Skip to content
Snippets Groups Projects
Commit 742ceb27 authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

Merge branch 'feat/adaptive-pipeline' into 'master'

adaptive pipeline

See merge request to-be-continuous/maven!31
parents 897b7a86 08a1b5e5
No related branches found
No related tags found
No related merge requests found
......@@ -89,7 +89,6 @@ It is bound to the `test` stage, and uses the following variables:
| :lock: `SONAR_GITLAB_TOKEN` | GitLab [access token](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html) with `api` scope. When set, activates the [Sonar GitLab plugin](https://github.com/gabrie-allaigre/sonar-gitlab-plugin/#plugins-properties) integration. | _none_ |
| `SONAR_BRANCH_ANALYSIS_DISABLED` | Set to `true` to disable automatic [Pull Request Analysis](https://docs.sonarqube.org/latest/analysis/pull-request/) and [Branch Analysis](https://docs.sonarqube.org/latest/branches/overview/) | _none_ (enabled) |
| `SONAR_GITLAB_ARGS` | Extra arguments to use with [Sonar GitLab plugin](https://github.com/gabrie-allaigre/sonar-gitlab-plugin/#plugins-properties) | `-Dsonar.gitlab.url=${CI_SERVER_URL} -Dsonar.gitlab.user_token=${SONAR_GITLAB_TOKEN} -Dsonar.gitlab.project_id=${CI_PROJECT_ID} -Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA} -Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}` |
| `SONAR_AUTO_ON_DEV_DISABLED` | When set to `true`, SonarQube analysis becomes **manual** on development branches (automatic otherwise) | _none_ |
| `SONAR_QUALITY_GATE_ENABLED` | Set to `true` to enables check of SonarQube [Quality Gate](https://docs.sonarqube.org/latest/user-guide/quality-gates/) | _none_ (disabled) |
#### Automatic Branch Analysis & Pull Request Analysis
......@@ -316,7 +315,7 @@ The key should not have a passphrase (see [how to generate a new SSH key pair](h
Specify :lock: `$GIT_PRIVATE_KEY` as protected project variable with the private part of the deploy key.
```PEM
-----BEGIN OPENSSH PRIVATE KEY-----
-----BEGIN 0PENSSH PRIVATE KEY-----
blablabla
-----END OPENSSH PRIVATE KEY-----
```
......
......@@ -89,11 +89,6 @@
"default": "-Dsonar.gitlab.url=${CI_SERVER_URL} -Dsonar.gitlab.user_token=${SONAR_GITLAB_TOKEN} -Dsonar.gitlab.project_id=${CI_PROJECT_ID} -Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA} -Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}",
"advanced": true
},
{
"name": "SONAR_AUTO_ON_DEV_DISABLED",
"description": "When set, SonarQube analysis becomes **manual** on development branches (automatic otherwise)",
"type": "boolean"
},
{
"name": "SONAR_QUALITY_GATE_ENABLED",
"description": "Enable blocking check of SonarQube [Quality Gate](https://docs.sonarqube.org/latest/user-guide/quality-gates/) (for `master` branch)",
......
......@@ -13,14 +13,33 @@
# program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
# Floor, Boston, MA 02110-1301, USA.
# =========================================================================================
# default workflow rules
# default workflow rules: Merge Request pipelines
workflow:
rules:
# exclude merge requests
- if: $CI_MERGE_REQUEST_ID
# prevent branch pipeline when an MR is open (prefer MR pipeline)
- if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS'
when: never
- when: always
# test job prototype: implement adaptive pipeline rules
.test-policy:
rules:
# on tag: auto & failing
- if: $CI_COMMIT_TAG
# on ADAPTIVE_PIPELINE_DISABLED: auto & failing
- if: '$ADAPTIVE_PIPELINE_DISABLED == "true"'
# on production or integration branch(es): auto & failing
- if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
# early stage (dev branch, no MR): manual & non-failing
- if: '$CI_MERGE_REQUEST_ID == null && $CI_OPEN_MERGE_REQUESTS == null'
when: manual
allow_failure: true
# Draft MR: auto & non-failing
- if: '$CI_MERGE_REQUEST_TITLE =~ /^Draft:.*/'
allow_failure: true
# else (Ready MR): auto & failing
- when: on_success
variables:
# variabilized tracking image
TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master"
......@@ -489,16 +508,7 @@ mvn-sonar:
# exclude if $SONAR_URL not set
- if: '$SONAR_URL == null || $SONAR_URL == ""'
when: never
# on tags: auto
- if: $CI_COMMIT_TAG
# on production or integration: auto
- if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
# else (non-production, non-integration branches): manual if $SONAR_AUTO_ON_DEV_DISABLED
- if: '$SONAR_AUTO_ON_DEV_DISABLED == "true"'
when: manual
allow_failure: true
# else: auto & allow failure
- allow_failure: true
- !reference [.test-policy, rules]
mvn-dependency-check:
extends: .mvn-base
......@@ -507,6 +517,12 @@ mvn-dependency-check:
dependencies: []
script:
- mvn ${TRACE+-X} $MAVEN_CLI_OPTS $mvn_settings_opt $java_proxy_args $MAVEN_DEPENDENCY_CHECK_ARGS
artifacts:
name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
expire_in: 1 day
when: always
paths:
- "${MAVEN_PROJECT_DIR}/**/target/dependency-check-report.*"
rules:
# on schedule: auto
- if: '$CI_PIPELINE_SOURCE == "schedule"'
......@@ -515,12 +531,6 @@ mvn-dependency-check:
# all other cases: manual & non-blocking
- when: manual
allow_failure: true
artifacts:
name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
expire_in: 1 day
when: always
paths:
- "${MAVEN_PROJECT_DIR}/**/target/dependency-check-report.*"
mvn-forbid-snapshot-dependencies:
extends: .mvn-base
......@@ -531,10 +541,7 @@ mvn-forbid-snapshot-dependencies:
# exclude if disabled
- if: '$MVN_FORBID_SNAPSHOT_DEPENDENCIES_DISABLED == "true"'
when: never
# on production or integration branches: auto
- if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
# else (feature branches): auto & non-blocking
- allow_failure: true
- !reference [.test-policy, rules]
mvn-snapshot:
extends: .mvn-base
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment