gitlab
/
omnibus-gitlab
mirror of https://gitlab.com/gitlab-org/omnibus-gitlab.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
omnibus-gitlab/gitlab-ci-config/gitlab-com.yml

714 lines
23 KiB
YAML
Raw Permalink Blame History

# This config lists the jobs that will be run on omnibus-gitlab project in
# gitlab.com.
#############
# Templates #
#############
.knapsack-artifacts: &knapsack-artifacts
expire_in: 31d
paths:
- knapsack/
.knapsack-state:
services: []
cache:
key: "knapsack${CACHE_KEY_SUFFIX}"
paths:
- knapsack/
artifacts: !reference [.knapsack-artifacts]
.knapsack: &prepare_knapsack
extends: .knapsack-state
stage: prepare
before_script: []
script:
- JOB_NAME=( $CI_JOB_NAME )
- export DISTRO_NAME=${JOB_NAME[0]}
- export DISTRO_VERSION=${JOB_NAME[1]}
- mkdir -p knapsack/
- '[[ -f knapsack/${DISTRO_NAME}_${DISTRO_VERSION}_main_rspec_report.json ]] || echo "{}" > knapsack/${DISTRO_NAME}_${DISTRO_VERSION}_main_rspec_report.json'
rules:
- if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/'
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
retry: 1
needs:
- rubocop
.install-gems: &install-gems
- gem install bundler:${BUNDLER_VERSION}
- bundle config build.ffi --disable-system-libffi
- bundle config set --local path 'gems'
- bundle config set --local frozen 'true'
- bundle install -j $(nproc)
- bundle binstubs --all
.spec_template: &spec_template
extends: .gems-cache-os-dependent
stage: tests
before_script:
# These jobs will not be run on dev, so we set ALTERNATIVE_SOURCES to true
# so tests run fine on forks
- export ALTERNATIVE_SOURCES="true";
- !reference [.install-gems]
retry: 1
script:
- bundle exec rspec spec/lib
artifacts:
reports: &spec_reports
junit: junit_rspec.xml
rules:
- if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/'
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
.chef_spec_template:
extends: .spec_template
variables:
KNAPSACK_TEST_FILE_PATTERN: "spec/chef/**{,/*/**}/*_spec.rb"
script:
- JOB_NAME=( $CI_JOB_NAME )
- export DISTRO_NAME=${JOB_NAME[0]}
- export DISTRO_VERSION=${JOB_NAME[1]}
- export KNAPSACK_REPORT_PATH=knapsack/${DISTRO_NAME}_${DISTRO_VERSION}_rspec_node_${CI_NODE_INDEX}_${CI_NODE_TOTAL}_report.json
- export KNAPSACK_GENERATE_REPORT=true
- export USE_KNAPSACK=true
# To prevent current OS providing empty/old reports of other OSs as an
# artifact. If not, they may overwrite the valid/new reports from those
# corresponding OSs. So, removing everything except current OS's report.
- cp knapsack/${DISTRO_NAME}_${DISTRO_VERSION}_main_rspec_report.json ${KNAPSACK_REPORT_PATH}.bak
- rm -f knapsack/*.json
- mv ${KNAPSACK_REPORT_PATH}.bak ${KNAPSACK_REPORT_PATH}
- bundle exec rake knapsack:rspec
artifacts:
# Since this is not an array, we can't use `!reference` tags. Hence using
# yaml anchors.
<<: *knapsack-artifacts
reports:
junit: junit_rspec.xml
.base-trigger-job-variables:
# In trigger jobs, we don't want to pollute cache
CACHE_POLICY: 'pull'
ALTERNATIVE_SOURCES: 'true'
SECURITY_SOURCES: ${SECURITY_SOURCES}
BUILDER_IMAGE_REVISION: ${BUILDER_IMAGE_REVISION}
BUILDER_IMAGE_REGISTRY: ${BUILDER_IMAGE_REGISTRY}
PUBLIC_BUILDER_IMAGE_REGISTRY: ${PUBLIC_BUILDER_IMAGE_REGISTRY}
DEV_BUILDER_IMAGE_REGISTRY: ${DEV_BUILDER_IMAGE_REGISTRY}
COMPILE_ASSETS: ${COMPILE_ASSETS}
GITLAB_VERSION: ${GITLAB_VERSION}
GITLAB_SHELL_VERSION: ${GITLAB_SHELL_VERSION}
GITLAB_PAGES_VERSION: ${GITLAB_PAGES_VERSION}
GITALY_SERVER_VERSION: ${GITALY_SERVER_VERSION}
GITLAB_ELASTICSEARCH_INDEXER_VERSION: ${GITLAB_ELASTICSEARCH_INDEXER_VERSION}
GITLAB_KAS_VERSION: ${GITLAB_KAS_VERSION}
TOP_UPSTREAM_SOURCE_PROJECT: ${TOP_UPSTREAM_SOURCE_PROJECT}
TOP_UPSTREAM_SOURCE_JOB: ${TOP_UPSTREAM_SOURCE_JOB}
TOP_UPSTREAM_SOURCE_SHA: ${TOP_UPSTREAM_SOURCE_SHA}
TOP_UPSTREAM_SOURCE_REF: ${TOP_UPSTREAM_SOURCE_REF}
.ce-trigger-job-variables:
extends: .base-trigger-job-variables
PIPELINE_TYPE: "TRIGGERED_CE_PIPELINE"
CACHE_EDITION: "CE"
.ee-trigger-job-variables:
extends: .base-trigger-job-variables
PIPELINE_TYPE: "TRIGGERED_EE_PIPELINE"
CACHE_EDITION: "EE"
ee: "true"
.ce-trigger-job:
stage: qa
trigger:
include: '.gitlab-ci.yml'
strategy: depend
needs:
- job: generate-facts
artifacts: true
allow_failure: true
rules:
- if: '$PIPELINE_TYPE =~ /_BRANCH_TEST_PIPELINE$/'
when: manual
variables: !reference [.ce-trigger-job-variables]
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
when: manual
variables: !reference [.ce-trigger-job-variables]
.review-docs:
image: "${RUBY_IMAGE}-alpine"
stage: post-test
cache: {}
needs: []
before_script:
- gem install gitlab --no-doc
# We need to download the script rather than clone the repo since the
# review-docs-cleanup job will not be able to run when the branch gets
# deleted (when merging the MR).
- apk add --update openssl
- wget https://gitlab.com/gitlab-org/gitlab/-/raw/master/scripts/trigger-build.rb
- chmod 755 trigger-build.rb
variables:
GIT_STRATEGY: none
DOCS_REVIEW_APPS_DOMAIN: docs.gitlab-review.app
# By default, deploy the Review App using the `main` branch of the `gitlab-org/gitlab-docs` project
DOCS_BRANCH: main
allow_failure: true
rules:
- if: '$PIPELINE_TYPE == "GITLAB_BRANCH_TEST_PIPELINE"'
when: manual
- if: '$PIPELINE_TYPE == "GITLAB_MR_PIPELINE"'
when: manual
- if: '$PIPELINE_TYPE == "DOCS_PIPELINE"'
when: manual
.qa-template:
variables:
QA_RUN_ALL_TESTS: "false"
RELEASE: $QA_RELEASE
QA_IMAGE: $QA_IMAGE
GITLAB_SEMVER_VERSION: $GITLAB_SEMVER_VERSION # latest semver gitlab version used for testing upgrade paths
SKIP_OMNIBUS_TRIGGER: "true"
GITLAB_AUTH_TOKEN: $DANGER_GITLAB_API_TOKEN
ALLURE_MERGE_REQUEST_IID: $CI_MERGE_REQUEST_IID
inherit:
variables: false
trigger:
strategy: depend
forward:
yaml_variables: true
pipeline_variables: true
include:
- project: gitlab-org/gitlab
ref: master
file: .gitlab/ci/package-and-test/main.gitlab-ci.yml
#####################
# Cache update jobs #
#####################
update-gems-cache:
extends: .gems-cache
stage: update-cache
image: "${BUILDER_IMAGE_REGISTRY}/distribution_ci_tools:${BUILDER_IMAGE_REVISION}"
before_script: !reference [.install-gems]
script:
- echo "Cache is up to date!"
cache:
policy: push # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up.
rules:
- if: '$PIPELINE_TYPE == "CACHE_UPDATE_PIPELINE"'
# We need to populate the cache for jobs with the `gitlab-org-docker` tag. Ideally, we wouldn't need this if
# we'd use Kaniko to build the Docker images, allowing to use the `gitlab-org` tag instead of the `gitlab-org-docker` tag.
update-gems-cache-for-docker-jobs:
extends:
- update-gems-cache
- .docker_job
###########################
# Branch pipeline #
###########################
Trigger:ce-package:
extends: .ce-trigger-job
Trigger:ee-package:
extends: .ce-trigger-job
rules:
- if: '$PIPELINE_TYPE =~ /_BRANCH_TEST_PIPELINE$/'
when: manual
variables: !reference [.ee-trigger-job-variables]
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
when: manual
variables: !reference [.ee-trigger-job-variables]
- if: '$PIPELINE_TYPE == "DEPS_IO_VERSION_BUMP_PIPELINE"'
variables: !reference [.ee-trigger-job-variables]
rubocop:
extends: .gems-cache
stage: check
image: "${RUBY_IMAGE}"
before_script: !reference [.install-gems]
script:
- bundle exec rubocop --parallel
rules:
- if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/'
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
needs: []
# Perform content linting on documentation Markdown files
docs-lint content:
image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.19-vale-3.4.1-markdownlint2-0.13.0-lychee-0.14.3
stage: check
cache: {}
needs: []
before_script: []
script:
# Lint prose
- vale --minAlertLevel error doc
rules:
- if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/'
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
- if: '$PIPELINE_TYPE == "DOCS_PIPELINE"'
# Perform linting on documentation Markdown files
docs-lint markdown:
image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.19-vale-3.4.1-markdownlint2-0.13.0-lychee-0.14.3
stage: check
cache: {}
needs: []
before_script: []
script:
# Lint Markdown
- markdownlint-cli2 'doc/**/*.md'
rules:
- if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/'
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
- if: '$PIPELINE_TYPE == "DOCS_PIPELINE"'
# Perform link checking on documentation Markdown files
docs-lint links:
image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.19-vale-3.4.1-markdownlint2-0.13.0-lychee-0.14.3
stage: check
cache: {}
needs: []
before_script: []
script:
# Check Markdown links
- lychee --offline --include-fragments doc/**/*.md
rules:
- if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/'
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
- if: '$PIPELINE_TYPE == "DOCS_PIPELINE"'
yard:
extends: .gems-cache
image: "${RUBY_IMAGE}"
stage: check
needs: []
before_script:
# These jobs will not be run on dev, so we set ALTERNATIVE_SOURCES to true
# so tests run fine on forks
- export ALTERNATIVE_SOURCES="true";
- !reference [.install-gems]
script:
- bundle exec yardoc
rules:
- if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/'
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
- if: '$PIPELINE_TYPE == "LICENSE_PAGE_UPDATE_PIPELINE"'
artifacts:
expire_in: 1 week
paths:
- yard/*
# Trigger a docs build in gitlab-docs
# Useful to preview the docs changes live
# https://docs.gitlab.com/ee/development/documentation/index.html#previewing-the-changes-live
review-docs-deploy:
extends:
- .review-docs
environment:
name: review-docs/mr-${CI_MERGE_REQUEST_IID}
# DOCS_REVIEW_APPS_DOMAIN and DOCS_GITLAB_REPO_SUFFIX are CI variables
# Discussion: https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/14236/diffs#note_40140693
auto_stop_in: 2 weeks
url: https://${DOCS_BRANCH}-${DOCS_GITLAB_REPO_SUFFIX}-${CI_MERGE_REQUEST_IID}.${DOCS_REVIEW_APPS_DOMAIN}/${DOCS_GITLAB_REPO_SUFFIX}
on_stop: review-docs-cleanup
script:
- ./trigger-build.rb docs deploy
# Cleanup remote environment of gitlab-docs
review-docs-cleanup:
extends:
- .review-docs
environment:
name: review-docs/mr-${CI_MERGE_REQUEST_IID}
action: stop
script:
- ./trigger-build.rb docs cleanup
include:
- project: 'gitlab-org/quality/pipeline-common'
file:
- '/ci/danger-review.yml'
danger-review:
stage: check
variables:
BUNDLE_WITH: "danger"
rules:
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
- if: '$PIPELINE_TYPE == "DOCS_PIPELINE"'
Centos 7 knapsack: !reference [.knapsack]
AlmaLinux 8 knapsack: !reference [.knapsack]
AlmaLinux 9 knapsack: !reference [.knapsack]
Debian 10 knapsack: !reference [.knapsack]
Debian 11 knapsack: !reference [.knapsack]
Debian 12 knapsack: !reference [.knapsack]
OpenSUSE 15.5 knapsack: !reference [.knapsack]
Ubuntu 20.04 knapsack: !reference [.knapsack]
Ubuntu 22.04 knapsack: !reference [.knapsack]
AmazonLinux 2 knapsack: !reference [.knapsack]
AmazonLinux 2023 knapsack: !reference [.knapsack]
build library specs:
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/ubuntu_20.04-ruby:${BUILDER_IMAGE_REVISION}"
extends: .spec_template
needs:
- rubocop
coverage: '/\(\d+.\d+\%\) covered/'
artifacts:
reports:
# Since this is not an array, we can't use `!reference` tags. Hence using
# yaml anchors.
<<: *spec_reports
coverage_report:
coverage_format: cobertura
path: coverage/coverage.xml
Ubuntu 20.04 specs :
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/ubuntu_20.04-ruby:${BUILDER_IMAGE_REVISION}"
extends: .chef_spec_template
parallel: 6
needs:
- Ubuntu 20.04 knapsack
Ubuntu 22.04 specs:
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/ubuntu_22.04-ruby:${BUILDER_IMAGE_REVISION}"
extends: .chef_spec_template
parallel: 6
needs:
- Ubuntu 22.04 knapsack
Debian 10 specs :
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/debian_10-ruby:${BUILDER_IMAGE_REVISION}"
extends: .chef_spec_template
parallel: 6
needs:
- Debian 10 knapsack
Debian 11 specs :
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/debian_11-ruby:${BUILDER_IMAGE_REVISION}"
extends: .chef_spec_template
parallel: 6
needs:
- Debian 11 knapsack
Debian 12 specs :
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/debian_12-ruby:${BUILDER_IMAGE_REVISION}"
extends: .chef_spec_template
parallel: 6
needs:
- Debian 12 knapsack
Centos 7 specs :
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/centos_7-ruby:${BUILDER_IMAGE_REVISION}"
extends: .chef_spec_template
parallel: 6
needs:
- Centos 7 knapsack
AlmaLinux 8 specs :
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/almalinux_8-ruby:${BUILDER_IMAGE_REVISION}"
extends: .chef_spec_template
parallel: 6
needs:
- AlmaLinux 8 knapsack
AlmaLinux 9 specs :
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/almalinux_9-ruby:${BUILDER_IMAGE_REVISION}"
extends: .chef_spec_template
parallel: 6
needs:
- AlmaLinux 9 knapsack
OpenSUSE 15.5 specs :
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/opensuse_15.5-ruby:${BUILDER_IMAGE_REVISION}"
extends: .chef_spec_template
parallel: 6
needs:
- OpenSUSE 15.5 knapsack
AmazonLinux 2 specs :
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/amazonlinux_2-ruby:${BUILDER_IMAGE_REVISION}"
extends: .chef_spec_template
parallel: 6
needs:
- AmazonLinux 2 knapsack
AmazonLinux 2023 specs :
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/amazonlinux_2023-ruby:${BUILDER_IMAGE_REVISION}"
extends: .chef_spec_template
parallel: 6
needs:
- AmazonLinux 2023 knapsack
update-knapsack:
extends: .knapsack-state
image: "${RUBY_IMAGE}"
stage: post-test
before_script: []
script:
- support/merge-reports knapsack
- rm -f knapsack/*node*
rules:
- if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/'
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
retry: 1
############################
# Trigger Pipeline #
############################
package_size_check:
extends: .gems-cache
image: "${BUILDER_IMAGE_REGISTRY}/ubuntu_22.04:${BUILDER_IMAGE_REVISION}"
stage: qa
script:
- bundle exec rake build:package:generate_sizefile
- bundle exec rake check:package_size
needs:
- job: Ubuntu-22.04-branch
artifacts: false
rules:
- if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/'
qa-subset-test:
extends:
- .qa-template
stage: qa
variables:
QA_OMNIBUS_MR_TESTS: "only-smoke"
QA_RUN_TYPE: ${CI_JOB_NAME}
QA_SUITES: "QA::Scenario::Test::Integration::GitalyCluster,QA::Scenario::Test::Integration::InstanceSAML,QA::Scenario::Test::Integration::LDAPNoServer,QA::Scenario::Test::Integration::LDAPNoTLS,QA::Scenario::Test::Integration::LDAPTLS,QA::Scenario::Test::Integration::Mattermost,QA::Scenario::Test::Integration::Mtls,QA::Scenario::Test::Integration::ObjectStorageGcs,QA::Scenario::Test::Integration::RegistryTLS,QA::Scenario::Test::Integration::RegistryWithCDN,QA::Scenario::Test::Integration::SMTP,QA::Scenario::Test::Integration::Registry,QA::Scenario::Test::Instance::ObjectStorage,QA::Scenario::Test::Instance::RepositoryStorage,QA::Scenario::Test::Instance::GitlabPages,QA::Scenario::Test::Instance::Metrics,QA::EE::Scenario::Test::Integration::GroupSAML,QA::Scenario::Test::Instance::Smoke"
