Commit 23f2da05 authored by Martin Lowe's avatar Martin Lowe 🇨🇦
Browse files

Add additional documentation for dev GL runs

parent ad1097b7
......@@ -71,16 +71,17 @@ In Gitlab, a nested group strategy was chosen to manage access to both groups an
In regards to bot access, this can be granted at either the subgroup or project (repository) level depending on the needs of the project. These permissions, while not removed by the script are currently managed manually by the Eclipse Foundation. If there are issues regarding bot access, new or existing, an issue should be created within our [bug-tracking system](https://bugs.eclipse.org) rather than within this project.
Below is an example of a few projects within the Eclipse Gitlab instance and their structure:
Below is an example of a few projects within the Eclipse Gitlab instance and their possible structure:
```
Eclipse/ (group)
├─ Eclipse Dash/ (group)
│ ├─ dash-gitlab-testing (project)
│ ├─ org.eclipse.dash.handbook (project)
├─ Eclipse Marketplace Client/ (group)
│ ├─ MPC Client (project)
│ ├─ org.eclipse.epp.mpc (project)
├─ Technology/ (group)
│ ├─ Eclipse Marketplace Client/ (group)
│ │ ├─ MPC Client (project)
│ │ ├─ org.eclipse.epp.mpc (project)
Eclipse Foundation/ (group)
├─ webdev/ (group)
│ ├─ eclipsefdn-api-common (project)
......@@ -130,7 +131,7 @@ The following parameters can be used when running the sync scripts manually.
|-P, --project | x |string | N/A | The project ID (e.g. technology.dash) of the project that should be updated (at the exclusion of all other projects) |
|-V, --verbose | x | boolean flag | `false` | Sets the script to run in verbose mode (ranges from 1-4 for more verbose logging). |
### Running the toolset for development
### Running the toolset for development (Github)
By default, the script is run in docker containers to emulate the production environment (Openshift). This sync tool can be run in standard and verbose mode. The difference between the modes is that in verbose all log messages are printed to the STDOUT of the container.
......@@ -150,6 +151,37 @@ docker run -i --rm -v <fullpath to current project folder>/secrets:/run/secrets
_[^ Back to top](#eclipsefdn-github-sync)_
### Running the toolset in development (Gitlab)
The default state for the script is to run against production Gitlab, which isn't feasible for development/testing. To better enable testing, a local instance of Gitlab should be started. This can be started using docker-compose: `docker-compose up -d gitlab`. This starts and binds a Gitlab instance to ports 22, 80, and 443 to best emulate a real instance of Gitlab. This can be changed in the docker-compose if needed.
Once a local instance is started, retrieve the password set for the root admin user using the following command: `sudo docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password`. This will print the root user password as plain text to the console for use. Once retrieved, you can log in and update the password to something more memorable or easy to remember or set the password into a password manager.
When you are logged in, you will need to create a base group to test the sync on. Using `eclipse` requires no additional config and is recommended. Once this group is created,
#### Secrets
This step assumes the previous Gitlab setup to completed, or you have access to the admin account running on the target instance. Open the [user preferences](http://localhost/-/profile/preferences) page and navigate to the `Access tokens` section. Once here, create an access token with the `api` permission set. This is needed to update or remove user permissions from groups and projects within the instance. Save this under your secrets directory within the file `access-token`.
Additionally, an `eclipse-oauth-config` should be created when running the GitLab sync script. This file will define how connections to the Eclipse OAuth server should be handled. If this is missing, the GitLab sync script will fail. The file should be in JSON format, with the following being an example of format:
```
{"oauth":{"timeout":3600, "client_id":"<client id>","client_secret":"<client secret>","endpoint":"https://accounts.eclipse.org","scope":"eclipsefdn_view_all_profiles","redirect":"http://localhost"}}
```
Should you not have access to these values and you are on the EF Webdev team, reach out on slack and they will be provided. Otherwise, these credentials are internal and not distributed to the general public.
#### Script run command
Included below is an example command that can be used within Unix environments given the default setup instructions are followed:
```
npm run lab-sync -- --devMode --verbose --secretLocation=$PWD/secrets -H "http://localhost"
```
_[^ Back to top](#eclipsefdn-github-sync)_
## Creating a tagged release
Once a release candidate has been identified for production, tests should be run locally using the master branch to ensure that the integration of patches are stable as the pull requests that had been validated. Additionally, `npm ci && npm run test` should be run to ensure that the current package lock file is stable, passes tests, and contains no live vulnerabilities from upstream packages. If there is issues with this, patches should be created to address these issues before the release goes live.
......@@ -171,7 +203,7 @@ Once the master branch tag is created it can then be merged into the `production
## Copyright and license
Copyright 2019 the [Eclipse Foundation, Inc.](https://www.eclipse.org) and the [eclipsefdn-github-sync authors](https://github.com/eclipsefdn/eclipsefdn-github-sync/graphs/contributors). Code released under the [Eclipse Public License Version 2.0 (EPL-2.0)](https://github.com/eclipsefdn/eclipsefdn-github-sync/blob/master/LICENSE).
Copyright 2019, 2022 the [Eclipse Foundation, Inc.](https://www.eclipse.org) and the [eclipsefdn-github-sync authors](https://github.com/eclipsefdn/eclipsefdn-github-sync/graphs/contributors). Code released under the [Eclipse Public License Version 2.0 (EPL-2.0)](https://github.com/eclipsefdn/eclipsefdn-github-sync/blob/master/LICENSE).
_[^ Back to top](#eclipsefdn-github-sync)_
......@@ -10,6 +10,25 @@ services:
- DRYRUN=true
secrets:
- api-token
gitlab:
container_name: gitlab
image: 'gitlab/gitlab-ee:14.7.7-ee.0'
restart: always
environment:
VIRTUAL_HOST: "gitlab.dev.docker"
VIRTUAL_PORT: 443
VIRTUAL_PROTO: https
CERT_NAME: dev.docker
GITLAB_OMNIBUS_CONFIG: "external_url 'http://localhost/';"
shm_size: '256m'
ports:
- 443:443
- 80:80
- 22:22
volumes:
- '/localdocker/gitlab/config:/etc/gitlab'
- '/localdocker/gitlab/logs:/var/log/gitlab'
- '/localdocker/gitlab/data:/var/opt/gitlab'
secrets:
api-token:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment