Add instructions to setup CI

[Sov-trotter]

Hey All. First of all great package. This makes everything really seamless.

I am hosting a private registry on a company gitlab(selfhosted) and would like to be able to run CI/CD in private packages.

eg: I have two private packages, PkgA and PkgB, with PkgB depending on PkgA.

How can I setup all the authentication stuff(locally I have to enter the id and my pat)? Also if someone has a sample script they can share it's be really nice.

Last I am also willing to create a PR to this package with instructions for the CI once I am able to figure it out. Thanks!!

[GunnarFarneback]

There are lots of options for authentication. On GitLab alone there are deploy keys (public or project specific), deploy tokens (group or project), and access tokens (group or project). It really depends on what mechanisms you want to use (ssh or https URLs) and what kind of security model and credentials, in CI and on personal computers. In GitLab CI credentials are best stored as group or project CI variables and sometimes you can use standard CI variables. Some credentials can be baked into URLs and some can be managed by external helpers.

For my part I have avoided all credentials business for registered Julia packages by distributing them openly on the internal network with the help of LocalPackageServer.

[Sov-trotter]

Thanks. So here's the process that I can think of for my case:

• We create a gitlab deploy token
• We store the secrets as gitlab ci environment variables https://docs.gitlab.com/ee/ci/variables/#add-a-cicd-variable-to-a-project
• Now for every julia package,(gitlab-ci.yml) we need to
  • First add the registry to the ci instance https://discourse.julialang.org/t/use-private-registry-in-gitlab-ci-job/36179/15
  • Then add the necessary packages(the deploy token can handle the uername password prompt)
  • rest of the stuff....

[lazzarello]

Here's my job config to publish new versions in Gitlab CI. It uses a deploy key in the Docker executor. You'll have to adapt this to use your own security standards to get the deploy key into the container. There's a bunch of ways to do it. My biggest challenge was the value of $CI_PROJECT_URL is the HTTPS syntax and I'm using SSH, thus that weirdly composed SSH_URL variable. I couldn't find a predefined variable for the full SSH URL.

push-julia-library:
  when: manual
  stage: deploy
  before_script:
    - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
    - eval $(ssh-agent -s)
    - chmod 400 /key
    - ssh-add /key
    - git config --global user.email "$GITLAB_USER_EMAIL"
    - git config --global user.name "$GITLAB_USER_NAME"
    - julia -e 'using Pkg; Pkg.Registry.update("the_private_one")'
    - export SSH_URL="git@${CI_SERVER_HOST}:${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}.git"
  script:
    - julia --project -e 'using LocalRegistry; register(ignore_reregistration=true,
      repo=ENV["SSH_URL"])'

[GunnarFarneback]

export SSH_URL="git@${CI_SERVER_HOST}:${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}.git"

You can make it slightly more compact with $CI_PROJECT_PATH.