.gitlab/ci/review.gitlab-ci.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133

review-cleanup:
  extends:
    - .default-retry
    - .review:rules:review-cleanup
  image: ${REVIEW_APPS_IMAGE}
  stage: prepare
  environment:
    name: review/regular-cleanup
    action: access
  variables:
    KUBE_NAMESPACE: "review-apps" # gcp_cleanup.sh requires passing KUBE_NAMESPACE variable
  before_script:
    - source scripts/utils.sh
    - source scripts/review_apps/gcp_cleanup.sh
    - !reference [".use-kube-context", before_script]
    - install_gitlab_gem
    - setup_gcp_dependencies
  script:
    - exit_code_cmd_1=0;
    - exit_code_cmd_2=0;
    - scripts/review_apps/automated_cleanup.rb || exit_code_cmd_1=$?
    - gcp_cleanup || exit_code_cmd_2=$?
    - if [ $exit_code_cmd_1 -ne 0 ] || [ $exit_code_cmd_2 -ne 0 ]; then (scripts/slack review-apps-monitoring "☠️ \`${CI_JOB_NAME}\` failed! ☠️ See ${CI_JOB_URL}" warning "GitLab Bot" && exit 1); fi;

.base-review-checks:
  extends:
    - .default-retry
  image: ${REVIEW_APPS_IMAGE}
  stage: prepare
  before_script:
    - source scripts/review_apps/gcp_cleanup.sh
    - setup_gcp_dependencies
    - !reference [".use-kube-context", before_script]

review-k8s-resources-count-checks:
  extends:
    - .base-review-checks
    - .review:rules:review-k8s-resources-count-checks
  needs:
    - job: review-cleanup
      optional: true
  environment:
    name: review/k8s-resources-count-checks
    action: verify
  script:
    - scripts/review_apps/k8s-resources-count-checks.sh || (scripts/slack review-apps-monitoring "☠️ \`${CI_JOB_NAME}\` failed! ☠️ See ${CI_JOB_URL}" warning "GitLab Bot" && exit 1);

review-gcp-quotas-checks:
  extends:
    - .base-review-checks
    - .review:rules:review-gcp-quotas-checks
  needs: []
  environment:
    name: review/gcp-quotas-checks
    action: verify
  script:
    - ruby scripts/review_apps/gcp-quotas-checks.rb || (scripts/slack review-apps-monitoring "☠️ \`${CI_JOB_NAME}\` failed! ☠️ See ${CI_JOB_URL}" warning "GitLab Bot" && exit 1);

start-review-app-pipeline:
  extends:
    - .review:rules:start-review-app-pipeline
  resource_group: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE}  # CI_ENVIRONMENT_SLUG is not available here and we want this to be the same as the environment
  stage: review
  needs:
    - job: e2e-test-pipeline-generate
    - job: build-assets-image
      artifacts: false
  # These variables are set in the pipeline schedules.
  # They need to be explicitly passed on to the child pipeline.
  # https://docs.gitlab.com/ee/ci/pipelines/multi_project_pipelines.html#pass-cicd-variables-to-a-downstream-pipeline-by-using-the-variables-keyword
  variables:
    # This is needed by `review-build-cng-env` (`.gitlab/ci/review-apps/main.gitlab-ci.yml`).
    PARENT_PIPELINE_ID: $CI_PIPELINE_ID
    SCHEDULE_TYPE: $SCHEDULE_TYPE
    DAST_RUN: $DAST_RUN
    SKIP_MESSAGE: Skipping review-app due to mr containing only quarantine changes!
  trigger:
    strategy: depend
    include:
      - artifact: review-app-pipeline.yml
        job: e2e-test-pipeline-generate

# Fetch child pipeline test results and store in parent pipeline
# workaround until natively implemented: https://gitlab.com/groups/gitlab-org/-/epics/8205
review-app-test-results:
  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-${RUBY_VERSION}:bundler-2.3
  stage: review
  extends:
    - .qa-cache
    - .review:rules:start-review-app-pipeline
  needs:
    - start-review-app-pipeline
  variables:
    COLORIZED_LOGS: "true"
    QA_LOG_LEVEL: "debug"
  before_script:
    - cd qa && bundle install
  script:
    - bundle exec rake "ci:download_test_results[start-review-app-pipeline,e2e-test-report,${CI_PROJECT_DIR}]"
  when: always
  allow_failure: true
  artifacts:
    when: always
    reports:
      junit: qa/tmp/rspec-*.xml

danger-review:
  extends:
    - .default-retry
    - .ruby-node-cache
    - .review:rules:danger
  stage: test
  needs: []
  before_script:
    - source scripts/utils.sh
    - bundle_install_script "--with danger"
    - yarn_install_script
  script:
    # ${DANGER_DANGERFILE} is used by Jihulab for customizing danger support: https://jihulab.com/gitlab-cn/gitlab/-/blob/main-jh/jh/.gitlab-ci.yml
    - >
      if [ -z "$DANGER_GITLAB_API_TOKEN" ]; then
        run_timed_command danger_as_local
      else
        danger_id=$(echo -n ${DANGER_GITLAB_API_TOKEN} | md5sum | awk '{print $1}' | cut -c5-10)
        run_timed_command "bundle exec danger --fail-on-errors=true --verbose --danger_id=\"${danger_id}\" --dangerfile=\"${DANGER_DANGERFILE:-Dangerfile}\""
      fi

danger-review-local:
  extends:
    - danger-review
    - .review:rules:danger-local
  script:
    - run_timed_command danger_as_local