diff --git a/Dockerfile b/Dockerfile index 6e58265fcfb7c3848f5b9a842bda159cc506d62d..ed3b20aee231074ed48ade53594bed789139f768 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,8 @@ -ARG GITLAB_VERSION=v13.11.2-ubi8 +ARG GITLAB_VERSION=v14.0.0-ubi8 ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082 ARG BASE_IMAGE=gitlab/gitlab/gitlab-ruby -ARG BASE_TAG=13.11.2 +ARG BASE_TAG=14.0.0 ARG RUBY_IMAGE=${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} diff --git a/build-scripts/build.sh b/build-scripts/build.sh index bb549a87ee8950fb01fa1e815063e63f21ae8f6e..1431e03c42eb25b81f0ea824159fc0b81a21fc4f 100755 --- a/build-scripts/build.sh +++ b/build-scripts/build.sh @@ -4,7 +4,7 @@ set -euxo pipefail -TAG=${1:-13.11.2} +TAG=${1:-14.0.0} REPOSITORY=${2:-} DOCKER_OPTS=${DOCKER_OPTS:-""} diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index a3a8e60fab6de31212db8f6083890bfa85c39f6e..a35f5bc688d57be6259ece010c5e6329e9f183e3 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -5,12 +5,12 @@ name: "gitlab/gitlab/gitlab-rails" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: - - "13.11.2" + - "14.0.0" - "latest" # Build args passed to Dockerfile ARGs args: BASE_IMAGE: "gitlab/gitlab/gitlab-ruby" - BASE_TAG: "13.11.2" + BASE_TAG: "14.0.0" # Docker image labels labels: org.opencontainers.image.title: "Gitlab Rails" @@ -22,7 +22,7 @@ labels: org.opencontainers.image.url: "https://about.gitlab.com/" ## Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "Gitlab" - org.opencontainers.image.version: "13.11.2" + org.opencontainers.image.version: "14.0.0" ## Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "gitlab, git, gitops" ## This value can be "opensource" or "commercial" @@ -43,8 +43,8 @@ maintainers: username: "alfontaine" email: "alan.fontaine@centauricorp.com" resources: - - url: "https://gitlab-ubi.s3.amazonaws.com/ubi8-build-dependencies-v13.11.2-ubi8/gitlab-rails-ee.tar.gz" + - url: "https://gitlab-ubi.s3.amazonaws.com/ubi8-build-dependencies-v14.0.0-ubi8/gitlab-rails-ee.tar.gz" filename: "gitlab-rails-ee.tar.gz" validation: type: "sha256" - value: "88f674a16a0217c18e6e364569d47ec016a71e556d781e0ef231668afb35915b" + value: "186acdaa8c433a94c8ba39b268927583e93113e0e3c2f423848632ad294a78cf" diff --git a/scripts/lib/checks/postgresql.rb b/scripts/lib/checks/postgresql.rb index 267911d96eae43147096e62f3eba075ac255d717..eaf82960d0fafe205b72b7f37560b0355e97a4f9 100644 --- a/scripts/lib/checks/postgresql.rb +++ b/scripts/lib/checks/postgresql.rb @@ -52,7 +52,13 @@ module Checks ActiveRecord::Base.establish_connection(config) begin @@database_version = ActiveRecord::Migrator.current_version - true + + # Rails silently eats `ActiveRecord::NoDatabaseError` when calling `current_version` + # This stems from https://github.com/rails/rails/blob/v6.0.3.6/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb#L48-L54 + puts "WARNING: Problem accessing '#{config.database}' database. Confirm username, password, and permissions." if @@database_version.nil? + + # returning false prevents bailing when BYPASS_SCHEMA_VERSION set. + !@@database_version.nil? rescue PG::ConnectionBad => e puts "PostgreSQL Error: #{e.message}" false @@ -71,7 +77,7 @@ module Checks return true if (ENV['BYPASS_SCHEMA_VERSION'] && success) - (success && @@database_version >= codebase_schema_version) + (success && @@database_version.to_i >= codebase_schema_version) end end end