Commit f09f14e0 authored by Albert Salim's avatar Albert Salim Committed by Lin Jen-Shin

Use child pipeline for review apps

parent 4ee03181
......@@ -5,9 +5,7 @@ stages:
- fixtures
- test
- post-test
- review-prepare
- review
- dast
- qa
- post-qa
- pages
......
stages:
- prepare
- deploy
- qa
- post-qa
- dast
include:
- local: .gitlab/ci/global.gitlab-ci.yml
- local: .gitlab/ci/rules.gitlab-ci.yml
- local: .gitlab/ci/review-apps/qa.gitlab-ci.yml
- local: .gitlab/ci/review-apps/dast.gitlab-ci.yml
.base-before_script: &base-before_script
- source ./scripts/utils.sh
- source ./scripts/review_apps/review-apps.sh
- install_api_client_dependencies_with_apk
review-build-cng:
extends:
- .default-retry
- .review:rules:review-build-cng
image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7-alpine3.13
stage: prepare
variables:
CNG_PROJECT_ACCESS_TOKEN: "${CNG_MIRROR_PROJECT_ACCESS_TOKEN}" # "Multi-pipeline (from 'gitlab-org/gitlab' 'review-build-cng' job)" at https://gitlab.com/gitlab-org/build/CNG-mirror/-/settings/access_tokens
CNG_PROJECT_PATH: "gitlab-org/build/CNG-mirror"
before_script:
- source ./scripts/utils.sh
- install_gitlab_gem
script:
- ./scripts/trigger-build cng
.review-workflow-base:
extends:
- .default-retry
image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-helm3.5-kubectl1.17
variables:
HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}"
DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}"
GITLAB_HELM_CHART_REF: "v5.2.1"
environment:
name: review/${CI_COMMIT_REF_SLUG}${FREQUENCY}
url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}
on_stop: review-stop
auto_stop_in: 48 hours
review-deploy:
extends:
- .review-workflow-base
- .review:rules:review-deploy
stage: deploy
needs: ["review-build-cng"]
resource_group: "review/${CI_COMMIT_REF_NAME}"
before_script:
- export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION)
- export GITALY_VERSION=$(<GITALY_SERVER_VERSION)
- export GITLAB_WORKHORSE_VERSION=$(<GITLAB_WORKHORSE_VERSION)
- echo "${CI_ENVIRONMENT_URL}" > environment_url.txt
- *base-before_script
script:
- check_kube_domain
- download_chart
- date
- deploy || (display_deployment_debug && exit 1)
- verify_deploy || exit 1
- disable_sign_ups || (delete_release && exit 1)
after_script:
# Run seed-dast-test-data.sh only when DAST_RUN is set to true. This is to pupulate review app with data for DAST scan.
# Set DAST_RUN to true when jobs are manually scheduled.
- if [ "$DAST_RUN" == "true" ]; then source scripts/review_apps/seed-dast-test-data.sh; TRACE=1 trigger_proj_user_creation; fi
artifacts:
paths:
- environment_url.txt
- curl_output.txt
expire_in: 7 days
when: always
.review-stop-base:
extends: .review-workflow-base
environment:
action: stop
dependencies: []
variables:
# We're cloning the repo instead of downloading the script for now
# because some repos are private and CI_JOB_TOKEN cannot access files.
# See https://gitlab.com/gitlab-org/gitlab/issues/191273
GIT_DEPTH: 1
before_script:
- *base-before_script
review-delete-deployment:
extends:
- .review-stop-base
- .review:rules:review-delete-deployment
stage: prepare
script:
- delete_release
review-stop:
extends:
- .review-stop-base
- .review:rules:review-stop
stage: post-qa
script:
- delete_k8s_release_namespace
.review-qa-base:
extends:
- .use-docker-in-docker
image:
name: ${QA_IMAGE}
entrypoint: [""]
stage: qa
needs: ["review-deploy"]
variables:
QA_DEBUG: "true"
QA_CAN_TEST_GIT_PROTOCOL_V2: "false"
QA_GENERATE_ALLURE_REPORT: "true"
GITLAB_USERNAME: "root"
GITLAB_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}"
GITLAB_ADMIN_USERNAME: "root"
GITLAB_ADMIN_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}"
GITHUB_ACCESS_TOKEN: "${REVIEW_APPS_QA_GITHUB_ACCESS_TOKEN}"
EE_LICENSE: "${REVIEW_APPS_EE_LICENSE}"
SIGNUP_DISABLED: "true"
before_script:
# Use $CI_MERGE_REQUEST_SOURCE_BRANCH_SHA so that GitLab image built in omnibus-gitlab-mirror and QA image are in sync.
- if [ -n "$CI_MERGE_REQUEST_SOURCE_BRANCH_SHA" ]; then
git checkout -f ${CI_MERGE_REQUEST_SOURCE_BRANCH_SHA};
fi
- export CI_ENVIRONMENT_URL="$(cat environment_url.txt)"
- echo "${CI_ENVIRONMENT_URL}"
- cd qa
artifacts:
paths:
- qa/tmp
expire_in: 7 days
when: always
.allure-report-base:
image:
name: ${GITLAB_DEPENDENCY_PROXY}andrcuns/allure-report-publisher:0.3.4
entrypoint: [""]
stage: post-qa
variables:
GIT_STRATEGY: none
STORAGE_CREDENTIALS: $QA_ALLURE_REPORT_GCS_CREDENTIALS
GITLAB_AUTH_TOKEN: $GITLAB_QA_MR_ALLURE_REPORT_TOKEN
allow_failure: true
script:
- |
allure-report-publisher upload gcs \
--results-glob="qa/tmp/allure-results/*" \
--bucket="gitlab-qa-allure-reports" \
--prefix="$ALLURE_REPORT_PATH_PREFIX/$CI_COMMIT_REF_SLUG" \
--update-pr="comment" \
--copy-latest \
--ignore-missing-results \
--color
review-qa-smoke:
extends:
- .review-qa-base
- .review:rules:review-qa-smoke
retry: 1 # This is confusing but this means "2 runs at max".
variables:
QA_RUN_TYPE: review-qa-smoke
script:
- bin/test Test::Instance::Smoke "${CI_ENVIRONMENT_URL}"
review-qa-all:
extends:
- .review-qa-base
- .review:rules:review-qa-all
variables:
QA_RUN_TYPE: review-qa-all
parallel: 5
script:
- export KNAPSACK_REPORT_PATH=knapsack/master_report.json
- export KNAPSACK_TEST_FILE_PATTERN=qa/specs/features/**/*_spec.rb
- |
bin/test Test::Instance::All "${CI_ENVIRONMENT_URL}" \
-- \
--color --format documentation \
--format RspecJunitFormatter --out tmp/rspec.xml
artifacts:
reports:
junit: qa/tmp/rspec.xml
review-performance:
extends:
- .default-retry
- .review:rules:review-performance
image:
name: sitespeedio/sitespeed.io
entrypoint: [""]
stage: qa
needs: ["review-deploy"]
before_script:
- export CI_ENVIRONMENT_URL="$(cat environment_url.txt)"
- echo "${CI_ENVIRONMENT_URL}"
- mkdir -p gitlab-exporter
- wget -O ./gitlab-exporter/index.js https://gitlab.com/gitlab-org/gl-performance/raw/master/index.js
- mkdir -p sitespeed-results
script:
- /start.sh --plugins.add ./gitlab-exporter --outputFolder sitespeed-results "${CI_ENVIRONMENT_URL}"
after_script:
- mv sitespeed-results/data/performance.json performance.json
artifacts:
paths:
- sitespeed-results/
reports:
performance: performance.json
expire_in: 31d
allure-report-qa-smoke:
extends:
- .allure-report-base
- .review:rules:review-qa-smoke-report
needs: ["review-qa-smoke"]
variables:
ALLURE_REPORT_PATH_PREFIX: gitlab-review-smoke
ALLURE_JOB_NAME: review-qa-smoke
allure-report-qa-all:
extends:
- .allure-report-base
- .review:rules:review-qa-all-report
needs: ["review-qa-all"]
variables:
ALLURE_REPORT_PATH_PREFIX: gitlab-review-all
ALLURE_JOB_NAME: review-qa-all
......@@ -16,229 +16,19 @@ review-cleanup:
- ruby -rrubygems scripts/review_apps/automated_cleanup.rb
- gcp_cleanup
.base-before_script: &base-before_script
- source ./scripts/utils.sh
- source ./scripts/review_apps/review-apps.sh
- install_api_client_dependencies_with_apk
review-build-cng:
start-review-app-pipeline:
extends:
- .default-retry
- .review:rules:review-build-cng
image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7-alpine3.13
stage: review-prepare
- .review:rules:review-app-pipeline
stage: review
needs:
- job: compile-production-assets
- job: build-assets-image
artifacts: false
variables:
CNG_PROJECT_ACCESS_TOKEN: "${CNG_MIRROR_PROJECT_ACCESS_TOKEN}" # "Multi-pipeline (from 'gitlab-org/gitlab' 'review-build-cng' job)" at https://gitlab.com/gitlab-org/build/CNG-mirror/-/settings/access_tokens
CNG_PROJECT_PATH: "gitlab-org/build/CNG-mirror"
before_script:
- source ./scripts/utils.sh
- install_gitlab_gem
script:
- ./scripts/trigger-build cng
.review-workflow-base:
extends:
- .default-retry
image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-helm3.5-kubectl1.17
variables:
HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}"
DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}"
GITLAB_HELM_CHART_REF: "v5.2.1"
environment:
name: review/${CI_COMMIT_REF_SLUG}${FREQUENCY}
url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}
on_stop: review-stop
auto_stop_in: 48 hours
review-deploy:
extends:
- .review-workflow-base
- .review:rules:review-deploy
stage: review
needs: ["review-build-cng"]
resource_group: "review/${CI_COMMIT_REF_NAME}"
before_script:
- export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION)
- export GITALY_VERSION=$(<GITALY_SERVER_VERSION)
- export GITLAB_WORKHORSE_VERSION=$(<GITLAB_WORKHORSE_VERSION)
- echo "${CI_ENVIRONMENT_URL}" > environment_url.txt
- *base-before_script
script:
- check_kube_domain
- download_chart
- date
- deploy || (display_deployment_debug && exit 1)
- verify_deploy || exit 1
- disable_sign_ups || (delete_release && exit 1)
after_script:
# Run seed-dast-test-data.sh only when DAST_RUN is set to true. This is to pupulate review app with data for DAST scan.
# Set DAST_RUN to true when jobs are manually scheduled.
- if [ "$DAST_RUN" == "true" ]; then source scripts/review_apps/seed-dast-test-data.sh; TRACE=1 trigger_proj_user_creation; fi
artifacts:
paths:
- environment_url.txt
- curl_output.txt
expire_in: 7 days
when: always
.review-stop-base:
extends: .review-workflow-base
environment:
action: stop
dependencies: []
variables:
# We're cloning the repo instead of downloading the script for now
# because some repos are private and CI_JOB_TOKEN cannot access files.
# See https://gitlab.com/gitlab-org/gitlab/issues/191273
GIT_DEPTH: 1
before_script:
- *base-before_script
review-delete-deployment:
extends:
- .review-stop-base
- .review:rules:review-delete-deployment
stage: prepare
script:
- delete_release
review-stop:
extends:
- .review-stop-base
- .review:rules:review-stop
stage: post-qa
script:
- delete_k8s_release_namespace
.review-qa-base:
extends:
- .use-docker-in-docker
image:
name: ${QA_IMAGE}
entrypoint: [""]
stage: qa
needs: ["build-qa-image", "review-deploy"]
variables:
QA_DEBUG: "true"
QA_CAN_TEST_GIT_PROTOCOL_V2: "false"
QA_GENERATE_ALLURE_REPORT: "true"
GITLAB_USERNAME: "root"
GITLAB_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}"
GITLAB_ADMIN_USERNAME: "root"
GITLAB_ADMIN_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}"
GITHUB_ACCESS_TOKEN: "${REVIEW_APPS_QA_GITHUB_ACCESS_TOKEN}"
EE_LICENSE: "${REVIEW_APPS_EE_LICENSE}"
SIGNUP_DISABLED: "true"
before_script:
# Use $CI_MERGE_REQUEST_SOURCE_BRANCH_SHA so that GitLab image built in omnibus-gitlab-mirror and QA image are in sync.
- if [ -n "$CI_MERGE_REQUEST_SOURCE_BRANCH_SHA" ]; then
git checkout -f ${CI_MERGE_REQUEST_SOURCE_BRANCH_SHA};
fi
- export CI_ENVIRONMENT_URL="$(cat environment_url.txt)"
- echo "${CI_ENVIRONMENT_URL}"
- cd qa
artifacts:
paths:
- qa/tmp
expire_in: 7 days
when: always
.allure-report-base:
image:
name: ${GITLAB_DEPENDENCY_PROXY}andrcuns/allure-report-publisher:0.3.4
entrypoint: [""]
stage: post-qa
variables:
GIT_STRATEGY: none
STORAGE_CREDENTIALS: $QA_ALLURE_REPORT_GCS_CREDENTIALS
GITLAB_AUTH_TOKEN: $GITLAB_QA_MR_ALLURE_REPORT_TOKEN
allow_failure: true
script:
- |
allure-report-publisher upload gcs \
--results-glob="qa/tmp/allure-results/*" \
--bucket="gitlab-qa-allure-reports" \
--prefix="$ALLURE_REPORT_PATH_PREFIX/$CI_COMMIT_REF_SLUG" \
--update-pr="comment" \
--copy-latest \
--ignore-missing-results \
--color
review-qa-smoke:
extends:
- .review-qa-base
- .review:rules:review-qa-smoke
retry: 1 # This is confusing but this means "2 runs at max".
variables:
QA_RUN_TYPE: review-qa-smoke
script:
- bin/test Test::Instance::Smoke "${CI_ENVIRONMENT_URL}"
review-qa-all:
extends:
- .review-qa-base
- .review:rules:review-qa-all
parallel: 5
variables:
QA_RUN_TYPE: review-qa-all
script:
- export KNAPSACK_REPORT_PATH=knapsack/master_report.json
- export KNAPSACK_TEST_FILE_PATTERN=qa/specs/features/**/*_spec.rb
- |
bin/test Test::Instance::All "${CI_ENVIRONMENT_URL}" \
-- \
--color --format documentation \
--format RspecJunitFormatter --out tmp/rspec.xml
artifacts:
reports:
junit: qa/tmp/rspec.xml
review-performance:
extends:
- .default-retry
- .review:rules:review-performance
image:
name: sitespeedio/sitespeed.io
entrypoint: [""]
stage: qa
needs: ["review-deploy"]
before_script:
- export CI_ENVIRONMENT_URL="$(cat environment_url.txt)"
- echo "${CI_ENVIRONMENT_URL}"
- mkdir -p gitlab-exporter
- wget -O ./gitlab-exporter/index.js https://gitlab.com/gitlab-org/gl-performance/raw/master/index.js
- mkdir -p sitespeed-results
script:
- /start.sh --plugins.add ./gitlab-exporter --outputFolder sitespeed-results "${CI_ENVIRONMENT_URL}"
after_script:
- mv sitespeed-results/data/performance.json performance.json
artifacts:
paths:
- sitespeed-results/
reports:
performance: performance.json
expire_in: 31d
allure-report-qa-smoke:
extends:
- .allure-report-base
- .review:rules:review-qa-smoke-report
needs: ["review-qa-smoke"]
variables:
ALLURE_REPORT_PATH_PREFIX: gitlab-review-smoke
ALLURE_JOB_NAME: review-qa-smoke
allure-report-qa-all:
extends:
- .allure-report-base
- .review:rules:review-qa-all-report
needs: ["review-qa-all"]
variables:
ALLURE_REPORT_PATH_PREFIX: gitlab-review-all
ALLURE_JOB_NAME: review-qa-all
- job: build-qa-image
artifacts: false
trigger:
include:
- local: .gitlab/ci/review-apps/main.gitlab-ci.yml
strategy: depend
danger-review:
extends:
......
......@@ -116,6 +116,7 @@
- ".gitlab/ci/frontend.gitlab-ci.yml"
- ".gitlab/ci/build-images.gitlab-ci.yml"
- ".gitlab/ci/review.gitlab-ci.yml"
- ".gitlab/ci/review-apps/**/*"
- "scripts/review_apps/base-config.yaml"
- "scripts/review_apps/review-apps.sh"
- "scripts/trigger-build"
......@@ -1378,7 +1379,7 @@
################
# Review rules #
################
.review:rules:review-build-cng:
.review:rules:review-app-pipeline:
rules:
- <<: *if-not-ee
when: never
......@@ -1395,6 +1396,22 @@
allow_failure: true
- <<: *if-dot-com-gitlab-org-schedule
.review:rules:review-build-cng:
rules:
- <<: *if-not-ee
when: never
- <<: *if-dot-com-gitlab-org-merge-request
changes: *ci-review-patterns
- <<: *if-dot-com-gitlab-org-merge-request
changes: *frontend-patterns
- <<: *if-dot-com-gitlab-org-merge-request
changes: *code-patterns
allow_failure: true
- <<: *if-dot-com-gitlab-org-merge-request
changes: *qa-patterns
allow_failure: true
- <<: *if-dot-com-gitlab-org-schedule
.review:rules:review-deploy:
rules:
- <<: *if-not-ee
......
......@@ -6,12 +6,11 @@ info: To determine the technical writer assigned to the Stage/Group associated w
# Review Apps
Review Apps are automatically deployed by [the
pipeline](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/6665).
Review Apps are deployed using the `start-review-app-pipeline` job. This job triggers a child pipeline containing a series of jobs to perform the various tasks needed to deploy a Review App.
## When are Review Apps automatically deployed?
![start-review-app-pipeline job](img/review-app-parent-pipeline.png)
A Review App is automatically deployed for:
For any of the following scenarios, the `start-review-app-pipeline` job would be automatically started:
- for merge requests with CI config changes
- for merge requests with frontend changes
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment