From 6183584ece99fc1bcd98c23bb6956af0d17789fe Mon Sep 17 00:00:00 2001 From: Hordur Freyr Yngvason Date: Tue, 26 Jan 2021 13:26:36 +0000 Subject: [PATCH] ci: skip most jobs on 'docs:' commits Since adding the test matrix, our CI has gotten heavy and more prone to random failures due to network flakiness. This adds unnecessary friction to docs-only contributions. Since we are using conventional commits, these should be exactly the commits where the subject line starts with 'docs:'. --- .gitlab-ci.yml | 1 + .gitlab/ci/build.gitlab-ci.yml | 2 ++ .gitlab/ci/chart.gitlab-ci.yml | 16 ++++++++++++---- .gitlab/ci/release.gitlab-ci.yml | 1 - .gitlab/ci/rules.gitlab-ci.yml | 11 +++++++++++ .gitlab/ci/shellcheck.gitlab-ci.yml | 4 ++++ .gitlab/ci/test.gitlab-ci.yml | 17 +++++++++++++++++ 7 files changed, 47 insertions(+), 5 deletions(-) create mode 100644 .gitlab/ci/rules.gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 01e8696..f7e18f1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -20,6 +20,7 @@ stages: - release include: + - local: .gitlab/ci/rules.gitlab-ci.yml - local: .gitlab/ci/build.gitlab-ci.yml - local: .gitlab/ci/shellcheck.gitlab-ci.yml - local: .gitlab/ci/test.gitlab-ci.yml diff --git a/.gitlab/ci/build.gitlab-ci.yml b/.gitlab/ci/build.gitlab-ci.yml index 4e8402d..50df156 100644 --- a/.gitlab/ci/build.gitlab-ci.yml +++ b/.gitlab/ci/build.gitlab-ci.yml @@ -1,4 +1,6 @@ build: + extends: + - .rules:except-docs stage: build image: docker:19.03.5 services: diff --git a/.gitlab/ci/chart.gitlab-ci.yml b/.gitlab/ci/chart.gitlab-ci.yml index 031814a..c2e2311 100644 --- a/.gitlab/ci/chart.gitlab-ci.yml +++ b/.gitlab/ci/chart.gitlab-ci.yml @@ -1,6 +1,5 @@ variables: SAST_DISABLE_DIND: "true" - SCAN_KUBERNETES_MANIFESTS: "true" include: - template: SAST.gitlab-ci.yml @@ -10,6 +9,8 @@ stages: - release .chart-job: + extends: + - .rules:except-docs image: "$BUILD_IMAGE_NAME" before_script: - cd assets/auto-deploy-app @@ -20,7 +21,17 @@ chart:lint: script: - helm lint . +# Redefines kubesec-sast from SAST.gitlab-ci.yml, because using `extends` in a +# job inherited from a template resets the inheritance chain. I.e. the job will +# only inherit from the jobs specified in `extends` (not from the template) kubesec-sast: + extends: + - .sast-analyzer + - .rules:except-docs + image: + name: "$SAST_ANALYZER_IMAGE" + variables: + SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/kubesec:$SAST_ANALYZER_IMAGE_TAG" variables: KUBESEC_HELM_CHARTS_PATH: 'assets/auto-deploy-app' KUBESEC_HELM_OPTIONS: '-f assets/auto-deploy-app/values.yaml' @@ -28,9 +39,6 @@ kubesec-sast: - cd assets/auto-deploy-app - helm repo add stable https://charts.helm.sh/stable - helm dependency build . - # we are using merge request pipelines, so we need to override the rules - rules: - - if: $SCAN_KUBERNETES_MANIFESTS == 'true' chart:test: extends: .chart-job diff --git a/.gitlab/ci/release.gitlab-ci.yml b/.gitlab/ci/release.gitlab-ci.yml index bdca3c0..f115d8b 100644 --- a/.gitlab/ci/release.gitlab-ci.yml +++ b/.gitlab/ci/release.gitlab-ci.yml @@ -4,7 +4,6 @@ # See README.md for more information # * If there is a new release it will tag the repository with the new release as the `ops-gitlab-net` # user - .semantic-release: image: node:12 stage: release diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml new file mode 100644 index 0000000..cc88fe5 --- /dev/null +++ b/.gitlab/ci/rules.gitlab-ci.yml @@ -0,0 +1,11 @@ +# Shared rules to be used with `extends`. +# +# NOTE: Since `rules` is an array, the child job definition cannot +# extend the rules further. Specifying rules in the child job would +# override the inherited rules entirely. + +.rules:except-docs: + rules: + - if: '$CI_COMMIT_MESSAGE =~ /\Adocs:/' + when: never + - when: on_success diff --git a/.gitlab/ci/shellcheck.gitlab-ci.yml b/.gitlab/ci/shellcheck.gitlab-ci.yml index 9725857..297a105 100644 --- a/.gitlab/ci/shellcheck.gitlab-ci.yml +++ b/.gitlab/ci/shellcheck.gitlab-ci.yml @@ -1,4 +1,6 @@ test-shellcheck: + extends: + - .rules:except-docs stage: test image: koalaman/shellcheck-alpine:stable needs: [] @@ -6,6 +8,8 @@ test-shellcheck: - shellcheck src/bin/auto-deploy test/verify-application-secret test/verify-deployment-database test-shfmt: + extends: + - .rules:except-docs stage: test image: name: mvdan/shfmt:v3.2.1-alpine diff --git a/.gitlab/ci/test.gitlab-ci.yml b/.gitlab/ci/test.gitlab-ci.yml index 417ee90..29d8025 100644 --- a/.gitlab/ci/test.gitlab-ci.yml +++ b/.gitlab/ci/test.gitlab-ci.yml @@ -1,4 +1,6 @@ .test-job: &test-job + extends: + - .rules:except-docs stage: test image: "$BUILD_IMAGE_NAME" interruptible: true @@ -418,6 +420,8 @@ test-chart-major-version-upgrade: - grep -q "allowed to force deploy" deploy.log || exit 1 test-upgrade-from-helm2-fails: + extends: + - .rules:except-docs image: docker:19.03.12 services: - docker:19.03.12-dind @@ -463,6 +467,8 @@ test-upgrade-from-helm2-fails: | grep 'Error: rendered manifests contain a resource that already exists.' rspec: + extends: + - .rules:except-docs stage: test image: ruby:2.7 before_script: @@ -480,3 +486,14 @@ commitlint: - npx --quiet commitlint --from="$CI_MERGE_REQUEST_DIFF_BASE_SHA" --help-url 'https://gitlab.com/gitlab-org/cluster-integration/auto-deploy-image#git-commit-guidelines' rules: - if: "$CI_MERGE_REQUEST_EVENT_TYPE != 'merge_train' && $CI_MERGE_REQUEST_DIFF_BASE_SHA" + +# This complements the except-docs rule in rules.gitlab-ci.yml to ensure that do +# not skip tests when code is *actually* changed. +assert-docs-only: + image: alpine + rules: + - if: '$CI_COMMIT_MESSAGE =~ /\Adocs:/' + before_script: + - apk add git + script: + - git diff --name-only HEAD~1 | grep -v '.md$' && exit 1 || exit 0 -- GitLab