summaryrefslogtreecommitdiff
path: root/.gitlab/ci/rules.gitlab-ci.yml
diff options
context:
space:
mode:
Diffstat (limited to '.gitlab/ci/rules.gitlab-ci.yml')
-rw-r--r--.gitlab/ci/rules.gitlab-ci.yml397
1 files changed, 253 insertions, 144 deletions
diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml
index a4a932c7dd0..8ddcf9c2094 100644
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -10,6 +10,9 @@
.if-not-foss: &if-not-foss
if: '$CI_PROJECT_NAME != "gitlab-foss" && $CI_PROJECT_NAME != "gitlab-ce" && $CI_PROJECT_NAME != "gitlabhq"'
+.if-jh: &if-jh
+ if: '$CI_PROJECT_PATH == "gitlab-jh/gitlab"'
+
.if-default-refs: &if-default-refs
if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH || $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable(-ee)?$/ || $CI_COMMIT_REF_NAME =~ /^\d+-\d+-auto-deploy-\d+$/ || $CI_COMMIT_REF_NAME =~ /^security\// || $CI_MERGE_REQUEST_IID || $CI_COMMIT_TAG || $FORCE_GITLAB_CI'
@@ -37,19 +40,22 @@
.if-automated-merge-request: &if-automated-merge-request
if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME == "release-tools/update-gitaly" || $CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ /stable-ee$/'
-.if-merge-request-title-as-if-foss: &if-merge-request-title-as-if-foss
+.if-merge-request-labels-as-if-foss: &if-merge-request-labels-as-if-foss
if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-as-if-foss/'
-.if-merge-request-title-update-caches: &if-merge-request-title-update-caches
+.if-merge-request-labels-as-if-jh: &if-merge-request-labels-as-if-jh
+ if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-as-if-jh/'
+
+.if-merge-request-labels-update-caches: &if-merge-request-labels-update-caches
if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:update-cache/'
-.if-merge-request-title-run-all-rspec: &if-merge-request-title-run-all-rspec
+.if-merge-request-labels-run-all-rspec: &if-merge-request-labels-run-all-rspec
if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-all-rspec/'
-.if-merge-request-title-run-all-jest: &if-merge-request-title-run-all-jest
+.if-merge-request-labels-run-all-jest: &if-merge-request-labels-run-all-jest
if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-all-jest/'
-.if-merge-request-run-decomposed: &if-merge-request-run-decomposed
+.if-merge-request-labels-run-decomposed: &if-merge-request-labels-run-decomposed
if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-decomposed/'
.if-security-merge-request: &if-security-merge-request
@@ -67,15 +73,24 @@
.if-dot-com-gitlab-org-schedule: &if-dot-com-gitlab-org-schedule
if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_PIPELINE_SOURCE == "schedule"'
+.if-dot-com-gitlab-org-schedule-child-pipeline: &if-dot-com-gitlab-org-schedule-child-pipeline
+ if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_PIPELINE_SOURCE == "parent_pipeline" && $FREQUENCY'
+
.if-dot-com-ee-schedule: &if-dot-com-ee-schedule
if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "schedule"'
+.if-dot-com-ee-schedule-child-pipeline: &if-dot-com-ee-schedule-child-pipeline
+ if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "parent_pipeline" && $FREQUENCY'
+
.if-dot-com-ee-2-hourly-schedule: &if-dot-com-ee-2-hourly-schedule
if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "schedule" && $FREQUENCY == "2-hourly"'
.if-dot-com-ee-nightly-schedule: &if-dot-com-ee-nightly-schedule
if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "schedule" && $FREQUENCY == "nightly"'
+.if-dot-com-ee-nightly-schedule-child-pipeline: &if-dot-com-ee-nightly-schedule-child-pipeline
+ if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "parent_pipeline" && $FREQUENCY == "nightly"'
+
.if-cache-credentials-schedule: &if-cache-credentials-schedule
if: '$CI_REPO_CACHE_CREDENTIALS && $CI_PIPELINE_SOURCE == "schedule"'
@@ -91,13 +106,6 @@
.if-dot-com-gitlab-org-and-security-tag: &if-dot-com-gitlab-org-and-security-tag
if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && $CI_COMMIT_TAG'
-
-.if-rspec-fail-fast-disabled: &if-rspec-fail-fast-disabled
- if: '$RSPEC_FAIL_FAST_ENABLED != "true"'
-
-.if-rspec-fail-fast-skipped: &if-rspec-fail-fast-skipped
- if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:skip-rspec-fail-fast/'
-
# For Security merge requests, the gitlab-release-tools-bot triggers a new
# pipeline for the "Pipelines for merged results" feature. If the pipeline
# fails, we notify release managers.
@@ -120,6 +128,7 @@
- ".gitlab/ci/frontend.gitlab-ci.yml"
- ".gitlab/ci/build-images.gitlab-ci.yml"
- ".gitlab/ci/review.gitlab-ci.yml"
+ - ".gitlab/ci/review-apps/**/*"
- "scripts/review_apps/base-config.yaml"
- "scripts/review_apps/review-apps.sh"
- "scripts/trigger-build"
@@ -150,13 +159,6 @@
- ".markdownlint.yml"
- "scripts/lint-doc.sh"
-.docs-deprecations-patterns: &docs-deprecations-patterns
- - "doc/deprecations/index.md"
- - "data/deprecations/*.yml"
- - "data/deprecations/templates/_deprecation_template.md.erb"
- - "lib/tasks/gitlab/docs/compile_deprecations.rake"
- - "tooling/deprecations/docs.rb"
-
.bundler-patterns: &bundler-patterns
- '{Gemfile.lock,*/Gemfile.lock,*/*/Gemfile.lock}'
@@ -368,13 +370,16 @@
- "danger/**/*"
- "tooling/danger/**/*"
+.core-backend-patterns: &core-backend-patterns
+ - "{,jh/}Gemfile{,.lock}"
+ - "{,ee/,jh/}config/**/*.rb"
+
.core-frontend-patterns: &core-frontend-patterns
- "{package.json,yarn.lock}"
- "babel.config.js"
- "jest.config.{base,integration,unit}.js"
- "config/helpers/**/*.js"
- "vendor/assets/javascripts/**/*"
- - "{,ee/,jh/}app/assets/**/*.graphql"
################
# Shared rules #
@@ -383,11 +388,11 @@
rules:
- <<: *if-default-branch-schedule-2-hourly
- <<: *if-security-schedule
- - <<: *if-merge-request-title-update-caches
+ - <<: *if-merge-request-labels-update-caches
.shared:rules:update-gitaly-binaries-cache:
rules:
- - <<: *if-merge-request-title-update-caches
+ - <<: *if-merge-request-labels-update-caches
- changes: *gitaly-patterns
######################
@@ -471,12 +476,6 @@
changes: *docs-patterns
when: on_success
-.docs:rules:deprecations:
- rules:
- - <<: *if-default-refs
- changes: *docs-deprecations-patterns
- when: on_success
-
##################
# GraphQL rules #
##################
@@ -502,35 +501,58 @@
.frontend:rules:compile-test-assets:
rules:
- changes: *code-backstage-qa-patterns
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
.frontend:rules:compile-test-assets-as-if-foss:
rules:
- <<: *if-not-ee
when: never
+ - <<: *if-merge-request-labels-as-if-foss
+ - <<: *if-merge-request-labels-run-all-rspec
+ - changes: *code-backstage-qa-patterns
+ - changes: *startup-css-patterns
+
+.frontend:rules:compile-test-assets-as-if-jh:
+ rules:
+ - <<: *if-not-ee
+ when: never
+ - <<: *if-jh
+ when: never
+ - <<: *if-merge-request-labels-as-if-jh
+ - <<: *if-merge-request-labels-run-all-rspec
- changes: *code-backstage-qa-patterns
- - <<: *if-merge-request-title-run-all-rspec
+ - changes: *startup-css-patterns
.frontend:rules:default-frontend-jobs:
rules:
- <<: *if-default-refs
changes: *code-backstage-patterns
-.frontend:rules:default-frontend-jobs-ee:
+.frontend:rules:default-frontend-jobs-as-if-foss:
rules:
- <<: *if-not-ee
when: never
- - <<: *if-default-refs
+ - <<: *if-jh
+ when: never
+ - <<: *if-security-merge-request
changes: *code-backstage-patterns
+ - <<: *if-merge-request-labels-as-if-foss
+ - <<: *if-merge-request-labels-run-all-rspec
+ - <<: *if-merge-request
+ changes: *startup-css-patterns
+ - <<: *if-merge-request
+ changes: *ci-patterns
