diff options
Diffstat (limited to '.gitlab/ci')
| -rw-r--r-- | .gitlab/ci/build-images.gitlab-ci.yml | 13 | ||||
| -rw-r--r-- | .gitlab/ci/docs.gitlab-ci.yml | 4 | ||||
| -rw-r--r-- | .gitlab/ci/frontend.gitlab-ci.yml | 31 | ||||
| -rw-r--r-- | .gitlab/ci/global.gitlab-ci.yml | 25 | ||||
| -rw-r--r-- | .gitlab/ci/notify.gitlab-ci.yml | 4 | ||||
| -rw-r--r-- | .gitlab/ci/package-and-test/main.gitlab-ci.yml | 72 | ||||
| -rw-r--r-- | .gitlab/ci/qa.gitlab-ci.yml | 2 | ||||
| -rw-r--r-- | .gitlab/ci/rails.gitlab-ci.yml | 21 | ||||
| -rw-r--r-- | .gitlab/ci/rails/shared.gitlab-ci.yml | 5 | ||||
| -rw-r--r-- | .gitlab/ci/reports.gitlab-ci.yml | 2 | ||||
| -rw-r--r-- | .gitlab/ci/review-apps/main.gitlab-ci.yml | 35 | ||||
| -rw-r--r-- | .gitlab/ci/review-apps/qa.gitlab-ci.yml | 1 | ||||
| -rw-r--r-- | .gitlab/ci/review.gitlab-ci.yml | 45 | ||||
| -rw-r--r-- | .gitlab/ci/rules.gitlab-ci.yml | 138 | ||||
| -rw-r--r-- | .gitlab/ci/static-analysis.gitlab-ci.yml | 8 |
15 files changed, 246 insertions, 160 deletions
diff --git a/.gitlab/ci/build-images.gitlab-ci.yml b/.gitlab/ci/build-images.gitlab-ci.yml index a60a5f6040c..09ffc87f087 100644 --- a/.gitlab/ci/build-images.gitlab-ci.yml +++ b/.gitlab/ci/build-images.gitlab-ci.yml @@ -23,9 +23,6 @@ build-qa-image: script: - run_timed_command "scripts/build_qa_image" -# This image is used by: -# - The `CNG` pipelines (via the `review-build-cng` job): https://gitlab.com/gitlab-org/build/CNG/-/blob/cfc67136d711e1c8c409bf8e57427a644393da2f/.gitlab-ci.yml#L335 -# - The `omnibus-gitlab` pipelines (via the `e2e:package-and-test` job): https://gitlab.com/gitlab-org/omnibus-gitlab/-/blob/dfd1ad475868fc84e91ab7b5706aa03e46dc3a86/.gitlab-ci.yml#L130 build-assets-image: extends: - .base-image-build @@ -33,7 +30,11 @@ build-assets-image: stage: build-images needs: ["compile-production-assets"] script: - # TODO: Change the image tag to be the MD5 of assets files and skip image building if the image exists - # We'll also need to pass GITLAB_ASSETS_TAG to the trigerred omnibus-gitlab pipeline similarly to how we do it for trigerred CNG pipelines - # https://gitlab.com/gitlab-org/gitlab/issues/208389 + - skopeo login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - run_timed_command "scripts/build_assets_image" + artifacts: + expire_in: 7 days + paths: + # The `cached-assets-hash.txt` file is used in `review-build-cng-env` (`.gitlab/ci/review-apps/main.gitlab-ci.yml`) + # to pass the assets image tag to the CNG downstream pipeline. + - cached-assets-hash.txt diff --git a/.gitlab/ci/docs.gitlab-ci.yml b/.gitlab/ci/docs.gitlab-ci.yml index c6d2b30046c..18954e7b8e0 100644 --- a/.gitlab/ci/docs.gitlab-ci.yml +++ b/.gitlab/ci/docs.gitlab-ci.yml @@ -76,14 +76,16 @@ docs-code-quality: - .docs-markdown-lint-image stage: lint needs: [] + allow_failure: true script: - - vale --output=doc/.vale/vale-json.tmpl --minAlertLevel warning doc > gl-code-quality-report-docs.json || exit_code=$? + - scripts/lint-doc-quality.sh artifacts: reports: codequality: gl-code-quality-report-docs.json paths: - gl-code-quality-report-docs.json expire_in: 1 week + when: always ui-docs-links lint: extends: diff --git a/.gitlab/ci/frontend.gitlab-ci.yml b/.gitlab/ci/frontend.gitlab-ci.yml index 6be77fe52c8..cde023c149a 100644 --- a/.gitlab/ci/frontend.gitlab-ci.yml +++ b/.gitlab/ci/frontend.gitlab-ci.yml @@ -28,6 +28,7 @@ fi fi - assets_compile_script + - echo -n "${GITLAB_ASSETS_HASH}" > "cached-assets-hash.txt" compile-production-assets: extends: @@ -43,6 +44,7 @@ compile-production-assets: # These assets are used in multiple locations: # - in `build-assets-image` job to create assets image for packaging systems # - GitLab UI for integration tests: https://gitlab.com/gitlab-org/gitlab-ui/-/blob/e88493b3c855aea30bf60baee692a64606b0eb1e/.storybook/preview-head.pug#L1 + - cached-assets-hash.txt - public/assets/ - "${WEBPACK_COMPILE_LOG_PATH}" when: always @@ -73,9 +75,6 @@ update-assets-compile-production-cache: - .assets-compile-cache-push - .shared:rules:update-cache stage: prepare - script: - - !reference [compile-production-assets, script] - - echo -n "${GITLAB_ASSETS_HASH}" > "cached-assets-hash.txt" artifacts: {} # This job's purpose is only to update the cache. update-assets-compile-test-cache: @@ -274,32 +273,6 @@ coverage-frontend: coverage_format: cobertura path: coverage-frontend/cobertura-coverage.xml -.qa-frontend-node: - extends: - - .default-retry - - .default-utils-before_script - - .qa-frontend-node-cache - - .frontend:rules:qa-frontend-node - stage: test - needs: [] - script: - - yarn_install_script - - run_timed_command "retry yarn run webpack-prod" - -qa-frontend-node:14: - extends: .qa-frontend-node - image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}node:14 - -qa-frontend-node:16: - extends: .qa-frontend-node - image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}node:16 - -qa-frontend-node:latest: - extends: - - .qa-frontend-node - - .frontend:rules:qa-frontend-node-latest - image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}node:latest - webpack-dev-server: extends: - .default-retry diff --git a/.gitlab/ci/global.gitlab-ci.yml b/.gitlab/ci/global.gitlab-ci.yml index add728a9983..5e35ae6aff3 100644 --- a/.gitlab/ci/global.gitlab-ci.yml +++ b/.gitlab/ci/global.gitlab-ci.yml @@ -82,19 +82,6 @@ <<: *node-modules-cache policy: push # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up. -.assets-cache: &assets-cache - key: "assets-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-node-${NODE_ENV}-v5" - # This list should match GITLAB_ASSETS_PATHS_LIST from scripts/gitlab_component_helpers.sh - paths: - - cached-assets-hash.txt - - app/assets/javascripts/locale/**/app.js - - public/assets/ - policy: pull - -.assets-cache-push: &assets-cache-push - <<: *assets-cache - policy: push # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up. - .assets-tmp-cache: &assets-tmp-cache key: "assets-tmp-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-node-${NODE_ENV}-v1" paths: @@ -214,11 +201,6 @@ cache: - *node-modules-cache -.qa-frontend-node-cache: - cache: - - *node-modules-cache - - *assets-tmp-cache - .assets-compile-cache: cache: - *ruby-gems-cache @@ -306,7 +288,7 @@ - name: postgres:12 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] - name: redis:6.0-alpine - - name: elasticsearch:8.4.1 + - name: elasticsearch:8.5.2 variables: POSTGRES_HOST_AUTH_METHOD: trust PG_VERSION: "12" @@ -378,3 +360,8 @@ docker run --rm --privileged ${QEMU_IMAGE} --install all; fi - docker buildx create --use # creates and set's to active buildkit builder + +.use-kube-context: + before_script: + - export KUBE_CONTEXT="gitlab-org/gitlab:review-apps" + - kubectl config use-context ${KUBE_CONTEXT} diff --git a/.gitlab/ci/notify.gitlab-ci.yml b/.gitlab/ci/notify.gitlab-ci.yml index ae77caa140a..84fb5a55ed1 100644 --- a/.gitlab/ci/notify.gitlab-ci.yml +++ b/.gitlab/ci/notify.gitlab-ci.yml @@ -59,7 +59,9 @@ notify-pipeline-failure: fi - | scripts/generate-failed-pipeline-slack-message.rb -i ${BROKEN_MASTER_INCIDENT_JSON} -f ${FAILED_PIPELINE_SLACK_MESSAGE_FILE}; - curl -X POST -H 'Content-Type: application/json' --data @${FAILED_PIPELINE_SLACK_MESSAGE_FILE} "$CI_SLACK_WEBHOOK_URL"; + curl -X POST -H 'Content-Type: application/json' --data @${FAILED_PIPELINE_SLACK_MESSAGE_FILE} "$CI_SLACK_WEBHOOK_URL" || + scripts/slack ${SLACK_CHANNEL} "☠️ Broken pipeline notification failed! ☠️ See ${CI_JOB_URL}" ci_failing "Failed pipeline reporter" + artifacts: paths: - ${BROKEN_MASTER_INCIDENT_JSON} diff --git a/.gitlab/ci/package-and-test/main.gitlab-ci.yml b/.gitlab/ci/package-and-test/main.gitlab-ci.yml index f0bf79f009d..c53c3b1d32b 100644 --- a/.gitlab/ci/package-and-test/main.gitlab-ci.yml +++ b/.gitlab/ci/package-and-test/main.gitlab-ci.yml @@ -38,23 +38,6 @@ stages: extends: - .gitlab-qa-install -.omnibus-env: - variables: - BUILD_ENV: build.env - script: - - | - SECURITY_SOURCES=$([[ ! "$CI_PROJECT_NAMESPACE" =~ ^gitlab-org\/security ]] || echo "true") - echo "SECURITY_SOURCES=${SECURITY_SOURCES:-false}" > $BUILD_ENV - echo "OMNIBUS_GITLAB_CACHE_UPDATE=${OMNIBUS_GITLAB_CACHE_UPDATE:-false}" >> $BUILD_ENV - for version_file in *_VERSION; do echo "$version_file=$(cat $version_file)" >> $BUILD_ENV; done - echo "OMNIBUS_GITLAB_RUBY3_BUILD=${OMNIBUS_GITLAB_RUBY3_BUILD:-false}" >> $BUILD_ENV - echo "OMNIBUS_GITLAB_CACHE_EDITION=${OMNIBUS_GITLAB_CACHE_EDITION:-GITLAB}" >> $BUILD_ENV - echo "Built environment file for omnibus build:" - cat $BUILD_ENV - artifacts: - reports: - dotenv: $BUILD_ENV - .update-script: script: - export QA_COMMAND="bundle exec gitlab-qa Test::Omnibus::UpdateFromPrevious $RELEASE $GITLAB_VERSION $UPDATE_TYPE -- $QA_RSPEC_TAGS $RSPEC_REPORT_OPTS" @@ -108,9 +91,42 @@ dont-interrupt-me: trigger-omnibus-env: extends: - - .omnibus-env - .rules:omnibus-build stage: .pre + needs: + # We need this job because we need its `cached-assets-hash.txt` artifact, so that we can pass the assets image tag to the downstream omnibus-gitlab pipeline. + - pipeline: $PARENT_PIPELINE_ID + job: build-assets-image + variables: + BUILD_ENV: build.env + before_script: + - | + # This is duplicating the function from `scripts/utils.sh` since `.gitlab/ci/package-and-test/main.gitlab-ci.yml` can be included in other projects. + function assets_image_tag() { + local cache_assets_hash_file="cached-assets-hash.txt" + + if [[ -n "${CI_COMMIT_TAG}" ]]; then + echo -n "${CI_COMMIT_REF_NAME}" + elif [[ -f "${cache_assets_hash_file}" ]]; then + echo -n "assets-hash-$(cat ${cache_assets_hash_file} | cut -c1-10)" + else + echo -n "${CI_COMMIT_SHA}" + fi + } + script: + - | + SECURITY_SOURCES=$([[ ! "$CI_PROJECT_NAMESPACE" =~ ^gitlab-org\/security ]] || echo "true") + echo "SECURITY_SOURCES=${SECURITY_SOURCES:-false}" > $BUILD_ENV + echo "OMNIBUS_GITLAB_CACHE_UPDATE=${OMNIBUS_GITLAB_CACHE_UPDATE:-false}" >> $BUILD_ENV + for version_file in *_VERSION; do echo "$version_file=$(cat $version_file)" >> $BUILD_ENV; done + echo "OMNIBUS_GITLAB_RUBY3_BUILD=${OMNIBUS_GITLAB_RUBY3_BUILD:-false}" >> $BUILD_ENV + echo "OMNIBUS_GITLAB_CACHE_EDITION=${OMNIBUS_GITLAB_CACHE_EDITION:-GITLAB}" >> $BUILD_ENV + echo "GITLAB_ASSETS_TAG=$(assets_image_tag)" >> $BUILD_ENV + echo "Built environment file for omnibus build:" + cat $BUILD_ENV + artifacts: + reports: + dotenv: $BUILD_ENV trigger-omnibus: extends: .rules:omnibus-build @@ -128,6 +144,7 @@ trigger-omnibus: GITLAB_SHELL_VERSION: $GITLAB_SHELL_VERSION GITLAB_WORKHORSE_VERSION: $GITLAB_WORKHORSE_VERSION GITLAB_VERSION: $CI_COMMIT_SHA + GITLAB_ASSETS_TAG: $GITLAB_ASSETS_TAG IMAGE_TAG: $CI_COMMIT_SHA TOP_UPSTREAM_SOURCE_PROJECT: $CI_PROJECT_PATH SECURITY_SOURCES: $SECURITY_SOURCES @@ -426,6 +443,15 @@ ee:jira: - if: $QA_SUITES =~ /Test::Integration::Jira/ - !reference [.rules:test:manual, rules] +ee:integrations: + extends: .qa + variables: + QA_SCENARIO: Test::Integration::Integrations + rules: + - !reference [.rules:test:qa, rules] + - if: $QA_SUITES =~ /Test::Integration::Integrations/ + - !reference [.rules:test:manual, rules] + ee:ldap-no-server: extends: .qa variables: @@ -573,6 +599,16 @@ ee:registry-object-storage-tls: GITLAB_TLS_CERTIFICATE: $QA_GITLAB_TLS_CERTIFICATE GITLAB_QA_OPTS: --omnibus-config registry_object_storage +ee:importers: + extends: .qa + variables: + QA_SCENARIO: Test::Integration::Import + GITLAB_QA_OPTS: --set-feature-flags bulk_import_projects=enabled + rules: + - !reference [.rules:test:qa, rules] + - if: $QA_SUITES =~ /Test::Integration::Import/ + - !reference [.rules:test:manual, rules] + # ========================================== # Post test stage # ========================================== diff --git a/.gitlab/ci/qa.gitlab-ci.yml b/.gitlab/ci/qa.gitlab-ci.yml index 8740a5fe17d..f6668d7864e 100644 --- a/.gitlab/ci/qa.gitlab-ci.yml +++ b/.gitlab/ci/qa.gitlab-ci.yml @@ -74,6 +74,8 @@ e2e:package-and-test: - build-qa-image - e2e-test-pipeline-generate variables: + # This is needed by `trigger-omnibus-env` (`.gitlab/ci/package-and-test/main.gitlab-ci.yml`). + PARENT_PIPELINE_ID: $CI_PIPELINE_ID SKIP_MESSAGE: Skipping package-and-test due to mr containing only quarantine changes! RELEASE: "${REGISTRY_HOST}/${REGISTRY_GROUP}/build/omnibus-gitlab-mirror/gitlab-ee:${CI_COMMIT_SHA}" GITLAB_QA_IMAGE: "${CI_REGISTRY_IMAGE}/gitlab-ee-qa:${CI_COMMIT_SHA}" diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml index f4f832b84d0..0e0aeb2954b 100644 --- a/.gitlab/ci/rails.gitlab-ci.yml +++ b/.gitlab/ci/rails.gitlab-ci.yml @@ -333,7 +333,7 @@ rspec:deprecations: script: - grep -h -R "keyword" deprecations/ | awk '{$1=$1};1' | sort | uniq -c | sort - grep -R "keyword" deprecations/ | wc - - run_timed_command "bundle exec rubocop --only Lint/LastKeywordArgument --parallel" + - run_timed_command "fail_on_warnings bundle exec rubocop --only Lint/LastKeywordArgument --parallel" artifacts: expire_in: 31d when: always @@ -878,23 +878,28 @@ fail-pipeline-early: script: - fail_pipeline_early -rspec rspec-pg12-rerun-previous-failed-tests: +.base-rspec-pg12-rerun-previous-failed-tests: extends: - - .rspec-base-pg12 - .rails:rules:rerun-previous-failed-tests stage: test needs: ["setup-test-env", "compile-test-assets", "detect-previous-failed-tests"] script: - !reference [.base-script, script] - - rspec_rerun_previous_failed_tests tmp/previous_failed_tests/rspec_failed_files.txt + - rspec_rerun_previous_failed_tests "${PREVIOUS_FAILED_TESTS_FILE}" + +rspec rspec-pg12-rerun-previous-failed-tests: + extends: + - .rspec-base-pg12 + - .base-rspec-pg12-rerun-previous-failed-tests + variables: + PREVIOUS_FAILED_TESTS_FILE: tmp/previous_failed_tests/rspec_failed_files.txt rspec rspec-ee-pg12-rerun-previous-failed-tests: extends: - - "rspec rspec-pg12-rerun-previous-failed-tests" - .rspec-ee-base-pg12 - script: - - !reference [.base-script, script] - - rspec_rerun_previous_failed_tests tmp/previous_failed_tests/rspec_ee_failed_files.txt + - .base-rspec-pg12-rerun-previous-failed-tests + variables: + PREVIOUS_FAILED_TESTS_FILE: tmp/previous_failed_tests/rspec_ee_failed_files.txt # EE: Canonical MR pipelines ################################################## diff --git a/.gitlab/ci/rails/shared.gitlab-ci.yml b/.gitlab/ci/rails/shared.gitlab-ci.yml index d47bac5e433..e282781b7b5 100644 --- a/.gitlab/ci/rails/shared.gitlab-ci.yml +++ b/.gitlab/ci/rails/shared.gitlab-ci.yml @@ -54,10 +54,14 @@ include: RECORD_DEPRECATIONS: "true" GEO_SECONDARY_PROXY: 0 RSPEC_TESTS_FILTER_FILE: "${RSPEC_MATCHING_TESTS_PATH}" + SUCCESSFULLY_RETRIED_TEST_EXIT_CODE: 137 needs: ["setup-test-env", "retrieve-tests-metadata", "compile-test-assets", "detect-tests"] script: - !reference [.base-script, script] - rspec_paralellized_job "--tag ~quarantine --tag ~level:migration" + allow_failure: + # the exit code listed here must match the one defined for the variable SUCCESSFULLY_RETRIED_TEST_EXIT_CODE + exit_codes: 137 .base-artifacts: artifacts: @@ -68,6 +72,7 @@ include: - crystalball/ - deprecations/ - knapsack/ + - query_recorder/ - rspec/ - tmp/capybara/ - log/*.log diff --git a/.gitlab/ci/reports.gitlab-ci.yml b/.gitlab/ci/reports.gitlab-ci.yml index 5fdcdc12fc8..b87e5ad9bba 100644 --- a/.gitlab/ci/reports.gitlab-ci.yml +++ b/.gitlab/ci/reports.gitlab-ci.yml @@ -88,7 +88,7 @@ yarn-audit-dependency_scanning: extends: .default-retry stage: test image: - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/security-products/package-hunter-cli:v1.3.2@sha256:7529deaef9ea21aab56bfb74ae1abbc121311affdb6ece49ce7b1c360f997ca2 + name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/security-products/package-hunter-cli:v1.3.3@sha256:1d3af9a61aa01549a62be17fa655fcf06271ac9e1b1e822c2a7930fa1d4a8a6b entrypoint: [""] variables: HTR_user: '$PACKAGE_HUNTER_USER' diff --git a/.gitlab/ci/review-apps/main.gitlab-ci.yml b/.gitlab/ci/review-apps/main.gitlab-ci.yml index 85c5c7d1b1d..b72afedc3b0 100644 --- a/.gitlab/ci/review-apps/main.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/main.gitlab-ci.yml @@ -34,19 +34,25 @@ review-build-cng-env: - .review:rules:review-build-cng image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}:bundler-2.3 stage: prepare - needs: [] + needs: + # We need this job because we need its `cached-assets-hash.txt` artifact, so that we can pass the assets image tag to the downstream CNG pipeline. + - pipeline: $PARENT_PIPELINE_ID + job: build-assets-image + variables: + BUILD_ENV: build.env before_script: - source ./scripts/utils.sh - install_gitlab_gem script: - - ruby -r./scripts/trigger-build.rb -e "puts Trigger.variables_for_env_file(Trigger::CNG.new.variables)" > build.env + - 'ruby -r./scripts/trigger-build.rb -e "puts Trigger.variables_for_env_file(Trigger::CNG.new.variables)" > $BUILD_ENV' + - echo "GITLAB_ASSETS_TAG=$(assets_image_tag)" >> $BUILD_ENV - ruby -e 'puts "FULL_RUBY_VERSION=#{RUBY_VERSION}"' >> build.env - - cat build.env + - cat $BUILD_ENV artifacts: reports: - dotenv: build.env + dotenv: $BUILD_ENV paths: - - build.env + - $BUILD_ENV expire_in: 7 days when: always @@ -96,7 +102,7 @@ review-build-cng: name: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # No separator for SCHEDULE_TYPE so it's compatible as before and looks nice without it url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN} on_stop: review-stop - auto_stop_in: 48 hours + auto_stop_in: 6 hours review-deploy: extends: @@ -108,6 +114,8 @@ review-deploy: key: "review-deploy-dependencies-charts-${GITLAB_HELM_CHART_REF}-v1" paths: - "gitlab-${GITLAB_HELM_CHART_REF}" + environment: + action: start before_script: - export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION) - export GITALY_VERSION=$(<GITALY_SERVER_VERSION) @@ -115,12 +123,13 @@ review-deploy: - echo "${CI_ENVIRONMENT_URL}" > environment_url.txt - echo "QA_GITLAB_URL=${CI_ENVIRONMENT_URL}" > environment.env - *base-before_script + - !reference [".use-kube-context", before_script] script: - run_timed_command "check_kube_domain" - run_timed_command "download_chart" - run_timed_command "deploy" || (display_deployment_debug && exit 1) - - run_timed_command "verify_deploy"|| (display_deployment_debug && exit 1) - - run_timed_command "disable_sign_ups" + - run_timed_command "verify_deploy" || (display_deployment_debug && exit 1) + - run_timed_command "disable_sign_ups" || (display_deployment_debug && exit 1) after_script: # Run seed-dast-test-data.sh only when DAST_RUN is set to true. This is to pupulate review app with data for DAST scan. # Set DAST_RUN to true when jobs are manually scheduled. @@ -128,6 +137,7 @@ review-deploy: artifacts: paths: - environment_url.txt + - curl-logs/ reports: dotenv: environment.env expire_in: 7 days @@ -139,12 +149,15 @@ review-deploy-sample-projects: - .review:rules:review-deploy stage: deploy needs: ["review-deploy"] + environment: + action: prepare before_script: - export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION) - export GITALY_VERSION=$(<GITALY_SERVER_VERSION) - export GITLAB_WORKHORSE_VERSION=$(<GITLAB_WORKHORSE_VERSION) - echo "${CI_ENVIRONMENT_URL}" > environment_url.txt - *base-before_script + - !reference [".use-kube-context", before_script] script: - date - create_sample_projects @@ -160,7 +173,9 @@ review-deploy-sample-projects: # See https://gitlab.com/gitlab-org/gitlab/issues/191273 GIT_DEPTH: 1 before_script: - - *base-before_script + - source ./scripts/utils.sh + - source ./scripts/review_apps/review-apps.sh + - !reference [".use-kube-context", before_script] review-delete-deployment: extends: @@ -174,7 +189,7 @@ review-stop: extends: - .review-stop-base - .review:rules:review-stop - resource_group: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # CI_ENVIRONMENT_SLUG is not available here and we want this to be the same as the environment + resource_group: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # CI_ENVIRONMENT_SLUG is not available here and we want this to be the same as the environment stage: deploy needs: [] script: diff --git a/.gitlab/ci/review-apps/qa.gitlab-ci.yml b/.gitlab/ci/review-apps/qa.gitlab-ci.yml index 69ce028987a..d28819208b7 100644 --- a/.gitlab/ci/review-apps/qa.