review-cleanup: extends: - .default-retry - .review:rules:review-cleanup image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-helm3-kubectl1.14 stage: prepare environment: name: review/auto-cleanup action: stop before_script: - source scripts/utils.sh - source scripts/review_apps/gcp_cleanup.sh - install_gitlab_gem - setup_gcp_dependencies script: - ruby -rrubygems scripts/review_apps/automated_cleanup.rb - gcp_cleanup .base-before_script: &base-before_script - source ./scripts/utils.sh - source ./scripts/review_apps/review-apps.sh - install_api_client_dependencies_with_apk review-build-cng: extends: - .default-retry - .review:rules:review-build-cng image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7-alpine3.13 stage: review-prepare needs: - job: compile-production-assets artifacts: false variables: CNG_PROJECT_ACCESS_TOKEN: "${CNG_MIRROR_PROJECT_ACCESS_TOKEN}" # "Multi-pipeline (from 'gitlab-org/gitlab' 'review-build-cng' job)" at https://gitlab.com/gitlab-org/build/CNG-mirror/-/settings/access_tokens CNG_PROJECT_PATH: "gitlab-org/build/CNG-mirror" before_script: - source ./scripts/utils.sh - install_gitlab_gem script: - ./scripts/trigger-build cng .review-workflow-base: extends: - .default-retry image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-helm3.5-kubectl1.17 variables: HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}" DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}" GITLAB_HELM_CHART_REF: "v5.1.0" environment: name: review/${CI_COMMIT_REF_SLUG}${FREQUENCY} url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN} on_stop: review-stop auto_stop_in: 48 hours review-deploy: extends: - .review-workflow-base - .review:rules:review-deploy stage: review needs: ["review-build-cng"] resource_group: "review/${CI_COMMIT_REF_NAME}" before_script: - export GITLAB_SHELL_VERSION=$( environment_url.txt - *base-before_script script: - check_kube_domain - download_chart - date - deploy || (display_deployment_debug && exit 1) - verify_deploy || exit 1 - disable_sign_ups || (delete_release && exit 1) after_script: # Run seed-dast-test-data.sh only when DAST_RUN is set to true. This is to pupulate review app with data for DAST scan. # Set DAST_RUN to true when jobs are manually scheduled. - if [ "$DAST_RUN" == "true" ]; then source scripts/review_apps/seed-dast-test-data.sh; TRACE=1 trigger_proj_user_creation; fi artifacts: paths: - environment_url.txt - curl_output.txt expire_in: 7 days when: always .review-stop-base: extends: .review-workflow-base environment: action: stop dependencies: [] variables: # We're cloning the repo instead of downloading the script for now # because some repos are private and CI_JOB_TOKEN cannot access files. # See https://gitlab.com/gitlab-org/gitlab/issues/191273 GIT_DEPTH: 1 before_script: - *base-before_script review-delete-deployment: extends: - .review-stop-base - .review:rules:review-delete-deployment stage: prepare script: - delete_release review-stop: extends: - .review-stop-base - .review:rules:review-stop stage: post-qa script: - delete_k8s_release_namespace .review-qa-base: extends: - .use-docker-in-docker image: name: ${QA_IMAGE} entrypoint: [""] stage: qa needs: ["build-qa-image", "review-deploy"] variables: QA_DEBUG: "true" QA_CAN_TEST_GIT_PROTOCOL_V2: "false" QA_GENERATE_ALLURE_REPORT: "true" GITLAB_USERNAME: "root" GITLAB_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}" GITLAB_ADMIN_USERNAME: "root" GITLAB_ADMIN_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}" GITHUB_ACCESS_TOKEN: "${REVIEW_APPS_QA_GITHUB_ACCESS_TOKEN}" EE_LICENSE: "${REVIEW_APPS_EE_LICENSE}" SIGNUP_DISABLED: "true" before_script: # Use $CI_MERGE_REQUEST_SOURCE_BRANCH_SHA so that GitLab image built in omnibus-gitlab-mirror and QA image are in sync. - if [ -n "$CI_MERGE_REQUEST_SOURCE_BRANCH_SHA" ]; then git checkout -f ${CI_MERGE_REQUEST_SOURCE_BRANCH_SHA}; fi - export CI_ENVIRONMENT_URL="$(cat environment_url.txt)" - echo "${CI_ENVIRONMENT_URL}" - cd qa artifacts: paths: - qa/tmp expire_in: 7 days when: always .allure-report-base: image: name: ${GITLAB_DEPENDENCY_PROXY}andrcuns/allure-report-publisher:0.3.4 entrypoint: [""] stage: post-qa variables: GIT_STRATEGY: none STORAGE_CREDENTIALS: $QA_ALLURE_REPORT_GCS_CREDENTIALS GITLAB_AUTH_TOKEN: $GITLAB_QA_MR_ALLURE_REPORT_TOKEN allow_failure: true script: - | allure-report-publisher upload gcs \ --results-glob="qa/tmp/allure-results/*" \ --bucket="gitlab-qa-allure-reports" \ --prefix="$ALLURE_REPORT_PATH_PREFIX/$CI_COMMIT_REF_SLUG" \ --update-pr="comment" \ --copy-latest \ --ignore-missing-results \ --color review-qa-smoke: extends: - .review-qa-base - .review:rules:review-qa-smoke retry: 1 # This is confusing but this means "2 runs at max". script: - bin/test Test::Instance::Smoke "${CI_ENVIRONMENT_URL}" review-qa-all: extends: - .review-qa-base - .review:rules:review-qa-all parallel: 5 script: - export KNAPSACK_REPORT_PATH=knapsack/master_report.json - export KNAPSACK_TEST_FILE_PATTERN=qa/specs/features/**/*_spec.rb - | bin/test Test::Instance::All "${CI_ENVIRONMENT_URL}" \ -- \ --color --format documentation \ --format RspecJunitFormatter --out tmp/rspec.xml artifacts: reports: junit: qa/tmp/rspec.xml review-performance: extends: - .default-retry - .review:rules:review-performance image: name: sitespeedio/sitespeed.io entrypoint: [""] stage: qa needs: ["review-deploy"] before_script: - export CI_ENVIRONMENT_URL="$(cat environment_url.txt)" - echo "${CI_ENVIRONMENT_URL}" - mkdir -p gitlab-exporter - wget -O ./gitlab-exporter/index.js https://gitlab.com/gitlab-org/gl-performance/raw/master/index.js - mkdir -p sitespeed-results script: - /start.sh --plugins.add ./gitlab-exporter --outputFolder sitespeed-results "${CI_ENVIRONMENT_URL}" after_script: - mv sitespeed-results/data/performance.json performance.json artifacts: paths: - sitespeed-results/ reports: performance: performance.json expire_in: 31d allure-report-qa-smoke: extends: - .allure-report-base - .review:rules:review-qa-smoke-report needs: ["review-qa-smoke"] variables: ALLURE_REPORT_PATH_PREFIX: gitlab-review-smoke ALLURE_JOB_NAME: review-qa-smoke allure-report-qa-all: extends: - .allure-report-base - .review:rules:review-qa-all-report needs: ["review-qa-all"] variables: ALLURE_REPORT_PATH_PREFIX: gitlab-review-all ALLURE_JOB_NAME: review-qa-all danger-review: extends: - .default-retry - .danger-review-cache - .review:rules:danger stage: test needs: [] before_script: - source scripts/utils.sh - bundle_install_script "--with danger" - run_timed_command "retry yarn install --frozen-lockfile" script: - > if [ -z "$DANGER_GITLAB_API_TOKEN" ]; then run_timed_command danger_as_local else run_timed_command "bundle exec danger --fail-on-errors=true --verbose" fi danger-review-local: extends: - danger-review - .review:rules:danger-local script: - run_timed_command danger_as_local