Commit 44fa3382 authored by Rémy Coutable's avatar Rémy Coutable

Only make Review App deployment automatic for frontend changes

For other code or QA changes, `review-deploy` and `review-qa-smoke` will
be manual.
Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
parent 99b76451
...@@ -157,9 +157,9 @@ dast: ...@@ -157,9 +157,9 @@ dast:
extends: extends:
- .default-retry - .default-retry
- .reports:rules:dast - .reports:rules:dast
needs: # This is needed so that manual jobs with needs don't block the pipeline.
- job: review-deploy # See https://gitlab.com/gitlab-org/gitlab/-/issues/199979.
artifacts: true dependencies: ["review-deploy"]
stage: qa # GitLab-specific stage: qa # GitLab-specific
image: image:
name: "registry.gitlab.com/gitlab-org/security-products/dast:$DAST_VERSION" name: "registry.gitlab.com/gitlab-org/security-products/dast:$DAST_VERSION"
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
build-qa-image: build-qa-image:
extends: extends:
- .review-docker - .review-docker
- .review:rules:mr-and-schedule - .review:rules:mr-and-schedule-auto
stage: prepare stage: prepare
script: script:
- '[[ ! -d "ee/" ]] || export GITLAB_EDITION="ee"' - '[[ ! -d "ee/" ]] || export GITLAB_EDITION="ee"'
...@@ -45,7 +45,7 @@ review-cleanup: ...@@ -45,7 +45,7 @@ review-cleanup:
review-build-cng: review-build-cng:
extends: extends:
- .default-retry - .default-retry
- .review:rules:mr-and-schedule - .review:rules:mr-and-schedule-auto-if-frontend-manual-otherwise
image: ruby:2.6-alpine image: ruby:2.6-alpine
stage: review-prepare stage: review-prepare
before_script: before_script:
...@@ -57,6 +57,9 @@ review-build-cng: ...@@ -57,6 +57,9 @@ review-build-cng:
artifacts: false artifacts: false
script: script:
- BUILD_TRIGGER_TOKEN=$REVIEW_APPS_BUILD_TRIGGER_TOKEN ./scripts/trigger-build cng - BUILD_TRIGGER_TOKEN=$REVIEW_APPS_BUILD_TRIGGER_TOKEN ./scripts/trigger-build cng
# When the job is manual, review-deploy is also manual and we don't want people
# to have to manually start the jobs in sequence, so we do it for them.
- '[ -z $CI_JOB_MANUAL ] || play_job "review-deploy"'
.review-workflow-base: .review-workflow-base:
extends: extends:
...@@ -76,11 +79,9 @@ review-build-cng: ...@@ -76,11 +79,9 @@ review-build-cng:
review-deploy: review-deploy:
extends: extends:
- .review-workflow-base - .review-workflow-base
- .review:rules:mr-and-schedule - .review:rules:mr-and-schedule-auto-if-frontend-manual-otherwise
stage: review stage: review
needs: dependencies: []
- job: review-build-cng
artifacts: false
resource_group: "review/${CI_COMMIT_REF_NAME}" resource_group: "review/${CI_COMMIT_REF_NAME}"
allow_failure: true allow_failure: true
before_script: before_script:
...@@ -100,6 +101,10 @@ review-deploy: ...@@ -100,6 +101,10 @@ review-deploy:
- download_chart - download_chart
- date - date
- deploy || (display_deployment_debug && exit 1) - deploy || (display_deployment_debug && exit 1)
# When the job is manual, review-qa-smoke is also manual and we don't want people
# to have to manually start the jobs in sequence, so we do it for them.
- '[ -z $CI_JOB_MANUAL ] || play_job "review-qa-smoke"'
- '[ -z $CI_JOB_MANUAL ] || play_job "review-performance"'
artifacts: artifacts:
paths: [environment_url.txt] paths: [environment_url.txt]
expire_in: 2 days expire_in: 2 days
...@@ -140,9 +145,9 @@ review-stop: ...@@ -140,9 +145,9 @@ review-stop:
.review-qa-base: .review-qa-base:
extends: .review-docker extends: .review-docker
stage: qa stage: qa
needs: # This is needed so that manual jobs with needs don't block the pipeline.
- job: review-deploy # See https://gitlab.com/gitlab-org/gitlab/-/issues/199979.
artifacts: true dependencies: ["review-deploy"]
allow_failure: true allow_failure: true
variables: variables:
QA_ARTIFACTS_DIR: "${CI_PROJECT_DIR}/qa" QA_ARTIFACTS_DIR: "${CI_PROJECT_DIR}/qa"
...@@ -172,7 +177,7 @@ review-stop: ...@@ -172,7 +177,7 @@ review-stop:
review-qa-smoke: review-qa-smoke:
extends: extends:
- .review-qa-base - .review-qa-base
- .review:rules:mr-only-auto - .review:rules:mr-only-auto-if-frontend-manual-otherwise
script: script:
- gitlab-qa Test::Instance::Smoke "${QA_IMAGE}" "${CI_ENVIRONMENT_URL}" - gitlab-qa Test::Instance::Smoke "${QA_IMAGE}" "${CI_ENVIRONMENT_URL}"
...@@ -189,11 +194,11 @@ review-qa-all: ...@@ -189,11 +194,11 @@ review-qa-all:
review-performance: review-performance:
extends: extends:
- .review-docker - .review-docker
- .review:rules:mr-and-schedule - .review:rules:mr-and-schedule-auto-if-frontend-manual-otherwise
stage: qa stage: qa
needs: # This is needed so that manual jobs with needs don't block the pipeline.
- job: review-deploy # See https://gitlab.com/gitlab-org/gitlab/-/issues/199979.
artifacts: true dependencies: ["review-deploy"]
allow_failure: true allow_failure: true
before_script: before_script:
- export CI_ENVIRONMENT_URL="$(cat environment_url.txt)" - export CI_ENVIRONMENT_URL="$(cat environment_url.txt)"
......
...@@ -57,6 +57,17 @@ ...@@ -57,6 +57,17 @@
- "doc/**/*" - "doc/**/*"
- ".markdownlint.json" - ".markdownlint.json"
.frontend-dependency-patterns: &frontend-dependency-patterns
- "{package.json,yarn.lock}"
.frontend-patterns: &frontend-patterns
- "{package.json,yarn.lock}"
- "{babel.config,jest.config}.js"
- ".csscomb.json"
- "Dockerfile.assets"
- "vendor/assets/**/*"
- "{,ee/}{app/assets,app/helpers,app/presenters,app/views,locale,public,symbol}/**/*"
.backstage-patterns: &backstage-patterns .backstage-patterns: &backstage-patterns
- "Dangerfile" - "Dangerfile"
- "danger/**/*" - "danger/**/*"
...@@ -66,39 +77,38 @@ ...@@ -66,39 +77,38 @@
- "doc/README.md" # Some RSpec test rely on this file - "doc/README.md" # Some RSpec test rely on this file
.code-patterns: &code-patterns .code-patterns: &code-patterns
- "{package.json,yarn.lock}"
- "{babel.config,jest.config}.js"
- ".csscomb.json"
- "Dockerfile.assets"
- "vendor/assets/**/*"
- ".gitlab/ci/**/*" - ".gitlab/ci/**/*"
- ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}"
- ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,scss-lint}.yml" - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,scss-lint}.yml"
- ".csscomb.json"
- "Dockerfile.assets"
- "*_VERSION" - "*_VERSION"
- "Gemfile{,.lock}" - "Gemfile{,.lock}"
- "Rakefile" - "Rakefile"
- "{babel.config,jest.config}.js"
- "config.ru" - "config.ru"
- "{package.json,yarn.lock}"
- "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
- "doc/api/graphql/reference/*" # Files in this folder are auto-generated - "doc/api/graphql/reference/*" # Files in this folder are auto-generated
.frontend-dependency-patterns: &frontend-dependency-patterns
- "{package.json,yarn.lock}"
.qa-patterns: &qa-patterns .qa-patterns: &qa-patterns
- ".dockerignore" - ".dockerignore"
- "qa/**/*" - "qa/**/*"
.code-backstage-patterns: &code-backstage-patterns .code-backstage-patterns: &code-backstage-patterns
- "{package.json,yarn.lock}"
- "{babel.config,jest.config}.js"
- ".csscomb.json"
- "Dockerfile.assets"
- "vendor/assets/**/*"
- ".gitlab/ci/**/*" - ".gitlab/ci/**/*"
- ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}"
- ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,scss-lint}.yml" - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,scss-lint}.yml"
- ".csscomb.json"
- "Dockerfile.assets"
- "*_VERSION" - "*_VERSION"
- "Gemfile{,.lock}" - "Gemfile{,.lock}"
- "Rakefile" - "Rakefile"
- "{babel.config,jest.config}.js"
- "config.ru" - "config.ru"
- "{package.json,yarn.lock}"
- "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
- "doc/api/graphql/reference/*" # Files in this folder are auto-generated - "doc/api/graphql/reference/*" # Files in this folder are auto-generated
