Maniphest T337474

Replace deprecated `CI_JOB_JWT` CI variable in Kokkuri
Open, In Progress, Needs TriagePublic
Actions

Assigned To

Authored By

	jnuche
	Thu, May 25, 12:40 PM

Tags

Referenced Files

None

Subscribers

Description

The variable is deprecated and scheduled for removal in GitLab 16. Replaced by the id_tokens mechanism.

Our GitLab instance's version is currently 15.9.8. ~~Kokkuri will need to be updated before we can upgrade to 16.0.1 or later.~~ GitLab page I referenced above was recently updated. It now mentions 16.5 as the version where the variable will be removed. Full details.

Details

	Reference	Source Branch	Dest Branch	Author	Title
	repos/releng/jwt-authorizer!10	jwt-audience	main	jnuche	check additional audience claim in tokens
	repos/releng/kokkuri!73	jwt-deprecated	main	jnuche	jwt: replace deprecated `CI_JOB_JWT` variable with an ID token

Customize query in GitLab

Event Timeline

jnuche created this task.Thu, May 25, 12:40 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptThu, May 25, 12:40 PM

jnuche claimed this task.Thu, May 25, 12:41 PM

jnuche added a project: Release-Engineering-Team (They Live 🕶️🧟).

jnuche updated the task description. (Show Details)Thu, May 25, 2:33 PM

dancy added a subscriber: dancy.Thu, May 25, 3:32 PM

jnuche changed the task status from Open to In Progress.Fri, May 26, 9:50 AM

jnuche moved this task from Backlog to In progress on the Release-Engineering-Team (They Live 🕶️🧟) board.

@brennen I updated the description. It seems this won't prevent us from upgrading to GitLab 16 after all.

jnuche opened https://gitlab.wikimedia.org/repos/releng/kokkuri/-/merge_requests/73

jwt: replace deprecated CI_JOB_JWT variable with an ID token

CodeReviewBot added a project: Patch-For-Review.Tue, May 30, 12:12 PM

jnuche opened https://gitlab.wikimedia.org/repos/releng/jwt-authorizer/-/merge_requests/10

check additional audience claim in tokens