feat: Allow overriding docker hub hostname

6705c421 · Andy Knight · Andrew Newdigate · ec62ca56 · 6705c421 · 6705c421
Commit 6705c421 authored 9 months ago by Andy Knight Committed by Andrew Newdigate 9 months ago
--- a/README.md
+++ b/README.md
@@ -12,6 +12,18 @@ Looking to setup your workstation? Follow the documentation at: [`docs/developer
  
 It is possible to use these templates without a `ref` tag when including them in your project, but this is not recommended as it may break your build process and make it non-repeatable. For example, if you revert a change, the templates will still reference the latest template which may no longer be compatible. For this reason, it's recommended you always use refs for your templates.
  
+## Dockerhub image override
+
+All templates that use an upstream image from [dockerhub](https://hub.docker.com/) (e.g anything without a hostname as part of the image path) by default are prefixed with `docker.io`. This can be changed (for example to use GitLab's [dependency proxy](https://docs.gitlab.com/ee/user/packages/dependency_proxy/) or [GCR pull through cache](https://cloud.google.com/artifact-registry/docs/pull-cached-dockerhub-images)) when you include the templates by providing an [input](https://docs.gitlab.com/ee/ci/yaml/inputs.html) value for `docker_hub_host` like so (this example uses dependency proxy):
+
+```yaml
+  - project: "gitlab-com/gl-infra/common-ci-tasks"
+    ref: v2.8.0
+    file: templates/standard.yml
+    inputs:
+      docker_hub_host: ${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}
+```
+
 ## Templates
  
 It is preferable to use templates over individual CI jobs as it reduces clutter, increases standardization and improves consistency across projects. Additionally, new functionality can be added to projects with only an upgrade to the `ref`.

--- a/editorconfig-check.yml
+++ b/editorconfig-check.yml
@@ -4,11 +4,13 @@ spec:
  inputs:
    stage:
      default: validate
+    docker_hub_host:
+      default: docker.io
 ---
 editorconfig_check:
  stage: $[[ inputs.stage ]]
  image:
-    name: mstruebing/editorconfig-checker
+    name: $[[ inputs.docker_hub_host ]]/mstruebing/editorconfig-checker
    entrypoint: []
  needs: []
  script:

--- a/gitleaks.yml
+++ b/gitleaks.yml
@@ -2,13 +2,15 @@ spec:
  inputs:
    stage:
      default: validate
+    docker_hub_host:
+      default: docker.io
 ---
  
 gitleaks:
  stage: $[[ inputs.stage ]]
  needs: []
  image:
-    name: docker.io/zricethezav/gitleaks:v${GL_COMMON_CI_TASKS_DEFAULT_GITLEAKS_VERSION}
+    name: $[[ inputs.docker_hub_host ]]/zricethezav/gitleaks:v${GL_COMMON_CI_TASKS_DEFAULT_GITLEAKS_VERSION}
    entrypoint: [""]
  
  # Being impacted by https://gitlab.com/gitlab-org/gitlab/-/issues/350100

--- a/gitlint.yml
+++ b/gitlint.yml
@@ -2,12 +2,14 @@ spec:
  inputs:
    stage:
      default: validate
+    docker_hub_host:
+      default: docker.io
 ---
  
 gitlint:
  stage: $[[ inputs.stage ]]
  image:
-    name: jorisroovers/gitlint:0.19.1
+    name: $[[ inputs.docker_hub_host ]]/jorisroovers/gitlint:0.19.1
    entrypoint: [""]
  needs: []
  script:

--- a/go-mod-tidy.yml
+++ b/go-mod-tidy.yml
@@ -2,10 +2,12 @@ spec:
  inputs:
    stage:
      default: validate
+    docker_hub_host:
+      default: docker.io
 ---
  
 go_mod_tidy:
-  image: golang:${GL_ASDF_GOLANG_VERSION}
+  image: $[[ inputs.docker_hub_host ]]/golang:${GL_ASDF_GOLANG_VERSION}
  stage: $[[ inputs.stage ]]
  needs: []
  script:

--- a/go-unittests.yml
+++ b/go-unittests.yml
@@ -2,10 +2,12 @@ spec:
  inputs:
    stage:
      default: validate
+    docker_hub_host:
+      default: docker.io
 ---
  
 go_unittests:
-  image: golang:${GL_ASDF_GOLANG_VERSION}
+  image: $[[ inputs.docker_hub_host ]]/golang:${GL_ASDF_GOLANG_VERSION}
  stage: $[[ inputs.stage ]]
  needs: []
  script:

--- a/golangci-lint.yml
+++ b/golangci-lint.yml
@@ -7,12 +7,14 @@ spec:
  inputs:
    stage:
      default: validate
+    docker_hub_host:
+      default: docker.io
 ---
  
 golangci_lint:
  stage: $[[ inputs.stage ]]
  image:
-    name: golangci/golangci-lint:v${GL_ASDF_GOLANGCI_LINT_VERSION}-alpine
+    name: $[[ inputs.docker_hub_host ]]/golangci/golangci-lint:v${GL_ASDF_GOLANGCI_LINT_VERSION}-alpine
    entrypoint: ["/bin/sh", "-c"]
  needs: []
  # git must be installed for golangci-lint's --new-from-rev flag to work.

--- a/goreleaser.yml
+++ b/goreleaser.yml
@@ -4,6 +4,8 @@ spec:
      default: validate
    release_stage:
      default: release
+    docker_hub_host:
+      default: docker.io
 ---
  
 .goreleaser_common: &goreleaser_common
@@ -33,7 +35,7 @@ spec:
 goreleaser_validate:
  <<: *goreleaser_validate_base
  image:
-    name: goreleaser/goreleaser:v${GL_ASDF_GORELEASER_VERSION}
+    name: $[[ inputs.docker_hub_host ]]/goreleaser/goreleaser:v${GL_ASDF_GORELEASER_VERSION}
    entrypoint: [""]
  rules:
    - if: '($CI_PIPELINE_SOURCE == "merge_request_event" || ($CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE != "schedule")) && $FIPS_MODE != "1"'
@@ -43,7 +45,7 @@ goreleaser_validate:
 goreleaser_validate-fips:
  <<: *goreleaser_validate_base
  image:
-    name: goreleaser/goreleaser-cross:v${GL_ASDF_GOLANG_VERSION}-v${GL_ASDF_GORELEASER_VERSION}
+    name: $[[ inputs.docker_hub_host ]]/goreleaser/goreleaser-cross:v${GL_ASDF_GOLANG_VERSION}-v${GL_ASDF_GORELEASER_VERSION}
    entrypoint: [""]
  rules:
    - if: '($CI_PIPELINE_SOURCE == "merge_request_event" || ($CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE != "schedule")) && $FIPS_MODE == "1"'
@@ -63,7 +65,7 @@ goreleaser_validate-fips:
 goreleaser_build:
  <<: *goreleaser_build_base
  image:
-    name: golang:${GL_ASDF_GOLANG_VERSION}
+    name: $[[ inputs.docker_hub_host ]]/golang:${GL_ASDF_GOLANG_VERSION}
    entrypoint: [""]
  rules:
    - if: $CI_PIPELINE_SOURCE == "schedule"
@@ -75,9 +77,9 @@ goreleaser_build:
 .goreleaser_base: &goreleaser_base
  <<: *goreleaser_common
  stage: $[[ inputs.release_stage ]]
-  image: docker:stable
+  image: $[[ inputs.docker_hub_host ]]/docker:stable
  services:
-    - docker:${DOCKER_VERSION}-dind
+    - $[[ inputs.docker_hub_host ]]/docker:${DOCKER_VERSION}-dind
  variables:
    DOCKER_VERSION: "24.0.6" # Pinning due to https://github.com/docker-library/docker/issues/467
    DOCKER_REGISTRY: $CI_REGISTRY
@@ -104,7 +106,7 @@ goreleaser:
      -e GOLANG_VERSION=${GL_ASDF_GOLANG_VERSION} \
      -e GOTOOLCHAIN=go${GL_ASDF_GOLANG_VERSION} \
      ${GORELEASER_DOCKER_EXTRA_ARGS:-} \
-      goreleaser/goreleaser:v${GL_ASDF_GORELEASER_VERSION} \
+      $[[ inputs.docker_hub_host ]]/goreleaser/goreleaser:v${GL_ASDF_GORELEASER_VERSION} \
      release \
      --rm-dist \
      ${GORELEASER_EXTRA_ARGS:-}
@@ -146,7 +148,7 @@ goreleaser-fips:
      -e GOLANG_VERSION=${GL_ASDF_GOLANG_VERSION} \
      -e GOTOOLCHAIN=go${GL_ASDF_GOLANG_VERSION} \
      ${GORELEASER_DOCKER_EXTRA_ARGS:-} \
-      goreleaser/goreleaser-cross:v${GL_ASDF_GOLANG_VERSION}-v${GL_ASDF_GORELEASER_VERSION} \
+      $[[ inputs.docker_hub_host ]]/goreleaser/goreleaser-cross:v${GL_ASDF_GOLANG_VERSION}-v${GL_ASDF_GORELEASER_VERSION} \
      release \
      --rm-dist \
      ${GORELEASER_EXTRA_ARGS:-}
--- a/semantic-release.yml
+++ b/semantic-release.yml
@@ -6,10 +6,12 @@ spec:
  inputs:
    stage:
      default: release
+    docker_hub_host:
+      default: docker.io
 ---
 semantic_release:
  stage: $[[ inputs.stage ]]
-  image: node:18
+  image: $[[ inputs.docker_hub_host ]]/node:18
  variables:
    GITLAB_URL: $CI_SERVER_URL
  before_script:

