stages: - sync - preflight - prepare - build-images - fixtures - lint - test - post-test - review - qa - post-qa - pages - notify - release-environments - benchmark # always use `gitlab-org` runners, however # in cases where jobs require Docker-in-Docker, the job # definition must be extended with `.use-docker-in-docker` default: image: $DEFAULT_CI_IMAGE tags: - gitlab-org # All jobs are interruptible by default interruptible: true # Default job timeout doesn't work: https://gitlab.com/gitlab-org/gitlab/-/issues/387528 timeout: 90m .old-ruby-variables: &old-ruby-variables RUBY_VERSION: "3.0" OMNIBUS_GITLAB_CACHE_EDITION: "GITLAB_RUBY3_0" .default-ruby-variables: &default-ruby-variables RUBY_VERSION: "3.1" OMNIBUS_GITLAB_CACHE_EDITION: "GITLAB_RUBY3_1" .next-ruby-variables: &next-ruby-variables RUBY_VERSION: "3.2" OMNIBUS_GITLAB_CACHE_EDITION: "GITLAB_RUBY3_2" .default-branch-pipeline-failure-variables: &default-branch-pipeline-failure-variables CREATE_RAILS_SLOW_TEST_ISSUES: "true" CREATE_RAILS_TEST_FAILURE_ISSUES: "true" .default-merge-request-variables: &default-merge-request-variables ADD_SLOW_TEST_NOTE_TO_MERGE_REQUEST: "true" CREATE_RAILS_FLAKY_TEST_ISSUES: "true" .if-merge-request-security-canonical-sync: &if-merge-request-security-canonical-sync if: '$CI_MERGE_REQUEST_SOURCE_PROJECT_PATH == "gitlab-org/security/gitlab" && $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME == $CI_DEFAULT_BRANCH && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH' .if-not-security-canonical-sync: &if-not-security-canonical-sync if: '$CI_MERGE_REQUEST_SOURCE_PROJECT_PATH != "gitlab-org/security/gitlab" || $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME != $CI_DEFAULT_BRANCH' workflow: name: '$PIPELINE_NAME' rules: - if: '$CI_PIPELINE_SOURCE == "pipeline" && $GITALY_TEST' variables: <<: *default-ruby-variables PIPELINE_NAME: 'Gitaly Rails Test Pipeline' # If `$FORCE_GITLAB_CI` is set, create a pipeline. - if: '$FORCE_GITLAB_CI' variables: <<: *default-ruby-variables PIPELINE_NAME: 'Ruby $RUBY_VERSION forced pipeline' - if: '$START_AS_IF_FOSS' variables: <<: *default-ruby-variables PIPELINE_NAME: 'Ruby $RUBY_VERSION as-if-foss pipeline' # As part of the process of creating RCs automatically, we update stable # branches with the changes of the most recent production deployment. The # merge requests used for this merge a branch release-tools/X into a stable # branch. For these merge requests we don't want to run any pipelines, as # they serve no purpose and will run anyway when the changes are merged. - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME =~ /^release-tools\/\d+\.\d+\.\d+-rc\d+$/ && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ /^[\d-]+-stable(-ee)?$/ && $CI_PROJECT_PATH == "gitlab-org/gitlab"' when: never - if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-in-ruby3_0/' variables: <<: *old-ruby-variables PIPELINE_NAME: 'Ruby $RUBY_VERSION $CI_MERGE_REQUEST_EVENT_TYPE MR pipeline' NO_SOURCEMAPS: 'true' - if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-in-ruby3_1/' variables: <<: *default-ruby-variables PIPELINE_NAME: 'Ruby $RUBY_VERSION $CI_MERGE_REQUEST_EVENT_TYPE MR pipeline' NO_SOURCEMAPS: 'true' - if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-in-ruby3_2/' variables: <<: *next-ruby-variables PIPELINE_NAME: 'Ruby $RUBY_VERSION $CI_MERGE_REQUEST_EVENT_TYPE MR pipeline' NO_SOURCEMAPS: 'true' - if: '$CI_MERGE_REQUEST_LABELS =~ /Community contribution/' variables: <<: *default-ruby-variables GITLAB_DEPENDENCY_PROXY_ADDRESS: "" PIPELINE_NAME: 'Ruby $RUBY_VERSION $CI_MERGE_REQUEST_EVENT_TYPE MR pipeline (community contribution)' NO_SOURCEMAPS: 'true' - <<: *if-merge-request-security-canonical-sync variables: <<: *default-ruby-variables PIPELINE_NAME: '$CI_DEFAULT_BRANCH security->canonical sync' SKIP_MESSAGE: 'MR only contains changes from the security mirror, which have already been reviewed, tested and deployed.' # For (detached) merge request pipelines. - if: '$CI_MERGE_REQUEST_IID' variables: <<: [*default-ruby-variables, *default-merge-request-variables] PIPELINE_NAME: 'Ruby $RUBY_VERSION $CI_MERGE_REQUEST_EVENT_TYPE MR pipeline' NO_SOURCEMAPS: 'true' # For the scheduled pipelines, we set specific variables. - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "schedule"' variables: <<: [*default-ruby-variables, *default-branch-pipeline-failure-variables] CRYSTALBALL: "true" PIPELINE_NAME: 'Scheduled Ruby $RUBY_VERSION $CI_COMMIT_BRANCH branch pipeline' - if: '$CI_COMMIT_BRANCH == "ruby3_0" && $CI_PIPELINE_SOURCE == "schedule"' variables: <<: *old-ruby-variables PIPELINE_NAME: 'Scheduled Ruby $RUBY_VERSION $CI_COMMIT_BRANCH branch pipeline' - if: '$CI_COMMIT_BRANCH == "ruby3_2" && $CI_PIPELINE_SOURCE == "schedule"' variables: <<: *next-ruby-variables PIPELINE_NAME: 'Scheduled Ruby $RUBY_VERSION $CI_COMMIT_BRANCH branch pipeline' # This work around https://gitlab.com/gitlab-org/gitlab/-/issues/332411 which prevents usage of dependency proxy # when pipeline is triggered by a project access token. - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $GITLAB_USER_LOGIN =~ /project_\d+_bot\d*/' variables: <<: [*default-ruby-variables, *default-branch-pipeline-failure-variables] GITLAB_DEPENDENCY_PROXY_ADDRESS: "" PIPELINE_NAME: 'Ruby $RUBY_VERSION $CI_COMMIT_BRANCH branch pipeline (triggered by a project token)' # For `$CI_DEFAULT_BRANCH` from wider community contributors, we don't want to run any pipelines on pushes, # because normally we want to run merge request pipelines and scheduled pipelines, not for repository synchronization. # This can avoid accidentally using up pipeline minutes quota while synchronizing the repository for wider community contributors. - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "push" && $CI_PROJECT_NAMESPACE !~ /^gitlab(-org|-cn)?($|\/)/' when: never # For `$CI_DEFAULT_BRANCH` branch, create a pipeline (this includes on schedules, pushes, merges, etc.). - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' variables: <<: [*default-ruby-variables, *default-branch-pipeline-failure-variables] PIPELINE_NAME: 'Ruby $RUBY_VERSION $CI_COMMIT_BRANCH branch pipeline' # For tags, create a pipeline. - if: '$CI_COMMIT_TAG' variables: <<: *default-ruby-variables PIPELINE_NAME: 'Ruby $RUBY_VERSION $CI_COMMIT_TAG tag pipeline' # If `$GITLAB_INTERNAL` isn't set, don't create a pipeline. - if: '$GITLAB_INTERNAL == null' when: never # For stable, auto-deploy, and security branches, create a pipeline. - if: '$CI_COMMIT_BRANCH =~ /^[\d-]+-stable(-ee)?$/' variables: <<: *default-ruby-variables PIPELINE_NAME: 'Ruby $RUBY_VERSION $CI_COMMIT_BRANCH branch pipeline' - if: '$CI_COMMIT_BRANCH =~ /^\d+-\d+-auto-deploy-\d+$/' variables: <<: *default-ruby-variables PIPELINE_NAME: 'Ruby $RUBY_VERSION $CI_COMMIT_BRANCH branch pipeline' - if: '$CI_COMMIT_BRANCH =~ /^security\//' variables: <<: *default-ruby-variables PIPELINE_NAME: 'Ruby $RUBY_VERSION $CI_COMMIT_BRANCH branch pipeline' variables: PG_VERSION: "14" DEFAULT_CI_IMAGE: "${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}.patched-golang-${GO_VERSION}-rust-${RUST_VERSION}-node-18.17-postgresql-${PG_VERSION}:rubygems-${RUBYGEMS_VERSION}-git-2.36-lfs-2.9-chrome-${CHROME_VERSION}-yarn-1.22-graphicsmagick-1.3.36" # We set $GITLAB_DEPENDENCY_PROXY to another variable (since it's set at the group level and has higher precedence than .gitlab-ci.yml) # so that we can override $GITLAB_DEPENDENCY_PROXY_ADDRESS in workflow rules. GITLAB_DEPENDENCY_PROXY_ADDRESS: "${GITLAB_DEPENDENCY_PROXY}" RAILS_ENV: "test" NODE_ENV: "test" BUNDLE_WITHOUT: "production:development" BUNDLE_INSTALL_FLAGS: "--jobs=$(nproc) --retry=3" BUNDLE_FROZEN: "true" # we override the max_old_space_size to prevent OOM errors NODE_OPTIONS: --max_old_space_size=5120 GIT_DEPTH: "20" # 'GIT_STRATEGY: clone' optimizes the pack-objects cache hit ratio GIT_STRATEGY: "clone" GIT_SUBMODULE_STRATEGY: "none" GET_SOURCES_ATTEMPTS: "3" # CI_FETCH_REPO_GIT_STRATEGY: "none" is from artifacts. "clone" is from cloning CI_FETCH_REPO_GIT_STRATEGY: "none" DEBIAN_VERSION: "bullseye" UBI_VERSION: "8.6" CHROME_VERSION: "120" DOCKER_VERSION: "24.0.5" RUBYGEMS_VERSION: "3.4" BUNDLER_VERSION: "2.5" GO_VERSION: "1.20" RUST_VERSION: "1.73" FLAKY_RSPEC_SUITE_REPORT_PATH: rspec/flaky/report-suite.json FRONTEND_FIXTURES_MAPPING_PATH: crystalball/frontend_fixtures_mapping.json GITLAB_WORKHORSE_FOLDER: "gitlab-workhorse" JOB_METRICS_FILE_PATH: "${CI_PROJECT_DIR}/tmp/job-metrics.json" KNAPSACK_RSPEC_SUITE_REPORT_PATH: knapsack/report-master.json RSPEC_CHANGED_FILES_PATH: rspec/changed_files.txt RSPEC_FAIL_FAST_THRESHOLD: 20 RSPEC_FAST_QUARANTINE_PATH: rspec/fast_quarantine-gitlab.txt RSPEC_FOSS_IMPACT_PIPELINE_TEMPLATE_YML: .gitlab/ci/rails/rspec-foss-impact.gitlab-ci.yml.erb RSPEC_LAST_RUN_RESULTS_FILE: rspec/rspec_last_run_results.txt RSPEC_MATCHING_JS_FILES_PATH: rspec/js_matching_files.txt RSPEC_MATCHING_TESTS_EE_PATH: rspec/matching_tests-ee.txt RSPEC_MATCHING_TESTS_FOSS_PATH: rspec/matching_tests-foss.txt RSPEC_MATCHING_TESTS_PATH: rspec/matching_tests.txt RSPEC_PACKED_TESTS_MAPPING_PATH: crystalball/packed-mapping.json RSPEC_PREDICTIVE_PIPELINE_TEMPLATE_YML: .gitlab/ci/rails/rspec-predictive.gitlab-ci.yml.erb RSPEC_PROFILING_FOLDER_PATH: rspec/profiling RSPEC_TESTS_MAPPING_PATH: crystalball/mapping.json RSPEC_VIEWS_INCLUDING_PARTIALS_PATH: rspec/views_including_partials.txt RSPEC_AUTO_EXPLAIN_LOG_PATH: auto_explain/auto_explain.ndjson.gz TMP_TEST_FOLDER: "${CI_PROJECT_DIR}/tmp/tests" TMP_TEST_GITLAB_WORKHORSE_PATH: "${TMP_TEST_FOLDER}/${GITLAB_WORKHORSE_FOLDER}" ES_JAVA_OPTS: "-Xms256m -Xmx256m" ELASTIC_URL: "http://elastic:changeme@elasticsearch:9200" BUNDLER_CHECKSUM_VERIFICATION_OPT_IN: "1" CACHE_CLASSES: "true" CHECK_PRECOMPILED_ASSETS: "true" FF_USE_FASTZIP: "true" RETRY_FAILED_TESTS_IN_NEW_PROCESS: "true" # Run with decomposed databases by default DECOMPOSED_DB: "true" DOCS_REVIEW_APPS_DOMAIN: "docs.gitlab-review.app" DOCS_GITLAB_REPO_SUFFIX: "ee" REVIEW_APPS_IMAGE: "${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/ruby-3.0:gcloud-383-kubectl-1.23-helm-3.5" REVIEW_APPS_DOMAIN: "gitlab-review.app" REVIEW_APPS_GCP_PROJECT: "gitlab-review-apps" REVIEW_APPS_GCP_REGION: "us-central1" CACHE_ASSETS_AS_PACKAGE: "true" REUSE_FRONTEND_FIXTURES_ENABLED: "true" BUILD_ASSETS_IMAGE: "true" # Set it to "false" to disable assets image building, used in `build-assets-image` SIMPLECOV: "true" REGISTRY_HOST: "registry.gitlab.com" REGISTRY_GROUP: "gitlab-org" # Disable useless network connections when installing some NPM packages. # See https://gitlab.com/gitlab-com/gl-security/engineering-and-research/inventory/-/issues/827#note_1203181407 DISABLE_OPENCOLLECTIVE: "true" # This is set at the gitlab-org level, but we set it here for forks DANGER_DO_NOT_POST_INVALID_DANGERFILE_ERROR: "1" # Workaround for https://gitlab.com/gitlab-org/gitlab/-/issues/390313. This can be dropped whenever # https://github.com/ruby/ruby/pull/7663 lands in the Ruby interpreter. NOKOGIRI_LIBXML_MEMORY_MANAGEMENT: default include: - local: .gitlab/ci/_skip.yml rules: - <<: *if-merge-request-security-canonical-sync - local: .gitlab/ci/*.gitlab-ci.yml rules: - <<: *if-not-security-canonical-sync - remote: 'https://gitlab.com/gitlab-org/frontend/untamper-my-lockfile/-/raw/main/templates/merge_request_pipelines.yml' rules: - <<: *if-not-security-canonical-sync - local: .gitlab/ci/gitlab-com/*.gitlab-ci.yml rules: - if: '$CI_SERVER_HOST == "gitlab.com"' - if: '$CI_SERVER_HOST == "jihulab.com"'