image: "registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-operator-build-base-golang-${GO_MINOR}" variables: DOCKER_VERSION: "24.0.6" VCLUSTER_AGENT_NAME: "operator127-ci-cluster" VCLUSTER_ENVIRONMENT_PREFIX: "operator127_" # Configuration of K8s # Namespace within which to run tests TESTS_NAMESPACE: "${CI_COMMIT_SHORT_SHA}-${CI_COMMIT_REF_SLUG}" BUILD_DIR: ".build" INSTALL_DIR: ".install" DOMAIN_OPENSHIFT_4_12: "apps.ocp-ci-41221.k8s-ft.win" DOMAIN_OPENSHIFT_4_14: "apps.ocp-ci-4146.k8s-ft.win" DOMAIN_OPENSHIFT_4_15: "apps.ocp-ci-4153.k8s-ft.win" DOMAIN_OPENSHIFT_4_16: "apps.ocp-ci-4163.k8s-ft.win" DOMAIN_OPENSHIFT_4_17: "apps.ocp-ci-4172.k8s-ft.win" DOMAIN_GKE: "gitlab-operator.k8s-ft.win" DOMAIN_GKE127: "gitlab-operator-v127.k8s-ft.win" DOMAIN_GKE129: "gitlab-operator-v129.k8s-ft.win" DOMAIN_VCLUSTER128: "gitlab-operator-v127.k8s-ft.win" DOMAIN_VCLUSTER130: "gitlab-operator-v127.k8s-ft.win" # Namespace built into default manifest NAMESPACE: "gitlab-system" TAG: ${CI_COMMIT_SHORT_SHA} HOSTSUFFIX: "${CI_COMMIT_SHORT_SHA}-${CI_COMMIT_REF_SLUG}" TLSSECRETNAME: "gitlab-ci-tls" # docker configuration DOCKER_DRIVER: overlay2 DOCKER_HOST: tcp://docker:2375 # API endpoint: /projects/:id/packages/generic/:package_name/:package_version RELEASE_VERSION: "${CI_COMMIT_TAG}" HELM_PACKAGE_URL: "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/api/stable/charts" K8S_MANIFEST_URL: "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/gitlab-operator/${CI_COMMIT_TAG}/gitlab-operator-kubernetes-${CI_COMMIT_TAG}.yaml" OCP_MANIFEST_URL: "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/gitlab-operator/${CI_COMMIT_TAG}/gitlab-operator-openshift-${CI_COMMIT_TAG}.yaml" # OCP_RESOURCES_URL: "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/gitlab-operator/${CI_COMMIT_TAG}/openshift-resources-${CI_COMMIT_TAG}.yaml" PACKAGE_REGISTRY_URL: "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/gitlab-operator/${CI_COMMIT_TAG}" ISSUE_BOT_LABELS_EXTRA: "group::distribution" GO_VERSION: "1.23.2" GO_MINOR: "1.23" QA_FULL_SUITE_OPTIONS: '--tag ~smoke --tag ~skip_live_env --tag ~orchestrated --tag ~transient' CI_TOOLS_VERSION: "4.34.0" # Buildx cluster connection settings are set at project level: BUILDX_K8S_DISABLE: "true" BUILDX_K8S_CLUSTER_NAME: "" BUILDX_K8S_GCLOUD_PROJECT: "" BUILDX_K8S_CLUSTER_ZONE: "" BUILDX_K8S_SA_JSON: "" BUILDX_K8S_REQUEST_CPU: '1' BUILDX_K8S_REQUEST_MEMORY: '1G' BUILDX_K8S_AUTO_STOP_IN: '2 hours' # Architectures to build via buildx BUILDX_ARCHS: amd64 # amd64,arm64 in project settings PREFLIGHT_VERSION: "1.9.1" # to be overridden on project level # We need GITLAB_CHART_VERSION and ENVIRONMENT_SUFFIX to be fully unset for pipeline logic to work correctly # Empty stings can be used to override seetings and lead to unexpected outcomes # GITLAB_CHART_VERSION: # ENVIRONMENT_SUFFIX: PIPELINE_TYPE: default # default, chart_version stages: - check - prepare - build - test - publish - release - certification - cluster_tests_approval - review - qa-trigger - qa - cleanup - report - followup workflow: name: $GITLAB_CHART_VERSION rules: # Avoid duplicate pipeline when an MR is open - if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS && $CI_PIPELINE_SOURCE == "push"' when: never # Support Merge Request pipelines - if: '$CI_PIPELINE_SOURCE == "merge_request_event" || $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME' # Run regular pipelines on pushes to branches that does not have an MR open - if: '$CI_COMMIT_BRANCH' # Run pipelines on tag pushes - if: '$CI_COMMIT_TAG' include: - component: "gitlab.com/gitlab-org/components/danger-review/danger-review@1.4.1" inputs: gitlab_dangerfiles_version: "4.7.0" job_stage: "check" rules: - if: '$CI_SERVER_HOST == "gitlab.com"' - template: Jobs/Dependency-Scanning.latest.gitlab-ci.yml rules: - if: '$CI_PROJECT_PATH == "gitlab-org/cloud-native/gitlab-operator"' # - !reference [.if_not_chart_version_pipeline] - if: '$PIPELINE_TYPE != "chart_version"' - template: Jobs/Secret-Detection.latest.gitlab-ci.yml rules: - if: '$CI_PROJECT_PATH == "gitlab-org/cloud-native/gitlab-operator"' # - !reference [.if_not_chart_version_pipeline] - if: '$PIPELINE_TYPE != "chart_version"' - template: Jobs/SAST.latest.gitlab-ci.yml rules: - if: '$CI_PROJECT_PATH == "gitlab-org/cloud-native/gitlab-operator"' # - !reference [.if_not_chart_version_pipeline] - if: '$PIPELINE_TYPE != "chart_version"' - local: ci/rules.gitlab-ci.yml - local: ci/templates.gitlab-ci.yml - local: .gitlab/ci/buildx.gitlab-ci.yml - local: ci/review-*.gitlab-ci.yml default: interruptible: true pull_charts: stage: prepare script: scripts/retrieve_gitlab_charts.sh artifacts: paths: - charts/ rules: - !reference [.skip_if_docs_branch] - !reference [.skip_if_chart_version_pipeline] - !reference [.if_release_tag] - !reference [.if_commit_branch_or_mr_branch] needs: - job: danger-review optional: true lint_code: extends: .cache stage: test image: golangci/golangci-lint:v1.60-alpine script: - go install github.com/go-task/task/v3/cmd/task@v3.38.0 - PATH="${PATH}:${GOPATH}/bin" task lint artifacts: reports: codequality: gl-code-quality-report.json paths: - gl-code-quality-report.json rules: - !reference [.skip_if_dev_mirror] - !reference [.skip_if_release_tag] - !reference [.skip_if_docs_branch] - !reference [.skip_if_chart_version_pipeline] - !reference [.if_commit_branch_or_mr_branch] needs: - job: danger-review optional: true docs-lint content: stage: test image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.20-vale-3.7.1-markdownlint2-0.14.0-lychee-0.15.1 cache: {} needs: - job: danger-review optional: true before_script: [] dependencies: [] script: # Lint prose - vale --minAlertLevel error doc rules: - !reference [.skip_if_dev_mirror] - !reference [.skip_if_release_tag] - !reference [.skip_if_chart_version_pipeline] - !reference [.if_commit_branch_or_mr_branch] docs-lint markdown: stage: test image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.20-vale-3.7.1-markdownlint2-0.14.0-lychee-0.15.1 cache: {} needs: - job: danger-review optional: true before_script: [] dependencies: [] script: # Lint Markdown - markdownlint-cli2 'doc/**/*.md' rules: - !reference [.skip_if_dev_mirror] - !reference [.skip_if_release_tag] - !reference [.skip_if_chart_version_pipeline] - !reference [.if_commit_branch_or_mr_branch] docs-lint links: stage: test image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.20-vale-3.7.1-markdownlint2-0.14.0-lychee-0.15.1 cache: {} needs: - job: danger-review optional: true before_script: [] dependencies: [] script: # Check Markdown links - lychee --offline --include-fragments doc rules: - !reference [.skip_if_dev_mirror] - !reference [.skip_if_release_tag] - !reference [.skip_if_chart_version_pipeline] - !reference [.if_commit_branch_or_mr_branch] .review-docs: image: ruby:3.0-alpine stage: review cache: {} dependencies: [] before_script: - gem install gitlab --no-doc # We need to download the script rather than clone the repo since the # review-docs-cleanup job will not be able to run when the branch gets # deleted (when merging the MR). - apk add --update openssl - wget https://gitlab.com/gitlab-org/gitlab/-/raw/master/scripts/trigger-build.rb - chmod 755 trigger-build.rb variables: GIT_STRATEGY: none DOCS_REVIEW_APPS_DOMAIN: docs.gitlab-review.app DOCS_GITLAB_REPO_SUFFIX: operator # By default, deploy the Review App using the `main` branch of the `gitlab-org/gitlab-docs` project DOCS_BRANCH: main when: manual needs: - docs-lint markdown rules: - !reference ['docs-lint markdown', rules] # Trigger a docs build in gitlab-docs # Useful to preview the docs changes live # https://docs.gitlab.com/ee/development/documentation/review_apps.html review-docs-deploy: extends: - .review-docs environment: name: review-docs/mr-${CI_MERGE_REQUEST_IID} url: https://${DOCS_BRANCH}-${DOCS_GITLAB_REPO_SUFFIX}-${CI_MERGE_REQUEST_IID}.${DOCS_REVIEW_APPS_DOMAIN}/${DOCS_GITLAB_REPO_SUFFIX} auto_stop_in: 2 weeks on_stop: review-docs-cleanup script: - ./trigger-build.rb docs deploy # Cleanup remote environment of gitlab-docs review-docs-cleanup: extends: - .review-docs environment: name: review-docs/mr-${CI_MERGE_REQUEST_IID} action: stop script: - ./trigger-build.rb docs cleanup .test_job: extends: .cache stage: test needs: - job: pull_charts - job: danger-review optional: true variables: HELM_CHARTS: "${CI_PROJECT_DIR}/charts" KUBECONFIG: "" # to ensure that the CI cluster is not used USE_EXISTING_CLUSTER: "false" # to ensure we don't use the $KUBECONFIG value KUBEBUILDER_ASSETS: "/usr/local/kubebuilder/bin" before_script: - mkdir coverage - export CHART_VERSION=$(sed -n ${VERSION_INDEX}p CHART_VERSIONS) - echo "Testing with chart version ${CHART_VERSION}" retry: 1 rules: - !reference [.skip_if_release_tag] - !reference [.skip_if_docs_branch] - !reference [.skip_if_chart_version_pipeline] - !reference [.skip_if_gitlab_chart_child_pipeline] - !reference [.if_commit_branch_or_mr_branch] .test_job_custom_ref: extends: .test_job needs: - job: danger-review optional: true artifacts: paths: - charts/ variables: CHARTS_REF: master before_script: - task retrieve-charts-custom-ref # pull the charts from the specified branch before running tests to get the version - mkdir coverage - CHART_VERSION=$(grep $(./scripts/retrieve_gitlab_charts_custom_ref.sh --ref) CHART_NIGHTLY_VERSION | sed -n 1p) && export CHART_VERSION || exit 1 - echo "Testing with chart version ${CHART_VERSION}@${CHARTS_REF}" rules: - !reference [.skip_if_release_tag] - !reference [.skip_if_docs_branch] - !reference [.skip_if_chart_version_pipeline] - !reference [.if_default_branch] - !reference [.if_gitlab_chart_child_pipeline] - !reference [.manual_if_commit_branch_or_mr_branch] unit_tests: extends: .test_job script: task unit-tests parallel: matrix: - VERSION_INDEX: ["1", "2", "3"] slow_unit_tests: extends: .test_job