6.9 KiB
Perform an audit of a GitLab server
In this lab, you will use the audit command to get a high-level view of all pipelines in a GitLab server.
The audit command operates by fetching all of the pipelines defined in a GitLab server, converting each to their equivalent GitHub Actions workflow, and writing a report that summarizes how complete and complex of a migration is possible with Valet.
Prerequisites
- Followed the steps here to set up your Codespace environment and start a GitLab server.
- Completed the configure lab.
Perform an audit
We will be performing an audit against your preconfigured GitLab server. We will need to answer the following questions before running this command:
-
What namespace (e.g. group) do we want to audit?
- valet. In this example we will be auditing the
valetgroup. In the future, you could add additional groups and subgroups to the audit command.
- valet. In this example we will be auditing the
-
Where do we want to store the result?
- ./tmp/audit. This can be any path within the working directory that Valet commands are executed from.
Steps
-
Navigate to the codespace terminal.
-
Run the following command from the root directory:
gh valet audit gitlab --output-dir tmp/audit --namespace valet -
The command will list all the files written to disk in green when the command succeeds.
Inspect the output files
- Find the
audit_summary.mdfile in the file explorer. - Right-click the
audit_summary.mdfile and selectOpen Preview. - This file contains details that summarizes what percentage of your pipelines were converted automatically.
Review audit summary
Pipelines
The pipeline summary section contains high level statistics regarding the conversion rate done by Valet:
## Pipelines
Total: **11**
- Successful: **10 (90%)**
- Partially successful: **0 (0%)**
- Unsupported: **1 (9%)**
- Failed: **0 (0%)**
### Job types
Supported: **10 (90%)**
- YAML: **10**
Unsupported: **1 (9%)**
- Auto DevOps: **1**
Here are some key terms in the “Pipelines” section in the above example:
- Successful pipelines had 100% of the pipeline constructs and individual items converted automatically to their GitHub Actions equivalent.
- Partially successful pipelines had all of the pipeline constructs converted, however, there were some "Auto DevOps" pipelines.
- Failed pipelines encountered a fatal error when being converted. This can occur for one of three reasons:
- The pipeline was misconfigured and not valid in GitLab.
- Valet encountered an internal error when converting it.
- There was an unsuccessful network response, often due to invalid credentials, that caused the pipeline to be inaccessible.
The "Job types" section will summarize which types of pipelines are being used and which are supported or unsupported by Valet.
Build steps
The build steps summary section presents an overview of the individual build steps that are used across all pipelines and how many were automatically converted by Valet.
### Build steps
Total: **134**
Known: **133 (99%)**
- script: **62**
- checkout: **35**
- before_script: **19**
- artifacts: **5**
- after_script: **4**
- dependencies: **4**
- cache: **3**
- pages: **1**
Unsupported: **1 (0%)**
- artifacts.terraform: **1**
Actions: **135**
- run: **85**
- actions/checkout@v2: **35**
- actions/upload-artifact@v2: **5**
- actions/download-artifact@v2: **4**
- actions/cache@v2: **3**
- ./.github/workflows/a-.gitlab-ci.yml: **1**
- ./.github/workflows/b-.gitlab-ci.yml: **1**
- JamesIves/github-pages-deploy-action@4.1.5: **1**
Here are some key terms in the "Build steps" section in the above example:
- A known build step is a step that was automatically converted to an equivalent action.
- An unknown build step is a step that was not automatically converted to an equivalent action.
- An unsupported build step is a step that is either:
- A step that is fundamentally not supported by GitHub Actions.
- A step that is configured in a way that is incompatible with GitHub Actions.
- An action is a list of the actions that were used in the converted workflows. This is important for the following scenarios:
- Gathering the list of actions to sync to your appliance if you use GitHub Enterprise Server.
- Defining an organization-level allowlist of actions that can be used. This list of actions is a comprehensive list of which actions their security and/or compliance teams will need to review.
There is an equivalent breakdown of build triggers, environment variables, and other uncategorized items displayed in the audit summary file.
Manual Tasks
The manual tasks summary section presents an overview of the manual tasks that you will need to perform that Valet is not able to complete automatically.
### Manual tasks
Total: **1**
Secrets: **1**
- `${{ secrets.PASSWORD }}`: **1**
Here are some key terms in the “Manual tasks” section in the above example:
- A secret refers to a repository or organization level secret that is used by the converted pipelines. These secrets will need to be created manually in Actions in order for these pipelines to function properly.
- A self-hosted runner refers to a label of a runner that is referenced by a converted pipeline that is not a GitHub-hosted runner. You will need to manually define these runners in order for these pipelines to function properly.
Files
The final section of the audit report provides a manifest of all of the files that are written to disk during the audit. These files include:
### Successful
#### valet/included-files-example
- [valet/included-files-example.yml](valet/included-files-example.yml)
- [valet/included-files-example.config.json](valet/included-files-example.config.json)
- [valet/included-files-example.source.yml](valet/included-files-example.source.yml)
#### valet/terraform-example
- [valet/terraform-example.yml](valet/terraform-example.yml)
- [valet/terraform-example.config.json](valet/terraform-example.config.json)
- [valet/terraform-example.source.yml](valet/terraform-example.source.yml)
#### valet/child-parent-example
- [valet/child-parent-example.yml](valet/child-parent-example.yml)
- [.github/workflows/a-.gitlab-ci.yml](.github/workflows/a-.gitlab-ci.yml)
- [.github/workflows/b-.gitlab-ci.yml](.github/workflows/b-.gitlab-ci.yml)
- [valet/child-parent-example.config.json](valet/child-parent-example.config.json)
- [valet/child-parent-example.source.yml](valet/child-parent-example.source.yml)
Each pipeline will have a variety of files written that include:
- The original pipeline as it was defined in GitLab.
- Any network responses used to convert a pipeline.
- The converted workflow.
- Stack traces that can used to troubleshoot a failed pipeline conversion