# This config lists the jobs that will be run on omnibus-gitlab project in # gitlab.com. ############# # Templates # ############# .knapsack-artifacts: &knapsack-artifacts expire_in: 31d paths: - knapsack/ .knapsack-state: services: [] cache: key: "knapsack${CACHE_KEY_SUFFIX}" paths: - knapsack/ artifacts: !reference [.knapsack-artifacts] .knapsack: &prepare_knapsack extends: .knapsack-state stage: prepare before_script: [] script: - JOB_NAME=( $CI_JOB_NAME ) - export DISTRO_NAME=${JOB_NAME[0]} - export DISTRO_VERSION=${JOB_NAME[1]} - mkdir -p knapsack/ - '[[ -f knapsack/${DISTRO_NAME}_${DISTRO_VERSION}_main_rspec_report.json ]] || echo "{}" > knapsack/${DISTRO_NAME}_${DISTRO_VERSION}_main_rspec_report.json' rules: - if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/' - if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/' retry: 1 needs: - rubocop .install-gems: &install-gems - gem install bundler:${BUNDLER_VERSION} - bundle config build.ffi --disable-system-libffi - bundle config set --local path 'gems' - bundle config set --local frozen 'true' - bundle install -j $(nproc) - bundle binstubs --all .spec_template: &spec_template extends: .gems-cache-os-dependent stage: tests before_script: # These jobs will not be run on dev, so we set ALTERNATIVE_SOURCES to true # so tests run fine on forks - export ALTERNATIVE_SOURCES="true"; - !reference [.install-gems] retry: 1 script: - bundle exec rspec spec/lib artifacts: reports: &spec_reports junit: junit_rspec.xml rules: - if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/' - if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/' .chef_spec_template: extends: .spec_template variables: KNAPSACK_TEST_FILE_PATTERN: "spec/chef/**{,/*/**}/*_spec.rb" script: - JOB_NAME=( $CI_JOB_NAME ) - export DISTRO_NAME=${JOB_NAME[0]} - export DISTRO_VERSION=${JOB_NAME[1]} - export KNAPSACK_REPORT_PATH=knapsack/${DISTRO_NAME}_${DISTRO_VERSION}_rspec_node_${CI_NODE_INDEX}_${CI_NODE_TOTAL}_report.json - export KNAPSACK_GENERATE_REPORT=true - export USE_KNAPSACK=true # To prevent current OS providing empty/old reports of other OSs as an # artifact. If not, they may overwrite the valid/new reports from those # corresponding OSs. So, removing everything except current OS's report. - cp knapsack/${DISTRO_NAME}_${DISTRO_VERSION}_main_rspec_report.json ${KNAPSACK_REPORT_PATH}.bak - rm -f knapsack/*.json - mv ${KNAPSACK_REPORT_PATH}.bak ${KNAPSACK_REPORT_PATH} - bundle exec rake knapsack:rspec artifacts: # Since this is not an array, we can't use `!reference` tags. Hence using # yaml anchors. <<: *knapsack-artifacts reports: junit: junit_rspec.xml .base-trigger-job-variables: # In trigger jobs, we don't want to pollute cache CACHE_POLICY: 'pull' ALTERNATIVE_SOURCES: 'true' SECURITY_SOURCES: ${SECURITY_SOURCES} BUILDER_IMAGE_REVISION: ${BUILDER_IMAGE_REVISION} BUILDER_IMAGE_REGISTRY: ${BUILDER_IMAGE_REGISTRY} PUBLIC_BUILDER_IMAGE_REGISTRY: ${PUBLIC_BUILDER_IMAGE_REGISTRY} DEV_BUILDER_IMAGE_REGISTRY: ${DEV_BUILDER_IMAGE_REGISTRY} COMPILE_ASSETS: ${COMPILE_ASSETS} GITLAB_VERSION: ${GITLAB_VERSION} GITLAB_SHELL_VERSION: ${GITLAB_SHELL_VERSION} GITLAB_PAGES_VERSION: ${GITLAB_PAGES_VERSION} GITALY_SERVER_VERSION: ${GITALY_SERVER_VERSION} GITLAB_ELASTICSEARCH_INDEXER_VERSION: ${GITLAB_ELASTICSEARCH_INDEXER_VERSION} GITLAB_KAS_VERSION: ${GITLAB_KAS_VERSION} TOP_UPSTREAM_SOURCE_PROJECT: ${TOP_UPSTREAM_SOURCE_PROJECT} TOP_UPSTREAM_SOURCE_JOB: ${TOP_UPSTREAM_SOURCE_JOB} TOP_UPSTREAM_SOURCE_SHA: ${TOP_UPSTREAM_SOURCE_SHA} TOP_UPSTREAM_SOURCE_REF: ${TOP_UPSTREAM_SOURCE_REF} .ce-trigger-job-variables: extends: .base-trigger-job-variables PIPELINE_TYPE: "TRIGGERED_CE_PIPELINE" CACHE_EDITION: "CE" .ee-trigger-job-variables: extends: .base-trigger-job-variables PIPELINE_TYPE: "TRIGGERED_EE_PIPELINE" CACHE_EDITION: "EE" ee: "true" .ce-trigger-job: stage: qa trigger: include: '.gitlab-ci.yml' strategy: depend needs: - job: generate-facts artifacts: true allow_failure: true rules: - if: '$PIPELINE_TYPE =~ /_BRANCH_TEST_PIPELINE$/' when: manual variables: !reference [.ce-trigger-job-variables] - if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/' when: manual variables: !reference [.ce-trigger-job-variables] .review-docs: image: "${RUBY_IMAGE}-alpine" stage: post-test cache: {} needs: [] before_script: - gem install gitlab --no-doc # We need to download the script rather than clone the repo since the # review-docs-cleanup job will not be able to run when the branch gets # deleted (when merging the MR). - apk add --update openssl - wget https://gitlab.com/gitlab-org/gitlab/-/raw/master/scripts/trigger-build.rb - chmod 755 trigger-build.rb variables: GIT_STRATEGY: none DOCS_REVIEW_APPS_DOMAIN: docs.gitlab-review.app # By default, deploy the Review App using the `main` branch of the `gitlab-org/gitlab-docs` project DOCS_BRANCH: main allow_failure: true rules: - if: '$PIPELINE_TYPE == "GITLAB_BRANCH_TEST_PIPELINE"' when: manual - if: '$PIPELINE_TYPE == "GITLAB_MR_PIPELINE"' when: manual - if: '$PIPELINE_TYPE == "DOCS_PIPELINE"' when: manual .qa-template: variables: QA_RUN_ALL_TESTS: "false" RELEASE: $QA_RELEASE QA_IMAGE: $QA_IMAGE GITLAB_SEMVER_VERSION: $GITLAB_SEMVER_VERSION # latest semver gitlab version used for testing upgrade paths SKIP_OMNIBUS_TRIGGER: "true" GITLAB_AUTH_TOKEN: $DANGER_GITLAB_API_TOKEN ALLURE_MERGE_REQUEST_IID: $CI_MERGE_REQUEST_IID inherit: variables: false trigger: strategy: depend forward: yaml_variables: true pipeline_variables: true include: - project: ${QA_TESTS_UPSTREAM_PROJECT} ref: ${QA_TESTS_REF} file: .gitlab/ci/package-and-test/main.gitlab-ci.yml ##################### # Cache update jobs # ##################### update-gems-cache: extends: .gems-cache stage: update-cache image: "${BUILDER_IMAGE_REGISTRY}/distribution_ci_tools:${BUILDER_IMAGE_REVISION}" before_script: !reference [.install-gems] script: - echo "Cache is up to date!" cache: policy: push # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up. rules: - if: '$PIPELINE_TYPE == "CACHE_UPDATE_PIPELINE"' # We need to populate the cache for jobs with the `gitlab-org-docker` tag. Ideally, we wouldn't need this if # we'd use Kaniko to build the Docker images, allowing to use the `gitlab-org` tag instead of the `gitlab-org-docker` tag. update-gems-cache-for-docker-jobs: extends: - update-gems-cache - .docker_job ########################### # Branch pipeline # ########################### Trigger:ce-package: extends: .ce-trigger-job Trigger:ee-package: extends: .ce-trigger-job rules: - if: '$PIPELINE_TYPE =~ /_BRANCH_TEST_PIPELINE$/' when: manual variables: !reference [.ee-trigger-job-variables] - if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/' when: manual variables: !reference [.ee-trigger-job-variables] - if: '$PIPELINE_TYPE == "DEPS_IO_VERSION_BUMP_PIPELINE"' variables: !reference [.ee-trigger-job-variables] rubocop: extends: .gems-cache stage: check image: "${RUBY_IMAGE}" before_script: !reference [.install-gems] script: - bundle exec rubocop --parallel rules: - if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/' - if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/' needs: [] # Perform content linting on documentation Markdown files docs-lint content: image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.20-vale-3.4.2-markdownlint2-0.13.0-lychee-0.15.1 stage: check cache: {} needs: [] before_script: [] script: # Lint prose - vale --minAlertLevel error doc rules: - if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/' - if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/' - if: '$PIPELINE_TYPE == "DOCS_PIPELINE"' # Perform linting on documentation Markdown files docs-lint markdown: image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.20-vale-3.4.2-markdownlint2-0.13.0-lychee-0.15.1 stage: check cache: {} needs: [] before_script: [] script: # Lint Markdown - markdownlint-cli2 'doc/**/*.md' rules: - if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/' - if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/' - if: '$PIPELINE_TYPE == "DOCS_PIPELINE"' # Perform link checking on documentation Markdown files docs-lint links: image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.20-vale-3.4.2-markdownlint2-0.13.0-lychee-0.15.1 stage: check cache: {} needs: [] before_script: [] script: # Check Markdown links - lychee --offline --include-fragments doc rules: - if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/' - if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/' - if: '$PIPELINE_TYPE == "DOCS_PIPELINE"' yard: extends: .gems-cache image: "${RUBY_IMAGE}" stage: check needs: [] before_script: # These jobs will not be run on dev, so we set ALTERNATIVE_SOURCES to true # so tests run fine on forks - export ALTERNATIVE_SOURCES="true"; - !reference [.install-gems] script: - bundle exec yardoc rules: - if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/' - if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/' - if: '$PIPELINE_TYPE == "LICENSE_PAGE_UPDATE_PIPELINE"' artifacts: expire_in: 1 week paths: - yard/* # Trigger a docs build in gitlab-docs # Useful to preview the docs changes live # https://docs.gitlab.com/ee/development/documentation/index.html#previewing-the-changes-live review-docs-deploy: extends: - .review-docs environment: name: review-docs/mr-${CI_MERGE_REQUEST_IID} # DOCS_REVIEW_APPS_DOMAIN and DOCS_GITLAB_REPO_SUFFIX are CI variables # Discussion: https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/14236/diffs#note_40140693 auto_stop_in: 2 weeks url: https://${DOCS_BRANCH}-${DOCS_GITLAB_REPO_SUFFIX}-${CI_MERGE_REQUEST_IID}.${DOCS_REVIEW_APPS_DOMAIN}/${DOCS_GITLAB_REPO_SUFFIX} on_stop: review-docs-cleanup script: - ./trigger-build.rb docs deploy # Cleanup remote environment of gitlab-docs review-docs-cleanup: extends: - .review-docs environment: name: review-docs/mr-${CI_MERGE_REQUEST_IID} action: stop script: - ./trigger-build.rb docs cleanup include: - component: ${CI_SERVER_FQDN}/gitlab-org/components/danger-review/danger-review@1.4.0 inputs: job_stage: "check" danger-review: variables: BUNDLE_WITH: "danger" rules: - if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/' - if: '$PIPELINE_TYPE == "DOCS_PIPELINE"' Centos 7 knapsack: !reference [.knapsack] AlmaLinux 8 knapsack: !reference [.knapsack] AlmaLinux 9 knapsack: !reference [.knapsack] Debian 10 knapsack: !reference [.knapsack] Debian 11 knapsack: !reference [.knapsack] Debian 12 knapsack: !reference [.knapsack] OpenSUSE 15.5 knapsack: !reference [.knapsack] Ubuntu 20.04 knapsack: !reference [.knapsack] Ubuntu 22.04 knapsack: !reference [.knapsack] Ubuntu 24.04 knapsack: !reference [.knapsack] AmazonLinux 2 knapsack: !reference [.knapsack] AmazonLinux 2023 knapsack: !reference [.knapsack] build library specs: image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/ubuntu_20.04-ruby:${BUILDER_IMAGE_REVISION}" extends: .spec_template needs: - rubocop coverage: '/\(\d+.\d+\%\) covered/' artifacts: reports: # Since this is not an array, we can't use `!reference` tags. Hence using # yaml anchors. <<: *spec_reports coverage_report: coverage_format: cobertura path: coverage/coverage.xml Ubuntu 20.04 specs : image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/ubuntu_20.04-ruby:${BUILDER_IMAGE_REVISION}" extends: .chef_spec_template parallel: 6 needs: - Ubuntu 20.04 knapsack Ubuntu 22.04 specs: image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/ubuntu_22.04-ruby:${BUILDER_IMAGE_REVISION}" extends: .chef_spec_template parallel: 6 needs: - Ubuntu 22.04 knapsack Ubuntu 24.04 specs: image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/ubuntu_24.04-ruby:${BUILDER_IMAGE_REVISION}" extends: .chef_spec_template parallel: 6 needs: - Ubuntu 24.04 knapsack Debian 10 specs : image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/debian_10-ruby:${BUILDER_IMAGE_REVISION}" extends: .chef_spec_template parallel: 6 needs: - Debian 10 knapsack Debian 11 specs : image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/debian_11-ruby:${BUILDER_IMAGE_REVISION}" extends: .chef_spec_template parallel: 6 needs: - Debian 11 knapsack Debian 12 specs : image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/debian_12-ruby:${BUILDER_IMAGE_REVISION}" extends: .chef_spec_template parallel: 6 needs: - Debian 12 knapsack Centos 7 specs : image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/centos_7-ruby:${BUILDER_IMAGE_REVISION}" extends: .chef_spec_template parallel: 6 needs: - Centos 7 knapsack AlmaLinux 8 specs : image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/almalinux_8-ruby:${BUILDER_IMAGE_REVISION}" extends: .chef_spec_template parallel: 6 needs: - AlmaLinux 8 knapsack AlmaLinux 9 specs : image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/almalinux_9-ruby:${BUILDER_IMAGE_REVISION}" extends: .chef_spec_template parallel: 6 needs: - AlmaLinux 9 knapsack OpenSUSE 15.5 specs : image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/opensuse_15.5-ruby:${BUILDER_IMAGE_REVISION}" extends: .chef_spec_template parallel: 6 needs: - OpenSUSE 15.5 knapsack AmazonLinux 2 specs : image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/amazonlinux_2-ruby:${BUILDER_IMAGE_REVISION}" extends: .chef_spec_template parallel: 6 needs: - AmazonLinux 2 knapsack AmazonLinux 2023 specs : image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/amazonlinux_2023-ruby:${BUILDER_IMAGE_REVISION}" extends: .chef_spec_template parallel: 6 needs: - AmazonLinux 2023 knapsack update-knapsack: extends: .knapsack-state image: "${RUBY_IMAGE}" stage: post-test before_script: [] script: - support/merge-reports knapsack - rm -f knapsack/*node* rules: - if: '$PIPELINE_TYPE =~ /_TEST_PIPELINE$/' - if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/' retry: 1 ############################ # Trigger Pipeline # ############################ package_size_check: extends: .gems-cache image: "${BUILDER_IMAGE_REGISTRY}/ubuntu_22.04:${BUILDER_IMAGE_REVISION}" stage: qa script: - bundle exec rake build:package:generate_sizefile - bundle exec rake check:package_size needs: - job: Ubuntu-22.04-branch artifacts: false rules: - if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/' qa-subset-test: extends: - .qa-template stage: qa variables: QA_OMNIBUS_MR_TESTS: "only-smoke" QA_RUN_TYPE: ${CI_JOB_NAME} QA_SUITES: "QA::Scenario::Test::Integration::GitalyCluster,QA::Scenario::Test::Integration::InstanceSAML,QA::Scenario::Test::Integration::LDAPNoServer,QA::Scenario::Test::Integration::LDAPNoTLS,QA::Scenario::Test::Integration::LDAPTLS,QA::Scenario::Test::Integration::Mattermost,QA::Scenario::Test::Integration::Mtls,QA::Scenario::Test::Integration::ObjectStorageGcs,QA::Scenario::Test::Integration::RegistryTLS,QA::Scenario::Test::Integration::RegistryWithCDN,QA::Scenario::Test::Integration::SMTP,QA::Scenario::Test::Integration::Registry,QA::Scenario::Test::Instance::ObjectStorage,QA::Scenario::Test::Instance::RepositoryStorage,QA::Scenario::Test::Instance::GitlabPages,QA::Scenario::Test::Instance::Metrics,QA::EE::Scenario::Test::Integration::GroupSAML,QA::Scenario::Test::Instance::Smoke" rules: - if: '$SKIP_QA_TEST == "true"' when: never - if: '$PIPELINE_TYPE =~ /TRIGGERED_CE_PIPELINE/ && $MANUAL_QA_TEST == "true"' when: manual allow_failure: true variables: FOSS_ONLY: "1" - if: '$PIPELINE_TYPE =~ /TRIGGERED_CE_PIPELINE/' variables: FOSS_ONLY: "1" - if: '$PIPELINE_TYPE =~ /TRIGGERED_EE_PIPELINE/ && $MANUAL_QA_TEST == "true"' when: manual allow_failure: true - if: '$PIPELINE_TYPE =~ /TRIGGERED_EE_PIPELINE/' needs: - job: generate-facts artifacts: true - job: Ubuntu-22.04-branch artifacts: false - job: Docker-branch optional: true artifacts: false qa-remaining-test-manual: extends: - .qa-template stage: qa variables: QA_RUN_TYPE: ${CI_JOB_NAME} QA_OMNIBUS_MR_TESTS: "except-smoke" QA_SUITES: "QA::EE::Scenario::Test::Integration::Elasticsearch,QA::Scenario::Test::Integration::Import,QA::Scenario::Test::Integration::Integrations,QA::Scenario::Test::Integration::OAuth,QA::Scenario::Test::Integration::Jira,QA::Scenario::Test::Integration::ServicePingDisabled,QA::Scenario::Test::Instance::LargeSetup,QA::Scenario::Test::Instance::CloudActivation" rules: - if: '$SKIP_QA_TEST == "true"' when: never - if: '$PIPELINE_TYPE =~ /TRIGGERED_CE_PIPELINE/' when: manual allow_failure: true variables: FOSS_ONLY: "1" - if: '$PIPELINE_TYPE =~ /TRIGGERED_EE_PIPELINE/' when: manual allow_failure: true needs: - job: generate-facts artifacts: true - job: Ubuntu-22.04-branch artifacts: false - job: Docker-branch optional: true artifacts: false letsencrypt-test: extends: .docker_job stage: qa script: - echo "${CI_REGISTRY_PASSWORD}" | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY - curl -L "https://github.com/docker/compose/releases/download/1.29.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose - chmod +x /usr/local/bin/docker-compose - bundle exec rake qa:test_letsencrypt rules: - if: '$TOP_UPSTREAM_SOURCE_PROJECT == "gitlab-org/gitlab"' when: never - if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/' needs: - job: Docker-branch artifacts: false RAT: stage: qa variables: PACKAGE_URL: ${RAT_PACKAGE_URL} REFERENCE_ARCHITECTURE: ${RAT_REFERENCE_ARCHITECTURE} QA_IMAGE: ${QA_IMAGE} trigger: project: 'gitlab-org/distribution/reference-architecture-tester' branch: 'master' strategy: depend forward: pipeline_variables: false yaml_variables: true rules: - if: '$PIPELINE_TYPE == "TRIGGERED_EE_PIPELINE"' when: manual allow_failure: true - if: '$PIPELINE_TYPE == "EE_NIGHTLY_BUILD_PIPELINE"' allow_failure: true needs: - job: Ubuntu-22.04-branch artifacts: false - job: generate-facts artifacts: true RAT:FIPS: extends: RAT variables: PACKAGE_URL: ${RAT_FIPS_PACKAGE_URL} REFERENCE_ARCHITECTURE: ${RAT_FIPS_REFERENCE_ARCHITECTURE} needs: - job: Ubuntu-20.04-fips-branch artifacts: false - job: generate-facts artifacts: true GET:Geo: stage: qa variables: ENVIRONMENT_ACTION: 'tmp-env' QA_IMAGE: ${QA_IMAGE} GITLAB_DEB_DOWNLOAD_URL: ${RAT_PACKAGE_URL} trigger: project: 'gitlab-org/geo-team/geo-ci' branch: $GET_GEO_TAG strategy: depend forward: pipeline_variables: false yaml_variables: true rules: - if: '$PIPELINE_TYPE == "TRIGGERED_EE_PIPELINE"' when: manual allow_failure: true needs: - job: Ubuntu-22.04-branch artifacts: false - job: generate-facts artifacts: true dependency_scanning: image: "registry.gitlab.com/gitlab-org/security-products/gitlab-depscan:2.4" stage: validate variables: REPORT_PATH: ./ NVD_DB_UPDATE: "true" before_script: [] script: - /gitlab-depscan.sh build_facts/version-manifest.json rules: - if: '$PIPELINE_TYPE == "DEPENDENCY_SCANNING_PIPELINE"' - if: '$PIPELINE_TYPE == "GITLAB_MR_PIPELINE"' allow_failure: true needs: - generate-facts artifacts: expire_in: 7 days when: always reports: dependency_scanning: gl-dependency-scanning-report.json paths: - dependency_report.txt dependency_update: image: "${BUILDER_IMAGE_REGISTRY}/distribution_ci_tools:${BUILDER_IMAGE_REVISION}" stage: prepare before_script: [] script: - curl https://deps.app/install.sh | bash -s -- -b $HOME/bin - $HOME/bin/deps ci rules: - if: '$PIPELINE_TYPE == "DEPS_IO_VERSION_CHECK_PIPELINE"' validate_renovate_checksum: image: docker.io/bash:5.2-alpine3.20 stage: prepare before_script: - apk add git script: - ./scripts/renovate/checksums/update_all.sh - mismatches="$(git status --porcelain)" - if [ -n "$mismatches" ]; then echo "Checksum mismatch detected"; echo "$mismatches"; exit 1; fi rules: - if: '$PIPELINE_TYPE == "GITLAB_MR_PIPELINE"' validate_packer_changes: before_script: [] image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/debian_packer:${BUILDER_IMAGE_REVISION}" stage: check script: - cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var ci_job_token=XXX -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ce-arm64.pkr.hcl - cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var ci_job_token=XXX -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ce.pkr.hcl - cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var ci_job_token=XXX -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ee-arm64.pkr.hcl - cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var ci_job_token=XXX -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ee-premium.pkr.hcl - cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var ci_job_token=XXX -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ee-ultimate.pkr.hcl - cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var ci_job_token=XXX -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ee.pkr.hcl rules: - if: '$PIPELINE_TYPE == "_TEST_PIPELINE"' changes: - support/packer/* - if: '$PIPELINE_TYPE == "GITLAB_MR_PIPELINE"' changes: - support/packer/* ############################## # Scheduled pipeline # ############################## pages: image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/ubuntu_20.04:${BUILDER_IMAGE_REVISION}" stage: prepare needs: - yard script: - bundle exec rake license:generate_pages # Remove "|| true" after we confirm this works. - bundle exec rake manifest:generate_pages || true - mv ${LICENSE_S3_BUCKET} public - cp support/webpages/* public - cp -R yard/* public artifacts: paths: - public rules: - if: '$PIPELINE_TYPE == "LICENSE_PAGE_UPDATE_PIPELINE"' .build-package-on-all-os-vars: extends: .base-trigger-job-variables SKIP_JOB_REGEX: '/Ubuntu-22.04|Ubuntu-20.04-fips|Docker|QA/' PIPELINE_TYPE: "${EDITION}_BRANCH_BUILD_PIPELINE" CACHE_EDITION: ${EDITION} ee: ${ee} build-package-on-all-os: stage: package needs: - job: generate-facts artifacts: true variables: trigger: include: '.gitlab-ci.yml' strategy: depend rules: # Triggers from GitLab Rails/Gitaly/GitLab Pages pipeline which forced building on all OS automatically - if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/ && $BUILD_ON_ALL_OS == "true"' when: always variables: !reference [.build-package-on-all-os-vars] # MR pipelines from omnibus-gitlab that change files which require building on all OS automatically - if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/ && $CI_PIPELINE_SOURCE != "pipeline"' changes: - Gemfile - Gemfile.lock - config/software/** - config/patches/** when: always variables: !reference [.build-package-on-all-os-vars] # Covering the remaining scenarios - provide the job to be manually run by developers, if required # (i) MR pipelines from omnibus-gitlab that doesn't change files which require building on all OS # (ii) Triggers from GitLab Rails/Gitaly/GitLab Pages pipeline which didn't force building on all OS - if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/' when: manual allow_failure: true variables: !reference [.build-package-on-all-os-vars]