Limit the cases when review and qa jobs are not allowed to fail

In https://gitlab.com/gitlab-org/gitlab/-/merge_requests/30831, we made the review and QA jobs to run automatically and to not be allowed to fail anytime a CI config file was changed. This commit fine-tune this so that: - Review jobs automatically start and are not allowed to fail when `.gitlab-ci.yml` or `.gitlab/ci/review.gitlab-ci.yml` are updated. - QA jobs automatically start and are not allowed to fail when `.gitlab-ci.yml` or `.gitlab/ci/qa.gitlab-ci.yml` are updated. This will avoid running jobs when we don't actually need to. Signed-off-by: Rémy Coutable <remy@rymai.me>

Limit the cases when review and qa jobs are not allowed to fail
In https://gitlab.com/gitlab-org/gitlab/-/merge_requests/30831, we made the review and QA jobs to run automatically and to not be allowed to fail anytime a CI config file was changed. This commit fine-tune this so that: - Review jobs automatically start and are not allowed to fail when `.gitlab-ci.yml` or `.gitlab/ci/review.gitlab-ci.yml` are updated. - QA jobs automatically start and are not allowed to fail when `.gitlab-ci.yml` or `.gitlab/ci/qa.gitlab-ci.yml` are updated. This will avoid running jobs when we don't actually need to. Signed-off-by: Rémy Coutable <remy@rymai.me>
89489d4e · Rémy Coutable · 5cbcc865 · 89489d4e · 89489d4e · 89489d4e
Commit 89489d4e authored Jun 03, 2020 by Rémy Coutable
6 changed files
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -61,6 +61,7 @@ variables:
  DOCKER_VERSION: "19.03.0"

 include:
+  - local: .gitlab/ci/build-images.gitlab-ci.yml
  - local: .gitlab/ci/cache-repo.gitlab-ci.yml
  - local: .gitlab/ci/cng.gitlab-ci.yml
  - local: .gitlab/ci/docs.gitlab-ci.yml

--- a/.gitlab/ci/build-images.gitlab-ci.yml
+++ b/.gitlab/ci/build-images.gitlab-ci.yml
+# This image is used by the `review-qa-*` jobs. Not currently used by the `omnibus-gitlab` pipelines which rebuild this
+# image, e.g. https://gitlab.com/gitlab-org/build/omnibus-gitlab-mirror/-/jobs/587107399, which we could probably avoid.
+# See https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5429.
+build-qa-image:
+  extends:
+    - .use-kaniko
+    - .build-images:rules:build-qa-image
+  stage: build-images
+  needs: []
+  script:
+    - export QA_IMAGE="${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-ee-qa:${CI_COMMIT_REF_SLUG}"
+    - /kaniko/executor --context=${CI_PROJECT_DIR} --dockerfile=${CI_PROJECT_DIR}/qa/Dockerfile --destination=${QA_IMAGE} --cache=true
+  retry: 2
+
+# This image is used by:
+# - The `CNG` pipelines (via the `review-build-cng` job): https://gitlab.com/gitlab-org/build/CNG/-/blob/cfc67136d711e1c8c409bf8e57427a644393da2f/.gitlab-ci.yml#L335
+# - The `omnibus-gitlab` pipelines (via the `package-and-qa` job): https://gitlab.com/gitlab-org/omnibus-gitlab/-/blob/dfd1ad475868fc84e91ab7b5706aa03e46dc3a86/.gitlab-ci.yml#L130
+build-assets-image:
+  extends:
+    - .use-kaniko
+    - .build-images:rules:build-assets-image
+  stage: build-images
+  needs: ["compile-production-assets"]
+  variables:
+    GIT_DEPTH: "1"
+  script:
+    # TODO: Change the image tag to be the MD5 of assets files and skip image building if the image exists
+    # We'll also need to pass GITLAB_ASSETS_TAG to the trigerred omnibus-gitlab pipeline similarly to how we do it for trigerred CNG pipelines
+    # https://gitlab.com/gitlab-org/gitlab/issues/208389
+    - run_timed_command "scripts/build_assets_image"
+  retry: 2
--- a/.gitlab/ci/frontend.gitlab-ci.yml
+++ b/.gitlab/ci/frontend.gitlab-ci.yml
@@ -90,21 +90,6 @@ update-yarn-cache:
  cache:
    policy: push

-build-assets-image:
-  extends:
-    - .use-kaniko
-    - .frontend:rules:compile-production-assets
-  stage: build-images
-  needs: ["compile-production-assets"]
-  variables:
-    GIT_DEPTH: "1"
-  script:
-    # TODO: Change the image tag to be the MD5 of assets files and skip image building if the image exists
-    # We'll also need to pass GITLAB_ASSETS_TAG to the trigerred omnibus-gitlab pipeline similarly to how we do it for trigerred CNG pipelines
-    # https://gitlab.com/gitlab-org/gitlab/issues/208389
-    - run_timed_command "scripts/build_assets_image"
-  retry: 2
-
 .frontend-fixtures-base:
  extends:
    - .frontend-base

--- a/.gitlab/ci/qa.gitlab-ci.yml
+++ b/.gitlab/ci/qa.gitlab-ci.yml
@@ -49,7 +49,6 @@ update-qa-cache:
 .package-and-qa-base:
  image: ruby:2.6-alpine
  stage: qa
-  dependencies: []
  retry: 0
  script:
    - source scripts/utils.sh

--- a/.gitlab/ci/review.gitlab-ci.yml
+++ b/.gitlab/ci/review.gitlab-ci.yml
-build-qa-image:
-  extends:
-    - .use-kaniko
-    - .review:rules:build-qa-image
-  stage: build-images
-  needs: []
-  script:
-    - export QA_IMAGE="${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-ee-qa:${CI_COMMIT_REF_SLUG}"
-    - /kaniko/executor --context=${CI_PROJECT_DIR} --dockerfile=${CI_PROJECT_DIR}/qa/Dockerfile --destination=${QA_IMAGE} --cache=true
-  retry: 2
-
 review-cleanup:
  extends:
    - .default-retry

--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -71,6 +71,22 @@
  - ".gitlab-ci.yml"
  - ".gitlab/ci/**/*"

+.ci-build-images-patterns: &ci-build-images-patterns
+  - ".gitlab-ci.yml"
+  - ".gitlab/ci/build-images.gitlab-ci.yml"
+
+.ci-review-patterns: &ci-review-patterns
+  - ".gitlab-ci.yml"
+  - ".gitlab/ci/frontend.gitlab-ci.yml"
+  - ".gitlab/ci/build-images.gitlab-ci.yml"
+  - ".gitlab/ci/review.gitlab-ci.yml"
+
+.ci-qa-patterns: &ci-qa-patterns
+  - ".gitlab-ci.yml"
+  - ".gitlab/ci/frontend.gitlab-ci.yml"
+  - ".gitlab/ci/build-images.gitlab-ci.yml"
+  - ".gitlab/ci/qa.gitlab-ci.yml"
+
 .yaml-patterns: &yaml-patterns
  - "**/*.yml"

@@ -197,6 +213,26 @@
    - <<: *if-master-schedule-2-hourly
    - <<: *if-merge-request-title-update-caches

+######################
+# Build images rules #
+######################
+.build-images:rules:build-qa-image:
+  rules:
+    - <<: *if-not-ee
+      when: never
+    - <<: *if-dot-com-gitlab-org-and-security-merge-request
+      changes: *ci-build-images-patterns
+    - <<: *if-dot-com-gitlab-org-and-security-merge-request
+      changes: *code-qa-patterns
+    - <<: *if-dot-com-gitlab-org-schedule
+
+.build-images:rules:build-assets-image:
+  rules:
+    - <<: *if-not-canonical-namespace
+      when: never
+    - changes: *ci-build-images-patterns
+    - changes: *code-backstage-qa-patterns
+
 ####################
 # Cache repo rules #
 ####################
@@ -367,7 +403,7 @@
 .qa:rules:package-and-qa:
  rules:
    - <<: *if-dot-com-gitlab-org-and-security-merge-request
-      changes: *ci-patterns
+      changes: *ci-qa-patterns
      allow_failure: true
    - <<: *if-dot-com-gitlab-org-and-security-merge-request
      changes: *qa-patterns
@@ -496,18 +532,12 @@
 ################
 # Review rules #
 ################
-.review:rules:build-qa-image:
+.review:rules:review-build-cng:
  rules:
    - <<: *if-not-ee
      when: never
-    - <<: *if-dot-com-gitlab-org-and-security-merge-request
-      changes: *code-qa-patterns
-    - <<: *if-dot-com-gitlab-org-schedule
-
-.review:rules:review-build-cng:
-  rules:
    - <<: *if-dot-com-gitlab-org-merge-request
-      changes: *ci-patterns
+      changes: *ci-review-patterns
    - <<: *if-dot-com-gitlab-org-merge-request
      changes: *frontend-patterns
    - <<: *if-dot-com-gitlab-org-merge-request
@@ -521,7 +551,7 @@
    - <<: *if-not-ee
      when: never
    - <<: *if-dot-com-gitlab-org-merge-request
-      changes: *ci-patterns
+      changes: *ci-review-patterns
    - <<: *if-dot-com-gitlab-org-merge-request
      changes: *frontend-patterns
      allow_failure: true
@@ -544,7 +574,7 @@
    - <<: *if-not-ee
      when: never
    - <<: *if-dot-com-gitlab-org-merge-request
-      changes: *ci-patterns
+      changes: *ci-review-patterns
    - <<: *if-dot-com-gitlab-org-merge-request
      changes: *frontend-patterns
      allow_failure: true