diff options
Diffstat (limited to '.gitlab/ci')
-rw-r--r-- | .gitlab/ci/build-images.gitlab-ci.yml | 31 | ||||
-rw-r--r-- | .gitlab/ci/docs.gitlab-ci.yml | 9 | ||||
-rw-r--r-- | .gitlab/ci/frontend.gitlab-ci.yml | 49 | ||||
-rw-r--r-- | .gitlab/ci/global.gitlab-ci.yml | 21 | ||||
-rw-r--r-- | .gitlab/ci/qa.gitlab-ci.yml | 1 | ||||
-rw-r--r-- | .gitlab/ci/rails.gitlab-ci.yml | 362 | ||||
-rw-r--r-- | .gitlab/ci/reports.gitlab-ci.yml | 13 | ||||
-rw-r--r-- | .gitlab/ci/review.gitlab-ci.yml | 321 | ||||
-rw-r--r-- | .gitlab/ci/rules.gitlab-ci.yml | 199 | ||||
-rw-r--r-- | .gitlab/ci/setup.gitlab-ci.yml | 1 | ||||
-rw-r--r-- | .gitlab/ci/yaml.gitlab-ci.yml | 4 |
11 files changed, 672 insertions, 339 deletions
diff --git a/.gitlab/ci/build-images.gitlab-ci.yml b/.gitlab/ci/build-images.gitlab-ci.yml new file mode 100644 index 00000000000..e6c3e7598d3 --- /dev/null +++ b/.gitlab/ci/build-images.gitlab-ci.yml @@ -0,0 +1,31 @@ +# This image is used by the `review-qa-*` jobs. Not currently used by the `omnibus-gitlab` pipelines which rebuild this +# image, e.g. https://gitlab.com/gitlab-org/build/omnibus-gitlab-mirror/-/jobs/587107399, which we could probably avoid. +# See https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5429. +build-qa-image: + extends: + - .use-kaniko + - .build-images:rules:build-qa-image + stage: build-images + needs: [] + script: + - export QA_IMAGE="${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-ee-qa:${CI_COMMIT_REF_SLUG}" + - /kaniko/executor --context=${CI_PROJECT_DIR} --dockerfile=${CI_PROJECT_DIR}/qa/Dockerfile --destination=${QA_IMAGE} --cache=true + retry: 2 + +# This image is used by: +# - The `CNG` pipelines (via the `review-build-cng` job): https://gitlab.com/gitlab-org/build/CNG/-/blob/cfc67136d711e1c8c409bf8e57427a644393da2f/.gitlab-ci.yml#L335 +# - The `omnibus-gitlab` pipelines (via the `package-and-qa` job): https://gitlab.com/gitlab-org/omnibus-gitlab/-/blob/dfd1ad475868fc84e91ab7b5706aa03e46dc3a86/.gitlab-ci.yml#L130 +build-assets-image: + extends: + - .use-kaniko + - .build-images:rules:build-assets-image + stage: build-images + needs: ["compile-production-assets"] + variables: + GIT_DEPTH: "1" + script: + # TODO: Change the image tag to be the MD5 of assets files and skip image building if the image exists + # We'll also need to pass GITLAB_ASSETS_TAG to the trigerred omnibus-gitlab pipeline similarly to how we do it for trigerred CNG pipelines + # https://gitlab.com/gitlab-org/gitlab/issues/208389 + - run_timed_command "scripts/build_assets_image" + retry: 2 diff --git a/.gitlab/ci/docs.gitlab-ci.yml b/.gitlab/ci/docs.gitlab-ci.yml index 5a6f2aacf93..8745e7d8e9e 100644 --- a/.gitlab/ci/docs.gitlab-ci.yml +++ b/.gitlab/ci/docs.gitlab-ci.yml @@ -59,6 +59,15 @@ docs lint: # Check the internal anchor links - bundle exec nanoc check internal_anchors +ui-docs-links lint: + extends: + - .docs:rules:docs-lint + - .static-analysis-base + stage: test + needs: [] + script: + - bundle exec haml-lint -i DocumentationLinks + graphql-reference-verify: extends: - .default-retry diff --git a/.gitlab/ci/frontend.gitlab-ci.yml b/.gitlab/ci/frontend.gitlab-ci.yml index 4403187d422..084a48a7fc6 100644 --- a/.gitlab/ci/frontend.gitlab-ci.yml +++ b/.gitlab/ci/frontend.gitlab-ci.yml @@ -2,16 +2,18 @@ extends: - .default-retry - .default-before_script - - .assets-compile-cache variables: SETUP_DB: "false" # we override the max_old_space_size to prevent OOM errors NODE_OPTIONS: --max_old_space_size=3584 - WEBPACK_VENDOR_DLL: "true" .compile-assets-base: - extends: .frontend-base + extends: + - .frontend-base + - .assets-compile-cache image: registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.6-git-2.27-lfs-2.9-node-12.x-yarn-1.21-graphicsmagick-1.3.34 + variables: + WEBPACK_VENDOR_DLL: "true" stage: prepare script: - node --version @@ -90,21 +92,6 @@ update-yarn-cache: cache: policy: push -build-assets-image: - extends: - - .use-kaniko - - .frontend:rules:compile-production-assets - stage: build-images - needs: ["compile-production-assets"] - variables: - GIT_DEPTH: "1" - script: - # TODO: Change the image tag to be the MD5 of assets files and skip image building if the image exists - # We'll also need to pass GITLAB_ASSETS_TAG to the trigerred omnibus-gitlab pipeline similarly to how we do it for trigerred CNG pipelines - # https://gitlab.com/gitlab-org/gitlab/issues/208389 - - run_timed_command "scripts/build_assets_image" - retry: 2 - .frontend-fixtures-base: extends: - .frontend-base @@ -114,6 +101,7 @@ build-assets-image: needs: ["setup-test-env", "compile-test-assets"] variables: SETUP_DB: "true" + WEBPACK_VENDOR_DLL: "true" script: - run_timed_command "scripts/gitaly-test-build" - run_timed_command "scripts/gitaly-test-spawn" @@ -138,22 +126,25 @@ frontend-fixtures-as-if-foss: .frontend-test-base: extends: - - .default-retry + - .frontend-base - .yarn-cache variables: USE_BUNDLE_INSTALL: "false" - SETUP_DB: "false" stage: test - before_script: - - source scripts/utils.sh + +eslint-as-if-foss: + extends: + - .frontend-test-base + - .frontend:rules:eslint-as-if-foss + - .as-if-foss + needs: [] + script: + - run_timed_command "retry yarn install --frozen-lockfile" + - yarn run eslint .karma-base: extends: .frontend-test-base - variables: - # we override the max_old_space_size to prevent OOM errors - NODE_OPTIONS: --max_old_space_size=3584 script: - - source scripts/utils.sh - export BABEL_ENV=coverage CHROME_LOG_FILE=chrome_debug.log - run_timed_command "retry yarn install --frozen-lockfile" - run_timed_command "yarn karma" @@ -174,6 +165,7 @@ karma: - tmp/tests/frontend/ reports: junit: junit_karma.xml + cobertura: coverage-javascript/cobertura-coverage.xml karma-as-if-foss: extends: @@ -185,7 +177,6 @@ karma-as-if-foss: .jest-base: extends: .frontend-test-base script: - - source scripts/utils.sh - run_timed_command "retry yarn install --frozen-lockfile" - run_timed_command "yarn jest --ci --coverage --testSequencer ./scripts/frontend/parallel_ci_sequencer.js" @@ -211,7 +202,6 @@ jest-integration: - .frontend-test-base - .frontend:rules:default-frontend-jobs script: - - source scripts/utils.sh - run_timed_command "retry yarn install --frozen-lockfile" - run_timed_command "yarn jest:integration --ci" needs: ["frontend-fixtures"] @@ -236,11 +226,14 @@ coverage-frontend: - run_timed_command "retry yarn install --frozen-lockfile" script: - run_timed_command "yarn node scripts/frontend/merge_coverage_frontend.js" + coverage: '/^Statements\s*:\s*?(\d+(?:\.\d+)?)%/' artifacts: name: coverage-frontend expire_in: 31d paths: - coverage-frontend/ + reports: + cobertura: coverage-frontend/cobertura-coverage.xml .qa-frontend-node: extends: diff --git a/.gitlab/ci/global.gitlab-ci.yml b/.gitlab/ci/global.gitlab-ci.yml index 30e3abf13be..3101a42c058 100644 --- a/.gitlab/ci/global.gitlab-ci.yml +++ b/.gitlab/ci/global.gitlab-ci.yml @@ -18,7 +18,7 @@ .rails-cache: cache: - key: "rails-v1" + key: "rails-v2" paths: - vendor/ruby/ - vendor/gitaly-ruby/ @@ -72,6 +72,15 @@ variables: POSTGRES_HOST_AUTH_METHOD: trust +.use-pg12: + image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.6-golang-1.14-git-2.27-lfs-2.9-chrome-83-node-12.x-yarn-1.21-postgresql-12-graphicsmagick-1.3.34" + services: + - name: postgres:12 + command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] + - name: redis:alpine + variables: + POSTGRES_HOST_AUTH_METHOD: trust + .use-pg11-ee: image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.6-golang-1.14-git-2.27-lfs-2.9-chrome-83-node-12.x-yarn-1.21-postgresql-11-graphicsmagick-1.3.34" services: @@ -82,6 +91,16 @@ variables: POSTGRES_HOST_AUTH_METHOD: trust +.use-pg12-ee: + image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.6-golang-1.14-git-2.27-lfs-2.9-chrome-83-node-12.x-yarn-1.21-postgresql-12-graphicsmagick-1.3.34" + services: + - name: postgres:12 + command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] + - name: redis:alpine + - name: elasticsearch:6.4.2 + variables: + POSTGRES_HOST_AUTH_METHOD: trust + .use-kaniko: image: name: gcr.io/kaniko-project/executor:debug-v0.20.0 diff --git a/.gitlab/ci/qa.gitlab-ci.yml b/.gitlab/ci/qa.gitlab-ci.yml index 20527b690a7..9a81ea513b7 100644 --- a/.gitlab/ci/qa.gitlab-ci.yml +++ b/.gitlab/ci/qa.gitlab-ci.yml @@ -49,7 +49,6 @@ update-qa-cache: .package-and-qa-base: image: ruby:2.6-alpine stage: qa - dependencies: [] retry: 0 script: - source scripts/utils.sh diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml index f73e0c1d503..4cef4ee26ff 100644 --- a/.gitlab/ci/rails.gitlab-ci.yml +++ b/.gitlab/ci/rails.gitlab-ci.yml @@ -1,9 +1,129 @@ +###################### +# rspec job base specs .rails-job-base: extends: - .default-retry - .default-before_script - .rails-cache +.rspec-base: + extends: .rails-job-base + stage: test + needs: ["setup-test-env", "retrieve-tests-metadata", "compile-test-assets"] + script: + - run_timed_command "scripts/gitaly-test-build" + - run_timed_command "scripts/gitaly-test-spawn" + - source scripts/rspec_helpers.sh + - rspec_paralellized_job "--tag ~quarantine --tag ~geo --tag ~level:migration" + artifacts: + expire_in: 31d + when: always + paths: + - coverage/ + - knapsack/ + - rspec_flaky/ + - rspec_profiling/ + - tmp/capybara/ + - tmp/memory_test/ + - log/*.log + reports: + junit: junit_rspec.xml + +.rspec-base-migration: + extends: .rails:rules:ee-and-foss-migration + script: + - run_timed_command "scripts/gitaly-test-build" + - run_timed_command "scripts/gitaly-test-spawn" + - source scripts/rspec_helpers.sh + - rspec_paralellized_job "--tag ~quarantine --tag ~geo --tag level:migration" + +.rspec-base-pg11: + extends: + - .rspec-base + - .use-pg11 + +.rspec-base-pg12: + extends: + - .rspec-base + - .use-pg12 + +.rspec-base-pg11-as-if-foss: + extends: + - .rspec-base + - .as-if-foss + - .use-pg11 + needs: ["setup-test-env", "retrieve-tests-metadata", "compile-test-assets as-if-foss"] + +.rspec-ee-base-pg11: + extends: + - .rspec-base + - .use-pg11-ee + +.rspec-ee-base-pg12: + extends: + - .rspec-base + - .use-pg12-ee + +.rspec-ee-base-geo: + extends: .rspec-base + script: + - run_timed_command "scripts/gitaly-test-build" + - run_timed_command "scripts/gitaly-test-spawn" + - source scripts/rspec_helpers.sh + - scripts/prepare_postgres_fdw.sh + - rspec_paralellized_job "--tag ~quarantine --tag geo" + +.rspec-ee-base-geo-pg11: + extends: + - .rspec-ee-base-geo + - .use-pg11-ee + +.rspec-ee-base-geo-pg12: + extends: + - .rspec-ee-base-geo + - .use-pg12-ee + +.db-job-base: + extends: + - .rails-job-base + - .rails:rules:ee-and-foss-migration + - .use-pg11 + stage: test + needs: ["setup-test-env"] +# rspec job base specs +###################### + +############################ +# rspec job parallel configs +.rspec-migration-parallel: + parallel: 5 + +.rspec-ee-migration-parallel: + parallel: 2 + +.rspec-unit-parallel: + parallel: 20 + +.rspec-ee-unit-parallel: + parallel: 10 + +.rspec-ee-unit-geo-parallel: + parallel: 2 + +.rspec-integration-parallel: + parallel: 8 + +.rspec-ee-integration-parallel: + parallel: 4 + +.rspec-system-parallel: + parallel: 24 + +.rspec-ee-system-parallel: + parallel: 6 +# rspec job parallel configs +############################ + ####################################################### # EE/FOSS: default refs (MRs, master, schedules) jobs # setup-test-env: @@ -86,73 +206,37 @@ downtime_check: script: - bundle exec rake downtime_check -.rspec-base: - extends: .rails-job-base - stage: test - needs: ["setup-test-env", "retrieve-tests-metadata", "compile-test-assets"] - script: - - run_timed_command "scripts/gitaly-test-build" - - run_timed_command "scripts/gitaly-test-spawn" - - source scripts/rspec_helpers.sh - - rspec_paralellized_job "--tag ~quarantine --tag ~geo --tag ~level:migration" - artifacts: - expire_in: 31d - when: always - paths: - - coverage/ - - knapsack/ - - rspec_flaky/ - - rspec_profiling/ - - tmp/capybara/ - - tmp/memory_test/ - - log/*.log - reports: - junit: junit_rspec.xml - -.rspec-base-pg11: - extends: - - .rspec-base - - .rails:rules:ee-and-foss - - .use-pg11 - -.rspec-base-migration: - script: - - run_timed_command "scripts/gitaly-test-build" - - run_timed_command "scripts/gitaly-test-spawn" - - source scripts/rspec_helpers.sh - - rspec_paralellized_job "--tag ~quarantine --tag ~geo --tag level:migration" - rspec migration pg11: extends: - .rspec-base-pg11 - .rspec-base-migration - parallel: 5 + - .rspec-migration-parallel rspec unit pg11: - extends: .rspec-base-pg11 - parallel: 20 + extends: + - .rspec-base-pg11 + - .rails:rules:ee-and-foss-unit + - .rspec-unit-parallel rspec integration pg11: - extends: .rspec-base-pg11 - parallel: 8 + extends: + - .rspec-base-pg11 + - .rails:rules:ee-and-foss-integration + - .rspec-integration-parallel rspec system pg11: - extends: .rspec-base-pg11 - parallel: 24 + extends: + - .rspec-base-pg11 + - .rails:rules:ee-and-foss-system + - .rspec-system-parallel rspec fast_spec_helper: - extends: .rspec-base-pg11 + extends: + - .rspec-base-pg11 + - .rails:rules:ee-and-foss-fast_spec_helper script: - bin/rspec spec/fast_spec_helper.rb -.db-job-base: - extends: - - .rails-job-base - - .rails:rules:ee-and-foss - - .use-pg11 - stage: test - needs: ["setup-test-env"] - db:migrate:reset: extends: .db-job-base script: @@ -216,7 +300,7 @@ gitlab:setup: rspec:coverage: extends: - .rails-job-base - - .rails:rules:ee-mr-and-master-only + - .rails:rules:rspec-coverage stage: post-test # We cannot use needs since it would mean needing 84 jobs (since most are parallelized) # so we use `dependencies` here. @@ -248,118 +332,180 @@ rspec:coverage: - coverage/index.html - coverage/assets/ - tmp/memory_test/ + reports: + cobertura: coverage/coverage.xml # EE/FOSS: default refs (MRs, master, schedules) jobs # ####################################################### ################################################## # EE: default refs (MRs, master, schedules) jobs # -.rspec-base-ee: - extends: - - .rspec-base - - .rails:rules:ee-only - -.rspec-base-pg11-as-if-foss: - extends: - - .rspec-base - - .rails:rules:as-if-foss - - .as-if-foss - - .use-pg11 - needs: ["setup-test-env", "retrieve-tests-metadata", "compile-test-assets as-if-foss"] - -.rspec-ee-base-pg11: - extends: - - .rspec-base-ee - - .use-pg11-ee - rspec migration pg11-as-if-foss: extends: - .rspec-base-pg11-as-if-foss - .rspec-base-migration - parallel: 5 + - .rails:rules:as-if-foss-migration + - .rspec-migration-parallel rspec unit pg11-as-if-foss: - extends: .rspec-base-pg11-as-if-foss - parallel: 20 + extends: + - .rspec-base-pg11-as-if-foss + - .rails:rules:as-if-foss-unit + - .rspec-unit-parallel rspec integration pg11-as-if-foss: - extends: .rspec-base-pg11-as-if-foss - parallel: 8 + extends: + - .rspec-base-pg11-as-if-foss + - .rails:rules:as-if-foss-integration + - .rspec-integration-parallel rspec system pg11-as-if-foss: - extends: .rspec-base-pg11-as-if-foss - parallel: 24 + extends: + - .rspec-base-pg11-as-if-foss + - .rails:rules:as-if-foss-system + - .rspec-system-parallel rspec-ee migration pg11: extends: - .rspec-ee-base-pg11 - .rspec-base-migration - parallel: 2 + - .rails:rules:ee-only-migration + - .rspec-ee-migration-parallel rspec-ee unit pg11: - extends: .rspec-ee-base-pg11 - parallel: 10 + extends: + - .rspec-ee-base-pg11 + - .rails:rules:ee-only-unit + - .rspec-ee-unit-parallel rspec-ee integration pg11: - extends: .rspec-ee-base-pg11 - parallel: 4 + extends: + - .rspec-ee-base-pg11 + - .rails:rules:ee-only-integration + - .rspec-ee-integration-parallel rspec-ee system pg11: - extends: .rspec-ee-base-pg11 - parallel: 6 - -.rspec-ee-base-geo: - extends: .rspec-base-ee - script: - - run_timed_command "scripts/gitaly-test-build" - - run_timed_command "scripts/gitaly-test-spawn" - - source scripts/rspec_helpers.sh - - scripts/prepare_postgres_fdw.sh - - rspec_paralellized_job "--tag ~quarantine --tag geo" - -.rspec-ee-base-geo-pg11: extends: - - .rspec-ee-base-geo - - .use-pg11-ee + - .rspec-ee-base-pg11 + - .rails:rules:ee-only-system + - .rspec-ee-system-parallel rspec-ee unit pg11 geo: - extends: .rspec-ee-base-geo-pg11 - parallel: 2 + extends: + - .rspec-ee-base-geo-pg11 + - .rails:rules:ee-only-unit + - .rspec-ee-unit-geo-parallel rspec-ee integration pg11 geo: - extends: .rspec-ee-base-geo-pg11 + extends: + - .rspec-ee-base-geo-pg11 + - .rails:rules:ee-only-integration rspec-ee system pg11 geo: - extends: .rspec-ee-base-geo-pg11 + extends: + - .rspec-ee-base-geo-pg11 + - .rails:rules:ee-only-system db:rollback geo: extends: - db:rollback - - .rails:rules:ee-only + - .rails:rules:ee-only-migration script: - bundle exec rake geo:db:migrate VERSION=20170627195211 - bundle exec rake geo:db:migrate # EE: default refs (MRs, master, schedules) jobs # ################################################## +########################################## +# EE/FOSS: master nightly scheduled jobs # +rspec migration pg12: + extends: + - .rspec-base-pg12 + - .rspec-base-migration + - .rails:rules:master-schedule-nightly--code-backstage + - .rspec-migration-parallel + +rspec unit pg12: + extends: + - .rspec-base-pg12 + - .rails:rules:master-schedule-nightly--code-backstage + - .rspec-unit-parallel + +rspec integration pg12: + extends: + - .rspec-base-pg12 + - .rails:rules:master-schedule-nightly--code-backstage + - .rspec-integration-parallel + +rspec system pg12: + extends: + - .rspec-base-pg12 + - .rails:rules:master-schedule-nightly--code-backstage + - .rspec-system-parallel +# EE/FOSS: master nightly scheduled jobs # +########################################## + +##################################### +# EE: master nightly scheduled jobs # +rspec-ee migration pg12: + extends: + - .rspec-ee-base-pg12 + - .rspec-base-migration + - .rails:rules:master-schedule-nightly--code-backstage-ee-only + - .rspec-ee-migration-parallel + +rspec-ee unit pg12: + extends: + - .rspec-ee-base-pg12 + - .rails:rules:master-schedule-nightly--code-backstage-ee-only + - .rspec-ee-unit-parallel + +rspec-ee integration pg12: + extends: + - .rspec-ee-base-pg12 + - .rails:rules:master-schedule-nightly--code-backstage-ee-only + - .rspec-ee-integration-parallel + +rspec-ee system pg12: + extends: + - .rspec-ee-base-pg12 + - .rails:rules:master-schedule-nightly--code-backstage-ee-only + - .rspec-ee-system-parallel + +rspec-ee unit pg12 geo: + extends: + - .rspec-ee-base-geo-pg12 + - .rails:rules:master-schedule-nightly--code-backstage-ee-only + - .rspec-ee-unit-geo-parallel + +rspec-ee integration pg12 geo: + extends: + - .rspec-ee-base-geo-pg12 + - .rails:rules:master-schedule-nightly--code-backstage-ee-only + +rspec-ee system pg12 geo: + extends: + - .rspec-ee-base-geo-pg12 + - .rails:rules:master-schedule-nightly--code-backstage-ee-only +# EE: master nightly scheduled jobs # +##################################### + ################################################## # EE: Canonical MR pipelines rspec foss-impact: extends: - - .rspec-base - - .as-if-foss + - .rspec-base-pg11-as-if-foss - .rails:rules:ee-mr-only - - .use-pg11 script: - install_gitlab_gem - run_timed_command "scripts/gitaly-test-build" - run_timed_command "scripts/gitaly-test-spawn" - source scripts/rspec_helpers.sh - tooling/bin/find_foss_tests tmp/matching_foss_tests.txt - - rspec_matched_tests tmp/matching_foss_tests.txt "--tag ~quarantine --tag ~geo --tag ~level:migration" + - rspec_matched_tests tmp/matching_foss_tests.txt "--tag ~quarantine" artifacts: expire_in: 7d paths: - tmp/matching_foss_tests.txt - tmp/capybara/ -# EE: Merge Request pipelines +# EE: Canonical MR pipelines ################################################## diff --git a/.gitlab/ci/reports.gitlab-ci.yml b/.gitlab/ci/reports.gitlab-ci.yml index 65abb6c5cba..228747ae8d3 100644 --- a/.gitlab/ci/reports.gitlab-ci.yml +++ b/.gitlab/ci/reports.gitlab-ci.yml @@ -15,7 +15,7 @@ code_quality: stage: test needs: [] variables: - CODE_QUALITY_IMAGE: "registry.gitlab.com/gitlab-org/ci-cd/codequality:0.85.9" + CODE_QUALITY_IMAGE: "registry.gitlab.com/gitlab-org/ci-cd/codequality:0.85.10" script: - | if ! docker info &>/dev/null; then @@ -59,6 +59,7 @@ code_quality: SAST_ANALYZER_IMAGE_TAG: 2 SAST_BRAKEMAN_LEVEL: 2 # GitLab-specific SAST_EXCLUDED_PATHS: qa,spec,doc,ee/spec # GitLab-specific + SAST_DISABLE_BABEL: "true" script: - /analyzer run @@ -72,11 +73,10 @@ eslint-sast: image: name: "$SAST_ANALYZER_IMAGE_PREFIX/eslint:$SAST_ANALYZER_IMAGE_TAG" -# Temporary disabled as it's constantly failing. See https://gitlab.com/gitlab-org/gitlab/-/issues/213769. -# nodejs-scan-sast: -# extends: .sast -# image: -# name: "$SAST_ANALYZER_IMAGE_PREFIX/nodejs-scan:$SAST_ANALYZER_IMAGE_TAG" +nodejs-scan-sast: + extends: .sast + image: + name: "$SAST_ANALYZER_IMAGE_PREFIX/nodejs-scan:$SAST_ANALYZER_IMAGE_TAG" secrets-sast: extends: .sast @@ -172,6 +172,7 @@ dependency_scanning: # # - 'export DAST_AUTH_URL="${DAST_WEBSITE}/users/sign_in"' # # - 'export DAST_PASSWORD="${REVIEW_APPS_ROOT_PASSWORD}"' # - /analyze -t $DAST_WEBSITE +# timeout: 4h # artifacts: # paths: # - gl-dast-report.json # GitLab-specific diff --git a/.gitlab/ci/review.gitlab-ci.yml b/.gitlab/ci/review.gitlab-ci.yml index 6898da95c15..4e3a80372a6 100644 --- a/.gitlab/ci/review.gitlab-ci.yml +++ b/.gitlab/ci/review.gitlab-ci.yml @@ -1,14 +1,3 @@ -build-qa-image: - extends: - - .use-kaniko - - .review:rules:build-qa-image - stage: build-images - needs: [] - script: - - export QA_IMAGE="${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-ee-qa:${CI_COMMIT_REF_SLUG}" - - /kaniko/executor --context=${CI_PROJECT_DIR} --dockerfile=${CI_PROJECT_DIR}/qa/Dockerfile --destination=${QA_IMAGE} --cache=true - retry: 2 - review-cleanup: extends: - .default-retry @@ -27,25 +16,24 @@ review-cleanup: - ruby -rrubygems scripts/review_apps/automated_cleanup.rb - gcp_cleanup -# Temporarily disabling review apps -#review-build-cng: -# extends: -# - .default-retry -# - .review:rules:review-build-cng -# image: ruby:2.6-alpine -# stage: review-prepare -# before_script: -# - source scripts/utils.sh -# - install_api_client_dependencies_with_apk -# - install_gitlab_gem -# needs: -# - job: compile-production-assets -# artifacts: false -# script: -# - BUILD_TRIGGER_TOKEN=$REVIEW_APPS_BUILD_TRIGGER_TOKEN ./scripts/trigger-build cng -# # When the job is manual, review-deploy is also manual and we don't want people -# # to have to manually start the jobs in sequence, so we do it for them. -# - '[ -z $CI_JOB_MANUAL ] || play_job "review-deploy"' +review-build-cng: + extends: + - .default-retry + - .review:rules:review-build-cng + image: ruby:2.6-alpine + stage: review-prepare + before_script: + - source scripts/utils.sh + - install_api_client_dependencies_with_apk + - install_gitlab_gem + needs: + - job: compile-production-assets + artifacts: false + script: + - BUILD_TRIGGER_TOKEN=$REVIEW_APPS_BUILD_TRIGGER_TOKEN ./scripts/trigger-build cng + # When the job is manual, review-deploy is also manual and we don't want people + # to have to manually start the jobs in sequence, so we do it for them. + - '[ -z $CI_JOB_MANUAL ] || play_job "review-deploy"' .review-workflow-base: extends: @@ -53,45 +41,46 @@ review-cleanup: image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-helm3-kubectl1.14 variables: HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}" + REVIEW_APPS_DOMAIN: "temp.gitlab-review.app" # FIXME: using temporary domain DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}" - GITLAB_HELM_CHART_REF: "master" + GITLAB_HELM_CHART_REF: "v4.1.3" environment: name: review/${CI_COMMIT_REF_NAME} url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN} on_stop: review-stop auto_stop_in: 48 hours -# Temporarily disabling review apps -#review-deploy: -# extends: -# - .review-workflow-base -# - .review:rules:mr-and-schedule-auto-if-frontend-manual-otherwise -# stage: review -# dependencies: [] -# resource_group: "review/${CI_COMMIT_REF_NAME}" -# before_script: -# - export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION) -# - export GITALY_VERSION=$(<GITALY_SERVER_VERSION) -# - export GITLAB_WORKHORSE_VERSION=$(<GITLAB_WORKHORSE_VERSION) -# - echo "${CI_ENVIRONMENT_URL}" > environment_url.txt -# - source ./scripts/utils.sh -# - install_api_client_dependencies_with_apk -# - source scripts/review_apps/review-apps.sh -# script: -# - check_kube_domain -# - ensure_namespace -# - install_external_dns -# - download_chart -# - date -# - deploy || (display_deployment_debug && exit 1) -# # When the job is manual, review-qa-smoke is also manual and we don't want people -# # to have to manually start the jobs in sequence, so we do it for them. -# - '[ -z $CI_JOB_MANUAL ] || play_job "review-qa-smoke"' -# - '[ -z $CI_JOB_MANUAL ] || play_job "review-performance"' -# artifacts: -# paths: [environment_url.txt] -# expire_in: 2 days -# when: always +review-deploy: + extends: + - .review-workflow-base + - .review:rules:mr-and-schedule-auto-if-frontend-manual-otherwise + stage: review + dependencies: [] + resource_group: "review/${CI_COMMIT_REF_NAME}" + before_script: + - export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION) + - export GITALY_VERSION=$(<GITALY_SERVER_VERSION) + - export GITLAB_WORKHORSE_VERSION=$(<GITLAB_WORKHORSE_VERSION) + - echo "${CI_ENVIRONMENT_URL}" > environment_url.txt + - source ./scripts/utils.sh + - install_api_client_dependencies_with_apk + - source scripts/review_apps/review-apps.sh + script: + - check_kube_domain + - ensure_namespace + - install_external_dns + - download_chart + - date + - deploy || (display_deployment_debug && exit 1) + - disable_sign_ups + # When the job is manual, review-qa-smoke is also manual and we don't want people + # to have to manually start the jobs in sequence, so we do it for them. + - '[ -z $CI_JOB_MANUAL ] || play_job "review-qa-smoke"' + - '[ -z $CI_JOB_MANUAL ] || play_job "review-performance"' + artifacts: + paths: [environment_url.txt] + expire_in: 2 days + when: always .review-stop-base: extends: .review-workflow-base @@ -124,110 +113,110 @@ review-stop: script: - delete_release -# Temporarily disabling review apps -#.review-qa-base: -# extends: -# - .default-retry -# - .use-docker-in-docker -# image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-qa-alpine-ruby-2.6 -# stage: qa -# # This is needed so that manual jobs with needs don't block the pipeline. -# # See https://gitlab.com/gitlab-org/gitlab/-/issues/199979. -# dependencies: ["review-deploy"] -# variables: -# QA_ARTIFACTS_DIR: "${CI_PROJECT_DIR}/qa" -# QA_CAN_TEST_GIT_PROTOCOL_V2: "false" -# QA_DEBUG: "true" -# GITLAB_USERNAME: "root" -# GITLAB_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}" -# GITLAB_ADMIN_USERNAME: "root" -# GITLAB_ADMIN_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}" -# GITHUB_ACCESS_TOKEN: "${REVIEW_APPS_QA_GITHUB_ACCESS_TOKEN}" -# EE_LICENSE: "${REVIEW_APPS_EE_LICENSE}" -# before_script: -# - export QA_IMAGE="${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-ee-qa:${CI_COMMIT_REF_SLUG}" -# - export CI_ENVIRONMENT_URL="$(cat environment_url.txt)" -# - echo "${CI_ENVIRONMENT_URL}" -# - echo "${QA_IMAGE}" -# - source scripts/utils.sh -# - install_api_client_dependencies_with_apk -# - gem install gitlab-qa --no-document ${GITLAB_QA_VERSION:+ --version ${GITLAB_QA_VERSION}} -# artifacts: -# paths: -# - ./qa/gitlab-qa-run-* -# expire_in: 7 days -# when: always -# -#review-qa-smoke: -# extends: -# - .review-qa-base -# - .review:rules:review-qa-smoke -# script: -# - gitlab-qa Test::Instance::Smoke "${QA_IMAGE}" "${CI_ENVIRONMENT_URL}" -# -#review-qa-all: -# extends: -# - .review-qa-base -# - .review:rules:mr-only-manual -# parallel: 5 -# script: -# - export KNAPSACK_REPORT_PATH=knapsack/master_report.json -# - export KNAPSACK_TEST_FILE_PATTERN=qa/specs/features/**/*_spec.rb -# - gitlab-qa Test::Instance::Any "${QA_IMAGE}" "${CI_ENVIRONMENT_URL}" -- --format RspecJunitFormatter --out tmp/rspec-${CI_JOB_ID}.xml --format html --out tmp/rspec.htm --color --format documentation -# -#review-performance: -# extends: -# - .default-retry -# - .review:rules:mr-and-schedule-auto-if-frontend-manual-otherwise -# image: -# name: sitespeedio/sitespeed.io:6.3.1 -# entrypoint: [""] -# stage: qa -# # This is needed so that manual jobs with needs don't block the pipeline. -# # See https://gitlab.com/gitlab-org/gitlab/-/issues/199979. -# dependencies: ["review-deploy"] -# before_script: -# - export CI_ENVIRONMENT_URL="$(cat environment_url.txt)" -# - echo "${CI_ENVIRONMENT_URL}" -# - mkdir -p gitlab-exporter -# - wget -O ./gitlab-exporter/index.js https://gitlab.com/gitlab-org/gl-performance/raw/master/index.js -# - mkdir -p sitespeed-results -# script: -# - /start.sh --plugins.add ./gitlab-exporter --outputFolder sitespeed-results "${CI_ENVIRONMENT_URL}" -# after_script: -# - mv sitespeed-results/data/performance.json performance.json -# artifacts: -# paths: -# - sitespeed-results/ -# reports: -# performance: performance.json -# expire_in: 31d -# -#parallel-spec-reports: -# extends: -# - .review:rules:mr-only-manual -# image: ruby:2.6-alpine -# stage: post-qa -# dependencies: ["review-qa-all"] -# variables: -# NEW_PARALLEL_SPECS_REPORT: qa/report-new.html -# BASE_ARTIFACT_URL: "${CI_PROJECT_URL}/-/jobs/${CI_JOB_ID}/artifacts/file/qa/" -# script: -# - apk add --update build-base libxml2-dev libxslt-dev && rm -rf /var/cache/apk/* -# - gem install nokogiri --no-document -# - cd qa/gitlab-qa-run-*/gitlab-* -# - ARTIFACT_DIRS=$(pwd |rev| awk -F / '{print $1,$2}' | rev | sed s_\ _/_) -# - cd - -# - '[[ -f $NEW_PARALLEL_SPECS_REPORT ]] || echo "{}" > ${NEW_PARALLEL_SPECS_REPORT}' -# - scripts/merge-html-reports ${NEW_PARALLEL_SPECS_REPORT} ${BASE_ARTIFACT_URL}${ARTIFACT_DIRS} qa/gitlab-qa-run-*/**/rspec.htm -# artifacts: -# when: always -# paths: -# - qa/report-new.html -# - qa/gitlab-qa-run-* -# reports: -# junit: qa/gitlab-qa-run-*/**/rspec-*.xml -# expire_in: 31d +.review-qa-base: + extends: + - .default-retry + - .use-docker-in-docker + image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-qa-alpine-ruby-2.6 + stage: qa + # This is needed so that manual jobs with needs don't block the pipeline. + # See https://gitlab.com/gitlab-org/gitlab/-/issues/199979. + dependencies: ["review-deploy"] + variables: + QA_ARTIFACTS_DIR: "${CI_PROJECT_DIR}/qa" + QA_CAN_TEST_GIT_PROTOCOL_V2: "false" + QA_DEBUG: "true" + GITLAB_USERNAME: "root" + GITLAB_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}" + GITLAB_ADMIN_USERNAME: "root" + GITLAB_ADMIN_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}" + GITHUB_ACCESS_TOKEN: "${REVIEW_APPS_QA_GITHUB_ACCESS_TOKEN}" + EE_LICENSE: "${REVIEW_APPS_EE_LICENSE}" + SIGNUP_DISABLED: "true" + before_script: + - export QA_IMAGE="${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-ee-qa:${CI_COMMIT_REF_SLUG}" + - export CI_ENVIRONMENT_URL="$(cat environment_url.txt)" + - echo "${CI_ENVIRONMENT_URL}" + - echo "${QA_IMAGE}" + - source scripts/utils.sh + - install_api_client_dependencies_with_apk + - gem install gitlab-qa --no-document ${GITLAB_QA_VERSION:+ --version ${GITLAB_QA_VERSION}} + artifacts: + paths: + - ./qa/gitlab-qa-run-* + expire_in: 7 days + when: always + +review-qa-smoke: + extends: + - .review-qa-base + - .review:rules:review-qa-smoke + script: + - gitlab-qa Test::Instance::Smoke "${QA_IMAGE}" "${CI_ENVIRONMENT_URL}" + +review-qa-all: + extends: + - .review-qa-base + - .review:rules:mr-only-manual + parallel: 5 + script: + - export KNAPSACK_REPORT_PATH=knapsack/master_report.json + - export KNAPSACK_TEST_FILE_PATTERN=qa/specs/features/**/*_spec.rb + - gitlab-qa Test::Instance::Any "${QA_IMAGE}" "${CI_ENVIRONMENT_URL}" -- --format RspecJunitFormatter --out tmp/rspec-${CI_JOB_ID}.xml --format html --out tmp/rspec.htm --color --format documentation + +review-performance: + extends: + - .default-retry + - .review:rules:mr-and-schedule-auto-if-frontend-manual-otherwise + image: + name: sitespeedio/sitespeed.io:6.3.1 + entrypoint: [""] + stage: qa + # This is needed so that manual jobs with needs don't block the pipeline. + # See https://gitlab.com/gitlab-org/gitlab/-/issues/199979. + dependencies: ["review-deploy"] + before_script: + - export CI_ENVIRONMENT_URL="$(cat environment_url.txt)" + - echo "${CI_ENVIRONMENT_URL}" + - mkdir -p gitlab-exporter + - wget -O ./gitlab-exporter/index.js https://gitlab.com/gitlab-org/gl-performance/raw/master/index.js + - mkdir -p sitespeed-results + script: + - /start.sh --plugins.add ./gitlab-exporter --outputFolder sitespeed-results "${CI_ENVIRONMENT_URL}" + after_script: + - mv sitespeed-results/data/performance.json performance.json + artifacts: + paths: + - sitespeed-results/ + reports: + performance: performance.json + expire_in: 31d + +parallel-spec-reports: + extends: + - .review:rules:mr-only-manual + image: ruby:2.6-alpine + stage: post-qa + dependencies: ["review-qa-all"] + variables: + NEW_PARALLEL_SPECS_REPORT: qa/report-new.html + BASE_ARTIFACT_URL: "${CI_PROJECT_URL}/-/jobs/${CI_JOB_ID}/artifacts/file/qa/" + script: + - apk add --update build-base libxml2-dev libxslt-dev && rm -rf /var/cache/apk/* + - gem install nokogiri --no-document + - cd qa/gitlab-qa-run-*/gitlab-* + - ARTIFACT_DIRS=$(pwd |rev| awk -F / '{print $1,$2}' | rev | sed s_\ _/_) + - cd - + - '[[ -f $NEW_PARALLEL_SPECS_REPORT ]] || echo "{}" > ${NEW_PARALLEL_SPECS_REPORT}' + - scripts/merge-html-reports ${NEW_PARALLEL_SPECS_REPORT} ${BASE_ARTIFACT_URL}${ARTIFACT_DIRS} qa/gitlab-qa-run-*/**/rspec.htm + artifacts: + when: always + paths: + - qa/report-new.html + - qa/gitlab-qa-run-* + reports: + junit: qa/gitlab-qa-run-*/**/rspec-*.xml + expire_in: 31d danger-review: extends: diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml index fbbb0391ec5..f508bfa1465 100644 --- a/.gitlab/ci/rules.gitlab-ci.yml +++ b/.gitlab/ci/rules.gitlab-ci.yml @@ -11,7 +11,7 @@ if: '$CI_PROJECT_NAME != "gitlab-foss" && $CI_PROJECT_NAME != "gitlab-ce" && $CI_PROJECT_NAME != "gitlabhq"' .if-default-refs: &if-default-refs - if: '$CI_COMMIT_REF_NAME == "master" || $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable(-ee)?$/ || $CI_COMMIT_REF_NAME =~ /^\d+-\d+-auto-deploy-\d+$/ || $CI_COMMIT_REF_NAME =~ /^security\// || $CI_MERGE_REQUEST_IID || $CI_COMMIT_TAG' + if: '$CI_COMMIT_REF_NAME == "master" || $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable(-ee)?$/ || $CI_COMMIT_REF_NAME =~ /^\d+-\d+-auto-deploy-\d+$/ || $CI_COMMIT_REF_NAME =~ /^security\// || $CI_MERGE_REQUEST_IID || $CI_COMMIT_TAG || $FORCE_GITLAB_CI' .if-master-refs: &if-master-refs if: '$CI_COMMIT_REF_NAME == "master"' @@ -40,6 +40,9 @@ .if-merge-request-title-update-caches: &if-merge-request-title-update-caches if: '$CI_MERGE_REQUEST_TITLE =~ /UPDATE CACHE/' +.if-merge-request-title-run-all-rspec: &if-merge-request-title-run-all-rspec + if: '$CI_MERGE_REQUEST_TITLE =~ /RUN ALL RSPEC/' + .if-security-merge-request: &if-security-merge-request if: '$CI_PROJECT_NAMESPACE == "gitlab-org/security" && $CI_MERGE_REQUEST_IID' @@ -71,6 +74,22 @@ - ".gitlab-ci.yml" - ".gitlab/ci/**/*" +.ci-build-images-patterns: &ci-build-images-patterns + - ".gitlab-ci.yml" + - ".gitlab/ci/build-images.gitlab-ci.yml" + +.ci-review-patterns: &ci-review-patterns + - ".gitlab-ci.yml" + - ".gitlab/ci/frontend.gitlab-ci.yml" + - ".gitlab/ci/build-images.gitlab-ci.yml" + - ".gitlab/ci/review.gitlab-ci.yml" + +.ci-qa-patterns: &ci-qa-patterns + - ".gitlab-ci.yml" + - ".gitlab/ci/frontend.gitlab-ci.yml" + - ".gitlab/ci/build-images.gitlab-ci.yml" + - ".gitlab/ci/qa.gitlab-ci.yml" + .yaml-patterns: &yaml-patterns - "**/*.yml" @@ -92,6 +111,21 @@ - "vendor/assets/**/*" - "{,ee/}{app/assets,app/helpers,app/presenters,app/views,locale,public,symbol}/**/*" +.backend-patterns: &backend-patterns + - "Gemfile{,.lock}" + - "Rakefile" + - "config.ru" + # List explicitly all the app/ dirs that are backend (i.e. all except app/assets). + - "{,ee/}{app/channels,app/controllers,app/finders,app/graphql,app/helpers,app/mailers,app/models,app/policies,app/presenters,app/serializers,app/services,app/uploaders,app/validators,app/views,app/workers}/**/*" + - "{,ee/}{bin,cable,config,db,lib}/**/*" + - "{,ee/}spec/**/*.rb" + - ".gitlab-ci.yml" + - ".gitlab/ci/**/*" + +.db-patterns: &db-patterns + - "{,ee/}{,spec/}{db,migrations}/**/*" + - "{,ee/}{,spec/}lib/{,ee/}gitlab/background_migration/**/*" + .backstage-patterns: &backstage-patterns - "Dangerfile" - "danger/**/*" @@ -197,6 +231,26 @@ - <<: *if-master-schedule-2-hourly - <<: *if-merge-request-title-update-caches +###################### +# Build images rules # +###################### +.build-images:rules:build-qa-image: + rules: + - <<: *if-not-ee + when: never + - <<: *if-dot-com-gitlab-org-and-security-merge-request + changes: *ci-build-images-patterns + - <<: *if-dot-com-gitlab-org-and-security-merge-request + changes: *code-qa-patterns + - <<: *if-dot-com-gitlab-org-schedule + +.build-images:rules:build-assets-image: + rules: + - <<: *if-not-canonical-namespace + when: never + - changes: *ci-build-images-patterns + - changes: *code-qa-patterns + #################### # Cache repo rules # #################### @@ -263,7 +317,7 @@ - <<: *if-not-canonical-namespace when: never - <<: *if-default-refs - changes: *code-backstage-qa-patterns + changes: *code-qa-patterns .frontend:rules:compile-test-assets: rules: @@ -273,11 +327,8 @@ rules: - <<: *if-not-ee when: never - - <<: *if-security-merge-request + - <<: *if-merge-request # Always run for MRs since `compile-test-assets as-if-foss` is either needed by `rspec foss-impact` or the `rspec * as-if-foss` jobs. changes: *code-backstage-qa-patterns - - <<: *if-merge-request-title-as-if-foss - - <<: *if-merge-request - changes: *ci-patterns .frontend:rules:default-frontend-jobs: rules: @@ -294,6 +345,15 @@ - <<: *if-merge-request changes: *ci-patterns +.frontend:rules:eslint-as-if-foss: + rules: + - <<: *if-not-ee + when: never + - <<: *if-merge-request-title-as-if-foss + when: never + - <<: *if-merge-request + changes: *frontend-patterns + .frontend:rules:ee-mr-and-master-only: rules: - <<: *if-not-ee @@ -341,9 +401,7 @@ rules: - <<: *if-not-ee when: never - - <<: *if-dot-com-gitlab-org-master - changes: *code-backstage-qa-patterns - when: on_success + - <<: *if-master-schedule-2-hourly ############ # QA rules # @@ -367,7 +425,7 @@ .qa:rules:package-and-qa: rules: - <<: *if-dot-com-gitlab-org-and-security-merge-request - changes: *ci-patterns + changes: *ci-qa-patterns allow_failure: true - <<: *if-dot-com-gitlab-org-and-security-merge-request changes: *qa-patterns @@ -382,24 +440,95 @@ ############### # Rails rules # ############### -.rails:rules:ee-and-foss: +.rails:rules:ee-and-foss-migration: rules: - - <<: *if-default-refs - changes: *code-backstage-patterns + - changes: *db-patterns + - <<: *if-merge-request-title-run-all-rspec + +.rails:rules:ee-and-foss-unit: + rules: + - changes: *backend-patterns + - <<: *if-merge-request-title-run-all-rspec + +.rails:rules:ee-and-foss-integration: + rules: + - changes: *backend-patterns + - <<: *if-merge-request-title-run-all-rspec + +.rails:rules:ee-and-foss-system: + rules: + - changes: *code-backstage-patterns + - <<: *if-merge-request-title-run-all-rspec + +.rails:rules:ee-and-foss-fast_spec_helper: + rules: + - changes: ["config/**/*"] + - <<: *if-merge-request-title-run-all-rspec .rails:rules:default-refs-code-backstage-qa: rules: - <<: *if-default-refs changes: *code-backstage-qa-patterns -.rails:rules:ee-only: +.rails:rules:ee-only-migration: rules: - <<: *if-not-ee when: never - - <<: *if-default-refs - changes: *code-backstage-patterns + - changes: *db-patterns + - <<: *if-merge-request-title-run-all-rspec -.rails:rules:as-if-foss: +.rails:rules:ee-only-unit: + rules: + - <<: *if-not-ee + when: never + - changes: *backend-patterns + - <<: *if-merge-request-title-run-all-rspec + +.rails:rules:ee-only-integration: + rules: + - <<: *if-not-ee + when: never + - changes: *backend-patterns + - <<: *if-merge-request-title-run-all-rspec + +.rails:rules:ee-only-system: + rules: + - <<: *if-not-ee + when: never + - changes: *code-backstage-patterns + - <<: *if-merge-request-title-run-all-rspec + +.rails:rules:as-if-foss-migration: + rules: + - <<: *if-not-ee + when: never + - <<: *if-security-merge-request + changes: *db-patterns + - <<: *if-merge-request-title-as-if-foss + - <<: *if-merge-request + changes: *ci-patterns + +.rails:rules:as-if-foss-unit: + rules: + - <<: *if-not-ee + when: never + - <<: *if-security-merge-request + changes: *backend-patterns + - <<: *if-merge-request-title-as-if-foss + - <<: *if-merge-request + changes: *ci-patterns + +.rails:rules:as-if-foss-integration: + rules: + - <<: *if-not-ee + when: never + - <<: *if-security-merge-request + changes: *backend-patterns + - <<: *if-merge-request-title-as-if-foss + - <<: *if-merge-request + changes: *ci-patterns + +.rails:rules:as-if-foss-system: rules: - <<: *if-not-ee when: never @@ -413,6 +542,7 @@ rules: - <<: *if-not-ee when: never + - <<: *if-merge-request-title-run-all-rspec - <<: *if-merge-request changes: *code-backstage-patterns - <<: *if-master-refs @@ -434,6 +564,27 @@ - <<: *if-merge-request changes: *code-backstage-patterns +.rails:rules:rspec-coverage: + rules: + - <<: *if-not-ee + when: never + - <<: *if-master-schedule-2-hourly + - <<: *if-merge-request-title-run-all-rspec + +.rails:rules:master-schedule-nightly--code-backstage: + rules: + - <<: *if-master-schedule-nightly + - <<: *if-merge-request + changes: [".gitlab/ci/rails.gitlab-ci.yml"] + +.rails:rules:master-schedule-nightly--code-backstage-ee-only: + rules: + - <<: *if-not-ee + when: never + - <<: *if-master-schedule-nightly + - <<: *if-merge-request + changes: [".gitlab/ci/rails.gitlab-ci.yml"] + ################## # Releases rules # ################## @@ -496,18 +647,12 @@ ################ # Review rules # ################ -.review:rules:build-qa-image: +.review:rules:review-build-cng: rules: - <<: *if-not-ee when: never - - <<: *if-dot-com-gitlab-org-and-security-merge-request - changes: *code-qa-patterns - - <<: *if-dot-com-gitlab-org-schedule - -.review:rules:review-build-cng: - rules: - <<: *if-dot-com-gitlab-org-merge-request - changes: *ci-patterns + changes: *ci-review-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *frontend-patterns - <<: *if-dot-com-gitlab-org-merge-request @@ -521,7 +666,7 @@ - <<: *if-not-ee when: never - <<: *if-dot-com-gitlab-org-merge-request - changes: *ci-patterns + changes: *ci-review-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *frontend-patterns allow_failure: true @@ -544,7 +689,7 @@ - <<: *if-not-ee when: never - <<: *if-dot-com-gitlab-org-merge-request - changes: *ci-patterns + changes: *ci-review-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *frontend-patterns allow_failure: true diff --git a/.gitlab/ci/setup.gitlab-ci.yml b/.gitlab/ci/setup.gitlab-ci.yml index b878bec3751..26c7a2194cc 100644 --- a/.gitlab/ci/setup.gitlab-ci.yml +++ b/.gitlab/ci/setup.gitlab-ci.yml @@ -9,6 +9,7 @@ cache gems: stage: test needs: ["setup-test-env"] variables: + BUNDLE_INSTALL_FLAGS: --with=production --with=development --with=test --jobs=2 --path=vendor --retry=3 --quiet SETUP_DB: "false" script: - bundle package --all --all-platforms diff --git a/.gitlab/ci/yaml.gitlab-ci.yml b/.gitlab/ci/yaml.gitlab-ci.yml index ab31dd59299..a650ee7e4b4 100644 --- a/.gitlab/ci/yaml.gitlab-ci.yml +++ b/.gitlab/ci/yaml.gitlab-ci.yml @@ -4,11 +4,11 @@ lint-ci-gitlab: extends: - .default-retry - .yaml:rules - image: sdesbure/yamllint:latest + image: pipelinecomponents/yamllint:latest stage: test needs: [] variables: LINT_PATHS: .gitlab-ci.yml .gitlab/ci lib/gitlab/ci/templates changelogs script: - '[[ ! -d "ee/" ]] || export LINT_PATHS="$LINT_PATHS ee/changelogs"' - - yamllint $LINT_PATHS + - yamllint -f colored $LINT_PATHS |