.gitlab-ci.yml

stages:
  - check
  - prepare
  - tests
  - post-test
  - update-cache
  - package
  - image
  - scan-dependencies
  - staging_upload
  - package-and-image-release
  - validate
  - metrics
  - slow_jobs
  - raspbian-release
  - aws-marketplace-release
  - notification_fail
  - trigger-package
  - trigger-docker
  - trigger-ha-validate
  - trigger-qa
  - verify

include:
  - local: '/gitlab-ci-config/workflow-rules.yml'
  - local: '/gitlab-ci-config/dev-gitlab-org.yml'
  - local: '/gitlab-ci-config/gitlab-com.yml'
    rules:
      - if: '$CI_SERVER_HOST == "gitlab.com"'

default:
  tags:
    - gitlab-org

variables:
  # BUILDER_IMAGE_REGISTRY is set to
  # `dev.gitlab.org:5005/cookbooks/gitlab-omnibus-builder` in the project
  # settings of omnibus-gitlab mirror in dev.gitlab.org so that builds there
  # will use images from that registry and not depend on GitLab.com
  BUILDER_IMAGE_REGISTRY: "registry.gitlab.com/gitlab-org/gitlab-omnibus-builder"
  PUBLIC_BUILDER_IMAGE_REGISTRY: "registry.gitlab.com/gitlab-org/gitlab-omnibus-builder"
  BUILDER_IMAGE_REVISION: "4.1.0"
  # The registry to pull the assets image from
  ASSET_REGISTRY: "${CI_REGISTRY}"
  ASSET_SYNC_EXISTING_REMOTE_FILES: "keep"
  ASSET_SYNC_GZIP_COMPRESSION: "true"
  ASSET_PATH: "assets-${CI_COMMIT_REF_SLUG}"
  COMPILE_ASSETS: "false"
  RUBY_IMAGE: "ruby:2.7"
  BUNDLE_PATH__SYSTEM: "false"
  # Format of the auto-deploy tag for auto-deploy builds.
  # https://gitlab.com/gitlab-org/release/docs/blob/master/general/deploy/auto-deploy.md#auto-deploy-tagging
  AUTO_DEPLOY_TAG_REGEX: '^\d+\.\d+\.\d+\+[^ ]{7,}\.[^ ]{7,}$'
  # Default environment for auto-deploy
  AUTO_DEPLOY_ENVIRONMENT: 'pre'
  OMNIBUS_GITLAB_MIRROR_ID: "14588374"
  DOCS_GITLAB_REPO_SUFFIX: "omnibus"
  CACHE_KEY_SUFFIX: '-v1'
  CACHE_EDITION: "CE"
  QA_BRANCH: 'master'
  ISSUE_BOT_LABELS_EXTRA: "group::distribution"
  BUNDLER_VERSION: "2.3.22"
  GET_GEO_TAG: "0.4.0"

### For services that need a docker daemon
.docker_job: &docker_job
  image: "${BUILDER_IMAGE_REGISTRY}/ruby_docker:${BUILDER_IMAGE_REVISION}"
  variables:
    DOCKER_DRIVER: overlay2
    DOCKER_HOST: tcp://docker:2375
  services:
    - name: docker:20.10.2-dind
      alias: localhost
  tags:
    - gitlab-org-docker

.gems-cache:
  cache:
    key: "gems-cache-${BUILDER_IMAGE_REVISION}${CACHE_KEY_SUFFIX}"
    paths:
      - gems
    policy: pull

before_script:
  - echo "PIPELINE_TYPE detected as ${PIPELINE_TYPE}"
  - export CE_ONLY=(Raspberry)
  - export EE_ONLY=(SLES RAT)
  - for job in "${CE_ONLY[@]}"; do
      if [[ "${CI_JOB_NAME}" =~ ${job} ]]; then
        if ./support/is_gitlab_ee.sh; then
          echo "EE build found. ${CI_JOB_NAME} is run only on CE builds";
          exit 0 ;
        fi;
      fi;
    done
  - for job in "${EE_ONLY[@]}"; do
      if [[ "${CI_JOB_NAME}" =~ ${job} ]]; then
        if ! ./support/is_gitlab_ee.sh; then
          echo "CE build found. ${CI_JOB_NAME} is run only on EE builds";
          exit 0 ;
        fi;
      fi;
    done
  - echo $NIGHTLY
  - mkdir -p ~/.ssh
  - mkdir -p ~/.aws
  - mkdir -p cache
  - if [ -n "$DEV_GITLAB_SSH_KEY" ]; then
      echo "$DEV_GITLAB_SSH_KEY" > ~/.ssh/id_rsa;
      cp support/known_hosts ~/.ssh/known_hosts;
      chmod -R 0600 ~/.ssh/;
    fi
  - bash scripts/ci/prepare_bundle.sh
  - if [ -n "$NIGHTLY" ]; then export STAGING_REPO=nightly-builds; export FIPS_STAGING_REPO=nightly-fips-builds; fi

fetch-assets:
  extends: .docker_job
  stage: prepare
  timeout: 1 hour
  before_script: []
  script:
    - export VERSION=${GITLAB_ASSETS_TAG-${GITLAB_REF_SLUG-$(ruby -I. -e 'require "lib/gitlab/version"; puts Gitlab::Version.new("gitlab-rails").print')}}
    - support/fetch_assets "${VERSION}"
  artifacts:
    paths:
      - ${ASSET_PATH}
  rules:
    - if: '$COMPILE_ASSETS == "true"'
      when: never
    # NOTE (rspeicher): Checking `$AUTO_DEPLOY_COMPILE_ASSETS` as a feature flag
    # See https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5805
    - if: '$AUTO_DEPLOY_COMPILE_ASSETS && $PIPELINE_TYPE =~ /AUTO_DEPLOY_BUILD_PIPELINE$/'
      when: never
    # Run on all pipelines including a package build (except auto-deploy tag
    # covered above)
    - if: '$PIPELINE_TYPE =~ /_BUILD_PIPELINE$/'
    - if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/'
    - if: '$PIPELINE_TYPE == "TRIGGER_CACHE_UPDATE_PIPELINE"'
    - if: '$PIPELINE_TYPE == "DURATION_PLOTTER_PIPELINE"'

generate-facts:
  extends: .gems-cache
  stage: prepare
  image: "${BUILDER_IMAGE_REGISTRY}/ruby_docker:${BUILDER_IMAGE_REVISION}"
  script:
    - mkdir -p build_facts
    - bundle exec omnibus manifest gitlab -l nothing 2> /dev/null > build_facts/version-manifest.json
    - bundle exec rake build:generate_facts
  artifacts:
    paths:
      - build_facts
    reports:
      dotenv: build_facts/env_vars
  rules:
    - if: '$PIPELINE_TYPE =~ /_BUILD_PIPELINE$/'
    - if: '$PIPELINE_TYPE == "TRIGGER_CACHE_UPDATE_PIPELINE"'
    - if: '$PIPELINE_TYPE == "GITLAB_BRANCH_TEST_PIPELINE"'
    - if: '$PIPELINE_TYPE == "GITLAB_MR_PIPELINE"'
    - if: '$PIPELINE_TYPE =~ /TRIGGERED_(CE|EE)_PIPELINE/'
    - if: '$PIPELINE_TYPE == "DEPS_IO_VERSION_BUMP_PIPELINE"'
    - if: '$PIPELINE_TYPE == "DEPENDENCY_SCANNING_PIPELINE"'
    - if: '$PIPELINE_TYPE == "FORK_MR_PIPELINE"'
    - when: never
  needs: []

.notify:
  before_script:
    - apk add --no-cache curl
  image: "alpine"
  stage: notification_fail

notify:slack-fail:scheduled-master:
  extends:
    - .notify
  script:
    - ./support/notify_slack.sh "#qa-master" "☠️ Scheduled omnibus-build against master failed! ☠️ See $CI_PIPELINE_URL (triggered from $TOP_UPSTREAM_SOURCE_JOB)"
  rules:
    - if: '$TOP_UPSTREAM_SOURCE_JOB == null || $TOP_UPSTREAM_SOURCE_REF != "master"'
      when: never
    - if: '$PIPELINE_TYPE == "TRIGGERED_EE_PIPELINE"'
      when: on_failure

issue-bot:
  stage: notification_fail
  image: registry.gitlab.com/gitlab-org/distribution/issue-bot:latest
  script: /issue-bot
  rules:
    - if: '$CI_COMMIT_REF_NAME != $CI_DEFAULT_BRANCH'
      when: never
    - if: '$PIPELINE_TYPE == "PROTECTED_TEST_PIPELINE"'
      when: on_failure