How to run DinD jobs on gitlab.com Shared Runners

This post is also available on my blog.

Gitlab provides shared runners for the repositories that are hosted on gitlab.com: https://docs.gitlab.com/ee/ci/runners/README.html#shared-runners

You can run Docker commands inside a job by

An example running a container that says hello:

stages:
- Say Hello

hello-world:
stage: Say Hello
tags:
- docker
image: docker:latest
services:
- docker:dind
script:
- docker run --rm hello-world:latest
GitLab CI pipeline output

Scan Kubernetes, Helm, Terraform, Docker, Ansible & AWS CloudFormation Code for security vulnerabilities, compliance issues & misconfigurations

Licensed under Apache License 2.0

This post is also available on my blog.

KICS is a security scanner for a range of IaC (Infrastructure as Code) tools.
You can find it’s documentaiton here: https://docs.kics.io/

How to run it inside your GitLab CI pipeline

Here’s an example with some rules disabled:

stages:
- Test

kics-scan:
stage: Test
tags:
- docker
image: docker:latest
services:
- docker:dind
variables:
# SHA of v1.2.1 Docker image
KICS_IMAGE_VERSION: sha256:8e9cebdc32fbd0102454136ca3c0e5d46d82e7b668fc936508a304da54dc4450
# KICS queries list: https://docs.kics.io/queries/all-queries/
# - Master Authentication is Disabled (1baba08e-3c8a-4be7-95eb-dced5833de21)…


In this article, I want to share how I approached creating a private Kubernetes (GKE) cluster in Google Cloud Platform (GCP).

This post is also available on my blog.

Target infrastructure

To get an overview - this is the target infrastructure we’re aiming for:


This post is also available on my blog.

Overview

The PSR-12 coding standard replaces the previous PSR-2 standard. It takes new PHP features into account.

PSR-12 additionally takes the following constructs into account, compared to PSR-2:

Changes:

What’s changed in PSR-12 in comparison to PSR-2

2.5 Keywords and types

Short form of type keywords MUST be used i.e. bool instead of boolean, int instead of integer etc.

3. Declare Statements, Namespace, and Import Statements

In PSR-2 the ordering of statements was not set.

The order is now strictly defined:


This post is also available on my blog.

By default, variables will be split by space characters. This is not what you want if you have a message that contains spaces for example.

To prevent this, the variable may be surrounded by quotation marks. If you’re using the exec form in the ENTRYPOINT. quotation marks can be escaped with backslashes.

Let's see an example:

entrypoint.sh

Takes two variables (message and version) and prints them.

#!/usr/bin/env sh
set -euo pipefail
# Parameters:
# $1: Message
# $2: Version
printf 'Message is: %s\n' "${1}"
printf 'Version is: %s\n' "${2}"

Dockerfile

# To run:
# docker build …

How to use SonarScanner CLI.

This post is also available on my blog.

This is an example of how you can use the SonarScanner CLI. For example, if you want to scan a PHP application. There are also alternatives: Gradle & Maven.

Create a file called sonar-project.properties inside of your repository root. As stated in the SonarQube GitLab CI documentation.

# SonarQube server
# sonar.host.url & sonar.login are set by the Scanner CLI.
# See https://docs.sonarqube.org/latest/analysis/gitlab-cicd/.

# Project settings.
sonar.projectKey=my-project
sonar.projectName=My project
sonar.projectDescription=My new interesting project.
sonar.links.ci=https://gitlab.com/my-account/my-project/pipelines
sonar.links.issue=https://jira.example.com/projects/MYPROJECT

# Scan settings.
sonar.projectBaseDir=.
# Define the directories that should be scanned. Comma separated.
sonar.sources=./src,./resources,./web
sonar.test.inclusions=**/*Test.php
sonar.php.coverage.reportPaths=./coverage/lcov.info
sonar.php.file.suffixes=php
sonar.sourceEncoding=UTF-8

sonar.exclusions=,**/coverage/**

# Fail…


Testing if using Mutagen improves performance in comparison to NFS volume mounts. Comparing MacOS Docker performance with Linux.

This post is also available on my blog.

TL;DR;
Performance improvement by using Mutagen compared to NFS volume mounts: ~25%. Mutagen causes high CPU usage when using multiple syncs. Development experience not ideal due to delays until files are synced. Issues with intentional mass file changes being prevented by Mutagen safety mechanisms.

TL;DR; when using PHP / Drupal
xDebug increased Drupal response times by about 5–6x. I’ve added an environment variable that allows disabling it on Docker run if I don’t need to debug.

Motivation

I’ve been using Docker for local development for some time now. The performance has been lacking…


Licensed under Creative Commons.

This post is also available on my blog.

Overview

The Symfony translation component allows you to extract translations from your PHP codebase & Twig templates into the translation file format of your liking, for example .po files.

The documentation describes it like this:

The most time-consuming tasks when translating an application is to extract all the template contents to be translated and to keep all the translation files in sync. Symfony includes a command called translation:update that helps you with these tasks.

But what if not all my translations are hardcoded in code or templates, and some - or all …


Composer logo. Licensed under the MIT license.

How packages.drupal.org sets drupal/core version constraints that prevent updating to Drupal 9.

This post is also available on my blog.

I went about to update a Drupal 8 project to Drupal 9. As preparation, I updated all Composer dependencies to their latest major versions and Drupal to the latest version of Drupal 8.

I quickly noticed that a few modules didn’t have a version out that supports Drupal 9 yet. Luckily all of them already had patches ready to fix this. Easy, just apply the patches inside the composer.json’s extra: { patches: { } } block (assuming you’re using the cweagans/composer-patches library). And done. Sadly this does not work. …

Orlando Thöny

PHP Software & DevOps Engineer. Moved to https://thoeny.dev

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store