Merge remote-tracking branch 'origin/master' into main-jh

.gitlab-ci.yml

@@ -5,19 +5,11 @@ include:
   - local: .gitlab/ci/rules.gitlab-ci.yml
   # common templates
   - local: .gitlab/ci/common.gitlab-ci.yml
-  # dependencies.io job
-  - local: .gitlab/ci/deps.gitlab-ci.yml
-    rules:
-      - if: '$DEPS_PIPELINE == "true"'
   # build container images
   - local: .gitlab/ci/images.gitlab-ci.yml
-    rules:
-      - if: '$DEPS_PIPELINE != "true"'
   - template: Security/Dependency-Scanning.gitlab-ci.yml
-    rules:
-      - if: '$DEPS_PIPELINE != "true"'
   - component: ${CI_SERVER_FQDN}/gitlab-org/components/danger-review/danger-review@1.4.1
-    inputs:      
+    inputs:
       job_stage: "prepare"
     rules:
       - if: '$CI_SERVER_HOST == "gitlab.com"'

.gitlab/ci/common.gitlab-ci.yml

@@ -48,11 +48,9 @@
             _k8s_driver_opt+=",requests.cpu=${BUILDX_CPU}"
             _k8s_driver_opt+=",requests.memory=${BUILDX_MEMORY}"
             _k8s_driver_opt+=",nodeselector=kubernetes.io/arch=${arch}"
+            _k8s_driver_opt+=",image=${BUILDKIT_IMAGE}"
             # prevent autoscale evictions of running builds
             #FIXME _k8s_driver_opt+=",annotation=cluster-autoscaler.kubernetes.io/safe-to-evict=false"
-            if force_zstd_build || is_zstd_build; then
-              _k8s_driver_opt+=",image=${BUILDKIT_IMAGE:-}"
-            fi
             docker buildx create ${create_flag} \
               --name=${BUILDX_NAMESPACE} \
               --buildkitd-flags="--debug" \
@@ -171,7 +169,7 @@ start_buildx:
   rules:
     - if: $DISABLE_BUILDX_CLUSTER == "true"
       when: never
-    - !reference [.except-deps, rules]
+    - when: on_success
 
 stop_buildx:
   stage: cleanup
@@ -193,7 +191,6 @@ stop_buildx:
     name: buildx_${CI_COMMIT_REF_SLUG}
     action: stop
   rules:
-    - !reference [.not-on-deps, rules]
     - if: $DISABLE_BUILDX_CLUSTER == "true"
       when: never
     - if: $BUILDX_AUTO_CLEANUP

.gitlab/ci/deps.gitlab-ci.yml

-# Dependency update job
-# included when:
-# - if: '$DEPS_PIPELINE'
-
-dependency_update:
-  image: registry.gitlab.com/gitlab-org/gitlab-omnibus-builder/distribution_ci_tools:${CI_TOOLS_VERSION}
-  stage: prepare
-  variables:
-    INSTALL_SHA256: "c95a33432192688a08d935fd5f563fce4110610a51281f887ae88db208b720ba"
-  script:
-    - curl --retry 6 -fO https://deps.app/install.sh
-    - echo "${INSTALL_SHA256}  install.sh" | sha256sum --check
-    - cat install.sh | bash -s -- -b $HOME/bin
-    # Remove the install.sh script otherwise deps gets upset about pending changes when it goes to create new branches
-    - rm install.sh
-    - $HOME/bin/deps ci

.gitlab/ci/images.gitlab-ci.yml

@@ -63,8 +63,7 @@ final-images-listing:
     - if: '$SKIP_JOB_REGEX && $CI_JOB_NAME =~ $SKIP_JOB_REGEX'
       when: never
     # Skipped for auto-deploy branches via workflow:rules
-    # Skip on deps pipeline as the final image listing is useless there
-    - !reference [.except-deps, rules]
+    - when: on_success
   artifacts:
     paths:
       - artifacts/final/
@@ -180,7 +179,7 @@ container-scanning:
   # https://gitlab.com/groups/gitlab-org/-/epics/6788
   allow_failure: true
   rules:
-    - if: '$DEPS_PIPELINE == "true" || $CE_PIPELINE'
+    - if: '$CE_PIPELINE'
       when: never
     - if: '$CI_COMMIT_BRANCH =~ /-ubi$/ || $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME =~ /-ubi$/ || $UBI_PIPELINE == "true"'
       when: never

.gitlab/ci/rules.gitlab-ci.yml

 ### rules.gitlab-ci.yml
 # common if definitions
 
-.if_deps_pipeline: &if_deps_pipeline
-  if: '$DEPS_PIPELINE == "true"'
-
 .if_ee_var: &if_ee_var
   if: '$ee == "true"'
 
@@ -62,21 +59,8 @@
   if: '$CI_COMMIT_REF_NAME =~ /-stable$/'
 
 # rules definitions
-.not-on-deps: &not-on-deps
-  rules:
-    - <<: *if_deps_pipeline
-      when: never
-
-.except-deps: &except-deps
-  rules:
-    - <<: *if_deps_pipeline
-      when: never
-    - when: on_success
-
 .only-ee: &only-ee
   rules:
-    - <<: *if_deps_pipeline
-      when: never
     - <<: *if_ce_pipeline
       when: never
     - <<: *if_custom_pipeline
@@ -94,8 +78,6 @@
 
 .except-ee: &except-ee
   rules:
-    - <<: *if_deps_pipeline
-      when: never
     - <<: *if_ee_pipeline
       when: never
     - <<: *if_custom_pipeline
@@ -127,9 +109,6 @@
 
 .tagless-versionless:
   rules:
-      # Don't run on deps pipelines
-    - <<: *if_deps_pipeline
-      when: never
       # Don't run for specific version pipelines
     - <<: *if_ce_pipeline
       when: never

.gitlab/merge_request_templates/Default.md

@@ -27,4 +27,4 @@ For anything in this list which will not be completed, please provide a reason i
 - [ ] Documentation created/updated
 - [ ] Integration tests added to [GitLab QA](https://gitlab.com/gitlab-org/gitlab-qa)
 - [ ] The impact any change in container size has should be evaluated
-- [ ] New dependencies are managed with [dependencies.io](https://about.gitlab.com/handbook/engineering/development/enablement/systems/distribution/maintenance/dependencies.io.html#adding-new-dependencies)
+- [ ] New dependencies are managed with [GitLab forked renovatebot](https://gitlab.com/gitlab-org/frontend/renovate-gitlab-bot)

deps.yml

-version: 3
-dependencies:
-- type: git
-  manifest_updates:
-    filters:
-    - name: .* # everything gets it's own MR
-      enabled: true
-  settings:
-    # Assign to maintainers
-    # gitlab_assignee_ids:
-      ## maintainers
-      # - 597578 # WarheadsSE (jplum)
-      # - 4849   # balasankarc (balu)
-      # - 2602134 # rmarshall (*)
-      ## trainee maintainers
-      # - 888551 # pursultani
-      # - 12300535 # apatterson2
-    commit_message_template: |-
-      {{.SubjectAndBody}}
-
-      Changelog: changed
-
-      [ci skip]
-    gitlab_labels:
-      - group::distribution
-      - section::core platform
-      - devops::systems
-      - type::maintenance
-      - maintenance::dependency
-      - dependencies.io
-      - workflow::ready for review
-    gitlab_remove_source_branch: true
-    remotes:
-      # s3cmd
-      https://github.com/s3tools/s3cmd.git:
-        replace_in_files:
-        - filename: ci_files/variables.yml
-          pattern: 'S3CMD_VERSION: "(\S+)"'
-          range: '>= 2.x.x'
-        - filename: gitlab-toolbox/Dockerfile
-          pattern: 'ARG S3CMD_VERSION="(\S+)"'
-          range: '>= 2.x.x'
-        - filename: gitlab-toolbox/Dockerfile.build.ubi
-          pattern: 'ARG S3CMD_VERSION=(\S+)'
-          range: '>= 2.x.x'
-      # YQ
-      https://github.com/mikefarah/yq.git:
-        replace_in_files:
-        - filename: ci_files/variables.yml
-          pattern: 'YQ_VERSION: "(\S+)"'
-          range: '>= 4.x.x'
-        - filename: kubectl/Dockerfile
-          pattern: 'ARG YQ_VERSION="(\S+)"'
-          range: '>= 4.x.x'
-        - filename: kubectl/Dockerfile.build.ubi
-          pattern: 'ARG YQ_VERSION=(\S+)'
-          range: '>= 4.x.x'
-      # GitLab Exporter
-      https://gitlab.com/gitlab-org/gitlab-exporter.git:
-        replace_in_files:
-        - filename: ci_files/variables.yml
-          pattern: 'GITLAB_EXPORTER_VERSION: "(\S+)"'
-        - filename: gitlab-exporter/Dockerfile
-          pattern: 'ARG GITLAB_EXPORTER_VERSION=(\S+)'
-        - filename: gitlab-exporter/Dockerfile.build.ubi
-          pattern: 'ARG GITLAB_EXPORTER_VERSION=(\S+)'
-      # redis gem
-      https://github.com/redis/redis-rb.git:
-        replace_in_files:
-        - filename: gitlab-mailroom/scripts/install-dependencies
-          pattern: 'redis:(\S+)'
-          tag_prefix: 'v'
-        - filename: gitlab-mailroom/Dockerfile.build.ubi
-          pattern: 'redis:(\S+)'
-          tag_prefix: 'v'
-      # redis client gem
-      https://github.com/redis-rb/redis-client.git:
-        replace_in_files:
-        - filename: gitlab-mailroom/scripts/install-dependencies
-          pattern: 'redis-client:(\S+)'
-          tag_prefix: 'v'
-        - filename: gitlab-mailroom/Dockerfile.build.ubi
-          pattern: 'redis-client:(\S+)'
-          tag_prefix: 'v'
-      # GitLab Container Registry
-      https://gitlab.com/gitlab-org/container-registry.git:
-        replace_in_files:
-        - filename: ci_files/variables.yml
-          pattern: 'GITLAB_CONTAINER_REGISTRY_VERSION: "(\S+)"'
-          tag_filter:
-            matching: 'v(\S+)-gitlab'
-            sort_as: '$1'
-        - filename: gitlab-container-registry/Dockerfile
-          pattern: 'ARG REGISTRY_VERSION=(\S+)'
-          tag_filter:
-            matching: 'v(\S+)-gitlab'
-            sort_as: '$1'
-        - filename: gitlab-container-registry/Dockerfile.build.ubi
-          pattern: 'ARG REGISTRY_VERSION=(\S+)'
-          tag_filter:
-            matching: 'v(\S+)-gitlab'
-            sort_as: '$1'
-      # gomplate
-      https://github.com/hairyhenderson/gomplate.git:
-        replace_in_files:
-        - filename: gitlab-gomplate/Dockerfile
-          pattern: 'ARG GOMPLATE_VERSION="v(\S+)"'
-          tag_prefix: 'v'
-          range: '< 4.0.0'
-        - filename: gitlab-gomplate/Dockerfile.build.ubi
-          pattern: 'ARG GOMPLATE_VERSION="v(\S+)"'
-          tag_prefix: 'v'
-          range: '< 4.0.0'
-        - filename: ci_files/variables.yml
-          pattern: 'GOMPLATE_VERSION: "v(\S+)"'
-          tag_prefix: 'v'
-          range: '< 4.0.0'
-      # python
-      https://github.com/python/cpython.git:
-        replace_in_files:
-        - &python-replace
-          filename: gitlab-python/Dockerfile
-          pattern: 'ARG PYTHON_VERSION="(\S+)"'
-          tag_prefix: 'v'
-          range: '< 3.10.0'
-        - <<: *python-replace
-          filename: gitlab-python/Dockerfile.build.ubi
-          pattern: 'ARG PYTHON_VERSION=(\S+)'
-        - <<: *python-replace
-          filename: gitlab-sidekiq/Dockerfile
-          pattern: 'PYTHON_TAG="(\S+)"'
-        - <<: *python-replace
-          filename: gitlab-toolbox/Dockerfile
-          pattern: 'PYTHON_TAG=(\S+)'
-        - <<: *python-replace
-          filename: gitaly/Dockerfile
-          pattern: 'PYTHON_TAG="(\S+)"'
-        - <<: *python-replace
-          filename: gitlab-webservice/Dockerfile
-          pattern: 'PYTHON_TAG="(\S+)"'
-        - <<: *python-replace
-          filename: ci_files/variables.yml
-          pattern: 'PYTHON_VERSION: "(\S+)"'
-      # FIPS Golang
-      https://github.com/golang-fips/go.git:
-        replace_in_files:
-        - &fips-go-replace
-          tag_filter:
-            matching: 'go(\d+).(\d+).(\d+)-1-openssl-fips'
-            sort_as: '$1.$2.$3'
-            output_as: '$1.$2.$3'
-          range: '< 1.24.0'
-          filename: gitlab-go/Dockerfile.build.fips
-          pattern: 'ARG GO_FIPS_TAG=go(\S+)-1-openssl-fips'
-        - <<: *fips-go-replace
-          filename: ci_files/variables.yml
-          pattern: 'GO_FIPS_TAG: "go(\S+)-1-openssl-fips"'
-        - <<: *fips-go-replace
-          filename: gitlab-go/Dockerfile.build.fips
-          pattern: 'ARG GO_VERSION=(\S+)'
-        - <<: *fips-go-replace
-          filename: ci_files/variables.yml
-          pattern: 'GO_FIPS_VERSION: "(\S+)"'

docs/ci-variables.md

@@ -50,8 +50,6 @@ Check the table below for more information about the various CI variables used i
 | Environment Variable                          | Description |
 | --------------------------------------------- | ----------- |
 | DANGER_GITLAB_API_TOKEN                       | GitLab API token dangerbot uses to post comments on MRs. |
-| DEPS_GITLAB_TOKEN                             | Token used by [dependencies.io](https://docs.dependencies.io/gitlab-ci/) to create MRs. |
-| DEPS_TOKEN                                    | Token used by CI for auth to [dependencies.io](https://docs.dependencies.io/gitlab-ci/). |
 | NIGHTLY                                       | Set to `true` when running a nightly build. (Busts cache). |
 
 ## Release variable