Update pipeline remove deprecated compose version

{{cookiecutter.project_dirname}}/.gitlab-ci.yml

@@ -62,14 +62,16 @@ variables:
   stage: .pre
   image: docker:20
   services:
-    - docker:20-dind
+    - docker:20-dind{% if cookiecutter.use_vault == "true" %}
+  id_tokens:
+    VAULT_ID_TOKEN:
+      aud: ${VAULT_ADDR}{% endif %}
   script:
     - >
       docker run --rm
       -v ${PWD}:${PWD}
       -w ${PWD}
       -e CI_ENVIRONMENT_NAME{% if cookiecutter.use_vault == "true" %}
-      -e CI_JOB_JWT_V2
       -e ENV_NAME=${CI_ENVIRONMENT_NAME}{% endif %}
       -e PROJECT_DIR=${CI_PROJECT_DIR}
       -e PROJECT_SLUG
@@ -82,6 +84,7 @@ variables:
       -e SENTRY_URL{% if cookiecutter.use_vault == "true" %}
       -e SERVICE_SLUG={{ cookiecutter.service_slug }}
       -e VAULT_ADDR
+      -e VAULT_ID_TOKEN
       -e VAULT_ROLE{% endif %}
       -e VERSION_REF
       --entrypoint=""
@@ -152,7 +155,10 @@ pact-verify-test:
   stage: Pact-verify
   image: docker:20
   services:
-    - docker:20-dind
+    - docker:20-dind{% if cookiecutter.use_vault == "true" %}
+  id_tokens:
+    VAULT_ID_TOKEN:
+      aud: ${VAULT_ADDR}{% endif %}
   needs: []
   variables:
     {{ cookiecutter.service_slug|upper }}_BUILD_TARGET: "test"
@@ -165,7 +171,7 @@ pact-verify-test:
       allow_failure: true
   before_script: &pact-verify-before-script{% if cookiecutter.use_vault == "true" %}
     - >
-      vault_token=$(wget --quiet --post-data="role=pact&jwt=${CI_JOB_JWT_V2}"
+      vault_token=$(wget --quiet --post-data="role=pact&jwt=${VAULT_ID_TOKEN}"
       "${VAULT_ADDR%/}"/v1/auth/gitlab-jwt/login -O - |
       sed -n 's/^.*"client_token":"\([^"]*\)".*$/\1/p')
     - >
@@ -232,19 +238,22 @@ pages:
   image:
     name: docker:20
   services:
-    - docker:20-dind
+    - docker:20-dind{% if cookiecutter.use_vault == "true" %}
+  id_tokens:
+    VAULT_ID_TOKEN:
+      aud: ${VAULT_ADDR}{% endif %}
   script:
     - >
       docker run --rm
       -v ${PWD}:${PWD}
       -w ${PWD}{% if cookiecutter.use_vault == "true" %}
-      -e CI_JOB_JWT_V2
       -e ENV_SLUG{% else %}
       -e PACT_BROKER_BASE_URL
       -e PACT_BROKER_PASSWORD
       -e PACT_BROKER_USERNAME{% endif %}
       -e PROJECT_SLUG{% if cookiecutter.use_vault == "true" %}
-      -e VAULT_ADDR{% endif %}
+      -e VAULT_ADDR
+      -e VAULT_ID_TOKEN{% endif %}
       --entrypoint=""
       pactfoundation/pact-cli:latest-node14 ./scripts/ci_pact.sh ${PACT_CMD}
 
@@ -332,7 +341,10 @@ build_production:
   image:
     name: docker:20
   services:
-    - docker:20-dind
+    - docker:20-dind{% if cookiecutter.use_vault == "true" %}
+  id_tokens:
+    VAULT_ID_TOKEN:
+      aud: ${VAULT_ADDR}{% endif %}
   variables:
     TF_ROOT: ${CI_PROJECT_DIR}/terraform/{{ cookiecutter.deployment_type }}
   before_script:
@@ -345,16 +357,14 @@ build_production:
       -w ${PWD}{% if cookiecutter.terraform_backend == "gitlab" %}
       -e CI_API_V4_URL
       -e CI_COMMIT_SHA
-      -e CI_JOB_ID{% if cookiecutter.use_vault == "true" %}
-      -e CI_JOB_JWT_V2{% endif %}
+      -e CI_JOB_ID
       -e CI_JOB_STAGE
       -e CI_JOB_TOKEN
       -e CI_PROJECT_ID
       -e CI_PROJECT_NAME
       -e CI_PROJECT_NAMESPACE
       -e CI_PROJECT_PATH
-      -e CI_PROJECT_URL{% elif cookiecutter.use_vault == "true" %}
-      -e CI_JOB_JWT_V2{% endif %}
+      -e CI_PROJECT_URL{% endif %}
       -e ENV_SLUG
       -e PROJECT_DIR=${CI_PROJECT_DIR}
       -e PROJECT_SLUG
@@ -380,6 +390,7 @@ build_production:
       -e TF_WORKSPACE="{{ cookiecutter.project_slug }}_backend_environment_${ENV_SLUG}"{% endif %}{% if cookiecutter.terraform_backend == "terraform-cloud" and cookiecutter.use_vault == "false" %}
       -e TFC_TOKEN{% endif %}{% if cookiecutter.use_vault == "true" %}
       -e VAULT_ADDR
+      -e VAULT_ID_TOKEN
       -e VAULT_ROLE
       -e VAULT_SECRETS="digitalocean email k8s s3 {{ cookiecutter.service_slug }}/extra {{ cookiecutter.service_slug }}/sentry"
       -e VAULT_SECRETS_PREFIX="envs/${CI_ENVIRONMENT_NAME}"

{{cookiecutter.project_dirname}}/docker-compose.yaml

@@ -1,5 +1,3 @@
-version: "3.9"
-
 services:
   {{ cookiecutter.service_slug }}:
     build:

{{cookiecutter.project_dirname}}/scripts/ci_pact.sh

@@ -5,7 +5,7 @@ set -e
 if [ "${VAULT_ADDR}" != "" ]; then
   apk update && apk add curl jq
 
-  vault_token=$(curl --silent --request POST --data "role=pact" --data "jwt=${CI_JOB_JWT_V2}" "${VAULT_ADDR%/}"/v1/auth/gitlab-jwt/login | jq -r .auth.client_token)
+  vault_token=$(curl --silent --request POST --data "role=pact" --data "jwt=${VAULT_ID_TOKEN}" "${VAULT_ADDR%/}"/v1/auth/gitlab-jwt/login | jq -r .auth.client_token)
 
   pact_secrets=$(curl --silent --header "X-Vault-Token: ${vault_token}" "${VAULT_ADDR%/}"/v1/"${PROJECT_SLUG}"/pact | jq -r .data)
 

{{cookiecutter.project_dirname}}/scripts/ci_sentry.sh

@@ -9,7 +9,7 @@ git config --global --add safe.directory "${PROJECT_DIR}"
 if [ "${VAULT_ADDR}" != "" ]; then
   apk add curl jq
 
-  vault_token=$(curl --silent --request POST --data "role=${VAULT_ROLE}" --data "jwt=${CI_JOB_JWT_V2}" "${VAULT_ADDR%/}"/v1/auth/gitlab-jwt/login | jq -r .auth.client_token)
+  vault_token=$(curl --silent --request POST --data "role=${VAULT_ROLE}" --data "jwt=${VAULT_ID_TOKEN}" "${VAULT_ADDR%/}"/v1/auth/gitlab-jwt/login | jq -r .auth.client_token)
 
   SENTRY_AUTH_TOKEN=$(curl --silent --header "X-Vault-Token: ${vault_token}" "${VAULT_ADDR%/}"/v1/"${PROJECT_SLUG}"/envs/"${ENV_NAME}"/sentry | jq -r .data.sentry_auth_token)
   SENTRY_DSN=$(curl --silent --header "X-Vault-Token: ${vault_token}" "${VAULT_ADDR%/}"/v1/"${PROJECT_SLUG}"/envs/"${ENV_NAME}"/"${SERVICE_SLUG}"/sentry | jq -r .data.sentry_dsn)

{{cookiecutter.project_dirname}}/scripts/deploy/vault.sh

@@ -2,7 +2,7 @@
 
 set -e
 
-vault_token=$(curl --silent --request POST --data "role=${VAULT_ROLE}" --data "jwt=${CI_JOB_JWT_V2}" "${VAULT_ADDR%/}"/v1/auth/gitlab-jwt/login | jq -r .auth.client_token)
+vault_token=$(curl --silent --request POST --data "role=${VAULT_ROLE}" --data "jwt=${VAULT_ID_TOKEN}" "${VAULT_ADDR%/}"/v1/auth/gitlab-jwt/login | jq -r .auth.client_token)
 
 secrets_data="{}"