816 lines
26 KiB
YAML
816 lines
26 KiB
YAML
# This config lists the jobs that will be run on omnibus-gitlab project in
|
|
# gitlab.com.
|
|
|
|
#############
|
|
# Templates #
|
|
#############
|
|
.knapsack-artifacts: &knapsack-artifacts
|
|
expire_in: 31d
|
|
paths:
|
|
- knapsack/
|
|
|
|
.knapsack-state:
|
|
services: []
|
|
cache:
|
|
key: "knapsack${CACHE_KEY_SUFFIX}"
|
|
paths:
|
|
- knapsack/
|
|
artifacts: !reference [.knapsack-artifacts]
|
|
|
|
.knapsack: &prepare_knapsack
|
|
extends: .knapsack-state
|
|
stage: prepare
|
|
before_script: []
|
|
script:
|
|
- JOB_NAME=( $CI_JOB_NAME )
|
|
- export DISTRO_NAME=${JOB_NAME[0]}
|
|
- export DISTRO_VERSION=${JOB_NAME[1]}
|
|
- mkdir -p knapsack/
|
|
- '[[ -f knapsack/${DISTRO_NAME}_${DISTRO_VERSION}_main_rspec_report.json ]] || echo "{}" > knapsack/${DISTRO_NAME}_${DISTRO_VERSION}_main_rspec_report.json'
|
|
rules:
|
|
- if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/'
|
|
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
|
|
retry: 1
|
|
needs:
|
|
- rubocop
|
|
|
|
.trigger-package-cache:
|
|
cache:
|
|
key: "Ubuntu-22.04-branch-${BUILDER_IMAGE_REVISION}-${CACHE_EDITION}${CACHE_KEY_SUFFIX}"
|
|
paths:
|
|
- cache
|
|
- gems
|
|
- assets_cache
|
|
- node_modules
|
|
policy: pull
|
|
|
|
.trigger-fips-package-cache:
|
|
cache:
|
|
key: "Ubuntu-22.04-fips-branch-${BUILDER_IMAGE_REVISION}-${CACHE_EDITION}${CACHE_KEY_SUFFIX}"
|
|
paths:
|
|
- cache
|
|
- gems
|
|
- assets_cache
|
|
- node_modules
|
|
policy: pull
|
|
|
|
.install-gems: &install-gems
|
|
- gem install bundler:${BUNDLER_VERSION}
|
|
- bundle config build.ffi --disable-system-libffi
|
|
- bundle config set --local path 'gems'
|
|
- bundle config set --local frozen 'true'
|
|
- bundle install -j $(nproc)
|
|
- bundle binstubs --all
|
|
|
|
.trigger-package-common:
|
|
extends: .trigger-package-cache
|
|
variables:
|
|
image: "${BUILDER_IMAGE_REGISTRY}/${BASE_OS}:${BUILDER_IMAGE_REVISION}"
|
|
stage: trigger-package
|
|
script:
|
|
- !reference [.build-package]
|
|
# Renaming so we can easily generate the artifact URL
|
|
- mv $PACKAGE_DIRECTORY/*.deb $PACKAGE_DIRECTORY/gitlab.deb
|
|
- mv $PACKAGE_DIRECTORY/*.deb.size $PACKAGE_DIRECTORY/gitlab.deb.size
|
|
artifacts:
|
|
expire_in: 3 days
|
|
when: always
|
|
paths:
|
|
- pkg/
|
|
tags: !reference [.distribution-amd64-tags]
|
|
needs:
|
|
- job: fetch-assets
|
|
optional: true
|
|
- job: generate-facts
|
|
optional: true
|
|
artifacts: true
|
|
rules:
|
|
- if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/'
|
|
- if: '$PIPELINE_TYPE == "DURATION_PLOTTER_PIPELINE"'
|
|
- if: '$PIPELINE_TYPE == "TRIGGER_CACHE_UPDATE_PIPELINE"'
|
|
|
|
.spec_template: &spec_template
|
|
extends: .gems-cache-os-dependent
|
|
stage: tests
|
|
before_script:
|
|
# These jobs will not be run on dev, so we set ALTERNATIVE_SOURCES to true
|
|
# so tests run fine on forks
|
|
- export ALTERNATIVE_SOURCES="true";
|
|
- !reference [.install-gems]
|
|
retry: 1
|
|
script:
|
|
- bundle exec rspec spec/lib
|
|
artifacts:
|
|
reports: &spec_reports
|
|
junit: junit_rspec.xml
|
|
rules:
|
|
- if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/'
|
|
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
|
|
|
|
.chef_spec_template:
|
|
extends: .spec_template
|
|
variables:
|
|
KNAPSACK_TEST_FILE_PATTERN: "spec/chef/**{,/*/**}/*_spec.rb"
|
|
script:
|
|
- JOB_NAME=( $CI_JOB_NAME )
|
|
- export DISTRO_NAME=${JOB_NAME[0]}
|
|
- export DISTRO_VERSION=${JOB_NAME[1]}
|
|
- export KNAPSACK_REPORT_PATH=knapsack/${DISTRO_NAME}_${DISTRO_VERSION}_rspec_node_${CI_NODE_INDEX}_${CI_NODE_TOTAL}_report.json
|
|
- export KNAPSACK_GENERATE_REPORT=true
|
|
- export USE_KNAPSACK=true
|
|
# To prevent current OS providing empty/old reports of other OSs as an
|
|
# artifact. If not, they may overwrite the valid/new reports from those
|
|
# corresponding OSs. So, removing everything except current OS's report.
|
|
- cp knapsack/${DISTRO_NAME}_${DISTRO_VERSION}_main_rspec_report.json ${KNAPSACK_REPORT_PATH}.bak
|
|
- rm -f knapsack/*.json
|
|
- mv ${KNAPSACK_REPORT_PATH}.bak ${KNAPSACK_REPORT_PATH}
|
|
- bundle exec rake knapsack:rspec
|
|
artifacts:
|
|
# Since this is not an array, we can't use `!reference` tags. Hence using
|
|
# yaml anchors.
|
|
<<: *knapsack-artifacts
|
|
reports:
|
|
junit: junit_rspec.xml
|
|
|
|
.base-trigger-job-variables:
|
|
ALTERNATIVE_SOURCES: 'true'
|
|
SECURITY_SOURCES: ${SECURITY_SOURCES}
|
|
BUILDER_IMAGE_REVISION: ${BUILDER_IMAGE_REVISION}
|
|
BUILDER_IMAGE_REGISTRY: ${BUILDER_IMAGE_REGISTRY}
|
|
PUBLIC_BUILDER_IMAGE_REGISTRY: ${PUBLIC_BUILDER_IMAGE_REGISTRY}
|
|
COMPILE_ASSETS: ${COMPILE_ASSETS}
|
|
GITLAB_VERSION: ${GITLAB_VERSION}
|
|
GITLAB_SHELL_VERSION: ${GITLAB_SHELL_VERSION}
|
|
GITLAB_PAGES_VERSION: ${GITLAB_PAGES_VERSION}
|
|
GITALY_SERVER_VERSION: ${GITALY_SERVER_VERSION}
|
|
GITLAB_ELASTICSEARCH_INDEXER_VERSION: ${GITLAB_ELASTICSEARCH_INDEXER_VERSION}
|
|
GITLAB_KAS_VERSION: ${GITLAB_KAS_VERSION}
|
|
TOP_UPSTREAM_SOURCE_PROJECT: ${TOP_UPSTREAM_SOURCE_PROJECT}
|
|
TOP_UPSTREAM_SOURCE_JOB: ${TOP_UPSTREAM_SOURCE_JOB}
|
|
TOP_UPSTREAM_SOURCE_SHA: ${TOP_UPSTREAM_SOURCE_SHA}
|
|
TOP_UPSTREAM_SOURCE_REF: ${TOP_UPSTREAM_SOURCE_REF}
|
|
|
|
.ce-trigger-job-variables:
|
|
extends: .base-trigger-job-variables
|
|
PIPELINE_TYPE: "TRIGGERED_CE_PIPELINE"
|
|
CACHE_EDITION: "CE"
|
|
|
|
.ee-trigger-job-variables:
|
|
extends: .base-trigger-job-variables
|
|
PIPELINE_TYPE: "TRIGGERED_EE_PIPELINE"
|
|
CACHE_EDITION: "EE"
|
|
ee: "true"
|
|
|
|
.ce-trigger-job:
|
|
stage: trigger-package
|
|
trigger:
|
|
include: '.gitlab-ci.yml'
|
|
strategy: depend
|
|
needs:
|
|
- job: generate-facts
|
|
artifacts: true
|
|
allow_failure: true
|
|
rules:
|
|
- if: '$PIPELINE_TYPE =~ /_BRANCH_TEST_PIPELINE$/'
|
|
when: manual
|
|
variables: !reference [.ce-trigger-job-variables]
|
|
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
|
|
when: manual
|
|
variables: !reference [.ce-trigger-job-variables]
|
|
|
|
.trigger-pipeline:
|
|
stage: trigger-qa
|
|
image: "${RUBY_IMAGE}"
|
|
allow_failure: true
|
|
rules:
|
|
- if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/'
|
|
when: manual
|
|
needs:
|
|
- job: Trigger:package
|
|
artifacts: false
|
|
|
|
.review-docs:
|
|
image: "${RUBY_IMAGE}-alpine"
|
|
stage: post-test
|
|
cache: {}
|
|
needs: []
|
|
before_script:
