############## # Conditions # ############## .if-not-canonical-namespace: &if-not-canonical-namespace if: '$CI_PROJECT_NAMESPACE !~ /^gitlab(-org)?($|\/)/' .if-not-ee: &if-not-ee if: '$CI_PROJECT_NAME !~ /^gitlab(-ee)?$/' .if-not-foss: &if-not-foss if: '$CI_PROJECT_NAME != "gitlab-foss" && $CI_PROJECT_NAME != "gitlab-ce" && $CI_PROJECT_NAME != "gitlabhq"' .if-jh: &if-jh if: '$CI_PROJECT_PATH =~ /^gitlab-(jh|cn)\/.*/' .if-force-ci: &if-force-ci if: '$FORCE_GITLAB_CI' .if-default-refs: &if-default-refs if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH || $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable(-ee)?$/ || $CI_COMMIT_REF_NAME =~ /^\d+-\d+-auto-deploy-\d+$/ || $CI_COMMIT_REF_NAME =~ /^security\// || $CI_MERGE_REQUEST_IID || $CI_COMMIT_TAG || $FORCE_GITLAB_CI' .if-default-branch-refs: &if-default-branch-refs if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH' .if-stable-branch-refs: &if-stable-branch-refs if: '$CI_COMMIT_REF_NAME =~ /^[\d-]+-stable(-ee)?$/' .if-default-branch-push: &if-default-branch-push if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "push"' .if-auto-deploy-branches: &if-auto-deploy-branches if: '$CI_COMMIT_BRANCH =~ /^\d+-\d+-auto-deploy-\d+$/' .if-tag: &if-tag if: '$CI_COMMIT_TAG' .if-default-branch-or-tag: &if-default-branch-or-tag if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH || $CI_COMMIT_TAG' .if-merge-request: &if-merge-request if: '$CI_MERGE_REQUEST_IID' .if-merge-request-approved: &if-merge-request-approved if: '$CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_APPROVED' .if-merge-request-not-approved: &if-merge-request-not-approved if: '$CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_APPROVED != "true"' .if-automated-merge-request: &if-automated-merge-request if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME == "release-tools/update-gitaly" || $CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ /stable-ee$/' .if-merge-request-targeting-stable-branch: &if-merge-request-targeting-stable-branch if: '$CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ /^[\d-]+-stable(-ee)?$/' .if-merge-request-labels-run-in-ruby3: &if-merge-request-labels-run-in-ruby3 if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-in-ruby3/' .if-merge-request-labels-as-if-foss: &if-merge-request-labels-as-if-foss if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-as-if-foss/' .if-merge-request-labels-as-if-jh: &if-merge-request-labels-as-if-jh if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-as-if-jh/' .if-merge-request-labels-update-caches: &if-merge-request-labels-update-caches if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:update-cache/' .if-merge-request-labels-run-all-rspec: &if-merge-request-labels-run-all-rspec if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-all-rspec/' .if-merge-request-labels-run-all-jest: &if-merge-request-labels-run-all-jest if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-all-jest/' .if-merge-request-labels-run-single-db: &if-merge-request-labels-run-single-db if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-single-db/' .if-merge-request-labels-run-review-app: &if-merge-request-labels-run-review-app if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-review-app/' .if-merge-request-labels-skip-undercoverage: &if-merge-request-labels-skip-undercoverage if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:skip-undercoverage/' .if-merge-request-labels-community-contribution: &if-merge-request-labels-community-contribution if: '$CI_MERGE_REQUEST_LABELS =~ /Community contribution/' .if-merge-request-labels-jh-contribution: &if-merge-request-labels-jh-contribution if: '$CI_MERGE_REQUEST_LABELS =~ /JiHu contribution/' .if-merge-request-labels-group-global-search: &if-merge-request-labels-group-global-search if: '$CI_MERGE_REQUEST_LABELS =~ /group::global search/' .if-merge-request-labels-pipeline-revert: &if-merge-request-labels-pipeline-revert if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:revert/' .if-security-merge-request: &if-security-merge-request if: '$CI_PROJECT_NAMESPACE == "gitlab-org/security" && $CI_MERGE_REQUEST_IID' .if-fork-merge-request: &if-fork-merge-request if: '$CI_PROJECT_NAMESPACE !~ /^gitlab(-org)?($|\/)/ && $CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_LABELS !~ /pipeline:run-all-rspec/' .if-default-branch-schedule-maintenance: &if-default-branch-schedule-maintenance if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "maintenance"' .if-default-branch-schedule-nightly: &if-default-branch-schedule-nightly if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "nightly"' .if-security-schedule: &if-security-schedule if: '$CI_PROJECT_NAMESPACE == "gitlab-org/security" && $CI_PIPELINE_SOURCE == "schedule"' .if-dot-com-gitlab-org-schedule: &if-dot-com-gitlab-org-schedule if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_PIPELINE_SOURCE == "schedule"' .if-dot-com-ee-schedule: &if-dot-com-ee-schedule if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "schedule"' .if-dot-com-ee-schedule-maintenance: &if-dot-com-ee-schedule-maintenance if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "maintenance"' .if-dot-com-ee-schedule-nightly: &if-dot-com-ee-schedule-nightly if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "nightly"' .if-dot-com-ee-schedule-nightly-child-pipeline: &if-dot-com-ee-schedule-nightly-child-pipeline if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "parent_pipeline" && $SCHEDULE_TYPE == "nightly"' .if-dot-com-gitlab-org-default-branch: &if-dot-com-gitlab-org-default-branch if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH' .if-dot-com-gitlab-org-merge-request: &if-dot-com-gitlab-org-merge-request if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_MERGE_REQUEST_IID' .if-dot-com-gitlab-org-and-security-merge-request: &if-dot-com-gitlab-org-and-security-merge-request if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && $CI_MERGE_REQUEST_IID' .if-dot-com-gitlab-org-and-security-merge-request-and-qa-tests-specified: &if-dot-com-gitlab-org-and-security-merge-request-and-qa-tests-specified if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && $CI_MERGE_REQUEST_IID && $QA_TESTS' .if-dot-com-gitlab-org-and-security-merge-request-manual-ff-package-and-qa: &if-dot-com-gitlab-org-and-security-merge-request-manual-ff-package-and-qa if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && $CI_MERGE_REQUEST_IID && $QA_MANUAL_FF_PACKAGE_AND_QA' .if-dot-com-gitlab-org-and-security-tag: &if-dot-com-gitlab-org-and-security-tag if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && $CI_COMMIT_TAG' # For Security merge requests, the gitlab-release-tools-bot triggers a new # pipeline