diff options
Diffstat (limited to '.gitlab/ci/review-apps')
| -rw-r--r-- | .gitlab/ci/review-apps/dast-api.gitlab-ci.yml | 29 | ||||
| -rw-r--r-- | .gitlab/ci/review-apps/main.gitlab-ci.yml | 31 | ||||
| -rw-r--r-- | .gitlab/ci/review-apps/qa.gitlab-ci.yml | 22 | ||||
| -rw-r--r-- | .gitlab/ci/review-apps/rules.gitlab-ci.yml | 35 |
4 files changed, 75 insertions, 42 deletions
diff --git a/.gitlab/ci/review-apps/dast-api.gitlab-ci.yml b/.gitlab/ci/review-apps/dast-api.gitlab-ci.yml index e2f32f120af..4d35a282037 100644 --- a/.gitlab/ci/review-apps/dast-api.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/dast-api.gitlab-ci.yml @@ -2,13 +2,34 @@ include: - template: DAST-API.gitlab-ci.yml dast_api: + needs: ["review-deploy"] + # Uncomment resource_group if DAST_API_PROFILE is changed to an active scan + # resource_group: dast_api_scan + rules: + - when: never + +dast_api_graphql: + extends: dast_api variables: - DAST_API_PROFILE: Passive DAST_API_GRAPHQL: /api/graphql + DAST_API_PROFILE: Passive + DAST_API_TARGET_URL: ${CI_ENVIRONMENT_URL} + DAST_API_OVERRIDES_ENV: "{\"headers\":{\"Authorization\":\"Bearer $REVIEW_APPS_ROOT_TOKEN\"}}" + rules: + - !reference [".reports:rules:schedule-dast", rules] + # + # To run this job in an MR pipeline, use this rule: + # - !reference [".reports:rules:test-dast", rules] + +dast_api_rest: + extends: dast_api + variables: + DAST_API_OPENAPI: doc/api/openapi/openapi_v2.yaml + DAST_API_PROFILE: Passive DAST_API_TARGET_URL: ${CI_ENVIRONMENT_URL} DAST_API_OVERRIDES_ENV: "{\"headers\":{\"Authorization\":\"Bearer $REVIEW_APPS_ROOT_TOKEN\"}}" - needs: ["review-deploy"] - # Uncomment resource_group if DAST_API_PROFILE is changed to an active scan - # resource_group: dast_api_scan rules: - !reference [".reports:rules:schedule-dast", rules] + # + # To run this job in an MR pipeline, use this rule: + # - !reference [".reports:rules:test-dast", rules] diff --git a/.gitlab/ci/review-apps/main.gitlab-ci.yml b/.gitlab/ci/review-apps/main.gitlab-ci.yml index d3f5d014464..85c5c7d1b1d 100644 --- a/.gitlab/ci/review-apps/main.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/main.gitlab-ci.yml @@ -32,14 +32,15 @@ review-build-cng-env: extends: - .default-retry - .review:rules:review-build-cng - image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:3.0-alpine3.13 + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}:bundler-2.3 stage: prepare needs: [] before_script: - source ./scripts/utils.sh - install_gitlab_gem script: - - 'ruby -r./scripts/trigger-build.rb -e "puts Trigger.variables_for_env_file(Trigger::CNG.new.variables)" > build.env' + - ruby -r./scripts/trigger-build.rb -e "puts Trigger.variables_for_env_file(Trigger::CNG.new.variables)" > build.env + - ruby -e 'puts "FULL_RUBY_VERSION=#{RUBY_VERSION}"' >> build.env - cat build.env artifacts: reports: @@ -70,12 +71,14 @@ review-build-cng: FORCE_RAILS_IMAGE_BUILDS: "${FORCE_RAILS_IMAGE_BUILDS}" CE_PIPELINE: "${CE_PIPELINE}" # Based on https://docs.gitlab.com/ee/ci/jobs/job_control.html#check-if-a-variable-exists, `if: '$CE_PIPELINE'` will evaluate to `false` when this variable is empty EE_PIPELINE: "${EE_PIPELINE}" # Based on https://docs.gitlab.com/ee/ci/jobs/job_control.html#check-if-a-variable-exists, `if: '$EE_PIPELINE'` will evaluate to `false` when this variable is empty - GITLAB_SHELL_VERSION: "${GITLAB_SHELL_VERSION}" GITLAB_ELASTICSEARCH_INDEXER_VERSION: "${GITLAB_ELASTICSEARCH_INDEXER_VERSION}" GITLAB_KAS_VERSION: "${GITLAB_KAS_VERSION}" - GITLAB_WORKHORSE_VERSION: "${GITLAB_WORKHORSE_VERSION}" + GITLAB_METRICS_EXPORTER_VERSION: "${GITLAB_METRICS_EXPORTER_VERSION}" GITLAB_PAGES_VERSION: "${GITLAB_PAGES_VERSION}" + GITLAB_SHELL_VERSION: "${GITLAB_SHELL_VERSION}" + GITLAB_WORKHORSE_VERSION: "${GITLAB_WORKHORSE_VERSION}" GITALY_SERVER_VERSION: "${GITALY_SERVER_VERSION}" + RUBY_VERSION: "${FULL_RUBY_VERSION}" trigger: project: gitlab-org/build/CNG-mirror branch: $TRIGGER_BRANCH @@ -88,9 +91,9 @@ review-build-cng: variables: HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}" DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}" - GITLAB_HELM_CHART_REF: "138c146a5ba787942f66d4c7d795d224d6ba206a" + GITLAB_HELM_CHART_REF: "ed813953079c1d81aa69d4cb8171c69aa9741f01" # 6.5.4: https://gitlab.com/gitlab-org/charts/gitlab/-/commit/ed813953079c1d81aa69d4cb8171c69aa9741f01 environment: - name: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # No separator for SCHEDULE_TYPE so it's compatible as before and looks nice without it + name: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # No separator for SCHEDULE_TYPE so it's compatible as before and looks nice without it url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN} on_stop: review-stop auto_stop_in: 48 hours @@ -113,11 +116,11 @@ review-deploy: - echo "QA_GITLAB_URL=${CI_ENVIRONMENT_URL}" > environment.env - *base-before_script script: - - check_kube_domain - - download_chart - - deploy || (display_deployment_debug && exit 1) - - verify_deploy || exit 1 - - disable_sign_ups || (delete_release && exit 1) + - run_timed_command "check_kube_domain" + - run_timed_command "download_chart" + - run_timed_command "deploy" || (display_deployment_debug && exit 1) + - run_timed_command "verify_deploy"|| (display_deployment_debug && exit 1) + - run_timed_command "disable_sign_ups" after_script: # Run seed-dast-test-data.sh only when DAST_RUN is set to true. This is to pupulate review app with data for DAST scan. # Set DAST_RUN to true when jobs are manually scheduled. @@ -165,14 +168,14 @@ review-delete-deployment: - .review:rules:review-delete-deployment stage: prepare script: - - delete_release + - delete_helm_release review-stop: extends: - .review-stop-base - .review:rules:review-stop - resource_group: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # CI_ENVIRONMENT_SLUG is not available here and we want this to be the same as the environment + resource_group: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # CI_ENVIRONMENT_SLUG is not available here and we want this to be the same as the environment stage: deploy needs: [] script: - - delete_namespace + - delete_helm_release diff --git a/.gitlab/ci/review-apps/qa.gitlab-ci.yml b/.gitlab/ci/review-apps/qa.gitlab-ci.yml index 0214f5ef3f2..69ce028987a 100644 --- a/.gitlab/ci/review-apps/qa.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/qa.gitlab-ci.yml @@ -1,6 +1,6 @@ include: - project: gitlab-org/quality/pipeline-common - ref: 1.3.0 + ref: 1.7.0 file: - /ci/base.gitlab-ci.yml - /ci/allure-report.yml @@ -25,7 +25,7 @@ include: - cd qa && bundle install .review-qa-base: - image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-${RUBY_VERSION}:bundler-2.3-git-2.33-lfs-2.9-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION}-gcloud-383-kubectl-1.23 + image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-${RUBY_VERSION}:bundler-2.3-git-2.36-lfs-2.9-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION}-gcloud-383-kubectl-1.23 extends: - .use-docker-in-docker - .bundle-base @@ -140,13 +140,13 @@ e2e-test-report: variables: ALLURE_JOB_NAME: e2e-review-qa ALLURE_PROJECT_PATH: $CI_PROJECT_PATH - ALLURE_RESULTS_GLOB: qa/tmp/allure-results/* + ALLURE_RESULTS_GLOB: qa/tmp/allure-results ALLURE_MERGE_REQUEST_IID: $CI_MERGE_REQUEST_IID GITLAB_AUTH_TOKEN: $GITLAB_QA_MR_ALLURE_REPORT_TOKEN GIT_STRATEGY: none allow_failure: true when: always - artifacts: # re-save rspec results for displaying in parent pipeline + artifacts: # re-save rspec results for displaying in parent pipeline expire_in: 1 day when: always paths: @@ -178,7 +178,7 @@ notify-slack: extends: - .notify-slack-qa - .qa-cache - - .rules:notify-slack + - .rules:main-run stage: post-qa variables: RUN_WITH_BUNDLE: "true" @@ -188,6 +188,16 @@ notify-slack: STATUS_SYM: ☠️ STATUS: failed TYPE: "(review-app) " + when: on_failure script: - - bundle exec gitlab-qa-report --prepare-stage-reports "$CI_PROJECT_DIR/qa/tmp/rspec-*.xml" # generate summary + - bundle exec gitlab-qa-report --prepare-stage-reports "$CI_PROJECT_DIR/qa/tmp/rspec-*.xml" # generate summary - !reference [.notify-slack-qa, script] + +export-test-metrics: + extends: + - .bundle-base + - .rules:main-run + stage: post-qa + when: always + script: + - bundle exec rake "ci:export_test_metrics[tmp/test-metrics-*.json]" diff --git a/.gitlab/ci/review-apps/rules.gitlab-ci.yml b/.gitlab/ci/review-apps/rules.gitlab-ci.yml index 4e07f381bc9..49343c98547 100644 --- a/.gitlab/ci/review-apps/rules.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/rules.gitlab-ci.yml @@ -15,9 +15,9 @@ .app-changes: &app-changes if: $APP_CHANGE_TRIGGER == "true" -# QA framework changes present -.qa-framework-changes: &qa-framework-changes - if: $QA_FRAMEWORK_CHANGES == "true" +# Run all tests when framework changes present or explicitly enabled full suite execution +.qa-run-all-tests: &qa-run-all-tests + if: $QA_FRAMEWORK_CHANGES == "true" || $QA_RUN_ALL_TESTS == "true" .default-branch: &default-branch if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH @@ -28,19 +28,19 @@ variables: QA_TESTS: "" -.never-when-qa-framework-changes-or-no-specific-specs: - - <<: *qa-framework-changes +.never-when-qa-run-all-tests-or-no-specific-specs: + - <<: *qa-run-all-tests when: never - <<: *all-specs when: never -.never-when-specific-specs-always-when-qa-framework-changes: +.never-when-specific-specs-always-when-qa-run-all-tests: + - *qa-run-all-tests - <<: *specific-specs when: manual allow_failure: true variables: QA_TESTS: "" - - *qa-framework-changes # ------------------------------------------ # Prepare @@ -61,8 +61,8 @@ # always trigger smoke suite if review pipeline got triggered by specific changes in application code - <<: *app-changes variables: - QA_TESTS: "" # unset QA_TESTS even if specific tests were inferred from stage label - - *qa-framework-changes + QA_TESTS: "" # unset QA_TESTS even if specific tests were inferred from stage label + - *qa-run-all-tests - if: $QA_SUITES =~ /Test::Instance::Smoke/ - *qa-manual @@ -70,25 +70,25 @@ rules: - <<: *app-changes when: never - - !reference [.never-when-qa-framework-changes-or-no-specific-specs] + - !reference [.never-when-qa-run-all-tests-or-no-specific-specs] - if: $QA_SUITES =~ /Test::Instance::ReviewBlocking/ .rules:qa-blocking-parallel: rules: # always trigger blocking suite if review pipeline got triggered by specific changes in application code - <<: *app-changes variables: - QA_TESTS: "" # unset QA_TESTS even if specific tests were inferred from stage label - - !reference [.never-when-specific-specs-always-when-qa-framework-changes] + QA_TESTS: "" # unset QA_TESTS even if specific tests were inferred from stage label + - !reference [.never-when-specific-specs-always-when-qa-run-all-tests] - if: $QA_SUITES =~ /Test::Instance::ReviewBlocking/ .rules:qa-non-blocking: rules: - - !reference [.never-when-qa-framework-changes-or-no-specific-specs] + - !reference [.never-when-qa-run-all-tests-or-no-specific-specs] - if: $QA_SUITES =~ /Test::Instance::ReviewNonBlocking/ .rules:qa-non-blocking-parallel: rules: - - !reference [.never-when-specific-specs-always-when-qa-framework-changes] - - *all-specs-mr # set full suite to manual when no specific specs passed in mr + - !reference [.never-when-specific-specs-always-when-qa-run-all-tests] + - *all-specs-mr # set full suite to manual when no specific specs passed in mr - if: $QA_SUITES =~ /Test::Instance::ReviewNonBlocking/ # ------------------------------------------ @@ -98,7 +98,6 @@ rules: - when: always -.rules:notify-slack: +.rules:main-run: rules: - - <<: *default-branch - when: on_failure + - *default-branch |