191 lines
6.7 KiB
YAML
191 lines
6.7 KiB
YAML
default:
|
|
interruptible: true
|
|
|
|
stages:
|
|
- prepare
|
|
- deploy
|
|
- post-deploy
|
|
- qa
|
|
- post-qa
|
|
- dast
|
|
|
|
include:
|
|
- local: .gitlab/ci/cng/main.gitlab-ci.yml
|
|
- local: .gitlab/ci/global.gitlab-ci.yml
|
|
- local: .gitlab/ci/review-apps/rules.gitlab-ci.yml
|
|
- local: .gitlab/ci/review-apps/qa.gitlab-ci.yml
|
|
- local: .gitlab/ci/review-apps/dast.gitlab-ci.yml
|
|
- local: .gitlab/ci/review-apps/dast-api.gitlab-ci.yml
|
|
|
|
.base-before_script: &base-before_script
|
|
- source ./scripts/utils.sh
|
|
- source ./scripts/review_apps/review-apps.sh
|
|
|
|
dont-interrupt-me:
|
|
extends: .rules:dont-interrupt
|
|
stage: prepare
|
|
interruptible: false
|
|
script:
|
|
- echo "This jobs makes sure this pipeline won't be interrupted! See https://docs.gitlab.com/ee/ci/yaml/#interruptible."
|
|
|
|
review-build-cng-env:
|
|
extends:
|
|
- .review-build-cng-env
|
|
- .default-retry
|
|
- .review:rules:review-build-cng
|
|
- .fast-no-clone-job
|
|
variables:
|
|
# We use > instead of | because we want the files to be space-separated.
|
|
FILES_TO_DOWNLOAD: >
|
|
GITALY_SERVER_VERSION
|
|
GITLAB_ELASTICSEARCH_INDEXER_VERSION
|
|
GITLAB_KAS_VERSION
|
|
GITLAB_METRICS_EXPORTER_VERSION
|
|
GITLAB_PAGES_VERSION
|
|
GITLAB_SHELL_VERSION
|
|
scripts/trigger-build.rb
|
|
VERSION
|
|
before_script:
|
|
- apk add --no-cache --update curl # Not present in ruby-alpine, so we add it manually
|
|
- !reference [".fast-no-clone-job", before_script]
|
|
- !reference [".review-build-cng-env", before_script]
|
|
- mv VERSION GITLAB_WORKHORSE_VERSION # GITLAB_WORKHORSE_VERSION is a symlink to VERSION
|
|
|
|
review-build-cng:
|
|
extends:
|
|
- .review-build-cng
|
|
- .review:rules:review-build-cng
|
|
needs: ["review-build-cng-env"]
|
|
|
|
.review-workflow-base:
|
|
image: ${REVIEW_APPS_IMAGE}
|
|
retry:
|
|
max: 1 # This is confusing but this means "2 runs at max"
|
|
variables:
|
|
HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}"
|
|
DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}"
|
|
GITLAB_HELM_CHART_PROJECT_URL: "https://gitlab.com/gitlab-org/charts/gitlab"
|
|
GITLAB_HELM_REPO_URL: "https://charts.gitlab.io"
|
|
GITLAB_REPO_URL: ${CI_PROJECT_URL}
|
|
GITLAB_IMAGE_REPOSITORY: "registry.gitlab.com/gitlab-org/build/cng-mirror"
|
|
GITLAB_IMAGE_SUFFIX: "ee"
|
|
GITLAB_REVIEW_APP_BASE_CONFIG_FILE: "scripts/review_apps/base-config.yaml"
|
|
GITLAB_HELM_CHART_REF: "75b1486a9aec212d0f49ef1251526d8e51004bbc" # 7.0.1: https://gitlab.com/gitlab-org/charts/gitlab/-/commit/75b1486a9aec212d0f49ef1251526d8e51004bbc
|
|
environment:
|
|
name: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # No separator for SCHEDULE_TYPE so it's compatible as before and looks nice without it
|
|
url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}
|
|
on_stop: trigger-review-stop
|
|
|
|
review-deploy:
|
|
extends:
|
|
- .review-workflow-base
|
|
- .review:rules:review-deploy
|
|
- .fast-no-clone-job
|
|
stage: deploy
|
|
image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}dtzar/helm-kubectl:3.9.3
|
|
needs:
|
|
- review-build-cng
|
|
- review-delete-deployment # We always want to start from a clean slate (i.e. no helm release, no k8s namespace)
|
|
cache:
|
|
key: "review-deploy-dependencies-charts-${GITLAB_HELM_CHART_REF}-v1"
|
|
paths:
|
|
- "gitlab-${GITLAB_HELM_CHART_REF}"
|
|
environment:
|
|
action: start
|
|
variables:
