Uploaded image for project: 'Indy Node'
  1. Indy Node
  2. INDY-2168

GitLab CI Research

    Details

    • Type: Task
    • Status: Complete
    • Priority: Medium
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Sprint:
      Ev-Node 19.16
    • Documentation Impact:
      Unset

      Description

      Acceptance Criteria

      • Learn about GitLab CI
      • Evaluate efforts to move Indy SDK from Jenkins to GitLab
      • Estimate effort of moving Indy Node from Jenkins to GitLab CI

      Current version of GitLab CI/CD: 12.1

      The things to check (requirements for the CI server, filling is in progress):
      CI

      Requirement Supported Notes
      build PRs (from forks / branches) on a merged result no see comment
      pass build statuses back to GitHub no  see comment
      do not use pipeline changes in PRs from untrusted authors (non-maintainers) no  see link where they mention that it's not possible (in 12.1)
      ability to run jobs in parallel and sequentially yes link
      (SDK) Ability to share artifacts between jobs yes link1, link2 
      support dockers yes link 
      (SDK) support linked jobs running on multiple runners in scope of one pipeline (services) seems no  as far as i understand services are run on the same runner only, but the kubernetes executor should be checked as an option
      (nice to have) support (parse and display in UI) junit-xml style test reports yes  link1, link2 

      CD

      Requirement   Supported Notes
      Keep secrets safe      
        run CD pipelines only on trusted runners seems no supported only for GitLab repositories protected branches, no support for GitHub 
        do not run any non-CD pipelines where CD ones are run OR provide strong env isolation no  even for GitLab repositories there is no way to protect pipeline against changes from untrusted PRs (mentioned above)
        ability to mask secret values in logs yes  link 
      support the following secret types:      
        secret text (token) yes link 
        username / password pars yes as two variables
        secret files yes  link 
        ssh keys yes as one secret file link 
        (nice to have) ssh keys with passphrases no  only variables and files are supported  

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              esplinr Richard Esplin
              Watchers:
              Alexander Shcherbakov, Andrey Kononykhin, Richard Esplin, Steven Gubler
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: