Commit 6ac02795 authored by GitLab Bot's avatar GitLab Bot

Automatic merge of gitlab-org/gitlab-ce master

parents f0c852a1 768475bd
...@@ -4,41 +4,79 @@ Review Apps are automatically deployed by each pipeline, both in ...@@ -4,41 +4,79 @@ Review Apps are automatically deployed by each pipeline, both in
[CE](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22010) and [CE](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22010) and
[EE](https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/6665). [EE](https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/6665).
CAUTION: **Warning:**
There's currently [an issue when using `/` in branch names][charts-1068] where
Review Apps fail to be deployed.
## How does it work? ## How does it work?
### CD/CD architecture diagram
![Review Apps CI/CD architecture](img/review_apps_cicd_architecture.png)
<details>
<summary>Show mermaid source</summary>
<pre>
graph TD
B1 -.->|2. once gitlab:assets:compile is done,<br />triggers a CNG-mirror pipeline and wait for it to be done| A2
C1 -.->|2. once review-build-cng is done,<br />Helm deploys the Review App using the Cloud<br/>Native images built by the CNG-mirror pipeline| A3
subgraph gitlab-ce/ee `test` stage
A1[gitlab:assets:compile]
B1[review-build-cng] -->|1. wait for| A1
C1[review-deploy] -->|1. wait for| B1
D1[review-qa-smoke] -->|1. wait for| C1
D1[review-qa-smoke] -.->|2. once review-deploy is done| E1>gitlab-qa runs the smoke<br/>suite against the Review App]
end
subgraph CNG-mirror pipeline
A2>Cloud Native images are built];
end
subgraph GCP `gitlab-review-apps` project
A3>"Cloud Native images are deployed to the<br />`review-apps-ce` or `review-apps-ee` Kubernetes (GKE) cluster"];
end
</pre>
</details>
### Detailed explanation
1. On every [pipeline][gitlab-pipeline] during the `test` stage, the 1. On every [pipeline][gitlab-pipeline] during the `test` stage, the
[`review-deploy`][review-deploy-job] job is automatically started. [`review-build-cng`][review-build-cng] and
1. The `review-deploy` job: [`review-deploy`][review-deploy] jobs are automatically started.
1. Waits for the `gitlab:assets:compile` job to finish since the - The [`review-deploy`][review-deploy] job waits for the
[`CNG-mirror`][cng-mirror] pipeline triggerred in the following step [`review-build-cng`][review-build-cng] job to finish.
depends on it. - The [`review-build-cng`][review-build-cng] job waits for the
1. [Triggers a pipeline][cng-pipeline] in the [`CNG-mirror`][cng-mirror] [`gitlab:assets:compile`][gitlab:assets:compile] job to finish since the
project. [`CNG-mirror`][cng-mirror] pipeline triggered in the following step depends on it.
- We use the `CNG-mirror` project so that the `CNG`, (**C**loud 1. Once the [`gitlab:assets:compile`][gitlab:assets:compile] job is done,
**N**ative **G**itLab), project's registry is not overloaded with a [`review-build-cng`][review-build-cng] [triggers a pipeline][cng-pipeline]
lot of transient Docker images. in the [`CNG-mirror`][cng-mirror] project.
- The `CNG-mirror` pipeline creates the Docker images of each component - The [`CNG-mirror`][cng-pipeline] pipeline creates the Docker images of
(e.g. `gitlab-rails-ee`, `gitlab-shell`, `gitaly` etc.) based on the each component (e.g. `gitlab-rails-ee`, `gitlab-shell`, `gitaly` etc.)
commit from the [GitLab pipeline][gitlab-pipeline] and store them in based on the commit from the [GitLab pipeline][gitlab-pipeline] and store
its [registry][cng-mirror-registry]. them in its [registry][cng-mirror-registry].
1. Once all images are built by [`CNG-mirror`][cng-mirror], the Review App - We use the [`CNG-mirror`][cng-mirror] project so that the `CNG`, (**C**loud
is deployed using [the official GitLab Helm chart][helm-chart] to the **N**ative **G**itLab), project's registry is not overloaded with a
[`review-apps-ce`][review-apps-ce] / [`review-apps-ee`][review-apps-ee] lot of transient Docker images.
Kubernetes cluster on GCP. 1. Once the [`review-build-cng`][review-build-cng] job is done, the
- The actual scripts used to deploy the Review App can be found at [`review-deploy`][review-deploy] job deploys the Review App using
[`scripts/review_apps/review-apps.sh`][review-apps.sh]. [the official GitLab Helm chart][helm-chart] to the
- These scripts are basically [`review-apps-ce`][review-apps-ce] / [`review-apps-ee`][review-apps-ee]
[our official Auto DevOps scripts][Auto-DevOps.gitlab-ci.yml] where the Kubernetes cluster on GCP.
default CNG images are overridden with the images built and stored in the - The actual scripts used to deploy the Review App can be found at
[`CNG-mirror` project's registry][cng-mirror-registry]. [`scripts/review_apps/review-apps.sh`][review-apps.sh].
- Since we're using [the official GitLab Helm chart][helm-chart], this means - These scripts are basically
you get a dedicated environment for your branch that's very close to what [our official Auto DevOps scripts][Auto-DevOps.gitlab-ci.yml] where the
it would look in production. default CNG images are overridden with the images built and stored in the
1. Once the `review-deploy` job succeeds, you should be able to use your Review [`CNG-mirror` project's registry][cng-mirror-registry].
App thanks to the direct link to it from the MR widget. The default username - Since we're using [the official GitLab Helm chart][helm-chart], this means
is `root` and its password can be found in the 1Password secure note named you get a dedicated environment for your branch that's very close to what
**gitlab-{ce,ee} Review App's root password** (note that there's currently it would look in production.
[a bug where the default password seems to be overridden][password-bug]). 1. Once the [`review-deploy`][review-deploy] job succeeds, you should be able to
use your Review App thanks to the direct link to it from the MR widget. The
default username is `root` and its password can be found in the 1Password
secure note named **gitlab-{ce,ee} Review App's root password**.
**Additional notes:** **Additional notes:**
...@@ -120,10 +158,13 @@ find a way to limit it to only us.** ...@@ -120,10 +158,13 @@ find a way to limit it to only us.**
> This isn't enabled for forks. > This isn't enabled for forks.
[gitlab-pipeline]: https://gitlab.com/gitlab-org/gitlab-ce/pipelines/35850709 [charts-1068]: https://gitlab.com/charts/gitlab/issues/1068
[review-deploy-job]: https://gitlab.com/gitlab-org/gitlab-ce/-/jobs/118076368 [gitlab-pipeline]: https://gitlab.com/gitlab-org/gitlab-ce/pipelines/44362587
[gitlab:assets:compile]: https://gitlab.com/gitlab-org/gitlab-ce/-/jobs/149511610
[review-build-cng]: https://gitlab.com/gitlab-org/gitlab-ce/-/jobs/149511623
[review-deploy]: https://gitlab.com/gitlab-org/gitlab-ce/-/jobs/149511624
[cng-mirror]: https://gitlab.com/gitlab-org/build/CNG-mirror [cng-mirror]: https://gitlab.com/gitlab-org/build/CNG-mirror
[cng-pipeline]: https://gitlab.com/gitlab-org/build/CNG-mirror/pipelines/35883435 [cng-pipeline]: https://gitlab.com/gitlab-org/build/CNG-mirror/pipelines/44364657
[cng-mirror-registry]: https://gitlab.com/gitlab-org/build/CNG-mirror/container_registry [cng-mirror-registry]: https://gitlab.com/gitlab-org/build/CNG-mirror/container_registry
[helm-chart]: https://gitlab.com/charts/gitlab/ [helm-chart]: https://gitlab.com/charts/gitlab/
[review-apps-ce]: https://console.cloud.google.com/kubernetes/clusters/details/us-central1-a/review-apps-ce?project=gitlab-review-apps [review-apps-ce]: https://console.cloud.google.com/kubernetes/clusters/details/us-central1-a/review-apps-ce?project=gitlab-review-apps
......
...@@ -17,11 +17,11 @@ module QA ...@@ -17,11 +17,11 @@ module QA
end end
def username def username
@username ||= "qa-user-#{unique_id}" @username || "qa-user-#{unique_id}"
end end
def password def password
@password ||= 'password' @password || 'password'
end end
def name def name
...@@ -29,7 +29,15 @@ module QA ...@@ -29,7 +29,15 @@ module QA
end end
def email def email
@email ||= api_resource&.dig(:email) || "#{username}@example.com" @email ||= "#{username}@example.com"
end
def public_email
@public_email ||= begin
api_public_email = api_resource&.dig(:public_email)
api_public_email && api_public_email != '' ? api_public_email : Runtime::User.default_email
end
end end
def credentials_given? def credentials_given?
......
...@@ -7,6 +7,10 @@ module QA ...@@ -7,6 +7,10 @@ module QA
'root' 'root'
end end
def default_email
'admin@example.com'
end
def default_password def default_password
'5iveL!fe' '5iveL!fe'
end end
......
...@@ -47,7 +47,7 @@ module QA ...@@ -47,7 +47,7 @@ module QA
Page::Project::Commit::Show.perform(&:select_email_patches) Page::Project::Commit::Show.perform(&:select_email_patches)
expect(page).to have_content("From: #{user.name} <#{user.email}>") expect(page).to have_content("From: #{user.name} <#{user.public_email}>")
expect(page).to have_content('Subject: [PATCH] Add second file') expect(page).to have_content('Subject: [PATCH] Add second file')
expect(page).to have_content('diff --git a/second b/second') expect(page).to have_content('diff --git a/second b/second')
end end
......
# frozen_string_literal: true
describe QA::Resource::User do
let(:api_resource) do
{
name: "GitLab QA",
username: "gitlab-qa",
web_url: "https://staging.gitlab.com/gitlab-qa",
public_email: "1614863-gitlab-qa@users.noreply.staging.gitlab.com"
}
end
describe '#username' do
it 'generates a default username' do
expect(subject.username).to match(/qa-user-\w+/)
end
it 'is possible to set the username' do
subject.username = 'johndoe'
expect(subject.username).to eq('johndoe')
end
end
describe '#password' do
it 'generates a default password' do
expect(subject.password).to eq('password')
end
it 'is possible to set the password' do
subject.password = 'secret'
expect(subject.password).to eq('secret')
end
end
describe '#name' do
it 'defaults to the username' do
expect(subject.name).to eq(subject.username)
end
it 'retrieves the name from the api_resource if present' do
subject.__send__(:api_resource=, api_resource)
expect(subject.name).to eq(api_resource[:name])
end
it 'is possible to set the name' do
subject.name = 'John Doe'
expect(subject.name).to eq('John Doe')
end
end
describe '#email' do
it 'defaults to the <username>@example.com' do
expect(subject.email).to eq("#{subject.username}@example.com")
end
it 'is possible to set the email' do
subject.email = 'johndoe@example.org'
expect(subject.email).to eq('johndoe@example.org')
end
end
describe '#public_email' do
it 'defaults to QA::Runtime::User.default_email' do
expect(subject.public_email).to eq(QA::Runtime::User.default_email)
end
it 'retrieves the public_email from the api_resource if present' do
subject.__send__(:api_resource=, api_resource)
expect(subject.public_email).to eq(api_resource[:public_email])
end
it 'defaults to QA::Runtime::User.default_email if the public_email from the api_resource is blank' do
subject.__send__(:api_resource=, api_resource.merge(public_email: ''))
expect(subject.public_email).to eq(QA::Runtime::User.default_email)
end
end
describe '#credentials_given?' do
it 'returns false when username and email have not been overridden' do
expect(subject).not_to be_credentials_given
end
it 'returns false even after username and email have been called' do
# Call #username and #password to ensure this doesn't set their respective
# instance variable.
subject.username
subject.password
expect(subject).not_to be_credentials_given
end
it 'returns false if only the username has been overridden' do
subject.username = 'johndoe'
expect(subject).not_to be_credentials_given
end
it 'returns false if only the password has been overridden' do
subject.password = 'secret'
expect(subject).not_to be_credentials_given
end
it 'returns true if both the username and password have been overridden' do
subject.username = 'johndoe'
subject.password = 'secret'
expect(subject).to be_credentials_given
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment