############## # Conditions # ############## .if-not-canonical-namespace: &if-not-canonical-namespace if: '$CI_PROJECT_NAMESPACE !~ /^gitlab(-org)?($|\/)/' .if-not-ee: &if-not-ee if: '$CI_PROJECT_NAME !~ /^gitlab(-ee)?$/' .if-not-foss: &if-not-foss if: '$CI_PROJECT_NAME != "gitlab-foss" && $CI_PROJECT_NAME != "gitlab-ce" && $CI_PROJECT_NAME != "gitlabhq"' .if-default-refs: &if-default-refs if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH || $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable(-ee)?$/ || $CI_COMMIT_REF_NAME =~ /^\d+-\d+-auto-deploy-\d+$/ || $CI_COMMIT_REF_NAME =~ /^security\// || $CI_MERGE_REQUEST_IID || $CI_COMMIT_TAG || $FORCE_GITLAB_CI' .if-default-branch-refs: &if-default-branch-refs if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH' .if-default-branch-push: &if-default-branch-push if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "push"' .if-default-branch-schedule-2-hourly: &if-default-branch-schedule-2-hourly if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "schedule" && $FREQUENCY == "2-hourly"' .if-default-branch-schedule-nightly: &if-default-branch-schedule-nightly if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "schedule" && $FREQUENCY == "nightly"' .if-auto-deploy-branches: &if-auto-deploy-branches if: '$CI_COMMIT_BRANCH =~ /^\d+-\d+-auto-deploy-\d+$/' .if-default-branch-or-tag: &if-default-branch-or-tag if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH || $CI_COMMIT_TAG' .if-merge-request: &if-merge-request if: '$CI_MERGE_REQUEST_IID' .if-merge-request-title-as-if-foss: &if-merge-request-title-as-if-foss if: '$CI_MERGE_REQUEST_TITLE =~ /RUN AS-IF-FOSS/' .if-merge-request-title-update-caches: &if-merge-request-title-update-caches if: '$CI_MERGE_REQUEST_TITLE =~ /UPDATE CACHE/' .if-merge-request-title-run-all-rspec: &if-merge-request-title-run-all-rspec if: '$CI_MERGE_REQUEST_TITLE =~ /RUN ALL RSPEC/' .if-security-merge-request: &if-security-merge-request if: '$CI_PROJECT_NAMESPACE == "gitlab-org/security" && $CI_MERGE_REQUEST_IID' .if-security-schedule: &if-security-schedule if: '$CI_PROJECT_NAMESPACE == "gitlab-org/security" && $CI_PIPELINE_SOURCE == "schedule"' .if-dot-com-gitlab-org-schedule: &if-dot-com-gitlab-org-schedule if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_PIPELINE_SOURCE == "schedule"' .if-dot-com-gitlab-org-default-branch: &if-dot-com-gitlab-org-default-branch if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH' .if-dot-com-gitlab-org-merge-request: &if-dot-com-gitlab-org-merge-request if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_MERGE_REQUEST_IID' .if-dot-com-gitlab-org-and-security-merge-request: &if-dot-com-gitlab-org-and-security-merge-request if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && $CI_MERGE_REQUEST_IID' .if-dot-com-gitlab-org-and-security-tag: &if-dot-com-gitlab-org-and-security-tag if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && $CI_COMMIT_TAG' .if-dot-com-ee-schedule: &if-dot-com-ee-schedule if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "schedule"' .if-cache-credentials-schedule: &if-cache-credentials-schedule if: '$CI_REPO_CACHE_CREDENTIALS && $CI_PIPELINE_SOURCE == "schedule"' .if-merge-request-rspec-minimal-disabled: &if-merge-request-rspec-minimal-disabled if: '$CI_MERGE_REQUEST_IID && $RSPEC_MINIMAL_ENABLED != "true"' .if-rspec-fail-fast-disabled: &if-rspec-fail-fast-disabled if: '$RSPEC_FAIL_FAST_ENABLED != "true"' .if-rspec-fail-fast-skipped: &if-rspec-fail-fast-skipped if: '$CI_MERGE_REQUEST_TITLE =~ /SKIP RSPEC FAIL-FAST/' # For Security merge requests, the gitlab-release-tools-bot triggers a new # pipeline for the "Pipelines for merged results" feature. If the pipeline # fails, we notify release managers. .if-security-pipeline-merge-result: &if-security-pipeline-merge-result if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH && $CI_PROJECT_NAMESPACE == "gitlab-org/security" && $GITLAB_USER_LOGIN == "gitlab-release-tools-bot"' #################### # Changes patterns # #################### .ci-patterns: &ci-patterns - ".gitlab-ci.yml" - ".gitlab/ci/**/*" .ci-build-images-patterns: &ci-build-images-patterns - ".gitlab-ci.yml" - ".gitlab/ci/build-images.gitlab-ci.yml" .ci-review-patterns: &ci-review-patterns - ".gitlab-ci.yml" - ".gitlab/ci/frontend.gitlab-ci.yml" - ".gitlab/ci/build-images.gitlab-ci.yml" - ".gitlab/ci/review.gitlab-ci.yml" - "scripts/review_apps/base-config.yaml" - "scripts/review_apps/review-apps.sh" - "scripts/trigger-build" .ci-qa-patterns: &ci-qa-patterns - ".gitlab-ci.yml" - ".gitlab/ci/frontend.gitlab-ci.yml" - ".gitlab/ci/build-images.gitlab-ci.yml" - ".gitlab/ci/qa.gitlab-ci.yml" .gitaly-patterns: &gitaly-patterns - "GITALY_SERVER_VERSION" .workhorse-patterns: &workhorse-patterns - "GITLAB_WORKHORSE_VERSION" - "workhorse/**/*" - ".gitlab/ci/workhorse.gitlab-ci.yml" .yaml-lint-patterns: &yaml-lint-patterns - ".gitlab-ci.yml" - ".gitlab/ci/**/*.yml" - "lib/gitlab/ci/templates/**/*.yml" - "{,ee/,jh/}changelogs/**/*.yml" .docs-patterns: &docs-patterns - ".gitlab/route-map.yml" - "doc/**/*" - ".markdownlint.yml" - "scripts/lint-doc.sh" .frontend-dependency-patterns: &frontend-dependency-patterns - "{package.json,yarn.lock}" - "config/webpack.config.js" - "config/helpers/*.js" .frontend-build-patterns: &frontend-build-patterns - "{package.json,yarn.lock}" - "babel.config.js" - "config/webpack.config.js" - "config/**/*.js" - "vendor/assets/**/*" - "{,ee/,jh/}app/assets/**/*" .frontend-patterns: &frontend-patterns - "{package.json,yarn.lock}" - "babel.config.js" - "jest.config.{base,integration,unit}.js" - ".csscomb.json" - "Dockerfile.assets" - "config/**/*.js" - "vendor/assets/**/*" - "{,ee/,jh/}{app/assets,app/helpers,app/presenters,app/views,locale,public,symbol}/**/*" .startup-css-patterns: &startup-css-patterns - "{,ee/,jh/}app/assets/stylesheets/startup/**/*" .backend-patterns: &backend-patterns - "Gemfile{,.lock}" - "Rakefile" - "config.ru" # List explicitly all the app/ dirs that are backend (i.e. all except app/assets). - "{,ee/,jh/}{app/channels,app/controllers,app/finders,app/graphql,app/helpers,app/mailers,app/models,app/policies,app/presenters,app/serializers,app/services,app/uploaders,app/validators,app/views,app/workers}/**/*" - "{,ee/,jh/}{bin,cable,config,db,lib}/**/*" - "{,ee/,jh/}spec/**/*.rb" # CI changes - ".gitlab-ci.yml" - ".gitlab/ci/**/*" - "*_VERSION" .db-patterns: &db-patterns - "{,ee/,jh/}{,spec/}{db,migrations}/**/*" - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database/**/*" - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database{,_spec}.rb" - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/background_migration/**/*" - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/background_migration{,_spec}.rb" - "{,ee/,jh/}spec/support/helpers/database/**/*" - "config/prometheus/common_metrics.yml" # Used by Gitlab::DatabaseImporters::CommonMetrics::Importer - "{,ee/,jh/}app/models/project_statistics.rb" # Used to calculate sizes in migration specs # CI changes - ".gitlab-ci.yml" - ".gitlab/ci/**/*" .db-library-patterns: &db-library-patterns - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database/**/*" - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database{,_spec}.rb" - "{,ee/,jh/}spec/support/helpers/database/**/*" .backstage-patterns: &backstage-patterns - "Dangerfile" - "danger/**/*" - "{,ee/,jh/}fixtures/**/*" - "{,ee/,jh/}rubocop/**/*" - "{,ee/,jh/}spec/**/*" - "{,spec/}tooling/**/*" .code-patterns: &code-patterns - "{package.json,yarn.lock}" - "babel.config.js" - "jest.config.{base,integration,unit}.js" - ".csscomb.json" - "Dockerfile.assets" - "vendor/assets/**/*" # CI changes - ".gitlab-ci.yml" - ".gitlab/ci/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,rubocop_manual_todo}.yml" - "*_VERSION" - "Gemfile{,.lock}" - "Rakefile" - "tests.yml" - "config.ru" - "{,ee/,jh/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" - "doc/api/graphql/reference/*" # Files in this folder are auto-generated - "data/whats_new/*.yml" .qa-patterns: &qa-patterns - ".dockerignore" - "qa/**/*" .code-backstage-patterns: &code-backstage-patterns - "{package.json,yarn.lock}" - "babel.config.js" - "jest.config.{base,integration,unit}.js" - ".csscomb.json" - "Dockerfile.assets" - "vendor/assets/**/*" # CI changes - ".gitlab-ci.yml" - ".gitlab/ci/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,rubocop_manual_todo}.yml" - "*_VERSION" - "Gemfile{,.lock}" - "Rakefile" - "tests.yml" - "config.ru" - "{,ee/,jh/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" - "doc/api/graphql/reference/*" # Files in this folder are auto-generated - "data/whats_new/*.yml" # Backstage changes - "Dangerfile" - "danger/**/*" - "{,ee/,jh/}fixtures/**/*" - "{,ee/,jh/}rubocop/**/*" - "{,ee/,jh/}spec/**/*" - "{,spec/}tooling/**/*" .code-qa-patterns: &code-qa-patterns - "{package.json,yarn.lock}" - "babel.config.js" - "jest.config.{base,integration,unit}.js" - ".csscomb.json" - "Dockerfile.assets" - "vendor/assets/**/*" # CI changes - ".gitlab-ci.yml" - ".gitlab/ci/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,rubocop_manual_todo}.yml" - "*_VERSION" - "Gemfile{,.lock}" - "Rakefile" - "tests.yml" - "config.ru" - "{,ee/,jh/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" - "doc/api/graphql/reference/*" # Files in this folder are auto-generated - "data/whats_new/*.yml" # QA changes - ".dockerignore" - "qa/**/*" .code-backstage-qa-patterns: &code-backstage-qa-patterns - "{package.json,yarn.lock}" - "babel.config.js" - "jest.config.{base,integration,unit}.js" - ".csscomb.json" - "Dockerfile.assets" - "vendor/assets/**/*" # CI changes - ".gitlab-ci.yml" - ".gitlab/ci/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,rubocop_manual_todo}.yml" - "*_VERSION" - "Gemfile{,.lock}" - "Rakefile" - "tests.yml" - "config.ru" - "{,ee/,jh/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" - "doc/api/graphql/reference/*" # Files in this folder are auto-generated - "data/whats_new/*.yml" # Backstage changes - "Dangerfile" - "danger/**/*" - "{,ee/,jh/}fixtures/**/*" - "{,ee/,jh/}rubocop/**/*" - "{,ee/,jh/}spec/**/*" - "{,spec/}tooling/**/*" # QA changes - ".dockerignore" - "qa/**/*" ################ # Shared rules # ################ .shared:rules:update-cache: rules: - <<: *if-default-branch-schedule-2-hourly - <<: *if-security-schedule - <<: *if-merge-request-title-update-caches .shared:rules:update-gitaly-binaries-cache: rules: - <<: *if-merge-request-title-update-caches - changes: *gitaly-patterns ###################### # Build images rules # ###################### .build-images:rules:build-qa-image: rules: - <<: *if-not-ee when: never - <<: *if-dot-com-gitlab-org-and-security-merge-request changes: *ci-build-images-patterns - <<: *if-dot-com-gitlab-org-and-security-merge-request changes: *code-qa-patterns - <<: *if-dot-com-gitlab-org-default-branch changes: *code-qa-patterns - <<: *if-dot-com-gitlab-org-schedule .build-images:rules:build-assets-image: rules: - <<: *if-not-canonical-namespace when: never - <<: *if-auto-deploy-branches - changes: *ci-build-images-patterns - changes: *code-qa-patterns #################### # Cache repo rules # #################### .cache-repo:rules: rules: - <<: *if-cache-credentials-schedule allow_failure: true ############# # CNG rules # ############# .cng:rules: rules: - <<: *if-dot-com-gitlab-org-and-security-tag when: manual allow_failure: true ################## # Delivery rules # ################## .delivery:rules:security-pipeline-merge-result-failure: rules: - <<: *if-security-pipeline-merge-result when: on_failure ###################### # Dev fixtures rules # ###################### .dev-fixtures:rules:ee-and-foss: rules: - <<: *if-default-refs changes: *code-backstage-patterns when: on_success .dev-fixtures:rules:ee-only: rules: - <<: *if-not-ee when: never - <<: *if-default-refs changes: *code-backstage-patterns when: on_success ############## # Docs rules # ############## .docs:rules:review-docs: rules: - <<: *if-dot-com-gitlab-org-merge-request changes: *docs-patterns when: manual allow_failure: true .docs:rules:docs-lint: rules: - <<: *if-default-refs changes: *docs-patterns when: on_success ################## # GraphQL rules # ################## .graphql:rules:graphql-verify: rules: - <<: *if-not-ee when: never - <<: *if-default-refs changes: *code-backstage-qa-patterns when: on_success ################## # Frontend rules # ################## .frontend:rules:compile-production-assets: rules: - <<: *if-not-canonical-namespace when: never - <<: *if-auto-deploy-branches - changes: *code-qa-patterns .frontend:rules:compile-test-assets: rules: - changes: *code-backstage-qa-patterns - <<: *if-merge-request-title-run-all-rspec .frontend:rules:compile-test-assets-as-if-foss: rules: - <<: *if-not-ee when: never - <<: *if-merge-request # Always run for MRs since `compile-test-assets as-if-foss` is either needed by `rspec foss-impact` or the `rspec * as-if-foss` jobs. changes: *code-backstage-qa-patterns .frontend:rules:default-frontend-jobs: rules: - <<: *if-default-refs changes: *code-backstage-patterns .frontend:rules:default-frontend-jobs-ee: rules: - <<: *if-not-ee when: never - <<: *if-default-refs changes: *code-backstage-patterns .frontend:rules:default-frontend-jobs-as-if-foss: rules: - <<: *if-not-ee when: never - <<: *if-security-merge-request changes: *code-backstage-patterns - <<: *if-merge-request-title-as-if-foss - <<: *if-merge-request-title-run-all-rspec - <<: *if-merge-request changes: *startup-css-patterns - <<: *if-merge-request changes: *ci-patterns .frontend:rules:eslint-as-if-foss: rules: - <<: *if-not-ee when: never - <<: *if-merge-request-title-as-if-foss when: never - <<: *if-merge-request changes: *frontend-patterns .frontend:rules:ee-mr-and-default-branch-only: rules: - <<: *if-not-ee when: never - <<: *if-merge-request changes: *code-backstage-patterns when: always - <<: *if-default-branch-refs changes: *code-backstage-patterns .frontend:rules:qa-frontend-node: rules: - <<: *if-default-branch-refs changes: *frontend-dependency-patterns - <<: *if-merge-request changes: *frontend-dependency-patterns .frontend:rules:qa-frontend-node-latest: rules: - <<: *if-default-branch-refs changes: *frontend-dependency-patterns allow_failure: true - <<: *if-merge-request changes: *frontend-dependency-patterns allow_failure: true .frontend:rules:bundle-size-review: rules: - <<: *if-not-canonical-namespace when: never - if: '$DANGER_GITLAB_API_TOKEN && $CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH' changes: *frontend-build-patterns allow_failure: true ################ # Memory rules # ################ .memory:rules: rules: - <<: *if-default-refs changes: *code-patterns when: on_success ############### # Pages rules # ############### .pages:rules: rules: - <<: *if-not-ee when: never - <<: *if-default-branch-schedule-2-hourly ############ # QA rules # ############ .qa:rules:ee-and-foss: rules: - <<: *if-default-refs changes: *code-qa-patterns when: on_success .qa:rules:as-if-foss: rules: - <<: *if-not-ee when: never - <<: *if-security-merge-request changes: *code-qa-patterns - <<: *if-merge-request-title-as-if-foss - <<: *if-merge-request-title-run-all-rspec - <<: *if-merge-request changes: *ci-patterns .qa:rules:package-and-qa: rules: - <<: *if-not-ee when: never - <<: *if-dot-com-gitlab-org-and-security-merge-request changes: *ci-qa-patterns allow_failure: true - <<: *if-dot-com-gitlab-org-and-security-merge-request changes: *qa-patterns allow_failure: true - <<: *if-dot-com-gitlab-org-and-security-merge-request changes: *code-patterns when: manual allow_failure: true - <<: *if-dot-com-gitlab-org-schedule allow_failure: true ############### # Rails rules # ############### .rails:rules:ee-and-foss-migration: rules: - changes: *db-patterns - <<: *if-merge-request-title-run-all-rspec .rails:rules:ee-and-foss-migration:minimal: rules: - <<: *if-merge-request-rspec-minimal-disabled when: never - <<: *if-merge-request-title-run-all-rspec when: never - <<: *if-merge-request changes: *ci-patterns when: never - <<: *if-merge-request changes: *db-patterns .rails:rules:ee-and-foss-mr-with-migration: rules: - <<: *if-merge-request changes: *db-patterns - <<: *if-merge-request-title-run-all-rspec .rails:rules:db:gitlabcom-database-testing: rules: - if: '$GITLABCOM_DATABASE_TESTING_TRIGGER_TOKEN == null' when: never - <<: *if-merge-request changes: *db-patterns when: manual .rails:rules:ee-and-foss-unit: rules: - changes: *backend-patterns - <<: *if-merge-request-title-run-all-rspec .rails:rules:ee-and-foss-unit:minimal: rules: - <<: *if-merge-request-rspec-minimal-disabled when: never - <<: *if-merge-request-title-run-all-rspec when: never - <<: *if-merge-request changes: *ci-patterns when: never - <<: *if-merge-request changes: *backend-patterns .rails:rules:ee-and-foss-integration: rules: - changes: *backend-patterns - <<: *if-merge-request-title-run-all-rspec .rails:rules:ee-and-foss-integration:minimal: rules: - <<: *if-merge-request-rspec-minimal-disabled when: never - <<: *if-merge-request-title-run-all-rspec when: never - <<: *if-merge-request changes: *ci-patterns when: never - <<: *if-merge-request changes: *backend-patterns .rails:rules:ee-and-foss-system: rules: - changes: *code-backstage-patterns - <<: *if-merge-request-title-run-all-rspec .rails:rules:ee-and-foss-system:minimal: rules: - <<: *if-merge-request-rspec-minimal-disabled when: never - <<: *if-merge-request-title-run-all-rspec when: never - <<: *if-merge-request changes: *ci-patterns when: never - <<: *if-merge-request changes: *code-backstage-patterns .rails:rules:ee-and-foss-fast_spec_helper: rules: - changes: ["config/**/*"] - <<: *if-merge-request-title-run-all-rspec .rails:rules:ee-and-foss-fast_spec_helper:minimal: rules: - <<: *if-merge-request-rspec-minimal-disabled when: never - <<: *if-merge-request-title-run-all-rspec when: never - <<: *if-merge-request changes: *ci-patterns when: never - <<: *if-merge-request changes: ["config/**/*"] .rails:rules:code-backstage-qa: rules: - changes: *code-backstage-qa-patterns - <<: *if-merge-request-title-run-all-rspec .rails:rules:ee-only-migration: rules: - <<: *if-not-ee when: never - changes: *db-patterns - <<: *if-merge-request-title-run-all-rspec .rails:rules:ee-only-migration:minimal: rules: - <<: *if-not-ee when: never - <<: *if-merge-request-rspec-minimal-disabled when: never - <<: *if-merge-request-title-run-all-rspec when: never - <<: *if-merge-request changes: *ci-patterns when: never - <<: *if-merge-request changes: *db-patterns .rails:rules:ee-only-unit: rules: - <<: *if-not-ee when: never - changes: *backend-patterns - <<: *if-merge-request-title-run-all-rspec .rails:rules:ee-only-unit:minimal: rules: - <<: *if-not-ee when: never - <<: *if-merge-request-rspec-minimal-disabled when: never - <<: *if-merge-request-title-run-all-rspec when: never - <<: *if-merge-request changes: *ci-patterns when: never - <<: *if-merge-request changes: *backend-patterns .rails:rules:ee-only-integration: rules: - <<: *if-not-ee when: never - changes: *backend-patterns - <<: *if-merge-request-title-run-all-rspec .rails:rules:ee-only-integration:minimal: rules: - <<: *if-not-ee when: never - <<: *if-merge-request-rspec-minimal-disabled when: never - <<: *if-merge-request-title-run-all-rspec when: never - <<: *if-merge-request changes: *ci-patterns when: never - <<: *if-merge-request changes: *backend-patterns .rails:rules:ee-only-system: rules: - <<: *if-not-ee when: never - changes: *code-backstage-patterns - <<: *if-merge-request-title-run-all-rspec .rails:rules:ee-only-system:minimal: rules: - <<: *if-not-ee when: never - <<: *if-merge-request-rspec-minimal-disabled when: never - <<: *if-merge-request-title-run-all-rspec when: never - <<: *if-merge-request changes: *ci-patterns when: never - <<: *if-merge-request changes: *code-backstage-patterns .rails:rules:as-if-foss-migration: rules: - <<: *if-not-ee when: never - <<: *if-security-merge-request changes: *db-patterns - <<: *if-merge-request-title-as-if-foss changes: *db-patterns - <<: *if-merge-request-title-run-all-rspec - <<: *if-merge-request changes: *ci-patterns .rails:rules:as-if-foss-migration:minimal: rules: - <<: *if-not-ee when: never - <<: *if-merge-request-rspec-minimal-disabled when: never - <<: *if-merge-request changes: *ci-patterns when: never - <<: *if-security-merge-request changes: *db-patterns - <<: *if-merge-request-title-as-if-foss changes: *db-patterns - <<: *if-merge-request-title-run-all-rspec .rails:rules:as-if-foss-unit: rules: - <<: *if-not-ee when: never - <<: *if-security-merge-request changes: *backend-patterns - <<: *if-merge-request-title-as-if-foss changes: *backend-patterns - <<: *if-merge-request-title-run-all-rspec - <<: *if-merge-request changes: *ci-patterns .rails:rules:as-if-foss-unit:minimal: rules: - <<: *if-not-ee when: never - <<: *if-merge-request-rspec-minimal-disabled when: never - <<: *if-merge-request changes: *ci-patterns when: never - <<: *if-security-merge-request changes: *backend-patterns - <<: *if-merge-request-title-as-if-foss changes: *backend-patterns - <<: *if-merge-request-title-run-all-rspec .rails:rules:as-if-foss-integration: rules: - <<: *if-not-ee when: never - <<: *if-security-merge-request changes: *backend-patterns - <<: *if-merge-request-title-as-if-foss changes: *backend-patterns - <<: *if-merge-request-title-run-all-rspec - <<: *if-merge-request changes: *ci-patterns .rails:rules:as-if-foss-integration:minimal: rules: - <<: *if-not-ee when: never - <<: *if-merge-request-rspec-minimal-disabled when: never - <<: *if-merge-request changes: *ci-patterns when: never - <<: *if-security-merge-request changes: *backend-patterns - <<: *if-merge-request-title-as-if-foss changes: *backend-patterns - <<: *if-merge-request-title-run-all-rspec .rails:rules:as-if-foss-system: rules: - <<: *if-not-ee when: never - <<: *if-security-merge-request changes: *code-backstage-patterns - <<: *if-merge-request-title-as-if-foss changes: *code-backstage-patterns - <<: *if-merge-request-title-run-all-rspec - <<: *if-merge-request changes: *ci-patterns .rails:rules:as-if-foss-system:minimal: rules: - <<: *if-not-ee when: never - <<: *if-merge-request-rspec-minimal-disabled when: never - <<: *if-merge-request changes: *ci-patterns when: never - <<: *if-security-merge-request changes: *code-backstage-patterns - <<: *if-merge-request-title-as-if-foss changes: *code-backstage-patterns - <<: *if-merge-request-title-run-all-rspec .rails:rules:ee-and-foss-db-library-code: rules: - changes: *db-library-patterns - <<: *if-merge-request-title-run-all-rspec .rails:rules:ee-mr-and-default-branch-only: rules: - <<: *if-not-ee when: never - <<: *if-merge-request-title-run-all-rspec - <<: *if-merge-request changes: *code-backstage-patterns - <<: *if-default-branch-refs changes: *code-backstage-patterns .rails:rules:detect-tests: rules: - changes: *code-backstage-patterns - <<: *if-merge-request-title-run-all-rspec .rails:rules:rspec-foss-impact: rules: - <<: *if-not-ee when: never - <<: *if-merge-request-title-as-if-foss when: never - <<: *if-security-merge-request changes: *code-backstage-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *code-backstage-patterns .rails:rules:rspec fail-fast: rules: - <<: *if-rspec-fail-fast-disabled when: never - <<: *if-rspec-fail-fast-skipped when: never - <<: *if-not-ee when: never - <<: *if-security-merge-request changes: *code-backstage-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *code-backstage-patterns .rails:rules:fail-pipeline-early: rules: - <<: *if-rspec-fail-fast-disabled when: never - <<: *if-rspec-fail-fast-skipped when: never - <<: *if-not-ee when: never - <<: *if-security-merge-request changes: *code-backstage-patterns when: on_failure - <<: *if-dot-com-gitlab-org-merge-request changes: *code-backstage-patterns when: on_failure .rails:rules:deprecations: rules: - <<: *if-not-ee when: never - <<: *if-default-branch-schedule-nightly - <<: *if-merge-request-title-run-all-rspec .rails:rules:rspec-coverage: rules: - <<: *if-not-ee when: never - <<: *if-merge-request changes: *code-backstage-patterns when: always - <<: *if-default-branch-schedule-2-hourly - <<: *if-merge-request-title-run-all-rspec when: always .rails:rules:rspec-feature-flags: rules: - <<: *if-not-ee when: never - <<: *if-default-branch-schedule-2-hourly allow_failure: true - <<: *if-merge-request-title-run-all-rspec .rails:rules:default-branch-schedule-nightly--code-backstage: rules: - <<: *if-default-branch-schedule-nightly - <<: *if-merge-request changes: [".gitlab/ci/rails.gitlab-ci.yml"] .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only: rules: - <<: *if-not-ee when: never - <<: *if-default-branch-schedule-nightly - <<: *if-merge-request changes: [".gitlab/ci/rails.gitlab-ci.yml"] ######################### # Static analysis rules # ######################### .static-analysis:rules:ee-and-foss: rules: - changes: *code-backstage-qa-patterns .static-analysis:rules:as-if-foss: rules: - <<: *if-not-ee when: never - <<: *if-merge-request-title-as-if-foss changes: *code-backstage-qa-patterns - <<: *if-security-merge-request changes: *code-backstage-qa-patterns - <<: *if-merge-request changes: *ci-patterns ####################### # Vendored gems rules # ####################### .vendor:rules:mail-smtp_pool: rules: - <<: *if-merge-request changes: ["vendor/gems/mail-smtp_pool/**/*"] - <<: *if-merge-request-title-run-all-rspec ################## # Releases rules # ################## .releases:rules:canonical-dot-com-gitlab-stable-branch-only: rules: - if: '$CI_COMMIT_MESSAGE =~ /\[merge-train skip\]/' when: never - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable-ee$/' .releases:rules:canonical-dot-com-security-gitlab-stable-branch-only: rules: - if: '$CI_COMMIT_MESSAGE =~ /\[merge-train skip\]/' when: never - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/security/gitlab" && $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable-ee$/' ################# # Reports rules # ################# .reports:rules:code_quality: rules: - if: '$CODE_QUALITY_DISABLED' when: never # - <<: *if-default-branch-refs # To be done in a later iteration: https://gitlab.com/gitlab-org/gitlab/issues/31160#note_278188255 - <<: *if-default-refs changes: *code-backstage-patterns allow_failure: true .reports:rules:sast: rules: - if: '$SAST_DISABLED || $GITLAB_FEATURES !~ /\bsast\b/' when: never # - <<: *if-default-branch-refs # To be done in a later iteration: https://gitlab.com/gitlab-org/gitlab/issues/31160#note_278188255 - <<: *if-default-refs changes: *code-backstage-qa-patterns allow_failure: true .reports:rules:secret_detection: rules: - if: '$SECRET_DETECTION_DISABLED' when: never - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' # The Secret-Detection template already has a `secret_detection_default_branch` job when: never # - <<: *if-default-branch-refs # To be done in a later iteration: https://gitlab.com/gitlab-org/gitlab/issues/31160#note_278188255 - changes: *code-backstage-qa-patterns allow_failure: true .reports:rules:dependency_scanning: rules: - if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/' when: never # - <<: *if-default-branch-refs # To be done in a later iteration: https://gitlab.com/gitlab-org/gitlab/issues/31160#note_278188255 - <<: *if-default-refs changes: *code-backstage-qa-patterns allow_failure: true .reports:rules:dast: rules: - if: '$DAST_DISABLED || $GITLAB_FEATURES !~ /\bdast\b/' when: never - <<: *if-dot-com-gitlab-org-merge-request changes: *frontend-patterns allow_failure: true - <<: *if-dot-com-gitlab-org-merge-request changes: *code-qa-patterns when: manual allow_failure: true .reports:rules:schedule-dast: rules: - if: '$DAST_DISABLED || $GITLAB_FEATURES !~ /\bdast\b/' when: never - <<: *if-default-branch-schedule-nightly allow_failure: true .reports:rules:package_hunter: rules: - <<: *if-default-branch-schedule-2-hourly - <<: *if-merge-request changes: ["yarn.lock"] .reports:rules:license_scanning: rules: - if: '$LICENSE_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\blicense_scanning\b/' when: never - <<: *if-default-refs changes: *code-backstage-qa-patterns allow_failure: true ################ # Review rules # ################ .review:rules:review-build-cng: rules: - <<: *if-not-ee when: never - <<: *if-dot-com-gitlab-org-merge-request changes: *ci-review-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *frontend-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *code-patterns when: manual allow_failure: true - <<: *if-dot-com-gitlab-org-merge-request changes: *qa-patterns allow_failure: true - <<: *if-dot-com-gitlab-org-schedule .review:rules:review-deploy: rules: - <<: *if-not-ee when: never - <<: *if-dot-com-gitlab-org-merge-request changes: *ci-review-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *frontend-patterns allow_failure: true - <<: *if-dot-com-gitlab-org-merge-request changes: *code-patterns allow_failure: true - <<: *if-dot-com-gitlab-org-merge-request changes: *qa-patterns allow_failure: true - <<: *if-dot-com-gitlab-org-schedule allow_failure: true .review:rules:review-performance: rules: - if: '$DAST_RUN == "true"' # Skip this job when DAST is run when: never - <<: *if-not-ee when: never - <<: *if-dot-com-gitlab-org-merge-request changes: *ci-review-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *frontend-patterns allow_failure: true - <<: *if-dot-com-gitlab-org-merge-request changes: *code-qa-patterns allow_failure: true - <<: *if-dot-com-gitlab-org-schedule allow_failure: true .review:rules:review-stop-failed-deployment: rules: - <<: *if-not-ee when: never - <<: *if-dot-com-gitlab-org-merge-request changes: *code-qa-patterns .review:rules:review-qa-smoke: rules: - <<: *if-not-ee when: never - <<: *if-dot-com-gitlab-org-merge-request changes: *ci-review-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *frontend-patterns allow_failure: true - <<: *if-dot-com-gitlab-org-merge-request changes: *code-qa-patterns allow_failure: true .review:rules:review-qa-smoke-report: rules: - <<: *if-not-ee when: never - <<: *if-dot-com-gitlab-org-merge-request changes: *ci-review-patterns when: always - <<: *if-dot-com-gitlab-org-merge-request changes: *frontend-patterns when: always - <<: *if-dot-com-gitlab-org-merge-request changes: *code-qa-patterns when: always .review:rules:review-qa-all: rules: - <<: *if-not-ee when: never - <<: *if-dot-com-gitlab-org-merge-request changes: *code-patterns when: manual allow_failure: true - <<: *if-dot-com-gitlab-org-merge-request changes: *qa-patterns allow_failure: true .review:rules:review-qa-all-report: rules: - <<: *if-not-ee when: never - <<: *if-dot-com-gitlab-org-merge-request changes: *code-patterns when: manual allow_failure: true - <<: *if-dot-com-gitlab-org-merge-request changes: *qa-patterns allow_failure: true when: always .review:rules:review-cleanup: rules: - <<: *if-not-ee when: never - <<: *if-dot-com-gitlab-org-merge-request changes: *code-qa-patterns when: manual allow_failure: true - <<: *if-dot-com-gitlab-org-schedule allow_failure: true .review:rules:review-stop: rules: - <<: *if-not-ee when: never - <<: *if-dot-com-gitlab-org-merge-request changes: *code-qa-patterns when: manual allow_failure: true - <<: *if-dot-com-gitlab-org-schedule allow_failure: true .review:rules:danger: rules: - if: '$CI_MERGE_REQUEST_IID' ############### # Setup rules # ############### .setup:rules:cache-gems: rules: - <<: *if-not-canonical-namespace when: never - <<: *if-default-branch-or-tag changes: *code-backstage-qa-patterns when: on_success .setup:rules:dont-interrupt-me: rules: - <<: *if-default-branch-or-tag allow_failure: true - <<: *if-auto-deploy-branches allow_failure: true - when: manual allow_failure: true .setup:rules:gitlab_git_test: rules: - <<: *if-default-refs changes: *code-backstage-patterns when: on_success .setup:rules:no_ee_check: rules: - <<: *if-not-foss when: never - <<: *if-default-refs changes: *code-backstage-patterns when: on_success .setup:rules:verify-tests-yml: rules: - <<: *if-not-ee when: never - <<: *if-default-refs changes: *code-backstage-patterns when: on_success ####################### # Test metadata rules # ####################### .test-metadata:rules:retrieve-tests-metadata: rules: - changes: *code-backstage-patterns when: on_success - <<: *if-merge-request-title-run-all-rspec .test-metadata:rules:update-tests-metadata: rules: - <<: *if-not-ee when: never - changes: - ".gitlab/ci/test-metadata.gitlab-ci.yml" - "scripts/rspec_helpers.sh" - <<: *if-dot-com-ee-schedule ################### # workhorse rules # ################### .workhorse:rules:workhorse: rules: - <<: *if-default-refs changes: *workhorse-patterns ################### # yaml-lint rules # ################### .yaml-lint:rules: rules: - <<: *if-default-refs changes: *yaml-lint-patterns