rules:
- if: '$SKIP_QA_TEST == "true"'
when: never
- if: '$PIPELINE_TYPE =~ /TRIGGERED_CE_PIPELINE/ && $MANUAL_QA_TEST == "true"'
when: manual
allow_failure: true
variables:
FOSS_ONLY: "1"
- if: '$PIPELINE_TYPE =~ /TRIGGERED_CE_PIPELINE/'
variables:
FOSS_ONLY: "1"
- if: '$PIPELINE_TYPE =~ /TRIGGERED_EE_PIPELINE/ && $MANUAL_QA_TEST == "true"'
when: manual
allow_failure: true
- if: '$PIPELINE_TYPE =~ /TRIGGERED_EE_PIPELINE/'
needs:
- job: generate-facts
artifacts: true
- job: Ubuntu-22.04-branch
artifacts: false
- job: Docker-branch
optional: true
artifacts: false
qa-remaining-test-manual:
extends:
- .qa-template
stage: qa
variables:
QA_RUN_TYPE: ${CI_JOB_NAME}
QA_OMNIBUS_MR_TESTS: "except-smoke"
QA_SUITES: "QA::EE::Scenario::Test::Integration::Elasticsearch,QA::Scenario::Test::Integration::Import,QA::Scenario::Test::Integration::Integrations,QA::Scenario::Test::Integration::OAuth,QA::Scenario::Test::Integration::Jira,QA::Scenario::Test::Integration::ServicePingDisabled,QA::Scenario::Test::Instance::LargeSetup,QA::Scenario::Test::Instance::CloudActivation"
rules:
- if: '$SKIP_QA_TEST == "true"'
when: never
- if: '$PIPELINE_TYPE =~ /TRIGGERED_CE_PIPELINE/'
when: manual
allow_failure: true
variables:
FOSS_ONLY: "1"
- if: '$PIPELINE_TYPE =~ /TRIGGERED_EE_PIPELINE/'
when: manual
allow_failure: true
needs:
- job: generate-facts
artifacts: true
- job: Ubuntu-22.04-branch
artifacts: false
- job: Docker-branch
optional: true
artifacts: false
letsencrypt-test:
extends: .docker_job
stage: qa
script:
- echo "${CI_REGISTRY_PASSWORD}" | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
- curl -L "https://github.com/docker/compose/releases/download/1.29.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
- chmod +x /usr/local/bin/docker-compose
- bundle exec rake qa:test_letsencrypt
rules:
- if: '$TOP_UPSTREAM_SOURCE_PROJECT == "gitlab-org/gitlab"'
when: never
- if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/'
needs:
- job: Docker-branch
artifacts: false
RAT:
stage: qa
variables:
PACKAGE_URL: ${RAT_PACKAGE_URL}
REFERENCE_ARCHITECTURE: ${RAT_REFERENCE_ARCHITECTURE}
QA_IMAGE: ${QA_IMAGE}
trigger:
project: 'gitlab-org/distribution/reference-architecture-tester'
branch: 'master'
strategy: depend
forward:
pipeline_variables: false
yaml_variables: true
rules:
- if: '$PIPELINE_TYPE == "TRIGGERED_EE_PIPELINE"'
when: manual
allow_failure: true
- if: '$PIPELINE_TYPE == "EE_NIGHTLY_BUILD_PIPELINE"'
allow_failure: true
needs:
- job: Ubuntu-22.04-branch
artifacts: false
- job: generate-facts
artifacts: true
RAT:FIPS:
extends: RAT
variables:
PACKAGE_URL: ${RAT_FIPS_PACKAGE_URL}
REFERENCE_ARCHITECTURE: ${RAT_FIPS_REFERENCE_ARCHITECTURE}
needs:
- job: Ubuntu-20.04-fips-branch
artifacts: false
- job: generate-facts
artifacts: true
GET:Geo:
stage: qa
variables:
ENVIRONMENT_ACTION: 'tmp-env'
QA_IMAGE: ${QA_IMAGE}
GITLAB_DEB_DOWNLOAD_URL: ${RAT_PACKAGE_URL}
trigger:
project: 'gitlab-org/geo-team/geo-ci'
branch: $GET_GEO_TAG
strategy: depend
forward:
pipeline_variables: false
yaml_variables: true
rules:
- if: '$PIPELINE_TYPE == "TRIGGERED_EE_PIPELINE"'
when: manual
allow_failure: true
needs:
- job: Ubuntu-22.04-branch
artifacts: false
- job: generate-facts
artifacts: true
dependency_scanning:
image: "registry.gitlab.com/gitlab-org/security-products/gitlab-depscan:2.4"
stage: validate
variables:
REPORT_PATH: ./
NVD_DB_UPDATE: "true"
before_script: []
script:
- /gitlab-depscan.sh build_facts/version-manifest.json
rules:
- if: '$PIPELINE_TYPE == "DEPENDENCY_SCANNING_PIPELINE"'