--- a/templates/golang.yml
+++ b/templates/golang.yml
@@ -4,22 +4,28 @@ spec:
      default: validate
    release_stage:
      default: release
+    docker_hub_host:
+      default: docker.io
 ---
 include:
  # Keep the following items in alphabetical order
  - local: go-mod-tidy.yml
    inputs:
      stage: $[[ inputs.validate_stage ]]
+      docker_hub_host: $[[ inputs.docker_hub_host ]]
  
  - local: go-unittests.yml
    inputs:
      stage: $[[ inputs.validate_stage ]]
+      docker_hub_host: $[[ inputs.docker_hub_host ]]
  
  - local: golangci-lint.yml
    inputs:
      stage: $[[ inputs.validate_stage ]]
+      docker_hub_host: $[[ inputs.docker_hub_host ]]
  
  - local: goreleaser.yml
    inputs:
      validate_stage: $[[ inputs.validate_stage ]]
      release_stage: $[[ inputs.release_stage ]]
+      docker_hub_host: $[[ inputs.docker_hub_host ]]
--- a/templates/standard.yml
+++ b/templates/standard.yml
@@ -6,6 +6,8 @@ spec:
      default: release
    renovate_bot_stage:
      default: renovate_bot
+    docker_hub_host:
+      default: docker.io
 ---
 include:
  - local: .gitlab-ci-default-asdf-versions.yml
@@ -19,6 +21,7 @@ include:
  - local: editorconfig-check.yml
    inputs:
      stage: $[[ inputs.validate_stage ]]
+      docker_hub_host: $[[ inputs.docker_hub_host ]]
  
  - local: gitlab-scanners.yml
    inputs:
@@ -27,10 +30,12 @@ include:
  - local: gitleaks.yml
    inputs:
      stage: $[[ inputs.validate_stage ]]
+      docker_hub_host: $[[ inputs.docker_hub_host ]]
  
  - local: gitlint.yml
    inputs:
      stage: $[[ inputs.validate_stage ]]
+      docker_hub_host: $[[ inputs.docker_hub_host ]]
  
  - local: mirroring.yml
    inputs:
@@ -44,6 +49,7 @@ include:
  - local: semantic-release.yml
    inputs:
      stage: $[[ inputs.release_stage ]]
+      docker_hub_host: $[[ inputs.docker_hub_host ]]
  
  - local: shellcheck.yml
    inputs:

--- a/templates/terraform.yml
+++ b/templates/terraform.yml
@@ -2,6 +2,8 @@ spec:
  inputs:
    validate_stage:
      default: validate
+    docker_hub_host:
+      default: docker.io
 ---
 include:
  - local: .gitlab-ci-default-asdf-versions.yml
@@ -17,10 +19,12 @@ include:
  - local: terraform-format.yml
    inputs:
      stage: $[[ inputs.validate_stage ]]
+      docker_hub_host: $[[ inputs.docker_hub_host ]]
  
  - local: terraform-validate.yml
    inputs:
      stage: $[[ inputs.validate_stage ]]
+      docker_hub_host: $[[ inputs.docker_hub_host ]]
  
  - local: tflint.yml
    inputs:

--- a/terraform-format.yml
+++ b/terraform-format.yml
@@ -2,13 +2,15 @@ spec:
  inputs:
    stage:
      default: validate
+    docker_hub_host:
+      default: docker.io
 ---
  
 terraform_format:
  stage: $[[ inputs.stage ]]
  needs: []
  image:
-    name: hashicorp/terraform:${GL_ASDF_TERRAFORM_VERSION}
+    name: $[[ inputs.docker_hub_host ]]/hashicorp/terraform:${GL_ASDF_TERRAFORM_VERSION}
    entrypoint: [""]
  script:
    - terraform fmt -recursive -diff -check .

--- a/terraform-validate.yml
+++ b/terraform-validate.yml
@@ -2,13 +2,15 @@ spec:
  inputs:
    stage:
      default: validate
+    docker_hub_host:
+      default: docker.io
 ---
  
 terraform_validate:
  stage: $[[ inputs.stage ]]
  needs: []
  image:
-    name: hashicorp/terraform:${GL_ASDF_TERRAFORM_VERSION}
+    name: $[[ inputs.docker_hub_host ]]/hashicorp/terraform:${GL_ASDF_TERRAFORM_VERSION}
    entrypoint: [""]
  script:
    - |