|
|
# We use > instead of | because we want the files to be space-separated.
|
|
FILES_TO_DOWNLOAD: >
|
|
GITALY_SERVER_VERSION
|
|
GITLAB_SHELL_VERSION
|
|
scripts/review_apps/review-apps.sh
|
|
scripts/review_apps/seed-dast-test-data.sh
|
|
VERSION
|
|
before_script:
|
|
- apk add --no-cache --update curl # Not present in ruby-alpine, so we add it manually
|
|
- !reference [".fast-no-clone-job", before_script]
|
|
- mv VERSION GITLAB_WORKHORSE_VERSION # GITLAB_WORKHORSE_VERSION is a symlink to VERSION
|
|
- export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION)
|
|
- export GITALY_VERSION=$(<GITALY_SERVER_VERSION)
|
|
- export GITLAB_WORKHORSE_VERSION=$(<GITLAB_WORKHORSE_VERSION)
|
|
- echo "${CI_ENVIRONMENT_URL}" > environment_url.txt
|
|
- echo "QA_GITLAB_URL=${CI_ENVIRONMENT_URL}" > environment.env
|
|
- *base-before_script
|
|
- !reference [".use-kube-context", before_script]
|
|
script:
|
|
- run_timed_command "retry delete_helm_release"
|
|
- run_timed_command "check_kube_domain"
|
|
- run_timed_command "download_chart"
|
|
- run_timed_command "deploy" || (display_deployment_debug && exit 1)
|
|
- run_timed_command "verify_deploy" || (display_deployment_debug && exit 1)
|
|
- run_timed_command "disable_sign_ups" || (display_deployment_debug && exit 1)
|
|
- run_timed_command "verify_commit_sha" || (display_deployment_debug && exit 1)
|
|
after_script:
|
|
# Run seed-dast-test-data.sh only when DAST_RUN is set to true. This is to pupulate review app with data for DAST scan.
|
|
# Set DAST_RUN to true when jobs are manually scheduled.
|
|
- if [ "$DAST_RUN" == "true" ]; then source scripts/review_apps/seed-dast-test-data.sh; TRACE=1 trigger_proj_user_creation; fi
|
|
artifacts:
|
|
paths:
|
|
- environment_url.txt
|
|
- curl-logs/
|
|
reports:
|
|
dotenv: environment.env
|
|
expire_in: 7 days
|
|
when: always
|
|
|
|
review-deploy-sample-projects:
|
|
extends:
|
|
- .review-workflow-base
|
|
- .review:rules:review-deploy
|
|
stage: deploy
|
|
needs: ["review-deploy"]
|
|
environment:
|
|
action: prepare
|
|
before_script:
|
|
- export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION)
|
|
- export GITALY_VERSION=$(<GITALY_SERVER_VERSION)
|
|
- export GITLAB_WORKHORSE_VERSION=$(<GITLAB_WORKHORSE_VERSION)
|
|
- echo "${CI_ENVIRONMENT_URL}" > environment_url.txt
|
|
- *base-before_script
|
|
- !reference [".use-kube-context", before_script]
|
|
script:
|
|
- date
|
|
- create_sample_projects
|
|
|
|
.review-stop-base:
|
|
extends: .review-workflow-base
|
|
timeout: 15min
|
|
environment:
|
|
action: stop
|
|
variables:
|
|
# We're cloning the repo instead of downloading the script for now
|
|
# because some repos are private and CI_JOB_TOKEN cannot access files.
|
|
# See https://gitlab.com/gitlab-org/gitlab/issues/191273
|
|
GIT_DEPTH: 1
|
|
|
|
review-delete-deployment:
|
|
extends:
|
|
- .review-stop-base
|
|
- .review:rules:review-delete-deployment
|
|
dependencies: []
|
|
stage: prepare
|
|
before_script:
|
|
- source ./scripts/utils.sh
|
|
- source ./scripts/review_apps/review-apps.sh
|
|
- !reference [".use-kube-context", before_script]
|
|
script:
|
|
- retry delete_helm_release
|
|
|
|
trigger-review-stop:
|
|
extends:
|
|
- .review-stop-base
|
|
- .review:rules:trigger-review-stop
|
|
stage: deploy
|
|
needs: []
|
|
before_script:
|
|
- source ./scripts/utils.sh
|
|
- install_gitlab_gem
|
|
script:
|
|
- review_stop_job_id="$(scripts/api/get_job_id.rb --pipeline-id "${PARENT_PIPELINE_ID}" --job-name "review-stop")"
|
|
- |
|
|
curl --request POST --header "Private-Token: ${PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/jobs/${review_stop_job_id}/play"
|