diff --git a/README.md b/README.md
index 31f737c8614e5ce6cae7f36abcbf4f98e2fe9594..e058330c6fdf9795628764605a8287f225a09989 100644
--- a/README.md
+++ b/README.md
@@ -89,7 +89,6 @@ It is bound to the `test` stage, and uses the following variables:
| :lock: `SONAR_GITLAB_TOKEN` | GitLab [access token](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html) with `api` scope. When set, activates the [Sonar GitLab plugin](https://github.com/gabrie-allaigre/sonar-gitlab-plugin/#plugins-properties) integration. | _none_ |
| `SONAR_BRANCH_ANALYSIS_DISABLED` | Set to `true` to disable automatic [Pull Request Analysis](https://docs.sonarqube.org/latest/analysis/pull-request/) and [Branch Analysis](https://docs.sonarqube.org/latest/branches/overview/) | _none_ (enabled) |
| `SONAR_GITLAB_ARGS` | Extra arguments to use with [Sonar GitLab plugin](https://github.com/gabrie-allaigre/sonar-gitlab-plugin/#plugins-properties) | `-Dsonar.gitlab.url=${CI_SERVER_URL} -Dsonar.gitlab.user_token=${SONAR_GITLAB_TOKEN} -Dsonar.gitlab.project_id=${CI_PROJECT_ID} -Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA} -Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}` |
-| `SONAR_AUTO_ON_DEV_DISABLED` | When set to `true`, SonarQube analysis becomes **manual** on development branches (automatic otherwise) | _none_ |
| `SONAR_QUALITY_GATE_ENABLED` | Set to `true` to enables check of SonarQube [Quality Gate](https://docs.sonarqube.org/latest/user-guide/quality-gates/) | _none_ (disabled) |
#### Automatic Branch Analysis & Pull Request Analysis
@@ -316,7 +315,7 @@ The key should not have a passphrase (see [how to generate a new SSH key pair](h
Specify :lock: `$GIT_PRIVATE_KEY` as protected project variable with the private part of the deploy key.
```PEM
------BEGIN OPENSSH PRIVATE KEY-----
+-----BEGIN 0PENSSH PRIVATE KEY-----
blablabla
-----END OPENSSH PRIVATE KEY-----
```
diff --git a/kicker.json b/kicker.json
index cc9e493494a18ea45787ba598530d87bd7060d17..b3bbba3c40e780f462358f20cacf309d37b72707 100644
--- a/kicker.json
+++ b/kicker.json
@@ -89,11 +89,6 @@
"default": "-Dsonar.gitlab.url=${CI_SERVER_URL} -Dsonar.gitlab.user_token=${SONAR_GITLAB_TOKEN} -Dsonar.gitlab.project_id=${CI_PROJECT_ID} -Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA} -Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}",
"advanced": true
},
- {
- "name": "SONAR_AUTO_ON_DEV_DISABLED",
- "description": "When set, SonarQube analysis becomes **manual** on development branches (automatic otherwise)",
- "type": "boolean"
- },
{
"name": "SONAR_QUALITY_GATE_ENABLED",
"description": "Enable blocking check of SonarQube [Quality Gate](https://docs.sonarqube.org/latest/user-guide/quality-gates/) (for `master` branch)",
diff --git a/templates/gitlab-ci-maven.yml b/templates/gitlab-ci-maven.yml
index 7bd78948e1706fd765da5cb178a56d00d3a2d51b..a1ee039d7c79dec6d408530d3c83170d8073c225 100644
--- a/templates/gitlab-ci-maven.yml
+++ b/templates/gitlab-ci-maven.yml
@@ -13,14 +13,33 @@
# program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
# Floor, Boston, MA 02110-1301, USA.
# =========================================================================================
-# default workflow rules
+# default workflow rules: Merge Request pipelines
workflow:
rules:
- # exclude merge requests
- - if: $CI_MERGE_REQUEST_ID
+ # prevent branch pipeline when an MR is open (prefer MR pipeline)
+ - if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS'
when: never
- when: always
+# test job prototype: implement adaptive pipeline rules
+.test-policy:
+ rules:
+ # on tag: auto & failing
+ - if: $CI_COMMIT_TAG
+ # on ADAPTIVE_PIPELINE_DISABLED: auto & failing
+ - if: '$ADAPTIVE_PIPELINE_DISABLED == "true"'
+ # on production or integration branch(es): auto & failing
+ - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
+ # early stage (dev branch, no MR): manual & non-failing
+ - if: '$CI_MERGE_REQUEST_ID == null && $CI_OPEN_MERGE_REQUESTS == null'
+ when: manual
+ allow_failure: true
+ # Draft MR: auto & non-failing
+ - if: '$CI_MERGE_REQUEST_TITLE =~ /^Draft:.*/'
+ allow_failure: true
+ # else (Ready MR): auto & failing
+ - when: on_success
+
variables:
# variabilized tracking image
TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master"
@@ -489,16 +508,7 @@ mvn-sonar:
# exclude if $SONAR_URL not set
- if: '$SONAR_URL == null || $SONAR_URL == ""'
when: never
- # on tags: auto
- - if: $CI_COMMIT_TAG
- # on production or integration: auto
- - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
- # else (non-production, non-integration branches): manual if $SONAR_AUTO_ON_DEV_DISABLED
- - if: '$SONAR_AUTO_ON_DEV_DISABLED == "true"'
- when: manual
- allow_failure: true
- # else: auto & allow failure
- - allow_failure: true
+ - !reference [.test-policy, rules]
mvn-dependency-check:
extends: .mvn-base
@@ -507,6 +517,12 @@ mvn-dependency-check:
dependencies: []
script:
- mvn ${TRACE+-X} $MAVEN_CLI_OPTS $mvn_settings_opt $java_proxy_args $MAVEN_DEPENDENCY_CHECK_ARGS
+ artifacts:
+ name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
+ expire_in: 1 day
+ when: always
+ paths:
+ - "${MAVEN_PROJECT_DIR}/**/target/dependency-check-report.*"
rules:
# on schedule: auto
- if: '$CI_PIPELINE_SOURCE == "schedule"'
@@ -515,12 +531,6 @@ mvn-dependency-check:
# all other cases: manual & non-blocking
- when: manual
allow_failure: true
- artifacts:
- name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
- expire_in: 1 day
- when: always
- paths:
- - "${MAVEN_PROJECT_DIR}/**/target/dependency-check-report.*"
mvn-forbid-snapshot-dependencies:
extends: .mvn-base
@@ -531,10 +541,7 @@ mvn-forbid-snapshot-dependencies:
# exclude if disabled
- if: '$MVN_FORBID_SNAPSHOT_DEPENDENCIES_DISABLED == "true"'
when: never
- # on production or integration branches: auto
- - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
- # else (feature branches): auto & non-blocking
- - allow_failure: true
+ - !reference [.test-policy, rules]
mvn-snapshot:
extends: .mvn-base