1455 lines
42 KiB
YAML
1455 lines
42 KiB
YAML
##############
|
|
# Conditions #
|
|
##############
|
|
.if-not-canonical-namespace: &if-not-canonical-namespace
|
|
if: '$CI_PROJECT_NAMESPACE !~ /^gitlab(-org)?($|\/)/'
|
|
|
|
.if-not-ee: &if-not-ee
|
|
if: '$CI_PROJECT_NAME !~ /^gitlab(-ee)?$/'
|
|
|
|
.if-not-foss: &if-not-foss
|
|
if: '$CI_PROJECT_NAME != "gitlab-foss" && $CI_PROJECT_NAME != "gitlab-ce" && $CI_PROJECT_NAME != "gitlabhq"'
|
|
|
|
.if-default-refs: &if-default-refs
|
|
if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH || $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable(-ee)?$/ || $CI_COMMIT_REF_NAME =~ /^\d+-\d+-auto-deploy-\d+$/ || $CI_COMMIT_REF_NAME =~ /^security\// || $CI_MERGE_REQUEST_IID || $CI_COMMIT_TAG || $FORCE_GITLAB_CI'
|
|
|
|
.if-default-branch-refs: &if-default-branch-refs
|
|
if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH'
|
|
|
|
.if-default-branch-push: &if-default-branch-push
|
|
if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "push"'
|
|
|
|
.if-default-branch-schedule-2-hourly: &if-default-branch-schedule-2-hourly
|
|
if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "schedule" && $FREQUENCY == "2-hourly"'
|
|
|
|
.if-default-branch-schedule-nightly: &if-default-branch-schedule-nightly
|
|
if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "schedule" && $FREQUENCY == "nightly"'
|
|
|
|
.if-auto-deploy-branches: &if-auto-deploy-branches
|
|
if: '$CI_COMMIT_BRANCH =~ /^\d+-\d+-auto-deploy-\d+$/'
|
|
|
|
.if-default-branch-or-tag: &if-default-branch-or-tag
|
|
if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH || $CI_COMMIT_TAG'
|
|
|
|
.if-merge-request: &if-merge-request
|
|
if: '$CI_MERGE_REQUEST_IID'
|
|
|
|
.if-merge-request-approved: &if-merge-request-approved
|
|
if: '$CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_APPROVED'
|
|
|
|
.if-merge-request-not-approved: &if-merge-request-not-approved
|
|
if: '$CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_APPROVED != "true"'
|
|
|
|
.if-automated-merge-request: &if-automated-merge-request
|
|
if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME == "release-tools/update-gitaly" || $CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ /stable-ee$/'
|
|
|
|
.if-merge-request-title-as-if-foss: &if-merge-request-title-as-if-foss
|
|
if: '$CI_MERGE_REQUEST_TITLE =~ /RUN AS-IF-FOSS/'
|
|
|
|
.if-merge-request-title-update-caches: &if-merge-request-title-update-caches
|
|
if: '$CI_MERGE_REQUEST_TITLE =~ /UPDATE CACHE/'
|
|
|
|
.if-merge-request-title-run-all-rspec: &if-merge-request-title-run-all-rspec
|
|
if: '$CI_MERGE_REQUEST_TITLE =~ /RUN ALL RSPEC/'
|
|
|
|
.if-security-merge-request: &if-security-merge-request
|
|
if: '$CI_PROJECT_NAMESPACE == "gitlab-org/security" && $CI_MERGE_REQUEST_IID'
|
|
|
|
.if-security-schedule: &if-security-schedule
|
|
if: '$CI_PROJECT_NAMESPACE == "gitlab-org/security" && $CI_PIPELINE_SOURCE == "schedule"'
|
|
|
|
.if-dot-com-gitlab-org-schedule: &if-dot-com-gitlab-org-schedule
|
|
if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_PIPELINE_SOURCE == "schedule"'
|
|
|
|
.if-dot-com-gitlab-org-default-branch: &if-dot-com-gitlab-org-default-branch
|
|
if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH'
|
|
|
|
.if-dot-com-gitlab-org-merge-request: &if-dot-com-gitlab-org-merge-request
|
|
if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_MERGE_REQUEST_IID'
|
|
|
|
.if-dot-com-gitlab-org-and-security-merge-request: &if-dot-com-gitlab-org-and-security-merge-request
|
|
if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && $CI_MERGE_REQUEST_IID'
|
|
|
|
.if-dot-com-gitlab-org-and-security-tag: &if-dot-com-gitlab-org-and-security-tag
|
|
if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && $CI_COMMIT_TAG'
|
|
|
|
.if-dot-com-ee-2-hourly-schedule: &if-dot-com-ee-2-hourly-schedule
|
|
if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "schedule" && $FREQUENCY == "2-hourly"'
|
|
|
|
.if-cache-credentials-schedule: &if-cache-credentials-schedule
|
|
if: '$CI_REPO_CACHE_CREDENTIALS && $CI_PIPELINE_SOURCE == "schedule"'
|
|
|
|
.if-rspec-fail-fast-disabled: &if-rspec-fail-fast-disabled
|
|
if: '$RSPEC_FAIL_FAST_ENABLED != "true"'
|
|
|
|
.if-rspec-fail-fast-skipped: &if-rspec-fail-fast-skipped
|
|
if: '$CI_MERGE_REQUEST_TITLE =~ /SKIP RSPEC FAIL-FAST/'
|
|
|
|
# For Security merge requests, the gitlab-release-tools-bot triggers a new
|
|
# pipeline for the "Pipelines for merged results" feature. If the pipeline
|
|
# fails, we notify release managers.
|
|
.if-security-pipeline-merge-result: &if-security-pipeline-merge-result
|
|
if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH && $CI_PROJECT_NAMESPACE == "gitlab-org/security" && $GITLAB_USER_LOGIN == "gitlab-release-tools-bot"'
|
|
|
|
####################
|
|
# Changes patterns #
|
|
####################
|
|
.ci-patterns: &ci-patterns
|
|
- ".gitlab-ci.yml"
|
|
- ".gitlab/ci/**/*"
|
|
|
|
.ci-build-images-patterns: &ci-build-images-patterns
|
|
- ".gitlab-ci.yml"
|
|
- ".gitlab/ci/build-images.gitlab-ci.yml"
|
|
|
|
.ci-review-patterns: &ci-review-patterns
|
|
- ".gitlab-ci.yml"
|
|
- ".gitlab/ci/frontend.gitlab-ci.yml"
|
|
- ".gitlab/ci/build-images.gitlab-ci.yml"
|
|
- ".gitlab/ci/review.gitlab-ci.yml"
|
|
- "scripts/review_apps/base-config.yaml"
|
|
- "scripts/review_apps/review-apps.sh"
|
|
- "scripts/trigger-build"
|
|
|
|
.ci-qa-patterns: &ci-qa-patterns
|
|
- ".gitlab-ci.yml"
|
|
- ".gitlab/ci/frontend.gitlab-ci.yml"
|
|
- ".gitlab/ci/build-images.gitlab-ci.yml"
|
|
- ".gitlab/ci/qa.gitlab-ci.yml"
|
|
|
|
.gitaly-patterns: &gitaly-patterns
|
|
- "GITALY_SERVER_VERSION"
|
|
|
|
.workhorse-patterns: &workhorse-patterns
|
|
- "GITLAB_WORKHORSE_VERSION"
|
|
- "workhorse/**/*"
|
|
- ".gitlab/ci/workhorse.gitlab-ci.yml"
|
|
|
|
.yaml-lint-patterns: &yaml-lint-patterns
|
|
- ".gitlab-ci.yml"
|
|
- ".gitlab/ci/**/*.yml"
|
|
- "lib/gitlab/ci/templates/**/*.yml"
|
|
- "{,ee/,jh/}changelogs/**/*.yml"
|
|
|
|
.docs-patterns: &docs-patterns
|
|
- ".gitlab/route-map.yml"
|
|
- "doc/**/*"
|
|
- ".markdownlint.yml"
|
|
- "scripts/lint-doc.sh"
|
|
|
|
.bundler-patterns: &bundler-patterns
|
|
- '{Gemfile.lock,*/Gemfile.lock,*/*/Gemfile.lock}'
|
|
|
|
.nodejs-patterns: &nodejs-patterns
|
|
- '{package.json,*/package.json,*/*/package.json}'
|
|
|
|
.python-patterns: &python-patterns
|
|
- '{requirements.txt,*/requirements.txt,*/*/requirements.txt}'
|
|
- '{requirements.pip,*/requirements.pip,*/*/requirements.pip}'
|
|
- '{Pipfile,*/Pipfile,*/*/Pipfile}'
|
|
- '{requires.txt,*/requires.txt,*/*/requires.txt}'
|
|
- '{setup.py,*/setup.py,*/*/setup.py}'
|
|
|
|
.dependency-patterns: &dependency-patterns
|
|
- '{Gemfile.lock,*/Gemfile.lock,*/*/Gemfile.lock}'
|
|
- '{composer.lock,*/composer.lock,*/*/composer.lock}'
|
|
- '{gems.locked,*/gems.locked,*/*/gems.locked}'
|
|
- '{go.sum,*/go.sum,*/*/go.sum}'
|
|
- '{npm-shrinkwrap.json,*/npm-shrinkwrap.json,*/*/npm-shrinkwrap.json}'
|
|
- '{package-lock.json,*/package-lock.json,*/*/package-lock.json}'
|
|
- '{yarn.lock,*/yarn.lock,*/*/yarn.lock}'
|
|
- '{packages.lock.json,*/packages.lock.json,*/*/packages.lock.json}'
|
|
- '{conan.lock,*/conan.lock,*/*/conan.lock}'
|
|
|
|
.frontend-dependency-patterns: &frontend-dependency-patterns
|
|
- "{package.json,yarn.lock}"
|
|
- "config/webpack.config.js"
|
|
- "config/helpers/*.js"
|
|
|
|
.frontend-build-patterns: &frontend-build-patterns
|
|
- "{package.json,yarn.lock}"
|
|
- ".browserslistrc"
|
|
- "babel.config.js"
|
|
- "config/webpack.config.js"
|
|
- "config/**/*.js"
|
|
- "vendor/assets/**/*"
|
|
- "{,ee/,jh/}app/assets/**/*"
|
|
|
|
.frontend-patterns: &frontend-patterns
|
|
- "{package.json,yarn.lock}"
|
|
- ".browserslistrc"
|
|
- "babel.config.js"
|
|
- "jest.config.{base,integration,unit}.js"
|
|
- ".csscomb.json"
|
|
- "Dockerfile.assets"
|
|
- "config/**/*.js"
|
|
- "vendor/assets/**/*"
|
|
- "{,ee/,jh/}{app/assets,app/helpers,app/presenters,app/views,locale,public,symbol}/**/*"
|
|
|
|
.startup-css-patterns: &startup-css-patterns
|
|
- "{,ee/,jh/}app/assets/stylesheets/startup/**/*"
|
|
|
|
.backend-patterns: &backend-patterns
|
|
- "Gemfile{,.lock}"
|
|
- "Rakefile"
|
|
- "config.ru"
|
|
# List explicitly all the app/ dirs that are backend (i.e. all except app/assets).
|
|
- "{,ee/,jh/}{app/channels,app/controllers,app/finders,app/graphql,app/helpers,app/mailers,app/models,app/policies,app/presenters,app/serializers,app/services,app/uploaders,app/validators,app/views,app/workers}/**/*"
|
|
- "{,ee/,jh/}{bin,cable,config,db,generator_templates,lib}/**/*"
|
|
- "{,ee/,jh/}spec/**/*.rb"
|
|
# CI changes
|
|
- ".gitlab-ci.yml"
|
|
- ".gitlab/ci/**/*"
|
|
- "*_VERSION"
|
|
|
|
.db-patterns: &db-patterns
|
|
- "{,ee/,jh/}{,spec/}{db,migrations}/**/*"
|
|
- "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database/**/*"
|
|
- "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database{,_spec}.rb"
|
|
- "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/background_migration/**/*"
|
|
- "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/background_migration{,_spec}.rb"
|
|
- "{,ee/,jh/}spec/support/helpers/database/**/*"
|
|
- "config/prometheus/common_metrics.yml" # Used by Gitlab::DatabaseImporters::CommonMetrics::Importer
|
|
- "{,ee/,jh/}app/models/project_statistics.rb" # Used to calculate sizes in migration specs
|
|
- "GITALY_SERVER_VERSION" # Has interactions with background migrations:https://gitlab.com/gitlab-org/gitlab/-/issues/336538
|
|
# CI changes
|
|
- ".gitlab-ci.yml"
|
|
- ".gitlab/ci/**/*"
|
|
|
|
.db-library-patterns: &db-library-patterns
|
|
- "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database/**/*"
|
|
- "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database{,_spec}.rb"
|
|
- "{,ee/,jh/}spec/support/helpers/database/**/*"
|
|
|
|
.backstage-patterns: &backstage-patterns
|
|
- "Dangerfile"
|
|
- "danger/**/*"
|
|
- "{,ee/,jh/}fixtures/**/*"
|
|
- "{,ee/,jh/}rubocop/**/*"
|
|
- "{,ee/,jh/}spec/**/*"
|
|
- "{,spec/}tooling/**/*"
|
|
|
|
.code-patterns: &code-patterns
|
|
- "{package.json,yarn.lock}"
|
|
- ".browserslistrc"
|
|
- "babel.config.js"
|
|
- "jest.config.{base,integration,unit}.js"
|
|
- ".csscomb.json"
|
|
- "Dockerfile.assets"
|
|
- "vendor/assets/**/*"
|
|
# CI changes
|
|
- ".gitlab-ci.yml"
|
|
- ".gitlab/ci/**/*"
|
|
- ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}"
|
|
- ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,rubocop_manual_todo}.yml"
|
|
- "*_VERSION"
|
|
- "Gemfile{,.lock}"
|
|
- "Rakefile"
|
|
- "tests.yml"
|
|
- "config.ru"
|
|
- "{,ee/,jh/}{app,bin,config,db,generator_templates,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
|
|
- "doc/api/graphql/reference/*" # Files in this folder are auto-generated
|
|
- "data/whats_new/*.yml"
|
|
|
|
.qa-patterns: &qa-patterns
|
|
- ".dockerignore"
|
|
- "qa/**/*"
|
|
|
|
.code-backstage-patterns: &code-backstage-patterns
|
|
- "{package.json,yarn.lock}"
|
|
- ".browserslistrc"
|
|
- "babel.config.js"
|
|
- "jest.config.{base,integration,unit}.js"
|
|
- ".csscomb.json"
|
|
- "Dockerfile.assets"
|
|
- "vendor/assets/**/*"
|
|
# CI changes
|
|
- ".gitlab-ci.yml"
|
|
- ".gitlab/ci/**/*"
|
|
- ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}"
|
|
- ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,rubocop_manual_todo}.yml"
|
|
- "*_VERSION"
|
|
- "Gemfile{,.lock}"
|
|
- "Rakefile"
|
|
- "tests.yml"
|
|
- "config.ru"
|
|
- "{,ee/,jh/}{app,bin,config,db,generator_templates,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
|
|
- "doc/api/graphql/reference/*" # Files in this folder are auto-generated
|
|
- "data/whats_new/*.yml"
|
|
# Backstage changes
|
|
- "Dangerfile"
|
|
- "danger/**/*"
|
|
- "{,ee/,jh/}fixtures/**/*"
|
|
- "{,ee/,jh/}rubocop/**/*"
|
|
- "{,ee/,jh/}spec/**/*"
|
|
- "{,spec/}tooling/**/*"
|
|
|
|
.code-qa-patterns: &code-qa-patterns
|
|
- "{package.json,yarn.lock}"
|
|
- ".browserslistrc"
|
|
- "babel.config.js"
|
|
- "jest.config.{base,integration,unit}.js"
|
|
- ".csscomb.json"
|
|
- "Dockerfile.assets"
|
|
- "vendor/assets/**/*"
|
|
# CI changes
|
|
- ".gitlab-ci.yml"
|
|
- ".gitlab/ci/**/*"
|
|
- ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}"
|
|
- ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,rubocop_manual_todo}.yml"
|
|
- "*_VERSION"
|
|
- "Gemfile{,.lock}"
|
|
- "Rakefile"
|
|
- "tests.yml"
|
|
- "config.ru"
|
|
- "{,ee/,jh/}{app,bin,config,db,generator_templates,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
|
|
- "doc/api/graphql/reference/*" # Files in this folder are auto-generated
|
|
- "data/whats_new/*.yml"
|
|
# QA changes
|
|
- ".dockerignore"
|
|
- "qa/**/*"
|
|
|
|
.code-backstage-qa-patterns: &code-backstage-qa-patterns
|
|
- "{package.json,yarn.lock}"
|
|
- ".browserslistrc"
|
|
- "babel.config.js"
|
|
- "jest.config.{base,integration,unit}.js"
|
|
- ".csscomb.json"
|
|
- "Dockerfile.assets"
|
|
- "vendor/assets/**/*"
|
|
# CI changes
|
|
- ".gitlab-ci.yml"
|
|
- ".gitlab/ci/**/*"
|
|
- ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}"
|
|
- ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,rubocop_manual_todo}.yml"
|
|
- "*_VERSION"
|
|
- "Gemfile{,.lock}"
|
|
- "Rakefile"
|
|
- "tests.yml"
|
|
- "config.ru"
|
|
- "{,ee/,jh/}{app,bin,config,db,generator_templates,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
|
|
- "doc/api/graphql/reference/*" # Files in this folder are auto-generated
|
|
- "data/whats_new/*.yml"
|
|
# Backstage changes
|
|
- "Dangerfile"
|
|
- "danger/**/*"
|
|
- "{,ee/,jh/}fixtures/**/*"
|
|
- "{,ee/,jh/}rubocop/**/*"
|
|
- "{,ee/,jh/}spec/**/*"
|
|
- "{,spec/}tooling/**/*"
|
|
# QA changes
|
|
- ".dockerignore"
|
|
- "qa/**/*"
|
|
|
|
.code-backstage-danger-patterns: &code-backstage-danger-patterns
|
|
# Backstage changes
|
|
- "Dangerfile"
|
|
- "danger/**/*"
|
|
- "tooling/danger/**/*"
|
|
|
|
################
|
|
# Shared rules #
|
|
################
|
|
.shared:rules:update-cache:
|
|
rules:
|
|
- <<: *if-default-branch-schedule-2-hourly
|
|
- <<: *if-security-schedule
|
|
- <<: *if-merge-request-title-update-caches
|
|
|
|
.shared:rules:update-gitaly-binaries-cache:
|
|
rules:
|
|
- <<: *if-merge-request-title-update-caches
|
|
- changes: *gitaly-patterns
|
|
|
|
######################
|
|
# Build images rules #
|
|
######################
|
|
.build-images:rules:build-qa-image:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-dot-com-gitlab-org-and-security-merge-request
|
|
changes: *ci-build-images-patterns
|
|
- <<: *if-dot-com-gitlab-org-and-security-merge-request
|
|
changes: *code-qa-patterns
|
|
- <<: *if-dot-com-gitlab-org-default-branch
|
|
changes: *code-qa-patterns
|
|
- <<: *if-dot-com-gitlab-org-schedule
|
|
|
|
.build-images:rules:build-assets-image:
|
|
rules:
|
|
- <<: *if-not-canonical-namespace
|
|
when: never
|
|
- <<: *if-auto-deploy-branches
|
|
- changes: *ci-build-images-patterns
|
|
- changes: *code-qa-patterns
|
|
|
|
####################
|
|
# Cache repo rules #
|
|
####################
|
|
.cache-repo:rules:
|
|
rules:
|
|
- <<: *if-cache-credentials-schedule
|
|
allow_failure: true
|
|
|
|
#############
|
|
# CNG rules #
|
|
#############
|
|
.cng:rules:
|
|
rules:
|
|
- <<: *if-dot-com-gitlab-org-and-security-tag
|
|
when: manual
|
|
allow_failure: true
|
|
|
|
##################
|
|
# Delivery rules #
|
|
##################
|
|
.delivery:rules:security-pipeline-merge-result-failure:
|
|
rules:
|
|
- <<: *if-security-pipeline-merge-result
|
|
when: on_failure
|
|
|
|
######################
|
|
# Dev fixtures rules #
|
|
######################
|
|
.dev-fixtures:rules:ee-and-foss:
|
|
rules:
|
|
- <<: *if-default-refs
|
|
changes: *code-backstage-patterns
|
|
when: on_success
|
|
|
|
.dev-fixtures:rules:ee-only:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-default-refs
|
|
changes: *code-backstage-patterns
|
|
when: on_success
|
|
|
|
##############
|
|
# Docs rules #
|
|
##############
|
|
.docs:rules:review-docs:
|
|
rules:
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *docs-patterns
|
|
when: manual
|
|
allow_failure: true
|
|
|
|
.docs:rules:docs-lint:
|
|
rules:
|
|
- <<: *if-default-refs
|
|
changes: *docs-patterns
|
|
when: on_success
|
|
|
|
##################
|
|
# GraphQL rules #
|
|
##################
|
|
|
|
.graphql:rules:graphql-verify:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-default-refs
|
|
changes: *code-backstage-qa-patterns
|
|
when: on_success
|
|
|
|
##################
|
|
# Frontend rules #
|
|
##################
|
|
.frontend:rules:compile-production-assets:
|
|
rules:
|
|
- <<: *if-not-canonical-namespace
|
|
when: never
|
|
- <<: *if-auto-deploy-branches
|
|
- changes: *code-qa-patterns
|
|
|
|
.frontend:rules:compile-test-assets:
|
|
rules:
|
|
- changes: *code-backstage-qa-patterns
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
|
|
.frontend:rules:compile-test-assets-as-if-foss:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-merge-request # Always run for MRs since `compile-test-assets as-if-foss` is either needed by `rspec foss-impact` or the `rspec * as-if-foss` jobs.
|
|
changes: *code-backstage-qa-patterns
|
|
|
|
.frontend:rules:default-frontend-jobs:
|
|
rules:
|
|
- <<: *if-default-refs
|
|
changes: *code-backstage-patterns
|
|
|
|
.frontend:rules:default-frontend-jobs-ee:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-default-refs
|
|
changes: *code-backstage-patterns
|
|
|
|
.frontend:rules:default-frontend-jobs-as-if-foss:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-security-merge-request
|
|
changes: *code-backstage-patterns
|
|
- <<: *if-merge-request-title-as-if-foss
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
- <<: *if-merge-request
|
|
changes: *startup-css-patterns
|
|
- <<: *if-merge-request
|
|
changes: *ci-patterns
|
|
|
|
.frontend:rules:eslint-as-if-foss:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-merge-request-title-as-if-foss
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: *frontend-patterns
|
|
|
|
.frontend:rules:ee-mr-and-default-branch-only:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: *code-backstage-patterns
|
|
when: always
|
|
- <<: *if-default-branch-refs
|
|
changes: *code-backstage-patterns
|
|
|
|
.frontend:rules:qa-frontend-node:
|
|
rules:
|
|
- <<: *if-default-branch-refs
|
|
changes: *frontend-dependency-patterns
|
|
- <<: *if-merge-request
|
|
changes: *frontend-dependency-patterns
|
|
|
|
.frontend:rules:qa-frontend-node-latest:
|
|
rules:
|
|
- <<: *if-default-branch-refs
|
|
changes: *frontend-dependency-patterns
|
|
allow_failure: true
|
|
- <<: *if-merge-request
|
|
changes: *frontend-dependency-patterns
|
|
allow_failure: true
|
|
|
|
.frontend:rules:bundle-size-review:
|
|
rules:
|
|
- <<: *if-not-canonical-namespace
|
|
when: never
|
|
- if: '$DANGER_GITLAB_API_TOKEN && $CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH'
|
|
changes: *frontend-build-patterns
|
|
allow_failure: true
|
|
|
|
################
|
|
# Memory rules #
|
|
################
|
|
.memory:rules:
|
|
rules:
|
|
- <<: *if-default-refs
|
|
changes: *code-patterns
|
|
when: on_success
|
|
|
|
###############
|
|
# Pages rules #
|
|
###############
|
|
.pages:rules:
|
|
rules:
|
|
- <<: *if-dot-com-ee-2-hourly-schedule
|
|
|
|
############
|
|
# QA rules #
|
|
############
|
|
.qa:rules:ee-and-foss:
|
|
rules:
|
|
- <<: *if-default-refs
|
|
changes: *code-qa-patterns
|
|
when: on_success
|
|
|
|
.qa:rules:as-if-foss:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-security-merge-request
|
|
changes: *code-qa-patterns
|
|
- <<: *if-merge-request-title-as-if-foss
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
- <<: *if-merge-request
|
|
changes: *ci-patterns
|
|
|
|
.qa:rules:package-and-qa:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-dot-com-gitlab-org-and-security-merge-request
|
|
changes: *ci-qa-patterns
|
|
allow_failure: true
|
|
- <<: *if-dot-com-gitlab-org-and-security-merge-request
|
|
changes: *qa-patterns
|
|
allow_failure: true
|
|
- <<: *if-dot-com-gitlab-org-and-security-merge-request
|
|
changes: *code-patterns
|
|
when: manual
|
|
allow_failure: true
|
|
- <<: *if-dot-com-gitlab-org-schedule
|
|
allow_failure: true
|
|
|
|
###############
|
|
# Rails rules #
|
|
###############
|
|
.rails:rules:ee-and-foss-migration:
|
|
rules:
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
- <<: *if-automated-merge-request
|
|
changes: *db-patterns
|
|
- <<: *if-merge-request-not-approved
|
|
when: never
|
|
- changes: *db-patterns
|
|
|
|
.rails:rules:ee-and-foss-migration:minimal:
|
|
rules:
|
|
- <<: *if-merge-request-approved
|
|
when: never
|
|
- <<: *if-automated-merge-request
|
|
when: never
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: *ci-patterns
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: *db-patterns
|
|
|
|
.rails:rules:ee-and-foss-mr-with-migration:
|
|
rules:
|
|
- <<: *if-merge-request
|
|
changes: *db-patterns
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
|
|
.rails:rules:db:gitlabcom-database-testing:
|
|
rules:
|
|
- if: '$GITLABCOM_DATABASE_TESTING_TRIGGER_TOKEN == null'
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: *db-patterns
|
|
when: manual
|
|
|
|
.rails:rules:ee-and-foss-unit:
|
|
rules:
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
- <<: *if-automated-merge-request
|
|
changes: *backend-patterns
|
|
- <<: *if-merge-request-not-approved
|
|
when: never
|
|
- changes: *backend-patterns
|
|
|
|
.rails:rules:ee-and-foss-unit:minimal:
|
|
rules:
|
|
- <<: *if-merge-request-approved
|
|
when: never
|
|
- <<: *if-automated-merge-request
|
|
when: never
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: *ci-patterns
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: *backend-patterns
|
|
|
|
.rails:rules:ee-and-foss-integration:
|
|
rules:
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
- <<: *if-automated-merge-request
|
|
changes: *backend-patterns
|
|
- <<: *if-merge-request-not-approved
|
|
when: never
|
|
- changes: *backend-patterns
|
|
|
|
.rails:rules:ee-and-foss-integration:minimal:
|
|
rules:
|
|
- <<: *if-merge-request-approved
|
|
when: never
|
|
- <<: *if-automated-merge-request
|
|
when: never
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: *ci-patterns
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: *backend-patterns
|
|
|
|
.rails:rules:ee-and-foss-system:
|
|
rules:
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
- <<: *if-automated-merge-request
|
|
changes: *code-backstage-patterns
|
|
- <<: *if-merge-request-not-approved
|
|
when: never
|
|
- changes: *code-backstage-patterns
|
|
|
|
.rails:rules:ee-and-foss-system:minimal:
|
|
rules:
|
|
- <<: *if-merge-request-approved
|
|
when: never
|
|
- <<: *if-automated-merge-request
|
|
when: never
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: *ci-patterns
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: *code-backstage-patterns
|
|
|
|
.rails:rules:ee-and-foss-fast_spec_helper:
|
|
rules:
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
- <<: *if-automated-merge-request
|
|
changes: ["config/**/*"]
|
|
- <<: *if-merge-request-not-approved
|
|
when: never
|
|
- changes: ["config/**/*"]
|
|
|
|
.rails:rules:ee-and-foss-fast_spec_helper:minimal:
|
|
rules:
|
|
- <<: *if-merge-request-approved
|
|
when: never
|
|
- <<: *if-automated-merge-request
|
|
when: never
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: *ci-patterns
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: ["config/**/*"]
|
|
|
|
.rails:rules:code-backstage-qa:
|
|
rules:
|
|
- changes: *code-backstage-qa-patterns
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
|
|
.rails:rules:ee-only-migration:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
- <<: *if-automated-merge-request
|
|
changes: *db-patterns
|
|
- <<: *if-merge-request-not-approved
|
|
when: never
|
|
- changes: *db-patterns
|
|
|
|
.rails:rules:ee-only-migration:minimal:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-merge-request-approved
|
|
when: never
|
|
- <<: *if-automated-merge-request
|
|
when: never
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: *ci-patterns
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: *db-patterns
|
|
|
|
.rails:rules:ee-only-unit:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
- <<: *if-automated-merge-request
|
|
changes: *backend-patterns
|
|
- <<: *if-merge-request-not-approved
|
|
when: never
|
|
- changes: *backend-patterns
|
|
|
|
.rails:rules:ee-only-unit:minimal:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-merge-request-approved
|
|
when: never
|
|
- <<: *if-automated-merge-request
|
|
when: never
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: *ci-patterns
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: *backend-patterns
|
|
|
|
.rails:rules:ee-only-integration:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
- <<: *if-automated-merge-request
|
|
changes: *backend-patterns
|
|
- <<: *if-merge-request-not-approved
|
|
when: never
|
|
- changes: *backend-patterns
|
|
|
|
.rails:rules:ee-only-integration:minimal:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-merge-request-approved
|
|
when: never
|
|
- <<: *if-automated-merge-request
|
|
when: never
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: *ci-patterns
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: *backend-patterns
|
|
|
|
.rails:rules:ee-only-system:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
- <<: *if-automated-merge-request
|
|
changes: *code-backstage-patterns
|
|
- <<: *if-merge-request-not-approved
|
|
when: never
|
|
- changes: *code-backstage-patterns
|
|
|
|
.rails:rules:ee-only-system:minimal:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-merge-request-approved
|
|
when: never
|
|
- <<: *if-automated-merge-request
|
|
when: never
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: *ci-patterns
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: *code-backstage-patterns
|
|
|
|
.rails:rules:as-if-foss-migration:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
- <<: *if-automated-merge-request
|
|
changes: *db-patterns
|
|
- <<: *if-merge-request-not-approved
|
|
when: never
|
|
- <<: *if-security-merge-request
|
|
changes: *db-patterns
|
|
- <<: *if-merge-request-title-as-if-foss
|
|
changes: *db-patterns
|
|
- <<: *if-merge-request
|
|
changes: *ci-patterns
|
|
|
|
.rails:rules:as-if-foss-migration:minimal:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-merge-request-approved
|
|
when: never
|
|
- <<: *if-automated-merge-request
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: *ci-patterns
|
|
when: never
|
|
- <<: *if-security-merge-request
|
|
changes: *db-patterns
|
|
- <<: *if-merge-request-title-as-if-foss
|
|
changes: *db-patterns
|
|
|
|
.rails:rules:as-if-foss-unit:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
- <<: *if-automated-merge-request
|
|
changes: *backend-patterns
|
|
- <<: *if-merge-request-not-approved
|
|
when: never
|
|
- <<: *if-security-merge-request
|
|
changes: *backend-patterns
|
|
- <<: *if-merge-request-title-as-if-foss
|
|
changes: *backend-patterns
|
|
- <<: *if-merge-request
|
|
changes: *ci-patterns
|
|
|
|
.rails:rules:as-if-foss-unit:minimal:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-merge-request-approved
|
|
when: never
|
|
- <<: *if-automated-merge-request
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: *ci-patterns
|
|
when: never
|
|
- <<: *if-security-merge-request
|
|
changes: *backend-patterns
|
|
- <<: *if-merge-request-title-as-if-foss
|
|
changes: *backend-patterns
|
|
|
|
.rails:rules:as-if-foss-integration:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
- <<: *if-automated-merge-request
|
|
changes: *backend-patterns
|
|
- <<: *if-merge-request-not-approved
|
|
when: never
|
|
- <<: *if-security-merge-request
|
|
changes: *backend-patterns
|
|
- <<: *if-merge-request-title-as-if-foss
|
|
changes: *backend-patterns
|
|
- <<: *if-merge-request
|
|
changes: *ci-patterns
|
|
|
|
.rails:rules:as-if-foss-integration:minimal:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-merge-request-approved
|
|
when: never
|
|
- <<: *if-automated-merge-request
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: *ci-patterns
|
|
when: never
|
|
- <<: *if-security-merge-request
|
|
changes: *backend-patterns
|
|
- <<: *if-merge-request-title-as-if-foss
|
|
changes: *backend-patterns
|
|
|
|
.rails:rules:as-if-foss-system:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
- <<: *if-automated-merge-request
|
|
changes: *code-backstage-patterns
|
|
- <<: *if-merge-request-not-approved
|
|
when: never
|
|
- <<: *if-security-merge-request
|
|
changes: *code-backstage-patterns
|
|
- <<: *if-merge-request-title-as-if-foss
|
|
changes: *code-backstage-patterns
|
|
- <<: *if-merge-request
|
|
changes: *ci-patterns
|
|
|
|
.rails:rules:as-if-foss-system:minimal:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-merge-request-approved
|
|
when: never
|
|
- <<: *if-automated-merge-request
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: *ci-patterns
|
|
when: never
|
|
- <<: *if-security-merge-request
|
|
changes: *code-backstage-patterns
|
|
- <<: *if-merge-request-title-as-if-foss
|
|
changes: *code-backstage-patterns
|
|
|
|
.rails:rules:ee-and-foss-db-library-code:
|
|
rules:
|
|
- changes: *db-library-patterns
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
|
|
.rails:rules:ee-mr-and-default-branch-only:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
- <<: *if-merge-request
|
|
changes: *code-backstage-patterns
|
|
- <<: *if-default-branch-refs
|
|
changes: *code-backstage-patterns
|
|
|
|
.rails:rules:detect-tests:
|
|
rules:
|
|
- changes: *code-backstage-patterns
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
|
|
.rails:rules:rspec-foss-impact:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-merge-request-title-as-if-foss
|
|
when: never
|
|
- <<: *if-security-merge-request
|
|
changes: *code-backstage-patterns
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *code-backstage-patterns
|
|
|
|
.rails:rules:rspec fail-fast:
|
|
rules:
|
|
- <<: *if-rspec-fail-fast-disabled
|
|
when: never
|
|
- <<: *if-rspec-fail-fast-skipped
|
|
when: never
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-security-merge-request
|
|
changes: *code-backstage-patterns
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *code-backstage-patterns
|
|
|
|
.rails:rules:fail-pipeline-early:
|
|
rules:
|
|
- <<: *if-rspec-fail-fast-disabled
|
|
when: never
|
|
- <<: *if-rspec-fail-fast-skipped
|
|
when: never
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-security-merge-request
|
|
changes: *code-backstage-patterns
|
|
when: on_failure
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *code-backstage-patterns
|
|
when: on_failure
|
|
|
|
.rails:rules:deprecations:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-default-branch-schedule-nightly
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
|
|
.rails:rules:rspec-coverage:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-merge-request
|
|
changes: *code-backstage-patterns
|
|
when: always
|
|
- <<: *if-default-branch-schedule-2-hourly
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
when: always
|
|
|
|
.rails:rules:default-branch-schedule-nightly--code-backstage:
|
|
rules:
|
|
- <<: *if-default-branch-schedule-nightly
|
|
- <<: *if-merge-request
|
|
changes: [".gitlab/ci/rails.gitlab-ci.yml"]
|
|
|
|
.rails:rules:default-branch-schedule-nightly--code-backstage-ee-only:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-default-branch-schedule-nightly
|
|
- <<: *if-merge-request
|
|
changes: [".gitlab/ci/rails.gitlab-ci.yml"]
|
|
|
|
.rails:rules:rspec-feature-flags:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- changes: *code-backstage-patterns
|
|
|
|
#########################
|
|
# Static analysis rules #
|
|
#########################
|
|
|
|
.static-analysis:rules:ee-and-foss:
|
|
rules:
|
|
- changes: *code-backstage-qa-patterns
|
|
