Setup And Upgrade The Pillars Of Creation Pipeline Repository In An Air-Gapped Environment
Introduction
Air-gap mode is a pipeline configuration that disables automatic updates for offline environments. Useful for DIL environments (Disconnected, Intermittent, and Low-Bandwidth).
This guide demonstrates how to enable air-gap mode and maintain (upgrade) it for the Pillars of Creation repository in an air-gapped environment.
Enable Air-Gap Mode
Air-gap mode is used to disable in-pipeline vulnerability database updates for air-gapped environments: (If set to true, it prevents the security tool from automatically updating the vulnerability database).
- Open your
pipeline.yamlfile. See Pillars of Creation for more context. - Set the
AIRGAP_MODEvariable totrue:
variables:
AIRGAP_MODE: "true" # Disables automatic updates in air-gapped environments
Upgrading Pillars of Creation on External GitLab Instances
This section explains how to promote changes from the Pillars of Creation repository to an external GitLab instance while maintaining a clean commit history.
Fetch the Latest Changes
Ensure your local branch is up-to-date before proceeding:
git clone https://code.build.smoothglue.io/getting-started/pillars/pipeline.git
Create a New Branch from main
For better organization, create a new branch based on main:
git checkout main
git pull origin main
git checkout -b <your-branch>
Replace <your-branch> with a descriptive name for your branch.
Reset the Branch to the Initial Commit
To prepare a clean commit history:
git reset $(git rev-list --max-parents=0 HEAD)
This command resets the branch to the first commit, retaining the current working directory's latest state.
Stage All Changes
Stage all modifications:
git add --all
Ensure your SSH key is added to the target Git instance for signing the commit. Also, configure the Git signing key in your Git configuration.
Commit the Changes
Create a single commit summarizing the promotion:
git commit -S -s -m "chore: promote changes"
Configure the Target Remote
If you haven't already set up the target remote, configure it now:
git remote add target https://gitlab.<external-domain>/pillars/pipeline
To use SSH for authentication:
git remote set-url target git@gitlab.<external-domain>:pillars/pipeline.git
Verify the Remote Configuration
Check that the remote URL is correctly configured:
git remote -v
Example output:
target git@gitlab.<external-domain>:pillars/pipeline.git (fetch)
target git@gitlab.<external-domain>:pillars/pipeline.git (push)
Push the Changes to the Target Repository
Consider these alternatives if main is a protected branch and force-push is not allowed:
- Create a new branch and submit a merge request.
- Temporarily adjust branch protection settings.
To force-push the changes:
git push --force target <your-branch>:main
Replace <your-branch> with your current branch's name.
Use --force carefully, as it rewrites commit history and is irreversible.
Upgrading the Pillars of Creation Zarf Package
Currently, the Zarf package is generated manually. This will be automated in the future. Follow these steps for manual generation:
- Update the
zarf.yamlfile: Remove images that haven't changed. - Create the package:
zarf package create . -a amd64
- Upload the Zarf package to an S3 bucket accessible from the Bastion host.
- Deploy the package from the Bastion host:
zarf package deploy zarf-package-pillars2-amd64.tar.zst