path: root/.gitlab/ci/review.gitlab-ci.yml

review-cleanup:
  extends:
    - .default-retry
    - .review:rules:review-cleanup
  image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-helm3-kubectl1.14
  stage: prepare
  environment:
    name: review/auto-cleanup
    action: stop
  before_script:
    - source scripts/utils.sh
    - source scripts/review_apps/gcp_cleanup.sh
    - install_gitlab_gem
    - setup_gcp_dependencies
  script:
    - ruby -rrubygems scripts/review_apps/automated_cleanup.rb
    - gcp_cleanup

.base-before_script: &base-before_script
  - source ./scripts/utils.sh
  - source ./scripts/review_apps/review-apps.sh
  - install_api_client_dependencies_with_apk

review-build-cng:
  extends:
    - .default-retry
    - .review:rules:review-build-cng
  image: ruby:2.7-alpine
  stage: review-prepare
  before_script:
    - source ./scripts/utils.sh
    - install_api_client_dependencies_with_apk
    - install_gitlab_gem
  needs:
    - job: compile-production-assets
      artifacts: false
  script:
    - BUILD_TRIGGER_TOKEN=$REVIEW_APPS_BUILD_TRIGGER_TOKEN ./scripts/trigger-build cng
    # When the job is manual, review-deploy is also manual and we don't want people
    # to have to manually start the jobs in sequence, so we do it for them.
    - '[ -z $CI_JOB_MANUAL ] || scripts/api/play_job --job-name "review-deploy"'

.review-workflow-base:
  extends:
    - .default-retry
  image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-helm3-kubectl1.14
  variables:
    HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}"
    REVIEW_APPS_DOMAIN: "temp.gitlab-review.app"  # FIXME: using temporary domain
    DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}"
    GITLAB_HELM_CHART_REF: "v4.3.0"
  environment:
    name: review/${CI_COMMIT_REF_SLUG}${FREQUENCY}
    url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}
    on_stop: review-stop
    auto_stop_in: 48 hours

review-deploy:
  extends:
    - .review-workflow-base
    - .review:rules:review-deploy
  stage: review
  dependencies: []
  resource_group: "review/${CI_COMMIT_REF_NAME}"
  before_script:
    - export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION)
    - export GITALY_VERSION=$(<GITALY_SERVER_VERSION)
    - export GITLAB_WORKHORSE_VERSION=$(<GITLAB_WORKHORSE_VERSION)
    - echo "${CI_ENVIRONMENT_URL}" > environment_url.txt
    - *base-before_script
  script:
    - check_kube_domain
    - ensure_namespace
    - install_external_dns
    - download_chart
    - date
    - deploy || (display_deployment_debug && exit 1)
    - disable_sign_ups || (delete_release && exit 1)
    # When the job is manual, review-qa-smoke is also manual and we don't want people
    # to have to manually start the jobs in sequence, so we do it for them.
    - '[ -z $CI_JOB_MANUAL ] || scripts/api/play_job --job-name "review-qa-smoke"'
    - '[ -z $CI_JOB_MANUAL ] || scripts/api/play_job --job-name "review-performance"'
  after_script:
    # Run seed-dast-test-data.sh only when DAST_RUN is set to true. This is to pupulate review app with data for DAST scan.
    # Set DAST_RUN to true when jobs are manually scheduled.
    - if [ "$DAST_RUN" == "true" ]; then source scripts/review_apps/seed-dast-test-data.sh; TRACE=1 trigger_proj_user_creation; fi
  artifacts:
    paths: [environment_url.txt]
    expire_in: 7 days
    when: always

.review-stop-base:
  extends: .review-workflow-base
  environment:
    action: stop
  dependencies: []
  variables:
    # We're cloning the repo instead of downloading the script for now
    # because some repos are private and CI_JOB_TOKEN cannot access files.
    # See https://gitlab.com/gitlab-org/gitlab/issues/191273
    GIT_DEPTH: 1
  before_script:
    - *base-before_script

review-stop-failed-deployment:
  extends:
    - .review-stop-base
    - .review:rules:review-stop-failed-deployment
  stage: prepare
  script:
    - delete_failed_release

review-stop:
  extends:
    - .review-stop-base
    - .review:rules:review-stop
  stage: post-qa
  script:
    - delete_release

.review-qa-base:
  extends:
    - .default-retry
    - .use-docker-in-docker
  image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-qa-alpine-ruby-2.7
  stage: qa
  # This is needed so that manual jobs with needs don't block the pipeline.
  # See https://gitlab.com/gitlab-org/gitlab/-/issues/199979.
  dependencies: ["review-deploy"]
  variables:
    QA_ARTIFACTS_DIR: "${CI_PROJECT_DIR}/qa"
    QA_CAN_TEST_GIT_PROTOCOL_V2: "false"
    QA_DEBUG: "true"
    GITLAB_USERNAME: "root"
    GITLAB_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}"
    GITLAB_ADMIN_USERNAME: "root"
    GITLAB_ADMIN_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}"
    GITHUB_ACCESS_TOKEN: "${REVIEW_APPS_QA_GITHUB_ACCESS_TOKEN}"
    EE_LICENSE: "${REVIEW_APPS_EE_LICENSE}"
    SIGNUP_DISABLED: "true"
  before_script:
    - export QA_IMAGE="${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-ee-qa:${CI_COMMIT_REF_SLUG}"
    - export CI_ENVIRONMENT_URL="$(cat environment_url.txt)"
    - echo "${CI_ENVIRONMENT_URL}"
    - echo "${QA_IMAGE}"
    - *base-before_script
    - gem install gitlab-qa --no-document ${GITLAB_QA_VERSION:+ --version ${GITLAB_QA_VERSION}}
  artifacts:
    paths:
      - ./qa/gitlab-qa-run-*
    expire_in: 7 days
    when: always

review-qa-smoke:
  extends:
    - .review-qa-base
    - .review:rules:review-qa-smoke
  script:
    - gitlab-qa Test::Instance::Smoke "${QA_IMAGE}" "${CI_ENVIRONMENT_URL}"

review-qa-all:
  extends:
    - .review-qa-base
    - .review:rules:mr-only-manual
  parallel: 5
  script:
    - export KNAPSACK_REPORT_PATH=knapsack/master_report.json
    - export KNAPSACK_TEST_FILE_PATTERN=qa/specs/features/**/*_spec.rb
    - gitlab-qa Test::Instance::Any "${QA_IMAGE}" "${CI_ENVIRONMENT_URL}" -- --format RspecJunitFormatter --out tmp/rspec-${CI_JOB_ID}.xml --format html --out tmp/rspec.htm --color --format documentation

review-performance:
  extends:
    - .default-retry
    - .review:rules:review-performance
  image:
    name: sitespeedio/sitespeed.io
    entrypoint: [""]
  stage: qa
  # This is needed so that manual jobs with needs don't block the pipeline.
  # See https://gitlab.com/gitlab-org/gitlab/-/issues/199979.
  dependencies: ["review-deploy"]
  before_script:
    - export CI_ENVIRONMENT_URL="$(cat environment_url.txt)"
    - echo "${CI_ENVIRONMENT_URL}"
    - mkdir -p gitlab-exporter
    - wget -O ./gitlab-exporter/index.js https://gitlab.com/gitlab-org/gl-performance/raw/master/index.js
    - mkdir -p sitespeed-results
  script:
    - /start.sh --plugins.add ./gitlab-exporter --outputFolder sitespeed-results "${CI_ENVIRONMENT_URL}"
  after_script:
    - mv sitespeed-results/data/performance.json performance.json
  artifacts:
    paths:
      - sitespeed-results/
    reports:
      performance: performance.json
    expire_in: 31d

parallel-spec-reports:
  extends:
    - .review:rules:mr-only-manual
  image: ruby:2.7-alpine
  stage: post-qa
  dependencies: ["review-qa-all"]
  variables:
    NEW_PARALLEL_SPECS_REPORT: qa/report-new.html
    BASE_ARTIFACT_URL: "${CI_PROJECT_URL}/-/jobs/${CI_JOB_ID}/artifacts/file/qa/"
  script:
    - apk add --update build-base libxml2-dev libxslt-dev && rm -rf /var/cache/apk/*
    - gem install nokogiri --no-document
    - cd qa/gitlab-qa-run-*/gitlab-*
    - ARTIFACT_DIRS=$(pwd |rev| awk -F / '{print $1,$2}' | rev | sed s_\ _/_)
    - cd -
    - '[[ -f $NEW_PARALLEL_SPECS_REPORT ]] || echo "{}" > ${NEW_PARALLEL_SPECS_REPORT}'
    - scripts/merge-html-reports ${NEW_PARALLEL_SPECS_REPORT} ${BASE_ARTIFACT_URL}${ARTIFACT_DIRS} qa/gitlab-qa-run-*/**/rspec.htm
  artifacts:
    when: always
    paths:
      - qa/report-new.html
      - qa/gitlab-qa-run-*
    reports:
      junit: qa/gitlab-qa-run-*/**/rspec-*.xml
    expire_in: 31d

danger-review:
  extends:
    - .default-retry
    - .yarn-cache
    - .review:rules:danger
  image: registry.gitlab.com/gitlab-org/gitlab-build-images:danger
  stage: test
  needs: []
  script:
    - source ./scripts/utils.sh
    - run_timed_command "retry yarn install --frozen-lockfile"
    - danger --fail-on-errors=true --verbose