diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-06 18:09:27 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-06 18:09:27 +0300 |
commit | 638e2f1c5f55988135da63c7aa57bcecb9355a2b (patch) | |
tree | c25a1deeec9e02411f52a5eb831c42fa41778f9a /.gitlab | |
parent | 4958d96e262f6b31b2850123e4949536555b2d29 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to '.gitlab')
-rw-r--r-- | .gitlab/ci/ci-templates.gitlab-ci.yml | 2 | ||||
-rw-r--r-- | .gitlab/ci/dev-fixtures.gitlab-ci.yml | 4 | ||||
-rw-r--r-- | .gitlab/ci/frontend.gitlab-ci.yml | 2 | ||||
-rw-r--r-- | .gitlab/ci/glfm.gitlab-ci.yml | 2 | ||||
-rw-r--r-- | .gitlab/ci/global.gitlab-ci.yml | 87 | ||||
-rw-r--r-- | .gitlab/ci/memory.gitlab-ci.yml | 2 | ||||
-rw-r--r-- | .gitlab/ci/rails.gitlab-ci.yml | 462 | ||||
-rw-r--r-- | .gitlab/ci/rails/rspec-foss-impact.gitlab-ci.yml.erb | 2 | ||||
-rw-r--r-- | .gitlab/ci/rails/shared.gitlab-ci.yml | 38 | ||||
-rw-r--r-- | .gitlab/ci/setup.gitlab-ci.yml | 2 | ||||
-rw-r--r-- | .gitlab/ci/static-analysis.gitlab-ci.yml | 2 | ||||
-rw-r--r-- | .gitlab/ci/test-metadata.gitlab-ci.yml | 20 | ||||
-rw-r--r-- | .gitlab/issue_templates/Pipeline Security issue implementation | 98 |
13 files changed, 508 insertions, 215 deletions
diff --git a/.gitlab/ci/ci-templates.gitlab-ci.yml b/.gitlab/ci/ci-templates.gitlab-ci.yml index c6681db9685..a00de8cb533 100644 --- a/.gitlab/ci/ci-templates.gitlab-ci.yml +++ b/.gitlab/ci/ci-templates.gitlab-ci.yml @@ -4,7 +4,7 @@ templates-shellcheck: - .default-before_script - .default-retry - .ruby-cache - - .use-pg14 + - .use-pg15 stage: test needs: - setup-test-env diff --git a/.gitlab/ci/dev-fixtures.gitlab-ci.yml b/.gitlab/ci/dev-fixtures.gitlab-ci.yml index 5464e154b3f..642bad53772 100644 --- a/.gitlab/ci/dev-fixtures.gitlab-ci.yml +++ b/.gitlab/ci/dev-fixtures.gitlab-ci.yml @@ -3,7 +3,7 @@ - .default-retry - .ruby-cache - .default-before_script - - .use-pg13 + - .use-pg14 stage: test needs: ["setup-test-env"] variables: @@ -29,7 +29,7 @@ run-dev-fixtures-ee: extends: - .run-dev-fixtures - .dev-fixtures:rules:ee-only - - .use-pg13-es7-ee + - .use-pg14-es7-ee script: - cp ee/db/fixtures/development/* $FIXTURE_PATH - *run-dev-fixtures-script diff --git a/.gitlab/ci/frontend.gitlab-ci.yml b/.gitlab/ci/frontend.gitlab-ci.yml index 790a9140445..0e630fcd811 100644 --- a/.gitlab/ci/frontend.gitlab-ci.yml +++ b/.gitlab/ci/frontend.gitlab-ci.yml @@ -129,7 +129,7 @@ retrieve-frontend-fixtures: - .default-retry - .default-before_script - .ruby-cache - - .use-pg13 + - .use-pg14 stage: fixtures needs: ["setup-test-env", "retrieve-tests-metadata", "retrieve-frontend-fixtures"] variables: diff --git a/.gitlab/ci/glfm.gitlab-ci.yml b/.gitlab/ci/glfm.gitlab-ci.yml index 008bb03de25..3f9ddaa791c 100644 --- a/.gitlab/ci/glfm.gitlab-ci.yml +++ b/.gitlab/ci/glfm.gitlab-ci.yml @@ -2,7 +2,7 @@ glfm-verify: extends: - .rails-job-base - .glfm:rules:glfm-verify - - .use-pg13 + - .use-pg14 stage: test needs: ["setup-test-env"] script: diff --git a/.gitlab/ci/global.gitlab-ci.yml b/.gitlab/ci/global.gitlab-ci.yml index 120e5117fb2..39eb005ac2d 100644 --- a/.gitlab/ci/global.gitlab-ci.yml +++ b/.gitlab/ci/global.gitlab-ci.yml @@ -249,6 +249,18 @@ POSTGRES_HOST_AUTH_METHOD: trust PG_VERSION: "14" +.use-pg15: + services: + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:postgres-15-pgvector-0.4.1 + command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] + alias: postgres + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:redis-cluster-6.2.12 + alias: rediscluster # configure connections in config/redis.yml + - name: redis:6.2-alpine + variables: + POSTGRES_HOST_AUTH_METHOD: trust + PG_VERSION: "15" + .use-pg12-es7-ee: services: - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:postgres-12-pgvector-0.4.1 @@ -303,6 +315,24 @@ ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060 ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070 +.use-pg15-es7-ee: + services: + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:postgres-15-pgvector-0.4.1 + command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] + alias: postgres + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:redis-cluster-6.2.12 + alias: rediscluster # configure connections in config/redis.yml + - name: redis:6.2-alpine + - name: elasticsearch:7.17.6 + command: ["elasticsearch", "-E", "discovery.type=single-node", "-E", "xpack.security.enabled=false"] + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0 + alias: zoekt-ci-image + variables: + POSTGRES_HOST_AUTH_METHOD: trust + PG_VERSION: "15" + ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060 + ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070 + .use-pg13-es8-ee: services: - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:postgres-13-pgvector-0.4.1 @@ -341,6 +371,25 @@ ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060 ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070 +.use-pg15-es8-ee: + services: + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:postgres-15-pgvector-0.4.1 + command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] + alias: postgres + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:redis-cluster-6.2.12 + alias: rediscluster # configure connections in config/redis.yml + - name: redis:6.0-alpine + - name: elasticsearch:8.6.2 + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0 + alias: zoekt-ci-image + variables: + POSTGRES_HOST_AUTH_METHOD: trust + PG_VERSION: "15" + ES_SETTING_DISCOVERY_TYPE: "single-node" + ES_SETTING_XPACK_SECURITY_ENABLED: "false" + ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060 + ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070 + .use-pg13-opensearch1-ee: services: - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:postgres-13-pgvector-0.4.1 @@ -417,6 +466,44 @@ ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060 ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070 +.use-pg15-opensearch1-ee: + services: + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:postgres-15-pgvector-0.4.1 + command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] + alias: postgres + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:redis-cluster-6.2.12 + alias: rediscluster # configure connections in config/redis.yml + - name: redis:6.0-alpine + - name: opensearchproject/opensearch:1.3.5 + alias: elasticsearch + command: ["bin/opensearch", "-E", "discovery.type=single-node", "-E", "plugins.security.disabled=true"] + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0 + alias: zoekt-ci-image + variables: + POSTGRES_HOST_AUTH_METHOD: trust + PG_VERSION: "15" + ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060 + ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070 + +.use-pg15-opensearch2-ee: + services: + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:postgres-15-pgvector-0.4.1 + command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] + alias: postgres + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:redis-cluster-6.2.12 + alias: rediscluster # configure connections in config/redis.yml + - name: redis:6.0-alpine + - name: opensearchproject/opensearch:2.2.1 + alias: elasticsearch + command: ["bin/opensearch", "-E", "discovery.type=single-node", "-E", "plugins.security.disabled=true"] + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0 + alias: zoekt-ci-image + variables: + POSTGRES_HOST_AUTH_METHOD: trust + PG_VERSION: "15" + ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060 + ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070 + .use-kaniko: image: name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:kaniko diff --git a/.gitlab/ci/memory.gitlab-ci.yml b/.gitlab/ci/memory.gitlab-ci.yml index 004188b502c..33fbed15a23 100644 --- a/.gitlab/ci/memory.gitlab-ci.yml +++ b/.gitlab/ci/memory.gitlab-ci.yml @@ -20,7 +20,7 @@ memory-on-boot: extends: - .only-code-memory-job-base - .production - - .use-pg13 + - .use-pg14 stage: test needs: ["setup-test-env", "compile-test-assets"] variables: diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml index 9c305503357..f465be5cff3 100644 --- a/.gitlab/ci/rails.gitlab-ci.yml +++ b/.gitlab/ci/rails.gitlab-ci.yml @@ -64,145 +64,145 @@ update-gitaly-binaries-cache: - export BUNDLE_WITHOUT="${BUNDLE_WITHOUT}:default:test:puma:kerberos:metrics:omnibus:ed25519" - bundle_install_script -rspec migration pg13: +rspec migration pg14: extends: - - .rspec-base-pg13 + - .rspec-base-pg14 - .rspec-base-migration - .rails:rules:ee-and-foss-migration - .rspec-migration-parallel -rspec background_migration pg13: +rspec background_migration pg14: extends: - - .rspec-base-pg13 + - .rspec-base-pg14 - .rspec-base-migration - .rails:rules:ee-and-foss-background-migration - .rspec-background-migration-parallel -rspec migration pg13 single-db: +rspec migration pg14 single-db: extends: - - rspec migration pg13 + - rspec migration pg14 - .single-db-rspec - .rails:rules:single-db -rspec background_migration pg13 single-db: +rspec background_migration pg14 single-db: extends: - - rspec background_migration pg13 + - rspec background_migration pg14 - .single-db-rspec - .rails:rules:single-db -rspec migration pg13 single-db-ci-connection: +rspec migration pg14 single-db-ci-connection: extends: - - rspec migration pg13 + - rspec migration pg14 - .single-db-ci-connection-rspec - .rails:rules:single-db-ci-connection -rspec background_migration pg13 single-db-ci-connection: +rspec background_migration pg14 single-db-ci-connection: extends: - - rspec background_migration pg13 + - rspec background_migration pg14 - .single-db-ci-connection-rspec - .rails:rules:single-db-ci-connection -rspec migration pg13 praefect: +rspec migration pg14 praefect: extends: - - rspec migration pg13 + - rspec migration pg14 - .praefect-with-db - .rails:rules:praefect-with-db -rspec background_migration pg13 praefect: +rspec background_migration pg14 praefect: extends: - - rspec background_migration pg13 + - rspec background_migration pg14 - .praefect-with-db - .rails:rules:praefect-with-db -rspec unit pg13: +rspec unit pg14: extends: - - .rspec-base-pg13 + - .rspec-base-pg14 - .rails:rules:ee-and-foss-unit - .rspec-unit-parallel -rspec unit pg13 single-redis: +rspec unit pg14 single-redis: extends: - - rspec unit pg13 + - rspec unit pg14 - .no-redis-cluster - .rails:rules:single-redis -rspec unit pg13 single-db: +rspec unit pg14 single-db: extends: - - rspec unit pg13 + - rspec unit pg14 - .single-db-rspec - .rails:rules:single-db -rspec unit pg13 single-db-ci-connection: +rspec unit pg14 single-db-ci-connection: extends: - - rspec unit pg13 + - rspec unit pg14 - .single-db-ci-connection-rspec - .rails:rules:single-db-ci-connection -rspec unit pg13 praefect: +rspec unit pg14 praefect: extends: - - rspec unit pg13 + - rspec unit pg14 - .praefect-with-db - .rails:rules:praefect-with-db -rspec integration pg13: +rspec integration pg14: extends: - - .rspec-base-pg13 + - .rspec-base-pg14 - .rails:rules:ee-and-foss-integration - .rspec-integration-parallel -rspec integration pg13 single-redis: +rspec integration pg14 single-redis: extends: - - rspec integration pg13 + - rspec integration pg14 - .no-redis-cluster - .rails:rules:single-redis -rspec integration pg13 single-db: +rspec integration pg14 single-db: extends: - - rspec integration pg13 + - rspec integration pg14 - .single-db-rspec - .rails:rules:single-db -rspec integration pg13 single-db-ci-connection: +rspec integration pg14 single-db-ci-connection: extends: - - rspec integration pg13 + - rspec integration pg14 - .single-db-ci-connection-rspec - .rails:rules:single-db-ci-connection -rspec integration pg13 praefect: +rspec integration pg14 praefect: extends: - - rspec integration pg13 + - rspec integration pg14 - .praefect-with-db - .rails:rules:praefect-with-db -rspec system pg13: +rspec system pg14: extends: - - .rspec-base-pg13 + - .rspec-base-pg14 - .rails:rules:ee-and-foss-system - .rspec-system-parallel variables: DEBUG_GITLAB_TRANSACTION_STACK: "true" -rspec system pg13 single-redis: +rspec system pg14 single-redis: extends: - - rspec system pg13 + - rspec system pg14 - .no-redis-cluster - .rails:rules:single-redis -rspec system pg13 single-db: +rspec system pg14 single-db: extends: - - rspec system pg13 + - rspec system pg14 - .single-db-rspec - .rails:rules:single-db -rspec system pg13 single-db-ci-connection: +rspec system pg14 single-db-ci-connection: extends: - - rspec system pg13 + - rspec system pg14 - .single-db-ci-connection-rspec - .rails:rules:single-db-ci-connection -rspec system pg13 praefect: +rspec system pg14 praefect: extends: - - rspec system pg13 + - rspec system pg14 - .praefect-with-db - .rails:rules:praefect-with-db @@ -216,9 +216,19 @@ rspec db-library-code pg12: - !reference [.base-script, script] - rspec_db_library_code -rspec fast_spec_helper: +# Dedicated job to test DB library code against PG13. +# Note that these are already tested against PG13 in the `rspec unit pg13` / `rspec-ee unit pg13` jobs. +rspec db-library-code pg13: extends: - .rspec-base-pg13 + - .rails:rules:ee-and-foss-db-library-code + script: + - !reference [.base-script, script] + - rspec_db_library_code + +rspec fast_spec_helper: + extends: + - .rspec-base-pg14 - .rails:rules:ee-and-foss-fast_spec_helper script: - fast_spec_helper_specs=$(git grep -l -E '^require.*fast_spec_helper') @@ -253,16 +263,16 @@ rspec:deprecations: # We cannot use needs since it would mean needing 84 jobs (since most are parallelized) # so we use `dependencies` here. dependencies: - - rspec migration pg13 - - rspec background_migration pg13 - - rspec unit pg13 - - rspec integration pg13 - - rspec system pg13 - - rspec-ee migration pg13 - - rspec-ee background_migration pg13 - - rspec-ee unit pg13 - - rspec-ee integration pg13 - - rspec-ee system pg13 + - rspec migration pg14 + - rspec background_migration pg14 + - rspec unit pg14 + - rspec integration pg14 + - rspec system pg14 + - rspec-ee migration pg14 + - rspec-ee background_migration pg14 + - rspec-ee unit pg14 + - rspec-ee integration pg14 + - rspec-ee system pg14 variables: SETUP_DB: "false" script: @@ -285,29 +295,29 @@ rspec:coverage: dependencies: - setup-test-env # FOSS/EE jobs - - rspec migration pg13 - - rspec background_migration pg13 - - rspec unit pg13 - - rspec unit pg13 single-redis - - rspec integration pg13 - - rspec integration pg13 single-redis - - rspec system pg13 - - rspec system pg13 single-redis + - rspec migration pg14 + - rspec background_migration pg14 + - rspec unit pg14 + - rspec unit pg14 single-redis + - rspec integration pg14 + - rspec integration pg14 single-redis + - rspec system pg14 + - rspec system pg14 single-redis # as-if-foss jobs - - rspec migration pg13-as-if-foss - - rspec background_migration pg13-as-if-foss - - rspec unit pg13-as-if-foss - - rspec integration pg13-as-if-foss - - rspec system pg13-as-if-foss + - rspec migration pg14-as-if-foss + - rspec background_migration pg14-as-if-foss + - rspec unit pg14-as-if-foss + - rspec integration pg14-as-if-foss + - rspec system pg14-as-if-foss # EE jobs - - rspec-ee migration pg13 - - rspec-ee background_migration pg13 - - rspec-ee unit pg13 - - rspec-ee unit pg13 single-redis - - rspec-ee integration pg13 - - rspec-ee integration pg13 single-redis - - rspec-ee system pg13 - - rspec-ee system pg13 single-redis + - rspec-ee migration pg14 + - rspec-ee background_migration pg14 + - rspec-ee unit pg14 + - rspec-ee unit pg14 single-redis + - rspec-ee integration pg14 + - rspec-ee integration pg14 single-redis + - rspec-ee system pg14 + - rspec-ee system pg14 single-redis # Memory jobs - memory-on-boot script: @@ -437,232 +447,232 @@ rspec-ee:predictive:trigger: - artifact: "${RSPEC_PREDICTIVE_PIPELINE_TEMPLATE_YML}-ee.yml" job: rspec-predictive:pipeline-generate -rspec migration pg13-as-if-foss: +rspec migration pg14-as-if-foss: extends: - - .rspec-base-pg13-as-if-foss + - .rspec-base-pg14-as-if-foss - .rspec-base-migration - .rails:rules:as-if-foss-migration - .rspec-migration-parallel -rspec background_migration pg13-as-if-foss: +rspec background_migration pg14-as-if-foss: extends: - - .rspec-base-pg13-as-if-foss + - .rspec-base-pg14-as-if-foss - .rspec-base-migration - .rails:rules:as-if-foss-background-migration - .rspec-background-migration-parallel -rspec migration pg13-as-if-foss single-db: +rspec migration pg14-as-if-foss single-db: extends: - - rspec migration pg13-as-if-foss + - rspec migration pg14-as-if-foss - .single-db-rspec - .rails:rules:single-db -rspec background_migration pg13-as-if-foss single-db: +rspec background_migration pg14-as-if-foss single-db: extends: - - rspec background_migration pg13-as-if-foss + - rspec background_migration pg14-as-if-foss - .single-db-rspec - .rails:rules:single-db -rspec migration pg13-as-if-foss single-db-ci-connection: +rspec migration pg14-as-if-foss single-db-ci-connection: extends: - - rspec migration pg13-as-if-foss + - rspec migration pg14-as-if-foss - .single-db-ci-connection-rspec - .rails:rules:single-db-ci-connection -rspec background_migration pg13-as-if-foss single-db-ci-connection: +rspec background_migration pg14-as-if-foss single-db-ci-connection: extends: - - rspec background_migration pg13-as-if-foss + - rspec background_migration pg14-as-if-foss - .single-db-ci-connection-rspec - .rails:rules:single-db-ci-connection -rspec unit pg13-as-if-foss: +rspec unit pg14-as-if-foss: extends: - - .rspec-base-pg13-as-if-foss + - .rspec-base-pg14-as-if-foss - .rails:rules:as-if-foss-unit - .rspec-unit-parallel -rspec unit pg13-as-if-foss single-db: +rspec unit pg14-as-if-foss single-db: extends: - - rspec unit pg13-as-if-foss + - rspec unit pg14-as-if-foss - .single-db-rspec - .rails:rules:single-db -rspec unit pg13-as-if-foss single-db-ci-connection: +rspec unit pg14-as-if-foss single-db-ci-connection: extends: - - rspec unit pg13-as-if-foss + - rspec unit pg14-as-if-foss - .single-db-ci-connection-rspec - .rails:rules:single-db-ci-connection -rspec integration pg13-as-if-foss: +rspec integration pg14-as-if-foss: extends: - - .rspec-base-pg13-as-if-foss + - .rspec-base-pg14-as-if-foss - .rails:rules:as-if-foss-integration - .rspec-integration-parallel -rspec integration pg13-as-if-foss single-db: +rspec integration pg14-as-if-foss single-db: extends: - - rspec integration pg13-as-if-foss + - rspec integration pg14-as-if-foss - .single-db-rspec - .rails:rules:single-db -rspec integration pg13-as-if-foss single-db-ci-connection: +rspec integration pg14-as-if-foss single-db-ci-connection: extends: - - rspec integration pg13-as-if-foss + - rspec integration pg14-as-if-foss - .single-db-ci-connection-rspec - .rails:rules:single-db-ci-connection -rspec system pg13-as-if-foss: +rspec system pg14-as-if-foss: extends: - - .rspec-base-pg13-as-if-foss + - .rspec-base-pg14-as-if-foss - .rails:rules:as-if-foss-system - .rspec-system-parallel -rspec system pg13-as-if-foss single-db: +rspec system pg14-as-if-foss single-db: extends: - - rspec system pg13-as-if-foss + - rspec system pg14-as-if-foss - .single-db-rspec - .rails:rules:single-db -rspec system pg13-as-if-foss single-db-ci-connection: +rspec system pg14-as-if-foss single-db-ci-connection: extends: - - rspec system pg13-as-if-foss + - rspec system pg14-as-if-foss - .single-db-ci-connection-rspec - .rails:rules:single-db-ci-connection -rspec-ee migration pg13: +rspec-ee migration pg14: extends: - - .rspec-ee-base-pg13 + - .rspec-ee-base-pg14 - .rspec-base-migration - .rails:rules:ee-only-migration - .rspec-ee-migration-parallel -rspec-ee background_migration pg13: +rspec-ee background_migration pg14: extends: - - .rspec-ee-base-pg13 + - .rspec-ee-base-pg14 - .rspec-base-migration - .rails:rules:ee-only-background-migration - .rspec-ee-background-migration-parallel -rspec-ee migration pg13 single-db: +rspec-ee migration pg14 single-db: extends: - - rspec-ee migration pg13 + - rspec-ee migration pg14 - .single-db-rspec - .rails:rules:single-db -rspec-ee background_migration pg13 single-db: +rspec-ee background_migration pg14 single-db: extends: - - rspec-ee background_migration pg13 + - rspec-ee background_migration pg14 - .single-db-rspec - .rails:rules:single-db -rspec-ee migration pg13 single-db-ci-connection: +rspec-ee migration pg14 single-db-ci-connection: extends: - - rspec-ee migration pg13 + - rspec-ee migration pg14 - .single-db-ci-connection-rspec - .rails:rules:single-db-ci-connection -rspec-ee background_migration pg13 single-db-ci-connection: +rspec-ee background_migration pg14 single-db-ci-connection: extends: - - rspec-ee background_migration pg13 + - rspec-ee background_migration pg14 - .single-db-ci-connection-rspec - .rails:rules:single-db-ci-connection -rspec-ee migration pg13 praefect: +rspec-ee migration pg14 praefect: extends: - - rspec migration pg13 + - rspec migration pg14 - .praefect-with-db - .rails:rules:praefect-with-db -rspec-ee background_migration pg13 praefect: +rspec-ee background_migration pg14 praefect: extends: - - rspec background_migration pg13 + - rspec background_migration pg14 - .praefect-with-db - .rails:rules:praefect-with-db -rspec-ee unit pg13: +rspec-ee unit pg14: extends: - - .rspec-ee-base-pg13 + - .rspec-ee-base-pg14 - .rails:rules:ee-only-unit - .rspec-ee-unit-parallel -rspec-ee unit pg13 es8: +rspec-ee unit pg14 es8: extends: - - .rspec-ee-base-pg13-es8 + - .rspec-ee-base-pg14-es8 - .rspec-ee-unit-parallel -rspec-ee unit pg13 single-db: +rspec-ee unit pg14 single-db: extends: - - rspec-ee unit pg13 + - rspec-ee unit pg14 - .single-db-rspec - .rails:rules:single-db -rspec-ee unit pg13 single-redis: +rspec-ee unit pg14 single-redis: extends: - - rspec-ee unit pg13 + - rspec-ee unit pg14 - .no-redis-cluster - .rails:rules:single-redis -rspec-ee unit pg13 single-db-ci-connection: +rspec-ee unit pg14 single-db-ci-connection: extends: - - rspec-ee unit pg13 + - rspec-ee unit pg14 - .single-db-ci-connection-rspec - .rails:rules:single-db-ci-connection -rspec-ee integration pg13: +rspec-ee integration pg14: extends: - - .rspec-ee-base-pg13 + - .rspec-ee-base-pg14 - .rails:rules:ee-only-integration - .rspec-ee-integration-parallel -rspec-ee integration pg13 es8: +rspec-ee integration pg14 es8: extends: - - .rspec-ee-base-pg13-es8 + - .rspec-ee-base-pg14-es8 - .rspec-ee-integration-parallel -rspec-ee integration pg13 single-db: +rspec-ee integration pg14 single-db: extends: - - rspec-ee integration pg13 + - rspec-ee integration pg14 - .single-db-rspec - .rails:rules:single-db -rspec-ee integration pg13 single-redis: +rspec-ee integration pg14 single-redis: extends: - - rspec-ee integration pg13 + - rspec-ee integration pg14 - .no-redis-cluster - .rails:rules:single-redis -rspec-ee integration pg13 single-db-ci-connection: +rspec-ee integration pg14 single-db-ci-connection: extends: - - rspec-ee integration pg13 + - rspec-ee integration pg14 - .single-db-ci-connection-rspec - .rails:rules:single-db-ci-connection -rspec-ee system pg13: +rspec-ee system pg14: extends: - - .rspec-ee-base-pg13 + - .rspec-ee-base-pg14 - .rails:rules:ee-only-system - .rspec-ee-system-parallel -rspec-ee system pg13 es8: +rspec-ee system pg14 es8: extends: - - .rspec-ee-base-pg13-es8 + - .rspec-ee-base-pg14-es8 - .rspec-ee-system-parallel -rspec-ee system pg13 single-db: +rspec-ee system pg14 single-db: extends: - - rspec-ee system pg13 + - rspec-ee system pg14 - .single-db-rspec - .rails:rules:single-db -rspec-ee system pg13 single-redis: +rspec-ee system pg14 single-redis: extends: - - rspec-ee system pg13 + - rspec-ee system pg14 - .no-redis-cluster - .rails:rules:single-redis -rspec-ee system pg13 single-db-ci-connection: +rspec-ee system pg14 single-db-ci-connection: extends: - - rspec-ee system pg13 + - rspec-ee system pg14 - .single-db-ci-connection-rspec - .rails:rules:single-db-ci-connection # EE: default refs (MRs, default branch, schedules) jobs # @@ -704,36 +714,69 @@ rspec system pg12: - .rails:rules:rspec-on-pg12 - .rspec-system-parallel -# PG14 -rspec migration pg14: +# PG13 +rspec migration pg13: extends: - - .rspec-base-pg14 + - .rspec-base-pg13 - .rspec-base-migration - .rails:rules:default-branch-schedule-nightly--code-backstage - .rspec-migration-parallel -rspec background_migration pg14: +rspec background_migration pg13: extends: - - .rspec-base-pg14 + - .rspec-base-pg13 - .rspec-base-migration - .rails:rules:default-branch-schedule-nightly--code-backstage - .rspec-background-migration-parallel -rspec unit pg14: +rspec unit pg13: extends: - - .rspec-base-pg14 + - .rspec-base-pg13 - .rails:rules:default-branch-schedule-nightly--code-backstage - .rspec-unit-parallel -rspec integration pg14: +rspec integration pg13: extends: - - .rspec-base-pg14 + - .rspec-base-pg13 - .rails:rules:default-branch-schedule-nightly--code-backstage - .rspec-integration-parallel -rspec system pg14: +rspec system pg13: extends: - - .rspec-base-pg14 + - .rspec-base-pg13 + - .rails:rules:default-branch-schedule-nightly--code-backstage + - .rspec-system-parallel + +# PG15 +rspec migration pg15: + extends: + - .rspec-base-pg15 + - .rspec-base-migration + - .rails:rules:default-branch-schedule-nightly--code-backstage + - .rspec-migration-parallel + +rspec background_migration pg15: + extends: + - .rspec-base-pg15 + - .rspec-base-migration + - .rails:rules:default-branch-schedule-nightly--code-backstage + - .rspec-background-migration-parallel + +rspec unit pg15: + extends: + - .rspec-base-pg15 + - .rails:rules:default-branch-schedule-nightly--code-backstage + - .rspec-unit-parallel + +rspec integration pg15: + extends: + - .rspec-base-pg15 + - .rails:rules:default-branch-schedule-nightly--code-backstage + - .rspec-integration-parallel + +rspec system pg15: + extends: + - .rspec-base-pg15 - .rails:rules:default-branch-schedule-nightly--code-backstage - .rspec-system-parallel # EE/FOSS: default branch nightly scheduled jobs # @@ -843,51 +886,88 @@ rspec-ee system pg14 opensearch2: - .rspec-ee-system-parallel - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only -rspec-ee migration pg14: +# PG15 +rspec-ee unit pg15 opensearch1: extends: - - .rspec-ee-base-pg14 + - .rspec-ee-base-pg15-opensearch1 + - .rspec-ee-unit-parallel + - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only + +rspec-ee unit pg15 opensearch2: + extends: + - .rspec-ee-base-pg15-opensearch2 + - .rspec-ee-unit-parallel + - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only + +rspec-ee integration pg15 opensearch1: + extends: + - .rspec-ee-base-pg15-opensearch1 + - .rspec-ee-integration-parallel + - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only + +rspec-ee integration pg15 opensearch2: + extends: + - .rspec-ee-base-pg15-opensearch2 + - .rspec-ee-integration-parallel + - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only + +rspec-ee system pg15 opensearch1: + extends: + - .rspec-ee-base-pg15-opensearch1 + - .rspec-ee-system-parallel + - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only + +rspec-ee system pg15 opensearch2: + extends: + - .rspec-ee-base-pg15-opensearch2 + - .rspec-ee-system-parallel + - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only + +rspec-ee migration pg15: + extends: + - .rspec-ee-base-pg15 - .rspec-base-migration - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only - .rspec-ee-migration-parallel -rspec-ee background_migration pg14: +rspec-ee background_migration pg15: extends: - - .rspec-ee-base-pg14 + - .rspec-ee-base-pg15 - .rspec-base-migration - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only - .rspec-ee-background-migration-parallel -rspec-ee unit pg14: +rspec-ee unit pg15: extends: - - .rspec-ee-base-pg14 + - .rspec-ee-base-pg15 - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only - .rspec-ee-unit-parallel -rspec-ee unit pg14 es8: +rspec-ee unit pg15 es8: extends: - - .rspec-ee-base-pg14-es8 + - .rspec-ee-base-pg15-es8 - .rspec-ee-unit-parallel -rspec-ee integration pg14: +rspec-ee integration pg15: extends: - - .rspec-ee-base-pg14 + - .rspec-ee-base-pg15 - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only - .rspec-ee-integration-parallel -rspec-ee integration pg14 es8: +rspec-ee integration pg15 es8: extends: - - .rspec-ee-base-pg14-es8 + - .rspec-ee-base-pg15-es8 - .rspec-ee-integration-parallel -rspec-ee system pg14: +rspec-ee system pg15: extends: - - .rspec-ee-base-pg14 + - .rspec-ee-base-pg15 - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only - .rspec-ee-system-parallel -rspec-ee system pg14 es8: +rspec-ee system pg15 es8: extends: - - .rspec-ee-base-pg14-es8 + - .rspec-ee-base-pg15-es8 - .rspec-ee-system-parallel # EE: default branch nightly scheduled jobs # ##################################### @@ -905,14 +985,14 @@ rspec-ee system pg14 es8: rspec fail-fast: extends: - - .rspec-base-pg13 - - .rspec-fail-fast # extends from .rspec-fail-fast last to override script from .rspec-base-pg13 + - .rspec-base-pg14 + - .rspec-fail-fast # extends from .rspec-fail-fast last to override script from .rspec-base-pg14 variables: MATCHING_TESTS_PATH: "${RSPEC_MATCHING_TESTS_FOSS_PATH}" rspec-ee fail-fast: extends: - - .rspec-ee-base-pg13 + - .rspec-ee-base-pg14 - .rspec-fail-fast # extends from .rspec-fail-fast last to override script from .rspec-ee-base-pg13 variables: MATCHING_TESTS_PATH: "${RSPEC_MATCHING_TESTS_EE_PATH}" @@ -969,7 +1049,7 @@ fail-pipeline-early: script: - fail_pipeline_early -.base-rspec-pg13-rerun-previous-failed-tests: +.base-rspec-pg14-rerun-previous-failed-tests: extends: - .rails:rules:rerun-previous-failed-tests stage: test @@ -978,17 +1058,17 @@ fail-pipeline-early: - !reference [.base-script, script] - rspec_rerun_previous_failed_tests "${PREVIOUS_FAILED_TESTS_FILE}" -rspec rspec-pg13-rerun-previous-failed-tests: +rspec rspec-pg14-rerun-previous-failed-tests: extends: - - .rspec-base-pg13 - - .base-rspec-pg13-rerun-previous-failed-tests + - .rspec-base-pg14 + - .base-rspec-pg14-rerun-previous-failed-tests variables: PREVIOUS_FAILED_TESTS_FILE: tmp/previous_failed_tests/rspec_failed_tests.txt -rspec rspec-ee-pg13-rerun-previous-failed-tests: +rspec rspec-ee-pg14-rerun-previous-failed-tests: extends: - - .rspec-ee-base-pg13 - - .base-rspec-pg13-rerun-previous-failed-tests + - .rspec-ee-base-pg14 + - .base-rspec-pg14-rerun-previous-failed-tests variables: PREVIOUS_FAILED_TESTS_FILE: tmp/previous_failed_tests/rspec_ee_failed_files.txt # EE: Canonical MR pipelines diff --git a/.gitlab/ci/rails/rspec-foss-impact.gitlab-ci.yml.erb b/.gitlab/ci/rails/rspec-foss-impact.gitlab-ci.yml.erb index 84aa67de4c9..dc469c30207 100644 --- a/.gitlab/ci/rails/rspec-foss-impact.gitlab-ci.yml.erb +++ b/.gitlab/ci/rails/rspec-foss-impact.gitlab-ci.yml.erb @@ -22,7 +22,7 @@ dont-interrupt-me: - echo "This jobs makes sure this pipeline won't be interrupted! See https://docs.gitlab.com/ee/ci/yaml/#interruptible." .base-rspec-foss-impact: - extends: .rspec-base-pg13-as-if-foss + extends: .rspec-base-pg14-as-if-foss needs: - pipeline: $PARENT_PIPELINE_ID job: detect-tests diff --git a/.gitlab/ci/rails/shared.gitlab-ci.yml b/.gitlab/ci/rails/shared.gitlab-ci.yml index 618c4e3b654..c0ea7d7078a 100644 --- a/.gitlab/ci/rails/shared.gitlab-ci.yml +++ b/.gitlab/ci/rails/shared.gitlab-ci.yml @@ -109,11 +109,16 @@ include: - .rspec-base - .use-pg13 -.rspec-base-pg13-as-if-foss: +.rspec-base-pg14: + extends: + - .rspec-base + - .use-pg14 + +.rspec-base-pg14-as-if-foss: extends: - .rspec-base - .as-if-foss - - .use-pg13 + - .use-pg14 needs: - job: "setup-test-env" - job: "retrieve-tests-metadata" @@ -121,10 +126,10 @@ include: - job: "detect-tests" optional: true -.rspec-base-pg14: +.rspec-base-pg15: extends: - .rspec-base - - .use-pg14 + - .use-pg15 .rspec-ee-base-pg12: extends: @@ -177,11 +182,34 @@ include: - .use-pg14-opensearch2-ee - .rails:rules:run-search-tests +.rspec-ee-base-pg15: + extends: + - .rspec-base + - .use-pg15-es7-ee + +.rspec-ee-base-pg15-es8: + extends: + - .rspec-base + - .use-pg15-es8-ee + - .rails:rules:run-search-tests + +.rspec-ee-base-pg15-opensearch1: + extends: + - .rspec-base + - .use-pg15-opensearch1-ee + - .rails:rules:run-search-tests + +.rspec-ee-base-pg15-opensearch2: + extends: + - .rspec-base + - .use-pg15-opensearch2-ee + - .rails:rules:run-search-tests + .db-job-base: extends: - .rails-job-base - .rails:rules:ee-and-foss-migration - - .use-pg13 + - .use-pg14 stage: test needs: ["setup-test-env"] # rspec job base specs diff --git a/.gitlab/ci/setup.gitlab-ci.yml b/.gitlab/ci/setup.gitlab-ci.yml index a9047522413..85409d37fa4 100644 --- a/.gitlab/ci/setup.gitlab-ci.yml +++ b/.gitlab/ci/setup.gitlab-ci.yml @@ -83,7 +83,7 @@ verify-approvals: generate-frontend-fixtures-mapping: extends: - .setup:rules:generate-frontend-fixtures-mapping - - .use-pg13 + - .use-pg14 - .ruby-cache needs: ["setup-test-env"] stage: prepare diff --git a/.gitlab/ci/static-analysis.gitlab-ci.yml b/.gitlab/ci/static-analysis.gitlab-ci.yml index b9c9200d78b..3d030026e90 100644 --- a/.gitlab/ci/static-analysis.gitlab-ci.yml +++ b/.gitlab/ci/static-analysis.gitlab-ci.yml @@ -45,7 +45,7 @@ static-verification-with-database: - .static-analysis-base - .rubocop-job-cache - .static-analysis:rules:static-verification-with-database - - .use-pg13 + - .use-pg14 script: - bundle exec rake lint:static_verification_with_database variables: diff --git a/.gitlab/ci/test-metadata.gitlab-ci.yml b/.gitlab/ci/test-metadata.gitlab-ci.yml index 41fd0b49173..3f06fcbce40 100644 --- a/.gitlab/ci/test-metadata.gitlab-ci.yml +++ b/.gitlab/ci/test-metadata.gitlab-ci.yml @@ -32,17 +32,17 @@ update-tests-metadata: - retrieve-tests-metadata - generate-frontend-fixtures-mapping - setup-test-env - - rspec migration pg13 + - rspec migration pg14 - rspec-all frontend_fixture - - rspec unit pg13 - - rspec integration pg13 - - rspec system pg13 - - rspec background_migration pg13 - - rspec-ee migration pg13 - - rspec-ee unit pg13 - - rspec-ee integration pg13 - - rspec-ee system pg13 - - rspec-ee background_migration pg13 + - rspec unit pg14 + - rspec integration pg14 + - rspec system pg14 + - rspec background_migration pg14 + - rspec-ee migration pg14 + - rspec-ee unit pg14 + - rspec-ee integration pg14 + - rspec-ee system pg14 + - rspec-ee background_migration pg14 script: - run_timed_command "retry gem install fog-aws mime-types activesupport rspec_profiling postgres-copy --no-document" - source ./scripts/rspec_helpers.sh diff --git a/.gitlab/issue_templates/Pipeline Security issue implementation b/.gitlab/issue_templates/Pipeline Security issue implementation new file mode 100644 index 00000000000..72807e98012 --- /dev/null +++ b/.gitlab/issue_templates/Pipeline Security issue implementation @@ -0,0 +1,98 @@ +<!-- +## Implementation Issue To-Do list +(_NOTE: This section can be removed when the issue is ready for creation_) +- [ ] Ensure that the issue title is concise yet descriptive. +- [ ] Add `Frontend :` or `Backend :` to the title per group [naming conventions](https://about.gitlab.com/handbook/engineering/development/ops/verify/pipeline-security/#splitting-issues) +- [ ] Ensure the issue containing the feature or change proposal and related discussions is linked as related to this implementation issue. +- [ ] Aside from default labeling, please make sure to include relevant labels for `~type::`, `~workflow::`, and `~frontend` or `~backend`. +- [ ] Issues with user-facing changes should include the `~UX` label, and `~documentation` if docs changes will be required. + +*This template is meant to be a reference tool. Not all sections are applicable to each feature, bug, or maintenance item. Use your best judgment when completion the sections below.* +--> + +## Summary +<!-- Briefly describe the issue. --> + + +### Why this matters and how we measure +<!-- What is the value to the customer or our business? Does this align with our OKRs? If we need to create or update existing instrumentation, please note here. --> + +### User Stories +<!-- +A user story is a requirement for any functionality or feature and follows this format: + +- _As a `<user role/customer>`, I want to `<JTBD>` so that I can `<achieve a benefit or result>`._ + +Please try to include one user story for the main [persona](https://about.gitlab.com/handbook/product/personas/#list-of-user-personas) who needs this feature. +--> + + +## Proposal +<!-- Try to keep the proposal limited in scope. Plan for iterations, create follow up issues as required and add them as related. --> + +## Performance Considerations +<!-- Performance concerns to be aware of and monitor when implementing the issue.--> + +## Out of Scope +<!-- Include this section for specific use cases that are out of scope / out of bounds for this specific issue. --> + +## Acceptance Criteria +<!-- This needs to be true or demonstrable to consider this specific issue complete. Keep this dependent on other issues when possible --> + +## Additional details +<!-- +_NOTE: If the issue has addressed all of these questions, this separate section can be removed._ +--> + +Some relevant technical details, if applicable, such as: + +- Does this need a ~"feature flag"? +- Does there need to be an associated ~"instrumentation" issue created related to this work? +- Is there an example response showing the data structure that should be returned (new endpoints only)? +- What permissions should be used? +- Which tier(s) is this for? + - [ ] ~"GitLab Ultimate" + - [ ] ~"GitLab Premium" + - [ ] ~"GitLab Free" +- Additional comments: + +## Implementation Table + +<!-- +_NOTE: Use this to indicate all dependent issues related to this one which are required for launch._ +--> + + +| Group | Issue Link | +| ------ | ------ | +| ~backend | :point_left: You are here | +| ~frontend | [Issue Title](url) | +| ~documentation | [Issue Title](url) | +| Instrumentation | [Issue Title](url) | + +<!-- +## Documentation + +_NOTE: This section is optional, but can be used for easy access to any relevant documentation URLs._ +--> + +## Links/References + + + + +/label ~"group::pipeline security" +/milestone %Backlog + +<!-- select the correct category (and feature label if applicable) below: +/label ~"category:Build Artifacts" +/label ~"category:Secrets Management" +/label ~"ci variables" +/label ~"ci job token" +--> + +<!-- select the appropriate licence below (Use the highest tier applicable): +/label ~"GitLab Ultimate" +/label ~"GitLab Premium" +/label ~"GitLab Free" +--> |