|
|
.static-analysis:rules:as-if-foss:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-merge-request-title-as-if-foss
|
|
changes: *code-backstage-qa-patterns
|
|
- <<: *if-security-merge-request
|
|
changes: *code-backstage-qa-patterns
|
|
- <<: *if-merge-request
|
|
changes: *ci-patterns
|
|
|
|
#######################
|
|
# Vendored gems rules #
|
|
#######################
|
|
|
|
.vendor:rules:mail-smtp_pool:
|
|
rules:
|
|
- <<: *if-merge-request
|
|
changes: ["vendor/gems/mail-smtp_pool/**/*"]
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
|
|
##################
|
|
# Releases rules #
|
|
##################
|
|
.releases:rules:canonical-dot-com-gitlab-stable-branch-only:
|
|
rules:
|
|
- if: '$CI_COMMIT_MESSAGE =~ /\[merge-train skip\]/'
|
|
when: never
|
|
- if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable-ee$/'
|
|
|
|
.releases:rules:canonical-dot-com-security-gitlab-stable-branch-only:
|
|
rules:
|
|
- if: '$CI_COMMIT_MESSAGE =~ /\[merge-train skip\]/'
|
|
when: never
|
|
- if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/security/gitlab" && $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable-ee$/'
|
|
|
|
#################
|
|
# Reports rules #
|
|
#################
|
|
.reports:rules:code_quality:
|
|
rules:
|
|
- if: '$CODE_QUALITY_DISABLED'
|
|
when: never
|
|
- <<: *if-default-refs
|
|
changes: *code-backstage-patterns
|
|
allow_failure: true
|
|
|
|
.reports:rules:sast:
|
|
rules:
|
|
- if: '$SAST_DISABLED || $GITLAB_FEATURES !~ /\bsast\b/'
|
|
when: never
|
|
- <<: *if-default-refs
|
|
changes: *code-backstage-qa-patterns
|
|
allow_failure: true
|
|
|
|
.reports:rules:secret_detection:
|
|
rules:
|
|
- if: '$SECRET_DETECTION_DISABLED'
|
|
when: never
|
|
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' # The Secret-Detection template already has a `secret_detection_default_branch` job
|
|
when: never
|
|
- changes: *code-backstage-qa-patterns
|
|
allow_failure: true
|
|
|
|
.reports:rules:gemnasium-dependency_scanning:
|
|
rules:
|
|
- if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/ || $DS_EXCLUDED_ANALYZERS =~ /gemnasium([^-]|$)/'
|
|
when: never
|
|
- <<: *if-default-refs
|
|
changes: *dependency-patterns
|
|
allow_failure: true
|
|
|
|
.reports:rules:bundler-audit-dependency_scanning:
|
|
rules:
|
|
- if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/ || $DS_EXCLUDED_ANALYZERS =~ /bundler-audit/'
|
|
when: never
|
|
- <<: *if-default-refs
|
|
changes: *bundler-patterns
|
|
allow_failure: true
|
|
|
|
.reports:rules:retire-js-dependency_scanning:
|
|
rules:
|
|
- if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/ || $DS_EXCLUDED_ANALYZERS =~ /retire.js/'
|
|
when: never
|
|
- <<: *if-default-refs
|
|
changes: *nodejs-patterns
|
|
allow_failure: true
|
|
|
|
.reports:rules:gemnasium-python-dependency_scanning:
|
|
rules:
|
|
- if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/ || $DS_EXCLUDED_ANALYZERS =~ /gemnasium-python/'
|
|
when: never
|
|
- <<: *if-default-refs
|
|
changes: *python-patterns
|
|
allow_failure: true
|
|
|
|
.reports:rules:dast:
|
|
rules:
|
|
- if: '$DAST_DISABLED || $GITLAB_FEATURES !~ /\bdast\b/'
|
|
when: never
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *frontend-patterns
|
|
allow_failure: true
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *code-qa-patterns
|
|
when: manual
|
|
allow_failure: true
|
|
|
|
.reports:rules:schedule-dast:
|
|
rules:
|
|
- if: '$DAST_DISABLED || $GITLAB_FEATURES !~ /\bdast\b/'
|
|
when: never
|
|
- <<: *if-default-branch-schedule-nightly
|
|
allow_failure: true
|
|
|
|
.reports:rules:package_hunter-yarn:
|
|
rules:
|
|
- if: "$PACKAGE_HUNTER_USER == null || $PACKAGE_HUNTER_USER == ''"
|
|
when: never
|
|
- <<: *if-default-branch-schedule-2-hourly
|
|
- <<: *if-merge-request
|
|
changes: ["yarn.lock"]
|
|
|
|
.reports:rules:package_hunter-bundler:
|
|
rules:
|
|
- if: "$PACKAGE_HUNTER_USER == null || $PACKAGE_HUNTER_USER == ''"
|
|
when: never
|
|
- <<: *if-default-branch-schedule-2-hourly
|
|
- <<: *if-merge-request
|
|
changes: ["Gemfile.lock"]
|
|
|
|
.reports:rules:license_scanning:
|
|
rules:
|
|
- if: '$LICENSE_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\blicense_scanning\b/'
|
|
when: never
|
|
- <<: *if-default-refs
|
|
changes: *code-backstage-qa-patterns
|
|
allow_failure: true
|
|
|
|
################
|
|
# Review rules #
|
|
################
|
|
.review:rules:review-build-cng:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *ci-review-patterns
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *frontend-patterns
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *code-patterns
|
|
when: manual
|
|
allow_failure: true
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *qa-patterns
|
|
allow_failure: true
|
|
- <<: *if-dot-com-gitlab-org-schedule
|
|
|
|
.review:rules:review-deploy:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *ci-review-patterns
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *frontend-patterns
|
|
allow_failure: true
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *code-patterns
|
|
allow_failure: true
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *qa-patterns
|
|
allow_failure: true
|
|
- <<: *if-dot-com-gitlab-org-schedule
|
|
allow_failure: true
|
|
|
|
.review:rules:review-performance:
|
|
rules:
|
|
- if: '$DAST_RUN == "true"' # Skip this job when DAST is run
|
|
when: never
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *ci-review-patterns
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *frontend-patterns
|
|
allow_failure: true
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *code-qa-patterns
|
|
allow_failure: true
|
|
- <<: *if-dot-com-gitlab-org-schedule
|
|
allow_failure: true
|
|
|
|
.review:rules:review-delete-deployment:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *code-qa-patterns
|
|
|
|
.review:rules:review-qa-smoke:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *ci-review-patterns
