From 6bd8a73fa6c0445ec2cd44ad5bbd715afdd619a0 Mon Sep 17 00:00:00 2001
From: Timo Furrer <tfurrer@gitlab.com>
Date: Mon, 28 Oct 2024 15:22:04 +0100
Subject: [PATCH] Support GitLab dependency proxy when building gitlab-tofu
 images

Closes https://gitlab.com/components/opentofu/-/issues/70

Changelog: feature
---
 .gitlab-ci.yml             | 14 ++++++++++++++
 .gitlab/README.md.template |  5 +++++
 README.md                  |  5 +++++
 3 files changed, 24 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8504a47..5a86ff3 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -89,6 +89,20 @@ gitlab-opentofu-image:build:
   stage: build
   image: quay.io/containers/buildah:v1.37.3
   before_script:
+    # Supporting GitLab dependency proxies:
+    # see https://docs.gitlab.com/ee/user/packages/dependency_proxy/
+    - |
+      if [ -n "$CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX" ]; then
+        echo "Detected GitLab Dependency Proxy at '$CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX', configuring it for buildah ..."
+        cat > /etc/containers/registries.conf.d/dependency-proxy.conf <<EOF
+        [[registry]]
+        location = "docker.io"
+        [[registry.mirror]]
+        location = "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}"
+      EOF
+
+        buildah login -u "$CI_DEPENDENCY_PROXY_USER" -p "$CI_DEPENDENCY_PROXY_PASSWORD" "$CI_DEPENDENCY_PROXY_SERVER"
+      fi
     - buildah login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
   script:
     - echo "Building $GITLAB_OPENTOFU_IMAGE_NAME"
diff --git a/.gitlab/README.md.template b/.gitlab/README.md.template
index e7008ec..a1ad5a7 100644
--- a/.gitlab/README.md.template
+++ b/.gitlab/README.md.template
@@ -396,6 +396,11 @@ See also the official GitLab documentation for it
 If you want to save runner resources you may disable the unit and integration tests
 by setting the `SKIP_TESTS` CI/CD variable to `true`.
 
+The pipeline of this component respects the
+[GitLab Dependency Proxy](https://docs.gitlab.com/ee/user/packages/dependency_proxy/) configuration
+by detecting the `CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX` environment variable
+and configuring `buildah` to use it when building the container images.
+
 ## Migrating from the Terraform CI/CD templates
 
 When migrating from the GitLab Terraform CI/CD templates you can use the following migration rules:
diff --git a/README.md b/README.md
index a3b0c2a..1a1eefe 100644
--- a/README.md
+++ b/README.md
@@ -415,6 +415,11 @@ See also the official GitLab documentation for it
 If you want to save runner resources you may disable the unit and integration tests
 by setting the `SKIP_TESTS` CI/CD variable to `true`.
 
+The pipeline of this component respects the
+[GitLab Dependency Proxy](https://docs.gitlab.com/ee/user/packages/dependency_proxy/) configuration
+by detecting the `CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX` environment variable
+and configuring `buildah` to use it when building the container images.
+
 ## Migrating from the Terraform CI/CD templates
 
 When migrating from the GitLab Terraform CI/CD templates you can use the following migration rules:
-- 
GitLab