Skip to content
Snippets Groups Projects
Commit 08a1b5e5 authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

feat: adaptive pipeline

BREAKING CHANGE: change default workflow from Branch pipeline to MR pipeline
parent 897b7a86
No related branches found
No related tags found
No related merge requests found
...@@ -89,7 +89,6 @@ It is bound to the `test` stage, and uses the following variables: ...@@ -89,7 +89,6 @@ It is bound to the `test` stage, and uses the following variables:
| :lock: `SONAR_GITLAB_TOKEN` | GitLab [access token](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html) with `api` scope. When set, activates the [Sonar GitLab plugin](https://github.com/gabrie-allaigre/sonar-gitlab-plugin/#plugins-properties) integration. | _none_ | | :lock: `SONAR_GITLAB_TOKEN` | GitLab [access token](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html) with `api` scope. When set, activates the [Sonar GitLab plugin](https://github.com/gabrie-allaigre/sonar-gitlab-plugin/#plugins-properties) integration. | _none_ |
| `SONAR_BRANCH_ANALYSIS_DISABLED` | Set to `true` to disable automatic [Pull Request Analysis](https://docs.sonarqube.org/latest/analysis/pull-request/) and [Branch Analysis](https://docs.sonarqube.org/latest/branches/overview/) | _none_ (enabled) | | `SONAR_BRANCH_ANALYSIS_DISABLED` | Set to `true` to disable automatic [Pull Request Analysis](https://docs.sonarqube.org/latest/analysis/pull-request/) and [Branch Analysis](https://docs.sonarqube.org/latest/branches/overview/) | _none_ (enabled) |
| `SONAR_GITLAB_ARGS` | Extra arguments to use with [Sonar GitLab plugin](https://github.com/gabrie-allaigre/sonar-gitlab-plugin/#plugins-properties) | `-Dsonar.gitlab.url=${CI_SERVER_URL} -Dsonar.gitlab.user_token=${SONAR_GITLAB_TOKEN} -Dsonar.gitlab.project_id=${CI_PROJECT_ID} -Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA} -Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}` | | `SONAR_GITLAB_ARGS` | Extra arguments to use with [Sonar GitLab plugin](https://github.com/gabrie-allaigre/sonar-gitlab-plugin/#plugins-properties) | `-Dsonar.gitlab.url=${CI_SERVER_URL} -Dsonar.gitlab.user_token=${SONAR_GITLAB_TOKEN} -Dsonar.gitlab.project_id=${CI_PROJECT_ID} -Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA} -Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}` |
| `SONAR_AUTO_ON_DEV_DISABLED` | When set to `true`, SonarQube analysis becomes **manual** on development branches (automatic otherwise) | _none_ |
| `SONAR_QUALITY_GATE_ENABLED` | Set to `true` to enables check of SonarQube [Quality Gate](https://docs.sonarqube.org/latest/user-guide/quality-gates/) | _none_ (disabled) | | `SONAR_QUALITY_GATE_ENABLED` | Set to `true` to enables check of SonarQube [Quality Gate](https://docs.sonarqube.org/latest/user-guide/quality-gates/) | _none_ (disabled) |
#### Automatic Branch Analysis & Pull Request Analysis #### Automatic Branch Analysis & Pull Request Analysis
...@@ -316,7 +315,7 @@ The key should not have a passphrase (see [how to generate a new SSH key pair](h ...@@ -316,7 +315,7 @@ The key should not have a passphrase (see [how to generate a new SSH key pair](h
Specify :lock: `$GIT_PRIVATE_KEY` as protected project variable with the private part of the deploy key. Specify :lock: `$GIT_PRIVATE_KEY` as protected project variable with the private part of the deploy key.
```PEM ```PEM
-----BEGIN OPENSSH PRIVATE KEY----- -----BEGIN 0PENSSH PRIVATE KEY-----
blablabla blablabla
-----END OPENSSH PRIVATE KEY----- -----END OPENSSH PRIVATE KEY-----
``` ```
......
...@@ -89,11 +89,6 @@ ...@@ -89,11 +89,6 @@
"default": "-Dsonar.gitlab.url=${CI_SERVER_URL} -Dsonar.gitlab.user_token=${SONAR_GITLAB_TOKEN} -Dsonar.gitlab.project_id=${CI_PROJECT_ID} -Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA} -Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}", "default": "-Dsonar.gitlab.url=${CI_SERVER_URL} -Dsonar.gitlab.user_token=${SONAR_GITLAB_TOKEN} -Dsonar.gitlab.project_id=${CI_PROJECT_ID} -Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA} -Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}",
"advanced": true "advanced": true
}, },
{
"name": "SONAR_AUTO_ON_DEV_DISABLED",
"description": "When set, SonarQube analysis becomes **manual** on development branches (automatic otherwise)",
"type": "boolean"
},
{ {
"name": "SONAR_QUALITY_GATE_ENABLED", "name": "SONAR_QUALITY_GATE_ENABLED",
"description": "Enable blocking check of SonarQube [Quality Gate](https://docs.sonarqube.org/latest/user-guide/quality-gates/) (for `master` branch)", "description": "Enable blocking check of SonarQube [Quality Gate](https://docs.sonarqube.org/latest/user-guide/quality-gates/) (for `master` branch)",
......
...@@ -13,14 +13,33 @@ ...@@ -13,14 +13,33 @@
# program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth # program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
# Floor, Boston, MA 02110-1301, USA. # Floor, Boston, MA 02110-1301, USA.
# ========================================================================================= # =========================================================================================
# default workflow rules # default workflow rules: Merge Request pipelines
workflow: workflow:
rules: rules:
# exclude merge requests # prevent branch pipeline when an MR is open (prefer MR pipeline)
- if: $CI_MERGE_REQUEST_ID - if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS'
when: never when: never
- when: always - when: always
# test job prototype: implement adaptive pipeline rules
.test-policy:
rules:
# on tag: auto & failing
- if: $CI_COMMIT_TAG
# on ADAPTIVE_PIPELINE_DISABLED: auto & failing
- if: '$ADAPTIVE_PIPELINE_DISABLED == "true"'
# on production or integration branch(es): auto & failing
- if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
# early stage (dev branch, no MR): manual & non-failing
- if: '$CI_MERGE_REQUEST_ID == null && $CI_OPEN_MERGE_REQUESTS == null'
when: manual
allow_failure: true
# Draft MR: auto & non-failing
- if: '$CI_MERGE_REQUEST_TITLE =~ /^Draft:.*/'
allow_failure: true
# else (Ready MR): auto & failing
- when: on_success
variables: variables:
# variabilized tracking image # variabilized tracking image
TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master" TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master"
...@@ -489,16 +508,7 @@ mvn-sonar: ...@@ -489,16 +508,7 @@ mvn-sonar:
# exclude if $SONAR_URL not set # exclude if $SONAR_URL not set
- if: '$SONAR_URL == null || $SONAR_URL == ""' - if: '$SONAR_URL == null || $SONAR_URL == ""'
when: never when: never
# on tags: auto - !reference [.test-policy, rules]
- if: $CI_COMMIT_TAG
# on production or integration: auto
- if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
# else (non-production, non-integration branches): manual if $SONAR_AUTO_ON_DEV_DISABLED
- if: '$SONAR_AUTO_ON_DEV_DISABLED == "true"'
when: manual
allow_failure: true
# else: auto & allow failure
- allow_failure: true
mvn-dependency-check: mvn-dependency-check:
extends: .mvn-base extends: .mvn-base
...@@ -507,6 +517,12 @@ mvn-dependency-check: ...@@ -507,6 +517,12 @@ mvn-dependency-check:
dependencies: [] dependencies: []
script: script:
- mvn ${TRACE+-X} $MAVEN_CLI_OPTS $mvn_settings_opt $java_proxy_args $MAVEN_DEPENDENCY_CHECK_ARGS - mvn ${TRACE+-X} $MAVEN_CLI_OPTS $mvn_settings_opt $java_proxy_args $MAVEN_DEPENDENCY_CHECK_ARGS
artifacts:
name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
expire_in: 1 day
when: always
paths:
- "${MAVEN_PROJECT_DIR}/**/target/dependency-check-report.*"
rules: rules:
# on schedule: auto # on schedule: auto
- if: '$CI_PIPELINE_SOURCE == "schedule"' - if: '$CI_PIPELINE_SOURCE == "schedule"'
...@@ -515,12 +531,6 @@ mvn-dependency-check: ...@@ -515,12 +531,6 @@ mvn-dependency-check:
# all other cases: manual & non-blocking # all other cases: manual & non-blocking
- when: manual - when: manual
allow_failure: true allow_failure: true
artifacts:
name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
expire_in: 1 day
when: always
paths:
- "${MAVEN_PROJECT_DIR}/**/target/dependency-check-report.*"
mvn-forbid-snapshot-dependencies: mvn-forbid-snapshot-dependencies:
extends: .mvn-base extends: .mvn-base
...@@ -531,10 +541,7 @@ mvn-forbid-snapshot-dependencies: ...@@ -531,10 +541,7 @@ mvn-forbid-snapshot-dependencies:
# exclude if disabled # exclude if disabled
- if: '$MVN_FORBID_SNAPSHOT_DEPENDENCIES_DISABLED == "true"' - if: '$MVN_FORBID_SNAPSHOT_DEPENDENCIES_DISABLED == "true"'
when: never when: never
# on production or integration branches: auto - !reference [.test-policy, rules]
- if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
# else (feature branches): auto & non-blocking
- allow_failure: true
mvn-snapshot: mvn-snapshot:
extends: .mvn-base extends: .mvn-base
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment