stages: - prepare - deploy - qa - post-qa - dast include: - local: .gitlab/ci/global.gitlab-ci.yml - local: .gitlab/ci/rules.gitlab-ci.yml - local: .gitlab/ci/review-apps/qa.gitlab-ci.yml - local: .gitlab/ci/review-apps/dast.gitlab-ci.yml .base-before_script: &base-before_script - source ./scripts/utils.sh - source ./scripts/review_apps/review-apps.sh - install_api_client_dependencies_with_apk review-build-cng-env: extends: - .default-retry - .review:rules:review-build-cng image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}-alpine3.13 stage: prepare needs: [] before_script: - source ./scripts/utils.sh - install_gitlab_gem script: - 'ruby -r./scripts/trigger-build.rb -e "puts Trigger.variables_for_env_file(Trigger::CNG.new.variables)" > build.env' - cat build.env artifacts: reports: dotenv: build.env paths: - build.env expire_in: 7 days when: always review-build-cng: extends: .review:rules:review-build-cng stage: prepare needs: ["review-build-cng-env"] inherit: variables: false variables: TOP_UPSTREAM_SOURCE_PROJECT: "${TOP_UPSTREAM_SOURCE_PROJECT}" TOP_UPSTREAM_SOURCE_REF: "${TOP_UPSTREAM_SOURCE_REF}" TOP_UPSTREAM_SOURCE_JOB: "${TOP_UPSTREAM_SOURCE_JOB}" TOP_UPSTREAM_SOURCE_SHA: "${TOP_UPSTREAM_SOURCE_SHA}" TOP_UPSTREAM_MERGE_REQUEST_PROJECT_ID: "${TOP_UPSTREAM_MERGE_REQUEST_PROJECT_ID}" TOP_UPSTREAM_MERGE_REQUEST_IID: "${TOP_UPSTREAM_MERGE_REQUEST_IID}" GITLAB_REF_SLUG: "${GITLAB_REF_SLUG}" # CNG pipeline specific variables GITLAB_VERSION: "${GITLAB_VERSION}" GITLAB_TAG: "${GITLAB_TAG}" GITLAB_ASSETS_TAG: "${GITLAB_ASSETS_TAG}" FORCE_RAILS_IMAGE_BUILDS: "${FORCE_RAILS_IMAGE_BUILDS}" CE_PIPELINE: "${CE_PIPELINE}" # Based on https://docs.gitlab.com/ee/ci/jobs/job_control.html#check-if-a-variable-exists, `if: '$CE_PIPELINE'` will evaluate to `false` when this variable is empty EE_PIPELINE: "${EE_PIPELINE}" # Based on https://docs.gitlab.com/ee/ci/jobs/job_control.html#check-if-a-variable-exists, `if: '$EE_PIPELINE'` will evaluate to `false` when this variable is empty GITLAB_SHELL_VERSION: "${GITLAB_SHELL_VERSION}" GITLAB_ELASTICSEARCH_INDEXER_VERSION: "${GITLAB_ELASTICSEARCH_INDEXER_VERSION}" GITLAB_KAS_VERSION: "${GITLAB_KAS_VERSION}" GITLAB_WORKHORSE_VERSION: "${GITLAB_WORKHORSE_VERSION}" GITLAB_PAGES_VERSION: "${GITLAB_PAGES_VERSION}" GITALY_SERVER_VERSION: "${GITALY_SERVER_VERSION}" trigger: project: gitlab-org/build/CNG-mirror branch: $TRIGGER_BRANCH strategy: depend .review-workflow-base: extends: - .default-retry image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:gitlab-helm3.5-kubectl1.17 resource_group: "review/${CI_COMMIT_REF_NAME}" variables: HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}" DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}" GITLAB_HELM_CHART_REF: "a6a609a19166f00b1a7774374041cd38a9f7e20d" environment: name: review/${CI_COMMIT_REF_SLUG}${FREQUENCY} url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN} on_stop: review-stop auto_stop_in: 48 hours review-deploy: extends: - .review-workflow-base - .review:rules:review-deploy stage: deploy needs: ["review-build-cng"] before_script: - export GITLAB_SHELL_VERSION=$( environment_url.txt - *base-before_script script: - check_kube_domain - download_chart - date - deploy || (display_deployment_debug && exit 1) - verify_deploy || exit 1 - disable_sign_ups || (delete_release && exit 1) - create_sample_projects after_script: # Run seed-dast-test-data.sh only when DAST_RUN is set to true. This is to pupulate review app with data for DAST scan. # Set DAST_RUN to true when jobs are manually scheduled. - if [ "$DAST_RUN" == "true" ]; then source scripts/review_apps/seed-dast-test-data.sh; TRACE=1 trigger_proj_user_creation; fi artifacts: paths: - environment_url.txt expire_in: 7 days when: always .review-stop-base: extends: .review-workflow-base environment: action: stop dependencies: [] variables: # We're cloning the repo instead of downloading the script for now # because some repos are private and CI_JOB_TOKEN cannot access files. # See https://gitlab.com/gitlab-org/gitlab/issues/191273 GIT_DEPTH: 1 before_script: - *base-before_script review-delete-deployment: extends: - .review-stop-base - .review:rules:review-delete-deployment stage: prepare script: - delete_release review-stop: extends: - .review-stop-base - .review:rules:review-stop stage: deploy needs: [] script: - delete_namespace