diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-02-20 16:49:51 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-02-20 16:49:51 +0300 |
commit | 71786ddc8e28fbd3cb3fcc4b3ff15e5962a1c82e (patch) | |
tree | 6a2d93ef3fb2d353bb7739e4b57e6541f51cdd71 /.gitlab/ci | |
parent | a7253423e3403b8c08f8a161e5937e1488f5f407 (diff) |
Add latest changes from gitlab-org/gitlab@15-9-stable-eev15.9.0-rc42
Diffstat (limited to '.gitlab/ci')
29 files changed, 760 insertions, 356 deletions
diff --git a/.gitlab/ci/as-if-jh.gitlab-ci.yml b/.gitlab/ci/as-if-jh.gitlab-ci.yml index 6019c8a9649..6bd46bee770 100644 --- a/.gitlab/ci/as-if-jh.gitlab-ci.yml +++ b/.gitlab/ci/as-if-jh.gitlab-ci.yml @@ -10,7 +10,7 @@ add-jh-files: extends: - .shared-as-if-jh - .as-if-jh:rules:prepare-as-if-jh - image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION} + image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION} stage: prepare before_script: - source ./scripts/utils.sh @@ -38,12 +38,12 @@ prepare-as-if-jh-branch: needs: - add-jh-files script: + # Fetch for the history of the branch so it does not cause the following error: + # ! [remote rejected] ref -> ref (shallow update not allowed) + - git fetch --unshallow --filter=tree:0 origin "${CI_COMMIT_SHA}" - git checkout -b "${AS_IF_JH_BRANCH}" - git add ${JH_FILES_TO_COMMIT} - git commit -m 'Add JH files' # TODO: Mark which SHA we add - # Fetch for the history of the branch so it does not cause the following error: - # ! [remote rejected] ref -> ref (shallow update not allowed) - - git fetch --unshallow --filter=tree:0 origin "${CI_COMMIT_REF_NAME}" - git push -f "${SANDBOX_REPOSITORY}" "${AS_IF_JH_BRANCH}" start-as-if-jh: diff --git a/.gitlab/ci/build-images.gitlab-ci.yml b/.gitlab/ci/build-images.gitlab-ci.yml index 05748cff266..4ee15ccb311 100644 --- a/.gitlab/ci/build-images.gitlab-ci.yml +++ b/.gitlab/ci/build-images.gitlab-ci.yml @@ -27,6 +27,34 @@ build-qa-image as-if-foss: extends: - build-qa-image - .as-if-foss + - .build-images:rules:build-qa-image-as-if-foss + +# Prepares an image with GDK configured based on code in master. This saves some time in MRs because some installation +# and complilation will have already been performed. +build-qa-on-gdk-master-image: + extends: + - .base-image-build-buildx + - .build-images:rules:build-qa-on-gdk-master-image + tags: + - e2e + stage: build-images + needs: [] + variables: + QA_GDK_IMAGE: "${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-qa-gdk" + before_script: + - !reference [.use-buildx, before_script] + - sysctl -n -w fs.inotify.max_user_watches=524288 + script: + - | + docker buildx build \ + --cache-to=type=inline \ + --cache-from ${QA_GDK_IMAGE}:master \ + --platform=${ARCH:-amd64} \ + --add-host gdk.test:127.0.0.1 \ + --tag ${QA_GDK_IMAGE}:master \ + --file="qa/gdk/Dockerfile" \ + --push \ + ${CI_PROJECT_DIR} build-assets-image: extends: diff --git a/.gitlab/ci/caching.gitlab-ci.yml b/.gitlab/ci/caching.gitlab-ci.yml index 6a13fc3c56f..31975e481bc 100644 --- a/.gitlab/ci/caching.gitlab-ci.yml +++ b/.gitlab/ci/caching.gitlab-ci.yml @@ -47,16 +47,15 @@ cache-assets:test as-if-foss: - .as-if-foss cache-assets:production: - extends: .cache-assets-base - variables: - NODE_ENV: "production" - RAILS_ENV: "production" + extends: + - .cache-assets-base + - .production packages-cleanup: extends: - .default-retry - .caching:rules:packages-cleanup - image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION} + image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION} stage: prepare before_script: - source scripts/utils.sh diff --git a/.gitlab/ci/database.gitlab-ci.yml b/.gitlab/ci/database.gitlab-ci.yml new file mode 100644 index 00000000000..ace968ec249 --- /dev/null +++ b/.gitlab/ci/database.gitlab-ci.yml @@ -0,0 +1,118 @@ +include: + - local: .gitlab/ci/rails/shared.gitlab-ci.yml + +db:rollback: + extends: + - .db-job-base + - .rails:rules:db-rollback + script: + - scripts/db_tasks db:migrate VERSION=20220502173045 # 14.10 (last 14.x version) + - scripts/db_tasks db:migrate + +db:rollback single-db: + extends: + - db:rollback + - .single-db + - .rails:rules:single-db + +db:migrate:reset: + extends: .db-job-base + script: + - bundle exec rake db:migrate:reset + +db:migrate:reset single-db: + extends: + - db:migrate:reset + - .single-db + - .rails:rules:single-db + +db:check-schema: + extends: + - .db-job-base + - .rails:rules:ee-mr-and-default-branch-only + script: + - run_timed_command "bundle exec rake db:drop db:create" + - run_timed_command "scripts/db_tasks db:migrate" + +db:check-schema-single-db: + extends: + - db:check-schema + - .single-db + - .rails:rules:single-db + +db:check-migrations: + extends: + - .db-job-base + - .rails:rules:ee-and-foss-mr-with-migration + script: + - git fetch origin $CI_MERGE_REQUEST_TARGET_BRANCH_NAME:$CI_MERGE_REQUEST_TARGET_BRANCH_NAME --depth 20 + - scripts/validate_migration_schema + allow_failure: true + +db:check-migrations-single-db: + extends: + - db:check-migrations + - .single-db + - .rails:rules:db:check-migrations-single-db + +db:post_deployment_migrations_validator: + extends: + - .db-job-base + - .rails:rules:ee-and-foss-mr-with-migration + script: + - git fetch origin $CI_MERGE_REQUEST_TARGET_BRANCH_NAME:$CI_MERGE_REQUEST_TARGET_BRANCH_NAME --depth 20 + - scripts/post_deployment_migrations_validator + allow_failure: true + +db:post_deployment_migrations_validator-single-db: + extends: + - db:post_deployment_migrations_validator + - .single-db + - .rails:rules:db:check-migrations-single-db + +db:migrate-non-superuser: + extends: + - .db-job-base + - .rails:rules:ee-and-foss-mr-with-migration + script: + - bundle exec rake gitlab:db:reset_as_non_superuser + +db:gitlabcom-database-testing: + extends: .rails:rules:db:gitlabcom-database-testing + stage: test + image: ruby:${RUBY_VERSION}-alpine + needs: [] + allow_failure: true + script: + - source scripts/utils.sh + - install_gitlab_gem + - ./scripts/trigger-build.rb gitlab-com-database-testing + +db:backup_and_restore: + extends: + - .db-job-base + - .rails:rules:db-backup + variables: + SETUP_DB: "false" + GITLAB_ASSUME_YES: "1" + script: + - . scripts/prepare_build.sh + - bundle exec rake db:drop db:create db:structure:load db:seed_fu + - mkdir -p tmp/tests/public/uploads tmp/tests/{artifacts,pages,lfs-objects,terraform_state,registry,packages} + - bundle exec rake gitlab:backup:create + - date + - bundle exec rake gitlab:backup:restore + +db:backup_and_restore single-db: + extends: + - db:backup_and_restore + - .single-db + - .rails:rules:db-backup + +db:rollback geo: + extends: + - db:rollback + - .rails:rules:ee-only-migration + script: + - bundle exec rake db:migrate:geo VERSION=20170627195211 + - bundle exec rake db:migrate:geo diff --git a/.gitlab/ci/dev-fixtures.gitlab-ci.yml b/.gitlab/ci/dev-fixtures.gitlab-ci.yml index ea868ada621..0ff469d7114 100644 --- a/.gitlab/ci/dev-fixtures.gitlab-ci.yml +++ b/.gitlab/ci/dev-fixtures.gitlab-ci.yml @@ -16,7 +16,7 @@ .run-dev-fixtures-script: &run-dev-fixtures-script - run_timed_command "scripts/gitaly-test-spawn" - - run_timed_command "RAILS_ENV=test bundle exec rake db:seed_fu" + - run_timed_command "bundle exec rake db:seed_fu" run-dev-fixtures: extends: diff --git a/.gitlab/ci/docs.gitlab-ci.yml b/.gitlab/ci/docs.gitlab-ci.yml index 02fc58f8580..b404444f815 100644 --- a/.gitlab/ci/docs.gitlab-ci.yml +++ b/.gitlab/ci/docs.gitlab-ci.yml @@ -42,7 +42,7 @@ review-docs-cleanup: docs-lint links: extends: - .docs:rules:docs-lint - image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-docs/lint-html:alpine-3.16-ruby-2.7.6-0bc327a4 + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-docs/lint-html:alpine-3.16-ruby-3.0.5-869cfc5d stage: lint needs: [] script: @@ -58,18 +58,31 @@ docs-lint links: .docs-markdown-lint-image: # When updating the image version here, update it in /scripts/lint-doc.sh too. - image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-docs/lint-markdown:alpine-3.16-vale-2.20.1-markdownlint-0.32.2 + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-docs/lint-markdown:alpine-3.16-vale-2.22.0-markdownlint-0.32.2-markdownlint2-0.6.0 docs-lint markdown: extends: - .default-retry - .docs:rules:docs-lint - .docs-markdown-lint-image + - .yarn-cache stage: lint needs: [] script: + - source ./scripts/utils.sh + - yarn_install_script - scripts/lint-doc.sh +docs-lint blueprint: + extends: + - .default-retry + - .docs:rules:docs-blueprints-lint + image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}-slim + stage: lint + needs: [] + script: + - scripts/lint-docs-blueprints.rb + docs code_quality: extends: - .reports:rules:code_quality diff --git a/.gitlab/ci/frontend.gitlab-ci.yml b/.gitlab/ci/frontend.gitlab-ci.yml index 0c9cdc28136..2e0d83187cf 100644 --- a/.gitlab/ci/frontend.gitlab-ci.yml +++ b/.gitlab/ci/frontend.gitlab-ci.yml @@ -33,10 +33,8 @@ compile-production-assets: extends: - .compile-assets-base + - .production - .frontend:rules:compile-production-assets - variables: - NODE_ENV: "production" - RAILS_ENV: "production" artifacts: name: webpack-report expire_in: 31d @@ -131,7 +129,7 @@ rspec-all frontend_fixture: needs: - !reference [.frontend-fixtures-base, needs] - "compile-test-assets" - parallel: 5 + parallel: 7 # Builds FOSS fixtures in the EE project, with the `ee/` folder removed (due to `as-if-foss`). rspec-all frontend_fixture as-if-foss: @@ -202,7 +200,7 @@ jest: - tmp/tests/frontend/ reports: junit: junit_jest.xml - parallel: 5 + parallel: 7 jest predictive: extends: @@ -220,7 +218,7 @@ jest as-if-foss: - .frontend:rules:jest:as-if-foss - .as-if-foss needs: ["rspec-all frontend_fixture as-if-foss"] - parallel: 2 + parallel: 4 jest predictive as-if-foss: extends: diff --git a/.gitlab/ci/global.gitlab-ci.yml b/.gitlab/ci/global.gitlab-ci.yml index 90f00c887f7..ba623ef4cbe 100644 --- a/.gitlab/ci/global.gitlab-ci.yml +++ b/.gitlab/ci/global.gitlab-ci.yml @@ -21,6 +21,12 @@ - !reference [.default-utils-before_script, before_script] - source scripts/prepare_build.sh +.production: + variables: + RAILS_ENV: "production" + NODE_ENV: "production" + GITLAB_ALLOW_SEPARATE_CI_DATABASE: "true" + .ruby-gems-cache: &ruby-gems-cache key: "ruby-gems-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}" paths: @@ -257,9 +263,13 @@ - name: redis:5.0-alpine - name: elasticsearch:7.17.6 command: ["elasticsearch", "-E", "discovery.type=single-node", "-E", "xpack.security.enabled=false"] + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0 + alias: zoekt-ci-image variables: POSTGRES_HOST_AUTH_METHOD: trust PG_VERSION: "11" + ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060 + ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070 .use-pg12-es7-ee: services: @@ -268,9 +278,13 @@ - name: redis:6.0-alpine - name: elasticsearch:7.17.6 command: ["elasticsearch", "-E", "discovery.type=single-node", "-E", "xpack.security.enabled=false"] + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0 + alias: zoekt-ci-image variables: POSTGRES_HOST_AUTH_METHOD: trust PG_VERSION: "12" + ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060 + ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070 .use-pg13-es7-ee: services: @@ -279,9 +293,13 @@ - name: redis:6.2-alpine - name: elasticsearch:7.17.6 command: ["elasticsearch", "-E", "discovery.type=single-node", "-E", "xpack.security.enabled=false"] + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0 + alias: zoekt-ci-image variables: POSTGRES_HOST_AUTH_METHOD: trust PG_VERSION: "13" + ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060 + ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070 .use-pg12-es8-ee: services: @@ -289,11 +307,15 @@ command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] - name: redis:6.0-alpine - name: elasticsearch:8.5.3 + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0 + alias: zoekt-ci-image variables: POSTGRES_HOST_AUTH_METHOD: trust PG_VERSION: "12" ES_SETTING_DISCOVERY_TYPE: "single-node" ES_SETTING_XPACK_SECURITY_ENABLED: "false" + ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060 + ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070 .use-pg12-opensearch1-ee: services: @@ -303,9 +325,13 @@ - name: opensearchproject/opensearch:1.3.5 alias: elasticsearch command: ["bin/opensearch", "-E", "discovery.type=single-node", "-E", "plugins.security.disabled=true"] + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0 + alias: zoekt-ci-image variables: POSTGRES_HOST_AUTH_METHOD: trust PG_VERSION: "12" + ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060 + ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070 .use-pg12-opensearch2-ee: services: @@ -315,9 +341,13 @@ - name: opensearchproject/opensearch:2.2.1 alias: elasticsearch command: ["bin/opensearch", "-E", "discovery.type=single-node", "-E", "plugins.security.disabled=true"] + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0 + alias: zoekt-ci-image variables: POSTGRES_HOST_AUTH_METHOD: trust PG_VERSION: "12" + ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060 + ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070 .use-kaniko: image: diff --git a/.gitlab/ci/memory.gitlab-ci.yml b/.gitlab/ci/memory.gitlab-ci.yml index efdae0715aa..5d6b90d107d 100644 --- a/.gitlab/ci/memory.gitlab-ci.yml +++ b/.gitlab/ci/memory.gitlab-ci.yml @@ -19,12 +19,11 @@ memory-on-boot: extends: - .only-code-memory-job-base + - .production - .use-pg12 stage: test needs: ["setup-test-env", "compile-test-assets"] variables: - NODE_ENV: "production" - RAILS_ENV: "production" SETUP_DB: "true" MEMORY_ON_BOOT_FILE_PREFIX: "tmp/memory_on_boot_" TEST_COUNT: 5 diff --git a/.gitlab/ci/notify.gitlab-ci.yml b/.gitlab/ci/notify.gitlab-ci.yml index 638e1cd8bd8..20f19978022 100644 --- a/.gitlab/ci/notify.gitlab-ci.yml +++ b/.gitlab/ci/notify.gitlab-ci.yml @@ -55,13 +55,14 @@ notify-pipeline-failure: script: - | if [[ "${CREATE_INCIDENT_FOR_PIPELINE_FAILURE}" == "true" ]]; then - scripts/create-pipeline-failure-incident.rb -p ${INCIDENT_PROJECT} -f ${INCIDENT_JSON} -t ${BROKEN_BRANCH_PROJECT_TOKEN}; + scripts/create-pipeline-failure-incident.rb -p ${INCIDENT_PROJECT} -f ${INCIDENT_JSON} -t ${BROKEN_BRANCH_PROJECT_TOKEN} || + scripts/slack ${SLACK_CHANNEL} "☠️ Broken pipeline incident creation failed! ☠️ See ${CI_JOB_URL}" ci_failing "Failed pipeline reporter"; echosuccess "Created incident $(jq '.web_url' ${INCIDENT_JSON})"; fi - | scripts/generate-failed-pipeline-slack-message.rb -i ${INCIDENT_JSON} -f ${FAILED_PIPELINE_SLACK_MESSAGE_FILE}; curl -X POST -H 'Content-Type: application/json' --data @${FAILED_PIPELINE_SLACK_MESSAGE_FILE} "$CI_SLACK_WEBHOOK_URL" || - scripts/slack ${SLACK_CHANNEL} "☠️ Broken pipeline notification failed! ☠️ See ${CI_JOB_URL}" ci_failing "Failed pipeline reporter" + scripts/slack ${SLACK_CHANNEL} "☠️ Broken pipeline notification failed! ☠️ See ${CI_JOB_URL}" ci_failing "Failed pipeline reporter"; artifacts: paths: diff --git a/.gitlab/ci/package-and-test/main.gitlab-ci.yml b/.gitlab/ci/package-and-test/main.gitlab-ci.yml index 48059d9518f..0d30cb78be7 100644 --- a/.gitlab/ci/package-and-test/main.gitlab-ci.yml +++ b/.gitlab/ci/package-and-test/main.gitlab-ci.yml @@ -1,4 +1,5 @@ # E2E tests pipeline loaded dynamically by script: scripts/generate-e2e-pipeline +# For adding new tests, refer to: doc/development/testing_guide/end_to_end/package_and_test_pipeline.md default: interruptible: true @@ -7,7 +8,7 @@ include: - local: .gitlab/ci/package-and-test/rules.gitlab-ci.yml - local: .gitlab/ci/package-and-test/variables.gitlab-ci.yml - project: gitlab-org/quality/pipeline-common - ref: 1.14.1 + ref: 2.0.0 file: - /ci/base.gitlab-ci.yml - /ci/allure-report.yml @@ -57,15 +58,16 @@ stages: optional: true - job: download-knapsack-report artifacts: true + optional: true variables: QA_GENERATE_ALLURE_REPORT: "true" QA_CAN_TEST_PRAEFECT: "false" QA_INTERCEPT_REQUESTS: "true" QA_RUN_TYPE: e2e-package-and-test - TEST_LICENSE_MODE: $QA_TEST_LICENSE_MODE EE_LICENSE: $QA_EE_LICENSE GITHUB_ACCESS_TOKEN: $QA_GITHUB_ACCESS_TOKEN GITLAB_QA_ADMIN_ACCESS_TOKEN: $QA_ADMIN_ACCESS_TOKEN + GITLAB_LICENSE_MODE: test # ========================================== # Prepare stage @@ -161,7 +163,7 @@ trigger-omnibus: download-knapsack-report: extends: - .gitlab-qa-image - - .rules:prepare + - .rules:download-knapsack stage: .pre variables: KNAPSACK_DIR: ${CI_PROJECT_DIR}/qa/knapsack @@ -216,13 +218,13 @@ _ee:quarantine: # ------------------------------------------ # Run specs with feature flags set to the opposite of the default state -ee:instance-parallel-ff-inverse: +ee:instance-ff-inverse: extends: - .qa - .parallel variables: QA_SCENARIO: Test::Instance::Image - QA_KNAPSACK_REPORT_NAME: ee-instance-parallel + QA_KNAPSACK_REPORT_NAME: ee-instance GITLAB_QA_OPTS: --set-feature-flags $QA_FEATURE_FLAGS rules: - !reference [.rules:test:feature-flags-set, rules] @@ -230,140 +232,141 @@ ee:instance-parallel-ff-inverse: # ------------------------------------------ # Jobs with parallel variant # ------------------------------------------ -ee:instance: +ee:instance-selective: extends: .qa variables: QA_SCENARIO: Test::Instance::Image rules: - - !reference [.rules:test:qa-non-parallel, rules] + - !reference [.rules:test:qa-selective, rules] - if: $QA_SUITES =~ /Test::Instance::All/ -ee:instance-parallel: +ee:instance: extends: - .parallel - - ee:instance + - ee:instance-selective rules: - - !reference [.rules:test:feature-flags-set, rules] # always run instance-parallel to validate ff change + - !reference [.rules:test:feature-flags-set, rules] # always run ee:instance to validate ff change - !reference [.rules:test:qa-parallel, rules] - if: $QA_SUITES =~ /Test::Instance::All/ -ee:praefect: +ee:praefect-selective: extends: .qa variables: QA_SCENARIO: Test::Integration::Praefect QA_CAN_TEST_PRAEFECT: "true" rules: - - !reference [.rules:test:qa-non-parallel, rules] + - !reference [.rules:test:qa-selective, rules] - if: $QA_SUITES =~ /Test::Instance::All/ -ee:praefect-parallel: +ee:praefect: extends: - .parallel - - ee:praefect + - ee:praefect-selective rules: - !reference [.rules:test:qa-parallel, rules] - if: $QA_SUITES =~ /Test::Instance::All/ -ee:relative-url: +ee:relative-url-selective: extends: .qa variables: QA_SCENARIO: Test::Instance::RelativeUrl rules: - - !reference [.rules:test:qa-non-parallel, rules] + - !reference [.rules:test:qa-selective, rules] - if: $QA_SUITES =~ /Test::Instance::All/ -ee:relative-url-parallel: +ee:relative-url: extends: - .parallel - - ee:relative-url + - ee:relative-url-selective rules: - !reference [.rules:test:qa-parallel, rules] - if: $QA_SUITES =~ /Test::Instance::All/ -ee:decomposition-single-db: +ee:decomposition-single-db-selective: extends: .qa variables: QA_SCENARIO: Test::Instance::Image GITLAB_QA_OPTS: --omnibus-config decomposition_single_db rules: - - !reference [.rules:test:qa-non-parallel, rules] + - !reference [.rules:test:qa-selective, rules] - if: $QA_SUITES =~ /Test::Instance::All/ -ee:decomposition-single-db-parallel: +ee:decomposition-single-db: extends: - .parallel - - ee:decomposition-single-db + - ee:decomposition-single-db-selective rules: - !reference [.rules:test:qa-parallel, rules] - if: $QA_SUITES =~ /Test::Instance::All/ -ee:decomposition-multiple-db: +ee:decomposition-multiple-db-selective: extends: .qa variables: QA_SCENARIO: Test::Instance::Image + GITLAB_ALLOW_SEPARATE_CI_DATABASE: "true" GITLAB_QA_OPTS: --omnibus-config decomposition_multiple_db rules: - - !reference [.rules:test:qa-non-parallel, rules] + - !reference [.rules:test:qa-selective, rules] - if: $QA_SUITES =~ /Test::Instance::All/ -ee:decomposition-multiple-db-parallel: +ee:decomposition-multiple-db: extends: - .parallel - - ee:decomposition-multiple-db + - ee:decomposition-multiple-db-selective rules: - !reference [.rules:test:qa-parallel, rules] - if: $QA_SUITES =~ /Test::Instance::All/ -ee:object-storage: +ee:object-storage-selective: extends: .qa variables: QA_SCENARIO: Test::Instance::Image QA_RSPEC_TAGS: --tag object_storage GITLAB_QA_OPTS: --omnibus-config object_storage rules: - - !reference [.rules:test:qa-non-parallel, rules] + - !reference [.rules:test:qa-selective, rules] - if: $QA_SUITES =~ /Test::Instance::ObjectStorage/ -ee:object-storage-parallel: - extends: ee:object-storage +ee:object-storage: + extends: ee:object-storage-selective parallel: 2 rules: - !reference [.rules:test:qa-parallel, rules] - if: $QA_SUITES =~ /Test::Instance::ObjectStorage/ -ee:object-storage-aws: - extends: ee:object-storage +ee:object-storage-aws-selective: + extends: ee:object-storage-selective variables: AWS_S3_ACCESS_KEY: $QA_AWS_S3_ACCESS_KEY AWS_S3_BUCKET_NAME: $QA_AWS_S3_BUCKET_NAME AWS_S3_KEY_ID: $QA_AWS_S3_KEY_ID AWS_S3_REGION: $QA_AWS_S3_REGION GITLAB_QA_OPTS: --omnibus-config object_storage_aws -ee:object-storage-aws-parallel: - extends: ee:object-storage-aws +ee:object-storage-aws: + extends: ee:object-storage-aws-selective parallel: 2 rules: - - !reference [ee:object-storage-parallel, rules] + - !reference [ee:object-storage, rules] -ee:object-storage-gcs: - extends: ee:object-storage +ee:object-storage-gcs-selective: + extends: ee:object-storage-selective variables: GCS_BUCKET_NAME: $QA_GCS_BUCKET_NAME GOOGLE_PROJECT: $QA_GOOGLE_PROJECT GOOGLE_JSON_KEY: $QA_GOOGLE_JSON_KEY GOOGLE_CLIENT_EMAIL: $QA_GOOGLE_CLIENT_EMAIL GITLAB_QA_OPTS: --omnibus-config object_storage_gcs -ee:object-storage-gcs-parallel: - extends: ee:object-storage-gcs +ee:object-storage-gcs: + extends: ee:object-storage-gcs-selective parallel: 2 rules: - - !reference [ee:object-storage-parallel, rules] + - !reference [ee:object-storage, rules] -ee:packages: +ee:packages-selective: extends: .qa variables: QA_SCENARIO: Test::Instance::Image QA_RSPEC_TAGS: --tag packages GITLAB_QA_OPTS: --omnibus-config packages rules: - - !reference [.rules:test:qa-non-parallel, rules] + - !reference [.rules:test:qa-selective, rules] - if: $QA_SUITES =~ /Test::Instance::Packages/ -ee:packages-parallel: - extends: ee:packages +ee:packages: + extends: ee:packages-selective parallel: 2 rules: - !reference [.rules:test:qa-parallel, rules] @@ -440,7 +443,7 @@ ee:jira: JIRA_ADMIN_PASSWORD: $QA_JIRA_ADMIN_PASSWORD rules: - !reference [.rules:test:qa, rules] - - if: $QA_SUITES =~ /Test::Instance::Jira/ + - if: $QA_SUITES =~ /Test::Integration::Jira/ - !reference [.rules:test:manual, rules] ee:integrations: @@ -485,7 +488,7 @@ ee:mtls: QA_SCENARIO: Test::Integration::MTLS rules: - !reference [.rules:test:qa, rules] - - if: $QA_SUITES =~ /Test::Integration::MTLS/ + - if: $QA_SUITES =~ /Test::Integration::Mtls/ - !reference [.rules:test:manual, rules] ee:mattermost: @@ -584,7 +587,6 @@ ee:elasticsearch: variables: QA_SCENARIO: "Test::Integration::Elasticsearch" before_script: - - unset ELASTIC_URL # unset url which is globally defined in .gitlab-ci.yml - !reference [.qa, before_script] rules: - !reference [.rules:test:qa, rules] @@ -592,7 +594,7 @@ ee:elasticsearch: - !reference [.rules:test:manual, rules] ee:registry-object-storage-tls: - extends: ee:object-storage-aws + extends: ee:object-storage-aws-selective variables: QA_SCENARIO: Test::Integration::RegistryTLS QA_RSPEC_TAGS: "" @@ -619,16 +621,11 @@ e2e-test-report: - .rules:report:allure-report stage: report variables: - GITLAB_AUTH_TOKEN: $GITLAB_QA_MR_ALLURE_REPORT_TOKEN + GITLAB_AUTH_TOKEN: $PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE ALLURE_PROJECT_PATH: $CI_PROJECT_PATH ALLURE_MERGE_REQUEST_IID: $CI_MERGE_REQUEST_IID ALLURE_JOB_NAME: e2e-package-and-test GIT_STRATEGY: none - artifacts: # save rspec results for displaying in parent pipeline - expire_in: 1 day - when: always - paths: - - gitlab-qa-run-*/**/rspec-*.xml upload-knapsack-report: extends: @@ -658,7 +655,7 @@ relate-test-failures: variables: QA_FAILURES_REPORTING_PROJECT: gitlab-org/gitlab QA_FAILURES_MAX_DIFF_RATIO: "0.15" - GITLAB_QA_ACCESS_TOKEN: $GITLAB_QA_PRODUCTION_ACCESS_TOKEN + GITLAB_QA_ACCESS_TOKEN: $QA_GITLAB_CI_TOKEN when: on_failure script: - | diff --git a/.gitlab/ci/package-and-test/rules.gitlab-ci.yml b/.gitlab/ci/package-and-test/rules.gitlab-ci.yml index 64d56cec21a..50b07589040 100644 --- a/.gitlab/ci/package-and-test/rules.gitlab-ci.yml +++ b/.gitlab/ci/package-and-test/rules.gitlab-ci.yml @@ -43,9 +43,9 @@ .rules:dont-interrupt: rules: - - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH + - if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH && $CI_MERGE_REQUEST_IID == null' allow_failure: true - - if: $CI_MERGE_REQUEST_IID + - if: '$CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached"' when: manual allow_failure: true @@ -61,6 +61,15 @@ when: never - when: always +# This job requires project access token with api permissions to detect parallel jobs, +# it is problematic to set for every project that would include this template +# Because parallel jobs themselves can download knapsack report, skip for non canonical runs +.rules:download-knapsack: + rules: + - <<: *not-canonical-project + when: never + - when: always + # ------------------------------------------ # Test # ------------------------------------------ @@ -80,7 +89,7 @@ # parallel and non parallel rules are used for jobs that require parallel execution and thus need to switch # between parallel and non parallel when only certain specs are executed -.rules:test:qa-non-parallel: +.rules:test:qa-selective: rules: # always run parallel with full suite when framework changes present or ff state changed - <<: *qa-run-all-tests diff --git a/.gitlab/ci/package-and-test/variables.gitlab-ci.yml b/.gitlab/ci/package-and-test/variables.gitlab-ci.yml index 838de6bdd3a..c45807e5a23 100644 --- a/.gitlab/ci/package-and-test/variables.gitlab-ci.yml +++ b/.gitlab/ci/package-and-test/variables.gitlab-ci.yml @@ -10,3 +10,6 @@ variables: QA_LOG_LEVEL: "info" QA_TESTS: "" QA_FEATURE_FLAGS: "" + # run all tests by default when package-and-test is included natively in other projects + # this will be overridden when selective test execution is used in gitlab canonical project + QA_RUN_ALL_TESTS: "true" diff --git a/.gitlab/ci/preflight.gitlab-ci.yml b/.gitlab/ci/preflight.gitlab-ci.yml new file mode 100644 index 00000000000..05b05fde53b --- /dev/null +++ b/.gitlab/ci/preflight.gitlab-ci.yml @@ -0,0 +1,14 @@ +rails-production-environment: + extends: + - .default-before_script + - .production + - .ruby-cache + - .setup:rules:rails-production-environment + - .use-pg12 + stage: preflight + variables: + BUNDLE_WITHOUT: "development:test" + BUNDLE_WITH: "production" + needs: [] + script: + - bundle exec rails runner --environment=production 'puts Rails.env' diff --git a/.gitlab/ci/qa.gitlab-ci.yml b/.gitlab/ci/qa.gitlab-ci.yml index f6668d7864e..a72e6fc0137 100644 --- a/.gitlab/ci/qa.gitlab-ci.yml +++ b/.gitlab/ci/qa.gitlab-ci.yml @@ -67,6 +67,7 @@ qa:update-qa-cache: e2e:package-and-test: extends: + - .production # this makes sure GITLAB_ALLOW_SEPARATE_CI_DATABASE is passed to the child pipeline - .qa:rules:package-and-test stage: qa needs: @@ -81,6 +82,13 @@ e2e:package-and-test: GITLAB_QA_IMAGE: "${CI_REGISTRY_IMAGE}/gitlab-ee-qa:${CI_COMMIT_SHA}" RUN_WITH_BUNDLE: "true" # instructs pipeline to install and run gitlab-qa gem via bundler QA_PATH: qa # sets the optional path for bundler to run from + inherit: + variables: + - CHROME_VERSION + - RUBY_VERSION + - DOCKER_VERSION + - REGISTRY_GROUP + - REGISTRY_HOST trigger: strategy: depend forward: @@ -90,24 +98,19 @@ e2e:package-and-test: - artifact: package-and-test-pipeline.yml job: e2e-test-pipeline-generate -# Fetch child pipeline test results and store in parent pipeline -# workaround until natively implemented: https://gitlab.com/groups/gitlab-org/-/epics/8205 -e2e:package-and-test-results: - image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-${RUBY_VERSION}:bundler-2.3 +e2e:test-on-gdk: extends: - - .qa-job-base - - .qa:rules:package-and-test + - .qa:rules:e2e:test-on-gdk stage: qa needs: - - e2e:package-and-test - variables: - COLORIZED_LOGS: "true" - QA_LOG_LEVEL: "debug" - when: always + # In scheduled master pipelines we wait for the image to be built. + # In MRs we assume the last scheduled master pipeline built the image already. + - job: build-qa-on-gdk-master-image + optional: true allow_failure: true - script: - - bundle exec rake "ci:download_test_results[e2e:package-and-test,e2e-test-report,${CI_PROJECT_DIR}]" - artifacts: - when: always - reports: - junit: gitlab-qa-run-*/**/rspec-*.xml + trigger: + strategy: depend + forward: + yaml_variables: true + pipeline_variables: true + include: .gitlab/ci/test-on-gdk/main.gitlab-ci.yml diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml index df3b3704a52..23f38fddb80 100644 --- a/.gitlab/ci/rails.gitlab-ci.yml +++ b/.gitlab/ci/rails.gitlab-ci.yml @@ -210,91 +210,6 @@ rspec fast_spec_helper: # Load fast_spec_helper as well just in case there are no specs available. - bin/rspec --dry-run spec/fast_spec_helper.rb $fast_spec_helper_specs -db:rollback: - extends: .db-job-base - script: - - scripts/db_tasks db:migrate VERSION=20210602155110 - - scripts/db_tasks db:migrate SKIP_SCHEMA_VERSION_CHECK=true - -db:rollback single-db: - extends: - - db:rollback - - .single-db - - .rails:rules:single-db - -db:migrate:reset: - extends: .db-job-base - script: - - bundle exec rake db:migrate:reset - -db:migrate:reset single-db: - extends: - - db:migrate:reset - - .single-db - - .rails:rules:single-db - -db:check-schema: - extends: - - .db-job-base - - .rails:rules:ee-mr-and-default-branch-only - script: - - run_timed_command "bundle exec rake db:drop db:create" - - run_timed_command "scripts/db_tasks db:migrate" - -db:check-schema-single-db: - extends: - - db:check-schema - - .single-db - - .rails:rules:single-db - -db:check-migrations: - extends: - - .db-job-base - - .rails:rules:ee-and-foss-mr-with-migration - script: - - git fetch origin $CI_MERGE_REQUEST_TARGET_BRANCH_NAME:$CI_MERGE_REQUEST_TARGET_BRANCH_NAME --depth 20 - - scripts/validate_migration_schema - allow_failure: true - -db:check-migrations-single-db: - extends: - - db:check-migrations - - .single-db - - .rails:rules:single-db - -db:post_deployment_migrations_validator: - extends: - - .db-job-base - - .rails:rules:ee-and-foss-mr-with-migration - script: - - git fetch origin $CI_MERGE_REQUEST_TARGET_BRANCH_NAME:$CI_MERGE_REQUEST_TARGET_BRANCH_NAME --depth 20 - - scripts/post_deployment_migrations_validator - allow_failure: true - -db:post_deployment_migrations_validator-single-db: - extends: - - db:post_deployment_migrations_validator - - .single-db - - .rails:rules:single-db - -db:migrate-non-superuser: - extends: - - .db-job-base - - .rails:rules:ee-and-foss-mr-with-migration - script: - - bundle exec rake gitlab:db:reset_as_non_superuser - -db:gitlabcom-database-testing: - extends: .rails:rules:db:gitlabcom-database-testing - stage: test - image: ruby:${RUBY_VERSION}-alpine - needs: [] - allow_failure: true - script: - - source scripts/utils.sh - - install_gitlab_gem - - ./scripts/trigger-build.rb gitlab-com-database-testing - gitlab:setup: extends: .db-job-base variables: @@ -312,27 +227,6 @@ gitlab:setup: paths: - log/*.log -db:backup_and_restore: - extends: - - .db-job-base - - .rails:rules:db-backup - variables: - SETUP_DB: "false" - GITLAB_ASSUME_YES: "1" - script: - - . scripts/prepare_build.sh - - bundle exec rake db:drop db:create db:structure:load db:seed_fu - - mkdir -p tmp/tests/public/uploads tmp/tests/{artifacts,pages,lfs-objects,terraform_state,registry,packages} - - bundle exec rake gitlab:backup:create - - date - - bundle exec rake gitlab:backup:restore - -db:backup_and_restore single-db: - extends: - - db:backup_and_restore - - .single-db - - .rails:rules:db-backup - rspec:deprecations: extends: - .default-retry @@ -716,14 +610,6 @@ rspec-ee system pg12 single-db: - rspec-ee system pg12 - .single-db-rspec - .rails:rules:single-db - -db:rollback geo: - extends: - - db:rollback - - .rails:rules:ee-only-migration - script: - - bundle exec rake db:migrate:geo VERSION=20170627195211 - - bundle exec rake db:migrate:geo # EE: default refs (MRs, default branch, schedules) jobs # ################################################## @@ -908,19 +794,28 @@ rspec-ee system pg13: ################################################## # EE: Canonical MR pipelines -rspec fail-fast: +.rspec-fail-fast: extends: - - .rspec-ee-base-pg12 # This job also runs EE spec which needs elasticsearch - .rails:rules:rspec fail-fast stage: test needs: ["setup-test-env", "retrieve-tests-metadata", "compile-test-assets", "detect-tests"] script: - !reference [.base-script, script] - - rspec_fail_fast "${RSPEC_MATCHING_TESTS_PATH}" "--tag ~quarantine" - artifacts: - expire_in: 7d - paths: - - tmp/capybara/ + - rspec_fail_fast "${MATCHING_TESTS_PATH}" "--tag ~quarantine --tag ~zoekt" + +rspec fail-fast: + extends: + - .rspec-base-pg12 + - .rspec-fail-fast # extends from .rspec-fail-fast last to override script from .rspec-base-pg12 + variables: + MATCHING_TESTS_PATH: "${RSPEC_MATCHING_TESTS_FOSS_PATH}" + +rspec-ee fail-fast: + extends: + - .rspec-ee-base-pg12 + - .rspec-fail-fast # extends from .rspec-fail-fast last to override script from .rspec-ee-base-pg12 + variables: + MATCHING_TESTS_PATH: "${RSPEC_MATCHING_TESTS_EE_PATH}" rspec-foss-impact:pipeline-generate: extends: @@ -977,7 +872,7 @@ fail-pipeline-early: extends: - .rails:rules:rerun-previous-failed-tests stage: test - needs: ["setup-test-env", "compile-test-assets", "detect-previous-failed-tests"] + needs: ["setup-test-env", "retrieve-tests-metadata", "compile-test-assets", "detect-previous-failed-tests"] script: - !reference [.base-script, script] - rspec_rerun_previous_failed_tests "${PREVIOUS_FAILED_TESTS_FILE}" @@ -987,7 +882,7 @@ rspec rspec-pg12-rerun-previous-failed-tests: - .rspec-base-pg12 - .base-rspec-pg12-rerun-previous-failed-tests variables: - PREVIOUS_FAILED_TESTS_FILE: tmp/previous_failed_tests/rspec_failed_files.txt + PREVIOUS_FAILED_TESTS_FILE: tmp/previous_failed_tests/rspec_failed_tests.txt rspec rspec-ee-pg12-rerun-previous-failed-tests: extends: @@ -995,6 +890,5 @@ rspec rspec-ee-pg12-rerun-previous-failed-tests: - .base-rspec-pg12-rerun-previous-failed-tests variables: PREVIOUS_FAILED_TESTS_FILE: tmp/previous_failed_tests/rspec_ee_failed_files.txt - # EE: Canonical MR pipelines ################################################## diff --git a/.gitlab/ci/rails/rspec-foss-impact.gitlab-ci.yml.erb b/.gitlab/ci/rails/rspec-foss-impact.gitlab-ci.yml.erb index 4ae4cb75a25..eb54fa25875 100644 --- a/.gitlab/ci/rails/rspec-foss-impact.gitlab-ci.yml.erb +++ b/.gitlab/ci/rails/rspec-foss-impact.gitlab-ci.yml.erb @@ -42,7 +42,7 @@ rspec foss-impact: <% end %> script: - !reference [.base-script, script] - - rspec_paralellized_job "--tag ~quarantine --tag ~level:migration" + - rspec_paralellized_job "--tag ~quarantine --tag ~level:migration --tag ~zoekt" artifacts: expire_in: 7d paths: diff --git a/.gitlab/ci/rails/shared.gitlab-ci.yml b/.gitlab/ci/rails/shared.gitlab-ci.yml index 4ca82f55b63..4943f7c2e28 100644 --- a/.gitlab/ci/rails/shared.gitlab-ci.yml +++ b/.gitlab/ci/rails/shared.gitlab-ci.yml @@ -55,7 +55,12 @@ include: GEO_SECONDARY_PROXY: 0 RSPEC_TESTS_FILTER_FILE: "${RSPEC_MATCHING_TESTS_PATH}" SUCCESSFULLY_RETRIED_TEST_EXIT_CODE: 137 - needs: ["setup-test-env", "retrieve-tests-metadata", "compile-test-assets", "detect-tests"] + needs: + - job: "setup-test-env" + - job: "retrieve-tests-metadata" + - job: "compile-test-assets" + - job: "detect-tests" + optional: true script: - !reference [.base-script, script] # We need to exclude background migration because unit tests run with @@ -85,7 +90,7 @@ include: .rspec-base-migration: script: - !reference [.base-script, script] - - rspec_paralellized_job "--tag ~quarantine" + - rspec_paralellized_job "--tag ~quarantine --tag ~zoekt" .rspec-base-pg11: extends: @@ -102,7 +107,12 @@ include: - .rspec-base - .as-if-foss - .use-pg12 - needs: ["setup-test-env", "retrieve-tests-metadata", "compile-test-assets as-if-foss", "detect-tests"] + needs: + - job: "setup-test-env" + - job: "retrieve-tests-metadata" + - job: "compile-test-assets as-if-foss" + - job: "detect-tests" + optional: true .rspec-base-pg13: extends: diff --git a/.gitlab/ci/reports.gitlab-ci.yml b/.gitlab/ci/reports.gitlab-ci.yml index b87e5ad9bba..3242ca29d75 100644 --- a/.gitlab/ci/reports.gitlab-ci.yml +++ b/.gitlab/ci/reports.gitlab-ci.yml @@ -104,7 +104,8 @@ yarn-audit-dependency_scanning: - mkdir ~/.aws - '[[ -z "${AWS_SIEM_REPORT_INGESTION_CREDENTIALS_FILE}" ]] || mv "${AWS_SIEM_REPORT_INGESTION_CREDENTIALS_FILE}" ~/.aws/credentials' - npm install --no-save --ignore-scripts @aws-sdk/client-s3@3.49.0 - - scripts/ingest-reports-to-siem + - scripts/ingest-reports-to-siem || true # Allow legacy report to fail as we'll remove it in the future anyway + - scripts/ingest-reports-to-siem-devo artifacts: paths: - gl-dependency-scanning-report.json diff --git a/.gitlab/ci/review-apps/main.gitlab-ci.yml b/.gitlab/ci/review-apps/main.gitlab-ci.yml index 13e8ea330da..369330f8189 100644 --- a/.gitlab/ci/review-apps/main.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/main.gitlab-ci.yml @@ -10,7 +10,6 @@ stages: include: - local: .gitlab/ci/global.gitlab-ci.yml - - local: .gitlab/ci/rules.gitlab-ci.yml - local: .gitlab/ci/review-apps/rules.gitlab-ci.yml - local: .gitlab/ci/review-apps/qa.gitlab-ci.yml - local: .gitlab/ci/review-apps/dast.gitlab-ci.yml @@ -19,7 +18,6 @@ include: .base-before_script: &base-before_script - source ./scripts/utils.sh - source ./scripts/review_apps/review-apps.sh - - apt-get update && apt-get install -y jq dont-interrupt-me: extends: .rules:dont-interrupt @@ -32,7 +30,7 @@ review-build-cng-env: extends: - .default-retry - .review:rules:review-build-cng - image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}-alpine3.16 + image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}-alpine3.16 stage: prepare needs: # We need this job because we need its `cached-assets-hash.txt` artifact, so that we can pass the assets image tag to the downstream CNG pipeline. @@ -97,20 +95,21 @@ review-build-cng: variables: HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}" DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}" - GITLAB_HELM_CHART_REF: "ed813953079c1d81aa69d4cb8171c69aa9741f01" # 6.5.4: https://gitlab.com/gitlab-org/charts/gitlab/-/commit/ed813953079c1d81aa69d4cb8171c69aa9741f01 + GITLAB_HELM_CHART_REF: "afcef7854ac72c5ff958035ef210ba6c68ec800b" # 6.8.0: https://gitlab.com/gitlab-org/charts/gitlab/-/commit/afcef7854ac72c5ff958035ef210ba6c68ec800b environment: name: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # No separator for SCHEDULE_TYPE so it's compatible as before and looks nice without it url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN} - on_stop: review-stop - auto_stop_in: 6 hours + on_stop: trigger-review-stop review-deploy: extends: - .review-workflow-base - .review:rules:review-deploy stage: deploy - image: ${GITLAB_DEPENDENCY_PROXY}dtzar/helm-kubectl:3.10.3 - needs: ["review-build-cng"] + image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}dtzar/helm-kubectl:3.9.3 + needs: + - review-build-cng + - review-delete-deployment # We always want to start from a clean slate (i.e. no helm release, no k8s namespace) cache: key: "review-deploy-dependencies-charts-${GITLAB_HELM_CHART_REF}-v1" paths: @@ -168,31 +167,35 @@ review-deploy-sample-projects: extends: .review-workflow-base environment: action: stop - dependencies: [] variables: # We're cloning the repo instead of downloading the script for now # because some repos are private and CI_JOB_TOKEN cannot access files. # See https://gitlab.com/gitlab-org/gitlab/issues/191273 GIT_DEPTH: 1 - before_script: - - source ./scripts/utils.sh - - source ./scripts/review_apps/review-apps.sh - - !reference [".use-kube-context", before_script] review-delete-deployment: extends: - .review-stop-base - .review:rules:review-delete-deployment + dependencies: [] stage: prepare + before_script: + - source ./scripts/utils.sh + - source ./scripts/review_apps/review-apps.sh + - !reference [".use-kube-context", before_script] script: - - delete_helm_release + - retry delete_helm_release -review-stop: +trigger-review-stop: extends: - .review-stop-base - - .review:rules:review-stop - resource_group: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # CI_ENVIRONMENT_SLUG is not available here and we want this to be the same as the environment + - .review:rules:trigger-review-stop stage: deploy needs: [] + before_script: + - source ./scripts/utils.sh + - install_gitlab_gem script: - - delete_helm_release + - review_stop_job_id="$(scripts/api/get_job_id.rb --pipeline-id "${PARENT_PIPELINE_ID}" --job-name "review-stop")" + - | + curl --request POST --header "Private-Token: ${PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/jobs/${review_stop_job_id}/play" diff --git a/.gitlab/ci/review-apps/qa.gitlab-ci.yml b/.gitlab/ci/review-apps/qa.gitlab-ci.yml index 01a738127f7..edca2cae1c6 100644 --- a/.gitlab/ci/review-apps/qa.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/qa.gitlab-ci.yml @@ -1,6 +1,6 @@ include: - project: gitlab-org/quality/pipeline-common - ref: 1.14.1 + ref: 2.0.0 file: - /ci/base.gitlab-ci.yml - /ci/allure-report.yml @@ -143,15 +143,10 @@ e2e-test-report: ALLURE_PROJECT_PATH: $CI_PROJECT_PATH ALLURE_RESULTS_GLOB: qa/tmp/allure-results ALLURE_MERGE_REQUEST_IID: $CI_MERGE_REQUEST_IID - GITLAB_AUTH_TOKEN: $GITLAB_QA_MR_ALLURE_REPORT_TOKEN + GITLAB_AUTH_TOKEN: $PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE GIT_STRATEGY: none allow_failure: true when: always - artifacts: # re-save rspec results for displaying in parent pipeline - expire_in: 1 day - when: always - paths: - - qa/tmp/rspec-*.xml upload-knapsack-report: extends: diff --git a/.gitlab/ci/review-apps/rules.gitlab-ci.yml b/.gitlab/ci/review-apps/rules.gitlab-ci.yml index 49343c98547..a3ae31cb14c 100644 --- a/.gitlab/ci/review-apps/rules.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/rules.gitlab-ci.yml @@ -1,3 +1,6 @@ +# ------------------------------------------ +# Conditions +# ------------------------------------------ # Specific specs passed .specific-specs: &specific-specs if: $QA_TESTS != "" @@ -8,7 +11,7 @@ # No specific specs in mr pipeline .all-specs-mr: &all-specs-mr - if: $CI_MERGE_REQUEST_IID && $QA_TESTS == "" + if: '($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && $QA_TESTS == ""' when: manual # Triggered by change pattern @@ -22,6 +25,31 @@ .default-branch: &default-branch if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH +.if-merge-request: &if-merge-request + if: '$CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached"' + +.if-merge-request-labels-run-review-app: &if-merge-request-labels-run-review-app + if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-review-app/' + +.if-dot-com-ee-schedule-nightly-child-pipeline: &if-dot-com-ee-schedule-nightly-child-pipeline + if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "parent_pipeline" && $SCHEDULE_TYPE == "nightly"' + +# ------------------------------------------ +# Changes patterns +# ------------------------------------------ +.ci-review-patterns: &ci-review-patterns + - ".gitlab-ci.yml" + - ".gitlab/ci/frontend.gitlab-ci.yml" + - ".gitlab/ci/build-images.gitlab-ci.yml" + - ".gitlab/ci/review.gitlab-ci.yml" + - ".gitlab/ci/review-apps/**/*" + - "scripts/review_apps/**/*" + - "scripts/trigger-build.rb" + - "{,ee/,jh/}{bin,config}/**/*.rb" + +# ------------------------------------------ +# Conditions set +# ------------------------------------------ .qa-manual: &qa-manual when: manual allow_failure: true @@ -53,6 +81,26 @@ when: manual allow_failure: true +.review:rules:review-build-cng: + rules: + - when: always + +.review:rules:review-delete-deployment: + rules: + - when: on_success + +# ------------------------------------------ +# Deploy +# ------------------------------------------ +.review:rules:review-deploy: + rules: + - when: on_success + +.review:rules:trigger-review-stop: + rules: + - when: manual + allow_failure: true + # ------------------------------------------ # Test # ------------------------------------------ @@ -91,6 +139,25 @@ - *all-specs-mr # set full suite to manual when no specific specs passed in mr - if: $QA_SUITES =~ /Test::Instance::ReviewNonBlocking/ +.review:rules:review-performance: + rules: + - if: '$DAST_RUN == "true"' # Skip this job when DAST is run + when: never + - <<: *if-merge-request-labels-run-review-app # we explicitly don't allow the job to fail in that case + - <<: *if-merge-request # we explicitly don't allow the job to fail in that case + changes: *ci-review-patterns + - when: on_success + allow_failure: true + +# ------------------------------------------ +# DAST +# ------------------------------------------ +.reports:rules:schedule-dast: + rules: + - if: '$DAST_DISABLED || $GITLAB_FEATURES !~ /\bdast\b/' + when: never + - <<: *if-dot-com-ee-schedule-nightly-child-pipeline + # ------------------------------------------ # Prepare/Report # ------------------------------------------ diff --git a/.gitlab/ci/review.gitlab-ci.yml b/.gitlab/ci/review.gitlab-ci.yml index b6c273aeb99..f0e87e0161a 100644 --- a/.gitlab/ci/review.gitlab-ci.yml +++ b/.gitlab/ci/review.gitlab-ci.yml @@ -4,9 +4,12 @@ review-cleanup: - .review:rules:review-cleanup image: ${REVIEW_APPS_IMAGE} stage: prepare + needs: [] environment: name: review/regular-cleanup action: access + variables: + GIT_DEPTH: 1 before_script: - source scripts/utils.sh - !reference [".use-kube-context", before_script] @@ -15,6 +18,21 @@ review-cleanup: script: - scripts/review_apps/automated_cleanup.rb || (scripts/slack review-apps-monitoring "☠️ \`${CI_JOB_NAME}\` failed! ☠️ See ${CI_JOB_URL} - <https://gitlab.com/gitlab-org/quality/engineering-productivity/team/-/blob/main/runbooks/review-apps.md#review-cleanup-job-failed|📗 RUNBOOK 📕>" warning "GitLab Bot" && exit 1); +review-stop: + extends: + - review-cleanup + - .review:rules:review-stop + environment: + name: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # No separator for SCHEDULE_TYPE so it's compatible as before and looks nice without it + action: stop + resource_group: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # CI_ENVIRONMENT_SLUG is not available here and we want this to be the same as the environment + before_script: + - source ./scripts/utils.sh + - source ./scripts/review_apps/review-apps.sh + - !reference [".use-kube-context", before_script] + script: + - retry delete_helm_release + .base-review-checks: extends: - .default-retry @@ -58,6 +76,21 @@ start-review-app-pipeline: - job: e2e-test-pipeline-generate - job: build-assets-image artifacts: false + # We do not want to have ALL global variables passed as trigger variables, + # as they cannot be overridden. See this issue for more context: + # + # https://gitlab.com/gitlab-org/gitlab/-/issues/387183 + inherit: + variables: + - CHROME_VERSION + - REGISTRY_GROUP + - REGISTRY_HOST + - REVIEW_APPS_DOMAIN + - REVIEW_APPS_GCP_PROJECT + - REVIEW_APPS_GCP_REGION + - REVIEW_APPS_IMAGE + - RUBY_VERSION + # These variables are set in the pipeline schedules. # They need to be explicitly passed on to the child pipeline. # https://docs.gitlab.com/ee/ci/pipelines/multi_project_pipelines.html#pass-cicd-variables-to-a-downstream-pipeline-by-using-the-variables-keyword @@ -73,30 +106,6 @@ start-review-app-pipeline: - artifact: review-app-pipeline.yml job: e2e-test-pipeline-generate -# Fetch child pipeline test results and store in parent pipeline -# workaround until natively implemented: https://gitlab.com/groups/gitlab-org/-/epics/8205 -review-app-test-results: - image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-${RUBY_VERSION}:bundler-2.3 - stage: review - extends: - - .qa-cache - - .review:rules:start-review-app-pipeline - needs: - - start-review-app-pipeline - variables: - COLORIZED_LOGS: "true" - QA_LOG_LEVEL: "debug" - before_script: - - cd qa && bundle install - script: - - bundle exec rake "ci:download_test_results[start-review-app-pipeline,e2e-test-report,${CI_PROJECT_DIR}]" - when: always - allow_failure: true - artifacts: - when: always - reports: - junit: qa/tmp/rspec-*.xml - danger-review: extends: - .default-retry diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml index 9596594ad26..d1e29084a5a 100644 --- a/.gitlab/ci/rules.gitlab-ci.yml +++ b/.gitlab/ci/rules.gitlab-ci.yml @@ -21,7 +21,7 @@ if: '$FORCE_GITLAB_CI' .if-default-refs: &if-default-refs - if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH || $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable(-ee)?$/ || $CI_COMMIT_REF_NAME =~ /^\d+-\d+-auto-deploy-\d+$/ || $CI_COMMIT_REF_NAME =~ /^security\// || $CI_COMMIT_REF_NAME == "ruby2" || $CI_MERGE_REQUEST_IID || $CI_COMMIT_TAG || $FORCE_GITLAB_CI' + if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH || $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable(-ee)?$/ || $CI_COMMIT_REF_NAME =~ /^\d+-\d+-auto-deploy-\d+$/ || $CI_COMMIT_REF_NAME =~ /^security\// || $CI_COMMIT_REF_NAME == "ruby2" || ($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") || $CI_COMMIT_TAG || $FORCE_GITLAB_CI' .if-default-branch-refs: &if-default-branch-refs if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH && $CI_MERGE_REQUEST_IID == null' @@ -30,30 +30,33 @@ if: '$CI_COMMIT_BRANCH =~ /^\d+-\d+-auto-deploy-\d+$/' .if-default-branch-or-tag: &if-default-branch-or-tag - if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH || $CI_COMMIT_TAG' + if: '($CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH && $CI_MERGE_REQUEST_IID == null) || $CI_COMMIT_TAG' + +.if-tag: &if-tag + if: '$CI_COMMIT_TAG' .if-merge-request: &if-merge-request - if: '$CI_MERGE_REQUEST_IID' + if: '$CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached"' # Once https://gitlab.com/gitlab-org/gitlab/-/issues/373904 is implemented, we should be able to change this back to -# if: '$CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_APPROVALS_COUNT > 0' +# if: '($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && $CI_MERGE_REQUEST_APPROVALS_COUNT > 0' # or any similar condition to check that the MR has *any* approval (not just required approval). # # Temprorarily adding || $CI_MERGE_REQUEST_LABELS =~ /pipeline:run-full-rspec/ for backward compatibility, # remove once https://gitlab.com/gitlab-org/quality/quality-engineering/team-tasks/-/issues/1557 is fully rolled out .if-merge-request-approved: &if-merge-request-approved - if: '$CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_LABELS =~ /pipeline:mr-approved/ || $CI_MERGE_REQUEST_LABELS =~ /pipeline:run-full-rspec/' + if: '($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && $CI_MERGE_REQUEST_LABELS =~ /pipeline:mr-approved/ || $CI_MERGE_REQUEST_LABELS =~ /pipeline:run-full-rspec/' # Temprorarily adding && $CI_MERGE_REQUEST_LABELS !~ /pipeline:run-full-rspec/ for backward compatibility, # remove once https://gitlab.com/gitlab-org/quality/quality-engineering/team-tasks/-/issues/1557 is fully rolled out .if-merge-request-not-approved: &if-merge-request-not-approved - if: '$CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_LABELS !~ /pipeline:mr-approved/ && $CI_MERGE_REQUEST_LABELS !~ /pipeline:run-full-rspec/' + if: '($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && $CI_MERGE_REQUEST_LABELS !~ /pipeline:mr-approved/ && $CI_MERGE_REQUEST_LABELS !~ /pipeline:run-full-rspec/' .if-automated-merge-request: &if-automated-merge-request if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME == "release-tools/update-gitaly" || $CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ /stable-ee$/' .if-merge-request-targeting-stable-branch: &if-merge-request-targeting-stable-branch - if: '$CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ /^[\d-]+-stable(-ee)?$/' + if: '($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ /^[\d-]+-stable(-ee)?$/' .if-merge-request-labels-run-in-ruby2: &if-merge-request-labels-run-in-ruby2 if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-in-ruby2/' @@ -73,6 +76,9 @@ .if-merge-request-labels-run-all-jest: &if-merge-request-labels-run-all-jest if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-all-jest/' +.if-merge-request-labels-run-all-e2e: &if-merge-request-labels-run-all-e2e + if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-all-e2e/' + .if-merge-request-labels-run-single-db: &if-merge-request-labels-run-single-db if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-single-db/' @@ -98,10 +104,10 @@ if: '$CI_MERGE_REQUEST_LABELS =~ /frontend/ && $CI_MERGE_REQUEST_LABELS =~ /feature flag/' .if-security-merge-request: &if-security-merge-request - if: '$CI_PROJECT_NAMESPACE == "gitlab-org/security" && $CI_MERGE_REQUEST_IID' + if: '$CI_PROJECT_NAMESPACE == "gitlab-org/security" && ($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached")' .if-fork-merge-request: &if-fork-merge-request - if: '$CI_PROJECT_NAMESPACE !~ /^gitlab(-org)?($|\/)/ && $CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_LABELS !~ /pipeline:run-all-rspec/' + if: '$CI_PROJECT_NAMESPACE !~ /^gitlab(-org)?($|\/)/ && ($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && $CI_MERGE_REQUEST_LABELS !~ /pipeline:run-all-rspec/' .if-schedule-pipeline: &if-schedule-pipeline if: '$CI_PIPELINE_SOURCE == "schedule"' @@ -118,29 +124,29 @@ .if-security-schedule: &if-security-schedule if: '$CI_PROJECT_NAMESPACE == "gitlab-org/security" && $CI_PIPELINE_SOURCE == "schedule"' +.if-foss-schedule: &if-foss-schedule + if: '$CI_PROJECT_PATH == "gitlab-org/gitlab-foss" && $CI_PIPELINE_SOURCE == "schedule"' + .if-dot-com-gitlab-org-schedule: &if-dot-com-gitlab-org-schedule if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_PIPELINE_SOURCE == "schedule"' .if-dot-com-ee-schedule-default-branch-maintenance: &if-dot-com-ee-schedule-default-branch-maintenance if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "maintenance"' -.if-dot-com-ee-schedule-nightly-child-pipeline: &if-dot-com-ee-schedule-nightly-child-pipeline - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "parent_pipeline" && $SCHEDULE_TYPE == "nightly"' - .if-dot-com-gitlab-org-default-branch: &if-dot-com-gitlab-org-default-branch if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH' .if-dot-com-gitlab-org-merge-request: &if-dot-com-gitlab-org-merge-request - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_MERGE_REQUEST_IID' + if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && ($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached")' .if-dot-com-gitlab-org-and-security-merge-request: &if-dot-com-gitlab-org-and-security-merge-request - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && $CI_MERGE_REQUEST_IID' + if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && ($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached")' .if-dot-com-gitlab-org-and-security-merge-request-and-qa-tests-specified: &if-dot-com-gitlab-org-and-security-merge-request-and-qa-tests-specified - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && $CI_MERGE_REQUEST_IID && $QA_TESTS' + if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && ($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && $QA_TESTS' .if-dot-com-gitlab-org-and-security-merge-request-manual-ff-package-and-e2e: &if-dot-com-gitlab-org-and-security-merge-request-manual-ff-package-and-e2e - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && $CI_MERGE_REQUEST_IID && $QA_MANUAL_FF_PACKAGE_AND_QA' + if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && ($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && $QA_MANUAL_FF_PACKAGE_AND_QA' .if-dot-com-gitlab-org-and-security-tag: &if-dot-com-gitlab-org-and-security-tag if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && $CI_COMMIT_TAG' @@ -172,8 +178,7 @@ - ".gitlab/ci/build-images.gitlab-ci.yml" - ".gitlab/ci/review.gitlab-ci.yml" - ".gitlab/ci/review-apps/**/*" - - "scripts/review_apps/base-config.yaml" - - "scripts/review_apps/review-apps.sh" + - "scripts/review_apps/**/*" - "scripts/trigger-build.rb" - "{,ee/,jh/}{bin,config}/**/*.rb" @@ -220,6 +225,11 @@ - "scripts/lint-doc.sh" - ".gitlab/ci/docs.gitlab-ci.yml" +.docs-blueprints-patterns: &docs-blueprints-patterns + - "doc/architecture/blueprints/**/*" + - "scripts/lint-docs-blueprints.rb" + - ".gitlab/ci/docs.gitlab-ci.yml" + .docs-deprecations-and-removals-patterns: &docs-deprecations-and-removals-patterns - "doc/update/deprecations.md" - "doc/update/removals.md" @@ -285,12 +295,15 @@ - ".browserslistrc" - "babel.config.js" - "jest.config.{base,integration,unit}.js" - - ".csscomb.json" + - ".stylelintrc" - "Dockerfile.assets" - "config/**/*.js" - "vendor/assets/**/*" - "{app/assets,app/components,app/helpers,app/presenters,app/views,locale,public,spec/frontend,storybook,symbol}/**/*" +.initializers-patterns: &initializers-patterns + - "{,ee/,jh/}config/initializers/**/*" + .controllers-patterns: &controllers-patterns - "{,ee/,jh/}{app/controllers}/**/*" @@ -332,14 +345,14 @@ # DB patterns + .ci-patterns .db-patterns: &db-patterns - "{,ee/,jh/}{,spec/}{db,migrations}/**/*" - - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database/**/*" - - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database{,_spec}.rb" - - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/background_migration/**/*" - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/background_migration{,_spec}.rb" + - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/background_migration/**/*" + - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database{,_spec}.rb" + - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database/**/*" - "{,ee/,jh/}spec/support/helpers/database/**/*" - "{,ee/,jh/}spec/support/helpers/migrations_helpers/**/*" - - "lib/gitlab/markdown_cache/active_record/**/*" - "lib/api/admin/batched_background_migrations.rb" + - "lib/gitlab/markdown_cache/active_record/**/*" - "spec/requests/api/admin/batched_background_migrations_spec.rb" - "config/prometheus/common_metrics.yml" # Used by Gitlab::DatabaseImporters::CommonMetrics::Importer - "{,ee/,jh/}app/models/project_statistics.rb" # Used to calculate sizes in migration specs @@ -378,7 +391,7 @@ - ".browserslistrc" - "babel.config.js" - "jest.config.{base,integration,unit}.js" - - ".csscomb.json" + - ".stylelintrc" - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" @@ -403,7 +416,7 @@ - ".browserslistrc" - "babel.config.js" - "jest.config.{base,integration,unit}.js" - - ".csscomb.json" + - ".stylelintrc" - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" @@ -434,7 +447,7 @@ - ".browserslistrc" - "babel.config.js" - "jest.config.{base,integration,unit}.js" - - ".csscomb.json" + - ".stylelintrc" - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" @@ -461,7 +474,7 @@ - ".browserslistrc" - "babel.config.js" - "jest.config.{base,integration,unit}.js" - - ".csscomb.json" + - ".stylelintrc" - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" @@ -499,7 +512,7 @@ - ".browserslistrc" - "babel.config.js" - "jest.config.{base,integration,unit}.js" - - ".csscomb.json" + - ".stylelintrc" - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" @@ -547,6 +560,7 @@ - "{,ee/,jh/}Gemfile.lock" # This should include gitlab-styles, rubocop itself, and any plugins we might be using - "lib/gitlab_edition.rb" # This is required in RuboCop::CodeReuseHelpers - ".gitlab/ci/static-analysis.gitlab-ci.yml" + - "config/feature_categories.yml" # Used by RSpec/InvalidFeatureCategory .danger-patterns: &danger-patterns - "Dangerfile" @@ -590,6 +604,8 @@ when: never - <<: *if-merge-request-targeting-stable-branch when: never + - <<: *if-merge-request-labels-pipeline-expedite + when: never .rails:rules:predictive-default-rules: rules: @@ -679,6 +695,7 @@ rules: - <<: *if-schedule-maintenance - <<: *if-security-schedule + - <<: *if-foss-schedule - <<: *if-merge-request-labels-update-caches .shared:rules:update-gitaly-binaries-cache: @@ -690,7 +707,7 @@ ###################### # Build images rules # ###################### -.build-images:rules:build-qa-image: +.build-images:rules:build-qa-image-merge-requests: rules: - <<: *if-not-canonical-namespace when: never @@ -700,18 +717,44 @@ changes: *ci-build-images-patterns - <<: *if-dot-com-gitlab-org-and-security-merge-request changes: *code-qa-patterns + +.build-images:rules:build-qa-image: + rules: + - !reference [".build-images:rules:build-qa-image-merge-requests", "rules"] - <<: *if-auto-deploy-branches variables: ARCH: amd64,arm64 - - <<: *if-default-branch-or-tag + - <<: *if-default-branch-refs + variables: + ARCH: amd64,arm64 + - <<: *if-tag variables: ARCH: amd64,arm64 + # TODO: Remove once confirmed on a tag pipeline + allow_failure: true - <<: *if-dot-com-gitlab-org-schedule variables: ARCH: amd64,arm64 - <<: *if-force-ci - <<: *if-ruby2-branch +.build-images:rules:build-qa-image-as-if-foss: + rules: + - !reference [".build-images:rules:build-qa-image-merge-requests", "rules"] + +# We want to rebuild the master image when the full e2e test pipeline runs. Currently this happens on a 2 hour schedule. +.build-images:rules:build-qa-on-gdk-master-image: + rules: + - if: '$QA_RUN_TESTS_ON_GDK !~ /true|yes|1/i' + when: never + - <<: *if-not-canonical-namespace + when: never + - <<: *if-not-ee + when: never + - <<: *if-dot-com-gitlab-org-schedule + variables: + ARCH: amd64,arm64 + .build-images:rules:build-assets-image: rules: - <<: *if-not-canonical-namespace @@ -822,6 +865,11 @@ - <<: *if-default-refs changes: *docs-patterns +.docs:rules:docs-blueprints-lint: + rules: + - <<: *if-default-refs + changes: *docs-blueprints-patterns + .docs:rules:deprecations-and-removals: rules: - <<: *if-default-refs @@ -1036,7 +1084,7 @@ - <<: *if-default-branch-refs changes: *frontend-build-patterns allow_failure: true - - if: '$DANGER_GITLAB_API_TOKEN && $CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH' + - if: '$DANGER_GITLAB_API_TOKEN && ($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH' changes: *frontend-build-patterns allow_failure: true @@ -1109,7 +1157,7 @@ allow_failure: true - <<: *if-ruby2-branch -.qa:rules:package-and-test: +.qa:rules:package-and-test-mrs: rules: - <<: *if-not-canonical-namespace when: never @@ -1121,6 +1169,8 @@ allow_failure: true - <<: *if-ruby2-branch allow_failure: true + - <<: *if-merge-request-labels-run-all-e2e + allow_failure: true - <<: *if-dot-com-gitlab-org-and-security-merge-request-manual-ff-package-and-e2e changes: *feature-flag-development-config-patterns when: manual @@ -1129,6 +1179,9 @@ changes: *feature-flag-development-config-patterns allow_failure: true - <<: *if-dot-com-gitlab-org-and-security-merge-request + changes: *initializers-patterns + allow_failure: true + - <<: *if-dot-com-gitlab-org-and-security-merge-request changes: *nodejs-patterns allow_failure: true - <<: *if-dot-com-gitlab-org-and-security-merge-request @@ -1144,6 +1197,13 @@ changes: *code-patterns when: manual allow_failure: true + - <<: *if-force-ci + when: manual + allow_failure: true + +.qa:rules:package-and-test: + rules: + - !reference [".qa:rules:package-and-test-mrs", rules] - <<: *if-dot-com-gitlab-org-schedule allow_failure: true variables: @@ -1152,9 +1212,12 @@ KNAPSACK_GENERATE_REPORT: "true" QA_SAVE_TEST_METRICS: "true" QA_EXPORT_TEST_METRICS: "false" # on main runs, metrics are exported to separate bucket via rake task for better consistency - - <<: *if-force-ci - when: manual - allow_failure: true + +.qa:rules:e2e:test-on-gdk: + rules: + - if: '$QA_RUN_TESTS_ON_GDK !~ /true|yes|1/i' + when: never + - !reference [".qa:rules:package-and-test", rules] ############### # Rails rules # @@ -1172,6 +1235,12 @@ changes: *db-patterns - <<: *if-default-branch-schedule-nightly +.rails:rules:db:check-migrations-single-db: + rules: + - <<: *if-merge-request-labels-run-single-db + - <<: *if-merge-request + changes: *db-patterns + .rails:rules:db-backup: rules: - <<: *if-merge-request-labels-run-all-rspec @@ -1182,6 +1251,15 @@ - <<: *if-default-refs changes: *db-patterns +.rails:rules:db-rollback: + rules: + - !reference [".rails:rules:ee-and-foss-migration", rules] + - <<: *if-default-refs + changes: *initializers-patterns + - <<: *if-default-refs + changes: + - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/content_security_policy/config_loader{,_spec}.rb" + .rails:rules:praefect-with-db: rules: - if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-praefect-with-db/' @@ -1542,9 +1620,9 @@ .rails:rules:detect-tests: rules: - <<: *if-merge-request-labels-run-all-rspec - - <<: *if-default-refs + - <<: *if-merge-request changes: *code-backstage-qa-patterns - - <<: *if-default-refs + - <<: *if-merge-request changes: *workhorse-patterns .rails:rules:detect-previous-failed-tests: @@ -1720,6 +1798,24 @@ - <<: *if-merge-request changes: *static-analysis-patterns +.semgrep-appsec-custom-rules:rules: + rules: + - <<: *if-not-ee + when: never + - <<: *if-merge-request + changes: *code-backstage-qa-patterns + +.ping-appsec-for-sast-findings:rules: + rules: + # Requiring $CUSTOM_SAST_RULES_BOT_PAT prevents the bot from running on forks or CE + # Without it the script would fail too. + - if: "$CUSTOM_SAST_RULES_BOT_PAT == null" + when: never + - <<: *if-not-ee + when: never + - <<: *if-merge-request + changes: *code-backstage-qa-patterns + ####################### # Vendored gems rules # ####################### @@ -1784,6 +1880,12 @@ changes: ["vendor/gems/devise-pbkdf2-encryptable/**/*"] - <<: *if-merge-request-labels-run-all-rspec +.vendor:rules:gitlab_active_record: + rules: + - <<: *if-merge-request + changes: ["vendor/gems/gitlab_active_record/**/*"] + - <<: *if-merge-request-labels-run-all-rspec + .vendor:rules:bundler-checksum: rules: - <<: *if-merge-request @@ -1883,12 +1985,6 @@ - <<: *if-default-refs changes: *nodejs-patterns -.reports:rules:schedule-dast: - rules: - - if: '$DAST_DISABLED || $GITLAB_FEATURES !~ /\bdast\b/' - when: never - - <<: *if-dot-com-ee-schedule-nightly-child-pipeline - .reports:rules:test-dast: rules: - if: '$DAST_DISABLED || $GITLAB_FEATURES !~ /\bdast\b/' @@ -1971,32 +2067,10 @@ QA_SAVE_TEST_METRICS: "true" QA_EXPORT_TEST_METRICS: "false" # on main runs, metrics are exported to separate bucket via rake task for better consistency -.review:rules:review-build-cng: - rules: - - when: always - -.review:rules:review-deploy: - rules: - - when: on_success - -.review:rules:review-performance: - rules: - - if: '$DAST_RUN == "true"' # Skip this job when DAST is run - when: never - - <<: *if-merge-request-labels-run-review-app # we explicitely don't allow the job to fail in that case - - <<: *if-dot-com-gitlab-org-merge-request # we explicitely don't allow the job to fail in that case - changes: *ci-review-patterns - - when: on_success - allow_failure: true - -.review:rules:review-delete-deployment: - rules: - - when: on_success - # The following rules needs to be the same as the one for .review:rules:start-review-app-pipeline # except that: # - all rules have `when: manual` and `allow_failure: true` here -.review:rules:review-cleanup: +.review:rules:review-stop-merge-requests: rules: - <<: *if-not-ee when: never @@ -2033,12 +2107,23 @@ changes: *code-patterns when: manual allow_failure: true + +.review:rules:review-cleanup: + rules: + - !reference [".review:rules:review-stop-merge-requests", rules] + - <<: *if-dot-com-ee-schedule-default-branch-maintenance + allow_failure: true + +.review:rules:review-stop: + rules: + - !reference [".review:rules:review-stop-merge-requests", rules] - <<: *if-dot-com-gitlab-org-schedule + when: manual allow_failure: true .review:rules:review-k8s-resources-count-checks: rules: - - <<: *if-dot-com-gitlab-org-schedule + - <<: *if-dot-com-ee-schedule-default-branch-maintenance allow_failure: true - <<: *if-dot-com-gitlab-org-merge-request changes: @@ -2047,18 +2132,13 @@ .review:rules:review-gcp-quotas-checks: rules: - - <<: *if-dot-com-gitlab-org-schedule + - <<: *if-dot-com-ee-schedule-default-branch-maintenance allow_failure: true - <<: *if-dot-com-gitlab-org-merge-request changes: - "scripts/review_apps/gcp-quotas-checks.rb" allow_failure: true -.review:rules:review-stop: - rules: - - when: manual - allow_failure: true - .review:rules:danger: rules: - <<: *if-merge-request @@ -2098,6 +2178,11 @@ - <<: *if-default-refs changes: *code-backstage-patterns +.setup:rules:rails-production-environment: + rules: + - <<: *if-default-refs + changes: *code-patterns + .setup:rules:no-ee-check: rules: - <<: *if-not-foss @@ -2134,7 +2219,7 @@ - <<: *if-not-ee when: never - <<: *if-dot-com-ee-schedule-default-branch-maintenance - - <<: *if-default-refs + - <<: *if-default-branch-refs changes: - ".gitlab/ci/setup.gitlab-ci.yml" - ".gitlab/ci/test-metadata.gitlab-ci.yml" @@ -2156,7 +2241,8 @@ - <<: *if-not-ee when: never - <<: *if-dot-com-ee-schedule-default-branch-maintenance - - <<: *if-default-refs + when: always + - <<: *if-default-branch-refs changes: - ".gitlab/ci/test-metadata.gitlab-ci.yml" - "scripts/rspec_helpers.sh" diff --git a/.gitlab/ci/setup.gitlab-ci.yml b/.gitlab/ci/setup.gitlab-ci.yml index 852c4739d9d..298d5c4ae08 100644 --- a/.gitlab/ci/setup.gitlab-ci.yml +++ b/.gitlab/ci/setup.gitlab-ci.yml @@ -128,6 +128,7 @@ detect-tests: - source ./scripts/rspec_helpers.sh - install_gitlab_gem - install_tff_gem + - install_activesupport_gem - retrieve_tests_mapping - retrieve_frontend_fixtures_mapping - | @@ -135,12 +136,14 @@ detect-tests: mkdir -p $(dirname "$RSPEC_CHANGED_FILES_PATH") tooling/bin/find_changes ${RSPEC_CHANGED_FILES_PATH}; tooling/bin/find_tests ${RSPEC_CHANGED_FILES_PATH} ${RSPEC_MATCHING_TESTS_PATH}; + tooling/bin/js_to_system_specs_mappings ${RSPEC_CHANGED_FILES_PATH} ${RSPEC_MATCHING_TESTS_PATH}; tooling/bin/find_changes ${RSPEC_CHANGED_FILES_PATH} ${RSPEC_MATCHING_TESTS_PATH} ${FRONTEND_FIXTURES_MAPPING_PATH}; filter_rspec_matched_foss_tests ${RSPEC_MATCHING_TESTS_PATH} ${RSPEC_MATCHING_TESTS_FOSS_PATH}; + filter_rspec_matched_ee_tests ${RSPEC_MATCHING_TESTS_PATH} ${RSPEC_MATCHING_TESTS_EE_PATH}; tooling/bin/view_to_js_mappings ${RSPEC_CHANGED_FILES_PATH} ${RSPEC_MATCHING_JS_FILES_PATH}; echoinfo "Changed files: $(cat $RSPEC_CHANGED_FILES_PATH)"; - echoinfo "Related RSpec tests: $(cat $RSPEC_MATCHING_TESTS_PATH)"; echoinfo "Related FOSS RSpec tests: $(cat $RSPEC_MATCHING_TESTS_FOSS_PATH)"; + echoinfo "Related EE RSpec tests: $(cat $RSPEC_MATCHING_TESTS_EE_PATH)"; echoinfo "Related JS files: $(cat $RSPEC_MATCHING_JS_FILES_PATH)"; fi artifacts: @@ -149,8 +152,9 @@ detect-tests: - ${FRONTEND_FIXTURES_MAPPING_PATH} - ${RSPEC_CHANGED_FILES_PATH} - ${RSPEC_MATCHING_JS_FILES_PATH} - - ${RSPEC_MATCHING_TESTS_FOSS_PATH} - ${RSPEC_MATCHING_TESTS_PATH} + - ${RSPEC_MATCHING_TESTS_FOSS_PATH} + - ${RSPEC_MATCHING_TESTS_EE_PATH} detect-previous-failed-tests: extends: @@ -158,12 +162,10 @@ detect-previous-failed-tests: - .rails:rules:detect-previous-failed-tests variables: PREVIOUS_FAILED_TESTS_DIR: tmp/previous_failed_tests/ - RSPEC_PG_REGEX: /rspec .+ pg12( .+)?/ - RSPEC_EE_PG_REGEX: /rspec-ee .+ pg12( .+)?/ script: - source ./scripts/utils.sh - source ./scripts/rspec_helpers.sh - - retrieve_previous_failed_tests ${PREVIOUS_FAILED_TESTS_DIR} "${RSPEC_PG_REGEX}" "${RSPEC_EE_PG_REGEX}" + - retrieve_failed_tests "${PREVIOUS_FAILED_TESTS_DIR}" "oneline" "previous" artifacts: expire_in: 7d paths: diff --git a/.gitlab/ci/static-analysis.gitlab-ci.yml b/.gitlab/ci/static-analysis.gitlab-ci.yml index 13013d9a9db..d546c79aab9 100644 --- a/.gitlab/ci/static-analysis.gitlab-ci.yml +++ b/.gitlab/ci/static-analysis.gitlab-ci.yml @@ -183,3 +183,37 @@ feature-flags-usage: when: always paths: - tmp/feature_flags/ + +semgrep-appsec-custom-rules: + stage: lint + extends: + - .semgrep-appsec-custom-rules:rules + image: returntocorp/semgrep + needs: [] + script: + # Required to avoid a timeout https://github.com/returntocorp/semgrep/issues/5395 + - git fetch origin master + # Include/exclude list isn't ideal https://github.com/returntocorp/semgrep/issues/5399 + - | + semgrep ci --gitlab-sast --metrics off --config $CUSTOM_RULES_URL \ + --include app --include lib --include workhorse \ + --exclude '*_test.go' --exclude spec --exclude qa > gl-sast-report.json || true + variables: + CUSTOM_RULES_URL: https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/-/raw/main/appsec-pings/rules.yml + artifacts: + paths: + - gl-sast-report.json + +ping-appsec-for-sast-findings: + stage: lint + image: alpine:latest + extends: + - .ping-appsec-for-sast-findings:rules + variables: + # Project Access Token bot ID for /gitlab-com/gl-security/appsec/sast-custom-rules + BOT_USER_ID: 13559989 + needs: + - semgrep-appsec-custom-rules + script: + - apk add jq curl + - scripts/process_custom_semgrep_results.sh diff --git a/.gitlab/ci/test-metadata.gitlab-ci.yml b/.gitlab/ci/test-metadata.gitlab-ci.yml index 3f6760394c4..176a0b67d66 100644 --- a/.gitlab/ci/test-metadata.gitlab-ci.yml +++ b/.gitlab/ci/test-metadata.gitlab-ci.yml @@ -37,10 +37,12 @@ update-tests-metadata: - rspec unit pg12 - rspec integration pg12 - rspec system pg12 + - rspec background_migration pg12 - rspec-ee migration pg12 - rspec-ee unit pg12 - rspec-ee integration pg12 - rspec-ee system pg12 + - rspec-ee background_migration pg12 script: - run_timed_command "retry gem install fog-aws mime-types activesupport rspec_profiling postgres-copy --no-document" - source ./scripts/rspec_helpers.sh diff --git a/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml b/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml new file mode 100644 index 00000000000..a04d81fb342 --- /dev/null +++ b/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml @@ -0,0 +1,81 @@ +default: + interruptible: true + +include: + - local: .gitlab/ci/package-and-test/rules.gitlab-ci.yml + +dont-interrupt-me: + extends: .rules:dont-interrupt + stage: test + interruptible: false + script: + - echo "This jobs makes sure this pipeline won't be interrupted! See https://docs.gitlab.com/ee/ci/yaml/#interruptible." + +.run-tests: + stage: test + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-${RUBY_VERSION}:bundler-2.3-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION} + services: + - docker:${DOCKER_VERSION}-dind + tags: + - e2e + before_script: + - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY + - sysctl -n -w fs.inotify.max_user_watches=524288 + variables: + DOCKER_DRIVER: overlay2 + DOCKER_HOST: tcp://docker:2375 + QA_GDK_IMAGE: "${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-qa-gdk:master" + QA_GENERATE_ALLURE_REPORT: "false" + QA_CAN_TEST_PRAEFECT: "false" + QA_INTERCEPT_REQUESTS: "false" + QA_RUN_TYPE: e2e-test-on-gdk + TEST_LICENSE_MODE: $QA_TEST_LICENSE_MODE + EE_LICENSE: $QA_EE_LICENSE + GITHUB_ACCESS_TOKEN: $QA_GITHUB_ACCESS_TOKEN + GITLAB_QA_ADMIN_ACCESS_TOKEN: $QA_ADMIN_ACCESS_TOKEN + QA_KNAPSACK_REPORTS: qa-smoke,ee-instance-parallel + timeout: 2 hours + artifacts: + when: always + paths: + - test_output + - logs + expire_in: 7 days + script: + - echo -e "\e[0Ksection_start:`date +%s`:pull_image\r\e[0KPull GDK QA image" + - docker pull ${QA_GDK_IMAGE} + - echo -e "\e[0Ksection_end:`date +%s`:pull_image\r\e[0K" + - echo -e "\e[0Ksection_start:`date +%s`:launch_gdk_and_tests\r\e[0KLaunch GDK and run QA tests" + - cd qa && bundle install --jobs=$(nproc) --retry=3 --quiet + - mkdir -p $CI_PROJECT_DIR/test_output $CI_PROJECT_DIR/logs/gdk $CI_PROJECT_DIR/logs/gitlab + # This command matches the permissions of the user that runs GDK inside the container. + - chown -R 1000:1000 $CI_PROJECT_DIR/test_output $CI_PROJECT_DIR/logs + - | + docker run --rm --name gdk --add-host gdk.test:127.0.0.1 --shm-size=2gb \ + --env-file <(bundle exec rake ci:env_var_name_list) \ + --volume /var/run/docker.sock:/var/run/docker.sock:z \ + --volume $CI_PROJECT_DIR/test_output:/home/gdk/gdk/gitlab/qa/tmp:z \ + --volume $CI_PROJECT_DIR/logs/gdk:/home/gdk/gdk/log \ + --volume $CI_PROJECT_DIR/logs/gitlab:/home/gdk/gdk/gitlab/log \ + ${QA_GDK_IMAGE} "${CI_COMMIT_REF_SLUG}" "$TEST_GDK_TAGS --tag ~requires_praefect" || true + - echo -e "\e[0Ksection_end:`date +%s`:launch_gdk_and_tests\r\e[0K" + allow_failure: true + +test-on-gdk-smoke: + extends: + - .run-tests + parallel: 2 + variables: + TEST_GDK_TAGS: "--tag smoke" + QA_KNAPSACK_REPORT_NAME: qa-smoke + rules: + - when: always + +test-on-gdk-full: + extends: + - .run-tests + parallel: 5 + variables: + QA_KNAPSACK_REPORT_NAME: ee-instance-parallel + rules: + - when: manual diff --git a/.gitlab/ci/vendored-gems.gitlab-ci.yml b/.gitlab/ci/vendored-gems.gitlab-ci.yml index a22ac5337f6..1086d9074d2 100644 --- a/.gitlab/ci/vendored-gems.gitlab-ci.yml +++ b/.gitlab/ci/vendored-gems.gitlab-ci.yml @@ -85,3 +85,11 @@ vendor bundler-checksum: trigger: include: vendor/gems/bundler-checksum/.gitlab-ci.yml strategy: depend + +vendor gitlab_active_record: + extends: + - .vendor:rules:gitlab_active_record + needs: [] + trigger: + include: vendor/gems/gitlab_active_record/.gitlab-ci.yml + strategy: depend |