2022-11-25 23:54:43 +05:30
default :
interruptible : true
2021-11-18 22:05:49 +05:30
stages :
- prepare
- deploy
- qa
- post-qa
- dast
include :
- local : .gitlab/ci/global.gitlab-ci.yml
2022-10-11 01:57:18 +05:30
- local : .gitlab/ci/review-apps/rules.gitlab-ci.yml
2021-11-18 22:05:49 +05:30
- local : .gitlab/ci/review-apps/qa.gitlab-ci.yml
- local : .gitlab/ci/review-apps/dast.gitlab-ci.yml
2022-11-25 23:54:43 +05:30
- local : .gitlab/ci/review-apps/dast-api.gitlab-ci.yml
2021-11-18 22:05:49 +05:30
.base-before_script : &base-before_script
- source ./scripts/utils.sh
- source ./scripts/review_apps/review-apps.sh
2022-11-25 23:54:43 +05:30
dont-interrupt-me :
extends : .rules:dont-interrupt
stage : prepare
interruptible : false
script :
- echo "This jobs makes sure this pipeline won't be interrupted! See https://docs.gitlab.com/ee/ci/yaml/#interruptible."
2022-04-04 11:22:00 +05:30
review-build-cng-env :
2021-11-18 22:05:49 +05:30
extends :
- .default-retry
- .review:rules:review-build-cng
2023-04-23 21:23:45 +05:30
image : ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}-alpine3.16
2021-11-18 22:05:49 +05:30
stage : prepare
2023-03-04 22:38:38 +05:30
needs :
# We need this job because we need its `cached-assets-hash.txt` artifact, so that we can pass the assets image tag to the downstream CNG pipeline.
- pipeline : $PARENT_PIPELINE_ID
job : build-assets-image
variables :
BUILD_ENV : build.env
2021-11-18 22:05:49 +05:30
before_script :
- source ./scripts/utils.sh
- install_gitlab_gem
script :
2023-03-04 22:38:38 +05:30
- 'ruby -r./scripts/trigger-build.rb -e "puts Trigger.variables_for_env_file(Trigger::CNG.new.variables)" > $BUILD_ENV'
- echo "GITLAB_ASSETS_TAG=$(assets_image_tag)" >> $BUILD_ENV
2023-01-13 00:05:48 +05:30
- ruby -e 'puts "FULL_RUBY_VERSION=#{RUBY_VERSION}"' >> build.env
2023-03-04 22:38:38 +05:30
- cat $BUILD_ENV
2022-04-04 11:22:00 +05:30
artifacts :
reports :
2023-03-04 22:38:38 +05:30
dotenv : $BUILD_ENV
2022-04-04 11:22:00 +05:30
paths :
2023-03-04 22:38:38 +05:30
- $BUILD_ENV
2022-04-04 11:22:00 +05:30
expire_in : 7 days
when : always
review-build-cng :
extends : .review:rules:review-build-cng
stage : prepare
needs : [ "review-build-cng-env" ]
inherit :
variables : false
variables :
TOP_UPSTREAM_SOURCE_PROJECT : "${TOP_UPSTREAM_SOURCE_PROJECT}"
TOP_UPSTREAM_SOURCE_REF : "${TOP_UPSTREAM_SOURCE_REF}"
TOP_UPSTREAM_SOURCE_JOB : "${TOP_UPSTREAM_SOURCE_JOB}"
TOP_UPSTREAM_SOURCE_SHA : "${TOP_UPSTREAM_SOURCE_SHA}"
TOP_UPSTREAM_MERGE_REQUEST_PROJECT_ID : "${TOP_UPSTREAM_MERGE_REQUEST_PROJECT_ID}"
TOP_UPSTREAM_MERGE_REQUEST_IID : "${TOP_UPSTREAM_MERGE_REQUEST_IID}"
GITLAB_REF_SLUG : "${GITLAB_REF_SLUG}"
# CNG pipeline specific variables
GITLAB_VERSION : "${GITLAB_VERSION}"
GITLAB_TAG : "${GITLAB_TAG}"
GITLAB_ASSETS_TAG : "${GITLAB_ASSETS_TAG}"
FORCE_RAILS_IMAGE_BUILDS : "${FORCE_RAILS_IMAGE_BUILDS}"
CE_PIPELINE : "${CE_PIPELINE}" # Based on https://docs.gitlab.com/ee/ci/jobs/job_control.html#check-if-a-variable-exists, `if: '$CE_PIPELINE'` will evaluate to `false` when this variable is empty
EE_PIPELINE : "${EE_PIPELINE}" # Based on https://docs.gitlab.com/ee/ci/jobs/job_control.html#check-if-a-variable-exists, `if: '$EE_PIPELINE'` will evaluate to `false` when this variable is empty
GITLAB_ELASTICSEARCH_INDEXER_VERSION : "${GITLAB_ELASTICSEARCH_INDEXER_VERSION}"
GITLAB_KAS_VERSION : "${GITLAB_KAS_VERSION}"
2023-01-13 00:05:48 +05:30
GITLAB_METRICS_EXPORTER_VERSION : "${GITLAB_METRICS_EXPORTER_VERSION}"
2022-04-04 11:22:00 +05:30
GITLAB_PAGES_VERSION : "${GITLAB_PAGES_VERSION}"
2023-01-13 00:05:48 +05:30
GITLAB_SHELL_VERSION : "${GITLAB_SHELL_VERSION}"
GITLAB_WORKHORSE_VERSION : "${GITLAB_WORKHORSE_VERSION}"
2022-04-04 11:22:00 +05:30
GITALY_SERVER_VERSION : "${GITALY_SERVER_VERSION}"
2023-01-13 00:05:48 +05:30
RUBY_VERSION : "${FULL_RUBY_VERSION}"
2022-04-04 11:22:00 +05:30
trigger :
project : gitlab-org/build/CNG-mirror
branch : $TRIGGER_BRANCH
strategy : depend
2021-11-18 22:05:49 +05:30
.review-workflow-base :
2022-08-27 11:52:29 +05:30
image : ${REVIEW_APPS_IMAGE}
2023-05-27 22:25:52 +05:30
retry :
max : 2 # This is confusing but this means "3 runs at max"
2021-11-18 22:05:49 +05:30
variables :
HOST_SUFFIX : "${CI_ENVIRONMENT_SLUG}"
DOMAIN : "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}"
2023-05-27 22:25:52 +05:30
GITLAB_HELM_CHART_REF : "febc4ad69acb7bba0eeb4a62daa577d0b7c3ee71" # 6.9.1: https://gitlab.com/gitlab-org/charts/gitlab/-/commit/febc4ad69acb7bba0eeb4a62daa577d0b7c3ee71
2021-11-18 22:05:49 +05:30
environment :
2023-01-13 00:05:48 +05:30
name : review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # No separator for SCHEDULE_TYPE so it's compatible as before and looks nice without it
2021-11-18 22:05:49 +05:30
url : https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}
2023-04-23 21:23:45 +05:30
on_stop : trigger-review-stop
2021-11-18 22:05:49 +05:30
review-deploy :
extends :
- .review-workflow-base
- .review:rules:review-deploy
stage : deploy
2023-04-23 21:23:45 +05:30
image : ${GITLAB_DEPENDENCY_PROXY_ADDRESS}dtzar/helm-kubectl:3.9.3
needs :
- review-build-cng
- review-delete-deployment # We always want to start from a clean slate (i.e. no helm release, no k8s namespace)
2022-11-25 23:54:43 +05:30
cache :
key : "review-deploy-dependencies-charts-${GITLAB_HELM_CHART_REF}-v1"
paths :
- "gitlab-${GITLAB_HELM_CHART_REF}"
2023-03-04 22:38:38 +05:30
environment :
action : start
2021-11-18 22:05:49 +05:30
before_script :
- export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION)
- export GITALY_VERSION=$(<GITALY_SERVER_VERSION)
- export GITLAB_WORKHORSE_VERSION=$(<GITLAB_WORKHORSE_VERSION)
- echo "${CI_ENVIRONMENT_URL}" > environment_url.txt
2022-10-11 01:57:18 +05:30
- echo "QA_GITLAB_URL=${CI_ENVIRONMENT_URL}" > environment.env
2021-11-18 22:05:49 +05:30
- *base-before_script
2023-03-04 22:38:38 +05:30
- !reference [".use-kube-context", before_script]
2021-11-18 22:05:49 +05:30
script :
2023-01-13 00:05:48 +05:30
- run_timed_command "check_kube_domain"
- run_timed_command "download_chart"
- run_timed_command "deploy" || (display_deployment_debug && exit 1)
2023-03-04 22:38:38 +05:30
- run_timed_command "verify_deploy" || (display_deployment_debug && exit 1)
- run_timed_command "disable_sign_ups" || (display_deployment_debug && exit 1)
2023-03-17 16:20:25 +05:30
- run_timed_command "verify_commit_sha" || (display_deployment_debug && exit 1)
2021-11-18 22:05:49 +05:30
after_script :
# Run seed-dast-test-data.sh only when DAST_RUN is set to true. This is to pupulate review app with data for DAST scan.
# Set DAST_RUN to true when jobs are manually scheduled.
- if [ "$DAST_RUN" == "true" ]; then source scripts/review_apps/seed-dast-test-data.sh; TRACE=1 trigger_proj_user_creation; fi
artifacts :
paths :
- environment_url.txt
2023-03-04 22:38:38 +05:30
- curl-logs/
2022-10-11 01:57:18 +05:30
reports :
dotenv : environment.env
2021-11-18 22:05:49 +05:30
expire_in : 7 days
when : always
2022-10-11 01:57:18 +05:30
review-deploy-sample-projects :
extends :
- .review-workflow-base
- .review:rules:review-deploy
stage : deploy
needs : [ "review-deploy" ]
2023-03-04 22:38:38 +05:30
environment :
action : prepare
2022-10-11 01:57:18 +05:30
before_script :
- export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION)
- export GITALY_VERSION=$(<GITALY_SERVER_VERSION)
- export GITLAB_WORKHORSE_VERSION=$(<GITLAB_WORKHORSE_VERSION)
- echo "${CI_ENVIRONMENT_URL}" > environment_url.txt
- *base-before_script
2023-03-04 22:38:38 +05:30
- !reference [".use-kube-context", before_script]
2022-10-11 01:57:18 +05:30
script :
- date
- create_sample_projects
2021-11-18 22:05:49 +05:30
.review-stop-base :
extends : .review-workflow-base
environment :
action : stop
variables :
# We're cloning the repo instead of downloading the script for now
# because some repos are private and CI_JOB_TOKEN cannot access files.
# See https://gitlab.com/gitlab-org/gitlab/issues/191273
GIT_DEPTH : 1
review-delete-deployment :
extends :
- .review-stop-base
- .review:rules:review-delete-deployment
2023-04-23 21:23:45 +05:30
dependencies : [ ]
2021-11-18 22:05:49 +05:30
stage : prepare
2023-04-23 21:23:45 +05:30
before_script :
- source ./scripts/utils.sh
- source ./scripts/review_apps/review-apps.sh
- !reference [".use-kube-context", before_script]
2021-11-18 22:05:49 +05:30
script :
2023-04-23 21:23:45 +05:30
- retry delete_helm_release
2021-11-18 22:05:49 +05:30
2023-04-23 21:23:45 +05:30
trigger-review-stop :
2021-11-18 22:05:49 +05:30
extends :
- .review-stop-base
2023-04-23 21:23:45 +05:30
- .review:rules:trigger-review-stop
2021-12-11 22:18:48 +05:30
stage : deploy
needs : [ ]
2023-04-23 21:23:45 +05:30
before_script :
- source ./scripts/utils.sh
- install_gitlab_gem
2021-11-18 22:05:49 +05:30
script :
2023-04-23 21:23:45 +05:30
- review_stop_job_id="$(scripts/api/get_job_id.rb --pipeline-id "${PARENT_PIPELINE_ID}" --job-name "review-stop")"
- |
curl --request POST --header "Private-Token: ${PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/jobs/${review_stop_job_id}/play"