diff options
Diffstat (limited to '.gitlab/ci')
22 files changed, 683 insertions, 194 deletions
diff --git a/.gitlab/ci/audit_event_types.gitlab-ci.yml b/.gitlab/ci/audit_event_types.gitlab-ci.yml new file mode 100644 index 00000000000..f079a3b55e1 --- /dev/null +++ b/.gitlab/ci/audit_event_types.gitlab-ci.yml @@ -0,0 +1,12 @@ +audit-event-types-verify: + variables: + SETUP_DB: "false" + extends: + - .default-retry + - .ruby-cache + - .default-before_script + - .audit-event-types:rules:audit-event-types-verify + stage: lint + needs: [] + script: + - bundle exec rake gitlab:audit_event_types:check_docs diff --git a/.gitlab/ci/benchmark.gitlab-ci.yml b/.gitlab/ci/benchmark.gitlab-ci.yml index 5949a9cd6a9..afad54cb84b 100644 --- a/.gitlab/ci/benchmark.gitlab-ci.yml +++ b/.gitlab/ci/benchmark.gitlab-ci.yml @@ -11,6 +11,7 @@ benchmark-markdown: - section_start "gitaly-test-spawn" "Spawning Gitaly"; scripts/gitaly-test-spawn; section_end "gitaly-test-spawn"; # Do not use 'bundle exec' here - bundle exec rake benchmark:banzai &> benchmark-markdown.txt artifacts: + expire_in: 30 days when: always paths: - benchmark-markdown.txt diff --git a/.gitlab/ci/cng/main.gitlab-ci.yml b/.gitlab/ci/cng/main.gitlab-ci.yml index 325b06d59cd..208567f569b 100644 --- a/.gitlab/ci/cng/main.gitlab-ci.yml +++ b/.gitlab/ci/cng/main.gitlab-ci.yml @@ -9,7 +9,7 @@ stages: include: - local: .gitlab/ci/global.gitlab-ci.yml -review-build-cng-env: +.review-build-cng-env: image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}-alpine3.16 stage: prepare needs: @@ -34,7 +34,7 @@ review-build-cng-env: expire_in: 7 days when: always -review-build-cng: +.review-build-cng: stage: prepare inherit: variables: false @@ -56,6 +56,6 @@ review-build-cng: GITALY_SERVER_VERSION: "${GITALY_SERVER_VERSION}" RUBY_VERSION: "${FULL_RUBY_VERSION}" trigger: - project: gitlab-org/build/CNG-mirror + project: ${CI_PROJECT_NAMESPACE}/build/CNG-mirror branch: $TRIGGER_BRANCH strategy: depend diff --git a/.gitlab/ci/docs.gitlab-ci.yml b/.gitlab/ci/docs.gitlab-ci.yml index 6ad916d919a..6aad4de64bd 100644 --- a/.gitlab/ci/docs.gitlab-ci.yml +++ b/.gitlab/ci/docs.gitlab-ci.yml @@ -42,7 +42,7 @@ review-docs-cleanup: docs-lint links: extends: - .docs:rules:docs-lint - image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-docs/lint-html:alpine-3.18-ruby-3.2.2-4207821e + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-docs/lint-html:alpine-3.18-ruby-3.2.2-6a53d93b stage: lint needs: [] script: diff --git a/.gitlab/ci/frontend.gitlab-ci.yml b/.gitlab/ci/frontend.gitlab-ci.yml index 279a7067a74..f103032ee69 100644 --- a/.gitlab/ci/frontend.gitlab-ci.yml +++ b/.gitlab/ci/frontend.gitlab-ci.yml @@ -3,7 +3,7 @@ - .default-retry - .default-before_script - .assets-compile-cache - image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-node-18.16:rubygems-${RUBYGEMS_VERSION}-git-2.33-lfs-2.9-yarn-1.22-graphicsmagick-1.3.36 + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-node-18.17:rubygems-${RUBYGEMS_VERSION}-git-2.33-lfs-2.9-yarn-1.22-graphicsmagick-1.3.36 variables: SETUP_DB: "false" WEBPACK_VENDOR_DLL: "true" @@ -31,6 +31,10 @@ - assets_compile_script - echo -n "${GITLAB_ASSETS_HASH}" > "cached-assets-hash.txt" +.update-cache-base: + after_script: + - yarn patch-package --reverse # To avoid caching patched modules + compile-production-assets: extends: - .compile-assets-base @@ -47,8 +51,6 @@ compile-production-assets: - public/assets/ - "${WEBPACK_COMPILE_LOG_PATH}" when: always - after_script: - - rm -f /etc/apt/sources.list.d/google*.list # We don't need to update Chrome here compile-production-assets as-if-foss: extends: @@ -77,6 +79,7 @@ compile-test-assets as-if-foss: update-assets-compile-production-cache: extends: - compile-production-assets + - .update-cache-base - .assets-compile-cache-push - .shared:rules:update-cache stage: prepare @@ -85,18 +88,17 @@ update-assets-compile-production-cache: update-assets-compile-test-cache: extends: - compile-test-assets + - .update-cache-base - .assets-compile-cache-push - .shared:rules:update-cache stage: prepare - script: - - !reference [compile-test-assets, script] - - echo -n "${GITLAB_ASSETS_HASH}" > "cached-assets-hash.txt" artifacts: {} # This job's purpose is only to update the cache. update-storybook-yarn-cache: extends: - .default-retry - .default-utils-before_script + - .update-cache-base - .storybook-yarn-cache-push - .shared:rules:update-cache stage: prepare @@ -121,6 +123,7 @@ retrieve-frontend-fixtures: run_timed_command "download_and_extract_fixtures" fi artifacts: + expire_in: 30 days paths: - tmp/tests/frontend/ @@ -216,6 +219,7 @@ graphql-schema-dump: script: - bundle exec rake gitlab:graphql:schema:dump artifacts: + expire_in: 30 days name: graphql-schema paths: - tmp/tests/graphql/gitlab_schema.graphql diff --git a/.gitlab/ci/gitlab-gems.gitlab-ci.yml b/.gitlab/ci/gitlab-gems.gitlab-ci.yml index eb0c8b8536e..1ee08c4ab85 100644 --- a/.gitlab/ci/gitlab-gems.gitlab-ci.yml +++ b/.gitlab/ci/gitlab-gems.gitlab-ci.yml @@ -20,3 +20,9 @@ include: - local: .gitlab/ci/templates/gem.gitlab-ci.yml inputs: gem_name: "rspec_flaky" + - local: .gitlab/ci/templates/gem.gitlab-ci.yml + inputs: + gem_name: "gitlab-safe_request_store" + - local: .gitlab/ci/templates/gem.gitlab-ci.yml + inputs: + gem_name: "csv_builder" diff --git a/.gitlab/ci/global.gitlab-ci.yml b/.gitlab/ci/global.gitlab-ci.yml index c501d930352..dd615fe5e9d 100644 --- a/.gitlab/ci/global.gitlab-ci.yml +++ b/.gitlab/ci/global.gitlab-ci.yml @@ -4,7 +4,6 @@ when: - api_failure - data_integrity_failure - - job_execution_timeout - runner_system_failure - scheduler_failure - stuck_or_timeout_failure @@ -37,7 +36,17 @@ .ruby-gems-cache-push: &ruby-gems-cache-push <<: *ruby-gems-cache - policy: push # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up. + policy: push # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up. + +.ruby-coverage-gems-cache: &ruby-coverage-gems-cache + key: "ruby-coverage-gems-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}" + paths: + - vendor/ruby/ + policy: pull + +.ruby-coverage-gems-cache-push: &ruby-coverage-gems-cache-push + <<: *ruby-coverage-gems-cache + policy: push # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up. .gitaly-binaries-cache: &gitaly-binaries-cache key: @@ -162,6 +171,15 @@ - *ruby-gems-cache # We don't push this cache as it's already rebuilt by `update-setup-test-env-cache` - *rubocop-cache-push +.ruby-gems-coverage-cache: + cache: + - *ruby-coverage-gems-cache + +.ruby-gems-coverage-cache-push: + cache: + - *ruby-coverage-gems-cache-push + +# This cache should eventually be replaced by .ruby-gems-coverage-cache. .coverage-cache: cache: - *ruby-gems-cache @@ -213,6 +231,12 @@ - *node-modules-cache # We don't push this cache as it's already rebuilt by `update-assets-compile-*-cache` - *storybook-node-modules-cache-push +.redis-services: + services: + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:redis-cluster-6.2.12 + alias: rediscluster # configure connections in config/redis.yml + - name: redis:${REDIS_VERSION}-alpine + .pg-base-variables: variables: POSTGRES_HOST_AUTH_METHOD: trust @@ -222,179 +246,227 @@ - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:postgres-${PG_VERSION}-pgvector-0.4.1 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off", "-c", "max_locks_per_transaction=256"] alias: postgres - - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:redis-cluster-6.2.12 - alias: rediscluster # configure connections in config/redis.yml + - !reference [.redis-services, services] -.db-services-with-redis-6: +.db-services-with-auto-explain: services: - - !reference [.db-services, services] - - name: redis:6.2-alpine + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:postgres-${PG_VERSION}-pgvector-0.4.1 + command: + - postgres + - -c + - fsync=off + - -c + - synchronous_commit=off + - -c + - full_page_writes=off + - -c + - max_locks_per_transaction=256 + - -c + - log_filename=pglog + - -c + - log_destination=csvlog + - -c + - logging_collector=true + - -c + - auto_explain.log_min_duration=0 + - -c + - auto_explain.log_format=json + - -c + - auto_explain.log_timing=off + alias: postgres + - !reference [.redis-services, services] + +.zoekt-variables: + variables: + ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060 + ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070 -.db-services-with-redis-7: +.zoekt-services: services: - - !reference [.db-services, services] - - name: redis:7.0-alpine + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.2 + alias: zoekt-ci-image .use-pg12: extends: - .pg-base-variables - - .db-services-with-redis-6 + services: + - !reference [.db-services, services] variables: PG_VERSION: "12" + REDIS_VERSION: "6.2" .use-pg13: extends: - .pg-base-variables - - .db-services-with-redis-6 + services: + - !reference [.db-services, services] variables: PG_VERSION: "13" + REDIS_VERSION: "6.2" .use-pg14: extends: - .pg-base-variables - - .db-services-with-redis-6 + services: + - !reference [.db-services-with-auto-explain, services] variables: PG_VERSION: "14" + REDIS_VERSION: "6.2" .use-pg15: extends: - .pg-base-variables - - .db-services-with-redis-7 + services: + - !reference [.db-services-with-auto-explain, services] variables: PG_VERSION: "15" + REDIS_VERSION: "7.0" -.zoekt-variables: - variables: - ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060 - ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070 - -.zoekt-services: - services: - - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.1 - alias: zoekt-ci-image - -.es7-base: - extends: - - .pg-base-variables - - .zoekt-variables +.es7-services: services: - - !reference [.db-services-with-redis-6, services] - !reference [.zoekt-services, services] - name: elasticsearch:7.17.6 - command: ["elasticsearch", "-E", "discovery.type=single-node", "-E", "xpack.security.enabled=false"] + command: ["elasticsearch", "-E", "discovery.type=single-node", "-E", "xpack.security.enabled=false", "-E", "cluster.routing.allocation.disk.threshold_enabled=false"] .use-pg12-es7-ee: - extends: .es7-base - variables: - PG_VERSION: "12" + extends: + - .use-pg12 + - .zoekt-variables + services: + - !reference [.db-services, services] + - !reference [.es7-services, services] .use-pg13-es7-ee: - extends: .es7-base - variables: - PG_VERSION: "13" + extends: + - .use-pg13 + - .zoekt-variables + services: + - !reference [.db-services, services] + - !reference [.es7-services, services] .use-pg14-es7-ee: - extends: .es7-base - variables: - PG_VERSION: "14" + extends: + - .use-pg14 + - .zoekt-variables + services: + - !reference [.db-services-with-auto-explain, services] + - !reference [.es7-services, services] .use-pg15-es7-ee: - extends: .es7-base - variables: - PG_VERSION: "15" - -.es8-base: extends: - - .pg-base-variables + - .use-pg15 - .zoekt-variables services: - - !reference [.db-services-with-redis-6, services] + - !reference [.db-services-with-auto-explain, services] + - !reference [.es7-services, services] + +.es8-services: + services: - !reference [.zoekt-services, services] - name: elasticsearch:8.6.2 + +.es8-variables: variables: ES_SETTING_DISCOVERY_TYPE: "single-node" ES_SETTING_XPACK_SECURITY_ENABLED: "false" + ES_SETTING_CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD__ENABLED: "false" .use-pg13-es8-ee: - extends: .es8-base - variables: - PG_VERSION: "13" + extends: + - .use-pg13 + - .zoekt-variables + - .es8-variables + services: + - !reference [.db-services, services] + - !reference [.es8-services, services] .use-pg14-es8-ee: - extends: .es8-base - variables: - PG_VERSION: "14" + extends: + - .use-pg14 + - .zoekt-variables + - .es8-variables + services: + - !reference [.db-services-with-auto-explain, services] + - !reference [.es8-services, services] .use-pg15-es8-ee: - extends: .es8-base - variables: - PG_VERSION: "15" - -.os1-base: extends: - - .pg-base-variables + - .use-pg15 - .zoekt-variables + - .es8-variables + services: + - !reference [.db-services-with-auto-explain, services] + - !reference [.es8-services, services] + +.os1-services: services: - - !reference [.db-services-with-redis-6, services] - !reference [.zoekt-services, services] - name: opensearchproject/opensearch:1.3.5 alias: elasticsearch - command: ["bin/opensearch", "-E", "discovery.type=single-node", "-E", "plugins.security.disabled=true"] + command: ["bin/opensearch", "-E", "discovery.type=single-node", "-E", "plugins.security.disabled=true", "-E", "cluster.routing.allocation.disk.threshold_enabled=false"] .use-pg13-opensearch1-ee: - extends: .os1-base - variables: - PG_VERSION: "13" + extends: + - .use-pg13 + - .zoekt-variables + services: + - !reference [.db-services, services] + - !reference [.os1-services, services] .use-pg14-opensearch1-ee: - extends: .os1-base - variables: - PG_VERSION: "14" + extends: + - .use-pg14 + - .zoekt-variables + services: + - !reference [.db-services-with-auto-explain, services] + - !reference [.os1-services, services] .use-pg15-opensearch1-ee: - extends: .os1-base - variables: - PG_VERSION: "15" - -.os2-base: extends: - - .pg-base-variables + - .use-pg15 - .zoekt-variables services: - - !reference [.db-services-with-redis-6, services] + - !reference [.db-services-with-auto-explain, services] + - !reference [.os1-services, services] + +.os2-services: + services: - !reference [.zoekt-services, services] - name: opensearchproject/opensearch:2.2.1 alias: elasticsearch - command: ["bin/opensearch", "-E", "discovery.type=single-node", "-E", "plugins.security.disabled=true"] + command: ["bin/opensearch", "-E", "discovery.type=single-node", "-E", "plugins.security.disabled=true", "-E", "cluster.routing.allocation.disk.threshold_enabled=false"] .use-pg13-opensearch2-ee: - extends: .os2-base - variables: - PG_VERSION: "13" + extends: + - .use-pg13 + - .zoekt-variables + services: + - !reference [.db-services, services] + - !reference [.os2-services, services] .use-pg14-opensearch2-ee: - extends: .os2-base - variables: - PG_VERSION: "14" + extends: + - .use-pg14 + - .zoekt-variables + services: + - !reference [.db-services-with-auto-explain, services] + - !reference [.os2-services, services] .use-pg15-opensearch2-ee: - extends: .os2-base - variables: - PG_VERSION: "15" + extends: + - .use-pg15 + - .zoekt-variables + services: + - !reference [.db-services-with-auto-explain, services] + - !reference [.os2-services, services] .use-pg14-clickhouse23: + extends: .use-pg14 services: - - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:postgres-14-pgvector-0.4.1 - command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] - alias: postgres - - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:redis-cluster-6.2.12 - alias: rediscluster # configure connections in config/redis.yml - - name: redis:6.2-alpine + - !reference [.db-services-with-auto-explain, services] - name: clickhouse/clickhouse-server:23-alpine alias: clickhouse variables: - POSTGRES_HOST_AUTH_METHOD: trust - PG_VERSION: "14" CLICKHOUSE_USER: clickhouse CLICKHOUSE_PASSWORD: clickhouse CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT: 1 @@ -444,5 +516,16 @@ .use-kube-context: before_script: - - export KUBE_CONTEXT="gitlab-org/gitlab:review-apps" + - export KUBE_CONTEXT="${CI_PROJECT_NAMESPACE}/gitlab:review-apps" - kubectl config use-context ${KUBE_CONTEXT} + +.fast-no-clone-job: + variables: + GIT_STRATEGY: none # We will download the required files for the job from the API + before_script: + # Logic taken from scripts/utils.sh in download_files function + - | + url="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/repository/files/scripts%2Futils.sh/raw?ref=${CI_COMMIT_SHA}" + curl -f --header "Private-Token: ${PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE}" "${url}" --create-dirs --output scripts/utils.sh + - source scripts/utils.sh + - run_timed_command "download_files ${FILES_TO_DOWNLOAD}" diff --git a/.gitlab/ci/package-and-test/main.gitlab-ci.yml b/.gitlab/ci/package-and-test/main.gitlab-ci.yml index 45e07ccf659..9e11a6606f7 100644 --- a/.gitlab/ci/package-and-test/main.gitlab-ci.yml +++ b/.gitlab/ci/package-and-test/main.gitlab-ci.yml @@ -1,5 +1,5 @@ # E2E tests pipeline loaded dynamically by script: scripts/generate-e2e-pipeline -# For adding new tests, refer to: doc/development/testing_guide/end_to_end/package_and_test_pipeline.md +# For adding new tests, refer to: doc/development/testing_guide/end_to_end/test_pipelines.md include: - local: .gitlab/ci/qa-common/main.gitlab-ci.yml - local: .gitlab/ci/qa-common/rules.gitlab-ci.yml @@ -35,6 +35,11 @@ download-knapsack-report: - .download-knapsack-report - .rules:download-knapsack +download-fast-quarantine-report: + extends: + - .download-fast-quarantine-report + - .rules:download-fast-quarantine-report + cache-gems: extends: - .qa-install diff --git a/.gitlab/ci/qa-common/main.gitlab-ci.yml b/.gitlab/ci/qa-common/main.gitlab-ci.yml index 603ac12c464..5c9043f8694 100644 --- a/.gitlab/ci/qa-common/main.gitlab-ci.yml +++ b/.gitlab/ci/qa-common/main.gitlab-ci.yml @@ -61,6 +61,11 @@ stages: GITLAB_LICENSE_MODE: test GITLAB_QA_ADMIN_ACCESS_TOKEN: $QA_ADMIN_ACCESS_TOKEN GITLAB_QA_OPTS: $EXTRA_GITLAB_QA_OPTS + before_script: + - !reference [.qa-base, before_script] + # Prepend the file paths with the absolute path from inside the container since the files will be read from there + - export RSPEC_FAST_QUARANTINE_PATH="/home/gitlab/qa/${RSPEC_FAST_QUARANTINE_PATH}" + - export RSPEC_SKIPPED_TESTS_REPORT_PATH="/home/gitlab/qa/rspec/skipped_tests-${CI_JOB_ID}.txt" # Allow QA jobs to fail as they are flaky. The top level `package-and-e2e:ee` # pipeline is not allowed to fail, so without allowing QA to fail, we will be # blocking merges due to flaky tests. @@ -85,6 +90,26 @@ stages: - qa/knapsack/*.json expire_in: 1 day +.download-fast-quarantine-report: + image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}alpine:edge + stage: .pre + variables: + GIT_STRATEGY: none + before_script: + - apk add --no-cache --update curl bash + script: + - mkdir -p "${QA_RSPEC_REPORT_PATH}" + - | + if [[ ! -f "${QA_RSPEC_REPORT_PATH}/${RSPEC_FAST_QUARANTINE_FILE}" ]]; then + curl --location -o "${QA_RSPEC_REPORT_PATH}/${RSPEC_FAST_QUARANTINE_FILE}" "https://gitlab-org.gitlab.io/quality/engineering-productivity/fast-quarantine/${RSPEC_FAST_QUARANTINE_PATH}" || + echo "" > "${QA_RSPEC_REPORT_PATH}/${RSPEC_FAST_QUARANTINE_FILE}" + fi + allow_failure: true + artifacts: + paths: + - "${QA_RSPEC_REPORT_PATH}/${RSPEC_FAST_QUARANTINE_FILE}" + expire_in: 1 day + .upload-knapsack-report: extends: - .generate-knapsack-report-base diff --git a/.gitlab/ci/qa-common/rules.gitlab-ci.yml b/.gitlab/ci/qa-common/rules.gitlab-ci.yml index b5963d24b81..7518f08398f 100644 --- a/.gitlab/ci/qa-common/rules.gitlab-ci.yml +++ b/.gitlab/ci/qa-common/rules.gitlab-ci.yml @@ -64,6 +64,10 @@ rules: - when: always +.rules:download-fast-quarantine-report: + rules: + - when: always + # ------------------------------------------ # Test # ------------------------------------------ diff --git a/.gitlab/ci/qa-common/variables.gitlab-ci.yml b/.gitlab/ci/qa-common/variables.gitlab-ci.yml index fe980293f3a..9498df47ecc 100644 --- a/.gitlab/ci/qa-common/variables.gitlab-ci.yml +++ b/.gitlab/ci/qa-common/variables.gitlab-ci.yml @@ -1,6 +1,7 @@ # Default variables for package-and-test variables: + USE_OLD_RUBY_VERSION: "true" REGISTRY_HOST: "registry.gitlab.com" REGISTRY_GROUP: "gitlab-org" ALLURE_JOB_NAME: $CI_PROJECT_NAME @@ -11,4 +12,8 @@ variables: # run all tests by default when package-and-test is included natively in other projects # this will be overridden when selective test execution is used in gitlab canonical project QA_RUN_ALL_TESTS: "true" - USE_OLD_RUBY_VERSION: "true" + # Used by gitlab-qa to set up a volume for `${CI_PROJECT_DIR}/qa/rspec:/home/gitlab/qa/rspec/` + QA_RSPEC_REPORT_PATH: "${CI_PROJECT_DIR}/qa/rspec" + RSPEC_FAST_QUARANTINE_FILE: "fast_quarantine-gitlab.txt" + # This path is relative to /home/gitlab/qa/ in the QA container + RSPEC_FAST_QUARANTINE_PATH: "rspec/${RSPEC_FAST_QUARANTINE_FILE}" diff --git a/.gitlab/ci/qa.gitlab-ci.yml b/.gitlab/ci/qa.gitlab-ci.yml index eae3b2f2a36..5cdaf6ada82 100644 --- a/.gitlab/ci/qa.gitlab-ci.yml +++ b/.gitlab/ci/qa.gitlab-ci.yml @@ -105,6 +105,12 @@ trigger-omnibus: branch: $TRIGGER_BRANCH strategy: depend +# Same as trigger-omnibus but is manual and runs follow-up-e2e:package-and-test-ee automatically right after +trigger-omnibus-and-follow-up-e2e: + extends: + - trigger-omnibus + - .qa:rules:manual-omnibus-and-follow-up-e2e + trigger-omnibus as-if-foss: extends: - trigger-omnibus @@ -129,6 +135,42 @@ e2e:package-and-test-ee: QA_RUN_TYPE: e2e-package-and-test PIPELINE_NAME: E2E Omnibus GitLab EE +# Same as e2e:package-and-test-ee but runs automatically after trigger-omnibus-and-follow-up-e2e +follow-up-e2e:package-and-test-ee: + extends: + - .e2e-trigger-base + - .qa:rules:follow-up-e2e + needs: + - build-qa-image + - trigger-omnibus-and-follow-up-e2e + - e2e-test-pipeline-generate + variables: + RELEASE: "${REGISTRY_HOST}/${REGISTRY_GROUP}/build/omnibus-gitlab-mirror/gitlab-ee:${CI_COMMIT_SHA}" + QA_RUN_TYPE: e2e-package-and-test + PIPELINE_NAME: E2E Omnibus GitLab EE + +e2e:post-run-e2e-message: + extends: + - .predictive-job + - .qa:rules:post-run-e2e-message + stage: qa + variables: + ENV_FILE: $CI_PROJECT_DIR/qa_tests_vars.env + image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION} + before_script: + - source scripts/utils.sh + - install_gitlab_gem + script: + - scripts/generate-message-to-run-e2e-pipeline.rb + needs: + - e2e-test-pipeline-generate + - trigger-omnibus-env + - build-assets-image + artifacts: + expire_in: 1 day + paths: + - "${CI_PROJECT_DIR}/qa_tests_vars.env" + e2e:package-and-test-ce: extends: - e2e:package-and-test-ee @@ -144,21 +186,6 @@ e2e:package-and-test-ce: QA_RUN_TYPE: e2e-package-and-test-ce PIPELINE_NAME: E2E Omnibus GitLab CE -e2e:package-and-test-old-nav: - extends: - - .e2e-trigger-base - - .qa:rules:package-and-test-old-nav - needs: - - build-qa-image - - trigger-omnibus - - e2e-test-pipeline-generate - variables: - RELEASE: "${REGISTRY_HOST}/${REGISTRY_GROUP}/build/omnibus-gitlab-mirror/gitlab-ee:${CI_COMMIT_SHA}" - QA_RUN_TYPE: e2e-package-and-test-old-nav - PIPELINE_NAME: E2E Omnibus Old Navigation - QA_SUPER_SIDEBAR_ENABLED: "false" - EXTRA_GITLAB_QA_OPTS: "" - e2e:package-and-test-nightly: extends: - .e2e-trigger-base @@ -187,4 +214,3 @@ e2e:test-on-gdk: DYNAMIC_PIPELINE_YML: test-on-gdk-pipeline.yml SKIP_MESSAGE: Skipping test-on-gdk due to mr containing only quarantine changes! GDK_IMAGE: "${CI_REGISTRY_IMAGE}/gitlab-qa-gdk:${CI_COMMIT_SHA}" - allow_failure: true diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml index 9338f5cf7e5..326d23be5a4 100644 --- a/.gitlab/ci/rails.gitlab-ci.yml +++ b/.gitlab/ci/rails.gitlab-ci.yml @@ -56,9 +56,27 @@ update-gitaly-binaries-cache: artifacts: paths: [] # This job's purpose is only to update the cache. +update-ruby-gems-coverage-cache-push: + extends: + - .ruby-gems-coverage-cache-push + - .shared:rules:update-cache + variables: + BUNDLE_WITHOUT: "" # This is to override the variable defined in .gitlab-ci.yml + BUNDLE_ONLY: "coverage" + script: + - source scripts/utils.sh + - bundle_install_script + +# Used in: +# - rspec:undercoverage +# - rspec:feature-flags +# - rspec:merge-auto-explain-logs +# +# TODO: Consider making rspec:coverage reuse this base job, or split into two base jobs. .coverage-base: extends: - .default-retry + # TODO: If applicable for all children jobs, delete/replace this cache with .ruby-gems-coverage-cache, as it is much smaller. - .coverage-cache before_script: - source scripts/utils.sh @@ -310,7 +328,7 @@ rspec:deprecations: script: - grep -h -R "keyword" deprecations/ | awk '{$1=$1};1' | sort | uniq -c | sort - grep -R "keyword" deprecations/ | wc - - run_timed_command "fail_on_warnings bundle exec rubocop --config .rubocop.yml --only Lint/LastKeywordArgument --parallel" + - run_timed_command "fail_on_warnings bundle exec rubocop --only Lint/LastKeywordArgument --parallel" artifacts: expire_in: 31d when: always @@ -327,8 +345,8 @@ rspec:deprecations: GIT_STRATEGY: none image: alpine:3.17 script: - - mkdir -p coverage deprecations rspec - - ls coverage/ deprecations/ rspec/ + - mkdir -p coverage deprecations rspec auto_explain + - ls coverage/ deprecations/ rspec/ auto_explain/ artifacts: expire_in: 7d when: always @@ -336,6 +354,7 @@ rspec:deprecations: - coverage/ - deprecations/ - rspec/ + - auto_explain/ rspec:artifact-collector unit: extends: @@ -445,11 +464,12 @@ rspec:artifact-collector ee: rspec:coverage: extends: - - .coverage-base + - .ruby-gems-coverage-cache - .rails:rules:rspec-coverage stage: post-test needs: - - setup-test-env + - job: setup-test-env + artifacts: false # FOSS/EE jobs - job: rspec:artifact-collector unit optional: true @@ -476,6 +496,13 @@ rspec:coverage: # Memory jobs - job: memory-on-boot optional: true + artifacts: false + variables: + BUNDLE_WITHOUT: "" # This is to override the variable defined in .gitlab-ci.yml + BUNDLE_ONLY: "coverage" + before_script: + - source scripts/utils.sh + - bundle_install_script script: - run_timed_command "bundle exec scripts/merge-simplecov" coverage: '/LOC \((\d+\.\d+%)\) covered.$/' @@ -533,9 +560,6 @@ rspec:flaky-tests-report: - .rails:rules:flaky-tests-report stage: post-test needs: !reference ["rspec:coverage", "needs"] - variables: - SKIPPED_TESTS_REPORT_PATH: rspec/skipped_tests_report.txt - RETRIED_TESTS_REPORT_PATH: rspec/flaky/retried_tests_report.txt before_script: - source scripts/utils.sh - source scripts/rspec_helpers.sh @@ -546,6 +570,23 @@ rspec:flaky-tests-report: paths: - rspec/ +rspec:merge-auto-explain-logs: + extends: + - .coverage-base + - .rails:rules:rspec-merge-auto-explain-logs + stage: post-test + needs: !reference ["rspec:coverage", "needs"] + before_script: + - source scripts/utils.sh + - source scripts/rspec_helpers.sh + script: + - merge_auto_explain_logs + artifacts: + name: auto-explain-logs + expire_in: 31d + paths: + - auto_explain/ + # EE/FOSS: default refs (MRs, default branch, schedules) jobs # ####################################################### diff --git a/.gitlab/ci/rails/shared.gitlab-ci.yml b/.gitlab/ci/rails/shared.gitlab-ci.yml index 9c2b0406f02..ce89e7ef689 100644 --- a/.gitlab/ci/rails/shared.gitlab-ci.yml +++ b/.gitlab/ci/rails/shared.gitlab-ci.yml @@ -25,6 +25,8 @@ include: # gems could not be found under some circumstance. No idea why, hours wasted. - run_timed_command "gem install knapsack --no-document" - section_start "gitaly-test-spawn" "Spawning Gitaly"; scripts/gitaly-test-spawn; section_end "gitaly-test-spawn" # Do not use 'bundle exec' here + - export RSPEC_SKIPPED_TESTS_REPORT_PATH="rspec/skipped_tests-${CI_JOB_ID}.txt" + - export RSPEC_RETRIED_TESTS_REPORT_PATH="rspec/retried_tests-${CI_JOB_ID}.txt" .no-redis-cluster: variables: @@ -84,7 +86,7 @@ include: bundle exec relate-failure-issue --input-files "rspec/rspec-*.json" --system-log-files "log" --project "gitlab-org/gitlab" --token "${TEST_FAILURES_PROJECT_TOKEN}"; fi if [ "$CREATE_RAILS_SLOW_TEST_ISSUES" == "true" ]; then - bundle exec slow-test-issues --input-files "rspec/rspec-*.json" --project "gitlab-org-sandbox/rails-test-failures" --token "${RAILS_TEST_FAILURES_PROJECT_TOKEN}"; + bundle exec slow-test-issues --input-files "rspec/rspec-*.json" --project "gitlab-org/gitlab" --token "${TEST_FAILURES_PROJECT_TOKEN}"; fi - echo -e "\e[0Ksection_end:`date +%s`:report_results_section\r\e[0K" @@ -96,11 +98,11 @@ include: expire_in: 31d when: always paths: + - auto_explain/ - coverage/ - crystalball/ - deprecations/ - knapsack/ - - query_recorder/ - rspec/ - tmp/capybara/ - log/*.log diff --git a/.gitlab/ci/release-environments/main.gitlab-ci.yml b/.gitlab/ci/release-environments/main.gitlab-ci.yml index 7eb67509301..ff15673d48d 100644 --- a/.gitlab/ci/release-environments/main.gitlab-ci.yml +++ b/.gitlab/ci/release-environments/main.gitlab-ci.yml @@ -3,9 +3,13 @@ include: - local: .gitlab/ci/cng/main.gitlab-ci.yml review-build-cng-env: + extends: + - .review-build-cng-env allow_failure: true review-build-cng: + extends: + - .review-build-cng needs: ["review-build-cng-env"] variables: IMAGE_TAG_EXT: "-${CI_COMMIT_SHORT_SHA}" diff --git a/.gitlab/ci/review-apps/main.gitlab-ci.yml b/.gitlab/ci/review-apps/main.gitlab-ci.yml index c5f56076ce7..a3ced427ea1 100644 --- a/.gitlab/ci/review-apps/main.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/main.gitlab-ci.yml @@ -30,17 +30,37 @@ dont-interrupt-me: review-build-cng-env: extends: + - .review-build-cng-env - .default-retry - .review:rules:review-build-cng + - .fast-no-clone-job + variables: + # We use > instead of | because we want the files to be space-separated. + FILES_TO_DOWNLOAD: > + GITALY_SERVER_VERSION + GITLAB_ELASTICSEARCH_INDEXER_VERSION + GITLAB_KAS_VERSION + GITLAB_METRICS_EXPORTER_VERSION + GITLAB_PAGES_VERSION + GITLAB_SHELL_VERSION + scripts/trigger-build.rb + VERSION + before_script: + - apk add --no-cache --update curl # Not present in ruby-alpine, so we add it manually + - !reference [".fast-no-clone-job", before_script] + - !reference [".review-build-cng-env", before_script] + - mv VERSION GITLAB_WORKHORSE_VERSION # GITLAB_WORKHORSE_VERSION is a symlink to VERSION review-build-cng: - extends: .review:rules:review-build-cng + extends: + - .review-build-cng + - .review:rules:review-build-cng needs: ["review-build-cng-env"] .review-workflow-base: image: ${REVIEW_APPS_IMAGE} retry: - max: 2 # This is confusing but this means "3 runs at max" + max: 1 # This is confusing but this means "2 runs at max" variables: HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}" DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}" @@ -49,6 +69,7 @@ review-build-cng: GITLAB_REPO_URL: ${CI_PROJECT_URL} GITLAB_IMAGE_REPOSITORY: "registry.gitlab.com/gitlab-org/build/cng-mirror" GITLAB_IMAGE_SUFFIX: "ee" + GITLAB_REVIEW_APP_BASE_CONFIG_FILE: "scripts/review_apps/base-config.yaml" GITLAB_HELM_CHART_REF: "75b1486a9aec212d0f49ef1251526d8e51004bbc" # 7.0.1: https://gitlab.com/gitlab-org/charts/gitlab/-/commit/75b1486a9aec212d0f49ef1251526d8e51004bbc environment: name: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # No separator for SCHEDULE_TYPE so it's compatible as before and looks nice without it @@ -59,6 +80,7 @@ review-deploy: extends: - .review-workflow-base - .review:rules:review-deploy + - .fast-no-clone-job stage: deploy image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}dtzar/helm-kubectl:3.9.3 needs: @@ -70,7 +92,18 @@ review-deploy: - "gitlab-${GITLAB_HELM_CHART_REF}" environment: action: start + variables: + # We use > instead of | because we want the files to be space-separated. + FILES_TO_DOWNLOAD: > + GITALY_SERVER_VERSION + GITLAB_SHELL_VERSION + scripts/review_apps/review-apps.sh + scripts/review_apps/seed-dast-test-data.sh + VERSION before_script: + - apk add --no-cache --update curl # Not present in ruby-alpine, so we add it manually + - !reference [".fast-no-clone-job", before_script] + - mv VERSION GITLAB_WORKHORSE_VERSION # GITLAB_WORKHORSE_VERSION is a symlink to VERSION - export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION) - export GITALY_VERSION=$(<GITALY_SERVER_VERSION) - export GITLAB_WORKHORSE_VERSION=$(<GITLAB_WORKHORSE_VERSION) diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml index 295f22258e9..264950ae1cc 100644 --- a/.gitlab/ci/rules.gitlab-ci.yml +++ b/.gitlab/ci/rules.gitlab-ci.yml @@ -89,6 +89,9 @@ .if-merge-request-labels-skip-undercoverage: &if-merge-request-labels-skip-undercoverage if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:skip-undercoverage/' +.if-merge-request-labels-record-queries: &if-merge-request-labels-record-queries + if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:record-queries/' + .if-merge-request-labels-jh-contribution: &if-merge-request-labels-jh-contribution if: '$CI_MERGE_REQUEST_LABELS =~ /JiHu contribution/' @@ -378,9 +381,6 @@ # Gitaly has interactions with background migrations: https://gitlab.com/gitlab-org/gitlab/-/issues/336538 - "GITALY_SERVER_VERSION" - "lib/gitlab/setup_helper.rb" - # CI changes - - ".gitlab-ci.yml" - - ".gitlab/ci/**/*" # DB backup patterns .db-backup-patterns: &db-backup-patterns @@ -604,6 +604,18 @@ - "scripts/glfm/**/*" - "scripts/lib/glfm/**/*" +# Certain components require the base e2e GDK image to be rebuilt if they change +.gdk-component-patterns: &gdk-component-patterns + - qa/gdk/**/* + - Gemfile.lock + - yarn.lock + - workhorse/**/* + - VERSION + - GITLAB_WORKHORSE_VERSION + - GITLAB_METRICS_EXPORTER_VERSION + - GITLAB_SHELL_VERSION + - GITALY_SERVER_VERSION + ################## # Conditions set # ################## @@ -889,6 +901,8 @@ # - build the final stage in code-change pipelines (including MRs), and scheduled pipelines # This has to match ".qa:rules:e2e:test-on-gdk" otherwise there won't be an image available to run GDK in the test jobs. # Unfortunately, we can't just include ".qa:rules:e2e:test-on-gdk" because some of the conditions are manual +# Since the smoke test job is not allowed to fail, the `build-gdk-image` job is also not allowed to fail. +# It's better to fail early and avoid wasting resources running test jobs that would just fail anyway. .build-images:rules:build-gdk-image: rules: - if: '$QA_RUN_TESTS_ON_GDK !~ /true|yes|1/i' @@ -899,51 +913,37 @@ - <<: *if-default-branch-refs # Includes scheduled pipelines variables: BUILD_GDK_BASE: "true" - allow_failure: true # We want to also rebuild the base image if MRs change certain components. - <<: *if-merge-request variables: BUILD_GDK_BASE: "true" - changes: - - qa/gdk/**/* - - Gemfile.lock - - yarn.lock - - workhorse/**/* - - VERSION - - GITLAB_METRICS_EXPORTER_VERSION - - GITLAB_SHELL_VERSION - - GITALY_SERVER_VERSION - allow_failure: true + changes: *gdk-component-patterns # The rest are included to be consistent with .qa:rules:e2e:test-on-gdk - <<: *if-merge-request-targeting-stable-branch changes: *setup-test-env-patterns - allow_failure: true - <<: *if-ruby3_1-branch - allow_failure: true # We include the job under the matching conditions below, but unlike in .qa:rules:e2e:test-on-gdk we don't need to # set OMNIBUS_GITLAB_BUILD_ON_ALL_OS when testing against GDK - <<: *if-merge-request changes: *dependency-patterns - allow_failure: true - <<: *if-merge-request-labels-run-all-e2e - allow_failure: true - <<: *if-merge-request changes: *feature-flag-development-config-patterns - allow_failure: true - <<: *if-merge-request changes: *initializers-patterns - allow_failure: true - <<: *if-merge-request changes: *nodejs-patterns - allow_failure: true - <<: *if-merge-request changes: *ci-qa-patterns - allow_failure: true + - <<: *if-dot-com-gitlab-org-and-security-merge-request-manual-ff-package-and-e2e + changes: *feature-flag-development-config-patterns + when: manual + - <<: *if-dot-com-gitlab-org-and-security-merge-request-and-qa-tests-specified + changes: *code-patterns - <<: *if-merge-request changes: *code-qa-patterns - allow_failure: true - <<: *if-force-ci - allow_failure: true + when: manual .build-images:rules:build-assets-image: rules: @@ -1132,6 +1132,16 @@ - <<: *if-default-refs changes: *code-backstage-qa-patterns +############################ +# Audit event types rules # +############################ +.audit-event-types:rules:audit-event-types-verify: + rules: + - <<: *if-not-ee + when: never + - <<: *if-default-refs + changes: *code-backstage-qa-patterns + ################## # Frontend rules # ################## @@ -1168,6 +1178,8 @@ - <<: *if-merge-request-labels-run-all-e2e - <<: *if-dot-com-gitlab-org-and-security-merge-request-manual-ff-package-and-e2e changes: *feature-flag-development-config-patterns + - <<: *if-merge-request + changes: *dependency-patterns - <<: *if-force-ci .frontend:rules:compile-production-assets-as-if-foss: @@ -1423,6 +1435,9 @@ changes: *setup-test-env-patterns allow_failure: true - <<: *if-merge-request + # Certain components trigger a rebuild of the e2e GDK image so we want to test it too + changes: *gdk-component-patterns + - <<: *if-merge-request changes: *code-backstage-qa-patterns allow_failure: true - <<: *if-dot-com-gitlab-org-schedule @@ -1449,6 +1464,43 @@ - <<: *if-force-ci allow_failure: true +# All rules copied from qa:rules:package-and-test-ee but jobs are automatic and not allowed to fail +.qa:rules:trigger-omnibus-env: + rules: + # From .qa:rules:package-and-test-common + - !reference [".qa:rules:package-and-test-never-run", rules] + - <<: *if-merge-request-targeting-stable-branch + changes: *setup-test-env-patterns + - <<: *if-ruby3_1-branch + variables: + USE_OLD_RUBY_VERSION: 'false' + CACHE_EDITION: 'GITLAB_RUBY3_1' + - <<: *if-merge-request + changes: *dependency-patterns + variables: + OMNIBUS_GITLAB_BUILD_ON_ALL_OS: 'true' + - <<: *if-merge-request-labels-run-all-e2e + - <<: *if-dot-com-gitlab-org-and-security-merge-request-manual-ff-package-and-e2e + changes: *feature-flag-development-config-patterns + - <<: *if-merge-request + changes: *feature-flag-development-config-patterns + - <<: *if-merge-request + changes: *initializers-patterns + - <<: *if-merge-request + changes: *nodejs-patterns + - <<: *if-merge-request + changes: *ci-qa-patterns + - <<: *if-merge-request + changes: *qa-patterns + - <<: *if-dot-com-gitlab-org-and-security-merge-request-and-qa-tests-specified + changes: *code-patterns + - <<: *if-force-ci + # From .qa:rules:package-and-test-schedule + - <<: *if-dot-com-gitlab-org-schedule + # From .qa:rules:code-merge-request-manual + - <<: *if-merge-request + changes: *code-patterns + .qa:rules:package-and-test-never-run: rules: - <<: *if-not-canonical-namespace @@ -1509,18 +1561,66 @@ # manually. That rule is now in ".qa:rules:code-merge-request-manual" so it can be included when needed and we can # still use ".qa:rules:package-and-test-common" in jobs we don't want to be manual. +# Like .qa:rules:package-and-test-common but not allowed to fail. +# It's named `e2e` instead of `package-and-test` because it's used for e2e tests on GDK (and could be used +# for other e2e tests) +.qa:rules:e2e-blocking: + rules: + - !reference [".qa:rules:package-and-test-never-run", rules] + - <<: *if-merge-request-targeting-stable-branch + changes: *setup-test-env-patterns + - <<: *if-ruby3_1-branch + variables: + USE_OLD_RUBY_VERSION: 'false' + CACHE_EDITION: 'GITLAB_RUBY3_1' + - <<: *if-merge-request + # Certain components trigger a rebuild of the e2e GDK image so we want to test it too + changes: *gdk-component-patterns + - <<: *if-merge-request + changes: *dependency-patterns + - <<: *if-merge-request-labels-run-all-e2e + - <<: *if-dot-com-gitlab-org-and-security-merge-request-manual-ff-package-and-e2e + changes: *feature-flag-development-config-patterns + when: manual + - <<: *if-merge-request + changes: *nodejs-patterns + - <<: *if-merge-request + changes: + - qa/Gemfile.lock # qa/Gemfile.lock is a part of *qa-patterns, so this rule must be placed before the one with *qa-patterns changes + variables: + UPDATE_QA_CACHE: "true" + - <<: *if-dot-com-gitlab-org-and-security-merge-request-and-qa-tests-specified + changes: *code-patterns + - <<: *if-merge-request + changes: *code-qa-patterns # Includes all CI changes + - <<: *if-force-ci + when: manual + +.qa:e2e-test-schedule-variables: &qa-e2e-test-schedule-variables + variables: + CREATE_TEST_FAILURE_ISSUES: "true" + PROCESS_TEST_RESULTS: "true" + KNAPSACK_GENERATE_REPORT: "true" + UPDATE_QA_CACHE: "true" + QA_SAVE_TEST_METRICS: "true" + QA_EXPORT_TEST_METRICS: "false" # on main runs, metrics are exported to separate bucket via rake task for better consistency + .qa:rules:package-and-test-schedule: rules: - <<: *if-dot-com-gitlab-org-schedule allow_failure: true - variables: - CREATE_TEST_FAILURE_ISSUES: "true" - PROCESS_TEST_RESULTS: "true" - KNAPSACK_GENERATE_REPORT: "true" - UPDATE_QA_CACHE: "true" - QA_SAVE_TEST_METRICS: "true" - QA_EXPORT_TEST_METRICS: "false" # on main runs, metrics are exported to separate bucket via rake task for better consistency + <<: *qa-e2e-test-schedule-variables + +.qa:rules:e2e-schedule-blocking: + rules: + - <<: *if-dot-com-gitlab-org-schedule + <<: *qa-e2e-test-schedule-variables +# Note: If any changes are made to this rule, the following should also be updated: +# 1) .qa:rules:manual-omnibus-and-follow-up-e2e +# 2) .qa:rules:follow-up-e2e +# 3) .qa:rules:trigger-omnibus-env +# 4) .qa:rules:post-run-e2e-message .qa:rules:package-and-test-ee: rules: - !reference [".qa:rules:package-and-test-common", rules] @@ -1552,27 +1652,8 @@ when: never - <<: *if-default-branch-schedule-nightly # already executed in the 2-hourly schedule when: never - - !reference [".qa:rules:package-and-test-common", rules] - - !reference [".qa:rules:package-and-test-schedule", rules] - # Run automatically in all other code MRs that weren't included in ".qa:rules:package-and-test-common". - - <<: *if-merge-request - changes: *code-patterns - allow_failure: true - -.qa:rules:package-and-test-old-nav: - rules: - - !reference [".qa:rules:package-and-test-never-run", rules] - - <<: *if-merge-request - changes: *code-patterns - when: manual - allow_failure: true - - <<: *if-default-branch-schedule-nightly - allow_failure: true - variables: - CREATE_TEST_FAILURE_ISSUES: "true" - PROCESS_TEST_RESULTS: "true" - QA_SAVE_TEST_METRICS: "true" - QA_EXPORT_TEST_METRICS: "false" + - !reference [".qa:rules:e2e-blocking", rules] + - !reference [".qa:rules:e2e-schedule-blocking", rules] .qa:rules:package-and-test-nightly: rules: @@ -1595,6 +1676,139 @@ - !reference [".qa:rules:package-and-test-nightly", rules] - !reference [".qa:rules:package-and-test-ce", rules] +# These are based on `.qa:rules:trigger-omnibus` but with automatic jobs changed to `when: never.` +# If any changes are made to this rule, `.qa:rules:follow-up-e2e` should also be updated. +.qa:rules:manual-omnibus-and-follow-up-e2e: + rules: + - !reference [".qa:rules:package-and-test-never-run", rules] + - !reference [".qa:rules:code-merge-request-manual", rules] + - <<: *if-dot-com-gitlab-org-schedule + when: never + - <<: *if-merge-request-targeting-stable-branch + changes: *setup-test-env-patterns + when: never + - <<: *if-ruby3_1-branch + when: never + - <<: *if-merge-request + changes: *dependency-patterns + when: never + - <<: *if-merge-request-labels-run-all-e2e + when: never + - <<: *if-dot-com-gitlab-org-and-security-merge-request-manual-ff-package-and-e2e + changes: *feature-flag-development-config-patterns + when: manual + allow_failure: true + - <<: *if-merge-request + changes: *feature-flag-development-config-patterns + when: never + - <<: *if-merge-request + changes: *initializers-patterns + when: never + - <<: *if-merge-request + changes: *nodejs-patterns + when: never + - <<: *if-merge-request + changes: *ci-qa-patterns + when: never + - <<: *if-merge-request + changes: *qa-patterns + when: never + - <<: *if-dot-com-gitlab-org-and-security-merge-request-and-qa-tests-specified + changes: *code-patterns + when: never + - <<: *if-force-ci + when: manual + allow_failure: true + +# These are based on `.qa:rules:manual-omnibus-and-follow-up-e2e` but with manual jobs changed to automatic +.qa:rules:follow-up-e2e: + rules: + - !reference [".qa:rules:package-and-test-never-run", rules] + - <<: *if-merge-request + changes: *code-patterns + allow_failure: true + - <<: *if-dot-com-gitlab-org-schedule + when: never + - <<: *if-merge-request-targeting-stable-branch + changes: *setup-test-env-patterns + when: never + - <<: *if-ruby3_1-branch + when: never + - <<: *if-merge-request + changes: *dependency-patterns + when: never + - <<: *if-merge-request-labels-run-all-e2e + when: never + - <<: *if-dot-com-gitlab-org-and-security-merge-request-manual-ff-package-and-e2e + changes: *feature-flag-development-config-patterns + allow_failure: true + - <<: *if-merge-request + changes: *feature-flag-development-config-patterns + when: never + - <<: *if-merge-request + changes: *initializers-patterns + when: never + - <<: *if-merge-request + changes: *nodejs-patterns + when: never + - <<: *if-merge-request + changes: *ci-qa-patterns + when: never + - <<: *if-merge-request + changes: *qa-patterns + when: never + - <<: *if-dot-com-gitlab-org-and-security-merge-request-and-qa-tests-specified + changes: *code-patterns + when: never + - <<: *if-force-ci + allow_failure: true + +# These are based on `qa:rules:package-and-test-ee` but with when:never in all except for code-patterns in merge requests +.qa:rules:post-run-e2e-message: + rules: + # From .qa:rules:package-and-test-common + - !reference [".qa:rules:package-and-test-never-run", rules] + - <<: *if-merge-request-targeting-stable-branch + changes: *setup-test-env-patterns + when: never + - <<: *if-ruby3_1-branch + when: never + - <<: *if-merge-request + changes: *dependency-patterns + when: never + - <<: *if-merge-request-labels-run-all-e2e + when: never + - <<: *if-dot-com-gitlab-org-and-security-merge-request-manual-ff-package-and-e2e + changes: *feature-flag-development-config-patterns + when: never + - <<: *if-merge-request + changes: *feature-flag-development-config-patterns + when: never + - <<: *if-merge-request + changes: *initializers-patterns + when: never + - <<: *if-merge-request + changes: *nodejs-patterns + when: never + - <<: *if-merge-request + changes: *ci-qa-patterns + when: never + - <<: *if-merge-request + changes: *qa-patterns + when: never + - <<: *if-dot-com-gitlab-org-and-security-merge-request-and-qa-tests-specified + changes: *code-patterns + when: never + - <<: *if-force-ci + when: never + # From .qa:rules:package-and-test-schedule + - <<: *if-dot-com-gitlab-org-schedule + when: never + # From .qa:rules:code-merge-request-manual + - <<: *if-merge-request + changes: *code-patterns + allow_failure: true + ############### # Rails rules # ############### @@ -2024,13 +2238,20 @@ - <<: *if-merge-request-labels-run-on-pg12 - !reference [".rails:rules:default-branch-schedule-nightly--code-backstage-default-rules", rules] +.rails:rules:rspec-merge-auto-explain-logs: + rules: + - <<: *if-not-ee + when: never + - <<: *if-merge-request-labels-pipeline-expedite + when: never + - <<: *if-merge-request-labels-run-all-rspec + - <<: *if-merge-request-labels-record-queries + .rails:rules:default-branch-schedule-nightly--code-backstage-default-rules: rules: - <<: *if-merge-request-labels-pipeline-expedite when: never - <<: *if-default-branch-schedule-nightly - - <<: *if-merge-request - changes: [".gitlab/ci/rails.gitlab-ci.yml"] .rails:rules:default-branch-schedule-nightly--code-backstage: rules: @@ -2545,8 +2766,6 @@ - "scripts/rspec_helpers.sh" - <<: *if-merge-request changes: - - "gems/gitlab-rspec/**/*" - - "gems/rspec_flaky/**/*" - "scripts/flaky_examples/prune-old-flaky-examples" ################### diff --git a/.gitlab/ci/setup.gitlab-ci.yml b/.gitlab/ci/setup.gitlab-ci.yml index ddd479385fc..b652ac5e30b 100644 --- a/.gitlab/ci/setup.gitlab-ci.yml +++ b/.gitlab/ci/setup.gitlab-ci.yml @@ -176,7 +176,7 @@ e2e-test-pipeline-generate: trigger-omnibus-env: stage: prepare extends: - - .qa:rules:package-and-test-ee + - .qa:rules:trigger-omnibus-env needs: # We need this job because we need its `cached-assets-hash.txt` artifact, so that we can pass the assets image tag to the downstream omnibus-gitlab pipeline. - compile-production-assets diff --git a/.gitlab/ci/static-analysis.gitlab-ci.yml b/.gitlab/ci/static-analysis.gitlab-ci.yml index 40582170cc9..3344bb3a06d 100644 --- a/.gitlab/ci/static-analysis.gitlab-ci.yml +++ b/.gitlab/ci/static-analysis.gitlab-ci.yml @@ -64,6 +64,7 @@ generate-apollo-graphql-schema: script: - apollo client:download-schema --config=config/apollo.config.js ${GRAPHQL_SCHEMA_APOLLO_FILE} artifacts: + expire_in: 30 days name: graphql-schema-apollo paths: - "${GRAPHQL_SCHEMA_APOLLO_FILE}" @@ -137,7 +138,7 @@ rubocop: select_existing_files < "${RSPEC_CHANGED_FILES_PATH}" > "${RUBOCOP_TARGET_FILES}" # Skip running RuboCop if there's no target files if [ -s "${RUBOCOP_TARGET_FILES}" ]; then - run_timed_command "fail_on_warnings bundle exec rubocop --config .rubocop.yml --parallel --force-exclusion $(cat ${RUBOCOP_TARGET_FILES})" + run_timed_command "fail_on_warnings bundle exec rubocop --parallel --force-exclusion $(cat ${RUBOCOP_TARGET_FILES})" else echoinfo "Nothing interesting changed for RuboCop. Skipping." fi @@ -177,7 +178,7 @@ feature-flags-usage: script: # We need to disable the cache for this cop since it creates files under tmp/feature_flags/*.used, # the cache would prevent these files from being created. - - run_timed_command "fail_on_warnings bundle exec rubocop --config .rubocop.yml --only Gitlab/MarkUsedFeatureFlags --cache false" + - run_timed_command "fail_on_warnings bundle exec rubocop --only Gitlab/MarkUsedFeatureFlags --cache false" artifacts: expire_in: 31d when: always @@ -193,14 +194,16 @@ semgrep-appsec-custom-rules: script: # Required to avoid a timeout https://github.com/returntocorp/semgrep/issues/5395 - git fetch origin master + - git clone $CUSTOM_RULES_REPOSITORY "${CI_BUILDS_DIR}/sast-custom-rules" # Include/exclude list isn't ideal https://github.com/returntocorp/semgrep/issues/5399 - | - semgrep ci --gitlab-sast --metrics off --config $CUSTOM_RULES_URL \ + semgrep ci --gitlab-sast --metrics off --config "${CI_BUILDS_DIR}/sast-custom-rules" \ --include app --include lib --include workhorse \ --exclude '*_test.go' --exclude spec --exclude qa > gl-sast-report.json || true variables: - CUSTOM_RULES_URL: https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/-/raw/main/gitlab-sast-rules/rules.yml + CUSTOM_RULES_REPOSITORY: https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules.git artifacts: + expire_in: 30 days paths: - gl-sast-report.json diff --git a/.gitlab/ci/templates/gem.gitlab-ci.yml b/.gitlab/ci/templates/gem.gitlab-ci.yml index 46c5e1342c6..f17e168c1af 100644 --- a/.gitlab/ci/templates/gem.gitlab-ci.yml +++ b/.gitlab/ci/templates/gem.gitlab-ci.yml @@ -11,12 +11,19 @@ spec: --- .gems:rules:$[[inputs.gem_name]]: rules: + - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "maintenance"' - if: '$CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached"' changes: - "$[[inputs.gem_path_prefix]]$[[inputs.gem_name]]/**/*" - ".gitlab/ci/gitlab-gems.gitlab-ci.yml" + - ".gitlab/ci/vendored-gems.gitlab-ci.yml" - ".gitlab/ci/templates/gem.gitlab-ci.yml" - "gems/gem.gitlab-ci.yml" + # Ensure new cop in the monolith don't break internal gems Rubocop checks: https://gitlab.com/gitlab-org/gitlab/-/issues/419915 + - ".rubocop.yml" + - "rubocop/**/*" + - ".rubocop_todo/**/*" + gems $[[inputs.gem_name]]: extends: ".gems:rules:$[[inputs.gem_name]]" diff --git a/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml b/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml index 367579b1999..41f85c492d9 100644 --- a/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml +++ b/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml @@ -86,7 +86,6 @@ variables: dotenv: suite_status.env expire_in: 7 days when: always - allow_failure: true download-knapsack-report: extends: @@ -118,6 +117,11 @@ cache-gems: gdk reconfigure &&\ gdk restart" +download-fast-quarantine-report: + extends: + - .download-fast-quarantine-report + - .rules:download-fast-quarantine-report + gdk-qa-smoke: extends: - .gdk-qa-base @@ -143,6 +147,7 @@ gdk-qa-smoke-with-load-balancer: - changes: - ".gitlab/ci/test-on-gdk/**" - "lib/gitlab/database/load_balancing/**/*" + allow_failure: true gdk-qa-reliable: extends: @@ -153,6 +158,7 @@ gdk-qa-reliable: QA_RUN_TYPE: gdk-qa-blocking rules: - when: always + allow_failure: true gdk-qa-reliable-with-load-balancer: extends: @@ -171,6 +177,7 @@ gdk-qa-reliable-with-load-balancer: - changes: - ".gitlab/ci/test-on-gdk/**" - "lib/gitlab/database/load_balancing/**/*" + allow_failure: true gdk-qa-non-blocking: extends: @@ -181,6 +188,7 @@ gdk-qa-non-blocking: QA_RUN_TYPE: gdk-qa-non-blocking rules: - when: manual + allow_failure: true # ========================================== # Post test stage diff --git a/.gitlab/ci/workhorse.gitlab-ci.yml b/.gitlab/ci/workhorse.gitlab-ci.yml index 00c4dc6c9a9..5b128ef6170 100644 --- a/.gitlab/ci/workhorse.gitlab-ci.yml +++ b/.gitlab/ci/workhorse.gitlab-ci.yml @@ -34,6 +34,7 @@ workhorse:test go: - make -C workhorse test-coverage coverage: '/\d+.\d+%/' artifacts: + expire_in: 30 days paths: - workhorse/coverage.html |