|
|
- gem install gitlab --no-doc
|
|
# We need to download the script rather than clone the repo since the
|
|
# review-docs-cleanup job will not be able to run when the branch gets
|
|
# deleted (when merging the MR).
|
|
- apk add --update openssl
|
|
- wget https://gitlab.com/gitlab-org/gitlab/-/raw/master/scripts/trigger-build.rb
|
|
- chmod 755 trigger-build.rb
|
|
variables:
|
|
GIT_STRATEGY: none
|
|
DOCS_REVIEW_APPS_DOMAIN: docs.gitlab-review.app
|
|
# By default, deploy the Review App using the `main` branch of the `gitlab-org/gitlab-docs` project
|
|
DOCS_BRANCH: main
|
|
allow_failure: true
|
|
rules:
|
|
- if: '$PIPELINE_TYPE == "GITLAB_BRANCH_TEST_PIPELINE"'
|
|
when: manual
|
|
- if: '$PIPELINE_TYPE == "GITLAB_MR_PIPELINE"'
|
|
when: manual
|
|
- if: '$PIPELINE_TYPE == "DOCS_PIPELINE"'
|
|
when: manual
|
|
|
|
.qa-template:
|
|
variables:
|
|
QA_RUN_ALL_TESTS: "false"
|
|
RELEASE: $QA_RELEASE
|
|
QA_IMAGE: $QA_IMAGE
|
|
GITLAB_SEMVER_VERSION: $GITLAB_SEMVER_VERSION # latest semver gitlab version used for testing upgrade paths
|
|
SKIP_OMNIBUS_TRIGGER: "true"
|
|
GITLAB_AUTH_TOKEN: $DANGER_GITLAB_API_TOKEN
|
|
ALLURE_MERGE_REQUEST_IID: $CI_MERGE_REQUEST_IID
|
|
inherit:
|
|
variables: false
|
|
trigger:
|
|
strategy: depend
|
|
forward:
|
|
yaml_variables: true
|
|
pipeline_variables: true
|
|
include:
|
|
- project: gitlab-org/gitlab
|
|
ref: master
|
|
file: .gitlab/ci/package-and-test/main.gitlab-ci.yml
|
|
|
|
#####################
|
|
# Cache update jobs #
|
|
#####################
|
|
update-gems-cache:
|
|
extends: .gems-cache
|
|
stage: update-cache
|
|
image: "${BUILDER_IMAGE_REGISTRY}/distribution_ci_tools:${BUILDER_IMAGE_REVISION}"
|
|
before_script: !reference [.install-gems]
|
|
script:
|
|
- echo "Cache is up to date!"
|
|
cache:
|
|
policy: push # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up.
|
|
rules:
|
|
- if: '$PIPELINE_TYPE == "CACHE_UPDATE_PIPELINE"'
|
|
|
|
# We need to populate the cache for jobs with the `gitlab-org-docker` tag. Ideally, we wouldn't need this if
|
|
# we'd use Kaniko to build the Docker images, allowing to use the `gitlab-org` tag instead of the `gitlab-org-docker` tag.
|
|
update-gems-cache-for-docker-jobs:
|
|
extends:
|
|
- update-gems-cache
|
|
- .docker_job
|
|
|
|
update-trigger-package-cache:
|
|
extends: .trigger-package-cache
|
|
stage: update-cache
|
|
image: "${BUILDER_IMAGE_REGISTRY}/ubuntu_22.04:${BUILDER_IMAGE_REVISION}"
|
|
script:
|
|
- !reference [.build-package]
|
|
- echo "Cache is up to date!"
|
|
cache:
|
|
policy: push # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up.
|
|
tags: !reference [.distribution-amd64-tags]
|
|
rules:
|
|
- if: '$PIPELINE_TYPE == "TRIGGER_CACHE_UPDATE_PIPELINE"'
|
|
needs:
|
|
- job: fetch-assets
|
|
optional: true
|
|
|
|
###########################
|
|
# Branch pipeline #
|
|
###########################
|
|
|
|
Trigger:ce-package:
|
|
extends: .ce-trigger-job
|
|
|
|
Trigger:ee-package:
|
|
extends: .ce-trigger-job
|
|
rules:
|
|
- if: '$PIPELINE_TYPE =~ /_BRANCH_TEST_PIPELINE$/'
|
|
when: manual
|
|
variables: !reference [.ee-trigger-job-variables]
|
|
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
|
|
when: manual
|
|
variables: !reference [.ee-trigger-job-variables]
|
|
- if: '$PIPELINE_TYPE == "DEPS_IO_VERSION_BUMP_PIPELINE"'
|
|
variables: !reference [.ee-trigger-job-variables]
|
|
|
|
rubocop:
|
|
extends: .gems-cache
|
|
stage: check
|
|
image: "${RUBY_IMAGE}"
|
|
before_script: !reference [.install-gems]
|
|
script:
|
|
- bundle exec rubocop --parallel
|
|
rules:
|
|
- if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/'
|
|
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
|
|
needs: []
|
|
|
|
# Perform documentation linting on Markdown files
|
|
docs-lint markdown:
|
|
image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.18-vale-2.29.6-markdownlint-0.37.0-markdownlint2-0.10.0
|
|
stage: check
|
|
cache: {}
|
|
needs: []
|
|
before_script: []
|
|
script:
|
|
# Lint prose
|
|
- vale --minAlertLevel error doc
|
|
# Lint Markdown
|
|
- markdownlint-cli2 'doc/**/*.md'
|
|
rules:
|
|
- if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/'
|
|
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
|
|
- if: '$PIPELINE_TYPE == "DOCS_PIPELINE"'
|
|
|
|
# Perform link checks on published HTML files
|
|
docs-lint links:
|
|
image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.18-ruby-3.2.2-08fa6df8
|
|
stage: check
|
|
cache: {}
|
|
needs: []
|
|
before_script: []
|
|
script:
|
|
# Prepare docs for build
|
|
- mv doc/ /tmp/gitlab-docs/content/omnibus
|
|
- cd /tmp/gitlab-docs
|
|
# Build HTML from Markdown
|
|
- make compile
|
|
# Check the internal links and anchors (in parallel)
|
|
- "parallel time bundle exec nanoc check ::: internal_links internal_anchors"
|
|
rules:
|
|
- if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/'
|
|
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
|
|
- if: '$PIPELINE_TYPE == "DOCS_PIPELINE"'
|
|
|
|
yard:
|
|
extends: .gems-cache
|
|
image: "${RUBY_IMAGE}"
|
|
stage: check
|
|
needs: []
|
|
before_script:
|
|
# These jobs will not be run on dev, so we set ALTERNATIVE_SOURCES to true
|
|
# so tests run fine on forks
|
|
- export ALTERNATIVE_SOURCES="true";
|
|
- !reference [.install-gems]
|
|
script:
|
|
- bundle exec yardoc
|
|
rules:
|
|
- if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/'
|
|
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
|
|
- if: '$PIPELINE_TYPE == "LICENSE_PAGE_UPDATE_PIPELINE"'
|
|
artifacts:
|
|
expire_in: 1 week
|
|
paths:
|
|
- yard/*
|
|
|
|
# Trigger a docs build in gitlab-docs
|
|
# Useful to preview the docs changes live
|
|
# https://docs.gitlab.com/ee/development/documentation/index.html#previewing-the-changes-live
|
|
review-docs-deploy:
|
|
extends:
|
|
- .review-docs
|
|
environment:
|
|
name: review-docs/mr-${CI_MERGE_REQUEST_IID}
|
|
# DOCS_REVIEW_APPS_DOMAIN and DOCS_GITLAB_REPO_SUFFIX are CI variables
|
|
# Discussion: https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/14236/diffs#note_40140693
|
|
auto_stop_in: 2 weeks
|
|
url: https://${DOCS_BRANCH}-${DOCS_GITLAB_REPO_SUFFIX}-${CI_MERGE_REQUEST_IID}.${DOCS_REVIEW_APPS_DOMAIN}/${DOCS_GITLAB_REPO_SUFFIX}
|
|
on_stop: review-docs-cleanup
|
|
script:
|
|
- ./trigger-build.rb docs deploy
|
|
|
|
# Cleanup remote environment of gitlab-docs
|
|
review-docs-cleanup:
|
|
extends:
|
|
- .review-docs
|
|
environment:
|
|
name: review-docs/mr-${CI_MERGE_REQUEST_IID}
|
|
action: stop
|
|
script:
|
|
- ./trigger-build.rb docs cleanup
|
|
|
|
include:
|
|
- project: 'gitlab-org/quality/pipeline-common'
|
|
file:
|
|
- '/ci/danger-review.yml'
|
|
|
|
danger-review:
|
|
stage: check
|
|
variables:
|
|
BUNDLE_WITH: "danger"
|
|
rules:
|
|
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
|
|
|
|
Centos 7 knapsack: !reference [.knapsack]
|
|
AlmaLinux 8 knapsack: !reference [.knapsack]
|
|
AlmaLinux 9 knapsack: !reference [.knapsack]
|
|
Debian 10 knapsack: !reference [.knapsack]
|
|
Debian 11 knapsack: !reference [.knapsack]
|
|
Debian 12 knapsack: !reference [.knapsack]
|
|
OpenSUSE 15.5 knapsack: !reference [.knapsack]
|
|
Ubuntu 18.04 knapsack: !reference [.knapsack]
|
|
Ubuntu 20.04 knapsack: !reference [.knapsack]
|
|
Ubuntu 22.04 knapsack: !reference [.knapsack]
|
|
AmazonLinux 2 knapsack: !reference [.knapsack]
|
|
AmazonLinux 2023 knapsack: !reference [.knapsack]
|
|
|
|
build library specs:
|
|
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/ubuntu_20.04-ruby:${BUILDER_IMAGE_REVISION}"
|
|
extends: .spec_template
|
|
needs:
|
|
- rubocop
|
|
coverage: '/\(\d+.\d+\%\) covered/'
|
|
artifacts:
|
|
reports:
