-
Notifications
You must be signed in to change notification settings - Fork 144
/
Copy path.gitlab-ci.yml
204 lines (189 loc) · 5.87 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
stages:
- check
- prepare
- tests
- post-test
- update-cache
- package
- image
- scan-dependencies
- staging_upload
- staging_verify
- package-and-image-release
- qa-release
- validate
- metrics
- aws-marketplace-release
- notification_fail
- qa
- verify
include:
- local: '/gitlab-ci-config/workflow-rules.yml'
- local: '/gitlab-ci-config/variables.yml'
- local: '/gitlab-ci-config/rat.yml'
- local: '/gitlab-ci-config/dev-gitlab-org.yml'
- local: '/gitlab-ci-config/gitlab-com.yml'
rules:
- if: '$CI_SERVER_HOST == "gitlab.com"'
default:
tags:
- gitlab-org
.distribution-amd64-tags:
- distribution-runner
- amd64
.distribution-arm64-tags:
- distribution-runner
- ${ARM64_RUNNER_TAG}
.distribution-armhf-tags:
- distribution-runner
- armhf
### For services that need a docker daemon
.docker_job:
image: "${BUILDER_IMAGE_REGISTRY}/distribution_ci_tools:${BUILDER_IMAGE_REVISION}"
variables:
DOCKER_DRIVER: overlay2
DOCKER_HOST: tcp://docker:2375
services:
- name: docker:23.0.5-dind
alias: localhost
tags:
- gitlab-org-docker
.gems-cache:
cache:
key: "gems-cache-${BUILDER_IMAGE_REVISION}${CACHE_KEY_SUFFIX}"
paths:
- gems
policy: pull
.gems-cache-os-dependent:
cache:
key: "gems-cache-${CI_JOB_IMAGE}${CACHE_KEY_SUFFIX}"
paths:
- gems
.build-package:
- bundle exec rake cache:populate
- bundle exec rake cache:restore
- bundle exec rake build:project
- bundle exec rake build:package:sync
- bundle exec rake cache:bundle
- bundle exec rake build:component_shas
before_script:
- echo "PIPELINE_TYPE detected as ${PIPELINE_TYPE}"
# Exit early if building on an OS for which we don't provide the specified
# package edition (CE/EE). For child pipelines from
# TRIGGERED_(CE|EE)_PIPELINE, we don't want exit early, but try to build
# everything.
- if [[ "${CI_PIPELINE_SOURCE}" != "parent_pipeline" ]] && [[ "${CI_PIPELINE_SOURCE}" != "pipeline" ]]; then
export CE_ONLY=(Raspberry);
export EE_ONLY=(SLES RAT);
for job in "${CE_ONLY[@]}"; do
if [[ "${CI_JOB_NAME}" =~ ${job} ]]; then
if ./support/is_gitlab_ee.sh; then
echo "EE build found. ${CI_JOB_NAME} is run only on CE builds";
exit 0 ;
fi;
fi;
done;
for job in "${EE_ONLY[@]}"; do
if [[ "${CI_JOB_NAME}" =~ ${job} ]]; then
if ! ./support/is_gitlab_ee.sh; then
echo "CE build found. ${CI_JOB_NAME} is run only on EE builds";
exit 0 ;
fi;
fi;
done
fi
- echo $NIGHTLY
- mkdir -p ~/.ssh
- mkdir -p ~/.aws
- mkdir -p cache
- if [ -n "$DEV_GITLAB_SSH_KEY" ]; then
echo "$DEV_GITLAB_SSH_KEY" > ~/.ssh/id_rsa;
cp support/known_hosts ~/.ssh/known_hosts;
chmod -R 0600 ~/.ssh/;
fi
- bash scripts/ci/prepare_bundle.sh
- if [ -n "$NIGHTLY" ]; then
export STAGING_REPO=${NIGHTLY_REPO};
export FIPS_STAGING_REPO=${NIGHTLY_FIPS_REPO};
fi
fetch-assets:
extends: .docker_job
stage: prepare
timeout: 1 hour
before_script: []
script:
- export VERSION=${GITLAB_ASSETS_TAG-${GITLAB_REF_SLUG-$(ruby -I. -e 'require "lib/gitlab/version"; puts Gitlab::Version.new("gitlab-rails").print')}}
- support/fetch_assets "${VERSION}"
artifacts:
paths:
- ${ASSET_PATH}
rules:
- if: '$COMPILE_ASSETS == "true"'
when: never
# NOTE (rspeicher): Checking `$AUTO_DEPLOY_COMPILE_ASSETS` as a feature flag
# See https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5805
- if: '$AUTO_DEPLOY_COMPILE_ASSETS && $PIPELINE_TYPE =~ /AUTO_DEPLOY_BUILD_PIPELINE$/'
when: never
# Run on all pipelines including a package build (except auto-deploy tag
# covered above)
- if: '$PIPELINE_TYPE =~ /_BUILD_PIPELINE$/'
- if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/'
- if: '$PIPELINE_TYPE == "TRIGGER_CACHE_UPDATE_PIPELINE"'
- if: '$PIPELINE_TYPE == "DURATION_PLOTTER_PIPELINE"'
retry: 2
generate-facts:
extends: .gems-cache
stage: prepare
image: "${BUILDER_IMAGE_REGISTRY}/distribution_ci_tools:${BUILDER_IMAGE_REVISION}"
script:
- mkdir -p build_facts
- bundle exec omnibus manifest gitlab -l nothing > build_facts/version-manifest.json
- bundle exec rake build:generate_facts
artifacts:
paths:
- build_facts
reports:
dotenv: build_facts/env_vars
rules:
- if: '$PIPELINE_TYPE =~ /_BUILD_PIPELINE$/'
- if: '$PIPELINE_TYPE == "TRIGGER_CACHE_UPDATE_PIPELINE"'
- if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/'
- if: '$PIPELINE_TYPE == "GITLAB_MR_PIPELINE"'
- if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/'
- if: '$PIPELINE_TYPE == "DEPENDENCY_SCANNING_PIPELINE"'
- if: '$PIPELINE_TYPE == "FORK_MR_PIPELINE"'
- when: never
needs: []
retry: 2
.notify:
before_script:
- apk add --no-cache curl
image: "alpine"
stage: notification_fail
notify:slack-fail:scheduled-master:
extends:
- .notify
script:
- ./support/notify_slack.sh "#qa-master" "☠️ Scheduled omnibus-build against master failed! ☠️ See $CI_PIPELINE_URL (triggered from $TOP_UPSTREAM_SOURCE_JOB)"
rules:
- if: '$TOP_UPSTREAM_SOURCE_JOB == null || $TOP_UPSTREAM_SOURCE_REF != "master"'
when: never
- if: '$PIPELINE_TYPE == "TRIGGERED_EE_PIPELINE"'
when: on_failure
issue-bot:
stage: notification_fail
image: registry.gitlab.com/gitlab-org/distribution/issue-bot:latest
script: /issue-bot
rules:
# Not needed in non-protected (feature) branches
- if: '$CI_COMMIT_REF_PROTECTED != "true"'
when: never
# Not needed in omnibus-gitlab-mirror
- if: '$CI_PROJECT_PATH == $QA_PROJECT_PATH'
when: never
# The remaining scenarios are all important pipelines we want to be
# notified about
# 0. Tags
# 1. Master branch - includes scheduled pipelines also
# 2. Stable branches
- when: on_failure