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/qa.gitlab-ci.yml @@ -99,6 +99,7 @@ review-qa-non-blocking: variables: QA_SCENARIO: Test::Instance::ReviewNonBlocking QA_RUN_TYPE: review-qa-non-blocking + when: manual allow_failure: true review-qa-non-blocking-parallel: extends: diff --git a/.gitlab/ci/review.gitlab-ci.yml b/.gitlab/ci/review.gitlab-ci.yml index 35df4de6513..b6c273aeb99 100644 --- a/.gitlab/ci/review.gitlab-ci.yml +++ b/.gitlab/ci/review.gitlab-ci.yml @@ -6,15 +6,48 @@ review-cleanup: stage: prepare environment: name: review/regular-cleanup - action: stop + action: access before_script: - source scripts/utils.sh - - source scripts/review_apps/gcp_cleanup.sh + - !reference [".use-kube-context", before_script] - install_gitlab_gem - - setup_gcp_dependencies + - setup_gcloud script: - - scripts/review_apps/automated_cleanup.rb - - gcp_cleanup + - scripts/review_apps/automated_cleanup.rb || (scripts/slack review-apps-monitoring "☠️ \`${CI_JOB_NAME}\` failed! ☠️ See ${CI_JOB_URL} - <https://gitlab.com/gitlab-org/quality/engineering-productivity/team/-/blob/main/runbooks/review-apps.md#review-cleanup-job-failed|📗 RUNBOOK 📕>" warning "GitLab Bot" && exit 1); + +.base-review-checks: + extends: + - .default-retry + image: ${REVIEW_APPS_IMAGE} + stage: prepare + before_script: + - source scripts/utils.sh + - setup_gcloud + - !reference [".use-kube-context", before_script] + +review-k8s-resources-count-checks: + extends: + - .base-review-checks + - .review:rules:review-k8s-resources-count-checks + needs: + - job: review-cleanup + optional: true + environment: + name: review/k8s-resources-count-checks + action: verify + script: + - scripts/review_apps/k8s-resources-count-checks.sh || (scripts/slack review-apps-monitoring "☠️ \`${CI_JOB_NAME}\` failed! ☠️ See ${CI_JOB_URL} - <https://gitlab.com/gitlab-org/quality/engineering-productivity/team/-/blob/main/runbooks/review-apps.md#review-k8s-resources-count-checks-job-failed|📗 RUNBOOK 📕>" warning "GitLab Bot" && exit 1); + +review-gcp-quotas-checks: + extends: + - .base-review-checks + - .review:rules:review-gcp-quotas-checks + needs: [] + environment: + name: review/gcp-quotas-checks + action: verify + script: + - ruby scripts/review_apps/gcp-quotas-checks.rb || (scripts/slack review-apps-monitoring "☠️ \`${CI_JOB_NAME}\` failed! ☠️ See ${CI_JOB_URL} - <https://gitlab.com/gitlab-org/quality/engineering-productivity/team/-/blob/main/runbooks/review-apps.md#review-gcp-quotas-checks-job-failed|📗 RUNBOOK 📕>" warning "GitLab Bot" && exit 1); start-review-app-pipeline: extends: @@ -29,6 +62,8 @@ start-review-app-pipeline: # They need to be explicitly passed on to the child pipeline. # https://docs.gitlab.com/ee/ci/pipelines/multi_project_pipelines.html#pass-cicd-variables-to-a-downstream-pipeline-by-using-the-variables-keyword variables: + # This is needed by `review-build-cng-env` (`.gitlab/ci/review-apps/main.gitlab-ci.yml`). + PARENT_PIPELINE_ID: $CI_PIPELINE_ID SCHEDULE_TYPE: $SCHEDULE_TYPE DAST_RUN: $DAST_RUN SKIP_MESSAGE: Skipping review-app due to mr containing only quarantine changes! diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml index c6cfb491e61..8b7aee8de9d 100644 --- a/.gitlab/ci/rules.gitlab-ci.yml +++ b/.gitlab/ci/rules.gitlab-ci.yml @@ -38,11 +38,16 @@ # Once https://gitlab.com/gitlab-org/gitlab/-/issues/373904 is implemented, we should be able to change this back to # if: '$CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_APPROVALS_COUNT > 0' # or any similar condition to check that the MR has *any* approval (not just required approval). +# +# Temprorarily adding || $CI_MERGE_REQUEST_LABELS =~ /pipeline:run-full-rspec/ for backward compatibility, +# remove once https://gitlab.com/gitlab-org/quality/quality-engineering/team-tasks/-/issues/1557 is fully rolled out .if-merge-request-approved: &if-merge-request-approved - if: '$CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_LABELS =~ /pipeline:run-full-rspec/' + if: '$CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_LABELS =~ /pipeline:mr-approved/ || $CI_MERGE_REQUEST_LABELS =~ /pipeline:run-full-rspec/' +# Temprorarily adding && $CI_MERGE_REQUEST_LABELS !~ /pipeline:run-full-rspec/ for backward compatibility, +# remove once https://gitlab.com/gitlab-org/quality/quality-engineering/team-tasks/-/issues/1557 is fully rolled out .if-merge-request-not-approved: &if-merge-request-not-approved - if: '$CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_LABELS !~ /pipeline:run-full-rspec/' + if: '$CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_LABELS !~ /pipeline:mr-approved/ && $CI_MERGE_REQUEST_LABELS !~ /pipeline:run-full-rspec/' .if-automated-merge-request: &if-automated-merge-request if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME == "release-tools/update-gitaly" || $CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ /stable-ee$/' @@ -83,8 +88,8 @@ .if-merge-request-labels-group-global-search: &if-merge-request-labels-group-global-search if: '$CI_MERGE_REQUEST_LABELS =~ /group::global search/' -.if-merge-request-labels-pipeline-expedite-master-fixing: &if-merge-request-labels-pipeline-expedite-master-fixing - if: '$CI_MERGE_REQUEST_LABELS =~ /master:(foss-)?broken/ && $CI_MERGE_REQUEST_LABELS =~ /pipeline:expedite-master-fixing/' +.if-merge-request-labels-pipeline-expedite: &if-merge-request-labels-pipeline-expedite + if: '$CI_MERGE_REQUEST_LABELS =~ /master:(foss-)?broken/ && $CI_MERGE_REQUEST_LABELS =~ /pipeline:expedite/' .if-merge-request-labels-frontend-and-feature-flag: &if-merge-request-labels-frontend-and-feature-flag if: '$CI_MERGE_REQUEST_LABELS =~ /frontend/ && $CI_MERGE_REQUEST_LABELS =~ /feature flag/' @@ -95,26 +100,26 @@ .if-fork-merge-request: &if-fork-merge-request if: '$CI_PROJECT_NAMESPACE !~ /^gitlab(-org)?($|\/)/ && $CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_LABELS !~ /pipeline:run-all-rspec/' -.if-default-branch-schedule-maintenance: &if-default-branch-schedule-maintenance - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "maintenance"' +.if-schedule-pipeline: &if-schedule-pipeline + if: '$CI_PIPELINE_SOURCE == "schedule"' + +.if-schedule-maintenance: &if-schedule-maintenance + if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "maintenance"' .if-default-branch-schedule-nightly: &if-default-branch-schedule-nightly if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "nightly"' +.if-ruby3-branch-schedule-nightly: &if-ruby3-branch-schedule-nightly + if: '$CI_COMMIT_BRANCH == "ruby3" && $CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "nightly"' + .if-security-schedule: &if-security-schedule if: '$CI_PROJECT_NAMESPACE == "gitlab-org/security" && $CI_PIPELINE_SOURCE == "schedule"' .if-dot-com-gitlab-org-schedule: &if-dot-com-gitlab-org-schedule if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_PIPELINE_SOURCE == "schedule"' -.if-dot-com-ee-schedule: &if-dot-com-ee-schedule - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "schedule"' - -.if-dot-com-ee-schedule-maintenance: &if-dot-com-ee-schedule-maintenance - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "maintenance"' - -.if-dot-com-ee-schedule-nightly: &if-dot-com-ee-schedule-nightly - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "nightly"' +.if-dot-com-ee-schedule-default-branch-maintenance: &if-dot-com-ee-schedule-default-branch-maintenance + if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "maintenance"' .if-dot-com-ee-schedule-nightly-child-pipeline: &if-dot-com-ee-schedule-nightly-child-pipeline if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "parent_pipeline" && $SCHEDULE_TYPE == "nightly"' @@ -192,8 +197,7 @@ - "spec/support/gitlab-git-test.git/**/*" .yaml-lint-patterns: &yaml-lint-patterns - - "*.yml" - - "**/*.yml" + - "**/*.{yml,yaml}{,.*}" .lint-pipeline-yaml-patterns: &lint-pipeline-yaml-patterns - ".gitlab-ci.yml" @@ -315,6 +319,7 @@ - "scripts/rspec_helpers.sh" # Mapped patterns (see tests.yml) - "data/whats_new/*.yml" + - "doc/index.md" .search-backend-patterns: &search-backend-patterns - "{,jh/}Gemfile.lock" @@ -332,6 +337,7 @@ - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/background_migration/**/*" - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/background_migration{,_spec}.rb" - "{,ee/,jh/}spec/support/helpers/database/**/*" + - "{,ee/,jh/}spec/support/helpers/migrations_helpers/**/*" - "lib/gitlab/markdown_cache/active_record/**/*" - "lib/api/admin/batched_background_migrations.rb" - "spec/requests/api/admin/batched_background_migrations_spec.rb" @@ -384,6 +390,7 @@ - ".gitlab/ci/**/*" # Mapped patterns (see tests.yml) - "data/whats_new/*.yml" + - "doc/index.md" # .code-patterns + .backstage-patterns .code-backstage-patterns: &code-backstage-patterns @@ -414,6 +421,7 @@ - "{,spec/}tooling/**/*" # Mapped patterns (see tests.yml) - "data/whats_new/*.yml" + - "doc/index.md" # .code-patterns + .qa-patterns .code-qa-patterns: &code-qa-patterns @@ -440,6 +448,7 @@ - "{,jh/}qa/**/*" # Mapped patterns (see tests.yml) - "data/whats_new/*.yml" + - "doc/index.md" # .code-patterns + .backstage-patterns + .qa-patterns .code-backstage-qa-patterns: &code-backstage-qa-patterns @@ -474,6 +483,7 @@ - "{,jh/}qa/**/*" # Mapped patterns (see tests.yml) - "data/whats_new/*.yml" + - "doc/index.md" # .code-backstage-qa-patterns + .workhorse-patterns # NOTE: `setup-test-env-patterns` intentionally does not include docs files, because this would @@ -496,7 +506,9 @@ - "config.ru" - "{,ee/,jh/}{app,bin,config,db,generator_templates,haml_lint,lib,locale,public,scripts,storybook,symbol,vendor}/**/*" - "doc/api/graphql/reference/*" # Files in this folder are auto-generated + # Mapped patterns (see tests.yml) - "data/whats_new/*.yml" + - "doc/index.md" # CI changes - ".gitlab-ci.yml" - ".gitlab/ci/**/*" @@ -660,7 +672,7 @@ ################ .shared:rules:update-cache: rules: - - <<: *if-default-branch-schedule-maintenance + - <<: *if-schedule-maintenance - <<: *if-security-schedule - <<: *if-merge-request-labels-update-caches @@ -684,6 +696,8 @@ - <<: *if-dot-com-gitlab-org-and-security-merge-request changes: *code-qa-patterns - <<: *if-auto-deploy-branches + variables: + ARCH: amd64,arm64 - <<: *if-default-branch-or-tag variables: ARCH: amd64,arm64 @@ -713,7 +727,7 @@ rules: # That would run for any project that has a "maintenance" pipeline schedule # but in fact, the cache package is only uploaded for gitlab.com/gitlab-org/gitlab and jihulab.com/gitlab-cn/gitlab - - <<: *if-default-branch-schedule-maintenance + - <<: *if-schedule-maintenance - <<: *if-dot-com-gitlab-org-default-branch changes: ["workhorse/**/*"] - <<: *if-dot-com-gitlab-org-merge-request @@ -730,7 +744,7 @@ when: never # That would run for any project that has a "maintenance" pipeline schedule # but in fact, the cache package is only uploaded for gitlab.com/gitlab-org/gitlab and jihulab.com/gitlab-cn/gitlab - - <<: *if-default-branch-schedule-maintenance + - <<: *if-schedule-maintenance - <<: *if-dot-com-gitlab-org-default-branch changes: *assets-compilation-patterns - <<: *if-dot-com-gitlab-org-merge-request @@ -748,7 +762,7 @@ when: never # That would run for any project that has a "maintenance" pipeline schedule # but in fact, the cache package is only uploaded for gitlab.com/gitlab-org/gitlab and jihulab.com/gitlab-cn/gitlab - - <<: *if-default-branch-schedule-maintenance + - <<: *if-schedule-maintenance - <<: *if-dot-com-gitlab-org-merge-request changes: - ".gitlab/ci/caching.gitlab-ci.yml" @@ -800,8 +814,7 @@ .docs:rules:docs-code-quality: rules: - - <<: *if-default-branch-refs - - <<: *if-default-refs + - <<: *if-merge-request changes: *docs-code-quality-patterns .docs:rules:docs-lint: @@ -896,6 +909,7 @@ when: never - <<: *if-merge-request-labels-as-if-foss - <<: *if-merge-request-labels-run-all-rspec + - <<: *if-merge-request-labels-frontend-and-feature-flag - <<: *if-default-refs changes: *code-backstage-qa-patterns - <<: *if-default-refs @@ -926,6 +940,7 @@ - !reference [".strict-ee-only-rules", rules] - !reference [".frontend:rules:default-frontend-jobs-as-if-foss", rules] - <<: *if-merge-request-labels-run-all-jest + - <<: *if-merge-request-labels-frontend-and-feature-flag - <<: *if-merge-request changes: *frontend-patterns-for-as-if-foss @@ -1007,29 +1022,13 @@ rules: - <<: *if-not-ee when: never - - <<: *if-merge-request-labels-pipeline-expedite-master-fixing + - <<: *if-merge-request-labels-pipeline-expedite when: never - <<: *if-merge-request changes: *code-backstage-patterns - <<: *if-default-branch-refs changes: *code-backstage-patterns -.frontend:rules:qa-frontend-node: - rules: - - <<: *if-default-branch-refs - changes: *frontend-dependency-patterns - - <<: *if-merge-request - changes: *frontend-dependency-patterns - -.frontend:rules:qa-frontend-node-latest: - rules: - - <<: *if-default-branch-refs - changes: *frontend-dependency-patterns - allow_failure: true - - <<: *if-merge-request - changes: *frontend-dependency-patterns - allow_failure: true - .frontend:rules:bundle-size-review: rules: - <<: *if-not-canonical-namespace @@ -1066,7 +1065,7 @@ ############### .pages:rules: rules: - - <<: *if-dot-com-ee-schedule-maintenance + - <<: *if-dot-com-ee-schedule-default-branch-maintenance ############ # QA rules # @@ -1116,7 +1115,7 @@ when: never - <<: *if-not-ee when: never - - <<: *if-merge-request-labels-pipeline-expedite-master-fixing + - <<: *if-merge-request-labels-pipeline-expedite when: never - <<: *if-merge-request-targeting-stable-branch allow_failure: true @@ -1549,24 +1548,25 @@ - <<: *if-not-ee when: never - <<: *if-default-branch-schedule-nightly + - <<: *if-ruby3-branch-schedule-nightly - <<: *if-merge-request-labels-run-all-rspec .rails:rules:rspec-coverage: rules: - <<: *if-not-ee when: never - - <<: *if-merge-request-labels-pipeline-expedite-master-fixing + - <<: *if-merge-request-labels-pipeline-expedite when: never - <<: *if-merge-request changes: *code-backstage-patterns - - <<: *if-default-branch-schedule-maintenance + - <<: *if-schedule-maintenance - <<: *if-merge-request-labels-run-all-rspec .rails:rules:rspec-undercoverage: rules: - <<: *if-not-ee when: never - - <<: *if-merge-request-labels-pipeline-expedite-master-fixing + - <<: *if-merge-request-labels-pipeline-expedite when: never - <<: *if-merge-request-labels-skip-undercoverage when: never @@ -1601,7 +1601,7 @@ rules: - <<: *if-not-ee when: never - - <<: *if-merge-request-labels-pipeline-expedite-master-fixing + - <<: *if-merge-request-labels-pipeline-expedite when: never - if: '$SKIP_FLAKY_TESTS_AUTOMATICALLY == "true" || $RETRY_FAILED_TESTS_IN_NEW_PROCESS == "true"' changes: *code-backstage-patterns @@ -1849,7 +1849,7 @@ rules: - if: "$PACKAGE_HUNTER_USER == null || $PACKAGE_HUNTER_USER == ''" when: never - - <<: *if-default-branch-schedule-maintenance + - <<: *if-schedule-maintenance - <<: *if-merge-request changes: ["yarn.lock"] @@ -1857,7 +1857,7 @@ rules: - if: "$PACKAGE_HUNTER_USER == null || $PACKAGE_HUNTER_USER == ''" when: never - - <<: *if-default-branch-schedule-maintenance + - <<: *if-schedule-maintenance - <<: *if-merge-request changes: ["Gemfile.lock"] @@ -1882,37 +1882,39 @@ rules: - <<: *if-not-ee when: never - - <<: *if-merge-request-labels-pipeline-expedite-master-fixing + - <<: *if-merge-request-labels-pipeline-expedite when: never - <<: *if-merge-request-labels-run-review-app - <<: *if-dot-com-gitlab-org-merge-request changes: *ci-review-patterns - when: never + allow_failure: true - <<: *if-dot-com-gitlab-org-merge-request changes: *frontend-build-patterns variables: *review-change-pattern - when: never + allow_failure: true - <<: *if-dot-com-gitlab-org-merge-request changes: *controllers-patterns variables: *review-change-pattern - when: never + when: manual + allow_failure: true - <<: *if-dot-com-gitlab-org-merge-request changes: *models-patterns variables: *review-change-pattern - when: never + when: manual + allow_failure: true - <<: *if-dot-com-gitlab-org-merge-request changes: *lib-gitlab-patterns variables: *review-change-pattern - when: never + when: manual + allow_failure: true - <<: *if-dot-com-gitlab-org-merge-request changes: *qa-patterns - when: never + allow_failure: true - <<: *if-dot-com-gitlab-org-merge-request changes: *code-patterns when: manual allow_failure: true - <<: *if-dot-com-gitlab-org-schedule - when: never allow_failure: true variables: KNAPSACK_GENERATE_REPORT: "true" @@ -1948,7 +1950,7 @@ rules: - <<: *if-not-ee when: never - - <<: *if-merge-request-labels-pipeline-expedite-master-fixing + - <<: *if-merge-request-labels-pipeline-expedite when: never - <<: *if-merge-request-labels-run-review-app when: manual @@ -1984,6 +1986,24 @@ - <<: *if-dot-com-gitlab-org-schedule allow_failure: true +.review:rules:review-k8s-resources-count-checks: + rules: + - <<: *if-dot-com-gitlab-org-schedule + allow_failure: true + - <<: *if-dot-com-gitlab-org-merge-request + changes: + - "scripts/review_apps/k8s-resources-count-checks.sh" + allow_failure: true + +.review:rules:review-gcp-quotas-checks: + rules: + - <<: *if-dot-com-gitlab-org-schedule + allow_failure: true + - <<: *if-dot-com-gitlab-org-merge-request + changes: + - "scripts/review_apps/gcp-quotas-checks.rb" + allow_failure: true + .review:rules:review-stop: rules: - when: manual @@ -2016,6 +2036,8 @@ rules: - <<: *if-default-branch-or-tag allow_failure: true + - <<: *if-schedule-pipeline + allow_failure: true - <<: *if-auto-deploy-branches allow_failure: true - when: manual @@ -2061,7 +2083,7 @@ rules: - <<: *if-not-ee when: never - - <<: *if-dot-com-ee-schedule-maintenance + - <<: *if-dot-com-ee-schedule-default-branch-maintenance - <<: *if-default-refs changes: - ".gitlab/ci/setup.gitlab-ci.yml" @@ -2083,7 +2105,7 @@ rules: - <<: *if-not-ee when: never - - <<: *if-dot-com-ee-schedule-maintenance + - <<: *if-dot-com-ee-schedule-default-branch-maintenance - <<: *if-default-refs changes: - ".gitlab/ci/test-metadata.gitlab-ci.yml" diff --git a/.gitlab/ci/static-analysis.gitlab-ci.yml b/.gitlab/ci/static-analysis.gitlab-ci.yml index 0a310691cd7..6df2c5f403f 100644 --- a/.gitlab/ci/static-analysis.gitlab-ci.yml +++ b/.gitlab/ci/static-analysis.gitlab-ci.yml @@ -22,7 +22,7 @@ update-static-analysis-cache: # Silence cop offenses for rules with "grace period". # This will notify Slack if offenses were silenced. # For the moment we only cache `tmp/rubocop_cache` so we don't need to run all the tasks. - - run_timed_command "bundle exec rake rubocop:check:graceful" + - run_timed_command "fail_on_warnings bundle exec rake rubocop:check:graceful" static-analysis: extends: @@ -132,12 +132,12 @@ rubocop: # We won't notify Slack if offenses were silenced to avoid frequent messages. # Job `update-static-analysis-cache` takes care of Slack notifications every 2 hours. unset CI_SLACK_WEBHOOK_URL - run_timed_command "bundle exec rake rubocop:check:graceful" + run_timed_command "fail_on_warnings bundle exec rake rubocop:check:graceful" else cat "${RSPEC_CHANGED_FILES_PATH}" | ruby -e 'print $stdin.read.split(" ").select { |f| File.exist?(f) }.join(" ")' > "$RUBOCOP_TARGET_FILES" # Skip running RuboCop if there's no target files if [ -s "${RUBOCOP_TARGET_FILES}" ]; then - run_timed_command "bundle exec rubocop --parallel --force-exclusion $(cat ${RUBOCOP_TARGET_FILES})" + run_timed_command "fail_on_warnings bundle exec rubocop --parallel --force-exclusion $(cat ${RUBOCOP_TARGET_FILES})" else echoinfo "Nothing interesting changed for RuboCop. Skipping." fi @@ -177,7 +177,7 @@ feature-flags-usage: script: # We need to disable the cache for this cop since it creates files under tmp/feature_flags/*.used, # the cache would prevent these files from being created. - - run_timed_command "bundle exec rubocop --only Gitlab/MarkUsedFeatureFlags --cache false" + - run_timed_command "fail_on_warnings bundle exec rubocop --only Gitlab/MarkUsedFeatureFlags --cache false" artifacts: expire_in: 31d when: always |