145 lines
4.9 KiB
YAML
145 lines
4.9 KiB
YAML
stages:
|
|
- prepare
|
|
- deploy
|
|
- qa
|
|
- post-qa
|
|
- dast
|
|
|
|
include:
|
|
- local: .gitlab/ci/global.gitlab-ci.yml
|
|
- local: .gitlab/ci/rules.gitlab-ci.yml
|
|
- local: .gitlab/ci/review-apps/qa.gitlab-ci.yml
|
|
- local: .gitlab/ci/review-apps/dast.gitlab-ci.yml
|
|
|
|
.base-before_script: &base-before_script
|
|
- source ./scripts/utils.sh
|
|
- source ./scripts/review_apps/review-apps.sh
|
|
- install_api_client_dependencies_with_apk
|
|
|
|
review-build-cng-env:
|
|
extends:
|
|
- .default-retry
|
|
- .review:rules:review-build-cng
|
|
image: ${GITLAB_DEPENDENCY_PROXY}ruby:3.0-alpine3.13
|
|
stage: prepare
|
|
needs: []
|
|
before_script:
|
|
- source ./scripts/utils.sh
|
|
- install_gitlab_gem
|
|
script:
|
|
- 'ruby -r./scripts/trigger-build.rb -e "puts Trigger.variables_for_env_file(Trigger::CNG.new.variables)" > build.env'
|
|
- cat build.env
|
|
artifacts:
|
|
reports:
|
|
dotenv: build.env
|
|
paths:
|
|
- build.env
|
|
expire_in: 7 days
|
|
when: always
|
|
|
|
review-build-cng:
|
|
extends: .review:rules:review-build-cng
|
|
stage: prepare
|
|
needs: ["review-build-cng-env"]
|
|
inherit:
|
|
variables: false
|
|
variables:
|
|
TOP_UPSTREAM_SOURCE_PROJECT: "${TOP_UPSTREAM_SOURCE_PROJECT}"
|
|
TOP_UPSTREAM_SOURCE_REF: "${TOP_UPSTREAM_SOURCE_REF}"
|
|
TOP_UPSTREAM_SOURCE_JOB: "${TOP_UPSTREAM_SOURCE_JOB}"
|
|
TOP_UPSTREAM_SOURCE_SHA: "${TOP_UPSTREAM_SOURCE_SHA}"
|
|
TOP_UPSTREAM_MERGE_REQUEST_PROJECT_ID: "${TOP_UPSTREAM_MERGE_REQUEST_PROJECT_ID}"
|
|
TOP_UPSTREAM_MERGE_REQUEST_IID: "${TOP_UPSTREAM_MERGE_REQUEST_IID}"
|
|
GITLAB_REF_SLUG: "${GITLAB_REF_SLUG}"
|
|
# CNG pipeline specific variables
|
|
GITLAB_VERSION: "${GITLAB_VERSION}"
|
|
GITLAB_TAG: "${GITLAB_TAG}"
|
|
GITLAB_ASSETS_TAG: "${GITLAB_ASSETS_TAG}"
|
|
FORCE_RAILS_IMAGE_BUILDS: "${FORCE_RAILS_IMAGE_BUILDS}"
|
|
CE_PIPELINE: "${CE_PIPELINE}" # Based on https://docs.gitlab.com/ee/ci/jobs/job_control.html#check-if-a-variable-exists, `if: '$CE_PIPELINE'` will evaluate to `false` when this variable is empty
|
|
EE_PIPELINE: "${EE_PIPELINE}" # Based on https://docs.gitlab.com/ee/ci/jobs/job_control.html#check-if-a-variable-exists, `if: '$EE_PIPELINE'` will evaluate to `false` when this variable is empty
|
|
GITLAB_SHELL_VERSION: "${GITLAB_SHELL_VERSION}"
|
|
GITLAB_ELASTICSEARCH_INDEXER_VERSION: "${GITLAB_ELASTICSEARCH_INDEXER_VERSION}"
|
|
GITLAB_KAS_VERSION: "${GITLAB_KAS_VERSION}"
|
|
GITLAB_WORKHORSE_VERSION: "${GITLAB_WORKHORSE_VERSION}"
|
|
GITLAB_PAGES_VERSION: "${GITLAB_PAGES_VERSION}"
|
|
GITALY_SERVER_VERSION: "${GITALY_SERVER_VERSION}"
|
|
trigger:
|
|
project: gitlab-org/build/CNG-mirror
|
|
branch: $TRIGGER_BRANCH
|
|
strategy: depend
|
|
|
|
.review-workflow-base:
|
|
extends:
|
|
- .default-retry
|
|
image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:gitlab-helm3.5-kubectl1.17
|
|
resource_group: "review/${CI_COMMIT_REF_NAME}"
|
|
variables:
|
|
HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}"
|
|
DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}"
|
|
GITLAB_HELM_CHART_REF: "138c146a5ba787942f66d4c7d795d224d6ba206a"
|
|
environment:
|
|
name: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # No separator for SCHEDULE_TYPE so it's compatible as before and looks nice without it
|
|
url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}
|
|
on_stop: review-stop
|
|
auto_stop_in: 48 hours
|
|
|
|
review-deploy:
|
|
extends:
|
|
- .review-workflow-base
|
|
- .review:rules:review-deploy
|
|
stage: deploy
|
|
needs: ["review-build-cng"]
|
|
before_script:
|
|
- export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION)
|
|
- export GITALY_VERSION=$(<GITALY_SERVER_VERSION)
|
|
- export GITLAB_WORKHORSE_VERSION=$(<GITLAB_WORKHORSE_VERSION)
|
|
- echo "${CI_ENVIRONMENT_URL}" > environment_url.txt
|
|
- *base-before_script
|
|
script:
|
|
- check_kube_domain
|
|
- download_chart
|
|
- date
|
|
- deploy || (display_deployment_debug && exit 1)
|
|
- verify_deploy || exit 1
|
|
- disable_sign_ups || (delete_release && exit 1)
|
|
- create_sample_projects
|
|
after_script:
|
|
# Run seed-dast-test-data.sh only when DAST_RUN is set to true. This is to pupulate review app with data for DAST scan.
|
|
# Set DAST_RUN to true when jobs are manually scheduled.
|
|
- if [ "$DAST_RUN" == "true" ]; then source scripts/review_apps/seed-dast-test-data.sh; TRACE=1 trigger_proj_user_creation; fi
|
|
artifacts:
|
|
paths:
|
|
- environment_url.txt
|
|
expire_in: 7 days
|
|
when: always
|
|
|
|
.review-stop-base:
|
|
extends: .review-workflow-base
|
|
environment:
|
|
action: stop
|
|
dependencies: []
|
|
variables:
|
|
# We're cloning the repo instead of downloading the script for now
|
|
# because some repos are private and CI_JOB_TOKEN cannot access files.
|
|
# See https://gitlab.com/gitlab-org/gitlab/issues/191273
|
|
GIT_DEPTH: 1
|
|
before_script:
|
|
- *base-before_script
|
|
|
|
review-delete-deployment:
|
|
extends:
|
|
- .review-stop-base
|
|
- .review:rules:review-delete-deployment
|
|
stage: prepare
|
|
script:
|
|
- delete_release
|
|
|
|
review-stop:
|
|
extends:
|
|
- .review-stop-base
|
|
- .review:rules:review-stop
|
|
stage: deploy
|
|
needs: []
|
|
script:
|
|
- delete_namespace
|