|
|
# Since this is not an array, we can't use `!reference` tags. Hence using
|
|
# yaml anchors.
|
|
<<: *spec_reports
|
|
coverage_report:
|
|
coverage_format: cobertura
|
|
path: coverage/coverage.xml
|
|
|
|
Ubuntu 18.04 specs :
|
|
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/ubuntu_18.04-ruby:${BUILDER_IMAGE_REVISION}"
|
|
extends: .chef_spec_template
|
|
parallel: 6
|
|
needs:
|
|
- Ubuntu 18.04 knapsack
|
|
Ubuntu 20.04 specs :
|
|
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/ubuntu_20.04-ruby:${BUILDER_IMAGE_REVISION}"
|
|
extends: .chef_spec_template
|
|
parallel: 6
|
|
needs:
|
|
- Ubuntu 20.04 knapsack
|
|
Ubuntu 22.04 specs:
|
|
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/ubuntu_22.04-ruby:${BUILDER_IMAGE_REVISION}"
|
|
extends: .chef_spec_template
|
|
parallel: 6
|
|
needs:
|
|
- Ubuntu 22.04 knapsack
|
|
Debian 10 specs :
|
|
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/debian_10-ruby:${BUILDER_IMAGE_REVISION}"
|
|
extends: .chef_spec_template
|
|
parallel: 6
|
|
needs:
|
|
- Debian 10 knapsack
|
|
Debian 11 specs :
|
|
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/debian_11-ruby:${BUILDER_IMAGE_REVISION}"
|
|
extends: .chef_spec_template
|
|
parallel: 6
|
|
needs:
|
|
- Debian 11 knapsack
|
|
Debian 12 specs :
|
|
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/debian_12-ruby:${BUILDER_IMAGE_REVISION}"
|
|
extends: .chef_spec_template
|
|
parallel: 6
|
|
needs:
|
|
- Debian 12 knapsack
|
|
Centos 7 specs :
|
|
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/centos_7-ruby:${BUILDER_IMAGE_REVISION}"
|
|
extends: .chef_spec_template
|
|
parallel: 6
|
|
needs:
|
|
- Centos 7 knapsack
|
|
AlmaLinux 8 specs :
|
|
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/almalinux_8-ruby:${BUILDER_IMAGE_REVISION}"
|
|
extends: .chef_spec_template
|
|
parallel: 6
|
|
needs:
|
|
- AlmaLinux 8 knapsack
|
|
AlmaLinux 9 specs :
|
|
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/almalinux_9-ruby:${BUILDER_IMAGE_REVISION}"
|
|
extends: .chef_spec_template
|
|
parallel: 6
|
|
needs:
|
|
- AlmaLinux 9 knapsack
|
|
OpenSUSE 15.5 specs :
|
|
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/opensuse_15.5-ruby:${BUILDER_IMAGE_REVISION}"
|
|
extends: .chef_spec_template
|
|
parallel: 6
|
|
needs:
|
|
- OpenSUSE 15.5 knapsack
|
|
AmazonLinux 2 specs :
|
|
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/amazonlinux_2-ruby:${BUILDER_IMAGE_REVISION}"
|
|
extends: .chef_spec_template
|
|
parallel: 6
|
|
needs:
|
|
- AmazonLinux 2 knapsack
|
|
AmazonLinux 2023 specs :
|
|
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/amazonlinux_2023-ruby:${BUILDER_IMAGE_REVISION}"
|
|
extends: .chef_spec_template
|
|
parallel: 6
|
|
needs:
|
|
- AmazonLinux 2023 knapsack
|
|
|
|
|
|
update-knapsack:
|
|
extends: .knapsack-state
|
|
image: "${RUBY_IMAGE}"
|
|
stage: post-test
|
|
before_script: []
|
|
script:
|
|
- support/merge-reports knapsack
|
|
- rm -f knapsack/*node*
|
|
rules:
|
|
- if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/'
|
|
- if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
|
|
retry: 1
|
|
|
|
############################
|
|
# Trigger Pipeline #
|
|
############################
|
|
|
|
Trigger:package:
|
|
extends: .trigger-package-common
|
|
variables:
|
|
BASE_OS: "ubuntu_22.04"
|
|
PACKAGE_DIRECTORY: "pkg/ubuntu-jammy"
|
|
|
|
Trigger:package:fips:
|
|
extends:
|
|
- .trigger-package-common
|
|
- .trigger-fips-package-cache
|
|
variables:
|
|
USE_SYSTEM_SSL: "true"
|
|
BASE_OS: "ubuntu_20.04_fips"
|
|
PACKAGE_DIRECTORY: "pkg/ubuntu-focal_fips"
|
|
allow_failure: true
|
|
rules:
|
|
- if: '$PIPELINE_TYPE == "TRIGGERED_EE_PIPELINE"'
|
|
when: manual
|
|
|
|
package_size_check:
|
|
extends: .trigger-package-cache
|
|
image: "${BUILDER_IMAGE_REGISTRY}/ubuntu_22.04:${BUILDER_IMAGE_REVISION}"
|
|
stage: trigger-qa
|
|
script:
|
|
- bundle exec rake build:package:generate_sizefile
|
|
- bundle exec rake check:package_size
|
|
needs:
|
|
- job: Trigger:package
|
|
artifacts: false
|
|
rules:
|
|
- if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/'
|
|
|
|
Trigger:gitlab-docker:
|
|
extends:
|
|
- .docker_job
|
|
- .gems-cache
|
|
stage: trigger-docker
|
|
script:
|
|
- bundle exec rake docker:build:image
|
|
- bundle exec rake docker:push:triggered
|
|
rules:
|
|
- if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/'
|
|
- if: '$PIPELINE_TYPE == "TRIGGER_CACHE_UPDATE_PIPELINE"'
|
|
needs:
|
|
- job: Trigger:package
|
|
artifacts: false
|
|
- job: generate-facts
|
|
optional: true
|
|
artifacts: true
|
|
|
|
qa-subset-test:
|
|
extends:
|
|
- .qa-template
|
|
stage: trigger-qa
|
|
variables:
|
|
QA_OMNIBUS_MR_TESTS: "only-smoke-reliable"
|
|
QA_RUN_TYPE: ${CI_JOB_NAME}
|
|
QA_SUITES: "QA::Scenario::Test::Integration::GitalyCluster,QA::Scenario::Test::Integration::InstanceSAML,QA::Scenario::Test::Integration::LDAPNoServer,QA::Scenario::Test::Integration::LDAPNoTLS,QA::Scenario::Test::Integration::LDAPTLS,QA::Scenario::Test::Integration::Mattermost,QA::Scenario::Test::Integration::Mtls,QA::Scenario::Test::Integration::ObjectStorageGcs,QA::Scenario::Test::Integration::RegistryTLS,QA::Scenario::Test::Integration::RegistryWithCDN,QA::Scenario::Test::Integration::SMTP,QA::Scenario::Test::Integration::Registry,QA::Scenario::Test::Instance::ObjectStorage,QA::Scenario::Test::Instance::RepositoryStorage,QA::Scenario::Test::Instance::GitlabPages,QA::Scenario::Test::Instance::Metrics,QA::EE::Scenario::Test::Integration::GroupSAML,QA::Scenario::Test::Instance::Smoke"
|
|
rules:
|
|
- if: '$SKIP_QA_TEST == "true"'
|
|
when: never
|
|
- if: '$PIPELINE_TYPE =~ /TRIGGERED_CE_PIPELINE/ && $MANUAL_QA_TEST == "true"'
|
|
when: manual
|
|
allow_failure: true
|
|
variables:
|
|
FOSS_ONLY: "1"
|
|
- if: '$PIPELINE_TYPE =~ /TRIGGERED_CE_PIPELINE/'
|
|
variables:
|
|
FOSS_ONLY: "1"
|
|
- if: '$PIPELINE_TYPE =~ /TRIGGERED_EE_PIPELINE/ && $MANUAL_QA_TEST == "true"'
|
|
when: manual
|
|
allow_failure: true
|
|
- if: '$PIPELINE_TYPE =~ /TRIGGERED_EE_PIPELINE/'
|
|
needs:
|
|
- job: generate-facts
|
|
artifacts: true
|
|
- job: Trigger:package
|
|
artifacts: false
|
|
- job: Trigger:gitlab-docker
|
|
artifacts: false
|
|
|
|
qa-remaining-test-manual:
|
|
extends:
|
|
- .qa-template
|
|
stage: trigger-qa
|
|
variables:
|
|
QA_RUN_TYPE: ${CI_JOB_NAME}
|
|
QA_OMNIBUS_MR_TESTS: "except-smoke-reliable"
|
|
QA_SUITES: "QA::EE::Scenario::Test::Integration::Elasticsearch,QA::Scenario::Test::Integration::Import,QA::Scenario::Test::Integration::Integrations,QA::Scenario::Test::Integration::OAuth,QA::Scenario::Test::Integration::Jira,QA::Scenario::Test::Integration::ServicePingDisabled,QA::Scenario::Test::Instance::LargeSetup,QA::Scenario::Test::Instance::CloudActivation"
|
|
rules:
|
|
- if: '$SKIP_QA_TEST == "true"'
|
|