-.frontend:rules:default-frontend-jobs-as-if-foss:
+.frontend:rules:default-frontend-jobs-as-if-jh:
rules:
- <<: *if-not-ee
when: never
+ - <<: *if-jh
+ when: never
- <<: *if-security-merge-request
changes: *code-backstage-patterns
- - <<: *if-merge-request-title-as-if-foss
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-as-if-jh
+ - <<: *if-merge-request-labels-run-all-rspec
- <<: *if-merge-request
changes: *startup-css-patterns
- <<: *if-merge-request
@@ -538,7 +560,7 @@
.frontend:rules:jest:
rules:
- - <<: *if-merge-request-title-run-all-jest
+ - <<: *if-merge-request-labels-run-all-jest
- <<: *if-default-refs
changes: *core-frontend-patterns
- <<: *if-merge-request
@@ -558,7 +580,7 @@
when: never
- <<: *if-automated-merge-request
when: never
- - <<: *if-merge-request-title-run-all-jest
+ - <<: *if-merge-request-labels-run-all-jest
when: never
- <<: *if-default-refs
changes: *core-frontend-patterns
@@ -576,7 +598,10 @@
rules:
- <<: *if-not-ee
when: never
- - <<: *if-merge-request-title-as-if-foss
+ - <<: *if-jh
+ when: never
+ # We already have `static-analysis as-if-foss` which already runs `lint:eslint:all` if the `pipeline:run-as-if-foss` label is set.
+ - <<: *if-merge-request-labels-as-if-foss
when: never
- <<: *if-merge-request
changes: *frontend-patterns
@@ -644,10 +669,12 @@
rules:
- <<: *if-not-ee
when: never
+ - <<: *if-jh
+ when: never
- <<: *if-security-merge-request
changes: *code-qa-patterns
- - <<: *if-merge-request-title-as-if-foss
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-as-if-foss
+ - <<: *if-merge-request-labels-run-all-rspec
- <<: *if-merge-request
changes: *ci-patterns
@@ -673,12 +700,13 @@
###############
.rails:rules:decomposed-databases:
rules:
- - <<: *if-merge-request-run-decomposed
- allow_failure: true
+ - <<: *if-merge-request-labels-run-decomposed
.rails:rules:ee-and-foss-migration:
rules:
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
+ - <<: *if-merge-request
+ changes: *core-backend-patterns
- <<: *if-merge-request
changes: *ci-patterns
- <<: *if-merge-request
@@ -695,7 +723,10 @@
when: never
- <<: *if-automated-merge-request
when: never
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
+ when: never
+ - <<: *if-merge-request
+ changes: *core-backend-patterns
when: never
- <<: *if-merge-request
changes: *ci-patterns
@@ -708,7 +739,7 @@
rules:
- <<: *if-merge-request
changes: *db-patterns
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
.rails:rules:db:gitlabcom-database-testing:
rules:
@@ -720,7 +751,9 @@
.rails:rules:ee-and-foss-unit:
rules:
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
+ - <<: *if-merge-request
+ changes: *core-backend-patterns
- <<: *if-merge-request
changes: *ci-patterns
- <<: *if-automated-merge-request
@@ -735,7 +768,10 @@
when: never
- <<: *if-automated-merge-request
when: never
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
+ when: never
+ - <<: *if-merge-request
+ changes: *core-backend-patterns
when: never
- <<: *if-merge-request
changes: *ci-patterns
@@ -745,7 +781,9 @@
.rails:rules:ee-and-foss-integration:
rules:
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
+ - <<: *if-merge-request
+ changes: *core-backend-patterns
- <<: *if-merge-request
changes: *ci-patterns
- <<: *if-automated-merge-request
@@ -760,7 +798,10 @@
when: never
- <<: *if-automated-merge-request
when: never
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
+ when: never
+ - <<: *if-merge-request
+ changes: *core-backend-patterns
when: never
- <<: *if-merge-request
changes: *ci-patterns
@@ -770,7 +811,9 @@
.rails:rules:ee-and-foss-system:
rules:
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
+ - <<: *if-merge-request
+ changes: *core-backend-patterns
- <<: *if-merge-request
changes: *ci-patterns
- <<: *if-automated-merge-request
@@ -785,7 +828,10 @@
when: never
- <<: *if-automated-merge-request
when: never
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
+ when: never
+ - <<: *if-merge-request
+ changes: *core-backend-patterns
when: never
- <<: *if-merge-request
changes: *ci-patterns
@@ -795,7 +841,9 @@
.rails:rules:ee-and-foss-fast_spec_helper:
rules:
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
+ - <<: *if-merge-request
+ changes: *core-backend-patterns
- <<: *if-merge-request
changes: *ci-patterns
- <<: *if-automated-merge-request
@@ -810,7 +858,10 @@
when: never
- <<: *if-automated-merge-request
when: never
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
+ when: never
+ - <<: *if-merge-request
+ changes: *core-backend-patterns
when: never
- <<: *if-merge-request
changes: *ci-patterns
@@ -821,13 +872,15 @@
.rails:rules:code-backstage-qa:
rules:
- changes: *code-backstage-qa-patterns
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
.rails:rules:ee-only-migration:
rules:
- <<: *if-not-ee
when: never
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
+ - <<: *if-merge-request
+ changes: *core-backend-patterns
- <<: *if-merge-request
changes: *ci-patterns
- <<: *if-merge-request
@@ -846,7 +899,10 @@
when: never
- <<: *if-automated-merge-request
when: never
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
+ when: never
+ - <<: *if-merge-request
+ changes: *core-backend-patterns
when: never
- <<: *if-merge-request
changes: *ci-patterns
@@ -859,7 +915,9 @@
rules:
- <<: *if-not-ee
when: never
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
+ - <<: *if-merge-request
+ changes: *core-backend-patterns
- <<: *if-merge-request
changes: *ci-patterns
- <<: *if-automated-merge-request
@@ -876,7 +934,10 @@
when: never
- <<: *if-automated-merge-request
when: never
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
+ when: never
+ - <<: *if-merge-request
+ changes: *core-backend-patterns
when: never
- <<: *if-merge-request
changes: *ci-patterns
@@ -888,7 +949,9 @@
rules:
- <<: *if-not-ee
when: never
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
+ - <<: *if-merge-request
+ changes: *core-backend-patterns
- <<: *if-merge-request
changes: *ci-patterns
- <<: *if-automated-merge-request
@@ -905,7 +968,10 @@
when: never
- <<: *if-automated-merge-request
when: never
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
+ when: never
+ - <<: *if-merge-request
+ changes: *core-backend-patterns
when: never
- <<: *if-merge-request
changes: *ci-patterns
@@ -917,7 +983,9 @@
rules:
- <<: *if-not-ee
when: never
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
+ - <<: *if-merge-request
+ changes: *core-backend-patterns
- <<: *if-merge-request
changes: *ci-patterns
- <<: *if-automated-merge-request
@@ -934,7 +1002,10 @@
when: never
- <<: *if-automated-merge-request
when: never
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
+ when: never
+ - <<: *if-merge-request
+ changes: *core-backend-patterns
when: never
- <<: *if-merge-request
changes: *ci-patterns
@@ -946,12 +1017,14 @@
rules:
- <<: *if-not-ee
when: never
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
+ - <<: *if-merge-request
+ changes: *core-backend-patterns
- <<: *if-merge-request
changes: *ci-patterns
- <<: *if-security-merge-request
changes: *db-patterns
- - <<: *if-merge-request-title-as-if-foss
+ - <<: *if-merge-request-labels-as-if-foss
changes: *db-patterns
- <<: *if-automated-merge-request
changes: *db-patterns
@@ -967,12 +1040,15 @@
- <<: *if-automated-merge-request
when: never
- <<: *if-merge-request
+ changes: *core-backend-patterns
+ when: never
+ - <<: *if-merge-request
changes: *ci-patterns
when: never
- <<: *if-security-merge-request
changes: *db-patterns
when: never
- - <<: *if-merge-request-title-as-if-foss
+ - <<: *if-merge-request-labels-as-if-foss
changes: *db-patterns
when: never
@@ -980,7 +1056,9 @@
rules:
- <<: *if-not-ee
when: never
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
+ - <<: *if-merge-request
+ changes: *core-backend-patterns
- <<: *if-merge-request
changes: *ci-patterns
- <<: *if-automated-merge-request
@@ -989,7 +1067,7 @@
when: never
- <<: *if-security-merge-request
changes: *backend-patterns
- - <<: *if-merge-request-title-as-if-foss
+ - <<: *if-merge-request-labels-as-if-foss
changes: *backend-patterns
.rails:rules:as-if-foss-unit:minimal:
@@ -1001,18 +1079,23 @@
- <<: *if-automated-merge-request
when: never
- <<: *if-merge-request
+ changes: *core-backend-patterns
+ when: never
+ - <<: *if-merge-request
changes: *ci-patterns
when: never
- <<: *if-security-merge-request
changes: *backend-patterns
- - <<: *if-merge-request-title-as-if-foss
+ - <<: *if-merge-request-labels-as-if-foss
changes: *backend-patterns
.rails:rules:as-if-foss-integration:
rules:
- <<: *if-not-ee
when: never
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
+ - <<: *if-merge-request
+ changes: *core-backend-patterns
- <<: *if-merge-request
changes: *ci-patterns
- <<: *if-automated-merge-request
@@ -1021,7 +1104,7 @@
when: never
- <<: *if-security-merge-request
changes: *backend-patterns
- - <<: *if-merge-request-title-as-if-foss
+ - <<: *if-merge-request-labels-as-if-foss
changes: *backend-patterns
.rails:rules:as-if-foss-integration:minimal:
@@ -1033,18 +1116,23 @@
- <<: *if-automated-merge-request
when: never
- <<: *if-merge-request
+ changes: *core-backend-patterns
+ when: never
+ - <<: *if-merge-request
changes: *ci-patterns
when: never
- <<: *if-security-merge-request
changes: *backend-patterns
- - <<: *if-merge-request-title-as-if-foss
+ - <<: *if-merge-request-labels-as-if-foss
changes: *backend-patterns
.rails:rules:as-if-foss-system:
rules:
- <<: *if-not-ee
when: never
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
+ - <<: *if-merge-request
+ changes: *core-backend-patterns
- <<: *if-merge-request
changes: *ci-patterns
- <<: *if-automated-merge-request
@@ -1053,7 +1141,7 @@
when: never
- <<: *if-security-merge-request
changes: *code-backstage-patterns
- - <<: *if-merge-request-title-as-if-foss
+ - <<: *if-merge-request-labels-as-if-foss
changes: *code-backstage-patterns
.rails:rules:as-if-foss-system:minimal:
@@ -1065,23 +1153,26 @@
- <<: *if-automated-merge-request
when: never
- <<: *if-merge-request
+ changes: *core-backend-patterns
+ when: never
+ - <<: *if-merge-request
changes: *ci-patterns
when: never
- <<: *if-security-merge-request
changes: *code-backstage-patterns
- - <<: *if-merge-request-title-as-if-foss
+ - <<: *if-merge-request-labels-as-if-foss
changes: *code-backstage-patterns
.rails:rules:ee-and-foss-db-library-code:
rules:
- changes: *db-library-patterns
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
.rails:rules:ee-mr-and-default-branch-only:
rules:
- <<: *if-not-ee
when: never
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
- <<: *if-merge-request
changes: *code-backstage-patterns
- <<: *if-default-branch-refs
@@ -1090,13 +1181,13 @@
.rails:rules:detect-tests:
rules:
- changes: *code-backstage-patterns
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
.rails:rules:rspec-foss-impact:
rules:
- <<: *if-not-ee
when: never
- - <<: *if-merge-request-title-as-if-foss
+ - <<: *if-merge-request-labels-as-if-foss
when: never
- <<: *if-security-merge-request
changes: *code-backstage-patterns
@@ -1105,10 +1196,6 @@
.rails:rules:rspec fail-fast:
rules:
- - <<: *if-rspec-fail-fast-disabled
- when: never
- - <<: *if-rspec-fail-fast-skipped
- when: never
- <<: *if-not-ee
when: never
- <<: *if-security-merge-request
@@ -1118,10 +1205,6 @@
.rails:rules:fail-pipeline-early:
rules:
- - <<: *if-rspec-fail-fast-disabled
- when: never
- - <<: *if-rspec-fail-fast-skipped
- when: never
- <<: *if-not-ee
when: never
- <<: *if-security-merge-request
@@ -1136,7 +1219,7 @@
- <<: *if-not-ee
when: never
- <<: *if-default-branch-schedule-nightly
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
.rails:rules:rspec-coverage:
rules:
@@ -1146,7 +1229,7 @@
changes: *code-backstage-patterns
when: always
- <<: *if-default-branch-schedule-2-hourly
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
when: always
.rails:rules:default-branch-schedule-nightly--code-backstage:
@@ -1181,7 +1264,7 @@
rules:
- <<: *if-not-ee
when: never
- - <<: *if-merge-request-title-as-if-foss
+ - <<: *if-merge-request-labels-as-if-foss
changes: *code-backstage-qa-patterns
- <<: *if-security-merge-request
changes: *code-backstage-qa-patterns
@@ -1196,7 +1279,7 @@
rules:
- <<: *if-merge-request
changes: ["vendor/gems/mail-smtp_pool/**/*"]
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
##################
# Releases rules #
@@ -1222,75 +1305,76 @@
when: never
- <<: *if-default-refs
changes: *code-backstage-patterns
- allow_failure: true
-.reports:rules:sast:
+.reports:rules:brakeman-sast:
rules:
- - if: '$SAST_DISABLED || $GITLAB_FEATURES !~ /\bsast\b/'
+ - if: $SAST_DISABLED
when: never
- - <<: *if-default-refs
- changes: *code-backstage-qa-patterns
- allow_failure: true
+ - if: $SAST_EXCLUDED_ANALYZERS =~ /brakeman/
+ when: never
+ - changes:
+ - '**/*.rb'
+ - '**/Gemfile'
+
+.reports:rules:gosec-sast:
+ rules:
+ - if: $SAST_DISABLED
+ when: never
+ - if: $SAST_EXCLUDED_ANALYZERS =~ /gosec/
+ when: never
+ - changes:
+ - '**/*.go'
+
+.reports:rules:semgrep-sast:
+ rules:
+ - if: $SAST_DISABLED
+ when: never
+ - if: $SAST_EXCLUDED_ANALYZERS =~ /semgrep/
+ when: never
+ - changes:
+ - '**/*.py'
+ - '**/*.js'
+ - '**/*.jsx'
+ - '**/*.ts'
+ - '**/*.tsx'
+ - '**/*.c'
+ - '**/*.go'
.reports:rules:secret_detection:
rules:
- if: '$SECRET_DETECTION_DISABLED'
when: never
- - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' # The Secret-Detection template already has a `secret_detection_default_branch` job
- when: never
- changes: *code-backstage-qa-patterns
- allow_failure: true
.reports:rules:gemnasium-dependency_scanning:
rules:
- - if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/ || $DS_EXCLUDED_ANALYZERS =~ /gemnasium([^-]|$)/'
+ - if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/ || $DS_EXCLUDED_ANALYZERS =~ /gemnasium([^-]|$)/ || $DS_DEFAULT_ANALYZERS !~ /gemnasium([^-]|$)/'
when: never
- - <<: *if-default-refs
- changes: *dependency-patterns
- allow_failure: true
+ - changes: *dependency-patterns
.reports:rules:bundler-audit-dependency_scanning:
rules:
- - if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/ || $DS_EXCLUDED_ANALYZERS =~ /bundler-audit/'
+ - if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/ || $DS_EXCLUDED_ANALYZERS =~ /bundler-audit/ || $DS_DEFAULT_ANALYZERS !~ /bundler-audit/'
when: never
- - <<: *if-default-refs
- changes: *bundler-patterns
- allow_failure: true
+ - changes: *bundler-patterns
.reports:rules:retire-js-dependency_scanning:
rules:
- - if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/ || $DS_EXCLUDED_ANALYZERS =~ /retire.js/'
+ - if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/ || $DS_EXCLUDED_ANALYZERS =~ /retire.js/ || $DS_DEFAULT_ANALYZERS !~ /retire.js/'
when: never
- - <<: *if-default-refs
- changes: *nodejs-patterns
- allow_failure: true
+ - changes: *nodejs-patterns
.reports:rules:gemnasium-python-dependency_scanning:
rules:
- - if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/ || $DS_EXCLUDED_ANALYZERS =~ /gemnasium-python/'
+ - if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/ || $DS_EXCLUDED_ANALYZERS =~ /gemnasium-python/ || $DS_DEFAULT_ANALYZERS !~ /gemnasium-python/'
when: never
- - <<: *if-default-refs
- changes: *python-patterns
- allow_failure: true
-
-.reports:rules:dast:
- rules:
- - if: '$DAST_DISABLED || $GITLAB_FEATURES !~ /\bdast\b/'
- when: never
- - <<: *if-dot-com-gitlab-org-merge-request
- changes: *frontend-patterns
- allow_failure: true
- - <<: *if-dot-com-gitlab-org-merge-request
- changes: *code-qa-patterns
- when: manual
- allow_failure: true
+ - changes: *python-patterns
.reports:rules:schedule-dast:
rules:
- if: '$DAST_DISABLED || $GITLAB_FEATURES !~ /\bdast\b/'
when: never
- - <<: *if-dot-com-ee-nightly-schedule
- allow_failure: true
+ - <<: *if-dot-com-ee-nightly-schedule-child-pipeline
.reports:rules:package_hunter-yarn:
rules:
@@ -1310,16 +1394,14 @@
.reports:rules:license_scanning:
rules:
- - if: '$LICENSE_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\blicense_scanning\b/'
+ - if: '$LICENSE_MANAGEMENT_DISABLED || $GITLAB_FEATURES !~ /\blicense_scanning\b/'
when: never
- - <<: *if-default-refs
- changes: *code-backstage-qa-patterns
- allow_failure: true
+ - changes: *code-backstage-qa-patterns
################
# Review rules #
################
-.review:rules:review-build-cng:
+.review:rules:review-app-pipeline:
rules:
- <<: *if-not-ee
when: never
@@ -1336,6 +1418,22 @@
allow_failure: true
- <<: *if-dot-com-gitlab-org-schedule
+.review:rules:review-build-cng:
+ rules:
+ - <<: *if-not-ee
+ when: never
+ - <<: *if-dot-com-gitlab-org-merge-request
+ changes: *ci-review-patterns
+ - <<: *if-dot-com-gitlab-org-merge-request
+ changes: *frontend-patterns
+ - <<: *if-dot-com-gitlab-org-merge-request
+ changes: *code-patterns
+ allow_failure: true
+ - <<: *if-dot-com-gitlab-org-merge-request
+ changes: *qa-patterns
+ allow_failure: true
+ - <<: *if-dot-com-gitlab-org-schedule-child-pipeline
+
.review:rules:review-deploy:
rules:
- <<: *if-not-ee
@@ -1351,7 +1449,7 @@
- <<: *if-dot-com-gitlab-org-merge-request
changes: *qa-patterns
allow_failure: true
- - <<: *if-dot-com-gitlab-org-schedule
+ - <<: *if-dot-com-gitlab-org-schedule-child-pipeline
allow_failure: true
.review:rules:review-performance:
@@ -1368,7 +1466,7 @@
- <<: *if-dot-com-gitlab-org-merge-request
changes: *code-qa-patterns
allow_failure: true
- - <<: *if-dot-com-gitlab-org-schedule
+ - <<: *if-dot-com-gitlab-org-schedule-child-pipeline
allow_failure: true
.review:rules:review-delete-deployment:
@@ -1390,7 +1488,7 @@
- <<: *if-dot-com-gitlab-org-merge-request
changes: *code-qa-patterns
allow_failure: true
- - <<: *if-dot-com-ee-schedule
+ - <<: *if-dot-com-ee-schedule-child-pipeline
allow_failure: true
# The rule needs to be duplicated between `on_success` and `on_failure`
@@ -1418,9 +1516,9 @@
- <<: *if-dot-com-gitlab-org-merge-request
changes: *code-qa-patterns
when: on_failure
- - <<: *if-dot-com-ee-schedule
+ - <<: *if-dot-com-ee-schedule-child-pipeline
when: on_success
- - <<: *if-dot-com-ee-schedule
+ - <<: *if-dot-com-ee-schedule-child-pipeline
when: on_failure
.review:rules:review-qa-all:
@@ -1434,7 +1532,7 @@
- <<: *if-dot-com-gitlab-org-merge-request
changes: *qa-patterns
allow_failure: true
- - <<: *if-dot-com-ee-nightly-schedule
+ - <<: *if-dot-com-ee-nightly-schedule-child-pipeline
allow_failure: true
# The rule needs to be duplicated between `on_success` and `on_failure`
@@ -1456,10 +1554,10 @@
changes: *qa-patterns
when: on_failure
allow_failure: true
- - <<: *if-dot-com-ee-nightly-schedule
+ - <<: *if-dot-com-ee-nightly-schedule-child-pipeline
when: on_success
allow_failure: true
- - <<: *if-dot-com-ee-nightly-schedule
+ - <<: *if-dot-com-ee-nightly-schedule-child-pipeline
when: on_failure
allow_failure: true
@@ -1471,7 +1569,7 @@
changes: *code-qa-patterns
when: manual
allow_failure: true
- - <<: *if-dot-com-gitlab-org-schedule
+ - <<: *if-dot-com-gitlab-org-schedule-child-pipeline
allow_failure: true
.review:rules:review-stop:
@@ -1534,6 +1632,17 @@
changes: *code-backstage-patterns
when: on_success
+.setup:rules:add-jh-folder:
+ rules:
+ - <<: *if-not-ee
+ when: never
+ - <<: *if-jh
+ when: never
+ - <<: *if-merge-request-labels-as-if-jh
+ - <<: *if-merge-request-labels-run-all-rspec
+ - changes: *code-backstage-qa-patterns
+ - changes: *startup-css-patterns
+
#######################
# Test metadata rules #
#######################
@@ -1541,7 +1650,7 @@
rules:
- changes: *code-backstage-patterns
when: on_success
- - <<: *if-merge-request-title-run-all-rspec
+ - <<: *if-merge-request-labels-run-all-rspec
.test-metadata:rules:update-tests-metadata:
rules: