summaryrefslogtreecommitdiff
path: root/.gitlab-ci.yml
blob: 314f99c5f41eb50abe4f70e87f91c005d5088cf9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
stages:
  - sync
  - prepare
  - build-images
  - fixtures
  - lint
  - test
  - post-test
  - review
  - qa
  - post-qa
  - pages
  - notify

# always use `gitlab-org` runners, however
# in cases where jobs require Docker-in-Docker, the job
# definition must be extended with `.use-docker-in-docker`
default:
  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:ruby-2.7.patched-golang-1.16-git-2.33-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-11-graphicsmagick-1.3.36
  tags:
    - gitlab-org
  # All jobs are interruptible by default
  interruptible: true
  # Default job timeout set to 90m https://gitlab.com/gitlab-com/gl-infra/infrastructure/-/issues/10520
  timeout: 90m

workflow:
  rules:
    # If `$FORCE_GITLAB_CI` is set, create a pipeline.
    - if: '$FORCE_GITLAB_CI'
    # As part of the process of creating RCs automatically, we update stable
    # branches with the changes of the most recent production deployment. The
    # merge requests used for this merge a branch release-tools/X into a stable
    # branch. For these merge requests we don't want to run any pipelines, as
    # they serve no purpose and will run anyway when the changes are merged.
    - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME =~ /^release-tools\/\d+\.\d+\.\d+-rc\d+$/ && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ /^[\d-]+-stable(-ee)?$/ && $CI_PROJECT_PATH == "gitlab-org/gitlab"'
      when: never
    # For merged result pipelines, set $QA_IMAGE, since $CI_MERGE_REQUEST_SOURCE_BRANCH_SHA is only available for merged result pipelines.
    - if: '$CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "merge_train"'
      variables:
        QA_IMAGE: "${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-ee-qa:${CI_MERGE_REQUEST_SOURCE_BRANCH_SHA}"
    # Also run (detached) merge request pipelines.
    - if: '$CI_MERGE_REQUEST_IID'
    # For the 2-hourly scheduled pipelines, we set specific variables.
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "schedule" && $FREQUENCY == "2-hourly"'
      variables:
        CRYSTALBALL: "true"
    # For `$CI_DEFAULT_BRANCH` branch, create a pipeline (this includes on schedules, pushes, merges, etc.).
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
    # For tags, create a pipeline.
    - if: '$CI_COMMIT_TAG'
    # If `$GITLAB_INTERNAL` isn't set, don't create a pipeline.
    - if: '$GITLAB_INTERNAL == null'
      when: never
    # For stable, auto-deploy, and security branches, create a pipeline.
    - if: '$CI_COMMIT_BRANCH =~ /^[\d-]+-stable(-ee)?$/'
    - if: '$CI_COMMIT_BRANCH =~ /^\d+-\d+-auto-deploy-\d+$/'
    - if: '$CI_COMMIT_BRANCH =~ /^security\//'

variables:
  RAILS_ENV: "test"
  NODE_ENV: "test"
  BUNDLE_WITHOUT: "production:development"
  BUNDLE_INSTALL_FLAGS: "--jobs=$(nproc) --retry=3 --quiet"
  # we override the max_old_space_size to prevent OOM errors
  NODE_OPTIONS: --max_old_space_size=3584
  GIT_DEPTH: "20"
  GIT_SUBMODULE_STRATEGY: "none"
  GET_SOURCES_ATTEMPTS: "3"

  KNAPSACK_RSPEC_SUITE_REPORT_PATH: knapsack/report-master.json
  FLAKY_RSPEC_SUITE_REPORT_PATH: rspec_flaky/report-suite.json
  RSPEC_TESTS_MAPPING_PATH: crystalball/mapping.json
  RSPEC_PACKED_TESTS_MAPPING_PATH: crystalball/packed-mapping.json
  FRONTEND_FIXTURES_MAPPING_PATH: crystalball/frontend_fixtures_mapping.json

  ES_JAVA_OPTS: "-Xms256m -Xmx256m"
  ELASTIC_URL: "http://elastic:changeme@elasticsearch:9200"
  DOCKER_VERSION: "20.10.1"
  CACHE_CLASSES: "true"
  CHECK_PRECOMPILED_ASSETS: "true"
  FF_USE_FASTZIP: "true"
  SKIP_FLAKY_TESTS_AUTOMATICALLY: "true"

  DOCS_REVIEW_APPS_DOMAIN: "178.62.207.141.nip.io"
  DOCS_GITLAB_REPO_SUFFIX: "ee"

  REVIEW_APPS_DOMAIN: "gitlab-review.app"
  REVIEW_APPS_GCP_PROJECT: "gitlab-review-apps"
  REVIEW_APPS_GCP_REGION: "us-central1"

  BUILD_ASSETS_IMAGE: "true"  # Set it to "false" to disable assets image building, used in `build-assets-image`
  SIMPLECOV: "true"

  # For the default QA image, we use $CI_COMMIT_SHA as tag since it's always available and we override it for specific workflow.rules (see above)
  QA_IMAGE: "${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-ee-qa:${CI_COMMIT_SHA}"
  # Default latest tag for particular branch
  QA_IMAGE_BRANCH: "${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-ee-qa:${CI_COMMIT_REF_SLUG}"

  REGISTRY_HOST: "registry.gitlab.com"
  REGISTRY_GROUP: "gitlab-org"

  # Preparing custom clone path to reduce space used by all random forks
  # on GitLab.com's Shared Runners. Our main forks - especially the security
  # ones - will have this variable overwritten in the project settings, so that
  # a security-related code or code using our protected variables will be never
  # stored on the same path as the community forks.
  # Part of the solution for the `no space left on device` problem described at
  # https://gitlab.com/gitlab-org/gitlab/issues/197876.
  #
  # For this purpose the https://gitlab.com/gitlab-org-forks group was created
  # to host a placeholder for the `/builds/gitlab-org-forks` path and ensure
  # that no legitimate project will ever use it and - by mistake - execute its
  # job on a shared working directory. It also requires proper configuration of
  # the Runner that executes the job (which was prepared for our shared runners
  # by https://ops.gitlab.net/gitlab-cookbooks/chef-repo/-/merge_requests/3977).
  #
  # Because of all of that PLEASE DO NOT CHANGE THE PATH.
  #
  # For more details and reasoning that brought this change please check
  # https://gitlab.com/gitlab-org/gitlab/-/merge_requests/24887
  GIT_CLONE_PATH: "/builds/gitlab-org-forks/${CI_PROJECT_NAME}"

include:
  - local: .gitlab/ci/*.gitlab-ci.yml
  - remote: 'https://gitlab.com/gitlab-org/frontend/untamper-my-lockfile/-/raw/main/.gitlab-ci-template.yml'