when: never
|
|
- if: '$PIPELINE_TYPE =~ /TRIGGERED_CE_PIPELINE/'
|
|
when: manual
|
|
allow_failure: true
|
|
variables:
|
|
FOSS_ONLY: "1"
|
|
- if: '$PIPELINE_TYPE =~ /TRIGGERED_EE_PIPELINE/'
|
|
when: manual
|
|
allow_failure: true
|
|
needs:
|
|
- job: generate-facts
|
|
artifacts: true
|
|
- job: Trigger:package
|
|
artifacts: false
|
|
- job: Trigger:gitlab-docker
|
|
artifacts: false
|
|
|
|
letsencrypt-test:
|
|
extends: .docker_job
|
|
stage: trigger-qa
|
|
script:
|
|
- echo "${CI_REGISTRY_PASSWORD}" | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
|
|
- curl -L "https://github.com/docker/compose/releases/download/1.29.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
|
|
- chmod +x /usr/local/bin/docker-compose
|
|
- bundle exec rake qa:test_letsencrypt
|
|
rules:
|
|
- if: '$TOP_UPSTREAM_SOURCE_PROJECT == "gitlab-org/gitlab"'
|
|
when: never
|
|
- if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/'
|
|
needs:
|
|
- job: Trigger:gitlab-docker
|
|
artifacts: false
|
|
|
|
RAT:
|
|
stage: trigger-qa
|
|
variables:
|
|
PACKAGE_URL: ${RAT_PACKAGE_URL}
|
|
REFERENCE_ARCHITECTURE: ${RAT_REFERENCE_ARCHITECTURE}
|
|
QA_IMAGE: ${QA_IMAGE}
|
|
trigger:
|
|
project: 'gitlab-org/distribution/reference-architecture-tester'
|
|
branch: 'master'
|
|
strategy: depend
|
|
forward:
|
|
pipeline_variables: false
|
|
yaml_variables: true
|
|
rules:
|
|
- if: '$PIPELINE_TYPE == "TRIGGERED_EE_PIPELINE"'
|
|
when: manual
|
|
allow_failure: true
|
|
needs:
|
|
- job: Trigger:package
|
|
artifacts: false
|
|
- job: generate-facts
|
|
artifacts: true
|
|
|
|
RAT:FIPS:
|
|
extends: RAT
|
|
variables:
|
|
PACKAGE_URL: ${RAT_FIPS_PACKAGE_URL}
|
|
REFERENCE_ARCHITECTURE: ${RAT_FIPS_REFERENCE_ARCHITECTURE}
|
|
needs:
|
|
- job: Trigger:package:fips
|
|
artifacts: false
|
|
- job: generate-facts
|
|
artifacts: true
|
|
|
|
GET:Geo:
|
|
stage: trigger-qa
|
|
variables:
|
|
ENVIRONMENT_ACTION: 'tmp-env'
|
|
QA_IMAGE: ${QA_IMAGE}
|
|
GITLAB_DEB_DOWNLOAD_URL: ${RAT_PACKAGE_URL}
|
|
trigger:
|
|
project: 'gitlab-org/geo-team/geo-ci'
|
|
branch: $GET_GEO_TAG
|
|
strategy: depend
|
|
forward:
|
|
pipeline_variables: false
|
|
yaml_variables: true
|
|
rules:
|
|
- if: '$PIPELINE_TYPE == "TRIGGERED_EE_PIPELINE"'
|
|
when: manual
|
|
allow_failure: true
|
|
needs:
|
|
- job: Trigger:package
|
|
artifacts: false
|
|
- job: generate-facts
|
|
artifacts: true
|
|
|
|
dependency_scanning:
|
|
image: "registry.gitlab.com/gitlab-org/security-products/gitlab-depscan:2.4"
|
|
stage: validate
|
|
variables:
|
|
REPORT_PATH: ./
|
|
NVD_DB_UPDATE: "true"
|
|
before_script: []
|
|
script:
|
|
- /gitlab-depscan.sh build_facts/version-manifest.json
|
|
rules:
|
|
- if: '$PIPELINE_TYPE == "DEPENDENCY_SCANNING_PIPELINE"'
|
|
- if: '$PIPELINE_TYPE == "GITLAB_MR_PIPELINE"'
|
|
allow_failure: true
|
|
needs:
|
|
- generate-facts
|
|
artifacts:
|
|
expire_in: 7 days
|
|
when: always
|
|
reports:
|
|
dependency_scanning: gl-dependency-scanning-report.json
|
|
paths:
|
|
- dependency_report.txt
|
|
|
|
dependency_update:
|
|
image: "${BUILDER_IMAGE_REGISTRY}/distribution_ci_tools:${BUILDER_IMAGE_REVISION}"
|
|
stage: prepare
|
|
before_script: []
|
|
script:
|
|
- curl https://deps.app/install.sh | bash -s -- -b $HOME/bin
|
|
- $HOME/bin/deps ci
|
|
rules:
|
|
- if: '$PIPELINE_TYPE == "DEPS_IO_VERSION_CHECK_PIPELINE"'
|
|
|
|
validate_packer_changes:
|
|
before_script: []
|
|
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/debian_packer:${BUILDER_IMAGE_REVISION}"
|
|
stage: check
|
|
script:
|
|
- cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var ci_job_token=XXX -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ce-arm64.pkr.hcl
|
|
- cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var ci_job_token=XXX -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ce.pkr.hcl
|
|
- cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var ci_job_token=XXX -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ee-arm64.pkr.hcl
|
|
- cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var ci_job_token=XXX -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ee-premium.pkr.hcl
|
|
- cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var ci_job_token=XXX -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ee-ultimate.pkr.hcl
|
|
- cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var ci_job_token=XXX -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ee.pkr.hcl
|
|
rules:
|
|
- if: '$PIPELINE_TYPE == "_TEST_PIPELINE"'
|
|
changes:
|
|
- support/packer/*
|
|
- if: '$PIPELINE_TYPE == "GITLAB_MR_PIPELINE"'
|
|
changes:
|
|
- support/packer/*
|
|
|
|
##############################
|
|
# Scheduled pipeline #
|
|
##############################
|
|
|
|
pages:
|
|
image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/ubuntu_20.04:${BUILDER_IMAGE_REVISION}"
|
|
stage: prepare
|
|
needs:
|
|
- yard
|
|
script:
|
|
- bundle exec rake license:generate_pages
|
|
# Remove "|| true" after we confirm this works.
|
|
- bundle exec rake manifest:generate_pages || true
|
|
- mv ${LICENSE_S3_BUCKET} public
|
|
- cp support/webpages/* public
|
|
- cp -R yard/* public
|
|
artifacts:
|
|
paths:
|
|
- public
|
|
rules:
|
|
- if: '$PIPELINE_TYPE == "LICENSE_PAGE_UPDATE_PIPELINE"'
|
|
|
|
.build-package-on-all-os-vars:
|
|
extends: .base-trigger-job-variables
|
|
SKIP_JOB_REGEX: '/Ubuntu-22.04|Docker|QA/'
|
|
PIPELINE_TYPE: "${EDITION}_BRANCH_BUILD_PIPELINE"
|
|
CACHE_EDITION: ${EDITION}
|
|
ee: ${ee}
|
|
|
|
build-package-on-all-os:
|
|
stage: trigger-package
|
|
needs:
|
|
- job: generate-facts
|
|
artifacts: true
|
|
variables:
|
|
trigger:
|
|
include: '.gitlab-ci.yml'
|
|
strategy: depend
|
|
rules:
|
|
# Triggers from GitLab Rails/Gitaly/GitLab Pages pipeline which forced building on all OS automatically
|
|
- if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/ && $BUILD_ON_ALL_OS == "true"'
|
|
when: always
|
|
variables: !reference [.build-package-on-all-os-vars]
|
|
# MR pipelines from omnibus-gitlab that change files which require building on all OS automatically
|
|
- if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/ && $CI_PIPELINE_SOURCE != "pipeline"'
|
|
changes:
|
|
- Gemfile
|
|
- Gemfile.lock
|
|
- config/software/**
|
|
- config/patches/**
|
|
when: always
|
|
variables: !reference [.build-package-on-all-os-vars]
|
|
# Covering the remaining scenarios - provide the job to be manually run by developers, if required
|
|
# (i) MR pipelines from omnibus-gitlab that doesn't change files which require building on all OS
|
|
# (ii) Triggers from GitLab Rails/Gitaly/GitLab Pages pipeline which didn't force building on all OS
|
|
- if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/'
|
|
when: manual
|
|
allow_failure: true
|
|
variables: !reference [.build-package-on-all-os-vars]
|