diff --git a/.gitlab/ci/qa.gitlab-ci.yml b/.gitlab/ci/qa.gitlab-ci.yml
index 89614742342c0138352bdae3bee702cd31dd16f0..3f62081ffda6ae76f94aec350e221d6d451e2375 100644
--- a/.gitlab/ci/qa.gitlab-ci.yml
+++ b/.gitlab/ci/qa.gitlab-ci.yml
@@ -224,7 +224,6 @@ e2e:test-on-cng:
PIPELINE_NAME: E2E CNG
DYNAMIC_PIPELINE_YML: test-on-cng-pipeline.yml
SKIP_MESSAGE: Skipping test-on-cng due to mr containing only quarantine changes!
- allow_failure: true # this pipeline is in MVP status, allow failure while flakiness metrics are gathered
e2e:code-suggestions-eval:
extends:
diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml
index 28d88e7ee8cf81b085258b34f0562c947ef18525..eacb1bc82d14b90b75d7a787751ebaf1b83c731c 100644
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -1720,7 +1720,7 @@
.qa:rules:e2e:test-on-cng:
rules:
- !reference [".qa:rules:package-and-test-never-run", rules]
- - <<: [*if-default-branch-schedule-nightly, *qa-e2e-test-schedule-variables]
+ - <<: [*if-dot-com-gitlab-org-schedule, *qa-e2e-test-schedule-variables]
- <<: *if-merge-request
changes: *qa-patterns
diff --git a/.gitlab/ci/test-on-cng/main.gitlab-ci.yml b/.gitlab/ci/test-on-cng/main.gitlab-ci.yml
index ea560725593ada37af83e40ff1d189d4562edf39..12205d71ac826adb13ac5d3e38fd83db7968ca2b 100644
--- a/.gitlab/ci/test-on-cng/main.gitlab-ci.yml
+++ b/.gitlab/ci/test-on-cng/main.gitlab-ci.yml
@@ -10,8 +10,15 @@ workflow:
rules:
- when: always
+.set-suite-status:
+ after_script:
+ - |
+ if [ "$CI_JOB_STATUS" == "failed" ]; then
+ echo "SUITE_FAILED=true" >> "$QA_SUITE_STATUS_ENV_FILE"
+ fi
+
.cng-base:
- image: registry.gitlab.com/gitlab-org/gitlab-build-images/${BUILD_OS}-${OS_VERSION}-ruby-${RUBY_VERSION}:bundler-${BUNDLER_VERSION}-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION}-kubectl-1.23-helm-3.14-kind-0.20
+ image: registry.gitlab.com/gitlab-org/gitlab-build-images/${BUILD_OS}-${OS_VERSION}-ruby-${RUBY_VERSION}:bundler-${BUNDLER_VERSION}-git-2.36-lfs-2.9-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION}-kubectl-1.23-helm-3.14-kind-0.20
stage: test
extends: .qa-cache
needs: [build-cng]
@@ -47,10 +54,6 @@ workflow:
- echo "Running - '$QA_COMMAND'"
- eval "$QA_COMMAND"
after_script:
- - |
- if [ "$CI_JOB_STATUS" == "failed" ]; then
- echo "SUITE_FAILED=true" >> "$QA_SUITE_STATUS_ENV_FILE"
- fi
- source scripts/qa/cng_deploy/cng-kind.sh
- echo -e "\e[0Ksection_start:`date +%s`:log_deploy[collapsed=true]\r\e[0KDeployment info"
- save_install_logs
@@ -92,22 +95,23 @@ download-knapsack-report:
# ==========================================
# Test stage
# ==========================================
-cng-qa-smoke:
- extends: .cng-base
- variables:
- QA_SCENARIO: Test::Instance::Smoke
-
-cng-qa-blocking:
+# Test suite against cng is still MVP, while we gather metrics, do not report failures
+cng-instance:
extends: .cng-base
variables:
- QA_SCENARIO: Test::Instance::Blocking
- parallel: 10
+ QA_SCENARIO: Test::Instance::All
+ parallel: 5
+ allow_failure: true
# Test run against environment with minimum supported redis version defined in lib/system_check/app/redis_version_check.rb
cng-qa-min-redis-version:
- extends: cng-qa-smoke
+ extends: .cng-base
variables:
+ QA_SCENARIO: Test::Instance::Smoke
REDIS_VERSION_TYPE: MIN_REDIS_VERSION
+ after_script:
+ - !reference [.set-suite-status, after_script]
+ - !reference [.cng-base, after_script]
# ==========================================
# Post test stage
diff --git a/qa/qa/specs/features/browser_ui/5_package/package_registry/conan_repository_spec.rb b/qa/qa/specs/features/browser_ui/5_package/package_registry/conan_repository_spec.rb
index 4d8a0a209610063618c8c4a78616b6a0f84027aa..daae7c488743b38a04b16877a83feb909646f12c 100644
--- a/qa/qa/specs/features/browser_ui/5_package/package_registry/conan_repository_spec.rb
+++ b/qa/qa/specs/features/browser_ui/5_package/package_registry/conan_repository_spec.rb
