238 lines
7.5 KiB
YAML
238 lines
7.5 KiB
YAML
stages:
|
|
- check
|
|
- prepare
|
|
- tests
|
|
- post-test
|
|
- update-cache
|
|
- package
|
|
- image
|
|
- scan-dependencies
|
|
- staging_upload
|
|
- package-and-image-release
|
|
- qa-release
|
|
- validate
|
|
- metrics
|
|
- aws-marketplace-release
|
|
- notification_fail
|
|
- qa
|
|
- verify
|
|
|
|
include:
|
|
- local: '/gitlab-ci-config/workflow-rules.yml'
|
|
- local: '/gitlab-ci-config/dev-gitlab-org.yml'
|
|
- local: '/gitlab-ci-config/gitlab-com.yml'
|
|
rules:
|
|
- if: '$CI_SERVER_HOST == "gitlab.com"'
|
|
|
|
default:
|
|
tags:
|
|
- gitlab-org
|
|
|
|
variables:
|
|
# BUILDER_IMAGE_REGISTRY is set to
|
|
# `dev.gitlab.org:5005/cookbooks/gitlab-omnibus-builder` in the project
|
|
# settings of omnibus-gitlab mirror in dev.gitlab.org so that builds there
|
|
# will use images from that registry and not depend on GitLab.com
|
|
BUILDER_IMAGE_REGISTRY: "registry.gitlab.com/gitlab-org/gitlab-omnibus-builder"
|
|
# To be used for images that exist only on dev.gitlab.org
|
|
DEV_BUILDER_IMAGE_REGISTRY: 'dev.gitlab.org:5005/cookbooks/gitlab-omnibus-builder'
|
|
PUBLIC_BUILDER_IMAGE_REGISTRY: "registry.gitlab.com/gitlab-org/gitlab-omnibus-builder"
|
|
BUILDER_IMAGE_REVISION: "5.12.0"
|
|
# The registry to pull the assets image from
|
|
ASSET_REGISTRY: "${CI_REGISTRY}"
|
|
ASSET_SYNC_EXISTING_REMOTE_FILES: "keep"
|
|
ASSET_SYNC_GZIP_COMPRESSION: "true"
|
|
ASSET_PATH: "assets-${CI_COMMIT_REF_SLUG}"
|
|
COMPILE_ASSETS: "false"
|
|
RUBY_IMAGE: "ruby:3.0"
|
|
BUNDLE_PATH__SYSTEM: "false"
|
|
# Format of the auto-deploy tag for auto-deploy builds.
|
|
# https://gitlab.com/gitlab-org/release/docs/blob/master/general/deploy/auto-deploy.md#auto-deploy-tagging
|
|
AUTO_DEPLOY_TAG_REGEX: '^\d+\.\d+\.\d+\+[^ ]{7,}\.[^ ]{7,}$'
|
|
# Default environment for auto-deploy
|
|
AUTO_DEPLOY_ENVIRONMENT: 'pre'
|
|
OMNIBUS_GITLAB_MIRROR_ID: "14588374"
|
|
DOCS_GITLAB_REPO_SUFFIX: "omnibus"
|
|
CACHE_KEY_SUFFIX: '-v3'
|
|
CACHE_EDITION: "CE"
|
|
CACHE_POLICY: 'pull-push'
|
|
ISSUE_BOT_LABELS_EXTRA: "group::distribution"
|
|
BUNDLER_VERSION: "2.5.9"
|
|
# NOTE: When `NEXT_RUBY_VERSION` is updated, flip
|
|
# `USE_NEXT_RUBY_VERSION_IN_*` variables to false to avoid surprises.
|
|
NEXT_RUBY_VERSION: "3.1.4"
|
|
GET_GEO_TAG: "0.7.4"
|
|
CANONICAL_PROJECT_PATH: 'gitlab-org/omnibus-gitlab'
|
|
SECURITY_PROJECT_PATH: 'gitlab-org/security/omnibus-gitlab'
|
|
DEV_PROJECT_PATH: 'gitlab/omnibus-gitlab'
|
|
QA_PROJECT_PATH: 'gitlab-org/build/omnibus-gitlab-mirror'
|
|
ARM64_RUNNER_TAG: 'arm64'
|
|
PACKAGE_PROMOTION_RUNNER_TAG: 'promotion'
|
|
NIGHTLY_REPO: 'nightly-builds'
|
|
NIGHTLY_FIPS_REPO: 'nightly-fips-builds'
|
|
|
|
.distribution-amd64-tags:
|
|
- distribution-runner
|
|
- amd64
|
|
|
|
.distribution-arm64-tags:
|
|
- distribution-runner
|
|
- ${ARM64_RUNNER_TAG}
|
|
|
|
.distribution-armhf-tags:
|
|
- distribution-runner
|
|
- armhf
|
|
|
|
### For services that need a docker daemon
|
|
.docker_job: &docker_job
|
|
image: "${BUILDER_IMAGE_REGISTRY}/distribution_ci_tools:${BUILDER_IMAGE_REVISION}"
|
|
variables:
|
|
DOCKER_DRIVER: overlay2
|
|
DOCKER_HOST: tcp://docker:2375
|
|
services:
|
|
- name: docker:23.0.5-dind
|
|
alias: localhost
|
|
tags:
|
|
- gitlab-org-docker
|
|
|
|
.gems-cache:
|
|
cache:
|
|
key: "gems-cache-${BUILDER_IMAGE_REVISION}${CACHE_KEY_SUFFIX}"
|
|
paths:
|
|
- gems
|
|
policy: pull
|
|
|
|
.gems-cache-os-dependent:
|
|
cache:
|
|
key: "gems-cache-${CI_JOB_IMAGE}${CACHE_KEY_SUFFIX}"
|
|
paths:
|
|
- gems
|
|
|
|
.build-package: &build-package
|
|
- bundle exec rake cache:populate
|
|
- bundle exec rake cache:restore
|
|
- bundle exec rake build:project
|
|
- bundle exec rake build:package:sync
|
|
- bundle exec rake cache:bundle
|
|
- bundle exec rake build:component_shas
|
|
|
|
before_script:
|
|
- echo "PIPELINE_TYPE detected as ${PIPELINE_TYPE}"
|
|
# Exit early if building on an OS for which we don't provide the specified
|
|
# package edition (CE/EE). For child pipelines from
|
|
# TRIGGERED_(CE|EE)_PIPELINE, we don't want exit early, but try to build
|
|
# everything.
|
|
- if [[ "${CI_PIPELINE_SOURCE}" != "parent_pipeline" ]]; then
|
|
export CE_ONLY=(Raspberry);
|
|
export EE_ONLY=(SLES RAT);
|
|
for job in "${CE_ONLY[@]}"; do
|
|
if [[ "${CI_JOB_NAME}" =~ ${job} ]]; then
|
|
if ./support/is_gitlab_ee.sh; then
|
|
echo "EE build found. ${CI_JOB_NAME} is run only on CE builds";
|
|
exit 0 ;
|
|
fi;
|
|
fi;
|
|
done;
|
|
for job in "${EE_ONLY[@]}"; do
|
|
if [[ "${CI_JOB_NAME}" =~ ${job} ]]; then
|
|
if ! ./support/is_gitlab_ee.sh; then
|
|
echo "CE build found. ${CI_JOB_NAME} is run only on EE builds";
|
|
exit 0 ;
|
|
fi;
|
|
fi;
|
|
done
|
|
fi
|
|
- echo $NIGHTLY
|
|
- mkdir -p ~/.ssh
|
|
- mkdir -p ~/.aws
|
|
- mkdir -p cache
|
|
- if [ -n "$DEV_GITLAB_SSH_KEY" ]; then
|
|
echo "$DEV_GITLAB_SSH_KEY" > ~/.ssh/id_rsa;
|
|
cp support/known_hosts ~/.ssh/known_hosts;
|
|
chmod -R 0600 ~/.ssh/;
|
|
fi
|
|
- bash scripts/ci/prepare_bundle.sh
|
|
- if [ -n "$NIGHTLY" ]; then
|
|
export STAGING_REPO=${NIGHTLY_REPO};
|
|
export FIPS_STAGING_REPO=${NIGHTLY_FIPS_REPO};
|
|
fi
|
|
|
|
fetch-assets:
|
|
extends: .docker_job
|
|
stage: prepare
|
|
timeout: 1 hour
|
|
before_script: []
|
|
script:
|
|
- export VERSION=${GITLAB_ASSETS_TAG-${GITLAB_REF_SLUG-$(ruby -I. -e 'require "lib/gitlab/version"; puts Gitlab::Version.new("gitlab-rails").print')}}
|
|
- support/fetch_assets "${VERSION}"
|
|
artifacts:
|
|
paths:
|
|
- ${ASSET_PATH}
|
|
rules:
|
|
- if: '$COMPILE_ASSETS == "true"'
|
|
when: never
|
|
# NOTE (rspeicher): Checking `$AUTO_DEPLOY_COMPILE_ASSETS` as a feature flag
|
|
# See https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5805
|
|
- if: '$AUTO_DEPLOY_COMPILE_ASSETS && $PIPELINE_TYPE =~ /AUTO_DEPLOY_BUILD_PIPELINE$/'
|
|
when: never
|
|
# Run on all pipelines including a package build (except auto-deploy tag
|
|
# covered above)
|
|
- if: '$PIPELINE_TYPE =~ /_BUILD_PIPELINE$/'
|
|
- if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/'
|
|
- if: '$PIPELINE_TYPE == "TRIGGER_CACHE_UPDATE_PIPELINE"'
|
|
- if: '$PIPELINE_TYPE == "DURATION_PLOTTER_PIPELINE"'
|
|
retry: 2
|
|
|
|
generate-facts:
|
|
extends: .gems-cache
|
|
stage: prepare
|
|
image: "${BUILDER_IMAGE_REGISTRY}/distribution_ci_tools:${BUILDER_IMAGE_REVISION}"
|
|
script:
|
|
- mkdir -p build_facts
|
|
- bundle exec omnibus manifest gitlab -l nothing > build_facts/version-manifest.json
|
|
- bundle exec rake build:generate_facts
|
|
artifacts:
|
|
paths:
|
|
- build_facts
|
|
reports:
|
|
dotenv: build_facts/env_vars
|
|
rules:
|
|
- if: '$PIPELINE_TYPE =~ /_BUILD_PIPELINE$/'
|
|
- if: '$PIPELINE_TYPE == "TRIGGER_CACHE_UPDATE_PIPELINE"'
|
|
- if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/'
|
|
- if: '$PIPELINE_TYPE == "GITLAB_MR_PIPELINE"'
|
|
- if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/'
|
|
- if: '$PIPELINE_TYPE == "DEPS_IO_VERSION_BUMP_PIPELINE"'
|
|
- if: '$PIPELINE_TYPE == "DEPENDENCY_SCANNING_PIPELINE"'
|
|
- if: '$PIPELINE_TYPE == "FORK_MR_PIPELINE"'
|
|
- when: never
|
|
needs: []
|
|
retry: 2
|
|
|
|
.notify:
|
|
before_script:
|
|
- apk add --no-cache curl
|
|
image: "alpine"
|
|
stage: notification_fail
|
|
|
|
notify:slack-fail:scheduled-master:
|
|
extends:
|
|
- .notify
|
|
script:
|
|
- ./support/notify_slack.sh "#qa-master" "☠️ Scheduled omnibus-build against master failed! ☠️ See $CI_PIPELINE_URL (triggered from $TOP_UPSTREAM_SOURCE_JOB)"
|
|
rules:
|
|
- if: '$TOP_UPSTREAM_SOURCE_JOB == null || $TOP_UPSTREAM_SOURCE_REF != "master"'
|
|
when: never
|
|
- if: '$PIPELINE_TYPE == "TRIGGERED_EE_PIPELINE"'
|
|
when: on_failure
|
|
|
|
issue-bot:
|
|
stage: notification_fail
|
|
image: registry.gitlab.com/gitlab-org/distribution/issue-bot:latest
|
|
script: /issue-bot
|
|
rules:
|
|
- if: '$CI_COMMIT_REF_NAME != $CI_DEFAULT_BRANCH'
|
|
when: never
|
|
- if: '$PIPELINE_TYPE == "PROTECTED_TEST_PIPELINE"'
|
|
when: on_failure
|