264 lines
7.7 KiB
YAML
264 lines
7.7 KiB
YAML
review-cleanup:
|
|
extends:
|
|
- .default-retry
|
|
- .review:rules:review-cleanup
|
|
image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-helm3-kubectl1.14
|
|
stage: prepare
|
|
environment:
|
|
name: review/auto-cleanup
|
|
action: stop
|
|
before_script:
|
|
- source scripts/utils.sh
|
|
- source scripts/review_apps/gcp_cleanup.sh
|
|
- install_gitlab_gem
|
|
- setup_gcp_dependencies
|
|
script:
|
|
- ruby -rrubygems scripts/review_apps/automated_cleanup.rb
|
|
- gcp_cleanup
|
|
|
|
.base-before_script: &base-before_script
|
|
- source ./scripts/utils.sh
|
|
- source ./scripts/review_apps/review-apps.sh
|
|
- install_api_client_dependencies_with_apk
|
|
|
|
review-build-cng:
|
|
extends:
|
|
- .default-retry
|
|
- .review:rules:review-build-cng
|
|
image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7-alpine3.13
|
|
stage: review-prepare
|
|
needs:
|
|
- job: compile-production-assets
|
|
artifacts: false
|
|
variables:
|
|
CNG_PROJECT_ACCESS_TOKEN: "${CNG_MIRROR_PROJECT_ACCESS_TOKEN}" # "Multi-pipeline (from 'gitlab-org/gitlab' 'review-build-cng' job)" at https://gitlab.com/gitlab-org/build/CNG-mirror/-/settings/access_tokens
|
|
CNG_PROJECT_PATH: "gitlab-org/build/CNG-mirror"
|
|
before_script:
|
|
- source ./scripts/utils.sh
|
|
- install_gitlab_gem
|
|
script:
|
|
- ./scripts/trigger-build cng
|
|
|
|
.review-workflow-base:
|
|
extends:
|
|
- .default-retry
|
|
image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-helm3.5-kubectl1.17
|
|
variables:
|
|
HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}"
|
|
DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}"
|
|
GITLAB_HELM_CHART_REF: "v5.2.1"
|
|
environment:
|
|
name: review/${CI_COMMIT_REF_SLUG}${FREQUENCY}
|
|
url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}
|
|
on_stop: review-stop
|
|
auto_stop_in: 48 hours
|
|
|
|
review-deploy:
|
|
extends:
|
|
- .review-workflow-base
|
|
- .review:rules:review-deploy
|
|
stage: review
|
|
needs: ["review-build-cng"]
|
|
resource_group: "review/${CI_COMMIT_REF_NAME}"
|
|
before_script:
|
|
- export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION)
|
|
- export GITALY_VERSION=$(<GITALY_SERVER_VERSION)
|
|
- export GITLAB_WORKHORSE_VERSION=$(<GITLAB_WORKHORSE_VERSION)
|
|
- echo "${CI_ENVIRONMENT_URL}" > environment_url.txt
|
|
- *base-before_script
|
|
script:
|
|
- check_kube_domain
|
|
- download_chart
|
|
- date
|
|
- deploy || (display_deployment_debug && exit 1)
|
|
- verify_deploy || exit 1
|
|
- disable_sign_ups || (delete_release && exit 1)
|
|
after_script:
|
|
# Run seed-dast-test-data.sh only when DAST_RUN is set to true. This is to pupulate review app with data for DAST scan.
|
|
# Set DAST_RUN to true when jobs are manually scheduled.
|
|
- if [ "$DAST_RUN" == "true" ]; then source scripts/review_apps/seed-dast-test-data.sh; TRACE=1 trigger_proj_user_creation; fi
|
|
artifacts:
|
|
paths:
|
|
- environment_url.txt
|
|
- curl_output.txt
|
|
expire_in: 7 days
|
|
when: always
|
|
|
|
.review-stop-base:
|
|
extends: .review-workflow-base
|
|
environment:
|
|
action: stop
|
|
dependencies: []
|
|
variables:
|
|
# We're cloning the repo instead of downloading the script for now
|
|
# because some repos are private and CI_JOB_TOKEN cannot access files.
|
|
# See https://gitlab.com/gitlab-org/gitlab/issues/191273
|
|
GIT_DEPTH: 1
|
|
before_script:
|
|
- *base-before_script
|
|
|
|
review-delete-deployment:
|
|
extends:
|
|
- .review-stop-base
|
|
- .review:rules:review-delete-deployment
|
|
stage: prepare
|
|
script:
|
|
- delete_release
|
|
|
|
review-stop:
|
|
extends:
|
|
- .review-stop-base
|
|
- .review:rules:review-stop
|
|
stage: post-qa
|
|
script:
|
|
- delete_k8s_release_namespace
|
|
|
|
.review-qa-base:
|
|
extends:
|
|
- .use-docker-in-docker
|
|
image:
|
|
name: ${QA_IMAGE}
|
|
entrypoint: [""]
|
|
stage: qa
|
|
needs: ["build-qa-image", "review-deploy"]
|
|
variables:
|
|
QA_DEBUG: "true"
|
|
QA_CAN_TEST_GIT_PROTOCOL_V2: "false"
|
|
QA_GENERATE_ALLURE_REPORT: "true"
|
|
GITLAB_USERNAME: "root"
|
|
GITLAB_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}"
|
|
GITLAB_ADMIN_USERNAME: "root"
|
|
GITLAB_ADMIN_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}"
|
|
GITHUB_ACCESS_TOKEN: "${REVIEW_APPS_QA_GITHUB_ACCESS_TOKEN}"
|
|
EE_LICENSE: "${REVIEW_APPS_EE_LICENSE}"
|
|
SIGNUP_DISABLED: "true"
|
|
before_script:
|
|
# Use $CI_MERGE_REQUEST_SOURCE_BRANCH_SHA so that GitLab image built in omnibus-gitlab-mirror and QA image are in sync.
|
|
- if [ -n "$CI_MERGE_REQUEST_SOURCE_BRANCH_SHA" ]; then
|
|
git checkout -f ${CI_MERGE_REQUEST_SOURCE_BRANCH_SHA};
|
|
fi
|
|
- export CI_ENVIRONMENT_URL="$(cat environment_url.txt)"
|
|
- echo "${CI_ENVIRONMENT_URL}"
|
|
- cd qa
|
|
artifacts:
|
|
paths:
|
|
- qa/tmp
|
|
expire_in: 7 days
|
|
when: always
|
|
|
|
.allure-report-base:
|
|
image:
|
|
name: ${GITLAB_DEPENDENCY_PROXY}andrcuns/allure-report-publisher:0.3.4
|
|
entrypoint: [""]
|
|
stage: post-qa
|
|
variables:
|
|
GIT_STRATEGY: none
|
|
STORAGE_CREDENTIALS: $QA_ALLURE_REPORT_GCS_CREDENTIALS
|
|
GITLAB_AUTH_TOKEN: $GITLAB_QA_MR_ALLURE_REPORT_TOKEN
|
|
allow_failure: true
|
|
script:
|
|
- |
|
|
allure-report-publisher upload gcs \
|
|
--results-glob="qa/tmp/allure-results/*" \
|
|
--bucket="gitlab-qa-allure-reports" \
|
|
--prefix="$ALLURE_REPORT_PATH_PREFIX/$CI_COMMIT_REF_SLUG" \
|
|
--update-pr="comment" \
|
|
--copy-latest \
|
|
--ignore-missing-results \
|
|
--color
|
|
|
|
review-qa-smoke:
|
|
extends:
|
|
- .review-qa-base
|
|
- .review:rules:review-qa-smoke
|
|
retry: 1 # This is confusing but this means "2 runs at max".
|
|
script:
|
|
- bin/test Test::Instance::Smoke "${CI_ENVIRONMENT_URL}"
|
|
|
|
review-qa-all:
|
|
extends:
|
|
- .review-qa-base
|
|
- .review:rules:review-qa-all
|
|
parallel: 5
|
|
script:
|
|
- export KNAPSACK_REPORT_PATH=knapsack/master_report.json
|
|
- export KNAPSACK_TEST_FILE_PATTERN=qa/specs/features/**/*_spec.rb
|
|
- |
|
|
bin/test Test::Instance::All "${CI_ENVIRONMENT_URL}" \
|
|
-- \
|
|
--color --format documentation \
|
|
--format RspecJunitFormatter --out tmp/rspec.xml
|
|
artifacts:
|
|
reports:
|
|
junit: qa/tmp/rspec.xml
|
|
|
|
review-performance:
|
|
extends:
|
|
- .default-retry
|
|
- .review:rules:review-performance
|
|
image:
|
|
name: sitespeedio/sitespeed.io
|
|
entrypoint: [""]
|
|
stage: qa
|
|
needs: ["review-deploy"]
|
|
before_script:
|
|
- export CI_ENVIRONMENT_URL="$(cat environment_url.txt)"
|
|
- echo "${CI_ENVIRONMENT_URL}"
|
|
- mkdir -p gitlab-exporter
|
|
- wget -O ./gitlab-exporter/index.js https://gitlab.com/gitlab-org/gl-performance/raw/master/index.js
|
|
- mkdir -p sitespeed-results
|
|
script:
|
|
- /start.sh --plugins.add ./gitlab-exporter --outputFolder sitespeed-results "${CI_ENVIRONMENT_URL}"
|
|
after_script:
|
|
- mv sitespeed-results/data/performance.json performance.json
|
|
artifacts:
|
|
paths:
|
|
- sitespeed-results/
|
|
reports:
|
|
performance: performance.json
|
|
expire_in: 31d
|
|
|
|
allure-report-qa-smoke:
|
|
extends:
|
|
- .allure-report-base
|
|
- .review:rules:review-qa-smoke-report
|
|
needs: ["review-qa-smoke"]
|
|
variables:
|
|
ALLURE_REPORT_PATH_PREFIX: gitlab-review-smoke
|
|
ALLURE_JOB_NAME: review-qa-smoke
|
|
|
|
allure-report-qa-all:
|
|
extends:
|
|
- .allure-report-base
|
|
- .review:rules:review-qa-all-report
|
|
needs: ["review-qa-all"]
|
|
variables:
|
|
ALLURE_REPORT_PATH_PREFIX: gitlab-review-all
|
|
ALLURE_JOB_NAME: review-qa-all
|
|
|
|
danger-review:
|
|
extends:
|
|
- .default-retry
|
|
- .danger-review-cache
|
|
- .review:rules:danger
|
|
stage: test
|
|
needs: []
|
|
before_script:
|
|
- source scripts/utils.sh
|
|
- bundle_install_script "--with danger"
|
|
- run_timed_command "retry yarn install --frozen-lockfile"
|
|
script:
|
|
- >
|
|
if [ -z "$DANGER_GITLAB_API_TOKEN" ]; then
|
|
run_timed_command danger_as_local
|
|
else
|
|
run_timed_command "bundle exec danger --fail-on-errors=true --verbose"
|
|
fi
|
|
|
|
danger-review-local:
|
|
extends:
|
|
- danger-review
|
|
- .review:rules:danger-local
|
|
script:
|
|
- run_timed_command danger_as_local
|