridden) \| `registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:main` \|
		\| `TBC_GCP_PROVIDER_IMAGE` \| The [GCP Auth Provider](https://gitlab.com/to-be-continuous/tools/gcp-auth-provider) image to use (can be overridden) \| `registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:latest` \|
		\| `gcp-oidc-aud` / `GCP_OIDC_AUD` \| The `aud` claim for the JWT token \| `$CI_SERVER_URL` \|
		\| `gcp-oidc-provider` / `GCP_OIDC_PROVIDER` \| Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) \| _none_ \|
		\| `gcp-oidc-account` / `GCP_OIDC_ACCOUNT` \| Default Service Account to which impersonate with OpenID Connect authentication \| _none_ \|
		@@ -684,7 +684,7 @@ In order to use the AWS APIs, the variant supports two authentication methods:

		\| Input / Variable \| Description \| Default value \|
		\| ------------------------ \| -------------------------------------- \| ----------------- \|
		\| `TBC_AWS_PROVIDER_IMAGE` \| The [AWS Auth Provider](https://gitlab.com/to-be-continuous/tools/aws-auth-provider) image to use (can be overridden) \| `registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:master` \|
		\| `TBC_AWS_PROVIDER_IMAGE` \| The [AWS Auth Provider](https://gitlab.com/to-be-continuous/tools/aws-auth-provider) image to use (can be overridden) \| `registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:latest` \|
		\| `aws-region` / `AWS_REGION` \| Default region (where the ECR registry is located) \| _none_ \|
		\| `aws-snapshot-region` / `AWS_SNAPSHOT_REGION` \| Region of the ECR registry for the snapshot image _(only define to override default)_ \| _none_ \|
		\| `aws-release-region` / `AWS_RELEASE_REGION` \| Region of the ECR registry for the release image _(only define to override default)_ \| _none_ \|