...@@ -42,17 +42,13 @@ rules: ...@@ -42,17 +42,13 @@ rules:
lines-between-class-members: off lines-between-class-members: off
# Disabled for now, to make the plugin-vue 4.5 -> 5.0 update smoother # Disabled for now, to make the plugin-vue 4.5 -> 5.0 update smoother
vue/no-confusing-v-for-v-if: error vue/no-confusing-v-for-v-if: error
vue/no-unused-components: off
vue/no-use-v-if-with-v-for: off vue/no-use-v-if-with-v-for: off
vue/no-v-html: off vue/no-v-html: off
vue/use-v-on-exact: off vue/use-v-on-exact: off
no-jquery/no-animate: off
# all offenses of no-jquery/no-animate-toggle are false positives ( $toast.show() ) # all offenses of no-jquery/no-animate-toggle are false positives ( $toast.show() )
no-jquery/no-animate-toggle: off no-jquery/no-animate-toggle: off
no-jquery/no-event-shorthand: off no-jquery/no-event-shorthand: off
no-jquery/no-fade: off
no-jquery/no-serialize: error no-jquery/no-serialize: error
no-jquery/no-sizzle: off
promise/always-return: off promise/always-return: off
promise/no-callback-in-promise: off promise/no-callback-in-promise: off
overrides: overrides:
... ...
......
...@@ -7,6 +7,7 @@ ...@@ -7,6 +7,7 @@
.bundle .bundle
.chef .chef
.directory .directory
.eslintcache
/.envrc /.envrc
eslint-report.html eslint-report.html
/.gitlab_shell_secret /.gitlab_shell_secret
...@@ -85,3 +86,4 @@ jsdoc/ ...@@ -85,3 +86,4 @@ jsdoc/
.projections.json .projections.json
/qa/.rakeTasks /qa/.rakeTasks
webpack-dev-server.json webpack-dev-server.json
/.nvimrc
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-golang-1.12-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.16-postgresql-9.6-graphicsmagick-1.3.33" image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.12-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.16-postgresql-9.6-graphicsmagick-1.3.33"
stages: stages:
- sync - sync
...@@ -10,7 +10,6 @@ stages: ...@@ -10,7 +10,6 @@ stages:
- review - review
- qa - qa
- post-qa - post-qa
- notification
- pages - pages
variables: variables:
...@@ -36,13 +35,13 @@ include: ...@@ -36,13 +35,13 @@ include:
- local: .gitlab/ci/frontend.gitlab-ci.yml - local: .gitlab/ci/frontend.gitlab-ci.yml
- local: .gitlab/ci/global.gitlab-ci.yml - local: .gitlab/ci/global.gitlab-ci.yml
- local: .gitlab/ci/memory.gitlab-ci.yml - local: .gitlab/ci/memory.gitlab-ci.yml
- local: .gitlab/ci/notifications.gitlab-ci.yml
- local: .gitlab/ci/pages.gitlab-ci.yml - local: .gitlab/ci/pages.gitlab-ci.yml
- local: .gitlab/ci/qa.gitlab-ci.yml - local: .gitlab/ci/qa.gitlab-ci.yml
- local: .gitlab/ci/reports.gitlab-ci.yml - local: .gitlab/ci/reports.gitlab-ci.yml
- local: .gitlab/ci/rails.gitlab-ci.yml - local: .gitlab/ci/rails.gitlab-ci.yml
- local: .gitlab/ci/review.gitlab-ci.yml - local: .gitlab/ci/review.gitlab-ci.yml
- local: .gitlab/ci/setup.gitlab-ci.yml - local: .gitlab/ci/setup.gitlab-ci.yml
- local: .gitlab/ci/dev-fixtures.gitlab-ci.yml
- local: .gitlab/ci/test-metadata.gitlab-ci.yml - local: .gitlab/ci/test-metadata.gitlab-ci.yml
- local: .gitlab/ci/yaml.gitlab-ci.yml - local: .gitlab/ci/yaml.gitlab-ci.yml
- local: .gitlab/ci/releases.gitlab-ci.yml - local: .gitlab/ci/releases.gitlab-ci.yml
...@@ -3,7 +3,8 @@ ...@@ -3,7 +3,8 @@
*.rake @gitlab-org/maintainers/rails-backend *.rake @gitlab-org/maintainers/rails-backend
# Technical writing team are the default reviewers for everything in `doc/` # Technical writing team are the default reviewers for everything in `doc/`
/doc/ @gl-docsteam *.md @gl-docsteam
doc/ @gl-docsteam
# Frontend maintainers should see everything in `app/assets/` # Frontend maintainers should see everything in `app/assets/`
app/assets/ @gitlab-org/maintainers/frontend app/assets/ @gitlab-org/maintainers/frontend
... ...
......
...@@ -18,16 +18,23 @@ ...@@ -18,16 +18,23 @@
# runner, or network egress charges will apply: # runner, or network egress charges will apply:
# https://cloud.google.com/storage/pricing # https://cloud.google.com/storage/pricing
cache-repo: cache-repo:
extends:
- .only:variables_refs-canonical-dot-com-schedules
image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
stage: sync stage: sync
allow_failure: true allow_failure: true
variables: variables:
GIT_DEPTH: 0 GIT_STRATEGY: none
TAR_FILENAME: /tmp/gitlab-master.tar TAR_FILENAME: /tmp/gitlab-master.tar
script: script:
- cd ..
- rm -rf $CI_PROJECT_NAME
- git clone --progress $CI_REPOSITORY_URL $CI_PROJECT_NAME
- cd $CI_PROJECT_NAME
- gcloud auth activate-service-account --key-file=$CI_REPO_CACHE_CREDENTIALS - gcloud auth activate-service-account --key-file=$CI_REPO_CACHE_CREDENTIALS
- tar cf $TAR_FILENAME . - tar cf $TAR_FILENAME .
- gzip $TAR_FILENAME - gzip $TAR_FILENAME
- gsutil cp $TAR_FILENAME.gz gs://gitlab-ci-git-repo-cache/project-$CI_PROJECT_ID/gitlab-master.tar.gz - gsutil cp $TAR_FILENAME.gz gs://gitlab-ci-git-repo-cache/project-$CI_PROJECT_ID/gitlab-master.tar.gz
only:
variables:
- $CI_REPO_CACHE_CREDENTIALS
refs:
- schedules
.run-dev-fixtures:
extends:
- .only-code-rails-job-base
- .use-pg9
stage: test
needs: ["setup-test-env"]
dependencies: ["setup-test-env"]
variables:
FIXTURE_PATH: "db/fixtures/development"
SEED_CYCLE_ANALYTICS: "true"
SEED_PRODUCTIVITY_ANALYTICS: "true"
CYCLE_ANALYTICS_ISSUE_COUNT: 1
SIZE: 0 # number of external projects to fork, requires network connection
# SEED_NESTED_GROUPS: "false" # requires network connection
run-dev-fixtures-foss:
extends: .run-dev-fixtures
script:
- scripts/gitaly-test-spawn
- RAILS_ENV=test bundle exec rake db:seed_fu
run-dev-fixtures-ee:
extends:
- .only-ee
- .use-pg9-ee
- .run-dev-fixtures
script:
- scripts/gitaly-test-spawn
- cp ee/db/fixtures/development/* $FIXTURE_PATH
- RAILS_ENV=test bundle exec rake db:seed_fu
...@@ -11,7 +11,10 @@ ...@@ -11,7 +11,10 @@
stage: review stage: review
dependencies: [] dependencies: []
variables: variables:
GIT_STRATEGY: none # We're cloning the repo instead of downloading the script for now
# because some repos are private and CI_JOB_TOKEN cannot access files.
# See https://gitlab.com/gitlab-org/gitlab/issues/191273
GIT_DEPTH: 1
environment: environment:
name: review-docs/$DOCS_GITLAB_REPO_SUFFIX-$CI_MERGE_REQUEST_IID name: review-docs/$DOCS_GITLAB_REPO_SUFFIX-$CI_MERGE_REQUEST_IID
# DOCS_REVIEW_APPS_DOMAIN and DOCS_GITLAB_REPO_SUFFIX are CI variables # DOCS_REVIEW_APPS_DOMAIN and DOCS_GITLAB_REPO_SUFFIX are CI variables
...@@ -19,11 +22,7 @@ ...@@ -19,11 +22,7 @@
url: http://docs-preview-$DOCS_GITLAB_REPO_SUFFIX-$CI_MERGE_REQUEST_IID.$DOCS_REVIEW_APPS_DOMAIN/$DOCS_GITLAB_REPO_SUFFIX url: http://docs-preview-$DOCS_GITLAB_REPO_SUFFIX-$CI_MERGE_REQUEST_IID.$DOCS_REVIEW_APPS_DOMAIN/$DOCS_GITLAB_REPO_SUFFIX
on_stop: review-docs-cleanup on_stop: review-docs-cleanup
before_script: before_script:
# We don't clone the repo by using GIT_STRATEGY: none and only download the
# single script we need here so it's much faster than cloning.
- apk add --update openssl - apk add --update openssl
- wget $CI_PROJECT_URL/raw/$CI_COMMIT_SHA/scripts/trigger-build-docs
- chmod 755 trigger-build-docs
- gem install httparty --no-document --version 0.17.3 - gem install httparty --no-document --version 0.17.3
- gem install gitlab --no-document --version 4.13.0 - gem install gitlab --no-document --version 4.13.0
...@@ -32,7 +31,7 @@ ...@@ -32,7 +31,7 @@
review-docs-deploy: review-docs-deploy:
extends: .review-docs extends: .review-docs
script: script:
- ./trigger-build-docs deploy - ./scripts/trigger-build-docs deploy
when: manual when: manual
# Cleanup remote environment of gitlab-docs # Cleanup remote environment of gitlab-docs
...@@ -42,7 +41,7 @@ review-docs-cleanup: ...@@ -42,7 +41,7 @@ review-docs-cleanup:
name: review-docs/$DOCS_GITLAB_REPO_SUFFIX-$CI_MERGE_REQUEST_IID name: review-docs/$DOCS_GITLAB_REPO_SUFFIX-$CI_MERGE_REQUEST_IID
action: stop action: stop
script: script:
- ./trigger-build-docs cleanup - ./scripts/trigger-build-docs cleanup
when: manual when: manual
docs lint: docs lint:
...@@ -51,7 +50,7 @@ docs lint: ...@@ -51,7 +50,7 @@ docs lint:
- .default-retry - .default-retry
- .default-only - .default-only
- .only:changes-docs - .only:changes-docs
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-docs-lint" image: "registry.gitlab.com/gitlab-org/gitlab-docs:docs-lint"
stage: test stage: test
dependencies: [] dependencies: []
script: script:
... ...
......
# Make sure to update all the similar conditions in other CI config files if you modify these conditions
.if-default: &if-default
if: '$CI_COMMIT_REF_NAME == "master" || $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable(-ee)?$/ || $CI_COMMIT_REF_NAME =~ /^\d+-\d+-auto-deploy-\d+$/ || $CI_COMMIT_REF_NAME =~ /^security\// || $CI_MERGE_REQUEST_IID || $CI_COMMIT_TAG'
# Make sure to update all the similar conditions in other CI config files if you modify these conditions
.if-default-ee: &if-default-ee
if: '($CI_COMMIT_REF_NAME == "master" || $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable(-ee)?$/ || $CI_COMMIT_REF_NAME =~ /^\d+-\d+-auto-deploy-\d+$/ || $CI_COMMIT_REF_NAME =~ /^security\// || $CI_MERGE_REQUEST_IID || $CI_COMMIT_TAG) && $CI_PROJECT_NAME =~ /^gitlab(-ee)?$/'
# Make sure to update all the similar conditions in other CI config files if you modify these conditions
.if-master: &if-master
if: '$CI_COMMIT_REF_NAME == "master"'
# Make sure to update all the similar patterns in other CI config files if you modify these patterns
.code-backstage-patterns: &code-backstage-patterns
- ".gitlab/ci/**/*"
- ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}"
- ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,scss-lint}.yml"
- ".csscomb.json"
- "Dockerfile.assets"
- "*_VERSION"
- "Gemfile{,.lock}"
- "Rakefile"
- "{babel.config,jest.config}.js"
- "config.ru"
- "{package.json,yarn.lock}"
- "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
- "doc/api/graphql/reference/*" # Files in this folder are auto-generated
# Backstage changes
- "Dangerfile"
- "danger/**/*"
- "{,ee/}fixtures/**/*"
- "{,ee/}rubocop/**/*"
- "{,ee/}spec/**/*"
- "doc/README.md" # Some RSpec test rely on this file
.assets-compile-cache: .assets-compile-cache:
cache: cache:
paths: paths:
- vendor/ruby/ - vendor/ruby/
- .yarn-cache/ - .yarn-cache/
- tmp/cache/assets/sprockets - tmp/cache/assets/sprockets
- tmp/cache/babel-loader
- tmp/cache/vue-loader
.gitlab:assets:compile-metadata: .gitlab:assets:compile-metadata:
extends: extends:
...@@ -13,10 +50,8 @@ ...@@ -13,10 +50,8 @@
- .default-before_script - .default-before_script
- .assets-compile-cache - .assets-compile-cache
- .only:changes-code-backstage-qa - .only:changes-code-backstage-qa
image: registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.16-graphicsmagick-1.3.33-docker-19.03.1 image: registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.16-graphicsmagick-1.3.33-docker-19.03.1
stage: test stage: prepare
dependencies: ["setup-test-env"]
needs: ["setup-test-env"]
services: services:
- docker:19.03.0-dind - docker:19.03.0-dind
variables: variables:
...@@ -30,7 +65,7 @@ ...@@ -30,7 +65,7 @@
DOCKER_DRIVER: overlay2 DOCKER_DRIVER: overlay2
DOCKER_HOST: tcp://docker:2375 DOCKER_HOST: tcp://docker:2375
cache: cache:
key: "assets-compile:production:vendor_ruby:.yarn-cache:tmp_cache_assets_sprockets:v6" key: "assets-compile:production:vendor_ruby:.yarn-cache:tmp_cache_assets_sprockets:tmp_cache_webpack:v7"
artifacts: artifacts:
name: webpack-report name: webpack-report
expire_in: 31d expire_in: 31d
...@@ -86,7 +121,7 @@ gitlab:assets:compile pull-cache: ...@@ -86,7 +121,7 @@ gitlab:assets:compile pull-cache:
# we override the max_old_space_size to prevent OOM errors # we override the max_old_space_size to prevent OOM errors
NODE_OPTIONS: --max_old_space_size=3584 NODE_OPTIONS: --max_old_space_size=3584
cache: cache:
key: "assets-compile:v7" key: "assets-compile:v8"
artifacts: artifacts:
expire_in: 7d expire_in: 7d
paths: paths:
...@@ -108,7 +143,7 @@ compile-assets pull-push-cache foss: ...@@ -108,7 +143,7 @@ compile-assets pull-push-cache foss:
- master - master
cache: cache:
policy: pull-push policy: pull-push
key: "assets-compile:v7:foss" key: "assets-compile:v8:foss"
compile-assets pull-cache: compile-assets pull-cache:
extends: .compile-assets-metadata extends: .compile-assets-metadata
...@@ -119,7 +154,7 @@ compile-assets pull-cache foss: ...@@ -119,7 +154,7 @@ compile-assets pull-cache foss:
extends: [".compile-assets-metadata", ".only-ee-as-if-foss"] extends: [".compile-assets-metadata", ".only-ee-as-if-foss"]
cache: cache:
policy: pull policy: pull
key: "assets-compile:v7:foss" key: "assets-compile:v8:foss"
.only-code-frontend-job-base: .only-code-frontend-job-base:
extends: extends:
...@@ -132,7 +167,6 @@ compile-assets pull-cache foss: ...@@ -132,7 +167,6 @@ compile-assets pull-cache foss:
- .use-pg9 - .use-pg9
stage: test stage: test
needs: ["setup-test-env", "compile-assets pull-cache"] needs: ["setup-test-env", "compile-assets pull-cache"]
dependencies: ["setup-test-env", "compile-assets pull-cache"]
.karma-base: .karma-base:
extends: .only-code-frontend-job-base extends: .only-code-frontend-job-base
...@@ -204,9 +238,10 @@ jest-foss: ...@@ -204,9 +238,10 @@ jest-foss:
- .default-tags - .default-tags
- .default-retry - .default-retry
- .default-cache - .default-cache
- .default-only
- .only:changes-code-backstage
stage: test stage: test
rules:
- <<: *if-master
when: on_success
dependencies: [] dependencies: []
cache: cache:
key: "$CI_JOB_NAME" key: "$CI_JOB_NAME"
...@@ -237,11 +272,12 @@ webpack-dev-server: ...@@ -237,11 +272,12 @@ webpack-dev-server:
- .default-tags - .default-tags
- .default-retry - .default-retry
- .default-cache - .default-cache
- .default-only
- .only:changes-code-backstage
stage: test stage: test
rules:
- <<: *if-default
changes: *code-backstage-patterns
when: on_success
needs: ["setup-test-env", "compile-assets pull-cache"] needs: ["setup-test-env", "compile-assets pull-cache"]
dependencies: ["setup-test-env", "compile-assets pull-cache"]
variables: variables:
WEBPACK_MEMORY_TEST: "true" WEBPACK_MEMORY_TEST: "true"
WEBPACK_VENDOR_DLL: "true" WEBPACK_VENDOR_DLL: "true"
... ...
......
...@@ -22,7 +22,7 @@ ...@@ -22,7 +22,7 @@
# Jobs that only need to pull cache # Jobs that only need to pull cache
.default-cache: .default-cache:
cache: cache:
key: "debian-stretch-ruby-2.6.3-node-12.x" key: "debian-stretch-ruby-2.6.5-node-12.x"
paths: paths:
- .go/pkg/mod - .go/pkg/mod
- vendor/ruby - vendor/ruby
...@@ -202,7 +202,7 @@ ...@@ -202,7 +202,7 @@
- name: redis:alpine - name: redis:alpine
.use-pg10: .use-pg10:
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-golang-1.12-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.16-postgresql-10-graphicsmagick-1.3.33" image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.12-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.16-postgresql-10-graphicsmagick-1.3.33"
services: services:
- name: postgres:10.9 - name: postgres:10.9
command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
...@@ -213,15 +213,15 @@ ...@@ -213,15 +213,15 @@
- name: postgres:9.6 - name: postgres:9.6
command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
- name: redis:alpine - name: redis:alpine
- name: elasticsearch:5.6.12 - name: elasticsearch:6.4.2
.use-pg10-ee: .use-pg10-ee:
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-golang-1.12-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.16-postgresql-10-graphicsmagick-1.3.33" image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.12-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.16-postgresql-10-graphicsmagick-1.3.33"
services: services:
- name: postgres:10.9 - name: postgres:10.9
command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
- name: redis:alpine - name: redis:alpine
- name: elasticsearch:5.6.12 - name: elasticsearch:6.4.2
.only-ee: .only-ee:
only: only:
... ...
......
.notify:
image: ruby:2.6-alpine
stage: notification
dependencies: []
cache: {}
before_script:
- apk update && apk add git curl bash
- source scripts/utils.sh
- source scripts/notifications.sh
- install_gitlab_gem
variables:
COMMIT_NOTES_URL: "https://${CI_SERVER_HOST}/${CI_PROJECT_PATH}/commit/${CI_COMMIT_SHA}#notes-list"
schedule:package-and-qa:notify-failure:
extends:
- .only:variables_refs-canonical-dot-com-schedules
- .notify
script:
- 'export NOTIFICATION_MESSAGE=":skull_and_crossbones: Scheduled QA against master failed! :skull_and_crossbones: See ${CI_PIPELINE_URL}. For downstream pipelines, see ${COMMIT_NOTES_URL}"'
- 'notify_on_job_failure schedule:package-and-qa qa-master "${NOTIFICATION_MESSAGE}" ci_failing'
needs: ["schedule:package-and-qa"]
allow_failure: true
when: always
# Make sure to update all the similar conditions in other CI config files if you modify these conditions
.if-canonical-gitlab-schedule: &if-canonical-gitlab-schedule
if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_PIPELINE_SOURCE == "schedule"'
# Make sure to update all the similar conditions in other CI config files if you modify these conditions
.if-canonical-gitlab-merge-request: &if-canonical-gitlab-merge-request
if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_MERGE_REQUEST_IID'
# Make sure to update all the similar patterns in other CI config files if you modify these patterns
.code-patterns: &code-patterns
- ".gitlab/ci/**/*"
- ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}"
- ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,scss-lint}.yml"
- ".csscomb.json"
- "Dockerfile.assets"
- "*_VERSION"
- "Gemfile{,.lock}"
- "Rakefile"
- "{babel.config,jest.config}.js"
- "config.ru"
- "{package.json,yarn.lock}"
- "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
- "doc/api/graphql/reference/*" # Files in this folder are auto-generated
# Make sure to update all the similar patterns in other CI config files if you modify these patterns
.qa-patterns: &qa-patterns
- ".dockerignore"
- "qa/**/*"
.qa-job-base: .qa-job-base:
extends: extends:
- .default-tags - .default-tags
...@@ -40,30 +69,16 @@ qa:selectors-foss: ...@@ -40,30 +69,16 @@ qa:selectors-foss:
- install_gitlab_gem - install_gitlab_gem
- ./scripts/trigger-build omnibus - ./scripts/trigger-build omnibus
package-and-qa-manual:
extends:
- .package-and-qa-base
- .default-only
- .only:variables-canonical-dot-com
- .except:refs-deploy
- .only:changes-code
when: manual
needs: ["build-qa-image", "gitlab:assets:compile pull-cache"]
package-and-qa: package-and-qa:
extends: extends: .package-and-qa-base
- .package-and-qa-base rules:
- .default-only - <<: *if-canonical-gitlab-merge-request
- .only:variables-canonical-dot-com changes: *qa-patterns
- .except:refs-master-tags-stable-deploy when: on_success
- .only:changes-qa - <<: *if-canonical-gitlab-merge-request
needs: ["build-qa-image", "gitlab:assets:compile pull-cache"] changes: *code-patterns
allow_failure: true when: manual
- <<: *if-canonical-gitlab-schedule
schedule:package-and-qa: when: on_success
extends:
- .package-and-qa-base
- .default-only
- .only:variables_refs-canonical-dot-com-schedules
needs: ["build-qa-image", "gitlab:assets:compile pull-cache"] needs: ["build-qa-image", "gitlab:assets:compile pull-cache"]
allow_failure: true allow_failure: true
...@@ -57,7 +57,7 @@ setup-test-env: ...@@ -57,7 +57,7 @@ setup-test-env:
dependencies: ["setup-test-env", "retrieve-tests-metadata", "compile-assets pull-cache"] dependencies: ["setup-test-env", "retrieve-tests-metadata", "compile-assets pull-cache"]
script: script:
- source scripts/rspec_helpers.sh - source scripts/rspec_helpers.sh
- rspec_paralellized_job "--tag ~quarantine --tag ~geo" - rspec_paralellized_job "--tag ~quarantine --tag ~geo --tag ~level:migration"
artifacts: artifacts:
expire_in: 31d expire_in: 31d
when: always when: always
...@@ -92,12 +92,21 @@ setup-test-env: ...@@ -92,12 +92,21 @@ setup-test-env:
- .use-pg10 - .use-pg10
- .only-master - .only-master
.rspec-base-migration:
script:
- source scripts/rspec_helpers.sh
- rspec_paralellized_job "--tag ~quarantine --tag ~geo --tag level:migration"
rspec migration pg9: rspec migration pg9:
extends: .rspec-base-pg9 extends:
- .rspec-base-pg9
- .rspec-base-migration
parallel: 4 parallel: 4
rspec migration pg9-foss: rspec migration pg9-foss:
extends: .rspec-base-pg9-foss extends:
- .rspec-base-pg9-foss
- .rspec-base-migration
parallel: 4 parallel: 4
rspec unit pg9: rspec unit pg9:
...@@ -149,7 +158,9 @@ rspec system pg10: ...@@ -149,7 +158,9 @@ rspec system pg10:
- .use-pg10-ee - .use-pg10-ee
rspec-ee migration pg9: rspec-ee migration pg9:
extends: .rspec-ee-base-pg9 extends:
- .rspec-ee-base-pg9
- .rspec-base-migration
parallel: 2 parallel: 2
rspec-ee unit pg9: rspec-ee unit pg9:
...@@ -167,6 +178,7 @@ rspec-ee system pg9: ...@@ -167,6 +178,7 @@ rspec-ee system pg9:
rspec-ee migration pg10: rspec-ee migration pg10:
extends: extends:
- .rspec-ee-base-pg10 - .rspec-ee-base-pg10
- .rspec-base-migration
- .only-master - .only-master
parallel: 2 parallel: 2
...@@ -261,7 +273,7 @@ static-analysis: ...@@ -261,7 +273,7 @@ static-analysis:
script: script:
- scripts/static-analysis - scripts/static-analysis
cache: cache:
key: "debian-stretch-ruby-2.6.3-and-rubocop" key: "debian-stretch-ruby-2.6-and-rubocop"
paths: paths:
- vendor/ruby - vendor/ruby
- tmp/rubocop_cache - tmp/rubocop_cache
... ...
......
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
image: alpine:edge image: alpine:edge
stage: sync stage: sync
before_script: before_script:
- apk add --no-cache --update curl bash - apk add --no-cache --update curl bash jq
after_script: [] after_script: []
script: script:
- bash scripts/sync-stable-branch.sh - bash scripts/sync-stable-branch.sh
... ...
......
...@@ -20,7 +20,7 @@ code_quality: ...@@ -20,7 +20,7 @@ code_quality:
variables: variables:
DOCKER_DRIVER: overlay2 DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: "" DOCKER_TLS_CERTDIR: ""
CODE_QUALITY_IMAGE: "registry.gitlab.com/gitlab-org/security-products/codequality:12-5-stable" CODE_QUALITY_IMAGE: "registry.gitlab.com/gitlab-org/security-products/codequality:0.85.6"
script: script:
- | - |
if ! docker info &>/dev/null; then if ! docker info &>/dev/null; then
... ...
......
# Make sure to update all the similar conditions in other CI config files if you modify these conditions
.if-canonical-gitlab-schedule: &if-canonical-gitlab-schedule
if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_PIPELINE_SOURCE == "schedule"'
# Make sure to update all the similar conditions in other CI config files if you modify these conditions
.if-canonical-gitlab-merge-request: &if-canonical-gitlab-merge-request
if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_MERGE_REQUEST_IID'
# Make sure to update all the similar patterns in other CI config files if you modify these patterns
.code-qa-patterns: &code-qa-patterns
- ".gitlab/ci/**/*"
- ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}"
- ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,scss-lint}.yml"
- ".csscomb.json"
- "Dockerfile.assets"
- "*_VERSION"
- "Gemfile{,.lock}"
- "Rakefile"
- "{babel.config,jest.config}.js"
- "config.ru"
- "{package.json,yarn.lock}"
- "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
- "doc/api/graphql/reference/*" # Files in this folder are auto-generated
# QA changes
- ".dockerignore"
- "qa/**/*"
.review-docker: .review-docker:
extends: extends:
- .default-tags - .default-tags
- .default-retry - .default-retry
- .default-only
image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-qa-alpine image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-qa-alpine
services: services:
- docker:19.03.0-dind - docker:19.03.0-dind
...@@ -15,12 +41,14 @@ ...@@ -15,12 +41,14 @@
GITLAB_EDITION: "ce" GITLAB_EDITION: "ce"
build-qa-image: build-qa-image:
extends: extends: .review-docker
- .review-docker
- .only:variables-canonical-dot-com
- .except:refs-deploy
- .only:changes-code-qa
stage: prepare stage: prepare
rules:
- <<: *if-canonical-gitlab-merge-request
changes: *code-qa-patterns
when: on_success
- <<: *if-canonical-gitlab-schedule
when: on_success
script: script:
- '[[ ! -d "ee/" ]] || export GITLAB_EDITION="ee"' - '[[ ! -d "ee/" ]] || export GITLAB_EDITION="ee"'
- export QA_MASTER_IMAGE="${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab/gitlab-${GITLAB_EDITION}-qa:master" - export QA_MASTER_IMAGE="${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab/gitlab-${GITLAB_EDITION}-qa:master"
...@@ -90,7 +118,6 @@ schedule:review-build-cng: ...@@ -90,7 +118,6 @@ schedule:review-build-cng:
extends: extends:
- .default-tags - .default-tags
- .default-retry - .default-retry
- .default-only
image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base
dependencies: [] dependencies: []
variables: variables:
...@@ -130,10 +157,11 @@ schedule:review-build-cng: ...@@ -130,10 +157,11 @@ schedule:review-build-cng:
when: always when: always
review-deploy: review-deploy:
extends: extends: .review-deploy-base
- .review-deploy-base rules:
- .only-review - <<: *if-canonical-gitlab-merge-request
- .only:changes-code-qa changes: *code-qa-patterns
when: on_success
schedule:review-deploy: schedule:review-deploy:
extends: extends:
...@@ -141,43 +169,45 @@ schedule:review-deploy: ...@@ -141,43 +169,45 @@ schedule:review-deploy:
- .only-review-schedules - .only-review-schedules
.base-review-stop: .base-review-stop:
extends: extends: .review-workflow-base
- .review-workflow-base
- .only-review
- .only:changes-code-qa
environment: environment:
action: stop action: stop
variables: variables:
GIT_STRATEGY: none # We're cloning the repo instead of downloading the script for now
# because some repos are private and CI_JOB_TOKEN cannot access files.
# See https://gitlab.com/gitlab-org/gitlab/issues/191273
GIT_DEPTH: 1
before_script: before_script:
# We don't clone the repo by using GIT_STRATEGY: none and only download the
# single script we need here so it's much faster than cloning.
- apk add --update openssl - apk add --update openssl
- wget $CI_PROJECT_URL/raw/$CI_COMMIT_SHA/scripts/review_apps/review-apps.sh - source ./scripts/utils.sh
- wget $CI_PROJECT_URL/raw/$CI_COMMIT_SHA/scripts/utils.sh - source ./scripts/review_apps/review-apps.sh
- source utils.sh
- source review-apps.sh
review-stop-failed-deployment: review-stop-failed-deployment:
extends: .base-review-stop extends: .base-review-stop
stage: prepare stage: prepare
rules:
- <<: *if-canonical-gitlab-merge-request
changes: *code-qa-patterns
when: on_success
script: script:
- delete_failed_release - delete_failed_release
review-stop: review-stop:
extends: .base-review-stop extends: .base-review-stop
stage: review stage: review
rules:
- <<: *if-canonical-gitlab-merge-request
changes: *code-qa-patterns
when: manual when: manual
allow_failure: true allow_failure: true
script: script:
- delete_release - delete_release
.review-qa-base: .review-qa-base:
extends: extends: .review-docker
- .review-docker
- .only-review
- .only:changes-code-qa
stage: qa stage: qa
needs: ["review-deploy"]
dependencies: ["review-deploy"]
allow_failure: true allow_failure: true
variables: variables:
QA_ARTIFACTS_DIR: "${CI_PROJECT_DIR}/qa" QA_ARTIFACTS_DIR: "${CI_PROJECT_DIR}/qa"
...@@ -189,13 +219,6 @@ review-stop: ...@@ -189,13 +219,6 @@ review-stop:
GITLAB_ADMIN_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}" GITLAB_ADMIN_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}"
GITHUB_ACCESS_TOKEN: "${REVIEW_APPS_QA_GITHUB_ACCESS_TOKEN}" GITHUB_ACCESS_TOKEN: "${REVIEW_APPS_QA_GITHUB_ACCESS_TOKEN}"
EE_LICENSE: "${REVIEW_APPS_EE_LICENSE}" EE_LICENSE: "${REVIEW_APPS_EE_LICENSE}"
needs: ["review-deploy"]
dependencies: ["review-deploy"]
artifacts:
paths:
- ./qa/gitlab-qa-run-*
expire_in: 7 days
when: always
before_script: before_script:
- '[[ ! -d "ee/" ]] || export GITLAB_EDITION="ee"' - '[[ ! -d "ee/" ]] || export GITLAB_EDITION="ee"'
- export QA_IMAGE="${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab/gitlab-${GITLAB_EDITION}-qa:${CI_COMMIT_REF_SLUG}" - export QA_IMAGE="${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab/gitlab-${GITLAB_EDITION}-qa:${CI_COMMIT_REF_SLUG}"
...@@ -205,14 +228,26 @@ review-stop: ...@@ -205,14 +228,26 @@ review-stop:
- source scripts/utils.sh - source scripts/utils.sh
- install_api_client_dependencies_with_apk - install_api_client_dependencies_with_apk
- gem install gitlab-qa --no-document ${GITLAB_QA_VERSION:+ --version ${GITLAB_QA_VERSION}} - gem install gitlab-qa --no-document ${GITLAB_QA_VERSION:+ --version ${GITLAB_QA_VERSION}}
artifacts:
paths:
- ./qa/gitlab-qa-run-*
expire_in: 7 days
when: always
review-qa-smoke: review-qa-smoke:
extends: .review-qa-base extends: .review-qa-base
rules:
- <<: *if-canonical-gitlab-merge-request
changes: *code-qa-patterns
when: on_success
script: script:
- gitlab-qa Test::Instance::Smoke "${QA_IMAGE}" "${CI_ENVIRONMENT_URL}" - gitlab-qa Test::Instance::Smoke "${QA_IMAGE}" "${CI_ENVIRONMENT_URL}"
review-qa-all: review-qa-all:
extends: .review-qa-base extends: .review-qa-base
rules:
- <<: *if-canonical-gitlab-merge-request
changes: *code-qa-patterns
when: manual when: manual
parallel: 5 parallel: 5
script: script:
...@@ -241,10 +276,11 @@ review-qa-all: ...@@ -241,10 +276,11 @@ review-qa-all:
performance: performance.json performance: performance.json
review-performance: review-performance:
extends: extends: .review-performance-base
- .review-performance-base rules:
- .only-review - <<: *if-canonical-gitlab-merge-request
- .only:changes-code-qa changes: *code-qa-patterns
when: on_success
needs: ["review-deploy"] needs: ["review-deploy"]
dependencies: ["review-deploy"] dependencies: ["review-deploy"]
before_script: before_script:
... ...
......
...@@ -10,5 +10,8 @@ lint-ci-gitlab: ...@@ -10,5 +10,8 @@ lint-ci-gitlab:
- "**/*.yml" - "**/*.yml"
image: sdesbure/yamllint:latest image: sdesbure/yamllint:latest
dependencies: [] dependencies: []
variables:
LINT_PATHS: .gitlab-ci.yml .gitlab/ci lib/gitlab/ci/templates changelogs
script: script:
- yamllint .gitlab-ci.yml .gitlab/ci lib/gitlab/ci/templates changelogs - '[[ ! -d "ee/" ]] || export LINT_PATHS="$LINT_PATHS ee/changelogs"'
- yamllint $LINT_PATHS
...@@ -5,7 +5,7 @@ Please describe the proposal and add a link to the source (for example, http://w ...@@ -5,7 +5,7 @@ Please describe the proposal and add a link to the source (for example, http://w
--> -->
- [ ] Mention the proposal in the next backend weekly call and the #backend channel to encourage contribution - [ ] Mention the proposal in the next backend weekly call and the #backend channel to encourage contribution
- [ ] Proceed with the proposal once 50% of the maintainers have weighed in, and 80% of the votes are :+1: - [ ] Proceed with the proposal once 50% of the maintainers have weighed in, and 80% of their votes are :+1:
- [ ] Once approved, mention it again in the next backend weekly call and the #backend channel - [ ] Once approved, mention it again in the next backend weekly call and the #backend channel
... ...
......
...@@ -6,6 +6,7 @@ ...@@ -6,6 +6,7 @@
<!-- Who will use this feature? If known, include any of the following: types of users (e.g. Developer), personas, or specific company roles (e.g. Release Manager). It's okay to write "Unknown" and fill this field in later. <!-- Who will use this feature? If known, include any of the following: types of users (e.g. Developer), personas, or specific company roles (e.g. Release Manager). It's okay to write "Unknown" and fill this field in later.
* [Rachel (Release Manager)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#rachel-release-manager)
* [Parker (Product Manager)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#parker-product-manager) * [Parker (Product Manager)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#parker-product-manager)
* [Delaney (Development Team Lead)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#delaney-development-team-lead) * [Delaney (Development Team Lead)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#delaney-development-team-lead)
* [Sasha (Software Developer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sasha-software-developer) * [Sasha (Software Developer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sasha-software-developer)
... ...
......
<!-- <!--
# Read me first! # Read me first!
Create this issue under https://dev.gitlab.org/gitlab/gitlabhq Create this issue under https://gitlab.com/gitlab-org/security
Set the title to: `Description of the original issue` Set the title to: `Description of the original issue`
--> -->
### Prior to starting the security release work ## Prior to starting the security release work
- [ ] Read the [security process for developers] if you are not familiar with it. - [ ] Read the [security process for developers] if you are not familiar with it.
- [ ] Link to the original issue adding it to the [links section](#links) - [ ] Link this issue in the Security Release issue on GitLab.com. You can find this issue in the topic of the `#releases` channel.
- [ ] Run `scripts/security-harness` in the CE, EE, and/or Omnibus to prevent pushing to any remote besides `dev.gitlab.org` - [ ] Add a link to the confidential `gitlab-org/gitlab` issue describing the vulnerability next to **Original issue** in the [links table](#links).
- [ ] Create a new branch prefixing it with `security-` - [ ] Add a link to the confidential `gitlab-org/gitlab` Security release issue next to **Security release issue** in the [links table](#links).
- [ ] Create a MR targeting `dev.gitlab.org` `master` - [ ] Run `scripts/security-harness` in your local repository to prevent accidentally pushing to any remote besides `gitlab.com/gitlab-org/security`.
- [ ] Add a link to this issue in the original security issue on `gitlab.com`.
#### Backports ## Development
- [ ] Once the MR is ready to be merged, create MRs targeting the latest 3 stable branches - [ ] Create a new branch prefixing it with `security-`.
- [ ] At this point, it might be easy to squash the commits from the MR into one - [ ] Create a merge request targeting `master` on `gitlab.com/gitlab-org/security` and use the [Security Release merge request template].
- You can use the script `bin/secpick` instead of the following steps, to help you cherry-picking. See the [secpick documentation] - [ ] Follow the same [code review process]: Assign to a reviewer, then to a maintainer.
- [ ] Create each MR targeting the stable branch `X-Y-stable`, using the "Security Release" merge request template.
- Every merge request will have its own set of TODOs, so make sure to
complete those.
- [ ] Make sure all MRs have a link in the [links section](#links)
[secpick documentation]: https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md#secpick-script After your merge request has being approved according to our [approval guidelines], you're ready to prepare the backports
## Backports
#### Documentation and final details - [ ] Once the MR is ready to be merged, create MRs targeting the latest 3 stable branches
* At this point, it might be easy to squash the commits from the MR into one
* You can use the script `bin/secpick` instead of the following steps, to help you cherry-picking. See the [secpick documentation]
- [ ] Create each MR targeting the stable branch `X-Y-stable`, using the [Security Release merge request template].
* Every merge request will have its own set of TODOs, so make sure to complete those.
- [ ] Make sure all MRs are linked in the [Links section](#links)
## Documentation and final details
- [ ] Check the topic on #releases to see when the next release is going to happen and add a link to the [links section](#links) - [ ] Ensure the [Links section](#links) is completed.
- [ ] Add links to this issue and your MRs in the description of the security release issue
- [ ] Find out the versions affected (the Git history of the files affected may help you with this) and add them to the [details section](#details) - [ ] Find out the versions affected (the Git history of the files affected may help you with this) and add them to the [details section](#details)
- [ ] Fill in any upgrade notes that users may need to take into account in the [details section](#details) - [ ] Fill in any upgrade notes that users may need to take into account in the [details section](#details)
- [ ] Add Yes/No and further details if needed to the migration and settings columns in the [details section](#details) - [ ] Add Yes/No and further details if needed to the migration and settings columns in the [details section](#details)
- [ ] Add the nickname of the external user who found the issue (and/or HackerOne profile) to the Thanks row in the [details section](#details) - [ ] Add the nickname of the external user who found the issue (and/or HackerOne profile) to the Thanks row in the [details section](#details)
- [ ] Once your `master` MR is merged, comment on the original security issue with a link to that MR indicating the issue is fixed. - [ ] Once your `master` MR is merged, comment on the original security issue with a link to that MR indicating the issue is fixed.
### Summary ## Summary
#### Links ### Links
| Description | Link | | Description | Link |
| -------- | -------- | | -------- | -------- |
| Original issue | #TODO | | Original issue | #TODO |
| Security release issue | #TODO | | Security release issue | #TODO |
| `master` MR | !TODO | | `master` MR | !TODO |
| `master` MR (EE) | !TODO |
| `Backport X.Y` MR | !TODO | | `Backport X.Y` MR | !TODO |
| `Backport X.Y` MR | !TODO | | `Backport X.Y` MR | !TODO |
| `Backport X.Y` MR | !TODO | | `Backport X.Y` MR | !TODO |
| `Backport X.Y` MR (EE) | !TODO |
| `Backport X.Y` MR (EE) | !TODO |
| `Backport X.Y` MR (EE) | !TODO |
#### Details ### Details
| Description | Details | Further details| | Description | Details | Further details|
| -------- | -------- | -------- | | -------- | -------- | -------- |
...@@ -65,6 +64,9 @@ Set the title to: `Description of the original issue` ...@@ -65,6 +64,9 @@ Set the title to: `Description of the original issue`
| Thanks | | | | Thanks | | |
[security process for developers]: https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md [security process for developers]: https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md
[RM list]: https://about.gitlab.com/release-managers/ [secpick documentation]: https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md#secpick-script
[security Release merge request template]: https://gitlab.com/gitlab-org/security/gitlab/blob/master/.gitlab/merge_request_templates/Security%20Release.md
[code review process]: https://docs.gitlab.com/ee/development/code_review.html
[approval guidelines]: https://docs.gitlab.com/ee/development/code_review.html#approval-guidelines
/label ~security /label ~security
## What does this MR do?
<!--
Describe in detail what your merge request does, why it does that, etc. Merge
requests without an adequate description will not be reviewed until one is
added.
Please also keep this description up-to-date with any discussion that takes
place so that reviewers can understand your intent. This is especially
important if they didn't participate in the discussion.
Make sure to remove this comment when you are done.
-->
Add a description of your merge request here.
## Database checklist
- [ ] Conforms to the [database guides](https://docs.gitlab.com/ee/development/README.html#database-guides)
When adding migrations:
- [ ] Updated `db/schema.rb`
- [ ] Added a `down` method so the migration can be reverted
- [ ] Added the output of the migration(s) to the MR body
- [ ] Added tests for the migration in `spec/migrations` if necessary (e.g. when migrating data)
- [ ] Added rollback procedure. Include either a rollback procedure or description how to rollback changes
When adding or modifying queries to improve performance:
- [ ] Included data that shows the performance improvement, preferably in the form of a benchmark
- [ ] Included the output of `EXPLAIN (ANALYZE, BUFFERS)` of the relevant queries
When adding foreign keys to existing tables:
- [ ] Included a migration to remove orphaned rows in the source table before adding the foreign key
- [ ] Removed any instances of `dependent: ...` that may no longer be necessary
When adding tables:
- [ ] Ordered columns based on the [Ordering Table Columns](https://docs.gitlab.com/ee/development/ordering_table_columns.html) guidelines
- [ ] Added foreign keys to any columns pointing to data in other tables
- [ ] Added indexes for fields that are used in statements such as `WHERE`, `ORDER BY`, `GROUP BY`, and `JOIN`s
When removing columns, tables, indexes or other structures:
- [ ] Removed these in a post-deployment migration
- [ ] Made sure the application no longer uses (or ignores) these structures
/label ~database ~"database::review pending"