122 lines
5.5 KiB
YAML
122 lines
5.5 KiB
YAML
stages:
|
|
- sync
|
|
- prepare
|
|
- build-images
|
|
- fixtures
|
|
- test
|
|
- post-test
|
|
- review-prepare
|
|
- review
|
|
- dast
|
|
- qa
|
|
- post-qa
|
|
- pages
|
|
- notify
|
|
|
|
# always use `gitlab-org` runners, however
|
|
# in cases where jobs require Docker-in-Docker, the job
|
|
# definition must be extended with `.use-docker-in-docker`
|
|
default:
|
|
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.patched-golang-1.16-git-2.31-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-11-graphicsmagick-1.3.36"
|
|
tags:
|
|
- gitlab-org
|
|
# All jobs are interruptible by default
|
|
interruptible: true
|
|
# Default job timeout set to 90m https://gitlab.com/gitlab-com/gl-infra/infrastructure/-/issues/10520
|
|
timeout: 90m
|
|
|
|
workflow:
|
|
rules:
|
|
# If `$FORCE_GITLAB_CI` is set, create a pipeline.
|
|
- if: '$FORCE_GITLAB_CI'
|
|
# As part of the process of creating RCs automatically, we update stable
|
|
# branches with the changes of the most recent production deployment. The
|
|
# merge requests used for this merge a branch release-tools/X into a stable
|
|
# branch. For these merge requests we don't want to run any pipelines, as
|
|
# they serve no purpose and will run anyway when the changes are merged.
|
|
- if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME =~ /^release-tools\/\d+\.\d+\.\d+-rc\d+$/ && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ /^[\d-]+-stable(-ee)?$/ && $CI_PROJECT_PATH == "gitlab-org/gitlab"'
|
|
when: never
|
|
# For merged result pipelines, set $QA_IMAGE, since $CI_MERGE_REQUEST_SOURCE_BRANCH_SHA is only available for merged result pipelines.
|
|
- if: '$CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "merge_train"'
|
|
variables:
|
|
QA_IMAGE: "${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-ee-qa:${CI_MERGE_REQUEST_SOURCE_BRANCH_SHA}"
|
|
# Also run (detached) merge request pipelines.
|
|
- if: '$CI_MERGE_REQUEST_IID'
|
|
# For the 2-hourly scheduled pipelines, we set specific variables.
|
|
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "schedule" && $FREQUENCY == "2-hourly"'
|
|
variables:
|
|
CRYSTALBALL: "true"
|
|
# For `$CI_DEFAULT_BRANCH` branch, create a pipeline (this includes on schedules, pushes, merges, etc.).
|
|
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
|
|
# For tags, create a pipeline.
|
|
- if: '$CI_COMMIT_TAG'
|
|
# If `$GITLAB_INTERNAL` isn't set, don't create a pipeline.
|
|
- if: '$GITLAB_INTERNAL == null'
|
|
when: never
|
|
# For stable, auto-deploy, and security branches, create a pipeline.
|
|
- if: '$CI_COMMIT_BRANCH =~ /^[\d-]+-stable(-ee)?$/'
|
|
- if: '$CI_COMMIT_BRANCH =~ /^\d+-\d+-auto-deploy-\d+$/'
|
|
- if: '$CI_COMMIT_BRANCH =~ /^security\//'
|
|
|
|
variables:
|
|
RAILS_ENV: "test"
|
|
NODE_ENV: "test"
|
|
BUNDLE_WITHOUT: "production:development"
|
|
BUNDLE_INSTALL_FLAGS: "--jobs=$(nproc) --retry=3 --quiet"
|
|
# we override the max_old_space_size to prevent OOM errors
|
|
NODE_OPTIONS: --max_old_space_size=3584
|
|
GIT_DEPTH: "20"
|
|
GIT_SUBMODULE_STRATEGY: "none"
|
|
GET_SOURCES_ATTEMPTS: "3"
|
|
|
|
KNAPSACK_RSPEC_SUITE_REPORT_PATH: knapsack/report-master.json
|
|
FLAKY_RSPEC_SUITE_REPORT_PATH: rspec_flaky/report-suite.json
|
|
RSPEC_TESTS_MAPPING_PATH: crystalball/mapping.json
|
|
RSPEC_PACKED_TESTS_MAPPING_PATH: crystalball/packed-mapping.json
|
|
|
|
ES_JAVA_OPTS: "-Xms256m -Xmx256m"
|
|
ELASTIC_URL: "http://elastic:changeme@elasticsearch:9200"
|
|
DOCKER_VERSION: "20.10.1"
|
|
CACHE_CLASSES: "true"
|
|
CHECK_PRECOMPILED_ASSETS: "true"
|
|
FF_USE_FASTZIP: "true"
|
|
|
|
DOCS_REVIEW_APPS_DOMAIN: "178.62.207.141.nip.io"
|
|
DOCS_GITLAB_REPO_SUFFIX: "ee"
|
|
|
|
REVIEW_APPS_DOMAIN: "gitlab-review.app"
|
|
REVIEW_APPS_GCP_PROJECT: "gitlab-review-apps"
|
|
REVIEW_APPS_GCP_REGION: "us-central1"
|
|
|
|
BUILD_ASSETS_IMAGE: "true" # Set it to "false" to disable assets image building, used in `build-assets-image`
|
|
SIMPLECOV: "true"
|
|
|
|
# For the default QA image, we use $CI_COMMIT_SHA as tag since it's always available and we override it for specific workflow.rules (see above)
|
|
QA_IMAGE: "${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-ee-qa:${CI_COMMIT_SHA}"
|
|
# Default latest tag for particular branch
|
|
QA_IMAGE_BRANCH: "${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-ee-qa:${CI_COMMIT_REF_SLUG}"
|
|
|
|
# Preparing custom clone path to reduce space used by all random forks
|
|
# on GitLab.com's Shared Runners. Our main forks - especially the security
|
|
# ones - will have this variable overwritten in the project settings, so that
|
|
# a security-related code or code using our protected variables will be never
|
|
# stored on the same path as the community forks.
|
|
# Part of the solution for the `no space left on device` problem described at
|
|
# https://gitlab.com/gitlab-org/gitlab/issues/197876.
|
|
#
|
|
# For this purpose the https://gitlab.com/gitlab-org-forks group was created
|
|
# to host a placeholder for the `/builds/gitlab-org-forks` path and ensure
|
|
# that no legitimate project will ever use it and - by mistake - execute its
|
|
# job on a shared working directory. It also requires proper configuration of
|
|
# the Runner that executes the job (which was prepared for our shared runners
|
|
# by https://ops.gitlab.net/gitlab-cookbooks/chef-repo/-/merge_requests/3977).
|
|
#
|
|
# Because of all of that PLEASE DO NOT CHANGE THE PATH.
|
|
#
|
|
# For more details and reasoning that brought this change please check
|
|
# https://gitlab.com/gitlab-org/gitlab/-/merge_requests/24887
|
|
GIT_CLONE_PATH: "/builds/gitlab-org-forks/${CI_PROJECT_NAME}"
|
|
|
|
include:
|
|
- local: .gitlab/ci/*.gitlab-ci.yml
|
|
- remote: 'https://gitlab.com/gitlab-org/frontend/untamper-my-lockfile/-/raw/main/.gitlab-ci-template.yml'
|