script: task slow-unit-tests parallel: matrix: - VERSION_INDEX: ["1", "2", "3"] unit_tests_custom_ref: extends: .test_job_custom_ref allow_failure: true script: SKIP_OPERATION_TESTS=yes TEST_UTIL=ginkgo2 task unit-tests slow_unit_tests_custom_ref: extends: .test_job_custom_ref allow_failure: true script: SKIP_OPERATION_TESTS=yes TEST_UTIL=ginkgo2 task slow-unit-tests .docker_build_job: extends: .cache stage: release needs: ["pull_charts"] image: registry.gitlab.com/gitlab-org/gitlab-omnibus-builder/distribution_ci_tools:${CI_TOOLS_VERSION} services: - docker:${DOCKER_VERSION}-dind variables: DOCKER_TAGS: "" before_script: - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}" # Update module cache so it can be saved in CI cache (only the dependencies required to build) - docker run -v "${GOPATH}:/go" -v "${CI_PROJECT_DIR}:/code" -w /code golang:${GO_VERSION} go list ./... - source ci/scripts/buildx/lib/build.sh - source ci/scripts/buildx/lib/configure.sh - ci/scripts/buildx/bootstrap.sh script: - docker_build_and_push $DOCKER_TAGS interruptible: false environment: name: buildx_${CI_COMMIT_REF_SLUG} action: stop .podman_build_job: stage: release needs: ["pull_charts"] before_script: - sed -i 's#^driver.*$#driver = "vfs"#g' /etc/containers/storage.conf - podman login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}" interruptible: false build_branch_image: extends: .docker_build_job variables: DOCKER_TAGS: >- ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_SLUG} ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHORT_SHA} rules: - !reference [.skip_if_docs_branch] - !reference [.skip_if_default_branch] - !reference [.skip_if_release_tag] - !reference [.skip_if_chart_version_pipeline] - !reference [.if_commit_branch_or_mr_branch] build_tag_image: extends: .docker_build_job variables: DOCKER_TAGS: >- ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHORT_SHA} rules: - !reference [.if_release_tag_on_canonical] # TODO: when dev is part of the official release process, # change this to: # - !reference [.if_release_tag_on_dev] needs: - !reference [.docker_build_job, needs] - upload_manifest build_latest_image: extends: .docker_build_job variables: DOCKER_TAGS: >- ${CI_REGISTRY_IMAGE}:${CI_DEFAULT_BRANCH} ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHORT_SHA} ${CI_REGISTRY_IMAGE}:latest rules: - !reference [.if_default_branch] build_bundle_image: extends: .podman_build_job variables: OLM_PACKAGE_NAME: "gitlab-operator-kubernetes" BUNDLE_REGISTRY: ${CI_REGISTRY_IMAGE}/bundle-staging OLM_PACKAGE_VERSION: 0.0.${CI_PIPELINE_ID} OPERATOR_TAG: ${CI_COMMIT_SHORT_SHA} BUNDLE_IMAGE_TAG: ${CI_COMMIT_SHORT_SHA} COMPILE_ONLY: "false" DOCKER: "podman" OPM_DOCKER: "podman" PODMAN_OPTS: "--cgroups=disabled" script: - scripts/olm_bundle.sh publish rules: - !reference [.skip_if_docs_branch] - !reference [.skip_if_chart_version_pipeline] - !reference [.if_default_branch] - !reference [.if_commit_branch_or_mr_branch] - if: !reference [.if_release_tag_on_canonical, if] variables: OLM_PACKAGE_VERSION: ${CI_COMMIT_TAG} OPERATOR_TAG: ${CI_COMMIT_TAG} BUNDLE_IMAGE_TAG: ${CI_COMMIT_TAG} BUNDLE_REGISTRY: ${CI_REGISTRY_IMAGE}/bundle approve_cluster_tests: stage: cluster_tests_approval image: alpine:latest script: echo "Proceeding to tests in CI clusters..." rules: - !reference [.skip_if_not_canonical] - !reference [.skip_if_docs_branch] - !reference [.skip_if_release_tag] - !reference [.skip_if_stable_branch] - !reference [.skip_if_default_branch] - !reference [.skip_if_gitlab_chart_child_pipeline] - !reference [.manual_if_commit_branch_or_mr_branch] needs: - job: danger-review optional: true # OCP 4.12 build_review_4_12: extends: .build_review_template variables: DOMAIN: $DOMAIN_OPENSHIFT_4_12 TEST_CR_FILES_DIR: "config/test/overlays/k8s_1_25" dependencies: - image_certification create_review_4_12: extends: .create_review_template environment: &environment_4_12 name: &env_4_12_name openshift_4_12/$CI_COMMIT_SHORT_SHA$ENVIRONMENT_SUFFIX-$CI_COMMIT_REF_SLUG url: https://gitlab-$TESTS_NAMESPACE.$DOMAIN_OPENSHIFT_4_12 on_stop: stop_review_openshift_4_12 auto_stop_in: 1 hour needs: - build_review_4_12 review_4_12: extends: .review_template variables: DOMAIN: $DOMAIN_OPENSHIFT_4_12 TEST_CR_FILES_DIR: "config/test/overlays/k8s_1_25" before_script: - export KUBECONFIG="$KUBECONFIG_OCP_4_12" needs: - create_review_4_12 # we need build_* dependency to receive appropriate artifacts - build_review_4_12 environment: *environment_4_12 resource_group: *env_4_12_name # OCP 4.14 build_review_4_14: extends: .build_review_template variables: DOMAIN: $DOMAIN_OPENSHIFT_4_14 TEST_CR_FILES_DIR: "config/test/overlays/k8s_1_25" dependencies: - image_certification create_review_4_14: extends: .create_review_template environment: &environment_4_14 name: &env_4_14_name openshift_4_14/$CI_COMMIT_SHORT_SHA$ENVIRONMENT_SUFFIX-$CI_COMMIT_REF_SLUG url: https://gitlab-$TESTS_NAMESPACE.$DOMAIN_OPENSHIFT_4_14 on_stop: stop_review_openshift_4_14 auto_stop_in: 1 hour needs: - build_review_4_14 review_4_14: extends: .review_template variables: DOMAIN: $DOMAIN_OPENSHIFT_4_14 TEST_CR_FILES_DIR: "config/test/overlays/k8s_1_25" before_script: - export KUBECONFIG="$KUBECONFIG_OCP_4_14" needs: - create_review_4_14 # we need build_* dependency to receive appropriate artifacts - build_review_4_14 environment: *environment_4_14 resource_group: *env_4_14_name # QA OCP 4.12 qa_4_12: extends: .qa stage: qa variables: DOMAIN: $DOMAIN_OPENSHIFT_4_12 needs: - review_4_12 qa_4_12_full_suite_trigger: extends: .qa_full_suite_trigger script: echo 'The job will trigger Full E2E suite against OpenShift 4.12' qa_4_12_full: extends: .qa stage: qa parallel: 7 variables: DOMAIN: $DOMAIN_OPENSHIFT_4_12 QA_OPTIONS: $QA_FULL_SUITE_OPTIONS needs: - review_4_12 - qa_4_12_full_suite_trigger # QA OCP 4.14 qa_4_14: extends: .qa stage: qa variables: DOMAIN: $DOMAIN_OPENSHIFT_4_14 needs: - review_4_14 qa_4_14_full_suite_trigger: extends: .qa_full_suite_trigger script: echo 'The job will trigger Full E2E suite against OpenShift 4.14' qa_4_14_full: extends: .qa stage: qa parallel: 7 variables: DOMAIN: $DOMAIN_OPENSHIFT_4_14 QA_OPTIONS: $QA_FULL_SUITE_OPTIONS needs: - review_4_14 - qa_4_14_full_suite_trigger stop_review_openshift_4_12: extends: .stop_review_template variables: DOMAIN: $DOMAIN_OPENSHIFT_4_12 before_script: - export KUBECONFIG="$KUBECONFIG_OCP_4_12" environment: name: *env_4_12_name action: stop needs: - build_review_4_12 stop_review_openshift_4_14: extends: .stop_review_template variables: DOMAIN: $DOMAIN_OPENSHIFT_4_14 before_script: - export KUBECONFIG="$KUBECONFIG_OCP_4_14" environment: name: *env_4_14_name action: stop needs: - build_review_4_14 image_certification: stage: certification variables: DOCKER_AUTH_FILE: /run/containers/0/auth.json REGISTRY_USER: $RH_CERTIFICATION_REGISTRY_USER REGISTRY_PASSWORD: $RH_CERTIFICATION_REGISTRY_PASSWORD COMPONENT_NAME: gitlab-operator image: registry.gitlab.com/gitlab-org/cloud-native/preflight:$PREFLIGHT_VERSION retry: 1 allow_failure: true before_script: - REGISTRY_USER=${REGISTRY_USER:-${CI_REGISTRY_USER:-unused}} - REGISTRY_PASSWORD=${REGISTRY_PASSWORD:-$CI_REGISTRY_PASSWORD} - podman login -u ${REGISTRY_USER} -p ${REGISTRY_PASSWORD} ${CI_REGISTRY} - '[[ -d reports ]] || mkdir reports' script: - CERTIFY_TAG=${CI_COMMIT_SHORT_SHA} - SUBMIT="" - REDHAT_PROJECT_ID=${REDHAT_PROJECT_ID:-$(yq eval ".${COMPONENT_NAME}.ospid" redhat-projects.yaml)} - | if [ -n "$REDHAT_PROJECT_ID" -a -n "$REDHAT_API_TOKEN" -a -n "${CI_COMMIT_TAG}" ] ; then echo "Image will be submitted to RedHat for Certification" SUBMIT="--submit" export PFLT_PYXIS_API_TOKEN="${REDHAT_API_TOKEN}" export PFLT_CERTIFICATION_PROJECT_ID="${REDHAT_PROJECT_ID}" CERTIFY_TAG=${CI_COMMIT_TAG:-${CERTIFY_TAG}} fi - CERTIFY_IMAGE="${CI_REGISTRY_IMAGE}:${CERTIFY_TAG}" - | for arch in ${BUILDX_ARCHS//,/ }; do echo "Running preflight certification check for ${CERTIFY_IMAGE} (${arch})" preflight check container ${CERTIFY_IMAGE} ${SUBMIT} \ --docker-config="${DOCKER_AUTH_FILE}" \ --platform="${arch}" \ > reports/${COMPONENT_NAME}-${arch}-cert.json test "$(jq .passed reports/${COMPONENT_NAME}-${arch}-cert.json)" == 'true' done artifacts: untracked: false paths: - reports/* rules: - !reference [.skip_if_docs_branch] - !reference [.skip_if_chart_version_pipeline] - !reference [.if_release_tag] - !reference [.if_redhat_certification] - !reference [.if_commit_branch_or_mr_branch] build_chart: stage: build script: - helm dependency build deploy/chart - helm package deploy/chart -d .build/ artifacts: untracked: false expire_in: 30 days paths: - ".build/gitlab-operator-*.tgz" rules: - !reference [.skip_if_docs_branch] - !reference [.if_release_tag] - !reference [.if_commit_branch_or_mr_branch] upload_chart: stage: publish image: curlimages/curl:latest needs: - build_chart rules: - !reference [.if_release_tag_on_dev] - !reference [.manual_if_release_tag] script: - set -- .build/gitlab-operator-*.tgz - | curl --request POST \ --user "gitlab-ci-token:${CI_JOB_TOKEN}" \ --form "chart=@$1" \ ${HELM_PACKAGE_URL} # Release chart to charts.gitlab.io release_chart: stage: publish image: curlimages/curl:latest needs: - build_chart rules: - !reference [.skip_if_dev_mirror] - !reference [.manual_if_release_tag] script: - export CHART_CLONE_SUBPATH=${CI_PROJECT_PATH#"gitlab-org/"} # Strip leading gitlab-org/ - curl -fS --request POST --form "token=${CHARTS_GITLAB_IO_TRIGGER_TOKEN}" --form ref=master --form "variables[CHART_NAME]=$CI_PROJECT_NAME" --form "variables[CHART_CLONE_SUBPATH]=$CHART_CLONE_SUBPATH" --form "variables[CHART_SOURCE_DIR]=deploy/chart" --form "variables[RELEASE_REF]=$CI_COMMIT_REF_NAME" https://gitlab.com/api/v4/projects/2860651/trigger/pipeline build_manifest: stage: build script: - export TAG=${CI_COMMIT_TAG:-${TAG}} - task build_operator - task build_operator_openshift artifacts: untracked: false expire_in: 30 days paths: - ${BUILD_DIR}/operator.yaml - ${BUILD_DIR}/operator-openshift.yaml rules: - !reference [.skip_if_docs_branch] - !reference [.if_release_tag] - !reference [.if_commit_branch_or_mr_branch] upload_manifest: stage: publish image: curlimages/curl:latest needs: - build_manifest rules: - !reference [.if_release_tag_on_dev] - !reference [.manual_if_release_tag] script: - | curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" \ --upload-file ${BUILD_DIR}/operator.yaml \ ${K8S_MANIFEST_URL}?status=default - | curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" \ --upload-file ${BUILD_DIR}/operator-openshift.yaml \ ${OCP_MANIFEST_URL}?status=default build_release_description: stage: build script: - ./scripts/add_gitlab_repo.sh - ./scripts/generate_release_message.sh "${CI_COMMIT_TAG}" | tee description.md artifacts: expire_in: 30 days paths: - './description.md' rules: - !reference [.if_release_tag] publish_release: # Caution, as of 2021-02-02 these assets links require a login, see: # https://gitlab.com/gitlab-org/gitlab/-/issues/299384 stage: release image: registry.gitlab.com/gitlab-org/release-cli:latest needs: - build_release_description - upload_manifest rules: - !reference [.if_release_tag] script: echo "Releasing $CI_COMMIT_TAG from ${K8S_MANIFEST_URL} and ${OCP_MANIFEST_URL}" release: name: "Release $CI_COMMIT_TAG" tag_name: "$CI_COMMIT_TAG" description: "./description.md" assets: links: - name: "gitlab-operator-kubernetes.yaml" url: "${K8S_MANIFEST_URL}" - name: "gitlab-operator-openshift.yaml" url: "${OCP_MANIFEST_URL}" # - name: "openshift-resources.yaml" # url: "${OCP_RESOURCES_URL}" trigger-public-release: stage: release image: "registry.gitlab.com/gitlab-org/gitlab-build-images:alpine-bash-jq-curl-git" variables: COM_API_OPERATOR_PROJECT_URL: "https://gitlab.com/api/v4/projects/18899486" script: - pipeline_id=$(curl -fS "${COM_API_OPERATOR_PROJECT_URL}/pipelines?ref=${CI_COMMIT_TAG}" | jq '.[0].id') - upload_manifest_job_id=$(curl -fS "${COM_API_OPERATOR_PROJECT_URL}/pipelines/${pipeline_id}/jobs" | jq '.[] | select(.name=="upload_manifest").id') - curl -fS --request POST --header "PRIVATE-TOKEN:${COM_OPERATOR_PROJECT_ACCESS_TOKEN}" "${COM_API_OPERATOR_PROJECT_URL}/jobs/${upload_manifest_job_id}/play" - upload_chart_job_id=$(curl -fS "${COM_API_OPERATOR_PROJECT_URL}/pipelines/${pipeline_id}/jobs" | jq '.[] | select(.name=="upload_chart").id') - curl -fS --request POST --header "PRIVATE-TOKEN:${COM_OPERATOR_PROJECT_ACCESS_TOKEN}" "${COM_API_OPERATOR_PROJECT_URL}/jobs/${upload_chart_job_id}/play" - release_chart_job_id=$(curl -fS "${COM_API_OPERATOR_PROJECT_URL}/pipelines/${pipeline_id}/jobs" | jq '.[] | select(.name=="release_chart").id') - curl -fS --request POST --header "PRIVATE-TOKEN:${COM_OPERATOR_PROJECT_ACCESS_TOKEN}" "${COM_API_OPERATOR_PROJECT_URL}/jobs/${release_chart_job_id}/play" rules: - !reference [.delayed_if_release_tag_on_dev] issue-bot: stage: report image: registry.gitlab.com/gitlab-org/distribution/issue-bot:latest variables: # Create issues for all forks in https://gitlab.com/gitlab-org/cloud-native/gitlab-operator. ISSUE_TRACKER_PROJECT_ID: "18899486" ISSUE_TRACKER_BASE_URL: "https://gitlab.com/" script: /issue-bot rules: - if: $ISSUE_BOT_API_TOKEN == null when: never - !reference [.skip_if_gitlab_chart_child_pipeline] - !reference [.on_failure_if_release_tag] - !reference [.on_failure_if_stable_branch] - !reference [.on_failure_if_default_branch] create_followup_issue: stage: followup image: registry.gitlab.com/gitlab-org/gitlab-build-images:alpine-bash-jq-curl-git allow_failure: true script: - content=$(sed -e "s/X.Y.Z/${CI_COMMIT_TAG}/g" .gitlab/issue_templates/release.md) - title="Publish Operator ${CI_COMMIT_TAG}" - | issue_id=$(curl -fS -H "PRIVATE-TOKEN: ${OPERATOR_RELEASE_ISSUE_TOKEN}" -X POST \ -d "title=${title}" -d "description=${content}" \ "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/issues" | jq '.iid') - echo "OPERATOR_RELEASE_ISSUE_ID=${issue_id}" >> followup_issue.env rules: - !reference [.if_release_tag_on_canonical] needs: - publish_release artifacts: reports: dotenv: followup_issue.env # Validate a operator release. Currently uses ocp 4.14 cluster. # When trigerred manually, it needs: # - OPERATOR_RELEASE_ISSUE_ID: the issue id of the followup issue # - OPERATOR_RELEASE_VERSION: the version of the operator release validate_release_4_14: stage: followup allow_failure: true image: name: registry.gitlab.com/gitlab-org/gitlab-build-images:alpine-bash-jq-curl-git variables: OPERATOR_RELEASE_ISSUE_ID: $OPERATOR_RELEASE_ISSUE_ID # from create_followup_issue dotenv, or manual input OPERATOR_RELEASE_PROJECT_ID: $CI_PROJECT_ID OPERATOR_RELEASE_VERSION: $CI_COMMIT_TAG OPERATOR_RELEASE_TOKEN: $OPERATOR_RELEASE_ISSUE_TOKEN # The issue bot OPERATOR_RELEASE_COMMENT: "true" # KUBECONFIG: $KUBECONFIG_OCP_4_14 # Override in before_script before_script: - apk add -U kubectl # TODO: consider to bundle kubectl in the image - export KUBECONFIG="$KUBECONFIG_OCP_4_14" # Use the CI cluster script: - ./scripts/release_validate.sh "${OPERATOR_RELEASE_VERSION}" rules: - if: !reference [.if_release_tag_on_canonical, if] when: delayed start_in: 3 day needs: - job: create_followup_issue artifacts: true - !reference [.manual_if_commit_branch_or_mr_branch] debug_chart_version: stage: prepare image: busybox script: - echo "$GITLAB_CHART_VERSION" - echo "$TESTS_NAMESPACE" - echo "$PIPELINE_TYPE" create_chart_pipelines: stage: prepare script: - | for cv in $(tail -n +2 CHART_VERSIONS) do _es="-${cv//./-}" sed -e "s/@@CHART@@/${cv}/g; s/@@SUFFIX@@/${_es}/g" ci/trigger-template.yml.tpl >> other_charts.yml done artifacts: when: on_success access: all paths: - other_charts.yml rules: - !reference [.skip_if_chart_version_pipeline] - !reference [.skip_if_gitlab_chart_child_pipeline] - if: '$GITLAB_CHART_VERSION == null' - if: $CI_PIPELINE_SOURCE == 'merge_request_event' other_chart_versions: stage: release needs: - create_chart_pipelines - job: build_branch_image optional: true artifacts: false - job: build_tag_image optional: true artifacts: false - job: build_latest_image optional: true artifacts: false trigger: include: - artifact: other_charts.yml job: create_chart_pipelines rules: - !reference [.skip_if_chart_version_pipeline] - !reference [.skip_if_gitlab_chart_child_pipeline] - !reference [.skip_if_release_tag] - !reference [.skip_if_docs_branch] - if: '$GITLAB_CHART_VERSION == null' - if: $CI_PIPELINE_SOURCE == 'merge_request_event' ## rules: ## - when: on_success