diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-07-20 18:40:28 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-07-20 18:40:28 +0300 |
| commit | b595cb0c1dec83de5bdee18284abe86614bed33b (patch) | |
| tree | 8c3d4540f193c5ff98019352f554e921b3a41a72 /.gitlab/ci | |
| parent | 2f9104a328fc8a4bddeaa4627b595166d24671d0 (diff) | |
Add latest changes from gitlab-org/gitlab@15-2-stable-eev15.2.0-rc42
Diffstat (limited to '.gitlab/ci')
| -rw-r--r-- | .gitlab/ci/build-images.gitlab-ci.yml | 14 | ||||
| -rw-r--r-- | .gitlab/ci/frontend.gitlab-ci.yml | 16 | ||||
| -rw-r--r-- | .gitlab/ci/global.gitlab-ci.yml | 10 | ||||
| -rw-r--r-- | .gitlab/ci/pages.gitlab-ci.yml | 2 | ||||
| -rw-r--r-- | .gitlab/ci/qa.gitlab-ci.yml | 8 | ||||
| -rw-r--r-- | .gitlab/ci/rails.gitlab-ci.yml | 18 | ||||
| -rw-r--r-- | .gitlab/ci/review-apps/main.gitlab-ci.yml | 6 | ||||
| -rw-r--r-- | .gitlab/ci/review-apps/qa.gitlab-ci.yml | 82 | ||||
| -rw-r--r-- | .gitlab/ci/review.gitlab-ci.yml | 6 | ||||
| -rw-r--r-- | .gitlab/ci/rules.gitlab-ci.yml | 118 | ||||
| -rw-r--r-- | .gitlab/ci/setup.gitlab-ci.yml | 25 | ||||
| -rw-r--r-- | .gitlab/ci/static-analysis.gitlab-ci.yml | 13 | ||||
| -rw-r--r-- | .gitlab/ci/vendored-gems.gitlab-ci.yml | 32 | ||||
| -rw-r--r-- | .gitlab/ci/workhorse.gitlab-ci.yml | 6 |
14 files changed, 222 insertions, 134 deletions
diff --git a/.gitlab/ci/build-images.gitlab-ci.yml b/.gitlab/ci/build-images.gitlab-ci.yml index 46d0bb2fb8f..3b360d66b7f 100644 --- a/.gitlab/ci/build-images.gitlab-ci.yml +++ b/.gitlab/ci/build-images.gitlab-ci.yml @@ -1,16 +1,9 @@ .base-image-build: extends: .use-kaniko + variables: + GIT_LFS_SKIP_SMUDGE: 1 script: - # With .git/hooks/post-checkout in place, Git tries to pull LFS objects, but the image doesn't have Git LFS, and we actually don't care about it for this specific so we just remove the file. - # Without removing the file, the error is as follows: "This repository is configured for Git LFS but 'git-lfs' was not found on your path. If you no longer wish to use Git LFS, remove this hook by deleting .git/hooks/post-checkout." - - rm -f .git/hooks/post-checkout - - if [ -n "$CI_MERGE_REQUEST_SOURCE_BRANCH_SHA" ]; then - echo "Checking out \$CI_MERGE_REQUEST_SOURCE_BRANCH_SHA ($CI_MERGE_REQUEST_SOURCE_BRANCH_SHA) instead of \$CI_COMMIT_SHA (merge result commit $CI_COMMIT_SHA) so that GitLab image built in omnibus-gitlab-mirror and QA image are in sync."; - git checkout -f ${CI_MERGE_REQUEST_SOURCE_BRANCH_SHA}; - else - echo "Building the image from \$CI_COMMIT_SHA ($CI_COMMIT_SHA) for this non-merge result pipeline."; - fi; - - echo "See https://docs.gitlab.com/ee/development/testing_guide/end_to_end/index.html#with-pipeline-for-merged-results for more details."; + - scripts/checkout-mr-source-sha retry: 2 # This image is used by: @@ -37,6 +30,7 @@ build-qa-image: --destination=${QA_IMAGE_BRANCH} \ --build-arg=CHROME_VERSION=${CHROME_VERSION} \ --build-arg=DOCKER_VERSION=${DOCKER_VERSION} \ + --build-arg=QA_BUILD_TARGET=${QA_BUILD_TARGET:-qa} \ --cache=true # This image is used by: diff --git a/.gitlab/ci/frontend.gitlab-ci.yml b/.gitlab/ci/frontend.gitlab-ci.yml index 8bfda0e6684..8c49d5c212a 100644 --- a/.gitlab/ci/frontend.gitlab-ci.yml +++ b/.gitlab/ci/frontend.gitlab-ci.yml @@ -11,7 +11,7 @@ - .default-retry - .default-before_script - .assets-compile-cache - image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-git-2.33-lfs-2.9-node-16.14-yarn-1.22-graphicsmagick-1.3.36 + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-node-16.14:rubygems-3.2-git-2.33-lfs-2.9-yarn-1.22-graphicsmagick-1.3.36 variables: SETUP_DB: "false" WEBPACK_VENDOR_DLL: "true" @@ -43,13 +43,7 @@ compile-production-assets: - webpack-report/ when: always before_script: - - if [ -n "$CI_MERGE_REQUEST_SOURCE_BRANCH_SHA" ]; then - echo "Checking out \$CI_MERGE_REQUEST_SOURCE_BRANCH_SHA ($CI_MERGE_REQUEST_SOURCE_BRANCH_SHA) instead of \$CI_COMMIT_SHA (merge result commit $CI_COMMIT_SHA) so that GitLab assets image tag actually reflect the commit for which assets were compiled."; - git checkout -f ${CI_MERGE_REQUEST_SOURCE_BRANCH_SHA}; - else - echo "Building the image from \$CI_COMMIT_SHA ($CI_COMMIT_SHA) for this non-merge result pipeline."; - fi; - - echo "See https://docs.gitlab.com/ee/development/testing_guide/end_to_end/index.html#with-pipeline-for-merged-results for more details."; + - scripts/checkout-mr-source-sha - !reference [.default-before_script, before_script] after_script: - rm -f /etc/apt/sources.list.d/google*.list # We don't need to update Chrome here @@ -186,6 +180,12 @@ graphql-schema-dump: - tmp/tests/graphql/gitlab_schema.graphql - tmp/tests/graphql/gitlab_schema.json +graphql-schema-dump as-if-foss: + extends: + - graphql-schema-dump + - .frontend:rules:eslint-as-if-foss + - .as-if-foss + .frontend-test-base: extends: - .default-retry diff --git a/.gitlab/ci/global.gitlab-ci.yml b/.gitlab/ci/global.gitlab-ci.yml index 344a31b28d8..9c92b11d4fd 100644 --- a/.gitlab/ci/global.gitlab-ci.yml +++ b/.gitlab/ci/global.gitlab-ci.yml @@ -79,7 +79,7 @@ policy: push # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up. .assets-cache: &assets-cache - key: "assets-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-node-${NODE_ENV}" + key: "assets-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-node-${NODE_ENV}-v2" paths: - assets-hash.txt - public/assets/webpack/ @@ -179,11 +179,19 @@ - *ruby-gems-cache - *node-modules-cache +.qa-bundler-variables: &qa-bundler-variables + variables: + BUNDLE_SUPPRESS_INSTALL_USING_MESSAGES: "true" + BUNDLE_SILENCE_ROOT_WARNING: "true" + BUNDLE_PATH: vendor + .qa-cache: + <<: *qa-bundler-variables cache: - *qa-ruby-gems-cache .qa-cache-push: + <<: *qa-bundler-variables cache: - *qa-ruby-gems-cache-push diff --git a/.gitlab/ci/pages.gitlab-ci.yml b/.gitlab/ci/pages.gitlab-ci.yml index 6f96d84b8e3..1f9f57cfc22 100644 --- a/.gitlab/ci/pages.gitlab-ci.yml +++ b/.gitlab/ci/pages.gitlab-ci.yml @@ -15,7 +15,7 @@ pages: - job: "compile-production-assets" - job: "compile-storybook" # `update-tests-metadata` only runs on GitLab.com's EE schedules pipelines - # while `pages` runs for all the 2-hourly schedules. + # while `pages` runs for all the maintenance scheduled pipelines. - job: "update-tests-metadata" optional: true before_script: diff --git a/.gitlab/ci/qa.gitlab-ci.yml b/.gitlab/ci/qa.gitlab-ci.yml index 5ca70da352a..12275260c0c 100644 --- a/.gitlab/ci/qa.gitlab-ci.yml +++ b/.gitlab/ci/qa.gitlab-ci.yml @@ -11,8 +11,7 @@ QA_EXPORT_TEST_METRICS: "false" before_script: - !reference [.default-before_script, before_script] - - cd qa/ - - bundle install + - cd qa && bundle install qa:internal: extends: @@ -73,8 +72,7 @@ populate-qa-tests-var: image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7-alpine stage: prepare script: - - tooling/bin/qa/check_if_qa_only_spec_changes ${CHANGES_FILE} ${ONLY_QA_CHANGES_FILE} - - '[ -f $ONLY_QA_CHANGES_FILE ] && export QA_TESTS="`cat $ONLY_QA_CHANGES_FILE`"' + - export QA_TESTS=$(scripts/determine-qa-tests --files $CHANGES_FILE --labels "$CI_MERGE_REQUEST_LABELS") - 'echo "QA_TESTS=$QA_TESTS" >> qa_tests_var.env' - 'echo "QA_TESTS: $QA_TESTS"' artifacts: @@ -83,11 +81,9 @@ populate-qa-tests-var: dotenv: qa_tests_var.env paths: - ${CHANGES_FILE} - - ${ONLY_QA_CHANGES_FILE} - qa_tests_var.env variables: CHANGES_FILE: tmp/changed_files.txt - ONLY_QA_CHANGES_FILE: tmp/qa_only_changed_files.txt needs: - detect-tests diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml index 0358fe8ec49..6fa9d14d47b 100644 --- a/.gitlab/ci/rails.gitlab-ci.yml +++ b/.gitlab/ci/rails.gitlab-ci.yml @@ -201,8 +201,9 @@ setup-test-env: - ${TMP_TEST_FOLDER}/gitlab-elasticsearch-indexer/bin/gitlab-elasticsearch-indexer - ${TMP_TEST_FOLDER}/gitlab-shell/ - ${TMP_TEST_FOLDER}/gitlab-test-fork/ - - ${TMP_TEST_FOLDER}/gitlab-test-fork_bare/ + - ${TMP_TEST_FOLDER}/gitlab-test-fork.bundle - ${TMP_TEST_FOLDER}/gitlab-test/ + - ${TMP_TEST_FOLDER}/gitlab-test.bundle - ${TMP_TEST_FOLDER}/repositories/ - ${TMP_TEST_FOLDER}/second_storage/ - ${TMP_TEST_GITLAB_WORKHORSE_PATH}/ @@ -609,17 +610,16 @@ rspec:undercoverage: stage: post-test needs: ["rspec:coverage"] script: - - if [ -n "$CI_MERGE_REQUEST_SOURCE_BRANCH_SHA" ]; then - echo "Checking out \$CI_MERGE_REQUEST_SOURCE_BRANCH_SHA ($CI_MERGE_REQUEST_SOURCE_BRANCH_SHA) instead of \$CI_COMMIT_SHA (merge result commit $CI_COMMIT_SHA) so we can use $CI_MERGE_REQUEST_DIFF_BASE_SHA for undercoverage in this merged result pipeline"; - git checkout -f ${CI_MERGE_REQUEST_SOURCE_BRANCH_SHA}; - bundle_install_script; + - if [ -n "$CI_MERGE_REQUEST_TARGET_BRANCH_SHA" ]; then + echo "HEAD is $(git rev-parse HEAD). \$CI_MERGE_REQUEST_TARGET_BRANCH_SHA is ${CI_MERGE_REQUEST_TARGET_BRANCH_SHA}"; else - echo "Using \$CI_COMMIT_SHA ($CI_COMMIT_SHA) for this non-merge result pipeline."; + echo "HEAD is $(git rev-parse HEAD). \$CI_MERGE_REQUEST_DIFF_BASE_SHA is ${CI_MERGE_REQUEST_DIFF_BASE_SHA}"; fi; - - UNDERCOVERAGE_COMPARE="${CI_MERGE_REQUEST_DIFF_BASE_SHA:-$(git merge-base origin/master HEAD)}" - - echo "Undercoverage comparing with ${UNDERCOVERAGE_COMPARE}" + - UNDERCOVERAGE_COMPARE="${CI_MERGE_REQUEST_TARGET_BRANCH_SHA:-$CI_MERGE_REQUEST_DIFF_BASE_SHA}" + - git diff ${UNDERCOVERAGE_COMPARE} --stat + - echo "Undercoverage comparing with ${UNDERCOVERAGE_COMPARE}." - if [ -f scripts/undercoverage ]; then - run_timed_command "scripts/undercoverage ${UNDERCOVERAGE_COMPARE}"; + run_timed_command "bundle exec scripts/undercoverage ${UNDERCOVERAGE_COMPARE}"; fi; rspec:feature-flags: diff --git a/.gitlab/ci/review-apps/main.gitlab-ci.yml b/.gitlab/ci/review-apps/main.gitlab-ci.yml index f3cde5d7318..7f3ae70da8c 100644 --- a/.gitlab/ci/review-apps/main.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/main.gitlab-ci.yml @@ -20,7 +20,7 @@ review-build-cng-env: extends: - .default-retry - .review:rules:review-build-cng - image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}-alpine3.13 + image: ${GITLAB_DEPENDENCY_PROXY}ruby:3.0-alpine3.13 stage: prepare needs: [] before_script: @@ -77,9 +77,9 @@ review-build-cng: variables: HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}" DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}" - GITLAB_HELM_CHART_REF: "a6a609a19166f00b1a7774374041cd38a9f7e20d" + GITLAB_HELM_CHART_REF: "138c146a5ba787942f66d4c7d795d224d6ba206a" environment: - name: review/${CI_COMMIT_REF_SLUG}${FREQUENCY} + name: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # No separator for SCHEDULE_TYPE so it's compatible as before and looks nice without it url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN} on_stop: review-stop auto_stop_in: 48 hours diff --git a/.gitlab/ci/review-apps/qa.gitlab-ci.yml b/.gitlab/ci/review-apps/qa.gitlab-ci.yml index 07ad5a31135..8c48e803ad3 100644 --- a/.gitlab/ci/review-apps/qa.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/qa.gitlab-ci.yml @@ -5,13 +5,7 @@ include: - /ci/allure-report.yml - /ci/knapsack-report.yml -.bundler_variables: - variables: - BUNDLE_SUPPRESS_INSTALL_USING_MESSAGES: "true" - BUNDLE_SILENCE_ROOT_WARNING: "true" - BUNDLE_PATH: vendor - -.test_variables: +.test-variables: variables: QA_GENERATE_ALLURE_REPORT: "true" COLORIZED_LOGS: "true" @@ -22,13 +16,20 @@ include: GITLAB_QA_ADMIN_ACCESS_TOKEN: "${REVIEW_APPS_ROOT_TOKEN}" GITHUB_ACCESS_TOKEN: "${REVIEW_APPS_QA_GITHUB_ACCESS_TOKEN}" +.bundle-base: + extends: + - .qa-cache + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-${RUBY_VERSION}:bundler-2.3 + before_script: + - export QA_GITLAB_URL="$(cat environment_url.txt)" + - cd qa && bundle install + .review-qa-base: extends: - .use-docker-in-docker - - .qa-cache - - .test_variables - - .bundler_variables - image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-2.7:bundler-2.3-git-2.33-lfs-2.9-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION}-gcloud-383-kubectl-1.23 + - .bundle-base + - .test-variables + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-${RUBY_VERSION}:bundler-2.3-git-2.33-lfs-2.9-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION}-gcloud-383-kubectl-1.23 stage: qa needs: - review-deploy @@ -38,11 +39,13 @@ include: DOCKER_TLS_CERTDIR: /certs DOCKER_CERT_PATH: /certs/client DOCKER_TLS_VERIFY: 1 + GIT_LFS_SKIP_SMUDGE: 1 + WD_INSTALL_DIR: /usr/local/bin before_script: - - export EE_LICENSE="$(cat $REVIEW_APPS_EE_LICENSE_FILE)" - - export QA_GITLAB_URL="$(cat environment_url.txt)" - - cd qa && bundle install + - scripts/checkout-mr-source-sha + - !reference [.bundle-base, before_script] script: + - export EE_LICENSE="$(cat $REVIEW_APPS_EE_LICENSE_FILE)" - qa_run_status=0 - | bundle exec rake "knapsack:rspec[\ @@ -52,7 +55,6 @@ include: --tag ~skip_signup_disabled \ --tag ~requires_git_protocol_v2 \ --tag ~requires_praefect \ - --tag ~sanity_feature_flags \ --force-color \ --order random \ --format documentation \ @@ -82,16 +84,12 @@ include: # Store knapsack report as artifact so the same report is reused across all jobs download-knapsack-report: - image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-2.7:bundler-2.3-git-2.33-chrome-${CHROME_VERSION} extends: - - .qa-cache - - .bundler_variables + - .bundle-base - .review:rules:review-qa-reliable stage: prepare variables: QA_KNAPSACK_REPORTS: review-qa-reliable,review-qa-all - before_script: - - cd qa && bundle install script: - bundle exec rake "knapsack:download" allow_failure: true @@ -100,29 +98,6 @@ download-knapsack-report: - qa/knapsack/review-qa-*.json expire_in: 1 day -review-qa-sanity: - extends: - - .review-qa-base - - .review:rules:review-qa-sanity - retry: 1 - variables: - QA_RUN_TYPE: review-qa-sanity - script: - - qa_run_status=0 - - | - bundle exec rake "knapsack:rspec[\ - --tag sanity_feature_flags \ - --force-color \ - --order random \ - --format documentation \ - --format RspecJunitFormatter --out tmp/rspec.xml \ - ]" || qa_run_status=$? - - if [ ${qa_run_status} -ne 0 ]; then - release_sha=$(echo "${CI_MERGE_REQUEST_SOURCE_BRANCH_SHA:-${CI_COMMIT_SHA}}" | cut -c1-11); - echo "Errors can be found at https://sentry.gitlab.net/gitlab/gitlab-review-apps/releases/${release_sha}/all-events/."; - fi - - exit ${qa_run_status} - review-qa-smoke: extends: - .review-qa-base @@ -140,7 +115,7 @@ review-qa-reliable: parallel: 10 variables: QA_RUN_TYPE: review-qa-reliable - RSPEC_TAGS: --tag reliable + RSPEC_TAGS: --tag reliable --tag sanity_feature_flags review-qa-all: extends: @@ -149,7 +124,7 @@ review-qa-all: parallel: 5 variables: QA_RUN_TYPE: review-qa-all - RSPEC_TAGS: --tag ~reliable --tag ~smoke + RSPEC_TAGS: --tag ~reliable --tag ~smoke --tag ~sanity_feature_flags review-performance: extends: @@ -202,8 +177,21 @@ allure-report-qa-all: upload-knapsack-report: extends: - .generate-knapsack-report-base + - .bundle-base stage: post-qa variables: - # knapsack report upload uses gitlab-qa image with code already there - GIT_STRATEGY: none QA_KNAPSACK_REPORT_FILE_PATTERN: $CI_PROJECT_DIR/qa/tmp/knapsack/*/*.json + +delete-test-resources: + extends: + - .bundle-base + - .review:rules:review-qa-cleanup + stage: post-qa + variables: + QA_TEST_RESOURCES_FILE_PATTERN: $CI_PROJECT_DIR/qa/tmp/test-resources-*.json + GITLAB_QA_ACCESS_TOKEN: $REVIEW_APPS_ROOT_TOKEN + COLORIZED_LOGS: "true" + script: + - export GITLAB_ADDRESS="$QA_GITLAB_URL" + - bundle exec rake "test_resources:delete[$QA_TEST_RESOURCES_FILE_PATTERN]" + allow_failure: true diff --git a/.gitlab/ci/review.gitlab-ci.yml b/.gitlab/ci/review.gitlab-ci.yml index 26c7306c880..b2cd9d61fd8 100644 --- a/.gitlab/ci/review.gitlab-ci.yml +++ b/.gitlab/ci/review.gitlab-ci.yml @@ -5,10 +5,10 @@ review-cleanup: extends: - .default-retry - .review:rules:review-cleanup - image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:gitlab-helm3.5-kubectl1.17 + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/ruby-3.0:gcloud-383-kubectl-1.23-helm-3.5 stage: prepare environment: - name: review/${CI_COMMIT_REF_SLUG}${FREQUENCY} + name: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # No separator for SCHEDULE_TYPE so it's compatible as before and looks nice without it action: stop before_script: - source scripts/utils.sh @@ -33,7 +33,7 @@ start-review-app-pipeline: # They need to be explicitly passed on to the child pipeline. # https://docs.gitlab.com/ee/ci/pipelines/multi_project_pipelines.html#pass-cicd-variables-to-a-downstream-pipeline-by-using-the-variables-keyword variables: - FREQUENCY: $FREQUENCY + SCHEDULE_TYPE: $SCHEDULE_TYPE DAST_RUN: $DAST_RUN trigger: include: diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml index ccdc2c1b90a..93790f431dd 100644 --- a/.gitlab/ci/rules.gitlab-ci.yml +++ b/.gitlab/ci/rules.gitlab-ci.yml @@ -49,6 +49,9 @@ .if-merge-request-targeting-stable-branch: &if-merge-request-targeting-stable-branch if: '$CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ /^[\d-]+-stable(-ee)?$/' +.if-merge-request-labels-run-in-ruby3: &if-merge-request-labels-run-in-ruby3 + if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-in-ruby3/' + .if-merge-request-labels-as-if-foss: &if-merge-request-labels-as-if-foss if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-as-if-foss/' @@ -91,11 +94,11 @@ .if-fork-merge-request: &if-fork-merge-request if: '$CI_PROJECT_NAMESPACE !~ /^gitlab(-org)?($|\/)/ && $CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_LABELS !~ /pipeline:run-all-rspec/' -.if-default-branch-schedule-2-hourly: &if-default-branch-schedule-2-hourly - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "schedule" && $FREQUENCY == "2-hourly"' +.if-default-branch-schedule-maintenance: &if-default-branch-schedule-maintenance + if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "maintenance"' .if-default-branch-schedule-nightly: &if-default-branch-schedule-nightly - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "schedule" && $FREQUENCY == "nightly"' + if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "nightly"' .if-security-schedule: &if-security-schedule if: '$CI_PROJECT_NAMESPACE == "gitlab-org/security" && $CI_PIPELINE_SOURCE == "schedule"' @@ -106,17 +109,14 @@ .if-dot-com-ee-schedule: &if-dot-com-ee-schedule if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "schedule"' -.if-dot-com-ee-schedule-child-pipeline: &if-dot-com-ee-schedule-child-pipeline - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "parent_pipeline" && $FREQUENCY' - -.if-dot-com-ee-2-hourly-schedule: &if-dot-com-ee-2-hourly-schedule - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "schedule" && $FREQUENCY == "2-hourly"' +.if-dot-com-ee-schedule-maintenance: &if-dot-com-ee-schedule-maintenance + if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "maintenance"' -.if-dot-com-ee-nightly-schedule: &if-dot-com-ee-nightly-schedule - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "schedule" && $FREQUENCY == "nightly"' +.if-dot-com-ee-schedule-nightly: &if-dot-com-ee-schedule-nightly + if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "nightly"' -.if-dot-com-ee-nightly-schedule-child-pipeline: &if-dot-com-ee-nightly-schedule-child-pipeline - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "parent_pipeline" && $FREQUENCY == "nightly"' +.if-dot-com-ee-schedule-nightly-child-pipeline: &if-dot-com-ee-schedule-nightly-child-pipeline + if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "parent_pipeline" && $SCHEDULE_TYPE == "nightly"' .if-dot-com-gitlab-org-default-branch: &if-dot-com-gitlab-org-default-branch if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH' @@ -127,6 +127,9 @@ .if-dot-com-gitlab-org-and-security-merge-request: &if-dot-com-gitlab-org-and-security-merge-request if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && $CI_MERGE_REQUEST_IID' +.if-dot-com-gitlab-org-and-security-merge-request-and-qa-tests-specified: &if-dot-com-gitlab-org-and-security-merge-request-and-qa-tests-specified + if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && $CI_MERGE_REQUEST_IID && $QA_TESTS' + .if-dot-com-gitlab-org-and-security-merge-request-manual-ff-package-and-qa: &if-dot-com-gitlab-org-and-security-merge-request-manual-ff-package-and-qa if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && $CI_MERGE_REQUEST_IID && $QA_MANUAL_FF_PACKAGE_AND_QA' @@ -325,7 +328,6 @@ - "danger/**/*" - "{,ee/,jh/}fixtures/**/*" - "{,ee/,jh/}rubocop/**/*" - - ".rubocop_todo/**/*.yml" - "{,ee/,jh/}spec/**/*" - "{,spec/}tooling/**/*" @@ -343,8 +345,7 @@ - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo}.yml" - - ".rubocop_todo/**/*.yml" + - ".gitlab-ci.yml" - "*_VERSION" - "{,jh/}Gemfile{,.lock}" - "Rakefile" @@ -368,8 +369,7 @@ - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo}.yml" - - ".rubocop_todo/**/*.yml" + - ".gitlab-ci.yml" - "*_VERSION" - "{,jh/}Gemfile{,.lock}" - "Rakefile" @@ -400,8 +400,7 @@ - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo}.yml" - - ".rubocop_todo/**/*.yml" + - ".gitlab-ci.yml" - "*_VERSION" - "{,jh/}Gemfile{,.lock}" - "Rakefile" @@ -428,8 +427,7 @@ - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo}.yml" - - ".rubocop_todo/**/*.yml" + - ".gitlab-ci.yml" - "*_VERSION" - "{,jh/}Gemfile{,.lock}" - "Rakefile" @@ -463,8 +461,7 @@ - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo}.yml" - - ".rubocop_todo/**/*.yml" + - ".gitlab-ci.yml" - "*_VERSION" - "{,jh/}Gemfile{,.lock}" - "Rakefile" @@ -494,6 +491,12 @@ - "scripts/lint_templates_bash.rb" - "lib/gitlab/ci/templates/**/*.gitlab-ci.yml" +.static-analysis-patterns: &static-analysis-patterns + - ".{codeclimate,eslintrc,haml-lint,haml-lint_todo}.yml" + - ".rubocop.yml" + - ".rubocop_todo.yml" + - ".rubocop_todo/**/*.yml" + .danger-patterns: &danger-patterns - "Dangerfile" - "danger/**/*" @@ -622,7 +625,7 @@ ################ .shared:rules:update-cache: rules: - - <<: *if-default-branch-schedule-2-hourly + - <<: *if-default-branch-schedule-maintenance - <<: *if-security-schedule - <<: *if-merge-request-labels-update-caches @@ -828,9 +831,7 @@ .frontend:rules:eslint-as-if-foss: rules: - !reference [".strict-ee-only-rules", rules] - # We already have `static-analysis as-if-foss` which already runs `lint:eslint:all` if the `pipeline:run-as-if-foss` label is set. - <<: *if-merge-request-labels-as-if-foss - when: never - <<: *if-merge-request changes: *frontend-patterns @@ -881,7 +882,7 @@ ############### .pages:rules: rules: - - <<: *if-dot-com-ee-2-hourly-schedule + - <<: *if-dot-com-ee-schedule-maintenance ############ # QA rules # @@ -943,6 +944,9 @@ - <<: *if-dot-com-gitlab-org-and-security-merge-request changes: *qa-patterns allow_failure: true + - <<: *if-dot-com-gitlab-org-and-security-merge-request-and-qa-tests-specified + changes: *code-patterns + allow_failure: true - <<: *if-dot-com-gitlab-org-and-security-merge-request changes: *code-patterns when: manual @@ -1378,7 +1382,7 @@ - <<: *if-merge-request changes: *code-backstage-patterns when: always - - <<: *if-default-branch-schedule-2-hourly + - <<: *if-default-branch-schedule-maintenance - <<: *if-merge-request-labels-run-all-rspec when: always @@ -1434,16 +1438,19 @@ .static-analysis:rules:ee-and-foss: rules: - changes: *code-backstage-qa-patterns + - changes: *static-analysis-patterns .static-analysis:rules:ee-and-foss-qa: rules: - changes: *qa-patterns + - changes: *static-analysis-patterns .static-analysis:rules:ee: rules: - <<: *if-not-ee when: never - changes: *code-backstage-qa-patterns + - changes: *static-analysis-patterns .static-analysis:rules:as-if-foss: rules: @@ -1455,6 +1462,8 @@ changes: *code-backstage-qa-patterns - <<: *if-merge-request changes: *ci-patterns + - <<: *if-merge-request + changes: *static-analysis-patterns ####################### # Vendored gems rules # @@ -1466,6 +1475,31 @@ changes: ["vendor/gems/mail-smtp_pool/**/*"] - <<: *if-merge-request-labels-run-all-rspec +.vendor:rules:ipynbdiff: + rules: + - <<: *if-merge-request + changes: ["vendor/gems/ipynbdiff/**/*"] + - <<: *if-merge-request-labels-run-all-rspec + +.vendor:rules:omniauth_crowd: + rules: + - <<: *if-merge-request + changes: ["vendor/gems/omniauth_crowd/**/*"] + - <<: *if-merge-request-labels-run-all-rspec + + +.vendor:rules:omniauth-gitlab: + rules: + - <<: *if-merge-request + changes: ["vendor/gems/omniauth-gitlab/**/*"] + - <<: *if-merge-request-labels-run-all-rspec + +.vendor:rules:devise-pbkdf2-encryptable: + rules: + - <<: *if-merge-request + changes: ["vendor/gems/devise-pbkdf2-encryptable/**/*"] + - <<: *if-merge-request-labels-run-all-rspec + ################## # Releases rules # ################## @@ -1524,6 +1558,7 @@ - '**/*.tsx' - '**/*.c' - '**/*.go' + - '**/*.rb' .reports:rules:secret_detection: rules: @@ -1561,13 +1596,13 @@ rules: - if: '$DAST_DISABLED || $GITLAB_FEATURES !~ /\bdast\b/' when: never - - <<: *if-dot-com-ee-nightly-schedule-child-pipeline + - <<: *if-dot-com-ee-schedule-nightly-child-pipeline .reports:rules:package_hunter-yarn: rules: - if: "$PACKAGE_HUNTER_USER == null || $PACKAGE_HUNTER_USER == ''" when: never - - <<: *if-default-branch-schedule-2-hourly + - <<: *if-default-branch-schedule-maintenance - <<: *if-merge-request changes: ["yarn.lock"] @@ -1575,7 +1610,7 @@ rules: - if: "$PACKAGE_HUNTER_USER == null || $PACKAGE_HUNTER_USER == ''" when: never - - <<: *if-default-branch-schedule-2-hourly + - <<: *if-default-branch-schedule-maintenance - <<: *if-merge-request changes: ["Gemfile.lock"] @@ -1612,6 +1647,7 @@ when: manual allow_failure: true - <<: *if-dot-com-gitlab-org-schedule + allow_failure: true variables: KNAPSACK_GENERATE_REPORT: "true" @@ -1637,10 +1673,6 @@ rules: - when: on_success -.review:rules:review-qa-sanity: - rules: - - when: on_success - .review:rules:review-qa-smoke: rules: - when: on_success @@ -1680,10 +1712,17 @@ - when: on_success - when: on_failure +.review:rules:review-qa-cleanup: + rules: + - when: always + .review:rules:review-cleanup: rules: - <<: *if-not-ee when: never + - <<: *if-dot-com-gitlab-org-merge-request + when: manual + allow_failure: true - <<: *if-dot-com-gitlab-org-schedule allow_failure: true @@ -1747,6 +1786,10 @@ - <<: *if-default-refs changes: *code-backstage-patterns +.setup:rules:verify-ruby-2.7: + rules: + - <<: *if-merge-request-labels-run-in-ruby3 + .setup:rules:verify-tests-yml: rules: - <<: *if-not-ee @@ -1760,12 +1803,11 @@ when: never - <<: *if-merge-request-labels-jh-contribution - .setup:rules:generate-frontend-fixtures-mapping: rules: - <<: *if-not-ee when: never - - <<: *if-dot-com-ee-2-hourly-schedule + - <<: *if-dot-com-ee-schedule-maintenance - changes: - ".gitlab/ci/setup.gitlab-ci.yml" - ".gitlab/ci/test-metadata.gitlab-ci.yml" @@ -1797,7 +1839,7 @@ rules: - <<: *if-not-ee when: never - - <<: *if-dot-com-ee-2-hourly-schedule + - <<: *if-dot-com-ee-schedule-maintenance - changes: - ".gitlab/ci/test-metadata.gitlab-ci.yml" - "scripts/rspec_helpers.sh" diff --git a/.gitlab/ci/setup.gitlab-ci.yml b/.gitlab/ci/setup.gitlab-ci.yml index 505caeec837..2da397aaab8 100644 --- a/.gitlab/ci/setup.gitlab-ci.yml +++ b/.gitlab/ci/setup.gitlab-ci.yml @@ -23,13 +23,19 @@ cache gems: - .default-retry needs: [] -dont-interrupt-me: - extends: .setup:rules:dont-interrupt-me - stage: sync +.absolutely-minimal-job: + extends: + - .minimal-job image: ${GITLAB_DEPENDENCY_PROXY}alpine:edge - interruptible: false variables: GIT_STRATEGY: none + +dont-interrupt-me: + extends: + - .absolutely-minimal-job + - .setup:rules:dont-interrupt-me + stage: sync + interruptible: false script: - echo "This jobs makes sure this pipeline won't be interrupted! See https://docs.gitlab.com/ee/ci/yaml/#interruptible." @@ -57,6 +63,15 @@ no-jh-check: script: - scripts/no-dir-check jh +verify-ruby-2.7: + extends: + - .absolutely-minimal-job + - .setup:rules:verify-ruby-2.7 + stage: prepare + script: + - echo 'Please remove label ~"pipeline:run-in-ruby3" so we do test against Ruby 2.7 (default version) before merging the merge request' + - exit 1 + verify-tests-yml: extends: - .setup:rules:verify-tests-yml @@ -70,8 +85,8 @@ verify-tests-yml: verify-approvals: extends: + - .minimal-job - .setup:rules:jh-contribution - needs: [] script: - source scripts/utils.sh - install_gitlab_gem diff --git a/.gitlab/ci/static-analysis.gitlab-ci.yml b/.gitlab/ci/static-analysis.gitlab-ci.yml index e1257e778bd..b4efd9e49bf 100644 --- a/.gitlab/ci/static-analysis.gitlab-ci.yml +++ b/.gitlab/ci/static-analysis.gitlab-ci.yml @@ -7,7 +7,6 @@ variables: SETUP_DB: "false" ENABLE_SPRING: "1" - SKIP_LOG_INITIALIZER_CONNECTIONS: "1" # Disable warnings in browserslist which can break on backports # https://github.com/browserslist/browserslist/blob/a287ec6/node.js#L367-L384 BROWSERSLIST_IGNORE_OLD_DATA: "true" @@ -49,7 +48,7 @@ static-verification-with-database: variables: SETUP_DB: "true" -generate-apollo-graphl-schema: +generate-apollo-graphql-schema: extends: - .static-analysis-base - .frontend:rules:default-frontend-jobs @@ -66,12 +65,19 @@ generate-apollo-graphl-schema: paths: - "${GRAPHQL_SCHEMA_APOLLO_FILE}" +generate-apollo-graphql-schema as-if-foss: + extends: + - generate-apollo-graphql-schema + - .frontend:rules:eslint-as-if-foss + - .as-if-foss + needs: ['graphql-schema-dump as-if-foss'] + eslint: extends: - .static-analysis-base - .yarn-cache - .frontend:rules:default-frontend-jobs - needs: ['generate-apollo-graphl-schema'] + needs: ['generate-apollo-graphql-schema'] variables: USE_BUNDLE_INSTALL: "false" script: @@ -83,6 +89,7 @@ eslint as-if-foss: - eslint - .frontend:rules:eslint-as-if-foss - .as-if-foss + needs: ['generate-apollo-graphql-schema as-if-foss'] haml-lint foss: extends: diff --git a/.gitlab/ci/vendored-gems.gitlab-ci.yml b/.gitlab/ci/vendored-gems.gitlab-ci.yml index a39c4307c13..8596d770a87 100644 --- a/.gitlab/ci/vendored-gems.gitlab-ci.yml +++ b/.gitlab/ci/vendored-gems.gitlab-ci.yml @@ -5,3 +5,35 @@ vendor mail-smtp_pool: trigger: include: vendor/gems/mail-smtp_pool/.gitlab-ci.yml strategy: depend + +vendor ipynbdiff: + extends: + - .vendor:rules:ipynbdiff + needs: [] + trigger: + include: vendor/gems/ipynbdiff/.gitlab-ci.yml + strategy: depend + +vendor omniauth_crowd: + extends: + - .vendor:rules:omniauth_crowd + needs: [] + trigger: + include: vendor/gems/omniauth_crowd/.gitlab-ci.yml + strategy: depend + +vendor omniauth-gitlab: + extends: + - .vendor:rules:omniauth-gitlab + needs: [] + trigger: + include: vendor/gems/omniauth-gitlab/.gitlab-ci.yml + strategy: depend + +vendor devise-pbkdf2-encryptable: + extends: + - .vendor:rules:devise-pbkdf2-encryptable + needs: [] + trigger: + include: vendor/gems/devise-pbkdf2-encryptable/.gitlab-ci.yml + strategy: depend diff --git a/.gitlab/ci/workhorse.gitlab-ci.yml b/.gitlab/ci/workhorse.gitlab-ci.yml index 6db3582bdab..ade2f65441f 100644 --- a/.gitlab/ci/workhorse.gitlab-ci.yml +++ b/.gitlab/ci/workhorse.gitlab-ci.yml @@ -23,3 +23,9 @@ workhorse:verify: workhorse:test using go 1.17: extends: .workhorse:test image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-golang-1.17-git-2.31 + +workhorse:test using go 1.17 with FIPS: + extends: .workhorse:test + variables: + WORKHORSE_TEST_FIPS_ENABLED: 1 + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-golang-1.17-git-2.31 |