# Backstage changes # Backstage changes
...@@ -110,17 +120,18 @@ ...@@ -110,17 +120,18 @@
- "doc/README.md" # Some RSpec test rely on this file - "doc/README.md" # Some RSpec test rely on this file
.code-qa-patterns: &code-qa-patterns .code-qa-patterns: &code-qa-patterns
- "{package.json,yarn.lock}"
- "{babel.config,jest.config}.js"
- ".csscomb.json"
- "Dockerfile.assets"
- "vendor/assets/**/*"
- ".gitlab/ci/**/*" - ".gitlab/ci/**/*"
- ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}"
- ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,scss-lint}.yml" - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,scss-lint}.yml"
- ".csscomb.json"
- "Dockerfile.assets"
- "*_VERSION" - "*_VERSION"
- "Gemfile{,.lock}" - "Gemfile{,.lock}"
- "Rakefile" - "Rakefile"
- "{babel.config,jest.config}.js"
- "config.ru" - "config.ru"
- "{package.json,yarn.lock}"
- "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
- "doc/api/graphql/reference/*" # Files in this folder are auto-generated - "doc/api/graphql/reference/*" # Files in this folder are auto-generated
# QA changes # QA changes
...@@ -128,17 +139,18 @@ ...@@ -128,17 +139,18 @@
- "qa/**/*" - "qa/**/*"
.code-backstage-qa-patterns: &code-backstage-qa-patterns .code-backstage-qa-patterns: &code-backstage-qa-patterns
- "{package.json,yarn.lock}"
- "{babel.config,jest.config}.js"
- ".csscomb.json"
- "Dockerfile.assets"
- "vendor/assets/**/*"
- ".gitlab/ci/**/*" - ".gitlab/ci/**/*"
- ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}"
- ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,scss-lint}.yml" - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,scss-lint}.yml"
- ".csscomb.json"
- "Dockerfile.assets"
- "*_VERSION" - "*_VERSION"
- "Gemfile{,.lock}" - "Gemfile{,.lock}"
- "Rakefile" - "Rakefile"
- "{babel.config,jest.config}.js"
- "config.ru" - "config.ru"
- "{package.json,yarn.lock}"
- "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
- "doc/api/graphql/reference/*" # Files in this folder are auto-generated - "doc/api/graphql/reference/*" # Files in this folder are auto-generated
# Backstage changes # Backstage changes
...@@ -416,8 +428,12 @@ ...@@ -416,8 +428,12 @@
rules: rules:
- if: '$DAST_DISABLED || $GITLAB_FEATURES !~ /\bdast\b/' - if: '$DAST_DISABLED || $GITLAB_FEATURES !~ /\bdast\b/'
when: never when: never
- <<: *if-dot-com-gitlab-org-merge-request
changes: *frontend-patterns
when: on_success
- <<: *if-dot-com-gitlab-org-merge-request - <<: *if-dot-com-gitlab-org-merge-request
changes: *code-qa-patterns changes: *code-qa-patterns
when: manual
.reports:schedule-dast: .reports:schedule-dast:
rules: rules:
...@@ -428,7 +444,7 @@ ...@@ -428,7 +444,7 @@
################ ################
# Review rules # # Review rules #
################ ################
.review:rules:mr-and-schedule: .review:rules:mr-and-schedule-auto:
rules: rules:
- <<: *if-dot-com-gitlab-org-merge-request - <<: *if-dot-com-gitlab-org-merge-request
changes: *code-qa-patterns changes: *code-qa-patterns
...@@ -436,12 +452,33 @@ ...@@ -436,12 +452,33 @@
- <<: *if-dot-com-gitlab-org-schedule - <<: *if-dot-com-gitlab-org-schedule
when: on_success when: on_success
.review:rules:mr-and-schedule-auto-if-frontend-manual-otherwise:
rules:
- <<: *if-dot-com-gitlab-org-merge-request
changes: *frontend-patterns
when: on_success
- <<: *if-dot-com-gitlab-org-merge-request
changes: *code-qa-patterns
when: manual
allow_failure: true
- <<: *if-dot-com-gitlab-org-schedule
when: on_success
.review:rules:mr-only-auto: .review:rules:mr-only-auto:
rules: rules:
- <<: *if-dot-com-gitlab-org-merge-request - <<: *if-dot-com-gitlab-org-merge-request
changes: *code-qa-patterns changes: *code-qa-patterns
when: on_success when: on_success
.review:rules:mr-only-auto-if-frontend-manual-otherwise:
rules:
- <<: *if-dot-com-gitlab-org-merge-request
changes: *frontend-patterns
when: on_success
- <<: *if-dot-com-gitlab-org-merge-request
changes: *code-qa-patterns
when: manual
.review:rules:mr-only-manual: .review:rules:mr-only-manual:
rules: rules:
- <<: *if-dot-com-gitlab-org-merge-request - <<: *if-dot-com-gitlab-org-merge-request
......
...@@ -133,7 +133,9 @@ and included in `rules` definitions via [YAML anchors](../ci/yaml/README.md#anch ...@@ -133,7 +133,9 @@ and included in `rules` definitions via [YAML anchors](../ci/yaml/README.md#anch
|------------------------------|--------------------------------------------------------------------------| |------------------------------|--------------------------------------------------------------------------|
| `yaml-patterns` | Only create job for YAML-related changes. | | `yaml-patterns` | Only create job for YAML-related changes. |
| `docs-patterns` | Only create job for docs-related changes. | | `docs-patterns` | Only create job for docs-related changes. |
| `backstage-patterns` | Only create job for backstage-related changes. | | `frontend-dependency-patterns` | Only create job when frontend dependencies are updated (i.e. `package.json`, and `yarn.lock`). changes. |
| `frontend-patterns` | Only create job for frontend-related changes. |
| `backstage-patterns` | Only create job for backstage-related changes (i.e. Danger, fixtures, RuboCop, specs). |
| `code-patterns` | Only create job for code-related changes. | | `code-patterns` | Only create job for code-related changes. |
| `qa-patterns` | Only create job for QA-related changes. | | `qa-patterns` | Only create job for QA-related changes. |
| `code-backstage-patterns` | Combination of `code-patterns` and `backstage-patterns`. | | `code-backstage-patterns` | Combination of `code-patterns` and `backstage-patterns`. |
......
...@@ -57,3 +57,54 @@ function echoinfo() { ...@@ -57,3 +57,54 @@ function echoinfo() {
printf "\033[0;33m%s\n\033[0m" "${1}" >&2; printf "\033[0;33m%s\n\033[0m" "${1}" >&2;
fi fi
} }
function get_job_id() {
local job_name="${1}"
local query_string="${2:+&${2}}"
local api_token="${API_TOKEN-${GITLAB_BOT_MULTI_PROJECT_PIPELINE_POLLING_TOKEN}}"
if [ -z "${api_token}" ]; then
echoerr "Please provide an API token with \$API_TOKEN or \$GITLAB_BOT_MULTI_PROJECT_PIPELINE_POLLING_TOKEN."
return
fi
local max_page=3
local page=1
while true; do
local url="https://gitlab.com/api/v4/projects/${CI_PROJECT_ID}/pipelines/${CI_PIPELINE_ID}/jobs?per_page=100&page=${page}${query_string}"
echoinfo "GET ${url}"
local job_id
job_id=$(curl --silent --show-error --header "PRIVATE-TOKEN: ${api_token}" "${url}" | jq "map(select(.name == \"${job_name}\")) | map(.id) | last")
[[ "${job_id}" == "null" && "${page}" -lt "$max_page" ]] || break
let "page++"
done
if [[ "${job_id}" == "" ]]; then
echoerr "The '${job_name}' job ID couldn't be retrieved!"
else
echoinfo "The '${job_name}' job ID is ${job_id}"
echo "${job_id}"
fi
}
function play_job() {
local job_name="${1}"
local job_id
job_id=$(get_job_id "${job_name}" "scope=manual");
if [ -z "${job_id}" ]; then return; fi
local api_token="${API_TOKEN-${GITLAB_BOT_MULTI_PROJECT_PIPELINE_POLLING_TOKEN}}"
if [ -z "${api_token}" ]; then
echoerr "Please provide an API token with \$API_TOKEN or \$GITLAB_BOT_MULTI_PROJECT_PIPELINE_POLLING_TOKEN."
return
fi
local url="https://gitlab.com/api/v4/projects/${CI_PROJECT_ID}/jobs/${job_id}/play"
echoinfo "POST ${url}"
local job_url
job_url=$(curl --silent --show-error --request POST --header "PRIVATE-TOKEN: ${api_token}" "${url}" | jq ".web_url")
echoinfo "Manual job '${job_name}' started at: ${job_url}"
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment