diff options
Diffstat (limited to '.gitlab/ci/rules.gitlab-ci.yml')
-rw-r--r-- | .gitlab/ci/rules.gitlab-ci.yml | 281 |
1 files changed, 123 insertions, 158 deletions
diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml index 50b1650e1d5..e62de4bc6dc 100644 --- a/.gitlab/ci/rules.gitlab-ci.yml +++ b/.gitlab/ci/rules.gitlab-ci.yml @@ -11,7 +11,7 @@ if: '$CI_PROJECT_NAME != "gitlab-foss" && $CI_PROJECT_NAME != "gitlab-ce" && $CI_PROJECT_NAME != "gitlabhq"' .if-jh: &if-jh - if: '$CI_PROJECT_PATH == "gitlab-jh/gitlab"' + if: '$CI_PROJECT_PATH =~ /^gitlab-(jh|cn)\/.*/' .if-default-refs: &if-default-refs if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH || $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable(-ee)?$/ || $CI_COMMIT_REF_NAME =~ /^\d+-\d+-auto-deploy-\d+$/ || $CI_COMMIT_REF_NAME =~ /^security\// || $CI_MERGE_REQUEST_IID || $CI_COMMIT_TAG || $FORCE_GITLAB_CI' @@ -67,6 +67,9 @@ .if-merge-request-labels-run-review-app: &if-merge-request-labels-run-review-app if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-review-app/' +.if-merge-request-labels-skip-undercoverage: &if-merge-request-labels-skip-undercoverage + if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:skip-undercoverage/' + .if-security-merge-request: &if-security-merge-request if: '$CI_PROJECT_NAMESPACE == "gitlab-org/security" && $CI_MERGE_REQUEST_IID' @@ -82,9 +85,6 @@ .if-dot-com-gitlab-org-schedule: &if-dot-com-gitlab-org-schedule if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_PIPELINE_SOURCE == "schedule"' -.if-dot-com-gitlab-org-schedule-child-pipeline: &if-dot-com-gitlab-org-schedule-child-pipeline - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_PIPELINE_SOURCE == "parent_pipeline" && $FREQUENCY' - .if-dot-com-ee-schedule: &if-dot-com-ee-schedule if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "schedule"' @@ -172,7 +172,7 @@ - "scripts/lint-doc.sh" .docs-deprecations-patterns: &docs-deprecations-patterns - - "doc/deprecations/index.md" + - "doc/update/deprecations.md" - "data/deprecations/*.yml" - "data/deprecations/templates/_deprecation_template.md.erb" - "lib/tasks/gitlab/docs/compile_deprecations.rake" @@ -271,6 +271,7 @@ - "danger/**/*" - "{,ee/,jh/}fixtures/**/*" - "{,ee/,jh/}rubocop/**/*" + - ".rubocop_todo/**/*.yml" - "{,ee/,jh/}spec/**/*" - "{,spec/}tooling/**/*" @@ -288,7 +289,8 @@ - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,rubocop_manual_todo}.yml" + - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo}.yml" + - ".rubocop_todo/**/*.yml" - "*_VERSION" - "{,jh/}Gemfile{,.lock}" - "Rakefile" @@ -311,7 +313,8 @@ - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,rubocop_manual_todo}.yml" + - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo}.yml" + - ".rubocop_todo/**/*.yml" - "*_VERSION" - "{,jh/}Gemfile{,.lock}" - "Rakefile" @@ -341,7 +344,8 @@ - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,rubocop_manual_todo}.yml" + - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo}.yml" + - ".rubocop_todo/**/*.yml" - "*_VERSION" - "{,jh/}Gemfile{,.lock}" - "Rakefile" @@ -367,7 +371,8 @@ - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,rubocop_manual_todo}.yml" + - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo}.yml" + - ".rubocop_todo/**/*.yml" - "*_VERSION" - "{,jh/}Gemfile{,.lock}" - "Rakefile" @@ -400,7 +405,8 @@ - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,rubocop_manual_todo}.yml" + - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo}.yml" + - ".rubocop_todo/**/*.yml" - "*_VERSION" - "{,jh/}Gemfile{,.lock}" - "Rakefile" @@ -642,8 +648,8 @@ changes: *ci-patterns - <<: *if-automated-merge-request changes: *code-backstage-patterns - - <<: *if-default-refs - changes: *backend-patterns + - <<: *if-security-merge-request + changes: *code-backstage-patterns - <<: *if-merge-request-not-approved when: never - <<: *if-default-refs @@ -655,14 +661,13 @@ when: never - <<: *if-automated-merge-request when: never + - <<: *if-security-merge-request + when: never - <<: *if-merge-request-labels-run-all-jest when: never - <<: *if-default-refs changes: *core-frontend-patterns when: never - - <<: *if-default-refs - changes: *backend-patterns - when: never - <<: *if-merge-request changes: *ci-patterns when: never @@ -785,11 +790,6 @@ changes: *feature-flag-development-config-patterns allow_failure: true -.qa:rules:reliable-reports:schedule: - rules: - - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "schedule" && $QA_RELIABLE_REPORT == "true"' - allow_failure: true - ############### # Rails rules # ############### @@ -814,6 +814,8 @@ changes: *db-patterns - <<: *if-automated-merge-request changes: *db-patterns + - <<: *if-security-merge-request + changes: *db-patterns - <<: *if-merge-request-not-approved when: never - changes: *db-patterns @@ -824,6 +826,8 @@ when: never - <<: *if-automated-merge-request when: never + - <<: *if-security-merge-request + when: never - <<: *if-merge-request-labels-run-all-rspec when: never - <<: *if-merge-request @@ -859,6 +863,8 @@ changes: *ci-patterns - <<: *if-automated-merge-request changes: *backend-patterns + - <<: *if-security-merge-request + changes: *backend-patterns - <<: *if-merge-request-not-approved when: never - changes: *backend-patterns @@ -869,6 +875,8 @@ when: never - <<: *if-automated-merge-request when: never + - <<: *if-security-merge-request + when: never - <<: *if-merge-request-labels-run-all-rspec when: never - <<: *if-merge-request @@ -889,6 +897,8 @@ changes: *ci-patterns - <<: *if-automated-merge-request changes: *backend-patterns + - <<: *if-security-merge-request + changes: *backend-patterns - <<: *if-merge-request-not-approved when: never - changes: *backend-patterns @@ -899,6 +909,8 @@ when: never - <<: *if-automated-merge-request when: never + - <<: *if-security-merge-request + when: never - <<: *if-merge-request-labels-run-all-rspec when: never - <<: *if-merge-request @@ -919,6 +931,8 @@ changes: *ci-patterns - <<: *if-automated-merge-request changes: *code-backstage-patterns + - <<: *if-security-merge-request + changes: *code-backstage-patterns - <<: *if-merge-request-not-approved when: never - changes: *code-backstage-patterns @@ -929,6 +943,8 @@ when: never - <<: *if-automated-merge-request when: never + - <<: *if-security-merge-request + when: never - <<: *if-merge-request-labels-run-all-rspec when: never - <<: *if-merge-request @@ -949,6 +965,8 @@ changes: *ci-patterns - <<: *if-automated-merge-request changes: ["config/**/*"] + - <<: *if-security-merge-request + changes: ["config/**/*"] - <<: *if-merge-request-not-approved when: never - changes: ["config/**/*"] @@ -959,6 +977,8 @@ when: never - <<: *if-automated-merge-request when: never + - <<: *if-security-merge-request + when: never - <<: *if-merge-request-labels-run-all-rspec when: never - <<: *if-merge-request @@ -988,6 +1008,8 @@ changes: *db-patterns - <<: *if-automated-merge-request changes: *db-patterns + - <<: *if-security-merge-request + changes: *db-patterns - <<: *if-merge-request-not-approved when: never - changes: *db-patterns @@ -1000,6 +1022,8 @@ when: never - <<: *if-automated-merge-request when: never + - <<: *if-security-merge-request + when: never - <<: *if-merge-request-labels-run-all-rspec when: never - <<: *if-merge-request @@ -1023,6 +1047,8 @@ changes: *ci-patterns - <<: *if-automated-merge-request changes: *backend-patterns + - <<: *if-security-merge-request + changes: *backend-patterns - <<: *if-merge-request-not-approved when: never - changes: *backend-patterns @@ -1035,6 +1061,8 @@ when: never - <<: *if-automated-merge-request when: never + - <<: *if-security-merge-request + when: never - <<: *if-merge-request-labels-run-all-rspec when: never - <<: *if-merge-request @@ -1057,6 +1085,8 @@ changes: *ci-patterns - <<: *if-automated-merge-request changes: *backend-patterns + - <<: *if-security-merge-request + changes: *backend-patterns - <<: *if-merge-request-not-approved when: never - changes: *backend-patterns @@ -1069,6 +1099,8 @@ when: never - <<: *if-automated-merge-request when: never + - <<: *if-security-merge-request + when: never - <<: *if-merge-request-labels-run-all-rspec when: never - <<: *if-merge-request @@ -1091,6 +1123,8 @@ changes: *ci-patterns - <<: *if-automated-merge-request changes: *code-backstage-patterns + - <<: *if-security-merge-request + changes: *code-backstage-patterns - <<: *if-merge-request-not-approved when: never - changes: *code-backstage-patterns @@ -1103,6 +1137,8 @@ when: never - <<: *if-automated-merge-request when: never + - <<: *if-security-merge-request + when: never - <<: *if-merge-request-labels-run-all-rspec when: never - <<: *if-merge-request @@ -1129,6 +1165,8 @@ changes: *db-patterns - <<: *if-automated-merge-request changes: *db-patterns + - <<: *if-security-merge-request + changes: *db-patterns - <<: *if-merge-request-not-approved when: never @@ -1140,15 +1178,14 @@ when: never - <<: *if-automated-merge-request when: never + - <<: *if-security-merge-request + when: never - <<: *if-merge-request changes: *core-backend-patterns when: never - <<: *if-merge-request changes: *ci-patterns when: never - - <<: *if-security-merge-request - changes: *db-patterns - when: never - <<: *if-merge-request-labels-as-if-foss changes: *db-patterns when: never @@ -1164,10 +1201,10 @@ changes: *ci-patterns - <<: *if-automated-merge-request changes: *backend-patterns - - <<: *if-merge-request-not-approved - when: never - <<: *if-security-merge-request changes: *backend-patterns + - <<: *if-merge-request-not-approved + when: never - <<: *if-merge-request-labels-as-if-foss changes: *backend-patterns @@ -1179,14 +1216,14 @@ when: never - <<: *if-automated-merge-request when: never + - <<: *if-security-merge-request + when: never - <<: *if-merge-request changes: *core-backend-patterns when: never - <<: *if-merge-request changes: *ci-patterns when: never - - <<: *if-security-merge-request - changes: *backend-patterns - <<: *if-merge-request-labels-as-if-foss changes: *backend-patterns @@ -1201,10 +1238,10 @@ changes: *ci-patterns - <<: *if-automated-merge-request changes: *backend-patterns - - <<: *if-merge-request-not-approved - when: never - <<: *if-security-merge-request changes: *backend-patterns + - <<: *if-merge-request-not-approved + when: never - <<: *if-merge-request-labels-as-if-foss changes: *backend-patterns @@ -1216,14 +1253,14 @@ when: never - <<: *if-automated-merge-request when: never + - <<: *if-security-merge-request + when: never - <<: *if-merge-request changes: *core-backend-patterns when: never - <<: *if-merge-request changes: *ci-patterns when: never - - <<: *if-security-merge-request - changes: *backend-patterns - <<: *if-merge-request-labels-as-if-foss changes: *backend-patterns @@ -1238,10 +1275,10 @@ changes: *ci-patterns - <<: *if-automated-merge-request changes: *code-backstage-patterns - - <<: *if-merge-request-not-approved - when: never - <<: *if-security-merge-request changes: *code-backstage-patterns + - <<: *if-merge-request-not-approved + when: never - <<: *if-merge-request-labels-as-if-foss changes: *code-backstage-patterns @@ -1253,14 +1290,14 @@ when: never - <<: *if-automated-merge-request when: never + - <<: *if-security-merge-request + when: never - <<: *if-merge-request changes: *core-backend-patterns when: never - <<: *if-merge-request changes: *ci-patterns when: never - - <<: *if-security-merge-request - changes: *code-backstage-patterns - <<: *if-merge-request-labels-as-if-foss changes: *code-backstage-patterns @@ -1367,6 +1404,16 @@ - <<: *if-merge-request-labels-run-all-rspec when: always +.rails:rules:rspec-undercoverage: + rules: + - <<: *if-not-ee + when: never + - <<: *if-merge-request-labels-skip-undercoverage + when: never + - <<: *if-merge-request-labels-run-all-rspec + - <<: *if-merge-request + changes: *backend-patterns + .rails:rules:default-branch-schedule-nightly--code-backstage: rules: - <<: *if-default-branch-schedule-nightly @@ -1556,7 +1603,7 @@ ################ # Review rules # ################ -.review:rules:review-app-pipeline: +.review:rules:start-review-app-pipeline: rules: - <<: *if-not-ee when: never @@ -1572,82 +1619,34 @@ - <<: *if-dot-com-gitlab-org-merge-request changes: *qa-patterns - <<: *if-dot-com-gitlab-org-schedule + variables: + KNAPSACK_GENERATE_REPORT: "true" .review:rules:review-build-cng: rules: - - <<: *if-not-ee - when: never - - <<: *if-merge-request-labels-run-review-app - - <<: *if-dot-com-gitlab-org-merge-request - changes: *ci-review-patterns - - <<: *if-dot-com-gitlab-org-merge-request - changes: *frontend-patterns - - <<: *if-dot-com-gitlab-org-merge-request - changes: *code-patterns - allow_failure: true - - <<: *if-dot-com-gitlab-org-merge-request - changes: *qa-patterns - - <<: *if-dot-com-gitlab-org-schedule-child-pipeline + - when: always .review:rules:review-deploy: rules: - - <<: *if-not-ee - when: never - - <<: *if-merge-request-labels-run-review-app - - <<: *if-dot-com-gitlab-org-merge-request - changes: *ci-review-patterns - - <<: *if-dot-com-gitlab-org-merge-request - changes: *frontend-patterns - - <<: *if-dot-com-gitlab-org-merge-request - changes: *code-patterns - allow_failure: true - - <<: *if-dot-com-gitlab-org-merge-request - changes: *qa-patterns - - <<: *if-dot-com-gitlab-org-schedule-child-pipeline - allow_failure: true + - when: on_success .review:rules:review-performance: rules: - if: '$DAST_RUN == "true"' # Skip this job when DAST is run when: never - - <<: *if-not-ee - when: never - - <<: *if-merge-request-labels-run-review-app - - <<: *if-dot-com-gitlab-org-merge-request + - <<: *if-merge-request-labels-run-review-app # we explicitely don't allow the job to fail in that case + - <<: *if-dot-com-gitlab-org-merge-request # we explicitely don't allow the job to fail in that case changes: *ci-review-patterns - - <<: *if-dot-com-gitlab-org-merge-request - changes: *frontend-patterns - allow_failure: true - - <<: *if-dot-com-gitlab-org-merge-request - changes: *code-qa-patterns - allow_failure: true - - <<: *if-dot-com-gitlab-org-schedule-child-pipeline + - when: on_success allow_failure: true .review:rules:review-delete-deployment: rules: - - <<: *if-not-ee - when: never - - <<: *if-merge-request-labels-run-review-app - - <<: *if-dot-com-gitlab-org-merge-request - changes: *code-qa-patterns + - when: on_success .review:rules:review-qa-smoke: rules: - - <<: *if-not-ee - when: never - - <<: *if-merge-request-labels-run-review-app - - <<: *if-dot-com-gitlab-org-merge-request - changes: *ci-review-patterns - - <<: *if-dot-com-gitlab-org-merge-request - changes: *frontend-patterns - - <<: *if-dot-com-gitlab-org-merge-request - changes: *qa-patterns - - <<: *if-dot-com-gitlab-org-merge-request - changes: *code-patterns - allow_failure: true - - <<: *if-dot-com-ee-schedule-child-pipeline - allow_failure: true + - when: on_success # The rule needs to be duplicated between `on_success` and `on_failure` # because the jobs `needs` the previous job to complete. @@ -1656,34 +1655,8 @@ # See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/63844#note_599012559 .review:rules:review-qa-smoke-report: rules: - - <<: *if-not-ee - when: never - - <<: *if-merge-request-labels-run-review-app - when: on_success - - <<: *if-merge-request-labels-run-review-app - when: on_failure - - <<: *if-dot-com-gitlab-org-merge-request - changes: *ci-review-patterns - when: on_success - - <<: *if-dot-com-gitlab-org-merge-request - changes: *ci-review-patterns - when: on_failure - - <<: *if-dot-com-gitlab-org-merge-request - changes: *frontend-patterns - when: on_success - - <<: *if-dot-com-gitlab-org-merge-request - changes: *frontend-patterns - when: on_failure - - <<: *if-dot-com-gitlab-org-merge-request - changes: *code-qa-patterns - when: on_success - - <<: *if-dot-com-gitlab-org-merge-request - changes: *code-qa-patterns - when: on_failure - - <<: *if-dot-com-ee-schedule-child-pipeline - when: on_success - - <<: *if-dot-com-ee-schedule-child-pipeline - when: on_failure + - when: on_success + - when: on_failure .review:rules:review-qa-reliable: rules: @@ -1692,17 +1665,12 @@ .review:rules:review-qa-all: rules: - - <<: *if-not-ee - when: never - - <<: *if-merge-request-labels-run-review-app + - <<: *if-merge-request-labels-run-review-app # we explicitely don't allow the job to fail in that case - <<: *if-dot-com-gitlab-org-merge-request changes: *code-patterns when: manual - allow_failure: true - - <<: *if-dot-com-gitlab-org-merge-request - changes: *qa-patterns - allow_failure: true - - <<: *if-dot-com-ee-nightly-schedule-child-pipeline + allow_failure: true # manual jobs needs to be allowd to fail, otherwise they block the pipeline + - when: on_success allow_failure: true # The rule needs to be duplicated between `on_success` and `on_failure` @@ -1712,29 +1680,23 @@ # See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/63844#note_599012559 .review:rules:review-qa-all-report: rules: - - <<: *if-not-ee - when: never - - <<: *if-merge-request-labels-run-review-app - when: on_success - - <<: *if-merge-request-labels-run-review-app - when: on_failure - - <<: *if-dot-com-gitlab-org-merge-request - changes: *code-patterns - when: manual - allow_failure: true - - <<: *if-dot-com-gitlab-org-merge-request - changes: *qa-patterns - when: on_success + - when: on_success allow_failure: true - - <<: *if-dot-com-gitlab-org-merge-request - changes: *qa-patterns - when: on_failure + - when: on_failure allow_failure: true - - <<: *if-dot-com-ee-nightly-schedule-child-pipeline + +# Generate knapsack report on successful runs only +# Reliable suite will pass most of the time so this should yield best distribution +.review:rules:knapsack-report-qa-reliable: + rules: + - if: '$KNAPSACK_GENERATE_REPORT == "true"' when: on_success allow_failure: true - - <<: *if-dot-com-ee-nightly-schedule-child-pipeline - when: on_failure + +.review:rules:knapsack-report-qa-all: + rules: + - if: '$KNAPSACK_GENERATE_REPORT == "true"' + when: always allow_failure: true .review:rules:review-cleanup: @@ -1750,23 +1712,16 @@ .review:rules:review-stop: rules: - - <<: *if-not-ee - when: never - - <<: *if-merge-request-labels-run-review-app - when: manual - allow_failure: true - - <<: *if-dot-com-gitlab-org-merge-request - changes: *code-qa-patterns - when: manual + - when: manual allow_failure: true .review:rules:danger: rules: - - if: '$CI_MERGE_REQUEST_IID' + - <<: *if-merge-request .review:rules:danger-local: rules: - - if: '$CI_MERGE_REQUEST_IID' + - <<: *if-merge-request changes: *danger-patterns ############### @@ -1819,6 +1774,16 @@ changes: *code-backstage-patterns when: on_success +.setup:rules:generate-frontend-fixtures-mapping: + rules: + - <<: *if-not-ee + when: never + - <<: *if-dot-com-ee-2-hourly-schedule + - changes: + - ".gitlab/ci/setup.gitlab-ci.yml" + - ".gitlab/ci/test-metadata.gitlab-ci.yml" + - "scripts/rspec_helpers.sh" + .setup:rules:add-jh-folder: rules: - <<: *if-not-ee |