gitlab
/
omnibus-gitlab
mirror of https://gitlab.com/gitlab-org/omnibus-gitlab.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
omnibus-gitlab/gitlab-ci-config/gitlab-com.yml

751 lines
21 KiB
YAML
Raw Blame History

# This config lists the jobs that will be run on omnibus-gitlab project in
# gitlab.com.
#############
# Templates #
#############
.knapsack-artifacts: &knapsack-artifacts
expire_in: 31d
paths:
- knapsack/
.knapsack-state:
services: []
cache:
key: "knapsack${CACHE_KEY_SUFFIX}"
paths:
- knapsack/
artifacts: *knapsack-artifacts
.knapsack: &prepare_knapsack
extends: .knapsack-state
stage: prepare
before_script: []
script:
- JOB_NAME=( $CI_JOB_NAME )
- export DISTRO_NAME=${JOB_NAME[0]}
- export DISTRO_VERSION=${JOB_NAME[1]}
- mkdir -p knapsack/
- '[[ -f knapsack/${DISTRO_NAME}_${DISTRO_VERSION}_main_rspec_report.json ]] || echo "{}" > knapsack/${DISTRO_NAME}_${DISTRO_VERSION}_main_rspec_report.json'
rules:
- if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/'
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
retry: 1
needs:
- rubocop
.gems-cache:
cache:
key: "gems-cache-${BUILDER_IMAGE_REVISION}${CACHE_KEY_SUFFIX}"
paths:
- gems
policy: pull
.trigger-package-cache:
cache:
key: "Ubuntu-20.04-branch-${BUILDER_IMAGE_REVISION}-${CACHE_EDITION}${CACHE_KEY_SUFFIX}"
paths:
- cache
- gems
- assets_cache
- node_modules
policy: pull
.trigger-fips-package-cache:
cache:
key: "Ubuntu-20.04-fips-branch-${BUILDER_IMAGE_REVISION}-${CACHE_EDITION}${CACHE_KEY_SUFFIX}"
paths:
- cache
- gems
- assets_cache
- node_modules
policy: pull
.install-gems: &install-gems
- gem install bundler:${BUNDLER_VERSION}
- bundle config set --local path 'gems'
- bundle config set --local frozen 'true'
- bundle install -j $(nproc)
- bundle binstubs --all
.build-package: &build-package
- bundle exec rake cache:populate
- bundle exec rake cache:restore
- bundle exec rake build:project
- bundle exec rake cache:bundle
- bundle exec rake build:component_shas
.trigger-package-common:
extends: .trigger-package-cache
variables:
image: "${BUILDER_IMAGE_REGISTRY}/${BASE_OS}:${BUILDER_IMAGE_REVISION}"
stage: trigger-package
script:
- *build-package
# Renaming so we can easily generate the artifact URL
- mv $PACKAGE_DIRECTORY/*.deb $PACKAGE_DIRECTORY/gitlab.deb
- mv $PACKAGE_DIRECTORY/*.deb.size $PACKAGE_DIRECTORY/gitlab.deb.size
artifacts:
expire_in: 3 days
when: always
paths:
- pkg/
tags:
- triggered-packages
needs:
- job: fetch-assets
optional: true
- job: generate-facts
optional: true
artifacts: true
rules:
- if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/'
- if: '$PIPELINE_TYPE == "DURATION_PLOTTER_PIPELINE"'
- if: '$PIPELINE_TYPE == "TRIGGER_CACHE_UPDATE_PIPELINE"'
.spec_template: &spec_template
extends: .gems-cache
stage: tests
before_script:
# These jobs will not be run on dev, so we set ALTERNATIVE_SOURCES to true
# so tests run fine on forks
- export ALTERNATIVE_SOURCES="true";
- *install-gems
retry: 1
script:
- bundle exec rspec spec/lib
artifacts:
reports: &spec_reports
junit: junit_rspec.xml
rules:
- if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/'
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
.chef_spec_template:
extends: .spec_template
variables:
KNAPSACK_TEST_FILE_PATTERN: "spec/chef/**{,/*/**}/*_spec.rb"
script:
- JOB_NAME=( $CI_JOB_NAME )
- export DISTRO_NAME=${JOB_NAME[0]}
- export DISTRO_VERSION=${JOB_NAME[1]}
- export KNAPSACK_REPORT_PATH=knapsack/${DISTRO_NAME}_${DISTRO_VERSION}_rspec_node_${CI_NODE_INDEX}_${CI_NODE_TOTAL}_report.json
- export KNAPSACK_GENERATE_REPORT=true
- export USE_KNAPSACK=true
# To prevent current OS providing empty/old reports of other OSs as an
# artifact. If not, they may overwrite the valid/new reports from those
# corresponding OSs. So, removing everything except current OS's report.
- cp knapsack/${DISTRO_NAME}_${DISTRO_VERSION}_main_rspec_report.json ${KNAPSACK_REPORT_PATH}.bak
- rm -f knapsack/*.json
- mv ${KNAPSACK_REPORT_PATH}.bak ${KNAPSACK_REPORT_PATH}
- bundle exec rake knapsack:rspec
artifacts:
<<: *knapsack-artifacts
reports:
junit: junit_rspec.xml
.trigger-job:
stage: trigger-package
inherit:
variables: false
variables:
ALTERNATIVE_SOURCES: 'true'
BUILDER_IMAGE_REVISION: ${BUILDER_IMAGE_REVISION}
BUILDER_IMAGE_REGISTRY: ${BUILDER_IMAGE_REGISTRY}
PUBLIC_BUILDER_IMAGE_REGISTRY: ${PUBLIC_BUILDER_IMAGE_REGISTRY}
COMPILE_ASSETS: ${COMPILE_ASSETS}
GITLAB_VERSION: ${GITLAB_VERSION}
GITLAB_SHELL_VERSION: ${GITLAB_SHELL_VERSION}
GITLAB_PAGES_VERSION: ${GITLAB_PAGES_VERSION}
GITALY_VERSION: ${GITALY_SERVER_VERSION}
GITLAB_ELASTICSEARCH_INDEXER_VERSION: ${GITLAB_ELASTICSEARCH_INDEXER_VERSION}
GITLAB_KAS_VERSION: ${GITLAB_KAS_VERSION}
TOP_UPSTREAM_SOURCE_PROJECT: ${TOP_UPSTREAM_SOURCE_PROJECT}
TOP_UPSTREAM_SOURCE_JOB: ${TOP_UPSTREAM_SOURCE_JOB}
TOP_UPSTREAM_SOURCE_SHA: ${TOP_UPSTREAM_SOURCE_SHA}
TOP_UPSTREAM_SOURCE_REF: ${TOP_UPSTREAM_SOURCE_REF}
QA_BRANCH: ${QA_BRANCH}
trigger:
project: 'gitlab-org/build/omnibus-gitlab-mirror'
branch: $CI_COMMIT_REF_NAME
strategy: depend
needs:
- job: generate-facts
artifacts: true
- job: check-for-sha-in-mirror
artifacts: false
allow_failure: true
rules:
# Because of inherit:variables being false, `PIPELINE_TYPE` isn't available here. :(
# https://gitlab.com/gitlab-org/gitlab/-/issues/368759
- if: '$CI_PIPELINE_SOURCE=="schedule" || $CI_PIPELINE_SOURCE=="pipeline"'
when: never
- if: '$CI_COMMIT_REF_PROTECTED == "true"'
when: never
- if: '$CI_PIPELINE_SOURCE == "merge_request_event" && ($CI_PROJECT_PATH == "gitlab-org/omnibus-gitlab" || $CI_PROJECT_PATH == "gitlab-org/security/omnibus-gitlab")'
when: manual
- if: '$CI_COMMIT_BRANCH && ($CI_PROJECT_PATH == "gitlab-org/omnibus-gitlab" || $CI_PROJECT_PATH == "gitlab-org/security/omnibus-gitlab")'
when: manual
.trigger-pipeline:
stage: trigger-qa
image: "${RUBY_IMAGE}"
allow_failure: true
rules:
- if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/'
when: manual
needs:
- job: Trigger:package
artifacts: false
- job: Trigger:qa-docker
artifacts: false
optional: true
.review-docs:
image: "${RUBY_IMAGE}-alpine"
stage: post-test
cache: {}
needs: []
before_script:
- gem install gitlab --no-doc
# We need to download the script rather than clone the repo since the
# review-docs-cleanup job will not be able to run when the branch gets
# deleted (when merging the MR).
- apk add --update openssl
- wget https://gitlab.com/gitlab-org/gitlab/-/raw/master/scripts/trigger-build.rb
- chmod 755 trigger-build.rb
variables:
GIT_STRATEGY: none
DOCS_REVIEW_APPS_DOMAIN: 35.193.151.162.nip.io
allow_failure: true
rules:
- if: '$PIPELINE_TYPE == "GITLAB_BRANCH_TEST_PIPELINE"'
when: manual
- if: '$PIPELINE_TYPE == "GITLAB_MR_PIPELINE"'
when: manual
- if: '$PIPELINE_TYPE == "DOCS_PIPELINE"'
when: manual
#####################
# Cache update jobs #
#####################
update-gems-cache:
extends: .gems-cache
stage: update-cache
image: "${RUBY_IMAGE}"
before_script:
- *install-gems
script:
- echo "Cache is up to date!"
cache:
policy: push # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up.
rules:
- if: '$PIPELINE_TYPE == "CACHE_UPDATE_PIPELINE"'
# We need to populate the cache for jobs with the `gitlab-org-docker` tag. Ideally, we wouldn't need this if
# we'd use Kaniko to build the Docker images, allowing to use the `gitlab-org` tag instead of the `gitlab-org-docker` tag.
update-gems-cache-for-docker-jobs:
extends:
- update-gems-cache
- .docker_job
update-trigger-package-cache:
extends: .trigger-package-cache
stage: update-cache
image: "${BUILDER_IMAGE_REGISTRY}/ubuntu_20.04:${BUILDER_IMAGE_REVISION}"
script:
- *build-package
- echo "Cache is up to date!"
cache:
policy: push # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up.
tags:
- triggered-packages
rules:
- if: '$PIPELINE_TYPE == "TRIGGER_CACHE_UPDATE_PIPELINE"'
needs:
- job: fetch-assets
optional: true
###########################
# Branch pipeline #
###########################
check-for-sha-in-mirror:
extends: .gems-cache
stage: check
image: "${RUBY_IMAGE}"
script:
- support/wait_for_sha
rules:
- if: '$PIPELINE_TYPE == "GITLAB_MR_PIPELINE"'
- if: '$PIPELINE_TYPE == "GITLAB_BRANCH_TEST_PIPELINE"'
timeout: 3h
needs: []
Trigger:ce-package:
extends: .trigger-job
Trigger:ee-package:
extends: .trigger-job
variables:
ee: "true"
rubocop:
extends: .gems-cache
stage: check
image: "${RUBY_IMAGE}"
before_script:
- *install-gems
script:
- bundle exec rubocop --parallel
rules:
- if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/'
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
needs: []
# Perform documentation linting on Markdown files
docs-lint markdown:
image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.16-vale-2.17.0-markdownlint-0.31.1
stage: check
cache: {}
needs: []
before_script: []
script:
# Lint prose
- vale --minAlertLevel error doc
# Lint Markdown
- markdownlint --config .markdownlint.yml 'doc/**/*.md'
rules:
- if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/'
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
- if: '$PIPELINE_TYPE == "DOCS_PIPELINE"'
# Perform link checks on published HTML files
docs-lint links:
image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.16-ruby-2.7.6-0bc327a4
stage: check
cache: {}
needs: []
before_script: []
script:
# Prepare docs for build
- mv doc/ /tmp/gitlab-docs/content/omnibus
- cd /tmp/gitlab-docs
# Build HTML from Markdown
- bundle exec nanoc
# Check the internal links
- bundle exec nanoc check internal_links
# Check the internal anchor links
- bundle exec nanoc check internal_anchors
rules:
- if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/'