for the "Pipelines for merged results" feature. If the pipeline # fails, we notify release managers. .if-security-pipeline-merge-result: &if-security-pipeline-merge-result if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH && $CI_PROJECT_NAMESPACE == "gitlab-org/security" && $GITLAB_USER_LOGIN == "gitlab-release-tools-bot"' #################### # Changes patterns # #################### .ci-patterns: &ci-patterns - ".gitlab-ci.yml" - ".gitlab/ci/**/*" - "scripts/rspec_helpers.sh" .ci-build-images-patterns: &ci-build-images-patterns - ".gitlab-ci.yml" - ".gitlab/ci/build-images.gitlab-ci.yml" .ci-review-patterns: &ci-review-patterns - ".gitlab-ci.yml" - ".gitlab/ci/frontend.gitlab-ci.yml" - ".gitlab/ci/build-images.gitlab-ci.yml" - ".gitlab/ci/review.gitlab-ci.yml" - ".gitlab/ci/review-apps/**/*" - "scripts/review_apps/base-config.yaml" - "scripts/review_apps/review-apps.sh" - "scripts/trigger-build.rb" - "{,ee/,jh/}{bin,config}/**/*.rb" .ci-templates-patterns: &ci-templates-patterns - "lib/gitlab/ci/templates/**/*.gitlab-ci.yml" .ci-qa-patterns: &ci-qa-patterns - ".gitlab-ci.yml" - ".gitlab/ci/frontend.gitlab-ci.yml" - ".gitlab/ci/build-images.gitlab-ci.yml" - ".gitlab/ci/qa.gitlab-ci.yml" .gitaly-patterns: &gitaly-patterns - "GITALY_SERVER_VERSION" - "lib/gitlab/setup_helper.rb" .workhorse-patterns: &workhorse-patterns - "GITLAB_WORKHORSE_VERSION" - "workhorse/**/*" - ".gitlab/ci/workhorse.gitlab-ci.yml" .yaml-lint-patterns: &yaml-lint-patterns - "*.yml" - "**/*.yml" .lint-pipeline-yaml-patterns: &lint-pipeline-yaml-patterns - ".gitlab-ci.yml" - ".gitlab/ci/**/*.yml" - "lib/gitlab/ci/templates/**/*.yml" - "data/deprecations/**/*.yml" - "data/removals/**/*.yml" - "data/whats_new/**/*.yml" .lint-metrics-yaml-patterns: &lint-metrics-yaml-patterns - "config/metrics/**/*.yml" .docs-patterns: &docs-patterns - ".gitlab/route-map.yml" - "doc/**/*" - ".markdownlint.yml" - "scripts/lint-doc.sh" - ".gitlab/ci/docs.gitlab-ci.yml" .docs-deprecations-and-removals-patterns: &docs-deprecations-and-removals-patterns - "doc/update/deprecations.md" - "doc/update/removals.md" - "data/deprecations/**/*" - "data/removals/**/*" - "tooling/docs/**/*" - "lib/tasks/gitlab/docs/compile_deprecations.rake" .bundler-patterns: &bundler-patterns - '{Gemfile.lock,*/Gemfile.lock,*/*/Gemfile.lock}' .nodejs-patterns: &nodejs-patterns - '{package.json,*/package.json,*/*/package.json}' - '{yarn.lock,*/yarn.lock,*/*/yarn.lock}' .python-patterns: &python-patterns - '{requirements.txt,*/requirements.txt,*/*/requirements.txt}' - '{requirements.pip,*/requirements.pip,*/*/requirements.pip}' - '{Pipfile,*/Pipfile,*/*/Pipfile}' - '{requires.txt,*/requires.txt,*/*/requires.txt}' - '{setup.py,*/setup.py,*/*/setup.py}' .dependency-patterns: &dependency-patterns - '{Gemfile.lock,*/Gemfile.lock,*/*/Gemfile.lock}' - '{composer.lock,*/composer.lock,*/*/composer.lock}' - '{gems.locked,*/gems.locked,*/*/gems.locked}' - '{go.sum,*/go.sum,*/*/go.sum}' - '{npm-shrinkwrap.json,*/npm-shrinkwrap.json,*/*/npm-shrinkwrap.json}' - '{package-lock.json,*/package-lock.json,*/*/package-lock.json}' - '{yarn.lock,*/yarn.lock,*/*/yarn.lock}' - '{packages.lock.json,*/packages.lock.json,*/*/packages.lock.json}' - '{conan.lock,*/conan.lock,*/*/conan.lock}' .frontend-dependency-patterns: &frontend-dependency-patterns - "{package.json,yarn.lock}" - "config/webpack.config.js" - "config/helpers/*.js" .frontend-build-patterns: &frontend-build-patterns - "{package.json,yarn.lock}" - ".browserslistrc" - "babel.config.js" - "config/webpack.config.js" - "config/**/*.js" - "vendor/assets/**/*" - "{,ee/,jh/}app/assets/**/*" .frontend-patterns-for-as-if-foss: &frontend-patterns-for-as-if-foss - "{package.json,yarn.lock}" - ".browserslistrc" - "babel.config.js" - "jest.config.{base,integration,unit}.js" - ".csscomb.json" - "Dockerfile.assets" - "config/**/*.js" - "vendor/assets/**/*" - "{app/assets,app/components,app/helpers,app/presenters,app/views,locale,public,spec/frontend,symbol}/**/*" .controllers-patterns: &controllers-patterns - "{,ee/,jh/}{app/controllers}/**/*" .models-patterns: &models-patterns - "{,ee/,jh/}{app/models}/**/*" .lib-gitlab-patterns: &lib-gitlab-patterns - "{,ee/,jh/}lib/{,ee/,jh/}gitlab/**/*" .startup-css-patterns: &startup-css-patterns - "{,ee/,jh/}app/assets/stylesheets/startup/**/*" # Backend patterns + .ci-patterns .backend-patterns: &backend-patterns - "{,jh/}Gemfile{,.lock}" - "Rakefile" - "config.ru" # List explicitly all the app/ dirs that are backend (i.e. all except app/assets). - "{,ee/,jh/}{app/channels,app/components,app/controllers,app/finders,app/graphql,app/helpers,app/mailers,app/models,app/policies,app/presenters,app/serializers,app/services,app/uploaders,app/validators,app/views,app/workers}/**/*" - "{,ee/,jh/}{bin,config,db,generator_templates,lib}/**/*" - "{,ee/,jh/}spec/**/*" # CI changes - ".gitlab-ci.yml" - ".gitlab/ci/**/*" - "*_VERSION" - "scripts/rspec_helpers.sh" # Mapped patterns (see tests.yml) - "data/whats_new/*.yml" .search-backend-patterns: &search-backend-patterns - "{,jh/}Gemfile.lock" - "GITLAB_ELASTICSEARCH_INDEXER_VERSION" # List explicitly all the app/ dirs that are backend (i.e. all except app/assets). - "{,ee/,jh/}{app/channels,app/components,app/controllers,app/finders,app/graphql,app/helpers,app/mailers,app/models,app/policies,app/presenters,app/serializers,app/services,app/uploaders,app/validators,app/views,app/workers}/**/*" - "{,ee/,jh/}{bin,config,db,generator_templates,lib}/**/*" - "{,ee/,jh/}spec/**/*" # DB patterns + .ci-patterns .db-patterns: &db-patterns - "{,ee/,jh/}{,spec/}{db,migrations}/**/*" - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database/**/*" - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database{,_spec}.rb" - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/background_migration/**/*" - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/background_migration{,_spec}.rb" - "{,ee/,jh/}spec/support/helpers/database/**/*" - "lib/gitlab/markdown_cache/active_record/**/*" - "config/prometheus/common_metrics.yml" # Used by Gitlab::DatabaseImporters::CommonMetrics::Importer - "{,ee/,jh/}app/models/project_statistics.rb" # Used to calculate sizes in migration specs # Gitaly has interactions with background migrations: https://gitlab.com/gitlab-org/gitlab/-/issues/336538 - "GITALY_SERVER_VERSION" - "lib/gitlab/setup_helper.rb" # CI changes - ".gitlab-ci.yml" - ".gitlab/ci/**/*" .db-library-patterns: &db-library-patterns - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database/**/*" - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database{,_spec}.rb" - "{,ee/,jh/}spec/support/helpers/database/**/*" .backstage-patterns: &backstage-patterns - "Dangerfile" - "danger/**/*" - "{,ee/,jh/}fixtures/**/*" - "{,ee/,jh/}rubocop/**/*" - "{,ee/,jh/}spec/**/*" - "{,spec/}tooling/**/*" .qa-patterns: &qa-patterns - ".dockerignore" - "qa/**/*" # Code patterns + .ci-patterns .code-patterns: &code-patterns - "{package.json,yarn.lock}" - ".browserslistrc" - "babel.config.js" - "jest.config.{base,integration,unit}.js" - ".csscomb.json" - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - ".gitlab-ci.yml" - "*_VERSION" - "{,jh/}Gemfile{,.lock}" - "Rakefile" - "tests.yml" - "config.ru" - "{,ee/,jh/}{app,bin,config,db,generator_templates,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" - "doc/api/graphql/reference/*" # Files in this folder are auto-generated # CI changes - ".gitlab-ci.yml" - ".gitlab/ci/**/*" # Mapped patterns (see tests.yml) - "data/whats_new/*.yml" # .code-patterns + .backstage-patterns .code-backstage-patterns: &code-backstage-patterns - "{package.json,yarn.lock}" - ".browserslistrc" - "babel.config.js" - "jest.config.{base,integration,unit}.js" - ".csscomb.json" - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - "*_VERSION" - "{,jh/}Gemfile{,.lock}" - "Rakefile" - "tests.yml" - "config.ru" - "{,ee/,jh/}{app,bin,config,db,generator_templates,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" - "doc/api/graphql/reference/*" # Files in this folder are auto-generated # CI changes - ".gitlab-ci.yml" - ".gitlab/ci/**/*" # Backstage changes - "Dangerfile" - "danger/**/*" - "{,ee/,jh/}fixtures/**/*" - "{,ee/,jh/}rubocop/**/*" - "{,ee/,jh/}spec/**/*" - "{,spec/}tooling/**/*" # Mapped patterns (see tests.yml) - "data/whats_new/*.yml" # .code-patterns + .qa-patterns .code-qa-patterns: &code-qa-patterns - "{package.json,yarn.lock}" - ".browserslistrc" - "babel.config.js" - "jest.config.{base,integration,unit}.js" - ".csscomb.json" - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - "*_VERSION" - "{,jh/}Gemfile{,.lock}" - "Rakefile" - "tests.yml" - "config.ru" - "{,ee/,jh/}{app,bin,config,db,generator_templates,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" - "doc/api/graphql/reference/*" # Files in this folder are auto-generated # CI changes - ".gitlab-ci.yml" - ".gitlab/ci/**/*" # QA changes - ".dockerignore" - "qa/**/*" # Mapped patterns (see tests.yml) - "data/whats_new/*.yml" # .code-patterns + .backstage-patterns + .qa-patterns .code-backstage-qa-patterns: &code-backstage-qa-patterns - "{package.json,yarn.lock}" - ".browserslistrc" - "babel.config.js" - "jest.config.{base,integration,unit}.js" - ".csscomb.json" - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - ".gitlab-ci.yml" - "*_VERSION" - "{,jh/}Gemfile{,.lock}" - "Rakefile" - "tests.yml" - "config.ru" - "{,ee/,jh/}{app,bin,config,db,generator_templates,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" - "doc/api/graphql/reference/*" # Files in this folder are auto-generated # CI changes - ".gitlab-ci.yml" - ".gitlab/ci/**/*" # Backstage changes - "Dangerfile" - "danger/**/*" - "{,ee/,jh/}fixtures/**/*" - "{,ee/,jh/}rubocop/**/*" - "{,ee/,jh/}spec/**/*" - "{,spec/}tooling/**/*" # QA changes - ".dockerignore" - "qa/**/*" # Mapped patterns (see tests.yml) - "data/whats_new/*.yml" # .code-backstage-qa-patterns + .workhorse-patterns .setup-test-env-patterns: &setup-test-env-patterns - "{package.json,yarn.lock}" - ".browserslistrc" - "babel.config.js" - "jest.config.{base,integration,unit}.js" - ".csscomb.json" - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - ".gitlab-ci.yml" - "*_VERSION" - "{,jh/}Gemfile{,.lock}" - "Rakefile" - "tests.yml" - "config.ru" - "{,ee/,jh/}{app,bin,config,db,generator_templates,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" - "doc/api/graphql/reference/*" # Files in this folder are auto-generated - "data/whats_new/*.yml" # CI changes - ".gitlab-ci.yml" - ".gitlab/ci/**/*" # Backstage changes - "Dangerfile" - "danger/**/*" - "{,ee/,jh/}fixtures/**/*" - "{,ee/,jh/}rubocop/**/*" - "{,ee/,jh/}spec/**/*" - "{,spec/}tooling/**/*" # QA changes - ".dockerignore" - "qa/**/*" # Workhorse changes - "GITLAB_WORKHORSE_VERSION" - "workhorse/**/*" - ".gitlab/ci/workhorse.gitlab-ci.yml" # CI Templates changes - "scripts/lint_templates_bash.rb" - "lib/gitlab/ci/templates/**/*.gitlab-ci.yml" .static-analysis-patterns: &static-analysis-patterns - ".{codeclimate,eslintrc,haml-lint,haml-lint_todo}.yml" .rubocop-patterns: &rubocop-patterns - ".{rubocop,rubocop_todo}.yml" - ".rubocop_todo/**/*.yml" - "{,ee/,jh/}rubocop/**/*" # We might be changing custom cops - "{,ee/,jh/}Gemfile.lock" # This should include gitlab-styles, rubocop itself, and any plugins we might be using - "lib/gitlab_edition.rb" # This is required in RuboCop::CodeReuseHelpers - ".gitlab/ci/static-analysis.gitlab-ci.yml" .danger-patterns: &danger-patterns - "Dangerfile" - "danger/**/*" - "tooling/danger/**/*" .core-backend-patterns: &core-backend-patterns - "{,jh/}Gemfile{,.lock}" - "{,ee/,jh/}config/**/*.rb" .core-frontend-patterns: &core-frontend-patterns - "{package.json,yarn.lock}" - "babel.config.js" - "jest.config.{base,integration,unit}.js" - "config/helpers/**/*.js" - "vendor/assets/javascripts/**/*" .feature-flag-development-config-patterns: &feature-flag-development-config-patterns - "{,ee/}config/feature_flags/{development,ops}/*.yml" ################## # Conditions set # ################## .strict-ee-only-rules: rules: - <<: *if-not-ee when: never - <<: *if-jh when: never .rails:rules:minimal-default-rules: rules: - <<: *if-merge-request-approved when: never - <<: *if-automated-merge-request when: never - <<: *if-security-merge-request when: never .rails:rules:run-search-tests: rules: - <<: *if-merge-request-labels-group-global-search changes: *search-backend-patterns .rails:rules:ee-and-foss-default-rules: rules: - <<: *if-merge-request-labels-run-all-rspec - <<: *if-merge-request changes: *core-backend-patterns - <<: *if-merge-request changes: *ci-patterns - <<: *if-automated-merge-request changes: *backend-patterns - <<: *if-security-merge-request changes: *backend-patterns - <<: *if-merge-request-not-approved when: never .rails:rules:as-if-foss-migration-unit-integration:minimal-default-rules: rules: - <<: *if-merge-request changes: *core-backend-patterns when: never - <<: *if-merge-request changes: *ci-patterns when: never .rails:rules:unit-integration:minimal-default-rules: rules: - <<: *if-merge-request-labels-run-all-rspec when: never - !reference [".rails:rules:as-if-foss-migration-unit-integration:minimal-default-rules", rules] .rails:rules:system-default-rules: rules: - <<: *if-merge-request-labels-run-all-rspec - <<: *if-merge-request changes: *core-backend-patterns - <<: *if-merge-request changes: *workhorse-patterns - <<: *if-merge-request changes: *ci-patterns - <<: *if-automated-merge-request changes: *code-backstage-patterns - <<: *if-security-merge-request changes: *code-backstage-patterns - <<: *if-merge-request-not-approved when: never .rails:rules:system:minimal-default-rules: rules: - <<: *if-merge-request-labels-run-all-rspec when: never - <<: *if-merge-request changes: *core-backend-patterns when: never - <<: *if-merge-request changes: *workhorse-patterns when: never - <<: *if-merge-request changes: *ci-patterns when: never - <<: *if-merge-request changes: *code-backstage-patterns .rails:rules:previous-failed-tests-default-rules: rules: - <<: *if-security-merge-request when: never - <<: *if-merge-request-labels-run-all-rspec - <<: *if-merge-request changes: *code-backstage-patterns ################ # Shared rules # ################ .shared:rules:update-cache: rules: - <<: *if-default-branch-schedule-maintenance - <<: *if-security-schedule - <<: *if-merge-request-labels-update-caches .shared:rules:update-gitaly-binaries-cache: rules: - <<: *if-merge-request-labels-update-caches - changes: *gitaly-patterns ###################### # Build images rules # ###################### .build-images:rules:build-qa-image: rules: - <<: *if-not-ee when: never - <<: *if-merge-request-targeting-stable-branch - <<: *if-merge-request-labels-run-review-app - <<: *if-dot-com-gitlab-org-and-security-merge-request changes: *ci-build-images-patterns - <<: *if-dot-com-gitlab-org-and-security-merge-request changes: *code-qa-patterns - <<: *if-dot-com-gitlab-org-default-branch changes: *code-qa-patterns - <<: *if-tag - <<: *if-dot-com-gitlab-org-schedule - <<: *if-force-ci .build-images:rules:build-assets-image: rules: - <<: *if-not-canonical-namespace when: never - <<: *if-merge-request-targeting-stable-branch - <<: *if-merge-request-labels-run-review-app - <<: *if-auto-deploy-branches - changes: *ci-build-images-patterns - changes: *code-qa-patterns ###################### # CI Templates Rules # ###################### .ci-templates:rules:shellcheck: rules: - changes: *ci-templates-patterns - changes: - scripts/lint_templates_bash.rb ################## # Delivery rules # ################## .delivery:rules:security-pipeline-merge-result-failure: rules: - <<: *if-security-pipeline-merge-result when: on_failure ###################### # Dev fixtures rules # ###################### .dev-fixtures:rules:ee-and-foss: rules: - <<: *if-default-refs changes: *code-backstage-patterns .dev-fixtures:rules:ee-only: rules: - <<: *if-not-ee when: never - <<: *if-default-refs changes: *code-backstage-patterns ############## # Docs rules # ############## .docs:rules:review-docs: rules: - <<: *if-dot-com-gitlab-org-merge-request changes: *docs-patterns when: manual allow_failure: true .docs:rules:docs-lint: rules: - <<: *if-default-refs changes: *docs-patterns .docs:rules:deprecations-and-removals: rules: - <<: *if-default-refs changes: *docs-deprecations-and-removals-patterns ################## # GraphQL rules # ################## .graphql:rules:graphql-verify: rules: - <<: *if-not-ee when: never - <<: *if-default-refs changes: *code-backstage-qa-patterns ################## # Frontend rules # ################## .frontend:rules:compile-production-assets: rules: - <<: *if-not-canonical-namespace when: never - <<: *if-merge-request-targeting-stable-branch - <<: *if-merge-request-labels-run-review-app - <<: *if-auto-deploy-branches - changes: *ci-build-images-patterns - changes: *code-qa-patterns - changes: *workhorse-patterns .frontend:rules:compile-test-assets: rules: - <<: *if-merge-request-labels-run-all-rspec - changes: *code-backstage-qa-patterns - changes: *workhorse-patterns .frontend:rules:compile-test-assets-as-if-foss: rules: - <<: *if-not-ee when: never - <<: *if-merge-request-labels-as-if-foss - <<: *if-merge-request-labels-run-all-rspec - changes: *code-backstage-qa-patterns - changes: *startup-css-patterns - changes: *workhorse-patterns .frontend:rules:default-frontend-jobs: rules: - <<: *if-merge-request-labels-run-all-rspec - changes: *code-backstage-patterns .frontend:rules:default-frontend-jobs-as-if-foss: rules: - !reference [".strict-ee-only-rules", rules] - <<: *if-security-merge-request changes: *code-backstage-patterns - <<: *if-merge-request-labels-as-if-foss - <<: *if-merge-request-labels-run-all-rspec - <<: *if-merge-request changes: *startup-css-patterns - <<: *if-merge-request changes: *ci-patterns .frontend:rules:frontend_fixture-as-if-foss: rules: - !reference [".strict-ee-only-rules", rules] - !reference [".frontend:rules:default-frontend-jobs-as-if-foss", rules] - !reference [".frontend:rules:jest:minimal:as-if-foss", rules] .frontend:rules:jest: rules: - <<: *if-fork-merge-request when: never - <<: *if-merge-request-labels-run-all-jest - <<: *if-default-refs changes: *core-frontend-patterns - <<: *if-merge-request changes: *ci-patterns - <<: *if-automated-merge-request changes: *code-backstage-patterns - <<: *if-security-merge-request changes: *code-backstage-patterns - <<: *if-merge-request-not-approved when: never - <<: *if-default-refs changes: *code-backstage-patterns .frontend:rules:jest:minimal: rules: - <<: *if-fork-merge-request changes: *code-backstage-patterns - !reference [".rails:rules:minimal-default-rules", rules] - <<: *if-merge-request-labels-run-all-jest when: never - changes: *core-frontend-patterns when: never - <<: *if-merge-request changes: *ci-patterns when: never - <<: *if-merge-request changes: *code-backstage-patterns .frontend:rules:jest:minimal:as-if-foss: rules: - !reference [".strict-ee-only-rules", rules] - <<: *if-security-merge-request changes: *code-backstage-patterns when: never - <<: *if-merge-request-labels-as-if-foss when: never - <<: *if-merge-request-labels-run-all-jest when: never - <<: *if-merge-request-labels-run-all-rspec when: never - <<: *if-merge-request changes: *startup-css-patterns when: never - <<: *if-merge-request changes: *ci-patterns when: never - <<: *if-fork-merge-request when: never - <<: *if-merge-request changes: *core-frontend-patterns - <<: *if-merge-request changes: *code-backstage-patterns .frontend:rules:eslint-as-if-foss: rules: - !reference [".strict-ee-only-rules", rules] - <<: *if-merge-request-labels-as-if-foss - <<: *if-merge-request changes: *frontend-patterns-for-as-if-foss .frontend:rules:ee-mr-and-default-branch-only: rules: - <<: *if-not-ee when: never - <<: *if-merge-request changes: *code-backstage-patterns when: always - <<: *if-default-branch-refs changes: *code-backstage-patterns .frontend:rules:qa-frontend-node: rules: - <<: *if-default-branch-refs changes: *frontend-dependency-patterns - <<: *if-merge-request changes: *frontend-dependency-patterns .frontend:rules:qa-frontend-node-latest: rules: - <<: *if-default-branch-refs changes: *frontend-dependency-patterns allow_failure: true - <<: *if-merge-request changes: *frontend-dependency-patterns allow_failure: true .frontend:rules:bundle-size-review: rules: - <<: *if-not-canonical-namespace when: never - if: '$DANGER_GITLAB_API_TOKEN && $CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH' changes: *frontend-build-patterns allow_failure: true ################ # Memory rules # ################ .memory:rules: rules: - <<: *if-default-refs changes: *code-patterns ############### # Pages rules # ############### .pages:rules: rules: - <<: *if-dot-com-ee-schedule-maintenance ############ # QA rules # ############ .qa:rules:internal: rules: - <<: *if-default-refs changes: *qa-patterns .qa:rules:ee-and-foss: rules: - <<: *if-default-refs changes: *code-qa-patterns .qa:rules:as-if-foss: rules: - !reference [".strict-ee-only-rules", rules] - <<: *if-security-merge-request changes: *code-qa-patterns - <<: *if-merge-request-labels-as-if-foss - <<: *if-merge-request-labels-run-all-rspec - <<: *if-merge-request changes: *ci-patterns .qa:rules:internal-as-if-foss: rules: - !reference [".strict-ee-only-rules", rules] - <<: *if-default-refs changes: *qa-patterns .qa:rules:determine-qa-tests: rules: - <<: *if-not-ee when: never - <<: *if-merge-request-targeting-stable-branch allow_failure: true - <<: *if-dot-com-gitlab-org-and-security-merge-request changes: *code-backstage-qa-patterns allow_failure: true - <<: *if-dot-com-gitlab-org-schedule allow_failure: true - <<: *if-force-ci allow_failure: true .qa:rules:package-and-qa: rules: - <<: *if-fork-merge-request when: never - <<: *if-not-ee when: never - <<: *if-merge-request-labels-pipeline-revert when: never - <<: *if-merge-request-targeting-stable-branch allow_failure: true - <<: *if-dot-com-gitlab-org-and-security-merge-request changes: *nodejs-patterns allow_failure: true - <<: *if-dot-com-gitlab-org-and-security-merge-request changes: *ci-qa-patterns allow_failure: true - <<: *if-dot-com-gitlab-org-and-security-merge-request changes: *qa-patterns allow_failure: true - <<: *if-dot-com-gitlab-org-and-security-merge-request-and-qa-tests-specified changes: *code-patterns allow_failure: true - <<: *if-dot-com-gitlab-org-and-security-merge-request changes: *code-patterns when: manual allow_failure: true - <<: *if-dot-com-gitlab-org-schedule allow_failure: true - <<: *if-force-ci when: manual allow_failure: true .qa:rules:package-and-qa:feature-flags: rules: - <<: *if-not-ee when: never - <<: *if-merge-request-labels-pipeline-revert when: never - <<: *if-dot-com-gitlab-org-and-security-merge-request-manual-ff-package-and-qa changes: *feature-flag-development-config-patterns when: manual allow_failure: true - <<: *if-dot-com-gitlab-org-and-security-merge-request changes: *feature-flag-development-config-patterns allow_failure: true ############### # Rails rules # ############### .rails:rules:build-components: rules: - <<: *if-dot-com-ee-schedule - <<: *if-dot-com-gitlab-org-default-branch changes: - "workhorse/**/*" - <<: *if-dot-com-gitlab-org-merge-request when: manual allow_failure: true .rails:rules:setup-test-env: rules: - changes: *setup-test-env-patterns - <<: *if-merge-request-labels-run-all-rspec .rails:rules:single-db: rules: - <<: *if-merge-request-labels-run-single-db - <<: *if-merge-request changes: *db-patterns - <<: *if-default-branch-schedule-nightly .rails:rules:praefect-with-db: rules: - if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-praefect-with-db/' allow_failure: true .rails:rules:ee-and-foss-migration: rules: - <<: *if-fork-merge-request when: never - <<: *if-merge-request-labels-run-all-rspec - <<: *if-merge-request changes: *core-backend-patterns - <<: *if-merge-request changes: *ci-patterns # When DB schema changes, many migrations spec may be affected. However, the test mapping from Crystalball does not map db change to a specific migration spec well. # See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68840. - <<: *if-merge-request changes: *db-patterns - <<: *if-automated-merge-request changes: *db-patterns - <<: *if-security-merge-request changes: *db-patterns - <<: *if-merge-request-not-approved when: never - changes: *db-patterns .rails:rules:ee-and-foss-migration:minimal: rules: - <<: *if-fork-merge-request changes: *db-patterns - !reference [".rails:rules:minimal-default-rules", rules] - !reference [".rails:rules:unit-integration:minimal-default-rules", rules] # When DB schema changes, many migrations spec may be affected. However, the test mapping from Crystalball does not map db change to a specific migration spec well. # See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68840. - <<: *if-merge-request changes: *db-patterns when: never .rails:rules:ee-and-foss-mr-with-migration: rules: - <<: *if-merge-request changes: *db-patterns - <<: *if-merge-request-labels-run-all-rspec .rails:rules:db:gitlabcom-database-testing: rules: - if: '$GITLABCOM_DATABASE_TESTING_TRIGGER_TOKEN == null' when: never - <<: *if-merge-request changes: *db-patterns when: manual .rails:rules:ee-and-foss-unit: rules: - <<: *if-fork-merge-request when: never - !reference [".rails:rules:ee-and-foss-default-rules", rules] - changes: *backend-patterns .rails:rules:ee-and-foss-unit:minimal: rules: - <<: *if-fork-merge-request changes: *backend-patterns - !reference [".rails:rules:minimal-default-rules", rules] - !reference [".rails:rules:unit-integration:minimal-default-rules", rules] - <<: *if-merge-request changes: *backend-patterns .rails:rules:ee-and-foss-integration: rules: - <<: *if-fork-merge-request when: never - !reference [".rails:rules:ee-and-foss-default-rules", rules] - changes: *backend-patterns .rails:rules:ee-and-foss-integration:minimal: rules: - <<: *if-fork-merge-request changes: *backend-patterns - !reference [".rails:rules:minimal-default-rules", rules] - !reference [".rails:rules:unit-integration:minimal-default-rules", rules] - <<: *if-merge-request changes: *backend-patterns .rails:rules:ee-and-foss-system: rules: - <<: *if-fork-merge-request when: never - !reference [".rails:rules:system-default-rules", rules] - changes: *code-backstage-patterns .rails:rules:ee-and-foss-system:minimal: rules: - <<: *if-fork-merge-request changes: *code-backstage-patterns - !reference [".rails:rules:minimal-default-rules", rules] - !reference [".rails:rules:system:minimal-default-rules", rules] .rails:rules:ee-and-foss-fast_spec_helper: rules: - <<: *if-merge-request-labels-run-all-rspec - <<: *if-merge-request changes: *backend-patterns - changes: *core-backend-patterns .rails:rules:code-backstage-qa: rules: - changes: *code-backstage-qa-patterns - <<: *if-merge-request-labels-run-all-rspec .rails:rules:ee-only-migration: rules: - <<: *if-not-ee when: never - <<: *if-merge-request-labels-run-all-rspec - <<: *if-merge-request changes: *core-backend-patterns - <<: *if-merge-request changes: *ci-patterns # When DB schema changes, many migrations spec may be affected. However, the test mapping from Crystalball does not map db change to a specific migration spec well. # See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68840. - <<: *if-merge-request changes: *db-patterns - <<: *if-automated-merge-request changes: *db-patterns - <<: *if-security-merge-request changes: *db-patterns - <<: *if-merge-request-not-approved when: never - changes: *db-patterns .rails:rules:ee-only-migration:minimal: rules: - <<: *if-not-ee when: never - !reference [".rails:rules:minimal-default-rules", rules] - !reference [".rails:rules:unit-integration:minimal-default-rules", rules] # When DB schema changes, many migrations spec may be affected. However, the test mapping from Crystalball does not map db change to a specific migration spec well. # See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68840. - <<: *if-merge-request changes: *db-patterns when: never .rails:rules:ee-only-unit: rules: - <<: *if-not-ee when: never - <<: *if-fork-merge-request when: never - !reference [".rails:rules:ee-and-foss-default-rules", rules] - changes: *backend-patterns .rails:rules:ee-only-unit:minimal: rules: - <<: *if-not-ee when: never - <<: *if-fork-merge-request changes: *backend-patterns - !reference [".rails:rules:minimal-default-rules", rules] - !reference [".rails:rules:unit-integration:minimal-default-rules", rules] - <<: *if-merge-request changes: *backend-patterns .rails:rules:ee-only-integration: rules: - <<: *if-not-ee when: never - <<: *if-fork-merge-request when: never - !reference [".rails:rules:ee-and-foss-default-rules", rules] - changes: *backend-patterns .rails:rules:ee-only-integration:minimal: rules: - <<: *if-not-ee when: never - <<: *if-fork-merge-request changes: *backend-patterns - !reference [".rails:rules:minimal-default-rules", rules] - !reference [".rails:rules:unit-integration:minimal-default-rules", rules] - <<: *if-merge-request changes: *backend-patterns .rails:rules:ee-only-system: rules: - <<: *if-not-ee when: never - <<: *if-fork-merge-request when: never - !reference [".rails:rules:system-default-rules", rules] - changes: *code-backstage-patterns .rails:rules:ee-only-system:minimal: rules: - <<: *if-not-ee when: never - <<: *if-fork-merge-request changes: *code-backstage-patterns - !reference [".rails:rules:minimal-default-rules", rules] - !reference [".rails:rules:system:minimal-default-rules", rules] .rails:rules:as-if-foss-migration: rules: - <<: *if-not-ee when: never - <<: *if-merge-request-labels-run-all-rspec - <<: *if-merge-request changes: *core-backend-patterns - <<: *if-merge-request changes: *ci-patterns # When DB schema changes, many migrations spec may be affected. However, the test mapping from Crystalball does not map db change to a specific migration spec well. # See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68840. - <<: *if-merge-request-labels-as-if-foss changes: *db-patterns - <<: *if-automated-merge-request changes: *db-patterns - <<: *if-security-merge-request changes: *db-patterns - <<: *if-merge-request-not-approved when: never .rails:rules:as-if-foss-migration:minimal: rules: - <<: *if-not-ee when: never - !reference [".rails:rules:minimal-default-rules", rules] - !reference [".rails:rules:as-if-foss-migration-unit-integration:minimal-default-rules", rules] # When DB schema changes, many migrations spec may be affected. However, the test mapping from Crystalball does not map db change to a specific migration spec well. # See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68840. - <<: *if-merge-request-labels-as-if-foss changes: *db-patterns when: never .rails:rules:as-if-foss-unit: rules: - <<: *if-not-ee when: never - <<: *if-fork-merge-request when: never - !reference [".rails:rules:ee-and-foss-default-rules", rules] - <<: *if-merge-request-labels-as-if-foss changes: *backend-patterns .rails:rules:as-if-foss-unit:minimal: rules: - <<: *if-not-ee when: never - <<: *if-fork-merge-request when: never - !reference [".rails:rules:minimal-default-rules", rules] - !reference [".rails:rules:as-if-foss-migration-unit-integration:minimal-default-rules", rules] - <<: *if-merge-request-labels-as-if-foss changes: *backend-patterns .rails:rules:as-if-foss-integration: rules: - <<: *if-not-ee when: never - <<: *if-fork-merge-request when: never - !reference [".rails:rules:ee-and-foss-default-rules", rules] - <<: *if-merge-request-labels-as-if-foss changes: *backend-patterns .rails:rules:as-if-foss-integration:minimal: rules: - <<: *if-not-ee when: never - <<: *if-fork-merge-request when: never - !reference [".rails:rules:minimal-default-rules", rules] - !reference [".rails:rules:as-if-foss-migration-unit-integration:minimal-default-rules", rules] - <<: *if-merge-request-labels-as-if-foss changes: *backend-patterns .rails:rules:as-if-foss-system: rules: - <<: *if-not-ee when: never - <<: *if-fork-merge-request when: never - !reference [".rails:rules:system-default-rules", rules] - <<: *if-merge-request-labels-as-if-foss changes: *code-backstage-patterns .rails:rules:as-if-foss-system:minimal: rules: - <<: *if-not-ee when: never - <<: *if-fork-merge-request when: never - !reference [".rails:rules:minimal-default-rules", rules] - <<: *if-merge-request changes: *core-backend-patterns when: never - <<: *if-merge-request changes: *workhorse-patterns when: never - <<: *if-merge-request changes: *ci-patterns when: never - <<: *if-merge-request-labels-as-if-foss changes: *code-backstage-patterns .rails:rules:ee-and-foss-db-library-code: rules: - changes: *db-library-patterns - <<: *if-merge-request-labels-run-all-rspec .rails:rules:ee-mr-and-default-branch-only: rules: - <<: *if-not-ee when: never - <<: *if-merge-request-labels-run-all-rspec - <<: *if-merge-request changes: *code-backstage-patterns - <<: *if-default-branch-refs changes: *code-backstage-patterns .rails:rules:detect-tests: rules: - <<: *if-merge-request-labels-run-all-rspec - changes: *code-backstage-qa-patterns - changes: *workhorse-patterns .rails:rules:detect-previous-failed-tests: rules: - !reference [".rails:rules:previous-failed-tests-default-rules", rules] .rails:rules:rerun-previous-failed-tests: rules: - !reference [".rails:rules:previous-failed-tests-default-rules", rules] .rails:rules:rspec-foss-impact: rules: - <<: *if-not-ee when: never - <<: *if-merge-request-labels-as-if-foss when: never - <<: *if-security-merge-request changes: *code-backstage-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *code-backstage-patterns .rails:rules:rspec fail-fast: rules: - <<: *if-not-ee when: never - <<: *if-security-merge-request changes: *code-backstage-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *code-backstage-patterns .rails:rules:fail-pipeline-early: rules: - <<: *if-not-ee when: never - <<: *if-security-merge-request changes: *code-backstage-patterns when: on_failure - <<: *if-dot-com-gitlab-org-merge-request changes: *code-backstage-patterns when: on_failure .rails:rules:deprecations: rules: - <<: *if-not-ee when: never - <<: *if-default-branch-schedule-nightly - <<: *if-merge-request-labels-run-all-rspec .rails:rules:rspec-coverage: rules: - <<: *if-not-ee when: never - <<: *if-merge-request changes: *code-backstage-patterns when: always - <<: *if-default-branch-schedule-maintenance - <<: *if-merge-request-labels-run-all-rspec when: always .rails:rules:rspec-undercoverage: rules: - <<: *if-not-ee when: never - <<: *if-merge-request-labels-pipeline-revert when: never - <<: *if-merge-request-labels-skip-undercoverage when: never - <<: *if-merge-request-labels-run-all-rspec - <<: *if-merge-request changes: *backend-patterns .rails:rules:default-branch-schedule-nightly--code-backstage-default-rules: rules: - <<: *if-default-branch-schedule-nightly - <<: *if-merge-request changes: [".gitlab/ci/rails.gitlab-ci.yml"] .rails:rules:default-branch-schedule-nightly--code-backstage: rules: - !reference [".rails:rules:default-branch-schedule-nightly--code-backstage-default-rules", rules] .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only: rules: - <<: *if-not-ee when: never - !reference [".rails:rules:default-branch-schedule-nightly--code-backstage-default-rules", rules] .rails:rules:rspec-feature-flags: rules: - <<: *if-not-ee when: never - changes: *code-backstage-patterns .rails:rules:flaky-tests-report: rules: - <<: *if-not-ee when: never - if: '$SKIP_FLAKY_TESTS_AUTOMATICALLY == "true" || $RETRY_FAILED_TESTS_IN_NEW_PROCESS == "true"' changes: *code-backstage-patterns when: always - if: '$SKIP_FLAKY_TESTS_AUTOMATICALLY == "true" || $RETRY_FAILED_TESTS_IN_NEW_PROCESS == "true"' changes: *ci-patterns when: always ######################### # Static analysis rules # ######################### .static-analysis:rules:static-analysis: rules: - changes: *code-backstage-qa-patterns - changes: *static-analysis-patterns .static-analysis:rules:static-verification-with-database: rules: - changes: *code-backstage-qa-patterns .static-analysis:rules:rubocop: rules: - changes: *rubocop-patterns variables: RUN_ALL_RUBOCOP: "true" - changes: *code-backstage-qa-patterns .static-analysis:rules:qa:metadata-lint: rules: - changes: *qa-patterns - changes: [".gitlab/ci/static-analysis.gitlab-ci.yml"] .static-analysis:rules:haml-lint: rules: - changes: *rubocop-patterns - changes: *static-analysis-patterns - changes: *code-backstage-qa-patterns .static-analysis:rules:haml-lint-ee: rules: - <<: *if-not-ee when: never - changes: *rubocop-patterns - changes: *static-analysis-patterns - changes: *code-backstage-qa-patterns .static-analysis:rules:static-analysis-as-if-foss: rules: - <<: *if-not-ee when: never - <<: *if-merge-request-labels-as-if-foss changes: *code-backstage-qa-patterns - <<: *if-security-merge-request changes: *code-backstage-qa-patterns - <<: *if-merge-request changes: [".gitlab/ci/static-analysis.gitlab-ci.yml"] - <<: *if-merge-request changes: *static-analysis-patterns ####################### # Vendored gems rules # ####################### .vendor:rules:mail-smtp_pool: rules: - <<: *if-merge-request changes: ["vendor/gems/mail-smtp_pool/**/*"] - <<: *if-merge-request-labels-run-all-rspec .vendor:rules:ipynbdiff: rules: - <<: *if-merge-request changes: ["vendor/gems/ipynbdiff/**/*"] - <<: *if-merge-request-labels-run-all-rspec .vendor:rules:omniauth-azure-oauth2: rules: - <<: *if-merge-request changes: ["vendor/gems/omniauth-azure-oauth2/**/*"] - <<: *if-merge-request-labels-run-all-rspec .vendor:rules:omniauth-cas3: rules: - <<: *if-merge-request changes: ["vendor/gems/omniauth-cas3/**/*"] - <<: *if-merge-request-labels-run-all-rspec .vendor:rules:omniauth_crowd: rules: - <<: *if-merge-request changes: ["vendor/gems/omniauth_crowd/**/*"] - <<: *if-merge-request-labels-run-all-rspec .vendor:rules:omniauth-gitlab: rules: - <<: *if-merge-request changes: ["vendor/gems/omniauth-gitlab/**/*"] - <<: *if-merge-request-labels-run-all-rspec .vendor:rules:omniauth-salesforce: rules: - <<: *if-merge-request changes: ["vendor/gems/omniauth-salesforce/**/*"] - <<: *if-merge-request-labels-run-all-rspec .vendor:rules:devise-pbkdf2-encryptable: rules: - <<: *if-merge-request changes: ["vendor/gems/devise-pbkdf2-encryptable/**/*"] - <<: *if-merge-request-labels-run-all-rspec ################## # Releases rules # ################## .releases:rules:canonical-dot-com-gitlab-stable-branch-only: rules: - if: '$CI_COMMIT_MESSAGE =~ /\[merge-train skip\]/' when: never - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable-ee$/' .releases:rules:canonical-dot-com-security-gitlab-stable-branch-only: rules: - if: '$CI_COMMIT_MESSAGE =~ /\[merge-train skip\]/' when: never - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/security/gitlab" && $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable-ee$/' ################# # Reports rules # ################# .reports:rules:code_quality: rules: - if: '$CODE_QUALITY_DISABLED' when: never - <<: *if-default-refs changes: *code-backstage-patterns .reports:rules:brakeman-sast: rules: - if: $SAST_DISABLED when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /brakeman/ when: never - changes: - '**/*.rb' - '**/Gemfile' .reports:rules:gosec-sast: rules: - if: $SAST_DISABLED when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /gosec/ when: never - changes: - '**/*.go' .reports:rules:semgrep-sast: rules: - if: $SAST_DISABLED when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /semgrep/ when: never - changes: - '**/*.py' - '**/*.js' - '**/*.jsx' - '**/*.ts' - '**/*.tsx' - '**/*.c' - '**/*.go' - '**/*.rb' .reports:rules:secret_detection: rules: - if: '$SECRET_DETECTION_DISABLED' when: never # Scan each commit on master to feed the Vulnerability Reports with detected secrets - <<: *if-default-branch-refs - changes: *code-backstage-qa-patterns .reports:rules:gemnasium-dependency_scanning: rules: - if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/ || $DS_EXCLUDED_ANALYZERS =~ /gemnasium([^-]|$)/' when: never # Run Dependency Scanning on master until https://gitlab.com/gitlab-org/gitlab/-/issues/361657 is resolved - <<: *if-default-branch-refs - changes: *dependency-patterns .reports:rules:gemnasium-python-dependency_scanning: rules: - if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/ || $DS_EXCLUDED_ANALYZERS =~ /gemnasium-python/' when: never # Run Dependency Scanning on master until https://gitlab.com/gitlab-org/gitlab/-/issues/361657 is resolved - <<: *if-default-branch-refs - changes: *python-patterns .reports:rules:yarn-audit-dependency_scanning: rules: - if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/' when: never # Run Dependency Scanning on master until https://gitlab.com/gitlab-org/gitlab/-/issues/361657 is resolved - <<: *if-default-branch-refs - changes: *nodejs-patterns .reports:rules:schedule-dast: rules: - if: '$DAST_DISABLED || $GITLAB_FEATURES !~ /\bdast\b/' when: never - <<: *if-dot-com-ee-schedule-nightly-child-pipeline .reports:rules:package_hunter-yarn: rules: - if: "$PACKAGE_HUNTER_USER == null || $PACKAGE_HUNTER_USER == ''" when: never - <<: *if-default-branch-schedule-maintenance - <<: *if-merge-request changes: ["yarn.lock"] .reports:rules:package_hunter-bundler: rules: - if: "$PACKAGE_HUNTER_USER == null || $PACKAGE_HUNTER_USER == ''" when: never - <<: *if-default-branch-schedule-maintenance - <<: *if-merge-request changes: ["Gemfile.lock"] .reports:rules:license_scanning: rules: - if: '$LICENSE_MANAGEMENT_DISABLED || $GITLAB_FEATURES !~ /\blicense_scanning\b/' when: never - changes: *code-backstage-qa-patterns ################ # Review rules # ################ .review:rules:start-review-app-pipeline: rules: - <<: *if-not-ee when: never - <<: *if-merge-request-labels-pipeline-revert when: never - <<: *if-merge-request-labels-run-review-app - <<: *if-dot-com-gitlab-org-merge-request changes: *ci-review-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *frontend-build-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *controllers-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *models-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *lib-gitlab-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *qa-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *code-patterns when: manual allow_failure: true - <<: *if-dot-com-gitlab-org-schedule allow_failure: true variables: KNAPSACK_GENERATE_REPORT: "true" .review:rules:review-build-cng: rules: - when: always .review:rules:review-deploy: rules: - when: on_success .review:rules:review-performance: rules: - if: '$DAST_RUN == "true"' # Skip this job when DAST is run when: never - <<: *if-merge-request-labels-run-review-app # we explicitely don't allow the job to fail in that case - <<: *if-dot-com-gitlab-org-merge-request # we explicitely don't allow the job to fail in that case changes: *ci-review-patterns - when: on_success allow_failure: true .review:rules:review-delete-deployment: rules: - when: on_success .review:rules:review-qa-smoke: rules: - when: on_success # If the needed job isn't allowed to fail, we need to use `when: always` in # order to keep the job always running after it. # # If the needed job is allowed to fail, we need to use both # `when: on_success` and `when: on_failure` in order to keep # the job always running after it. # Not that if the needed job has `when: on_success` we can use `when: always` # for the depending job. # # See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/76756 .review:rules:review-qa-reliable: rules: - when: on_success # Since `review-qa-reliable` isn't allowed to fail, we need to use `when: always`for `review-qa-reliable-report`. .review:rules:review-qa-blocking-report: rules: - when: always .review:rules:review-qa-all: rules: - <<: *if-dot-com-gitlab-org-merge-request changes: *code-patterns when: manual allow_failure: true # manual jobs needs to be allowed to fail, otherwise they block the pipeline - when: on_success allow_failure: true # Since `review-qa-all` is allowed to fail (and potentially manual), we need to use `when: on_success` and `when: on_failure` for `review-qa-all-report`. .review:rules:review-qa-all-report: rules: - when: on_success - when: on_failure .review:rules:review-qa-cleanup: rules: - when: always .review:rules:review-cleanup: rules: - <<: *if-not-ee when: never - <<: *if-dot-com-gitlab-org-merge-request when: manual allow_failure: true - <<: *if-dot-com-gitlab-org-schedule allow_failure: true .review:rules:review-stop: rules: - when: manual allow_failure: true .review:rules:danger: rules: - <<: *if-merge-request .review:rules:danger-local: rules: - <<: *if-merge-request changes: *danger-patterns .review:rules:reviewers-recommender: rules: - <<: *if-not-canonical-namespace when: never - <<: *if-merge-request-labels-community-contribution when: never - <<: *if-merge-request ############### # Setup rules # ############### .setup:rules:cache-gems: rules: - <<: *if-not-canonical-namespace when: never - <<: *if-default-branch-or-tag changes: *code-backstage-qa-patterns .setup:rules:dont-interrupt-me: rules: - <<: *if-default-branch-or-tag allow_failure: true - <<: *if-auto-deploy-branches allow_failure: true - when: manual allow_failure: true .setup:rules:gitlab_git_test: rules: - <<: *if-default-refs changes: *code-backstage-patterns .setup:rules:no-ee-check: rules: - <<: *if-not-foss when: never - <<: *if-default-refs changes: *code-backstage-patterns .setup:rules:no-jh-check: rules: - <<: *if-jh when: never - <<: *if-default-refs changes: *code-backstage-patterns .setup:rules:verify-ruby-2.7: rules: - <<: *if-merge-request-labels-run-in-ruby3 .setup:rules:verify-tests-yml: rules: - <<: *if-not-ee when: never - <<: *if-default-refs changes: *code-backstage-patterns .setup:rules:jh-contribution: rules: - <<: *if-jh when: never - <<: *if-merge-request-labels-jh-contribution .setup:rules:generate-frontend-fixtures-mapping: rules: - <<: *if-not-ee when: never - <<: *if-dot-com-ee-schedule-maintenance - changes: - ".gitlab/ci/setup.gitlab-ci.yml" - ".gitlab/ci/test-metadata.gitlab-ci.yml" - "scripts/rspec_helpers.sh" ####################### # Test metadata rules # ####################### .test-metadata:rules:retrieve-tests-metadata: rules: - changes: *code-backstage-patterns - changes: *workhorse-patterns - <<: *if-merge-request-labels-run-all-rspec .test-metadata:rules:update-tests-metadata: rules: - <<: *if-not-ee when: never - <<: *if-dot-com-ee-schedule-maintenance - changes: - ".gitlab/ci/test-metadata.gitlab-ci.yml" - "scripts/rspec_helpers.sh" ################### # workhorse rules # ################### .workhorse:rules:workhorse: rules: - changes: *workhorse-patterns ################### # yaml-lint rules # ################### .yaml-lint:rules: rules: - <<: *if-default-refs changes: *yaml-lint-patterns .lint-pipeline-yaml:rules: rules: - <<: *if-default-refs changes: *lint-pipeline-yaml-patterns .lint-metrics-yaml:rules: rules: - <<: *if-default-refs changes: *lint-metrics-yaml-patterns