#!/usr/bin/env ruby # frozen_string_literal: true require 'gitlab' # # Configure credentials to be used with gitlab gem # Gitlab.configure do |config| config.endpoint = 'https://gitlab.com/api/v4' end module Trigger def self.ee? # Support former project name for `dev` %w[gitlab gitlab-ee].include?(ENV['CI_PROJECT_NAME']) end def self.security? %r{\Agitlab-org/security(\z|/)}.match?(ENV['CI_PROJECT_NAMESPACE']) end def self.non_empty_variable_value(variable) variable_value = ENV[variable] return if variable_value.nil? || variable_value.empty? variable_value end class Base # Can be overridden def self.access_token ENV['GITLAB_BOT_MULTI_PROJECT_PIPELINE_POLLING_TOKEN'] end def initialize # gitlab-bot's token "GitLab multi-project pipeline polling" Gitlab.private_token = self.class.access_token end def invoke!(post_comment: false, downstream_job_name: nil) pipeline_variables = variables puts "Triggering downstream pipeline on #{downstream_project_path}" puts "with variables #{pipeline_variables}" pipeline = Gitlab.run_trigger( downstream_project_path, trigger_token, ref, pipeline_variables) puts "Triggered downstream pipeline: #{pipeline.web_url}\n" puts "Waiting for downstream pipeline status" Trigger::CommitComment.post!(pipeline) if post_comment downstream_job = if downstream_job_name Gitlab.pipeline_jobs(downstream_project_path, pipeline.id).auto_paginate.find do |potential_job| potential_job.name == downstream_job_name end end if downstream_job Trigger::Job.new(downstream_project_path, downstream_job.id) else Trigger::Pipeline.new(downstream_project_path, pipeline.id) end end private # Must be overridden def downstream_project_path raise NotImplementedError end # Must be overridden def ref raise NotImplementedError end # Can be overridden def trigger_token ENV['CI_JOB_TOKEN'] end # Can be overridden def extra_variables {} end # Can be overridden def version_param_value(version_file) ENV[version_file]&.strip || File.read(version_file).strip end def variables base_variables.merge(extra_variables).merge(version_file_variables) end def base_variables # Use CI_MERGE_REQUEST_SOURCE_BRANCH_SHA for omnibus checkouts due to pipeline for merged results, # and fallback to CI_COMMIT_SHA for the `detached` pipelines. { 'GITLAB_REF_SLUG' => ENV['CI_COMMIT_TAG'] ? ENV['CI_COMMIT_REF_NAME'] : ENV['CI_COMMIT_REF_SLUG'], 'TRIGGERED_USER' => ENV['TRIGGERED_USER'] || ENV['GITLAB_USER_NAME'], 'TRIGGER_SOURCE' => ENV['CI_JOB_URL'], 'TOP_UPSTREAM_SOURCE_PROJECT' => ENV['CI_PROJECT_PATH'], 'TOP_UPSTREAM_SOURCE_JOB' => ENV['CI_JOB_URL'], 'TOP_UPSTREAM_SOURCE_SHA' => Trigger.non_empty_variable_value('CI_MERGE_REQUEST_SOURCE_BRANCH_SHA') || ENV['CI_COMMIT_SHA'], 'TOP_UPSTREAM_SOURCE_REF' => ENV['CI_COMMIT_REF_NAME'], 'TOP_UPSTREAM_MERGE_REQUEST_PROJECT_ID' => ENV['CI_MERGE_REQUEST_PROJECT_ID'], 'TOP_UPSTREAM_MERGE_REQUEST_IID' => ENV['CI_MERGE_REQUEST_IID'] } end # Read version files from all components def version_file_variables Dir.glob("*_VERSION").each_with_object({}) do |version_file, params| params[version_file] = version_param_value(version_file) end end end class Omnibus < Base private def downstream_project_path ENV['OMNIBUS_PROJECT_PATH'] || 'gitlab-org/build/omnibus-gitlab-mirror' end def ref ENV['OMNIBUS_BRANCH'] || 'master' end def extra_variables # Use CI_MERGE_REQUEST_SOURCE_BRANCH_SHA for omnibus checkouts due to pipeline for merged results # and fallback to CI_COMMIT_SHA for the `detached` pipelines. # We also set IMAGE_TAG so the GitLab and QA docker images are tagged with # that SHA. source_sha = Trigger.non_empty_variable_value('CI_MERGE_REQUEST_SOURCE_BRANCH_SHA') || ENV['CI_COMMIT_SHA'] { 'GITLAB_VERSION' => source_sha, 'IMAGE_TAG' => source_sha, 'ALTERNATIVE_SOURCES' => 'true', 'SECURITY_SOURCES' => Trigger.security? ? 'true' : 'false', 'ee' => Trigger.ee? ? 'true' : 'false', 'QA_BRANCH' => ENV['QA_BRANCH'] || 'master' } end end class CNG < Base private def downstream_project_path ENV['CNG_PROJECT_PATH'] || 'gitlab-org/build/CNG-mirror' end def ref default_ref = if ENV['CI_COMMIT_REF_NAME'] =~ /^[\d-]+-stable(-ee)?$/ ENV['CI_COMMIT_REF_NAME'] else 'master' end ENV['CNG_BRANCH'] || default_ref end def trigger_token ENV['BUILD_TRIGGER_TOKEN'] end def extra_variables edition = Trigger.ee? ? 'EE' : 'CE' { "ee" => Trigger.ee? ? "true" : "false", "GITLAB_VERSION" => ENV['CI_COMMIT_SHA'], "GITLAB_TAG" => ENV['CI_COMMIT_TAG'], "GITLAB_ASSETS_TAG" => ENV['CI_COMMIT_TAG'] ? ENV['CI_COMMIT_REF_NAME'] : ENV['CI_COMMIT_SHA'], "FORCE_RAILS_IMAGE_BUILDS" => 'true', "#{edition}_PIPELINE" => 'true' } end def version_param_value(_version_file) raw_version = super # if the version matches semver format, treat it as a tag and prepend `v` if raw_version =~ Regexp.compile(/^\d+\.\d+\.\d+(-rc\d+)?(-ee)?$/) "v#{raw_version}" else raw_version end end end class Docs < Base def self.access_token ENV['DOCS_API_TOKEN'] end SUCCESS_MESSAGE = <<~MSG => You should now be able to preview your changes under the following URL: %s => For more information, see the documentation => https://docs.gitlab.com/ee/development/documentation/index.html#previewing-the-changes-live => If something doesn't work, drop a line in the #docs chat channel. MSG # Create a remote branch in gitlab-docs and immediately cancel the pipeline # to avoid race conditions, since a triggered pipeline will also run right # after the branch creation. This only happens the very first time a branch # is created and will be skipped in subsequent runs. Read more in # https://gitlab.com/gitlab-org/gitlab-docs/issues/154. # def deploy! create_remote_branch! cancel_latest_pipeline! invoke!.wait! display_success_message end # # Remove a remote branch in gitlab-docs. # def cleanup! Gitlab.delete_branch(downstream_project_path, ref) puts "=> Remote branch '#{downstream_project_path}' deleted" end private def downstream_project_path ENV['DOCS_PROJECT_PATH'] || 'gitlab-org/gitlab-docs' end def ref if ENV['CI_MERGE_REQUEST_IID'].nil? "docs-preview-#{slug}-#{ENV['CI_COMMIT_REF_SLUG']}" else "docs-preview-#{slug}-#{ENV['CI_MERGE_REQUEST_IID']}" end end def extra_variables { "BRANCH_#{slug.upcase}" => ENV['CI_COMMIT_REF_NAME'] } end def slug case ENV['CI_PROJECT_PATH'] when 'gitlab-org/gitlab-foss' 'ce' when 'gitlab-org/gitlab' 'ee' when 'gitlab-org/gitlab-runner' 'runner' when 'gitlab-org/omnibus-gitlab' 'omnibus' when 'gitlab-org/charts/gitlab' 'charts' end end def app_url "http://#{ref}.#{ENV['DOCS_REVIEW_APPS_DOMAIN']}/#{slug}" end def create_remote_branch! Gitlab.create_branch(downstream_project_path, ref, 'master') puts "=> Remote branch '#{ref}' created" rescue Gitlab::Error::BadRequest puts "=> Remote branch '#{ref}' already exists!" end def cancel_latest_pipeline! pipelines = nil # Wait until the pipeline is started loop do sleep 1 puts "=> Waiting for pipeline to start..." pipelines = Gitlab.pipelines(downstream_project_path, { ref: ref }) break if pipelines.any? end # Get the first pipeline ID which should be the only one for the branch pipeline_id = pipelines.first.id # Cancel the pipeline Gitlab.cancel_pipeline(downstream_project_path, pipeline_id) end def display_success_message format(SUCCESS_MESSAGE, app_url: app_url) end end class CommitComment def self.post!(downstream_pipeline) Gitlab.create_commit_comment( ENV['CI_PROJECT_PATH'], Trigger.non_empty_variable_value('CI_MERGE_REQUEST_SOURCE_BRANCH_SHA') || ENV['CI_COMMIT_SHA'], "The [`#{ENV['CI_JOB_NAME']}`](#{ENV['CI_JOB_URL']}) job from pipeline #{ENV['CI_PIPELINE_URL']} triggered #{downstream_pipeline.web_url} downstream.") rescue Gitlab::Error::Error => error puts "Ignoring the following error: #{error}" end end class Pipeline INTERVAL = 60 # seconds MAX_DURATION = 3600 * 3 # 3 hours attr_reader :project, :id def self.unscoped_class_name name.split('::').last end def self.gitlab_api_method_name unscoped_class_name.downcase end def initialize(project, id) @project = project @id = id @start = Time.now.to_i end def wait! loop do raise "#{self.class.unscoped_class_name} timed out after waiting for #{duration} minutes!" if timeout? case status when :created, :pending, :running print "." sleep INTERVAL when :success puts "#{self.class.unscoped_class_name} succeeded in #{duration} minutes!" break else raise "#{self.class.unscoped_class_name} did not succeed!" end STDOUT.flush end end def timeout? Time.now.to_i > (@start + MAX_DURATION) end def duration (Time.now.to_i - @start) / 60 end def status Gitlab.public_send(self.class.gitlab_api_method_name, project, id).status.to_sym # rubocop:disable GitlabSecurity/PublicSend rescue Gitlab::Error::Error => error puts "Ignoring the following error: #{error}" # Ignore GitLab API hiccups. If GitLab is really down, we'll hit the job # timeout anyway. :running end end Job = Class.new(Pipeline) end case ARGV[0] when 'omnibus' Trigger::Omnibus.new.invoke!(post_comment: true, downstream_job_name: 'Trigger:qa-test').wait! when 'cng' Trigger::CNG.new.invoke!.wait! when 'docs' docs_trigger = Trigger::Docs.new case ARGV[1] when 'deploy' docs_trigger.deploy! when 'cleanup' docs_trigger.cleanup! else puts 'usage: trigger-build docs ' exit 1 end else puts "Please provide a valid option: omnibus - Triggers a pipeline that builds the omnibus-gitlab package cng - Triggers a pipeline that builds images used by the GitLab helm chart" end