-
Type:
Task
-
Status: Complete
-
Priority:
Medium
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
-
Sprint:Ev-Node 19.16
-
Documentation Impact:Unset
Acceptance Criteria
- Learn about GitLab CI
- Evaluate efforts to move Indy SDK from Jenkins to GitLab
- Estimate effort of moving Indy Node from Jenkins to GitLab CI
Current version of GitLab CI/CD: 12.1
The things to check (requirements for the CI server, filling is in progress):
CI
Requirement | Supported | Notes |
---|---|---|
build PRs (from forks / branches) on a merged result | no | see comment |
pass build statuses back to GitHub | no | see comment |
do not use pipeline changes in PRs from untrusted authors (non-maintainers) | no | see link where they mention that it's not possible (in 12.1) |
ability to run jobs in parallel and sequentially | yes | link |
(SDK) Ability to share artifacts between jobs | yes | link1, link2 |
support dockers | yes | link |
(SDK) support linked jobs running on multiple runners in scope of one pipeline (services) | seems no | as far as i understand services are run on the same runner only, but the kubernetes executor should be checked as an option |
(nice to have) support (parse and display in UI) junit-xml style test reports | yes | link1, link2 |
CD
Requirement | Supported | Notes | ||
---|---|---|---|---|
Keep secrets safe | ||||
run CD pipelines only on trusted runners | seems no | supported only for GitLab repositories protected branches, no support for GitHub | ||
do not run any non-CD pipelines where CD ones are run OR provide strong env isolation | no | even for GitLab repositories there is no way to protect pipeline against changes from untrusted PRs (mentioned above) | ||
ability to mask secret values in logs | yes | link | ||
support the following secret types: | ||||
secret text (token) | yes | link | ||
username / password pars | yes | as two variables | ||
secret files | yes | link | ||
ssh keys | yes | as one secret file link | ||
(nice to have) ssh keys with passphrases | no | only variables and files are supported |