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
- if: '$PIPELINE_TYPE == "DOCS_PIPELINE"'
yard:
extends: .gems-cache
image: "${RUBY_IMAGE}"
stage: check
needs: []
before_script:
# These jobs will not be run on dev, so we set ALTERNATIVE_SOURCES to true
# so tests run fine on forks
- export ALTERNATIVE_SOURCES="true";
- *install-gems
script:
- bundle exec yardoc
rules:
- if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/'
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
- if: '$PIPELINE_TYPE == "LICENSE_PAGE_UPDATE_PIPELINE"'
artifacts:
expire_in: 1 week
paths:
- yard/*
# Trigger a docs build in gitlab-docs
# Useful to preview the docs changes live
# https://docs.gitlab.com/ee/development/documentation/index.html#previewing-the-changes-live
review-docs-deploy:
extends:
- .review-docs
environment:
name: review-docs/branch-${CI_COMMIT_REF_SLUG}
# DOCS_REVIEW_APPS_DOMAIN and DOCS_GITLAB_REPO_SUFFIX are CI variables
# Discussion: https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/14236/diffs#note_40140693
auto_stop_in: 2 weeks
url: http://${DOCS_BRANCH}-${DOCS_GITLAB_REPO_SUFFIX}-${CI_COMMIT_REF_SLUG}.${DOCS_REVIEW_APPS_DOMAIN}/${DOCS_GITLAB_REPO_SUFFIX}
on_stop: review-docs-cleanup
script:
- ./trigger-build.rb docs deploy
# Cleanup remote environment of gitlab-docs
review-docs-cleanup:
extends:
- .review-docs
environment:
name: review-docs/branch-${CI_COMMIT_REF_SLUG}
action: stop
script:
- ./trigger-build.rb docs cleanup
include:
- project: 'gitlab-org/quality/pipeline-common'
file:
- '/ci/danger-review.yml'
danger-review:
stage: check
variables:
BUNDLE_WITH: "danger"
rules:
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
Centos 7 knapsack: *prepare_knapsack
Centos 8 knapsack: *prepare_knapsack
Debian 9 knapsack: *prepare_knapsack
Debian 10 knapsack: *prepare_knapsack
Debian 11 knapsack: *prepare_knapsack
OpenSUSE 15.3 knapsack: *prepare_knapsack
Ubuntu 16.04 knapsack: *prepare_knapsack
Ubuntu 18.04 knapsack: *prepare_knapsack
Ubuntu 20.04 knapsack: *prepare_knapsack
AmazonLinux 2 knapsack: *prepare_knapsack
build library specs:
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:omnibus-gitlab-focal"
extends: .spec_template
needs:
- rubocop
coverage: '/\(\d+.\d+\%\) covered/'
artifacts:
reports:
<<: *spec_reports
coverage_report:
coverage_format: cobertura
path: coverage/coverage.xml
Ubuntu 16.04 specs:
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:omnibus-gitlab-xenial"
extends: .chef_spec_template
parallel: 6
needs:
- Ubuntu 16.04 knapsack
Ubuntu 18.04 specs :
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:omnibus-gitlab-bionic"
extends: .chef_spec_template
parallel: 6
needs:
- Ubuntu 18.04 knapsack
Ubuntu 20.04 specs :
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:omnibus-gitlab-focal"
extends: .chef_spec_template
parallel: 6
needs:
- Ubuntu 20.04 knapsack
Debian 9 specs :
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:omnibus-gitlab-stretch"
extends: .chef_spec_template
parallel: 6
needs:
- Debian 9 knapsack
Debian 10 specs :
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:omnibus-gitlab-buster"
extends: .chef_spec_template
parallel: 6
needs:
- Debian 10 knapsack
Debian 11 specs :
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:omnibus-gitlab-bullseye"
extends: .chef_spec_template
parallel: 6
needs:
- Debian 11 knapsack
Centos 7 specs :
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:omnibus-gitlab-centos7"
extends: .chef_spec_template
parallel: 6
needs:
- Centos 7 knapsack
Centos 8 specs :
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:omnibus-gitlab-centos8"
extends: .chef_spec_template
parallel: 6
needs:
- Centos 8 knapsack
OpenSUSE 15.3 specs :
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:omnibus-gitlab-opensuse15.3"
extends: .chef_spec_template
parallel: 6
needs:
- OpenSUSE 15.3 knapsack
AmazonLinux 2 specs :
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:omnibus-gitlab-amazonlinux2"
extends: .chef_spec_template
parallel: 6
needs:
- AmazonLinux 2 knapsack
update-knapsack:
extends: .knapsack-state
image: "${RUBY_IMAGE}"
stage: post-test
before_script: []
script:
- support/merge-reports knapsack
- rm -f knapsack/*node*
rules:
- if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/'
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
retry: 1
############################
# Trigger Pipeline #
############################
Trigger:package:
extends: .trigger-package-common
variables:
BASE_OS: "ubuntu_20.04"
PACKAGE_DIRECTORY: "pkg/ubuntu-focal"
Trigger:package:fips:
extends:
- .trigger-package-common
- .trigger-fips-package-cache
variables:
USE_SYSTEM_SSL: "true"
BASE_OS: "ubuntu_20.04_fips"
PACKAGE_DIRECTORY: "pkg/ubuntu-focal_fips"
allow_failure: true
rules:
- if: '$PIPELINE_TYPE == "TRIGGERED_EE_PIPELINE"'
when: manual
package_size_check:
extends: .trigger-package-cache
image: "${BUILDER_IMAGE_REGISTRY}/ubuntu_20.04:${BUILDER_IMAGE_REVISION}"
stage: trigger-qa
script:
- bundle exec rake build:package:generate_sizefile
- bundle exec rake check:package_size
needs:
- job: Trigger:package
artifacts: false
rules:
- if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/'
Trigger:gitlab-docker:
extends:
- .docker_job
- .gems-cache
stage: trigger-docker
script:
- bundle exec rake docker:build:image
- bundle exec rake docker:push:triggered
rules:
- if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/'
- if: '$PIPELINE_TYPE == "TRIGGER_CACHE_UPDATE_PIPELINE"'
needs:
- job: Trigger:package
artifacts: false
- job: generate-facts
optional: true
artifacts: true
Trigger:qa-docker:
extends:
- .docker_job
- .gems-cache
stage: trigger-docker
script:
- bundle exec rake qa:build
- bundle exec rake qa:push:triggered
rules:
- if: '$SKIP_QA_DOCKER == "true"'
when: never
- if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/'
- if: '$PIPELINE_TYPE == "TRIGGER_CACHE_UPDATE_PIPELINE"'
needs:
- Trigger:package
- job: generate-facts
optional: true
artifacts: true
qa-test:
stage: trigger-qa
inherit:
variables: false
variables:
RELEASE: $QA_RELEASE
QA_IMAGE: $QA_IMAGE
QA_TESTS: $QA_TESTS
ALLURE_JOB_NAME: $ALLURE_JOB_NAME
GITLAB_QA_OPTIONS: $GITLAB_QA_OPTIONS
KNAPSACK_GENERATE_REPORT: $KNAPSACK_GENERATE_REPORT
TOP_UPSTREAM_SOURCE_PROJECT: $TOP_UPSTREAM_SOURCE_PROJECT
TOP_UPSTREAM_SOURCE_REF: $TOP_UPSTREAM_SOURCE_REF
TOP_UPSTREAM_SOURCE_JOB: $TOP_UPSTREAM_SOURCE_JOB
TOP_UPSTREAM_SOURCE_SHA: $TOP_UPSTREAM_SOURCE_SHA
TOP_UPSTREAM_MERGE_REQUEST_PROJECT_ID: $TOP_UPSTREAM_MERGE_REQUEST_PROJECT_ID
TOP_UPSTREAM_MERGE_REQUEST_IID: $TOP_UPSTREAM_MERGE_REQUEST_IID
trigger:
project: "gitlab-org/gitlab-qa-mirror"
branch: $QA_BRANCH
strategy: depend
rules:
- if: '$SKIP_QA_TEST == "true"'
when: never
# Because of inherit:variables being false, `PIPELINE_TYPE` isn't available here. :(
# https://gitlab.com/gitlab-org/gitlab/-/issues/368759
- if: '$CI_PROJECT_PATH == "gitlab-org/build/omnibus-gitlab-mirror" && $CI_PIPELINE_SOURCE=="pipeline"'
needs:
- job: generate-facts
artifacts: true
- job: Trigger:package
artifacts: false
- job: Trigger:gitlab-docker
artifacts: false
- job: Trigger:qa-docker
artifacts: false
optional: true
letsencrypt-test:
extends: .docker_job
stage: trigger-qa
script:
- echo "${CI_REGISTRY_PASSWORD}" | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
- curl -L "https://github.com/docker/compose/releases/download/1.29.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
- chmod +x /usr/local/bin/docker-compose
- bundle exec rake qa:test_letsencrypt
rules:
- if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/'
needs:
- job: Trigger:gitlab-docker
artifacts: false
RAT:
stage: trigger-qa
image: "${RUBY_IMAGE}"
allow_failure: true
script:
- bundle exec rake qa:rat:trigger
rules:
- if: '$PIPELINE_TYPE == "TRIGGERED_EE_PIPELINE"'
when: manual
needs:
- job: Trigger:package
artifacts: false
- job: Trigger:qa-docker
artifacts: false
optional: true
RAT:FIPS:
extends: RAT
variables:
USE_SYSTEM_SSL: "true"
RAT_REFERENCE_ARCHITECTURE: "omnibus-gitlab-mrs-fips-ubuntu"
needs:
- job: Trigger:package:fips
artifacts: false
- job: Trigger:qa-docker
artifacts: false
optional: true
GET:Geo:
extends: .trigger-pipeline
rules:
- if: '$PIPELINE_TYPE == "TRIGGERED_EE_PIPELINE"'
script:
- bundle exec rake qa:get:geo:trigger
create_omnibus_manifest:
extends: .trigger-package-cache
image: "${BUILDER_IMAGE_REGISTRY}/debian_10:${BUILDER_IMAGE_REVISION}"
stage: prepare
variables:
TERM: xterm-256color
script:
- bundle exec omnibus manifest gitlab -l nothing 2> /dev/null > version-manifest.json
rules:
- if: '$PIPELINE_TYPE == "DEPENDENCY_SCANNING_PIPELINE"'
artifacts:
expire_in: 7 days
paths:
- version-manifest.json
dependency_scanning:
image: "registry.gitlab.com/gitlab-org/security-products/gitlab-depscan:2.3.2"
stage: package
variables:
REPORT_PATH: ./
NVD_DB_UPDATE: "true"
before_script: []
script:
- /gitlab-depscan.sh version-manifest.json
rules:
- if: '$PIPELINE_TYPE == "DEPENDENCY_SCANNING_PIPELINE"'
allow_failure: true
needs:
- create_omnibus_manifest
artifacts:
expire_in: 7 days
when: always
reports:
dependency_scanning: gl-dependency-scanning-report.json
paths:
- dependency_report.txt
dependency_update:
image: "${BUILDER_IMAGE_REGISTRY}/ruby_docker:${BUILDER_IMAGE_REVISION}"
stage: prepare
before_script: []
script:
- curl https://deps.app/install.sh | bash -s -- -b $HOME/bin
- $HOME/bin/deps ci
rules:
- if: '$PIPELINE_TYPE == "DEPS_IO_VERSION_CHECK_PIPELINE"'
dependencies_io_check:
extends: .trigger-job
when: always
variables:
ee: "true"
rules:
- if: '$PIPELINE_TYPE == "DEPS_IO_VERSION_BUMP_PIPELINE"'
validate_packer_changes:
before_script: []
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/debian_packer:${BUILDER_IMAGE_REVISION}"
stage: check
script:
- cd "${CI_PROJECT_DIR}/support/packer" && packer validate ce.json
- cd "${CI_PROJECT_DIR}/support/packer" && packer validate ee.json
rules:
- if: '$PIPELINE_TYPE == "_TEST_PIPELINE"'
changes:
- support/packer/*
- if: '$PIPELINE_TYPE == "GITLAB_MR_PIPELINE"'
changes:
- support/packer/*
##############################
# Scheduled pipeline #
##############################
pages:
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/ubuntu_20.04:${BUILDER_IMAGE_REVISION}"
stage: prepare
needs:
- yard
script:
- bundle exec rake license:generate_pages
- mv ${LICENSE_S3_BUCKET} public
- cp support/webpages/* public
- cp -R yard/* public
artifacts:
paths:
- public
rules:
- if: '$PIPELINE_TYPE == "LICENSE_PAGE_UPDATE_PIPELINE"'
Reference in New Issue View Git Blame Copy Permalink