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *frontend-patterns
|
|
allow_failure: true
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *code-qa-patterns
|
|
allow_failure: true
|
|
|
|
# The rule needs to be duplicated between `on_success` and `on_failure`
|
|
# because the jobs `needs` the previous job to complete.
|
|
# See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/63844#note_599012559
|
|
.review:rules:review-qa-smoke-report:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *ci-review-patterns
|
|
when: on_success
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *ci-review-patterns
|
|
when: on_failure
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *frontend-patterns
|
|
when: on_success
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *frontend-patterns
|
|
when: on_failure
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *code-qa-patterns
|
|
when: on_success
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *code-qa-patterns
|
|
when: on_failure
|
|
|
|
.review:rules:review-qa-all:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *code-patterns
|
|
when: manual
|
|
allow_failure: true
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *qa-patterns
|
|
allow_failure: true
|
|
|
|
# The rule needs to be duplicated between `on_success` and `on_failure`
|
|
# because the jobs `needs` the previous job to complete.
|
|
# See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/63844#note_599012559
|
|
.review:rules:review-qa-all-report:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *code-patterns
|
|
when: manual
|
|
allow_failure: true
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *qa-patterns
|
|
allow_failure: true
|
|
when: on_success
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *qa-patterns
|
|
allow_failure: true
|
|
when: on_failure
|
|
|
|
.review:rules:review-cleanup:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *code-qa-patterns
|
|
when: manual
|
|
allow_failure: true
|
|
- <<: *if-dot-com-gitlab-org-schedule
|
|
allow_failure: true
|
|
|
|
.review:rules:review-stop:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-dot-com-gitlab-org-merge-request
|
|
changes: *code-qa-patterns
|
|
when: manual
|
|
allow_failure: true
|
|
- <<: *if-dot-com-gitlab-org-schedule
|
|
allow_failure: true
|
|
|
|
.review:rules:danger:
|
|
rules:
|
|
- if: '$CI_MERGE_REQUEST_IID'
|
|
|
|
.review:rules:danger-local:
|
|
rules:
|
|
- if: '$CI_MERGE_REQUEST_IID'
|
|
changes: *code-backstage-danger-patterns
|
|
|
|
###############
|
|
# Setup rules #
|
|
###############
|
|
.setup:rules:cache-gems:
|
|
rules:
|
|
- <<: *if-not-canonical-namespace
|
|
when: never
|
|
- <<: *if-default-branch-or-tag
|
|
changes: *code-backstage-qa-patterns
|
|
when: on_success
|
|
|
|
.setup:rules:dont-interrupt-me:
|
|
rules:
|
|
- <<: *if-default-branch-or-tag
|
|
allow_failure: true
|
|
- <<: *if-auto-deploy-branches
|
|
allow_failure: true
|
|
- when: manual
|
|
allow_failure: true
|
|
|
|
.setup:rules:gitlab_git_test:
|
|
rules:
|
|
- <<: *if-default-refs
|
|
changes: *code-backstage-patterns
|
|
when: on_success
|
|
|
|
.setup:rules:no_ee_check:
|
|
rules:
|
|
- <<: *if-not-foss
|
|
when: never
|
|
- <<: *if-default-refs
|
|
changes: *code-backstage-patterns
|
|
when: on_success
|
|
|
|
.setup:rules:verify-tests-yml:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-default-refs
|
|
changes: *code-backstage-patterns
|
|
when: on_success
|
|
|
|
#######################
|
|
# Test metadata rules #
|
|
#######################
|
|
.test-metadata:rules:retrieve-tests-metadata:
|
|
rules:
|
|
- changes: *code-backstage-patterns
|
|
when: on_success
|
|
- <<: *if-merge-request-title-run-all-rspec
|
|
|
|
.test-metadata:rules:update-tests-metadata:
|
|
rules:
|
|
- <<: *if-not-ee
|
|
when: never
|
|
- <<: *if-dot-com-ee-2-hourly-schedule
|
|
- changes:
|
|
- ".gitlab/ci/test-metadata.gitlab-ci.yml"
|
|
- "scripts/rspec_helpers.sh"
|
|
|
|
###################
|
|
# workhorse rules #
|
|
###################
|
|
.workhorse:rules:workhorse:
|
|
rules:
|
|
- <<: *if-default-refs
|
|
changes: *workhorse-patterns
|
|
|
|
###################
|
|
# yaml-lint rules #
|
|
###################
|
|
.yaml-lint:rules:
|
|
rules:
|
|
- <<: *if-default-refs
|
|
changes: *yaml-lint-patterns
|