review-cleanup:
  extends:
    - .default-retry
    - .review:rules:review-cleanup
  image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-helm3-kubectl1.14
  stage: prepare
  environment:
    name: review/auto-cleanup
    action: stop
  before_script:
    - source scripts/utils.sh
    - source scripts/review_apps/gcp_cleanup.sh
    - install_gitlab_gem
    - setup_gcp_dependencies
  script:
    - ruby -rrubygems scripts/review_apps/automated_cleanup.rb
    - gcp_cleanup

.base-before_script: &base-before_script
  - source ./scripts/utils.sh
  - source ./scripts/review_apps/review-apps.sh
  - install_api_client_dependencies_with_apk

review-build-cng:
  extends:
    - .default-retry
    - .review:rules:review-build-cng
  image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7-alpine3.13
  stage: review-prepare
  needs:
    - job: compile-production-assets
      artifacts: false
  variables:
    CNG_PROJECT_ACCESS_TOKEN: "${CNG_MIRROR_PROJECT_ACCESS_TOKEN}"  # "Multi-pipeline (from 'gitlab-org/gitlab' 'review-build-cng' job)" at https://gitlab.com/gitlab-org/build/CNG-mirror/-/settings/access_tokens
    CNG_PROJECT_PATH: "gitlab-org/build/CNG-mirror"
  before_script:
    - source ./scripts/utils.sh
    - install_gitlab_gem
  script:
    - ./scripts/trigger-build cng

.review-workflow-base:
  extends:
    - .default-retry
  image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-helm3.5-kubectl1.17
  variables:
    HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}"
    DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}"
    GITLAB_HELM_CHART_REF: "v5.2.1"
  environment:
    name: review/${CI_COMMIT_REF_SLUG}${FREQUENCY}
    url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}
    on_stop: review-stop
    auto_stop_in: 48 hours

review-deploy:
  extends:
    - .review-workflow-base
    - .review:rules:review-deploy
  stage: review
  needs: ["review-build-cng"]
  resource_group: "review/${CI_COMMIT_REF_NAME}"
  before_script:
    - export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION)
    - export GITALY_VERSION=$(<GITALY_SERVER_VERSION)
    - export GITLAB_WORKHORSE_VERSION=$(<GITLAB_WORKHORSE_VERSION)
    - echo "${CI_ENVIRONMENT_URL}" > environment_url.txt
    - *base-before_script
  script:
    - check_kube_domain
    - download_chart
    - date
    - deploy || (display_deployment_debug && exit 1)
    - verify_deploy || exit 1
    - disable_sign_ups || (delete_release && exit 1)
  after_script:
    # Run seed-dast-test-data.sh only when DAST_RUN is set to true. This is to pupulate review app with data for DAST scan.
    # Set DAST_RUN to true when jobs are manually scheduled.
    - if [ "$DAST_RUN" == "true" ]; then source scripts/review_apps/seed-dast-test-data.sh; TRACE=1 trigger_proj_user_creation; fi
  artifacts:
    paths:
      - environment_url.txt
      - curl_output.txt
    expire_in: 7 days
    when: always

.review-stop-base:
  extends: .review-workflow-base
  environment:
    action: stop
  dependencies: []
  variables:
    # We're cloning the repo instead of downloading the script for now
    # because some repos are private and CI_JOB_TOKEN cannot access files.
    # See https://gitlab.com/gitlab-org/gitlab/issues/191273
    GIT_DEPTH: 1
  before_script:
    - *base-before_script

review-delete-deployment:
  extends:
    - .review-stop-base
    - .review:rules:review-delete-deployment
  stage: prepare
  script:
    - delete_release

review-stop:
  extends:
    - .review-stop-base
    - .review:rules:review-stop
  stage: post-qa
  script:
    - delete_k8s_release_namespace

.review-qa-base:
  extends:
    - .use-docker-in-docker
  image:
    name: ${QA_IMAGE}
    entrypoint: [""]
  stage: qa
  needs: ["build-qa-image", "review-deploy"]
  variables:
    QA_DEBUG: "true"
    QA_CAN_TEST_GIT_PROTOCOL_V2: "false"
    QA_GENERATE_ALLURE_REPORT: "true"
    GITLAB_USERNAME: "root"
    GITLAB_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}"
    GITLAB_ADMIN_USERNAME: "root"
    GITLAB_ADMIN_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}"
    GITHUB_ACCESS_TOKEN: "${REVIEW_APPS_QA_GITHUB_ACCESS_TOKEN}"
    EE_LICENSE: "${REVIEW_APPS_EE_LICENSE}"
    SIGNUP_DISABLED: "true"
  before_script:
    # Use $CI_MERGE_REQUEST_SOURCE_BRANCH_SHA so that GitLab image built in omnibus-gitlab-mirror and QA image are in sync.
    - if [ -n "$CI_MERGE_REQUEST_SOURCE_BRANCH_SHA" ]; then
        git checkout -f ${CI_MERGE_REQUEST_SOURCE_BRANCH_SHA};
      fi
    - export CI_ENVIRONMENT_URL="$(cat environment_url.txt)"
    - echo "${CI_ENVIRONMENT_URL}"
    - cd qa
  artifacts:
    paths:
      - qa/tmp
    expire_in: 7 days
    when: always

.allure-report-base:
  image:
    name: ${GITLAB_DEPENDENCY_PROXY}andrcuns/allure-report-publisher:0.3.4
    entrypoint: [""]
  stage: post-qa
  variables:
    GIT_STRATEGY: none
    STORAGE_CREDENTIALS: $QA_ALLURE_REPORT_GCS_CREDENTIALS
    GITLAB_AUTH_TOKEN: $GITLAB_QA_MR_ALLURE_REPORT_TOKEN
  allow_failure: true
  script:
    - |
      allure-report-publisher upload gcs \
        --results-glob="qa/tmp/allure-results/*" \
        --bucket="gitlab-qa-allure-reports" \
        --prefix="$ALLURE_REPORT_PATH_PREFIX/$CI_COMMIT_REF_SLUG" \
        --update-pr="comment" \
        --copy-latest \
        --ignore-missing-results \
        --color

review-qa-smoke:
  extends:
    - .review-qa-base
    - .review:rules:review-qa-smoke
  retry: 1  # This is confusing but this means "2 runs at max".
  script:
    - bin/test Test::Instance::Smoke "${CI_ENVIRONMENT_URL}"

review-qa-all:
  extends:
    - .review-qa-base
    - .review:rules:review-qa-all
  parallel: 5
  script:
    - export KNAPSACK_REPORT_PATH=knapsack/master_report.json
    - export KNAPSACK_TEST_FILE_PATTERN=qa/specs/features/**/*_spec.rb
    - |
      bin/test Test::Instance::All "${CI_ENVIRONMENT_URL}" \
        -- \
        --color --format documentation \
        --format RspecJunitFormatter --out tmp/rspec.xml
  artifacts:
    reports:
      junit: qa/tmp/rspec.xml

review-performance:
  extends:
    - .default-retry
    - .review:rules:review-performance
  image:
    name: sitespeedio/sitespeed.io
    entrypoint: [""]
  stage: qa
  needs: ["review-deploy"]
  before_script:
    - export CI_ENVIRONMENT_URL="$(cat environment_url.txt)"
    - echo "${CI_ENVIRONMENT_URL}"
    - mkdir -p gitlab-exporter
    - wget -O ./gitlab-exporter/index.js https://gitlab.com/gitlab-org/gl-performance/raw/master/index.js
    - mkdir -p sitespeed-results
  script:
    - /start.sh --plugins.add ./gitlab-exporter --outputFolder sitespeed-results "${CI_ENVIRONMENT_URL}"
  after_script:
    - mv sitespeed-results/data/performance.json performance.json
  artifacts:
    paths:
      - sitespeed-results/
    reports:
      performance: performance.json
    expire_in: 31d

allure-report-qa-smoke:
  extends:
    - .allure-report-base
    - .review:rules:review-qa-smoke-report
  needs: ["review-qa-smoke"]
  variables:
    ALLURE_REPORT_PATH_PREFIX: gitlab-review-smoke
    ALLURE_JOB_NAME: review-qa-smoke

allure-report-qa-all:
  extends:
    - .allure-report-base
    - .review:rules:review-qa-all-report
  needs: ["review-qa-all"]
  variables:
    ALLURE_REPORT_PATH_PREFIX: gitlab-review-all
    ALLURE_JOB_NAME: review-qa-all

danger-review:
  extends:
    - .default-retry
    - .danger-review-cache
    - .review:rules:danger
  stage: test
  needs: []
  before_script:
    - source scripts/utils.sh
    - bundle_install_script "--with danger"
    - run_timed_command "retry yarn install --frozen-lockfile"
  script:
    - >
      if [ -z "$DANGER_GITLAB_API_TOKEN" ]; then
        run_timed_command danger_as_local
      else
        run_timed_command "bundle exec danger --fail-on-errors=true --verbose"
      fi

danger-review-local:
  extends:
    - danger-review
    - .review:rules:danger-local
  script:
    - run_timed_command danger_as_local