gitlab-org--gitlab-foss/.gitlab/ci/review-apps/main.gitlab-ci.yml

stages:
  - prepare
  - deploy
  - qa
  - post-qa
  - dast

include:
  - local: .gitlab/ci/global.gitlab-ci.yml
  - local: .gitlab/ci/rules.gitlab-ci.yml
  - local: .gitlab/ci/review-apps/qa.gitlab-ci.yml
  - local: .gitlab/ci/review-apps/dast.gitlab-ci.yml

.base-before_script: &base-before_script
  - source ./scripts/utils.sh
  - source ./scripts/review_apps/review-apps.sh
  - install_api_client_dependencies_with_apk

review-build-cng-env:
  extends:
    - .default-retry
    - .review:rules:review-build-cng
  image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7-alpine3.13
  stage: prepare
  needs: []
  before_script:
    - source ./scripts/utils.sh
    - install_gitlab_gem
  script:
    - 'ruby -r./scripts/trigger-build.rb -e "puts Trigger.variables_for_env_file(Trigger::CNG.new.variables)" > build.env'
    - cat build.env
  artifacts:
    reports:
      dotenv: build.env
    paths:
      - build.env
    expire_in: 7 days
    when: always

review-build-cng:
  extends: .review:rules:review-build-cng
  stage: prepare
  needs: ["review-build-cng-env"]
  inherit:
    variables: false
  variables:
    TOP_UPSTREAM_SOURCE_PROJECT: "${TOP_UPSTREAM_SOURCE_PROJECT}"
    TOP_UPSTREAM_SOURCE_REF: "${TOP_UPSTREAM_SOURCE_REF}"
    TOP_UPSTREAM_SOURCE_JOB: "${TOP_UPSTREAM_SOURCE_JOB}"
    TOP_UPSTREAM_SOURCE_SHA: "${TOP_UPSTREAM_SOURCE_SHA}"
    TOP_UPSTREAM_MERGE_REQUEST_PROJECT_ID: "${TOP_UPSTREAM_MERGE_REQUEST_PROJECT_ID}"
    TOP_UPSTREAM_MERGE_REQUEST_IID: "${TOP_UPSTREAM_MERGE_REQUEST_IID}"
    GITLAB_REF_SLUG: "${GITLAB_REF_SLUG}"
    # CNG pipeline specific variables
    GITLAB_VERSION: "${GITLAB_VERSION}"
    GITLAB_TAG: "${GITLAB_TAG}"
    GITLAB_ASSETS_TAG: "${GITLAB_ASSETS_TAG}"
    FORCE_RAILS_IMAGE_BUILDS: "${FORCE_RAILS_IMAGE_BUILDS}"
    CE_PIPELINE: "${CE_PIPELINE}"  # Based on https://docs.gitlab.com/ee/ci/jobs/job_control.html#check-if-a-variable-exists, `if: '$CE_PIPELINE'` will evaluate to `false` when this variable is empty
    EE_PIPELINE: "${EE_PIPELINE}"  # Based on https://docs.gitlab.com/ee/ci/jobs/job_control.html#check-if-a-variable-exists, `if: '$EE_PIPELINE'` will evaluate to `false` when this variable is empty
    GITLAB_SHELL_VERSION: "${GITLAB_SHELL_VERSION}"
    GITLAB_ELASTICSEARCH_INDEXER_VERSION: "${GITLAB_ELASTICSEARCH_INDEXER_VERSION}"
    GITLAB_KAS_VERSION: "${GITLAB_KAS_VERSION}"
    GITLAB_WORKHORSE_VERSION: "${GITLAB_WORKHORSE_VERSION}"
    GITLAB_PAGES_VERSION: "${GITLAB_PAGES_VERSION}"
    GITALY_SERVER_VERSION: "${GITALY_SERVER_VERSION}"
  trigger:
    project: gitlab-org/build/CNG-mirror
    branch: $TRIGGER_BRANCH
    strategy: depend

.review-workflow-base:
  extends:
    - .default-retry
  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:gitlab-helm3.5-kubectl1.17
  resource_group: "review/${CI_COMMIT_REF_NAME}"
  variables:
    HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}"
    DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}"
    GITLAB_HELM_CHART_REF: "v5.10.0"
  environment:
    name: review/${CI_COMMIT_REF_SLUG}${FREQUENCY}
    url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}
    on_stop: review-stop
    auto_stop_in: 48 hours

review-deploy:
  extends:
    - .review-workflow-base
    - .review:rules:review-deploy
  stage: deploy
  needs: ["review-build-cng"]
  before_script:
    - export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION)
    - export GITALY_VERSION=$(<GITALY_SERVER_VERSION)
    - export GITLAB_WORKHORSE_VERSION=$(<GITLAB_WORKHORSE_VERSION)
    - echo "${CI_ENVIRONMENT_URL}" > environment_url.txt
    - *base-before_script
  script:
    - check_kube_domain
    - download_chart
    - date
    - deploy || (display_deployment_debug && exit 1)
    - verify_deploy || exit 1
    - disable_sign_ups || (delete_release && exit 1)
    - create_sample_projects
  after_script:
    # Run seed-dast-test-data.sh only when DAST_RUN is set to true. This is to pupulate review app with data for DAST scan.
    # Set DAST_RUN to true when jobs are manually scheduled.
    - if [ "$DAST_RUN" == "true" ]; then source scripts/review_apps/seed-dast-test-data.sh; TRACE=1 trigger_proj_user_creation; fi
  artifacts:
    paths:
      - environment_url.txt
    expire_in: 7 days
    when: always

