fix: broken Docker tags builds

Also, stops renovate running when Semantic Releaser pushes directly to main branch, as this has the affect of making it appear that the main branch is broken, when it's not.

fix: broken Docker tags builds
fccc5d03 · Andrew Newdigate · 58286858 · fccc5d03 · fccc5d03
Unverified Commit fccc5d03 authored 4 months ago by Andrew Newdigate
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -48,7 +48,7 @@ container_image_builds:
    - .docker_buildx_base
    - .container_builds
  rules:
-    - if: '$CI_PIPELINE_SOURCE == "scheduled"'
+    - if: '$CI_PIPELINE_SOURCE == "scheduled" || $CI_COMMIT_TAG != null'
      when: "never"
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
@@ -78,3 +78,20 @@ container_image_tagged:
    - .container_builds
  rules:
    - if: "$CI_COMMIT_TAG"
+
+# Override the renovate_bot script to avoid what appears to be broken
+# master builds when renovate attempts to run before the new image
+# is build
+renovate_bot:
+  rules:
+    # Renovate only ever runs on gitlab.com
+    - if: '$CI_SERVER_HOST != "gitlab.com"'
+      when: never
+    - if: $RENOVATE_DISABLED == 'true' || $RENOVATE_DISABLED == '1'
+      when: never
+    # Avoid running Renovate when Semantic Release pushes the release commit directly to main branch
+    - if: "$CI_COMMIT_AUTHOR =~ /semantic-release-bot/ && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH"
+      when: never
+    - if: "($RENOVATE_SCHEDULED || $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH) && ($RENOVATE_IMMEDIATE == '' || $RENOVATE_IMMEDIATE == null) "
+      exists:
+        - renovate.json
--- a/docker.yml
+++ b/docker.yml
@@ -35,10 +35,6 @@ include:
    # # Created with
    # CHAINGUARD_VIEWER_IDENTITY_ROLE: 4ff99450b6a0f33512acfbc4b797202f487bc975/59a0c8bfeacaf514
  
-    # In general these defaults should be good but they can be overridden to improve docker file cacheability if needed
-    GL_DOCKER_CACHE_KEY: ${CI_JOB_NAME}-${DOCKER_BUILD_FILE}-${DOCKER_BUILD_CONTEXT}-$CI_COMMIT_REF_SLUG
-    GL_DOCKER_CACHE_FALLBACK_KEY: ${CI_JOB_NAME}-${DOCKER_BUILD_FILE}-${DOCKER_BUILD_CONTEXT}-$CI_DEFAULT_BRANCH
-
    CACHE_REGISTRY: "$CI_REGISTRY_IMAGE/cache"
    BRANCH_REGISTRY_CACHE_KEY_PARTIAL: "${CI_JOB_NAME}-${DOCKER_BUILD_FILE}-${DOCKER_BUILD_CONTEXT}"
    BRANCH_REGISTRY_CACHE_KEY: "cache-${BRANCH_REGISTRY_CACHE_KEY_PARTIAL}-${CI_COMMIT_REF_SLUG}"
@@ -105,7 +101,7 @@ include:
      if [[ -n ${CI_COMMIT_TAG:-} ]]; then
        # Tags: read from main cache only
        docker_cache_args="
-          --cache-from 'type=registry,ref=${CACHE_REGISTRY}:${DEFAULT_BRANCH_REGISTRY_CACHE_KEY_SLUGIFIED}'
+          --cache-from type=registry,ref=${CACHE_REGISTRY}:${DEFAULT_BRANCH_REGISTRY_CACHE_KEY_SLUGIFIED}
        "
      elif [[ $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH ]]; then
        # main: read-write main cache only
@@ -160,10 +156,3 @@ include:
    Need help? Documentation on the docker_buildx_base CI job can be found at:
    https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/docker.md
    EOD
-  cache:
-    key: ${GL_DOCKER_CACHE_KEY}
-    fallback_keys:
-      - ${GL_DOCKER_CACHE_FALLBACK_KEY}
-    when: 'always'
-    paths:
-      - cache/