- if: '$PIPELINE_TYPE == "GITLAB_MR_PIPELINE"'
allow_failure: true
needs:
- generate-facts
artifacts:
expire_in: 7 days
when: always
reports:
dependency_scanning: gl-dependency-scanning-report.json
paths:
- dependency_report.txt
dependency_update:
image: "${BUILDER_IMAGE_REGISTRY}/distribution_ci_tools:${BUILDER_IMAGE_REVISION}"
stage: prepare
before_script: []
script:
- curl https://deps.app/install.sh | bash -s -- -b $HOME/bin
- $HOME/bin/deps ci
rules:
- if: '$PIPELINE_TYPE == "DEPS_IO_VERSION_CHECK_PIPELINE"'
validate_packer_changes:
before_script: []
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/debian_packer:${BUILDER_IMAGE_REVISION}"
stage: check
script:
- cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var ci_job_token=XXX -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ce-arm64.pkr.hcl
- cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var ci_job_token=XXX -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ce.pkr.hcl
- cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var ci_job_token=XXX -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ee-arm64.pkr.hcl
- cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var ci_job_token=XXX -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ee-premium.pkr.hcl
- cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var ci_job_token=XXX -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ee-ultimate.pkr.hcl
- cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var ci_job_token=XXX -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ee.pkr.hcl
rules:
- if: '$PIPELINE_TYPE == "_TEST_PIPELINE"'
changes:
- support/packer/*
- if: '$PIPELINE_TYPE == "GITLAB_MR_PIPELINE"'
changes:
- support/packer/*
##############################
# Scheduled pipeline #
##############################
pages:
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/ubuntu_20.04:${BUILDER_IMAGE_REVISION}"
stage: prepare
needs:
- yard
script:
- bundle exec rake license:generate_pages
# Remove "|| true" after we confirm this works.
- bundle exec rake manifest:generate_pages || true
- mv ${LICENSE_S3_BUCKET} public
- cp support/webpages/* public
- cp -R yard/* public
artifacts:
paths:
- public
rules:
- if: '$PIPELINE_TYPE == "LICENSE_PAGE_UPDATE_PIPELINE"'
.build-package-on-all-os-vars:
extends: .base-trigger-job-variables
SKIP_JOB_REGEX: '/Ubuntu-22.04|Ubuntu-20.04-fips|Docker|QA/'
PIPELINE_TYPE: "${EDITION}_BRANCH_BUILD_PIPELINE"
CACHE_EDITION: ${EDITION}
ee: ${ee}
build-package-on-all-os:
stage: package
needs:
- job: generate-facts
artifacts: true
variables:
trigger:
include: '.gitlab-ci.yml'
strategy: depend
rules:
# Triggers from GitLab Rails/Gitaly/GitLab Pages pipeline which forced building on all OS automatically
- if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/ && $BUILD_ON_ALL_OS == "true"'
when: always
variables: !reference [.build-package-on-all-os-vars]
# MR pipelines from omnibus-gitlab that change files which require building on all OS automatically
- if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/ && $CI_PIPELINE_SOURCE != "pipeline"'
changes:
- Gemfile
- Gemfile.lock
- config/software/**
- config/patches/**
when: always
variables: !reference [.build-package-on-all-os-vars]
# Covering the remaining scenarios - provide the job to be manually run by developers, if required
# (i) MR pipelines from omnibus-gitlab that doesn't change files which require building on all OS
# (ii) Triggers from GitLab Rails/Gitaly/GitLab Pages pipeline which didn't force building on all OS
- if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/'
when: manual
allow_failure: true
variables: !reference [.build-package-on-all-os-vars]
Reference in New Issue View Git Blame Copy Permalink