# frozen_string_literal: true class Environment < ApplicationRecord include Gitlab::Utils::StrongMemoize include ReactiveCaching include FastDestroyAll::Helpers include Presentable include NullifyIfBlank self.reactive_cache_refresh_interval = 1.minute self.reactive_cache_lifetime = 55.seconds self.reactive_cache_hard_limit = 10.megabytes self.reactive_cache_work_type = :external_dependency belongs_to :project, optional: false use_fast_destroy :all_deployments nullify_if_blank :external_url has_many :all_deployments, class_name: 'Deployment' has_many :deployments, -> { visible } has_many :successful_deployments, -> { success }, class_name: 'Deployment' has_many :active_deployments, -> { active }, class_name: 'Deployment' has_many :prometheus_alerts, inverse_of: :environment has_many :metrics_dashboard_annotations, class_name: 'Metrics::Dashboard::Annotation', inverse_of: :environment has_many :self_managed_prometheus_alert_events, inverse_of: :environment has_many :alert_management_alerts, class_name: 'AlertManagement::Alert', inverse_of: :environment # NOTE: If you preload multiple last deployments of environments, use Preloaders::Environments::DeploymentPreloader. has_one :last_deployment, -> { success.ordered }, class_name: 'Deployment', inverse_of: :environment has_one :last_visible_deployment, -> { visible.order(id: :desc) }, inverse_of: :environment, class_name: 'Deployment' has_one :upcoming_deployment, -> { upcoming.order(id: :desc) }, class_name: 'Deployment', inverse_of: :environment has_one :latest_opened_most_severe_alert, -> { order_severity_with_open_prometheus_alert }, class_name: 'AlertManagement::Alert', inverse_of: :environment before_validation :generate_slug, if: ->(env) { env.slug.blank? } before_save :set_environment_type before_save :ensure_environment_tier after_save :clear_reactive_cache! validates :name, presence: true, uniqueness: { scope: :project_id }, length: { maximum: 255 }, format: { with: Gitlab::Regex.environment_name_regex, message: Gitlab::Regex.environment_name_regex_message } validates :slug, presence: true, uniqueness: { scope: :project_id }, length: { maximum: 24 }, format: { with: Gitlab::Regex.environment_slug_regex, message: Gitlab::Regex.environment_slug_regex_message } validates :external_url, length: { maximum: 255 }, allow_nil: true validate :safe_external_url delegate :manual_actions, :other_manual_actions, to: :last_deployment, allow_nil: true delegate :auto_rollback_enabled?, to: :project scope :available, -> { with_state(:available) } scope :stopped, -> { with_state(:stopped) } scope :order_by_last_deployed_at, -> do order(Arel::Nodes::Grouping.new(max_deployment_id_query).asc.nulls_first) end scope :order_by_last_deployed_at_desc, -> do order(Arel::Nodes::Grouping.new(max_deployment_id_query).desc.nulls_last) end scope :order_by_name, -> { order('environments.name ASC') } scope :in_review_folder, -> { where(environment_type: "review") } scope :for_name, -> (name) { where(name: name) } scope :preload_cluster, -> { preload(last_deployment: :cluster) } scope :preload_project, -> { preload(:project) } scope :auto_stoppable, -> (limit) { available.where('auto_stop_at < ?', Time.zone.now).limit(limit) } scope :auto_deletable, -> (limit) { stopped.where('auto_delete_at < ?', Time.zone.now).limit(limit) } ## # Search environments which have names like the given query. # Do not set a large limit unless you've confirmed that it works on gitlab.com scale. scope :for_name_like, -> (query, limit: 5) do where(arel_table[:name].matches("#{sanitize_sql_like query}%")).limit(limit) end scope :for_project, -> (project) { where(project_id: project) } scope :for_tier, -> (tier) { where(tier: tier).where.not(tier: nil) } scope :for_type, -> (type) { where(environment_type: type) } scope :unfoldered, -> { where(environment_type: nil) } scope :with_rank, -> do select('environments.*, rank() OVER (PARTITION BY project_id ORDER BY id DESC)') end scope :for_id, -> (id) { where(id: id) } scope :with_deployment, -> (sha, status: nil) do deployments = Deployment.select(1).where('deployments.environment_id = environments.id').where(sha: sha) deployments = deployments.where(status: status) if status where('EXISTS (?)', deployments) end scope :stopped_review_apps, -> (before, limit) do stopped .in_review_folder .where("created_at < ?", before) .order("created_at ASC") .limit(limit) end scope :scheduled_for_deletion, -> do where.not(auto_delete_at: nil) end scope :not_scheduled_for_deletion, -> do where(auto_delete_at: nil) end enum tier: { production: 0, staging: 1, testing: 2, development: 3, other: 4 } state_machine :state, initial: :available do event :start do transition stopped: :available end event :stop do transition available: :stopping, if: :wait_for_stop? transition available: :stopped, unless: :wait_for_stop? end event :stop_complete do transition %i(available stopping) => :stopped end state :available state :stopping state :stopped before_transition any => :stopped do |environment| environment.auto_stop_at = nil end after_transition do |environment| environment.expire_etag_cache end end def self.for_id_and_slug(id, slug) find_by(id: id, slug: slug) end def self.max_deployment_id_query Arel.sql( Deployment.select(Deployment.arel_table[:id].maximum) .where(Deployment.arel_table[:environment_id].eq(arel_table[:id])).to_sql ) end def self.pluck_names pluck(:name) end def self.pluck_unique_names pluck('DISTINCT(environments.name)') end def self.find_or_create_by_name(name) find_or_create_by(name: name) end def self.valid_states self.state_machine.states.map(&:name) end def self.schedule_to_delete(at_time = 1.week.from_now) update_all(auto_delete_at: at_time) end class << self def count_by_state environments_count_by_state = group(:state).count valid_states.each_with_object({}) do |state, count_hash| count_hash[state] = environments_count_by_state[state.to_s] || 0 end end end def last_deployable last_deployment&.deployable end def last_deployment_pipeline last_deployable&.pipeline end # This method returns the deployment records of the last deployment pipeline, that successfully executed to this environment. # e.g. # A pipeline contains # - deploy job A => production environment # - deploy job B => production environment # In this case, `last_deployment_group` returns both deployments, whereas `last_deployable` returns only B. def legacy_last_deployment_group return Deployment.none unless last_deployment_pipeline successful_deployments.where( deployable_id: last_deployment_pipeline.latest_builds.pluck(:id)) end def last_visible_deployable last_visible_deployment&.deployable end def last_visible_pipeline last_visible_deployable&.pipeline end def clear_prometheus_reactive_cache!(query_name) cluster_prometheus_adapter&.clear_prometheus_reactive_cache!(query_name, self) end def cluster_prometheus_adapter @cluster_prometheus_adapter ||= ::Gitlab::Prometheus::Adapter.new(project, deployment_platform&.cluster).cluster_prometheus_adapter end def predefined_variables Gitlab::Ci::Variables::Collection.new .append(key: 'CI_ENVIRONMENT_NAME', value: name) .append(key: 'CI_ENVIRONMENT_SLUG', value: slug) end def recently_updated_on_branch?(ref) ref.to_s == last_deployment.try(:ref) end def set_environment_type names = name.split('/') self.environment_type = names.many? ? names.first : nil end def includes_commit?(sha) return false unless last_deployment last_deployment.includes_commit?(sha) end def last_deployed_at last_deployment.try(:created_at) end def ref_path "refs/#{Repository::REF_ENVIRONMENTS}/#{slug}" end def formatted_external_url return unless external_url external_url.gsub(%r{\A.*?://}, '') end def stop_actions_available? available? && stop_actions.present? end def cancel_deployment_jobs! active_deployments.builds.each do |build| Gitlab::OptimisticLocking.retry_lock(build, name: 'environment_cancel_deployment_jobs') do |build| build.cancel! if build&.cancelable? end rescue StandardError => e Gitlab::ErrorTracking.track_exception(e, environment_id: id, deployment_id: deployment.id) end end def wait_for_stop? stop_actions.present? end def stop_with_actions!(current_user) return unless available? stop! actions = [] stop_actions.each do |stop_action| Gitlab::OptimisticLocking.retry_lock( stop_action, name: 'environment_stop_with_actions' ) do |build| actions << build.play(current_user) end end actions end def stop_actions strong_memoize(:stop_actions) do last_deployment_group.map(&:stop_action).compact end end def last_deployment_group Deployment.last_deployment_group_for_environment(self) end def reset_auto_stop update_column(:auto_stop_at, nil) end def actions_for(environment) return [] unless other_manual_actions other_manual_actions.select do |action| action.expanded_environment_name == environment end end def has_terminals? available? && deployment_platform.present? && last_deployment.present? end def terminals with_reactive_cache do |data| deployment_platform.terminals(self, data) end end def calculate_reactive_cache return unless has_terminals? && !project.pending_delete? deployment_platform.calculate_reactive_cache_for(self) end def deployment_namespace strong_memoize(:kubernetes_namespace) do deployment_platform.cluster.kubernetes_namespace_for(self) if deployment_platform end end def has_metrics? available? && (prometheus_adapter&.configured? || has_sample_metrics?) end def has_sample_metrics? !!ENV['USE_SAMPLE_METRICS'] end def has_opened_alert? latest_opened_most_severe_alert.present? end def has_running_deployments? all_deployments.running.exists? end def metrics prometheus_adapter.query(:environment, self) if has_metrics_and_can_query? end def additional_metrics(*args) return unless has_metrics_and_can_query? prometheus_adapter.query(:additional_metrics_environment, self, *args.map(&:to_f)) end def prometheus_adapter @prometheus_adapter ||= Gitlab::Prometheus::Adapter.new(project, deployment_platform&.cluster).prometheus_adapter end def slug super.presence || generate_slug end def external_url_for(path, commit_sha) return unless self.external_url public_path = project.public_path_for_source_path(path, commit_sha) return unless public_path [external_url.delete_suffix('/'), public_path.delete_prefix('/')].join('/') end def expire_etag_cache Gitlab::EtagCaching::Store.new.tap do |store| store.touch(etag_cache_key) end end def etag_cache_key Gitlab::Routing.url_helpers.project_environments_path( project, format: :json) end def folder_name self.environment_type || self.name end def name_without_type @name_without_type ||= name.delete_prefix("#{environment_type}/") end def deployment_platform strong_memoize(:deployment_platform) do project.deployment_platform(environment: self.name) end end def knative_services_finder if last_deployment&.cluster Clusters::KnativeServicesFinder.new(last_deployment.cluster, self) end end def auto_stop_in auto_stop_at - Time.current if auto_stop_at end def auto_stop_in=(value) return unless value parser = ::Gitlab::Ci::Build::DurationParser.new(value) return if parser.seconds_from_now.nil? self.auto_stop_at = parser.seconds_from_now end def rollout_status return unless rollout_status_available? result = rollout_status_with_reactive_cache result || ::Gitlab::Kubernetes::RolloutStatus.loading end def ingresses return unless rollout_status_available? deployment_platform.ingresses(deployment_namespace) end def patch_ingress(ingress, data) return unless rollout_status_available? deployment_platform.patch_ingress(deployment_namespace, ingress, data) end def clear_all_caches expire_etag_cache clear_reactive_cache! end def should_link_to_merge_requests? unfoldered? || production? || staging? end def unfoldered? environment_type.nil? end private # We deliberately avoid using AddressableUrlValidator to allow users to update their environments even if they have # misconfigured `environment:url` keyword. The external URL is presented as a clickable link on UI and not consumed # in GitLab internally, thus we sanitize the URL before the persistence to make sure the rendered link is XSS safe. # See https://gitlab.com/gitlab-org/gitlab/-/issues/337417 def safe_external_url return unless self.external_url.present? new_external_url = Addressable::URI.parse(self.external_url) if Gitlab::Utils::SanitizeNodeLink::UNSAFE_PROTOCOLS.include?(new_external_url.normalized_scheme) errors.add(:external_url, "#{new_external_url.normalized_scheme} scheme is not allowed") end rescue Addressable::URI::InvalidURIError errors.add(:external_url, 'URI is invalid') end def rollout_status_available? has_terminals? end def rollout_status_with_reactive_cache with_reactive_cache do |data| deployment_platform.rollout_status(self, data) end end def has_metrics_and_can_query? has_metrics? && prometheus_adapter.can_query? end def generate_slug self.slug = Gitlab::Slug::Environment.new(name).generate end def ensure_environment_tier self.tier ||= guess_tier end # Guessing the tier of the environment if it's not explicitly specified by users. # See https://en.wikipedia.org/wiki/Deployment_environment for industry standard deployment environments def guess_tier case name when /(dev|review|trunk)/i self.class.tiers[:development] when /(test|tst|int|ac(ce|)pt|qa|qc|control|quality)/i self.class.tiers[:testing] when /(st(a|)g|mod(e|)l|pre|demo)/i self.class.tiers[:staging] when /(pr(o|)d|live)/i self.class.tiers[:production] else self.class.tiers[:other] end end end Environment.prepend_mod_with('Environment')