image: "dev.gitlab.org:5005/gitlab/gitlab-build-images:ruby-2.5.3-golang-1.11-git-2.18-chrome-71.0-node-10.x-yarn-1.12-postgresql-9.6-graphicsmagick-1.3.29" .dedicated-runner: &dedicated-runner retry: 1 tags: - gitlab-org .default-cache: &default-cache key: "debian-stretch-ruby-2.5.3-node-10.x" paths: - vendor/ruby - .yarn-cache/ - vendor/gitaly-ruby .push-cache: &push-cache cache: <<: *default-cache policy: push .pull-cache: &pull-cache cache: <<: *default-cache policy: pull variables: MYSQL_ALLOW_EMPTY_PASSWORD: "1" RAILS_ENV: "test" NODE_ENV: "test" SIMPLECOV: "true" GIT_DEPTH: "20" GIT_SUBMODULE_STRATEGY: "none" GET_SOURCES_ATTEMPTS: "3" KNAPSACK_RSPEC_SUITE_REPORT_PATH: knapsack/${CI_PROJECT_NAME}/rspec_report-master.json FLAKY_RSPEC_SUITE_REPORT_PATH: rspec_flaky/report-suite.json BUILD_ASSETS_IMAGE: "false" before_script: - bundle --version - date - source scripts/utils.sh - date - source scripts/prepare_build.sh - date after_script: - date stages: - build - prepare - merge - test - post-test - pages - post-cleanup # Predefined scopes .tests-metadata-state: &tests-metadata-state <<: *dedicated-runner variables: TESTS_METADATA_S3_BUCKET: "gitlab-ce-cache" before_script: - source scripts/utils.sh artifacts: expire_in: 31d paths: - knapsack/ - rspec_flaky/ - rspec_profiling/ .use-pg: &use-pg services: - postgres:9.6 - redis:alpine .use-mysql: &use-mysql services: - mysql:5.7 - redis:alpine # Skip all jobs except the ones that begin with 'docs/'. # Used for commits including ONLY documentation changes. # https://docs.gitlab.com/ce/development/documentation/#testing .except-docs: &except-docs except: - /(^docs[\/-].*|.*-docs$)/ .except-qa: &except-qa except: - /(^qa[\/-].*|.*-qa$)/ .except-docs-and-qa: &except-docs-and-qa except: - /(^docs[\/-].*|.*-docs$)/ - /(^qa[\/-].*|.*-qa$)/ # Jobs that only need to pull cache .dedicated-no-docs-pull-cache-job: &dedicated-no-docs-pull-cache-job <<: *dedicated-runner <<: *except-docs <<: *pull-cache dependencies: - setup-test-env stage: test # Jobs that do not need a DB .dedicated-no-docs-no-db-pull-cache-job: &dedicated-no-docs-no-db-pull-cache-job <<: *dedicated-no-docs-pull-cache-job variables: SETUP_DB: "false" .dedicated-no-docs-and-no-qa-pull-cache-job: &dedicated-no-docs-and-no-qa-pull-cache-job <<: *dedicated-no-docs-pull-cache-job <<: *except-docs-and-qa .single-script-job: &single-script-job image: ruby:2.5-alpine stage: test cache: {} dependencies: [] variables: &single-script-job-variables GIT_STRATEGY: none before_script: # We don't clone the repo by using GIT_STRATEGY: none and only download the # single script we need here so it's much faster than cloning. - export SCRIPT_NAME="${SCRIPT_NAME:-$CI_JOB_NAME}" - apk add --update openssl - wget $CI_PROJECT_URL/raw/$CI_COMMIT_SHA/scripts/$SCRIPT_NAME - chmod 755 $(basename $SCRIPT_NAME) .rake-exec: &rake-exec <<: *dedicated-no-docs-no-db-pull-cache-job script: - bundle exec rake $CI_JOB_NAME .rspec-metadata: &rspec-metadata <<: *dedicated-runner <<: *except-docs-and-qa <<: *pull-cache stage: test script: - JOB_NAME=( $CI_JOB_NAME ) - TEST_TOOL=${JOB_NAME[0]} - export KNAPSACK_REPORT_PATH=knapsack/${CI_PROJECT_NAME}/${TEST_TOOL}_node_${CI_NODE_INDEX}_${CI_NODE_TOTAL}_report.json - export KNAPSACK_GENERATE_REPORT=true - export SUITE_FLAKY_RSPEC_REPORT_PATH=${FLAKY_RSPEC_SUITE_REPORT_PATH} - export FLAKY_RSPEC_REPORT_PATH=rspec_flaky/all_${TEST_TOOL}_${CI_NODE_INDEX}_${CI_NODE_TOTAL}_report.json - export NEW_FLAKY_RSPEC_REPORT_PATH=rspec_flaky/new_${TEST_TOOL}_${CI_NODE_INDEX}_${CI_NODE_TOTAL}_report.json - export FLAKY_RSPEC_GENERATE_REPORT=true - export CACHE_CLASSES=true - cp ${KNAPSACK_RSPEC_SUITE_REPORT_PATH} ${KNAPSACK_REPORT_PATH} - '[[ -f $FLAKY_RSPEC_REPORT_PATH ]] || echo "{}" > ${FLAKY_RSPEC_REPORT_PATH}' - '[[ -f $NEW_FLAKY_RSPEC_REPORT_PATH ]] || echo "{}" > ${NEW_FLAKY_RSPEC_REPORT_PATH}' - scripts/gitaly-test-spawn - knapsack rspec "--color --format documentation --format RspecJunitFormatter --out junit_rspec.xml" artifacts: expire_in: 31d when: always paths: - coverage/ - knapsack/ - rspec_flaky/ - rspec_profiling/ - tmp/capybara/ reports: junit: junit_rspec.xml .rspec-metadata-pg: &rspec-metadata-pg <<: *rspec-metadata <<: *use-pg .rspec-metadata-mysql: &rspec-metadata-mysql <<: *rspec-metadata <<: *use-mysql .only-canonical-masters: &only-canonical-masters only: - master@gitlab-org/gitlab-ce - master@gitlab-org/gitlab-ee - master@gitlab/gitlabhq - master@gitlab/gitlab-ee .gitlab-setup: &gitlab-setup <<: *dedicated-no-docs-and-no-qa-pull-cache-job <<: *use-pg variables: SETUP_DB: "false" script: # Manually clone gitlab-test and only seed this project in # db/fixtures/development/04_project.rb thanks to SIZE=1 below - git clone https://gitlab.com/gitlab-org/gitlab-test.git /home/git/repositories/gitlab-org/gitlab-test.git - scripts/gitaly-test-spawn - force=yes SIZE=1 FIXTURE_PATH="db/fixtures/development" bundle exec rake gitlab:setup artifacts: when: on_failure expire_in: 1d paths: - log/development.log # DB migration, rollback, and seed jobs .db-migrate-reset: &db-migrate-reset <<: *dedicated-no-docs-and-no-qa-pull-cache-job script: - bundle exec rake db:migrate:reset .migration-paths: &migration-paths <<: *dedicated-no-docs-and-no-qa-pull-cache-job variables: SETUP_DB: "false" script: - git fetch https://gitlab.com/gitlab-org/gitlab-ce.git v9.3.0 - git checkout -f FETCH_HEAD - sed -i "s/gem 'oj', '~> 2.17.4'//" Gemfile - bundle update google-protobuf grpc - bundle install $BUNDLE_INSTALL_FLAGS - date - cp config/gitlab.yml.example config/gitlab.yml - bundle exec rake db:drop db:create db:schema:load db:seed_fu - date - git checkout -f $CI_COMMIT_SHA - bundle install $BUNDLE_INSTALL_FLAGS - date - . scripts/prepare_build.sh - date - bundle exec rake db:migrate ## # Trigger a package build in omnibus-gitlab repository # package-and-qa: image: ruby:2.5-alpine stage: test before_script: [] dependencies: [] cache: {} variables: GIT_DEPTH: "1" API_TOKEN: "${GITLAB_BOT_MULTI_PROJECT_PIPELINE_POLLING_TOKEN}" retry: 0 script: - apk add --update openssl curl jq - gem install gitlab --no-document - source ./scripts/review_apps/review-apps.sh - wait_for_job_to_be_done "gitlab:assets:compile" - ./scripts/trigger-build omnibus when: manual only: - //@gitlab-org/gitlab-ce - //@gitlab-org/gitlab-ee # Review docs base .review-docs: &review-docs <<: *dedicated-runner <<: *single-script-job variables: <<: *single-script-job-variables SCRIPT_NAME: trigger-build-docs environment: name: review-docs/$CI_COMMIT_REF_SLUG # DOCS_REVIEW_APPS_DOMAIN and DOCS_GITLAB_REPO_SUFFIX are CI variables # Discussion: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/14236/diffs#note_40140693 url: http://$CI_ENVIRONMENT_SLUG.$DOCS_REVIEW_APPS_DOMAIN/$DOCS_GITLAB_REPO_SUFFIX on_stop: review-docs-cleanup # Trigger a manual docs build in gitlab-docs only on non docs-only branches. # Useful to preview the docs changes live. review-docs-deploy-manual: <<: *review-docs stage: build script: - gem install gitlab --no-document - ./$SCRIPT_NAME deploy when: manual only: - branches@gitlab-org/gitlab-ce - branches@gitlab-org/gitlab-ee <<: *except-docs-and-qa # Always trigger a docs build in gitlab-docs only on docs-only branches. # Useful to preview the docs changes live. review-docs-deploy: <<: *review-docs stage: post-test script: - gem install gitlab --no-document - ./$SCRIPT_NAME deploy only: - /(^docs[\/-].*|.*-docs$)/@gitlab-org/gitlab-ce - /(^docs[\/-].*|.*-docs$)/@gitlab-org/gitlab-ee <<: *except-qa # Cleanup remote environment of gitlab-docs review-docs-cleanup: <<: *review-docs stage: post-cleanup environment: name: review-docs/$CI_COMMIT_REF_SLUG action: stop script: - gem install gitlab --no-document - ./$SCRIPT_NAME cleanup when: manual only: - branches@gitlab-org/gitlab-ce - branches@gitlab-org/gitlab-ee ## # Trigger a docker image build in CNG (Cloud Native GitLab) repository # cloud-native-image: image: ruby:2.5-alpine before_script: [] dependencies: [] stage: post-test allow_failure: true variables: GIT_DEPTH: "1" cache: {} when: always script: - gem install gitlab --no-document - CNG_PROJECT_PATH="gitlab-org/build/CNG" BUILD_TRIGGER_TOKEN=$CI_JOB_TOKEN ./scripts/trigger-build cng only: - tags@gitlab-org/gitlab-ce - tags@gitlab-org/gitlab-ee # Retrieve knapsack and rspec_flaky reports retrieve-tests-metadata: <<: *tests-metadata-state <<: *except-docs-and-qa stage: prepare cache: key: tests_metadata policy: pull script: - mkdir -p knapsack/${CI_PROJECT_NAME}/ - wget -O $KNAPSACK_RSPEC_SUITE_REPORT_PATH http://${TESTS_METADATA_S3_BUCKET}.s3.amazonaws.com/$KNAPSACK_RSPEC_SUITE_REPORT_PATH || rm $KNAPSACK_RSPEC_SUITE_REPORT_PATH - '[[ -f $KNAPSACK_RSPEC_SUITE_REPORT_PATH ]] || echo "{}" > ${KNAPSACK_RSPEC_SUITE_REPORT_PATH}' - mkdir -p rspec_flaky/ - mkdir -p rspec_profiling/ - wget -O $FLAKY_RSPEC_SUITE_REPORT_PATH http://${TESTS_METADATA_S3_BUCKET}.s3.amazonaws.com/$FLAKY_RSPEC_SUITE_REPORT_PATH || rm $FLAKY_RSPEC_SUITE_REPORT_PATH - '[[ -f $FLAKY_RSPEC_SUITE_REPORT_PATH ]] || echo "{}" > ${FLAKY_RSPEC_SUITE_REPORT_PATH}' update-tests-metadata: <<: *tests-metadata-state <<: *only-canonical-masters stage: post-test cache: key: tests_metadata paths: - knapsack/ - rspec_flaky/ policy: push script: - retry gem install fog-aws mime-types activesupport rspec_profiling postgres-copy --no-document - scripts/merge-reports ${KNAPSACK_RSPEC_SUITE_REPORT_PATH} knapsack/${CI_PROJECT_NAME}/rspec-pg_node_*.json - scripts/merge-reports ${FLAKY_RSPEC_SUITE_REPORT_PATH} rspec_flaky/all_*_*.json - FLAKY_RSPEC_GENERATE_REPORT=1 scripts/prune-old-flaky-specs ${FLAKY_RSPEC_SUITE_REPORT_PATH} - '[[ -z ${TESTS_METADATA_S3_BUCKET} ]] || scripts/sync-reports put $TESTS_METADATA_S3_BUCKET $KNAPSACK_RSPEC_SUITE_REPORT_PATH' - '[[ -z ${TESTS_METADATA_S3_BUCKET} ]] || scripts/sync-reports put $TESTS_METADATA_S3_BUCKET $FLAKY_RSPEC_SUITE_REPORT_PATH' - rm -f knapsack/${CI_PROJECT_NAME}/*_node_*.json - rm -f rspec_flaky/all_*.json rspec_flaky/new_*.json - scripts/insert-rspec-profiling-data flaky-examples-check: <<: *dedicated-runner image: ruby:2.5-alpine services: [] before_script: [] variables: SETUP_DB: "false" USE_BUNDLE_INSTALL: "false" NEW_FLAKY_SPECS_REPORT: rspec_flaky/report-new.json stage: post-test allow_failure: true retry: 0 only: - branches except: - master - /(^docs[\/-].*|.*-docs$)/ - /(^qa[\/-].*|.*-qa$)/ artifacts: expire_in: 30d paths: - rspec_flaky/ script: - '[[ -f $NEW_FLAKY_SPECS_REPORT ]] || echo "{}" > ${NEW_FLAKY_SPECS_REPORT}' - scripts/merge-reports ${NEW_FLAKY_SPECS_REPORT} rspec_flaky/new_*_*.json - scripts/detect-new-flaky-examples $NEW_FLAKY_SPECS_REPORT .assets-compile-cache: &assets-compile-cache cache: key: "assets-compile:vendor_ruby:.yarn-cache:tmp_cache_assets_sprockets:v5" paths: - vendor/ruby/ - .yarn-cache/ - tmp/cache/assets/sprockets compile-assets: <<: *dedicated-runner <<: *except-docs <<: *use-pg stage: prepare script: - node --version - yarn install --frozen-lockfile --cache-folder .yarn-cache - free -m - bundle exec rake gitlab:assets:compile - scripts/clean-old-cached-assets variables: # we override the max_old_space_size to prevent OOM errors NODE_OPTIONS: --max_old_space_size=3584 artifacts: expire_in: 7d paths: - node_modules - public/assets <<: *assets-compile-cache setup-test-env: <<: *dedicated-runner <<: *except-docs <<: *use-pg stage: prepare cache: <<: *default-cache script: - bundle exec ruby -Ispec -e 'require "spec_helper" ; TestEnv.init' - scripts/gitaly-test-build # Do not use 'bundle exec' here artifacts: expire_in: 7d paths: - tmp/tests - config/secrets.yml - vendor/gitaly-ruby # GitLab Review apps .review-only: &review-only only: refs: - branches@gitlab-org/gitlab-ce - branches@gitlab-org/gitlab-ee kubernetes: active except: refs: - master - /(^docs[\/-].*|.*-docs$)/ .review-schedules-only: &review-schedules-only only: refs: - schedules@gitlab-org/gitlab-ce - schedules@gitlab-org/gitlab-ee kubernetes: active except: refs: - tags - /(^docs[\/-].*|.*-docs$)/ .review-base: &review-base <<: *dedicated-no-docs-no-db-pull-cache-job <<: *review-only image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base stage: test cache: {} dependencies: [] environment: &review-environment name: review/${CI_COMMIT_REF_NAME} url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN} before_script: [] .review-docker: &review-docker <<: *review-base image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-qa-alpine services: - docker:stable-dind tags: - gitlab-org - docker variables: &review-docker-variables GIT_DEPTH: "1" DOCKER_DRIVER: overlay2 DOCKER_HOST: tcp://docker:2375 LATEST_QA_IMAGE: "gitlab/${CI_PROJECT_NAME}-qa:nightly" QA_IMAGE: "${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab/${CI_PROJECT_NAME}-qa:${CI_COMMIT_REF_SLUG}" build-qa-image: <<: *review-docker variables: <<: *review-docker-variables GIT_DEPTH: "20" stage: prepare script: - time docker build --cache-from ${LATEST_QA_IMAGE} --tag ${QA_IMAGE} ./qa/ - echo "${CI_JOB_TOKEN}" | docker login --username gitlab-ci-token --password-stdin ${CI_REGISTRY} - time docker push ${QA_IMAGE} danger-review: <<: *pull-cache image: registry.gitlab.com/gitlab-org/gitlab-build-images:danger stage: test dependencies: [] before_script: [] only: variables: - $DANGER_GITLAB_API_TOKEN except: refs: - master variables: - $CI_COMMIT_REF_NAME =~ /^ce-to-ee-.*/ - $CI_COMMIT_REF_NAME =~ /.*-stable(-ee)?-prepare-.*/ script: - git version - node --version - yarn install --frozen-lockfile --cache-folder .yarn-cache - danger --fail-on-errors=true rspec-pg: <<: *rspec-metadata-pg parallel: 50 rspec-mysql: <<: *rspec-metadata-mysql parallel: 50 .rspec-quarantine: &rspec-quarantine retry: 0 script: - export CACHE_CLASSES=true - scripts/gitaly-test-spawn - bin/rspec --color --format documentation --tag quarantine spec/ rspec-pg-quarantine: <<: *rspec-metadata-pg <<: *rspec-quarantine allow_failure: true rspec-mysql-quarantine: <<: *rspec-metadata-mysql <<: *rspec-quarantine allow_failure: true static-analysis: <<: *dedicated-no-docs-no-db-pull-cache-job dependencies: - compile-assets - setup-test-env script: - scripts/static-analysis cache: key: "debian-stretch-ruby-2.5.3-node-10.x-and-rubocop" paths: - vendor/ruby - .yarn-cache/ - tmp/rubocop_cache # Documentation checks: # - Check validity of relative links # - Make sure cURL examples in API docs use the full switches docs lint: <<: *dedicated-runner <<: *except-qa image: "registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-docs-lint" stage: test cache: {} dependencies: [] before_script: [] script: - scripts/lint-doc.sh - scripts/lint-changelog-yaml - mv doc/ /tmp/gitlab-docs/content/$DOCS_GITLAB_REPO_SUFFIX - cd /tmp/gitlab-docs # Build HTML from Markdown - bundle exec nanoc # Check the internal links - bundle exec nanoc check internal_links downtime_check: <<: *rake-exec except: - master - tags - /^[\d-]+-stable(-ee)?$/ - /(^docs[\/-].*|.*-docs$)/ - /(^qa[\/-].*|.*-qa$)/ ee_compat_check: <<: *rake-exec dependencies: [] except: - master - tags - /[\d-]+-stable(-ee)?/ - /^security-/ - branches@gitlab-org/gitlab-ee - branches@gitlab/gitlab-ee retry: 0 artifacts: name: "${CI_JOB_NAME}_${CI_COMIT_REF_NAME}_${CI_COMMIT_SHA}" when: always expire_in: 10d paths: - ee_compat_check/patches/*.patch db:migrate:reset-pg: <<: *db-migrate-reset <<: *use-pg db:migrate:reset-mysql: <<: *db-migrate-reset <<: *use-mysql db:check-schema-pg: <<: *db-migrate-reset <<: *use-pg script: - source scripts/schema_changed.sh migration:path-pg: <<: *migration-paths <<: *use-pg migration:path-mysql: <<: *migration-paths <<: *use-mysql .db-rollback: &db-rollback <<: *dedicated-no-docs-and-no-qa-pull-cache-job script: - bundle exec rake db:migrate VERSION=20170523121229 - bundle exec rake db:migrate db:rollback-pg: <<: *db-rollback <<: *use-pg db:rollback-mysql: <<: *db-rollback <<: *use-mysql gitlab:setup-pg: <<: *gitlab-setup <<: *use-pg gitlab:setup-mysql: <<: *gitlab-setup <<: *use-mysql # Frontend-related jobs gitlab:assets:compile: <<: *dedicated-no-docs-pull-cache-job image: dev.gitlab.org:5005/gitlab/gitlab-build-images:ruby-2.5.3-git-2.18-chrome-71.0-node-8.x-yarn-1.12-graphicsmagick-1.3.29-docker-18.06.1 dependencies: - setup-test-env services: - docker:stable-dind variables: NODE_ENV: "production" RAILS_ENV: "production" SETUP_DB: "false" SKIP_STORAGE_VALIDATION: "true" WEBPACK_REPORT: "true" # we override the max_old_space_size to prevent OOM errors NODE_OPTIONS: --max_old_space_size=3584 DOCKER_DRIVER: overlay2 DOCKER_HOST: tcp://docker:2375 script: - node --version - yarn install --frozen-lockfile --production --cache-folder .yarn-cache - free -m - bundle exec rake gitlab:assets:compile - time scripts/build_assets_image - scripts/clean-old-cached-assets artifacts: name: webpack-report expire_in: 31d paths: - webpack-report/ - public/assets/ <<: *assets-compile-cache only: - //@gitlab-org/gitlab-ce - //@gitlab-org/gitlab-ee - //@gitlab/gitlabhq - //@gitlab/gitlab-ee tags: - docker - gitlab-org gitlab:ui:visual: tags: - gitlab-org before_script: [] allow_failure: true dependencies: - compile-assets script: # Remove node modules from GitLab that may conflict with gitlab-ui - rm -r node_modules - git clone https://gitlab.com/gitlab-org/gitlab-ui.git - cp public/assets/application-*.css gitlab-ui/styles/application.css - cd gitlab-ui - yarn install - CSS_URL=./application.css yarn test only: changes: - app/assets/stylesheets/*.scss - app/assets/stylesheets/**/*.scss - app/assets/stylesheets/**/**/*.scss except: refs: - /(^docs[\/-].*|.*-docs$)/ - master variables: - $CI_COMMIT_MESSAGE =~ /\[skip visual\]/i artifacts: paths: - tests/__image_snapshots__/ karma: <<: *dedicated-no-docs-pull-cache-job <<: *use-pg dependencies: - compile-assets - setup-test-env variables: # we override the max_old_space_size to prevent OOM errors NODE_OPTIONS: --max_old_space_size=3584 script: - export BABEL_ENV=coverage CHROME_LOG_FILE=chrome_debug.log - date - scripts/gitaly-test-spawn - date - bundle exec rake karma coverage: '/^Statements *: (\d+\.\d+%)/' artifacts: name: coverage-javascript expire_in: 31d when: always paths: - chrome_debug.log - coverage-javascript/ reports: junit: junit_karma.xml jest: <<: *dedicated-no-docs-and-no-qa-pull-cache-job <<: *use-pg dependencies: - compile-assets - setup-test-env script: - scripts/gitaly-test-spawn - date - bundle exec rake karma:fixtures - date - yarn jest --ci --coverage artifacts: name: coverage-frontend expire_in: 31d when: always paths: - coverage-frontend/ - junit_jest.xml reports: junit: junit_jest.xml cache: key: jest paths: - tmp/jest/jest/ code_quality: <<: *dedicated-no-docs-no-db-pull-cache-job image: docker:stable allow_failure: true # gitlab-org runners set `privileged: false` but we need to have it set to true # since we're using Docker in Docker tags: [] before_script: [] services: - docker:stable-dind variables: SETUP_DB: "false" DOCKER_DRIVER: overlay2 cache: {} dependencies: [] script: # Extract "MAJOR.MINOR" from CI_SERVER_VERSION and generate "MAJOR-MINOR-stable" for Security Products - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/') - docker run --env SOURCE_CODE="$PWD" --volume "$PWD":/code --volume /var/run/docker.sock:/var/run/docker.sock "registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code artifacts: reports: codequality: gl-code-quality-report.json expire_in: 1 week sast: <<: *dedicated-no-docs-no-db-pull-cache-job image: docker:stable variables: SAST_CONFIDENCE_LEVEL: 2 DOCKER_DRIVER: overlay2 allow_failure: true tags: [] before_script: [] cache: {} dependencies: [] services: - docker:stable-dind script: - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/') - docker run --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}" --volume "$PWD:/code" --volume /var/run/docker.sock:/var/run/docker.sock "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code artifacts: reports: sast: gl-sast-report.json dependency_scanning: <<: *dedicated-no-docs-no-db-pull-cache-job image: docker:stable variables: DOCKER_DRIVER: overlay2 allow_failure: true tags: [] before_script: [] cache: {} dependencies: [] services: - docker:stable-dind script: - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/') - docker run --env DEP_SCAN_DISABLE_REMOTE_CHECKS="${DEP_SCAN_DISABLE_REMOTE_CHECKS:-false}" --volume "$PWD:/code" --volume /var/run/docker.sock:/var/run/docker.sock "registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$SP_VERSION" /code artifacts: reports: dependency_scanning: gl-dependency-scanning-report.json qa:internal: <<: *dedicated-no-docs-no-db-pull-cache-job services: [] script: - cd qa/ - bundle install - bundle exec rspec qa:selectors: <<: *dedicated-no-docs-no-db-pull-cache-job services: [] script: - cd qa/ - bundle install - bundle exec bin/qa Test::Sanity::Selectors .qa-frontend-node: &qa-frontend-node <<: *dedicated-no-docs-no-db-pull-cache-job stage: test variables: NODE_OPTIONS: --max_old_space_size=3584 cache: key: "$CI_JOB_NAME" paths: - .yarn-cache/ dependencies: [] before_script: [] script: - date - yarn install --frozen-lockfile --cache-folder .yarn-cache - date - yarn run webpack-prod qa-frontend-node:8: <<: *qa-frontend-node image: node:8-alpine qa-frontend-node:10: <<: *qa-frontend-node image: node:10-alpine qa-frontend-node:latest: <<: *qa-frontend-node image: node:alpine allow_failure: true coverage: # Don't include dedicated-no-docs-no-db-pull-cache-job here since we need to # download artifacts from all the rspec jobs instead of from setup-test-env only <<: *dedicated-runner <<: *except-docs-and-qa <<: *pull-cache variables: SETUP_DB: "false" stage: post-test script: - bundle exec scripts/merge-simplecov coverage: '/LOC \((\d+\.\d+%)\) covered.$/' artifacts: name: coverage expire_in: 31d paths: - coverage/index.html - coverage/assets/ lint:javascript:report: <<: *dedicated-no-docs-and-no-qa-pull-cache-job stage: post-test dependencies: [] before_script: [] script: - date - yarn run eslint-report || true # ignore exit code artifacts: name: eslint-report expire_in: 31d paths: - eslint-report.html jsdoc: <<: *dedicated-no-docs-pull-cache-job stage: post-test dependencies: - compile-assets before_script: [] script: - date - yarn run jsdoc || true # ignore exit code artifacts: name: jsdoc expire_in: 31d paths: - jsdoc/ pages: <<: *dedicated-no-docs-no-db-pull-cache-job before_script: [] stage: pages dependencies: - coverage - karma - gitlab:assets:compile - lint:javascript:report - jsdoc script: - mv public/ .public/ - mkdir public/ - mv coverage/ public/coverage-ruby/ || true - mv coverage-javascript/ public/coverage-javascript/ || true - mv eslint-report.html public/ || true - mv webpack-report/ public/webpack-report/ || true - cp .public/assets/application-*.css public/application.css || true - cp .public/assets/application-*.css.gz public/application.css.gz || true - mv jsdoc/ public/jsdoc/ || true artifacts: paths: - public only: - master@gitlab-org/gitlab-ce - master@gitlab-org/gitlab-ee # Insurance in case a gem needed by one of our releases gets yanked from # rubygems.org in the future. cache gems: <<: *dedicated-no-docs-no-db-pull-cache-job script: - bundle package --all --all-platforms artifacts: paths: - vendor/cache only: - master@gitlab-org/gitlab-ce - master@gitlab-org/gitlab-ee - tags gitlab_git_test: <<: *dedicated-runner <<: *except-docs-and-qa variables: SETUP_DB: "false" before_script: [] dependencies: [] cache: {} script: - spec/support/prepare-gitlab-git-test-for-commit --check-for-changes no_ee_check: <<: *dedicated-runner <<: *except-docs-and-qa variables: SETUP_DB: "false" before_script: [] dependencies: [] cache: {} script: - scripts/no-ee-check only: - //@gitlab-org/gitlab-ce # GitLab Review apps .review-build-cng-base: &review-build-cng-base image: ruby:2.5-alpine stage: test before_script: [] dependencies: [] cache: {} variables: GIT_DEPTH: "1" API_TOKEN: "${GITLAB_BOT_MULTI_PROJECT_PIPELINE_POLLING_TOKEN}" script: - apk add --update openssl curl jq - gem install gitlab --no-document - source ./scripts/review_apps/review-apps.sh - wait_for_job_to_be_done "gitlab:assets:compile" - BUILD_TRIGGER_TOKEN=$REVIEW_APPS_BUILD_TRIGGER_TOKEN ./scripts/trigger-build cng review-build-cng: <<: *review-only <<: *review-build-cng-base schedule:review-build-cng: <<: *review-schedules-only <<: *review-build-cng-base .review-deploy-base: &review-deploy-base <<: *review-base retry: 2 allow_failure: true variables: GIT_DEPTH: "1" HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}" DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}" GITLAB_HELM_CHART_REF: "master" API_TOKEN: "${GITLAB_BOT_MULTI_PROJECT_PIPELINE_POLLING_TOKEN}" environment: <<: *review-environment on_stop: review-stop before_script: - export GITLAB_SHELL_VERSION=$(