Update GitLab to the 14.0.0 Major Release

Dockerfile

-ARG GITLAB_VERSION=v13.12.2-ubi8
+ARG GITLAB_VERSION=v14.0.0-ubi8
 
 ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082
 ARG BASE_IMAGE=gitlab/gitlab/gitlab-rails
-ARG BASE_TAG=13.12.2
+ARG BASE_TAG=14.0.0
 
 ARG RAILS_IMAGE=${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 

build-scripts/build.sh

@@ -4,7 +4,7 @@
 
 set -euxo pipefail
 
-TAG=${1:-13.12.2}
+TAG=${1:-14.0.0}
 REPOSITORY=${2:-}
 DOCKER_OPTS=${DOCKER_OPTS:-""}
 

hardening_manifest.yaml

@@ -5,12 +5,12 @@ name: "gitlab/gitlab/gitlab-task-runner"
 # The most specific version should be the first tag and will be shown
 # on ironbank.dsop.io
 tags:
-  - "13.12.2"
+  - "14.0.0"
   - "latest"
 # Build args passed to Dockerfile ARGs
 args:
   BASE_IMAGE: "gitlab/gitlab/gitlab-rails"
-  BASE_TAG: "13.12.2"
+  BASE_TAG: "14.0.0"
 # Docker image labels
 labels:
   org.opencontainers.image.title: "Gitlab Task Runner"
@@ -22,7 +22,7 @@ labels:
   org.opencontainers.image.url: "https://about.gitlab.com/"
   ## Name of the distributing entity, organization or individual
   org.opencontainers.image.vendor: "Gitlab"
-  org.opencontainers.image.version: "13.12.2"
+  org.opencontainers.image.version: "14.0.0"
   ## Keywords to help with search (ex. "cicd,gitops,golang")
   mil.dso.ironbank.image.keywords: "gitlab, git, gitops"
   ## This value can be "opensource" or "commercial"
@@ -43,13 +43,13 @@ maintainers:
     username: "alfontaine"
     email: "alan.fontaine@centauricorp.com"
 resources: 
-  - url: "https://gitlab-ubi.s3.amazonaws.com/ubi8-build-dependencies-v13.12.2-ubi8/gitlab-task-runner-ee.tar.gz"
+  - url: "https://gitlab-ubi.s3.amazonaws.com/ubi8-build-dependencies-v14.0.0-ubi8/gitlab-task-runner-ee.tar.gz"
     filename: "gitlab-task-runner-ee.tar.gz"
     validation:
       type: "sha256"
-      value: "fcc8fde5e263dc8d53cbd5fbd09db0b01e2ec6b1174730d5cde2f689e620a2f6"
-  - url: "https://gitlab-ubi.s3.amazonaws.com/ubi8-build-dependencies-v13.12.2-ubi8/gitlab-python.tar.gz"
+      value: "bf8db92af98abe995f4411a73acede96a01da96b5fee5915173a05fe6605d15d"
+  - url: "https://gitlab-ubi.s3.amazonaws.com/ubi8-build-dependencies-v14.0.0-ubi8/gitlab-python.tar.gz"
     filename: "gitlab-python.tar.gz"
     validation:
       type: "sha256"
-      value: "504cc701f686141196608dbd60aa23150d1e8c1b14564e6bcd6b5bdbb1ece21d"
+      value: "48068e0e17bb7f3083861f050cad709115360c072e89cce31566def73760c723"

scripts/bin/backup-utility

@@ -109,7 +109,7 @@ function get_existing_backups(){
   # Example: TIMESTAMP_YYYY_MM_DD_VERSION_gitlab_backup.tar
   case $BACKUP_BACKEND in
     s3)
-      existing_backups=($(s3cmd ls s3://$BACKUP_BUCKET_NAME --rinclude '^\d{10}_\d{4}_\d{2}_\d{2}_.+_gitlab_backup.tar$' | awk '{print $4}' | LC_ALL=C sort))
+      existing_backups=($(s3cmd ${S3_CMD_BACKUP_OPTION} ls s3://$BACKUP_BUCKET_NAME --rinclude '^\d{10}_\d{4}_\d{2}_\d{2}_.+_gitlab_backup.tar$' | awk '{print $4}' | LC_ALL=C sort))
       ;;
     gcs)
       # Note: gsutil doesn't support regex, so we need to try to match the prefix as best we can with wildcards

scripts/lib/object_storage_backup.rb

@@ -41,7 +41,7 @@ class ObjectStorageBackup
     FileUtils.mkdir_p("/srv/gitlab/tmp/#{@name}", mode: 0700)
 
     output, status = run_cmd(cmd)
-    failure_abort(output) unless status.zero?
+    failure_abort('creation of working directory', output) unless status.zero?
 
     # check the destiation for contents. Bucket may have been empty.
     if Dir.empty? "/srv/gitlab/tmp/#{@name}"
@@ -54,7 +54,7 @@ class ObjectStorageBackup
 
     cmd = %W(tar -cf #{@local_tar_path} -I #{gzip_cmd} -C /srv/gitlab/tmp/#{@name} . )
     output, status = run_cmd(cmd)
-    failure_abort(output) unless status.zero?
+    failure_abort('archive', output) unless status.zero?
 
     puts "done".green
   end
@@ -68,9 +68,9 @@ class ObjectStorageBackup
     puts "done".green
   end
 
-  def failure_abort(error_message)
+  def failure_abort(action, error_message)
     puts "[Error] #{error_message}".red
-    abort "Restore #{@name} failed"
+    abort "#{action} of #{@name} failed"
   end
 
   def upload_to_object_storage(source_path)
@@ -83,7 +83,7 @@ class ObjectStorageBackup
 
     output, status = run_cmd(cmd)
 
-    failure_abort(output) unless status.zero?
+    failure_abort('upload', output) unless status.zero?
   end
 
   def backup_existing
@@ -97,7 +97,7 @@ class ObjectStorageBackup
 
     output, status = run_cmd(cmd)
 
-    failure_abort(output) unless status.zero?
+    failure_abort('sync existing', output) unless status.zero?
   end
 
   def cleanup
@@ -107,7 +107,7 @@ class ObjectStorageBackup
       # Check if the bucket has any objects
       list_objects_cmd = %W(gsutil ls gs://#{@remote_bucket_name}/)
       output, status = run_cmd(list_objects_cmd)
-      failure_abort(output) unless status.zero?
+      failure_abort('GCS ls', output) unless status.zero?
 
       # There are no objects in the bucket so skip the cleanup
       if output.length == 0
@@ -117,20 +117,20 @@ class ObjectStorageBackup
       cmd = %W(gsutil rm -f -r gs://#{@remote_bucket_name}/*)
     end
     output, status = run_cmd(cmd)
-    failure_abort(output) unless status.zero?
+    failure_abort('bucket cleanup', output) unless status.zero?
   end
 
   def restore_from_backup
     extracted_tar_path = File.join(File.dirname(@local_tar_path), "/srv/gitlab/tmp/#{@name}")
     FileUtils.mkdir_p(extracted_tar_path, mode: 0700)
 
-    failure_abort("#{@local_tar_path} not found") unless File.exist?(@local_tar_path)
+    failure_abort('restore', "#{@local_tar_path} not found") unless File.exist?(@local_tar_path)
 
     untar_cmd = %W(tar -xf #{@local_tar_path} -C #{extracted_tar_path})
 
     output, status = run_cmd(untar_cmd)
 
-    failure_abort(output) unless status.zero?
+    failure_abort('un-archive', output) unless status.zero?
 
     Dir.glob("#{extracted_tar_path}/*").each do |file|
      upload_to_object_storage(file)