Skip to content
Snippets Groups Projects
Commit 35a1fdb3 authored by JH_CNG_SYNC_TOKEN's avatar JH_CNG_SYNC_TOKEN
Browse files

Merge remote-tracking branch 'origin/master' into main-jh

parents dd427f67 7f6804b6
No related merge requests found
Pipeline #321348 failed with stages
in 1 hour, 16 minutes, and 24 seconds
......@@ -5,19 +5,11 @@ include:
- local: .gitlab/ci/rules.gitlab-ci.yml
# common templates
- local: .gitlab/ci/common.gitlab-ci.yml
# dependencies.io job
- local: .gitlab/ci/deps.gitlab-ci.yml
rules:
- if: '$DEPS_PIPELINE == "true"'
# build container images
- local: .gitlab/ci/images.gitlab-ci.yml
rules:
- if: '$DEPS_PIPELINE != "true"'
- template: Security/Dependency-Scanning.gitlab-ci.yml
rules:
- if: '$DEPS_PIPELINE != "true"'
- component: ${CI_SERVER_FQDN}/gitlab-org/components/danger-review/danger-review@1.4.1
inputs:
inputs:
job_stage: "prepare"
rules:
- if: '$CI_SERVER_HOST == "gitlab.com"'
......
......@@ -48,11 +48,9 @@
_k8s_driver_opt+=",requests.cpu=${BUILDX_CPU}"
_k8s_driver_opt+=",requests.memory=${BUILDX_MEMORY}"
_k8s_driver_opt+=",nodeselector=kubernetes.io/arch=${arch}"
_k8s_driver_opt+=",image=${BUILDKIT_IMAGE}"
# prevent autoscale evictions of running builds
#FIXME _k8s_driver_opt+=",annotation=cluster-autoscaler.kubernetes.io/safe-to-evict=false"
if force_zstd_build || is_zstd_build; then
_k8s_driver_opt+=",image=${BUILDKIT_IMAGE:-}"
fi
docker buildx create ${create_flag} \
--name=${BUILDX_NAMESPACE} \
--buildkitd-flags="--debug" \
......@@ -171,7 +169,7 @@ start_buildx:
rules:
- if: $DISABLE_BUILDX_CLUSTER == "true"
when: never
- !reference [.except-deps, rules]
- when: on_success
stop_buildx:
stage: cleanup
......@@ -193,7 +191,6 @@ stop_buildx:
name: buildx_${CI_COMMIT_REF_SLUG}
action: stop
rules:
- !reference [.not-on-deps, rules]
- if: $DISABLE_BUILDX_CLUSTER == "true"
when: never
- if: $BUILDX_AUTO_CLEANUP
......
# Dependency update job
# included when:
# - if: '$DEPS_PIPELINE'
dependency_update:
image: registry.gitlab.com/gitlab-org/gitlab-omnibus-builder/distribution_ci_tools:${CI_TOOLS_VERSION}
stage: prepare
variables:
INSTALL_SHA256: "c95a33432192688a08d935fd5f563fce4110610a51281f887ae88db208b720ba"
script:
- curl --retry 6 -fO https://deps.app/install.sh
- echo "${INSTALL_SHA256} install.sh" | sha256sum --check
- cat install.sh | bash -s -- -b $HOME/bin
# Remove the install.sh script otherwise deps gets upset about pending changes when it goes to create new branches
- rm install.sh
- $HOME/bin/deps ci
......@@ -63,8 +63,7 @@ final-images-listing:
- if: '$SKIP_JOB_REGEX && $CI_JOB_NAME =~ $SKIP_JOB_REGEX'
when: never
# Skipped for auto-deploy branches via workflow:rules
# Skip on deps pipeline as the final image listing is useless there
- !reference [.except-deps, rules]
- when: on_success
artifacts:
paths:
- artifacts/final/
......@@ -180,7 +179,7 @@ container-scanning:
# https://gitlab.com/groups/gitlab-org/-/epics/6788
allow_failure: true
rules:
- if: '$DEPS_PIPELINE == "true" || $CE_PIPELINE'
- if: '$CE_PIPELINE'
when: never
- if: '$CI_COMMIT_BRANCH =~ /-ubi$/ || $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME =~ /-ubi$/ || $UBI_PIPELINE == "true"'
when: never
......
### rules.gitlab-ci.yml
# common if definitions
.if_deps_pipeline: &if_deps_pipeline
if: '$DEPS_PIPELINE == "true"'
.if_ee_var: &if_ee_var
if: '$ee == "true"'
......@@ -62,21 +59,8 @@
if: '$CI_COMMIT_REF_NAME =~ /-stable$/'
# rules definitions
.not-on-deps: &not-on-deps
rules:
- <<: *if_deps_pipeline
when: never
.except-deps: &except-deps
rules:
- <<: *if_deps_pipeline
when: never
- when: on_success
.only-ee: &only-ee
rules:
- <<: *if_deps_pipeline
when: never
- <<: *if_ce_pipeline
when: never
- <<: *if_custom_pipeline
......@@ -94,8 +78,6 @@
.except-ee: &except-ee
rules:
- <<: *if_deps_pipeline
when: never
- <<: *if_ee_pipeline
when: never
- <<: *if_custom_pipeline
......@@ -127,9 +109,6 @@
.tagless-versionless:
rules:
# Don't run on deps pipelines
- <<: *if_deps_pipeline
when: never
# Don't run for specific version pipelines
- <<: *if_ce_pipeline
when: never
......
......@@ -27,4 +27,4 @@ For anything in this list which will not be completed, please provide a reason i
- [ ] Documentation created/updated
- [ ] Integration tests added to [GitLab QA](https://gitlab.com/gitlab-org/gitlab-qa)
- [ ] The impact any change in container size has should be evaluated
- [ ] New dependencies are managed with [dependencies.io](https://about.gitlab.com/handbook/engineering/development/enablement/systems/distribution/maintenance/dependencies.io.html#adding-new-dependencies)
- [ ] New dependencies are managed with [GitLab forked renovatebot](https://gitlab.com/gitlab-org/frontend/renovate-gitlab-bot)
version: 3
dependencies:
- type: git
manifest_updates:
filters:
- name: .* # everything gets it's own MR
enabled: true
settings:
# Assign to maintainers
# gitlab_assignee_ids:
## maintainers
# - 597578 # WarheadsSE (jplum)
# - 4849 # balasankarc (balu)
# - 2602134 # rmarshall (*)
## trainee maintainers
# - 888551 # pursultani
# - 12300535 # apatterson2
commit_message_template: |-
{{.SubjectAndBody}}
Changelog: changed
[ci skip]
gitlab_labels:
- group::distribution
- section::core platform
- devops::systems
- type::maintenance
- maintenance::dependency
- dependencies.io
- workflow::ready for review
gitlab_remove_source_branch: true
remotes:
# s3cmd
https://github.com/s3tools/s3cmd.git:
replace_in_files:
- filename: ci_files/variables.yml
pattern: 'S3CMD_VERSION: "(\S+)"'
range: '>= 2.x.x'
- filename: gitlab-toolbox/Dockerfile
pattern: 'ARG S3CMD_VERSION="(\S+)"'
range: '>= 2.x.x'
- filename: gitlab-toolbox/Dockerfile.build.ubi
pattern: 'ARG S3CMD_VERSION=(\S+)'
range: '>= 2.x.x'
# YQ
https://github.com/mikefarah/yq.git:
replace_in_files:
- filename: ci_files/variables.yml
pattern: 'YQ_VERSION: "(\S+)"'
range: '>= 4.x.x'
- filename: kubectl/Dockerfile
pattern: 'ARG YQ_VERSION="(\S+)"'
range: '>= 4.x.x'
- filename: kubectl/Dockerfile.build.ubi
pattern: 'ARG YQ_VERSION=(\S+)'
range: '>= 4.x.x'
# GitLab Exporter
https://gitlab.com/gitlab-org/gitlab-exporter.git:
replace_in_files:
- filename: ci_files/variables.yml
pattern: 'GITLAB_EXPORTER_VERSION: "(\S+)"'
- filename: gitlab-exporter/Dockerfile
pattern: 'ARG GITLAB_EXPORTER_VERSION=(\S+)'
- filename: gitlab-exporter/Dockerfile.build.ubi
pattern: 'ARG GITLAB_EXPORTER_VERSION=(\S+)'
# redis gem
https://github.com/redis/redis-rb.git:
replace_in_files:
- filename: gitlab-mailroom/scripts/install-dependencies
pattern: 'redis:(\S+)'
tag_prefix: 'v'
- filename: gitlab-mailroom/Dockerfile.build.ubi
pattern: 'redis:(\S+)'
tag_prefix: 'v'
# redis client gem
https://github.com/redis-rb/redis-client.git:
replace_in_files:
- filename: gitlab-mailroom/scripts/install-dependencies
pattern: 'redis-client:(\S+)'
tag_prefix: 'v'
- filename: gitlab-mailroom/Dockerfile.build.ubi
pattern: 'redis-client:(\S+)'
tag_prefix: 'v'
# GitLab Container Registry
https://gitlab.com/gitlab-org/container-registry.git:
replace_in_files:
- filename: ci_files/variables.yml
pattern: 'GITLAB_CONTAINER_REGISTRY_VERSION: "(\S+)"'
tag_filter:
matching: 'v(\S+)-gitlab'
sort_as: '$1'
- filename: gitlab-container-registry/Dockerfile
pattern: 'ARG REGISTRY_VERSION=(\S+)'
tag_filter:
matching: 'v(\S+)-gitlab'
sort_as: '$1'
- filename: gitlab-container-registry/Dockerfile.build.ubi
pattern: 'ARG REGISTRY_VERSION=(\S+)'
tag_filter:
matching: 'v(\S+)-gitlab'
sort_as: '$1'
# gomplate
https://github.com/hairyhenderson/gomplate.git:
replace_in_files:
- filename: gitlab-gomplate/Dockerfile
pattern: 'ARG GOMPLATE_VERSION="v(\S+)"'
tag_prefix: 'v'
range: '< 4.0.0'
- filename: gitlab-gomplate/Dockerfile.build.ubi
pattern: 'ARG GOMPLATE_VERSION="v(\S+)"'
tag_prefix: 'v'
range: '< 4.0.0'
- filename: ci_files/variables.yml
pattern: 'GOMPLATE_VERSION: "v(\S+)"'
tag_prefix: 'v'
range: '< 4.0.0'
# python
https://github.com/python/cpython.git:
replace_in_files:
- &python-replace
filename: gitlab-python/Dockerfile
pattern: 'ARG PYTHON_VERSION="(\S+)"'
tag_prefix: 'v'
range: '< 3.10.0'
- <<: *python-replace
filename: gitlab-python/Dockerfile.build.ubi
pattern: 'ARG PYTHON_VERSION=(\S+)'
- <<: *python-replace
filename: gitlab-sidekiq/Dockerfile
pattern: 'PYTHON_TAG="(\S+)"'
- <<: *python-replace
filename: gitlab-toolbox/Dockerfile
pattern: 'PYTHON_TAG=(\S+)'
- <<: *python-replace
filename: gitaly/Dockerfile
pattern: 'PYTHON_TAG="(\S+)"'
- <<: *python-replace
filename: gitlab-webservice/Dockerfile
pattern: 'PYTHON_TAG="(\S+)"'
- <<: *python-replace
filename: ci_files/variables.yml
pattern: 'PYTHON_VERSION: "(\S+)"'
# FIPS Golang
https://github.com/golang-fips/go.git:
replace_in_files:
- &fips-go-replace
tag_filter:
matching: 'go(\d+).(\d+).(\d+)-1-openssl-fips'
sort_as: '$1.$2.$3'
output_as: '$1.$2.$3'
range: '< 1.24.0'
filename: gitlab-go/Dockerfile.build.fips
pattern: 'ARG GO_FIPS_TAG=go(\S+)-1-openssl-fips'
- <<: *fips-go-replace
filename: ci_files/variables.yml
pattern: 'GO_FIPS_TAG: "go(\S+)-1-openssl-fips"'
- <<: *fips-go-replace
filename: gitlab-go/Dockerfile.build.fips
pattern: 'ARG GO_VERSION=(\S+)'
- <<: *fips-go-replace
filename: ci_files/variables.yml
pattern: 'GO_FIPS_VERSION: "(\S+)"'
......@@ -50,8 +50,6 @@ Check the table below for more information about the various CI variables used i
| Environment Variable | Description |
| --------------------------------------------- | ----------- |
| DANGER_GITLAB_API_TOKEN | GitLab API token dangerbot uses to post comments on MRs. |
| DEPS_GITLAB_TOKEN | Token used by [dependencies.io](https://docs.dependencies.io/gitlab-ci/) to create MRs. |
| DEPS_TOKEN | Token used by CI for auth to [dependencies.io](https://docs.dependencies.io/gitlab-ci/). |
| NIGHTLY | Set to `true` when running a nightly build. (Busts cache). |
## Release variable
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment