Upgrade to 17.7.0

[sachilles]

GitLab 17.7 Release (see https://about.gitlab.com/releases/2024/12/19/gitlab-17-7-released/)

Hints:

• Before upgrading to GitLab 17.7, use the OpenSSL 3 guide to identify and assess the compatibility of your external integrations. (see https://docs.gitlab.com/ee/update/versions/gitlab_17_changes.html#1770)
• Ubuntu focal does not provide OpenSSL 3. The best option might be to change the base image (from focal to jammy).
• Assistance for this release is very welcome.

Todo:

• Change base image from focal to jammy. (I guess we have to change to noble later. Even to official image uses jammy.)
• Use the appropriate packages for the base image jammy.
• Update the patches used by this project.
• (postponed to later release) Implement mutil-stage build if necessary (see Docker Multistage for parallel build #3048).
• (postponed to later release) Cleanup the build process.

[sachilles]

Multi-stage build #3048 could be an option and subject for improvements.

[sachilles]

Building gitlab fails currently (see todo list):

159.4 Applying patch /etc/docker-gitlab/build/patches/gitlabhq/0003-fix_preinstall.mjs-to-avoid-removing-node_modules_dir.patch for gitlab-foss...
159.4 error: patch failed: scripts/frontend/preinstall.mjs:1
159.4 error: scripts/frontend/preinstall.mjs: patch does not apply

[kkimurak]

Building gitlab fails currently (see todo list):

I updated the patch. Use kkimurak/docker-gitlab@38573922 or use following content as-is:

diff --git a/scripts/frontend/preinstall.mjs b/scripts/frontend/preinstall.mjs
index e86525cd20d2..f849c423f1b6 100644
--- a/scripts/frontend/preinstall.mjs
+++ b/scripts/frontend/preinstall.mjs
@@ -1,5 +1,5 @@
 import { join } from 'node:path';
-import { readFile, rm } from 'node:fs/promises';
+import { readdir, readFile, rm, stat } from 'node:fs/promises';
 
 const ROOT_PATH = join(import.meta.dirname, '..', '..');
 const NODE_MODULES = join(ROOT_PATH, 'node_modules');
@@ -54,5 +54,14 @@ if (!arraysHaveSameItems(prevTopLevelPatterns, currentTopLevelPatterns)) {
   console.error(
     '[WARNING] package.json changed significantly. Removing node_modules to be sure there are no problems.',
   );
-  await rm(NODE_MODULES, { recursive: true, force: true });
+  // sameersbn/gitlab : avoid removing NODE_MODULES directly, iterate its content instead
+  // The path NODE_MODULES is declared as docker volume - always busy so that cannot be removed
+  // before iterating, check if the directory exists
+  const isDirectory = await stat(NODE_MODULES).then((stat) => stat.isDirectory()).catch(() => false);
+  if(isDirectory) {
+      for (const dir_ent of await readdir(NODE_MODULES, { withFileTypes: true})) {
+      const to_remove = join(NODE_MODULES, dir_ent.name);
+      await rm(to_remove, { recursive: true, force: true });
+    }
+  }
 }

[sachilles]

@kkimurak Thanks for the opportunity to pick cherries.

[kkimurak]

Oops I noticed that I have pushed something strange (I'm not sure but it now treated as "binary file" even I redirected git diff to the file). Build failed.

Force pushed to fix : kkimurak/docker-gitlab@a2799ac

[sachilles]

You're welcome. I did a reset and picked the (new) cherries (again).

[sachilles]

CI failed with error message

Exited with code exit status 125

which is a result of the script

#!/bin/bash -eo pipefail
docker run --network container:$(docker-compose ps -q gitlab) \
curlimages/curl --ipv4 --retry 60 --retry-delay 5 --retry-connrefused -svf http://localhost/explore -o /dev/null

Hints:

• Exit Code 125: Docker Command Itself Failed
• Meaning: Docker failed to run the container due to an issue with the Docker command itself. This could be caused by incorrect options or an issue with Docker’s internals.

[kkimurak]

Hmm, gitlab container seems to be restarting. I built the image locally and checking if it works..

https://app.circleci.com/pipelines/github/sameersbn/docker-gitlab/1796/workflows/ad144395-f770-4394-8b74-879047a97d8c/jobs/7933

CONTAINER ID   IMAGE                              COMMAND                  CREATED         STATUS                                     PORTS                                                                                           NAMES
df1c17527add   sameersbn/gitlab:latest            "/sbin/entrypoint.sh…"   1 second ago    Up Less than a second (health: starting)   443/tcp, 0.0.0.0:10022->22/tcp, [::]:10022->22/tcp, 0.0.0.0:10080->80/tcp, [::]:10080->80/tcp   project-gitlab-1
79ffa48e8ce3   sameersbn/postgresql:14-20230628   "/sbin/entrypoint.sh"    2 seconds ago   Up 1 second                                5432/tcp                                                                                        project-postgresql-1
c1912d8e03c9   redis:6.2                          "docker-entrypoint.s…"   2 seconds ago   Up 1 second                                6379/tcp                                                                                        project-redis-1

docker: Error response from daemon: Container df1c17527add2738e84069b10eefacecb50ea9aba04128cb7530a9709e3a11ec is restarting, wait until the container is running.

[th-2021]

packages for noble are available: https://packages.gitlab.com/app/gitlab/gitlab-ce/search?dist=ubuntu%2Fnoble

[kkimurak]

ok nginx setting issue as the source changed from ubuntu ppa to nginx official repository:

cp: cannot create regular file '/etc/nginx/sites-enabled/gitlab': No such file or directory

[kkimurak]

At least it launches successfully after applying kkimurak/docker-gitlab@3c6a248 , kkimurak/docker-gitlab@545a56b and kkimurak/docker-gitlab@478afba .

Although I have not yet been able to identify the cause of each patch being required, I have at least confirmed that gitlab starts, that the administrator password can be reset from the WebUI when logging in for the first time, and that I can log in as admin.

[sachilles]

@kkimurak Thanks for your commits. However, I'd like to leave some notes for future updates.

1. Jammy just provides the package nginx/jammy-updates,jammy-security 1.18.0-6ubuntu14.5 amd64 which might be enough to update this project very soon. However, for future updates we should keep in mind that the webserver is an essential part of the image.
2. We should keep tests very easy and close to commonly used healthchecks.
3. We should reduce the footprint of the image and speed up the build process / reduce the build time. This can be achieved using suitable PPA's or even multi-stage builds (for example by compiling golang parts in a separate image and just copy the executables from a builder to the main image).
4. We should think about the caching feature of docker, which would allow to rerun the build process from failed. Thus, the build process could finish if the buld time raises again.

[sachilles]

The build process has been successfully completed and the application works in principle. Is there anything against merging the pull request?

If not, I'll do a (manual) merge train to arrive at versions 17.7.2 and 17.8.0 of GitLab CE.

[th-2021]

Is the build also working with noble? Would it not be easier for the future to go directly to noble?

[sachilles]

@th-2021 I didn't try to use noble since the offical docker image of gitlab uses jammy as well. Since the project is about 1 month behind the upstream project, I would prefer to catch up first and then integrate further adjustments, optimizations and improvements.