@@ -2,7 +2,10 @@
module QA
RSpec.describe 'Package', :object_storage, :external_api_calls, product_group: :package_registry, quarantine: {
- only: { job: 'object_storage', condition: -> { QA::Support::FIPS.enabled? } },
+ only: {
+ job: /object_storage|cng-instance/,
+ condition: -> { QA::Support::FIPS.enabled? }
+ },
issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/417584',
type: :bug
} do
@@ -34,7 +37,8 @@ module QA
Flow::Login.sign_in
Support::Retrier.retry_on_exception(max_attempts: 3, sleep_interval: 2) do
- conan_yaml = ERB.new(read_fixture('package_managers/conan', 'conan_upload_install_package.yaml.erb')).result(binding)
+ conan_yaml = ERB.new(read_fixture('package_managers/conan',
+ 'conan_upload_install_package.yaml.erb')).result(binding)
create(:commit, project: project, commit_message: 'Add .gitlab-ci.yml', actions: [
{ action: 'create', file_path: '.gitlab-ci.yml', content: conan_yaml }
diff --git a/scripts/qa/cng_deploy/cng-kind.sh b/scripts/qa/cng_deploy/cng-kind.sh
index 58875b7a1b23ddda7ca0d53baf83da16994999de..ed7b89a6d59e8dcce0338d07ed080cccb1914217 100644
--- a/scripts/qa/cng_deploy/cng-kind.sh
+++ b/scripts/qa/cng_deploy/cng-kind.sh
@@ -67,6 +67,12 @@ global:
gitlab:
license:
secret: gitlab-license
+ gitaly:
+ hooks:
+ preReceive:
+ configmap: pre-receive-hook
+ appConfig:
+ applicationSettingsCacheSeconds: 0
gitlab:
gitaly:
@@ -142,7 +148,7 @@ echo $values_file
}
function create_admin_password_secret() {
- log_with_header "Create the 'gitlab-initial-root-password' secret"
+ log_info "Create the 'gitlab-initial-root-password' secret"
kubectl create secret generic --namespace "${NAMESPACE}" \
"gitlab-initial-root-password" \
--from-literal="password=${GITLAB_ADMIN_PASSWORD}" \
@@ -150,13 +156,18 @@ function create_admin_password_secret() {
}
function create_license_secret() {
- log_with_header "Create the 'gitlab-license' secret"
+ log_info "Create the 'gitlab-license' secret"
kubectl create secret generic --namespace "${NAMESPACE}" \
"gitlab-license" \
--from-literal=license="${QA_EE_LICENSE}" \
--dry-run=client -o json | kubectl apply -f -
}
+function create_hook_configmap() {
+ log_info "Create 'pre-receive-hook' configmap"
+ kubectl create configmap pre-receive-hook --namespace ${NAMESPACE} --from-file $CI_PROJECT_DIR/scripts/qa/cng_deploy/config/hook.sh
+}
+
function add_root_token() {
cmd=$(
cat <<EOF
@@ -168,7 +179,7 @@ token.save!;
EOF
)
- log_with_header "Add root user PAT"
+ log_info "Add root user PAT"
local toolbox_pod=$(kubectl get pods --namespace ${NAMESPACE} -lapp=toolbox --no-headers -o=custom-columns=NAME:.metadata.name | tail -n 1)
kubectl exec --namespace "${NAMESPACE}" --container toolbox "${toolbox_pod}" -- gitlab-rails runner "${cmd}"
log "success!"
@@ -189,15 +200,17 @@ function deploy() {
local domain=$1
local values=$(chart_values $domain)
- log_with_header "Add gitlab chart repo"
+ log_with_header "Running pre-deploy setup"
+ log_info "Add gitlab chart repo"
helm repo add gitlab https://charts.gitlab.io/
helm repo update
- log_with_header "Create '${NAMESPACE} namespace'"
+ log_info "Create '${NAMESPACE} namespace'"
kubectl create namespace "$NAMESPACE"
create_license_secret
create_admin_password_secret
+ create_hook_configmap
log_with_header "Install GitLab"
log_info "Using following values.yml"
diff --git a/scripts/qa/cng_deploy/config/hook.sh b/scripts/qa/cng_deploy/config/hook.sh
new file mode 100755
index 0000000000000000000000000000000000000000..de39f247bfb261247e29169f9db873b2e7fdf322
--- /dev/null
+++ b/scripts/qa/cng_deploy/config/hook.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+if [[ $GL_PROJECT_PATH =~ 'reject-prereceive' ]]; then
+ echo 'GL-HOOK-ERR: Custom error message rejecting prereceive hook for projects with GL_PROJECT_PATH matching pattern reject-prereceive'
+ exit 1
+fi