# Similar to .gitlab/ci/release-environments/main.gitlab-ci.yml, for release-environment pipelines in the security mirror. # Referenced in .gitlab/ci/release-environments.gitlab-ci.yml to differentiate from the canonical (main) version. # This file includes .gitlab/ci/cng/security.gitlab-ci.yml, instead of .gitlab/ci/cng/main.gitlab-ci.yml. --- include: - local: .gitlab/ci/cng/main.gitlab-ci.yml inputs: cng_path: 'charts/components/images' - project: 'gitlab-org/quality/pipeline-common' ref: '8.18.4' file: ci/base.gitlab-ci.yml stages: - prepare - start - deploy - qa - finish .inherit_variables: inherit: variables: - GIT_DEPTH - GIT_STRATEGY workflow: auto_cancel: on_new_commit: none variables: GIT_DEPTH: 20 GIT_STRATEGY: fetch release-environments-build-cng-env: extends: .build-cng-env release-environments-build-cng: extends: .build-cng needs: ["release-environments-build-cng-env"] variables: IMAGE_TAG_EXT: "-${CI_COMMIT_SHORT_SHA}" release-environments-deploy-env: stage: prepare needs: ["release-environments-build-cng"] variables: DEPLOY_ENV: deploy.env script: - ./scripts/release_environment/construct-release-environments-versions.rb artifacts: reports: dotenv: $DEPLOY_ENV paths: - $DEPLOY_ENV expire_in: 7 days when: always release-environments-update-resource-group: stage: prepare script: # Make sure pipelines run in order # See https://docs.gitlab.com/ee/ci/resource_groups/index.html#change-the-process-mode - | curl --request PUT --data "process_mode=oldest_first" --header "PRIVATE-TOKEN:${ENVIRONMENT_API_TOKEN}" \ "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/resource_groups/release-environment-${CI_COMMIT_REF_SLUG}" release-environments-notification-start: stage: start extends: .inherit_variables variables: RELEASE_ENVIRONMENT_NOTIFICATION_TYPE: "deploy" script: - ruby scripts/release_environment/notification.rb needs: ["release-environments-deploy-env"] release-environments-deploy: stage: deploy inherit: variables: false variables: VERSIONS: "${VERSIONS}" ENVIRONMENT: "${ENVIRONMENT}" trigger: project: gitlab-com/gl-infra/release-environments branch: main strategy: depend needs: ["release-environments-deploy-env"] resource_group: release-environment-${CI_COMMIT_REF_SLUG} release-environments-qa: stage: qa extends: - .qa-base timeout: 30m parallel: 5 variables: QA_SCENARIO: "Test::Instance::Smoke" RELEASE: "${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-ee-qa:${CI_COMMIT_SHA}" GITLAB_QA_OPTS: --address "https://gitlab.${ENVIRONMENT}.release.gke.gitlab.net" GITLAB_INITIAL_ROOT_PASSWORD: "${RELEASE_ENVIRONMENTS_ROOT_PASSWORD}" QA_PRAEFECT_REPOSITORY_STORAGE: "default" SIGNUP_DISABLED: "true" before_script: - !reference [.qa-base, before_script] - echo "$CI_REGISTRY_PASSWORD" | docker login "$CI_REGISTRY" -u "$CI_REGISTRY_USER" --password-stdin release-environments-notification-failure: stage: finish extends: .inherit_variables variables: RELEASE_ENVIRONMENT_NOTIFICATION_TYPE: "deploy" script: - ruby scripts/release_environment/notification.rb needs: - job: release-environments-deploy artifacts: false - job: release-environments-deploy-env when: on_failure release-environments-notification-success: stage: finish extends: .inherit_variables variables: RELEASE_ENVIRONMENT_NOTIFICATION_TYPE: "deploy" script: - ruby scripts/release_environment/notification.rb needs: - job: release-environments-qa artifacts: false - job: release-environments-deploy-env release-environments-notification-qa-failure: stage: finish extends: .inherit_variables variables: RELEASE_ENVIRONMENT_NOTIFICATION_TYPE: "qa" script: - ruby scripts/release_environment/notification.rb needs: - job: release-environments-qa artifacts: false - job: release-environments-deploy-env when: on_failure