.review-stop-base:
  extends: .review-workflow-base
  environment:
    action: stop
  dependencies: []
  variables:
    # We're cloning the repo instead of downloading the script for now
    # because some repos are private and CI_JOB_TOKEN cannot access files.
    # See https://gitlab.com/gitlab-org/gitlab/issues/191273
    GIT_DEPTH: 1
  before_script:
    - *base-before_script

review-delete-deployment:
  extends:
    - .review-stop-base
    - .review:rules:review-delete-deployment
  stage: prepare
  script:
    - delete_release

review-stop:
  extends:
    - .review-stop-base
    - .review:rules:review-stop
  stage: deploy
  needs: []
  script:
    - delete_namespace
Add latest changes from gitlab-org/gitlab@master 2021-10-14 11:14:02 -04:00			`stages:`
			`- prepare`
			`- deploy`
			`- qa`
			`- post-qa`
			`- dast`

			`include:`
			`- local: .gitlab/ci/global.gitlab-ci.yml`
			`- local: .gitlab/ci/rules.gitlab-ci.yml`
			`- local: .gitlab/ci/review-apps/qa.gitlab-ci.yml`
			`- local: .gitlab/ci/review-apps/dast.gitlab-ci.yml`

			`.base-before_script: &base-before_script`
			`- source ./scripts/utils.sh`
			`- source ./scripts/review_apps/review-apps.sh`
			`- install_api_client_dependencies_with_apk`

Add latest changes from gitlab-org/gitlab@master 2022-02-15 07:14:49 -05:00			`review-build-cng-env:`
Add latest changes from gitlab-org/gitlab@master 2021-10-14 11:14:02 -04:00			`extends:`
			`- .default-retry`
			`- .review:rules:review-build-cng`
			`image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7-alpine3.13`
			`stage: prepare`
Add latest changes from gitlab-org/gitlab@master 2022-02-15 07:14:49 -05:00			`needs: []`
Add latest changes from gitlab-org/gitlab@master 2021-10-14 11:14:02 -04:00			`before_script:`
			`- source ./scripts/utils.sh`
			`- install_gitlab_gem`
			`script:`
Add latest changes from gitlab-org/gitlab@master 2022-02-15 07:14:49 -05:00			`- 'ruby -r./scripts/trigger-build.rb -e "puts Trigger.variables_for_env_file(Trigger::CNG.new.variables)" > build.env'`
			`- cat build.env`
			`artifacts:`
			`reports:`
			`dotenv: build.env`
			`paths:`
			`- build.env`
			`expire_in: 7 days`
			`when: always`

			`review-build-cng:`
			`extends: .review:rules:review-build-cng`
			`stage: prepare`
			`needs: ["review-build-cng-env"]`
			`inherit:`
			`variables: false`
			`variables:`
			`TOP_UPSTREAM_SOURCE_PROJECT: "${TOP_UPSTREAM_SOURCE_PROJECT}"`
			`TOP_UPSTREAM_SOURCE_REF: "${TOP_UPSTREAM_SOURCE_REF}"`
			`TOP_UPSTREAM_SOURCE_JOB: "${TOP_UPSTREAM_SOURCE_JOB}"`
			`TOP_UPSTREAM_SOURCE_SHA: "${TOP_UPSTREAM_SOURCE_SHA}"`
			`TOP_UPSTREAM_MERGE_REQUEST_PROJECT_ID: "${TOP_UPSTREAM_MERGE_REQUEST_PROJECT_ID}"`
			`TOP_UPSTREAM_MERGE_REQUEST_IID: "${TOP_UPSTREAM_MERGE_REQUEST_IID}"`
			`GITLAB_REF_SLUG: "${GITLAB_REF_SLUG}"`
			`# CNG pipeline specific variables`
			`GITLAB_VERSION: "${GITLAB_VERSION}"`
			`GITLAB_TAG: "${GITLAB_TAG}"`
			`GITLAB_ASSETS_TAG: "${GITLAB_ASSETS_TAG}"`
			`FORCE_RAILS_IMAGE_BUILDS: "${FORCE_RAILS_IMAGE_BUILDS}"`
			CE_PIPELINE: "${CE_PIPELINE}" # Based on https://docs.gitlab.com/ee/ci/jobs/job_control.html#check-if-a-variable-exists, `if: '$CE_PIPELINE'` will evaluate to `false` when this variable is empty
			EE_PIPELINE: "${EE_PIPELINE}" # Based on https://docs.gitlab.com/ee/ci/jobs/job_control.html#check-if-a-variable-exists, `if: '$EE_PIPELINE'` will evaluate to `false` when this variable is empty
			`GITLAB_SHELL_VERSION: "${GITLAB_SHELL_VERSION}"`
			`GITLAB_ELASTICSEARCH_INDEXER_VERSION: "${GITLAB_ELASTICSEARCH_INDEXER_VERSION}"`
			`GITLAB_KAS_VERSION: "${GITLAB_KAS_VERSION}"`
			`GITLAB_WORKHORSE_VERSION: "${GITLAB_WORKHORSE_VERSION}"`
			`GITLAB_PAGES_VERSION: "${GITLAB_PAGES_VERSION}"`
			`GITALY_SERVER_VERSION: "${GITALY_SERVER_VERSION}"`
			`trigger:`
			`project: gitlab-org/build/CNG-mirror`
			`branch: $TRIGGER_BRANCH`
			`strategy: depend`
Add latest changes from gitlab-org/gitlab@master 2021-10-14 11:14:02 -04:00
			`.review-workflow-base:`
			`extends:`
			`- .default-retry`
Add latest changes from gitlab-org/gitlab@master 2021-12-14 13:11:35 -05:00			`image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:gitlab-helm3.5-kubectl1.17`
Add latest changes from gitlab-org/gitlab@master 2021-11-03 08:10:26 -04:00			`resource_group: "review/${CI_COMMIT_REF_NAME}"`
Add latest changes from gitlab-org/gitlab@master 2021-10-14 11:14:02 -04:00			`variables:`
			`HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}"`
			`DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}"`
Add latest changes from gitlab-org/gitlab@master 2022-04-26 20:08:37 -04:00			`GITLAB_HELM_CHART_REF: "v5.10.0"`
Add latest changes from gitlab-org/gitlab@master 2021-10-14 11:14:02 -04:00			`environment:`
			`name: review/${CI_COMMIT_REF_SLUG}${FREQUENCY}`
			`url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}`
			`on_stop: review-stop`
			`auto_stop_in: 48 hours`

			`review-deploy:`
			`extends:`
			`- .review-workflow-base`
			`- .review:rules:review-deploy`
			`stage: deploy`
			`needs: ["review-build-cng"]`
			`before_script:`
			`- export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION)`
			`- export GITALY_VERSION=$(<GITALY_SERVER_VERSION)`
			`- export GITLAB_WORKHORSE_VERSION=$(<GITLAB_WORKHORSE_VERSION)`
			`- echo "${CI_ENVIRONMENT_URL}" > environment_url.txt`
			`- *base-before_script`
			`script:`
			`- check_kube_domain`
			`- download_chart`
			`- date`
			`- deploy \|\| (display_deployment_debug && exit 1)`
			`- verify_deploy \|\| exit 1`
			`- disable_sign_ups \|\| (delete_release && exit 1)`
Add latest changes from gitlab-org/gitlab@master 2021-11-24 10:14:19 -05:00			`- create_sample_projects`
Add latest changes from gitlab-org/gitlab@master 2021-10-14 11:14:02 -04:00			`after_script:`
			`# Run seed-dast-test-data.sh only when DAST_RUN is set to true. This is to pupulate review app with data for DAST scan.`
			`# Set DAST_RUN to true when jobs are manually scheduled.`
			`- if [ "$DAST_RUN" == "true" ]; then source scripts/review_apps/seed-dast-test-data.sh; TRACE=1 trigger_proj_user_creation; fi`
			`artifacts:`
			`paths:`
			`- environment_url.txt`
			`expire_in: 7 days`
			`when: always`

			`.review-stop-base:`
			`extends: .review-workflow-base`
			`environment:`
			`action: stop`
			`dependencies: []`
			`variables:`
			`# We're cloning the repo instead of downloading the script for now`
			`# because some repos are private and CI_JOB_TOKEN cannot access files.`
			`# See https://gitlab.com/gitlab-org/gitlab/issues/191273`
			`GIT_DEPTH: 1`
			`before_script:`
			`- *base-before_script`

			`review-delete-deployment:`
			`extends:`
			`- .review-stop-base`
			`- .review:rules:review-delete-deployment`
			`stage: prepare`
			`script:`
			`- delete_release`

			`review-stop:`
			`extends:`
			`- .review-stop-base`
			`- .review:rules:review-stop`
Add latest changes from gitlab-org/gitlab@master 2021-10-29 02:09:33 -04:00			`stage: deploy`
			`needs: []`
Add latest changes from gitlab-org/gitlab@master 2021-10-14 11:14:02 -04:00			`script:`
Add latest changes from gitlab-org/gitlab@master 2021-12-15 10:15:54 -05:00			`- delete_namespace`