From 6e77bac074ce5f51d10fb808a8a875ac67aaa8b5 Mon Sep 17 00:00:00 2001
From: Graeme Gillies <ggillies@gitlab.com>
Date: Wed, 1 Mar 2023 12:23:05 +0000
Subject: [PATCH] Add `release-environments` child pipeline setup and build
 images

Part of https://gitlab.com/gitlab-com/gl-infra/delivery/-/issues/2674

In order to have commits to stable branches able to be deployed to
release environments for deployment testing and validation, we need
to build imags with the CNG project containing the contents of the
stable branches.

This change adds the work to get images built through the `CNG-mirror`
project for use by the release environments. These will only be built
on commits to a stable branch.
---
 .gitlab-ci.yml                                |  1 +
 .gitlab/ci/release-environments.gitlab-ci.yml | 22 +++++++
 .../release-environments/main.gitlab-ci.yml   | 62 +++++++++++++++++++
 .gitlab/ci/rules.gitlab-ci.yml                | 18 ++++++
 4 files changed, 103 insertions(+)
 create mode 100644 .gitlab/ci/release-environments.gitlab-ci.yml
 create mode 100644 .gitlab/ci/release-environments/main.gitlab-ci.yml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3b22e2fc21ea2..ddf9d9c956364 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -12,6 +12,7 @@ stages:
   - post-qa
   - pages
   - notify
+  - release-environments
 
 # always use `gitlab-org` runners, however
 # in cases where jobs require Docker-in-Docker, the job
diff --git a/.gitlab/ci/release-environments.gitlab-ci.yml b/.gitlab/ci/release-environments.gitlab-ci.yml
new file mode 100644
index 0000000000000..a9d9c938ee0c4
--- /dev/null
+++ b/.gitlab/ci/release-environments.gitlab-ci.yml
@@ -0,0 +1,22 @@
+---
+start-release-environments-pipeline:
+  allow_failure: true
+  extends:
+    - .release-environments:rules:start-release-environments-pipeline
+  stage: release-environments
+  # We do not want to have ALL global variables passed as trigger variables,
+  # as they cannot be overridden. See this issue for more context:
+  #
+  # https://gitlab.com/gitlab-org/gitlab/-/issues/387183
+  inherit:
+    variables: false
+
+  # These variables are set in the pipeline schedules.
+  # They need to be explicitly passed on to the child pipeline.
+  # https://docs.gitlab.com/ee/ci/pipelines/multi_project_pipelines.html#pass-cicd-variables-to-a-downstream-pipeline-by-using-the-variables-keyword
+  variables:
+    # This is needed by `release-environments-build-cng-env` (`.gitlab/ci/release-environments/main.gitlab-ci.yml`).
+    PARENT_PIPELINE_ID: $CI_PIPELINE_ID
+  trigger:
+    strategy: depend
+    include: .gitlab/ci/release-environments/main.gitlab-ci.yml
diff --git a/.gitlab/ci/release-environments/main.gitlab-ci.yml b/.gitlab/ci/release-environments/main.gitlab-ci.yml
new file mode 100644
index 0000000000000..e2fed0a6dbdcb
--- /dev/null
+++ b/.gitlab/ci/release-environments/main.gitlab-ci.yml
@@ -0,0 +1,62 @@
+---
+default:
+  interruptible: true
+
+stages:
+  - prepare
+
+include:
+  - local: .gitlab/ci/global.gitlab-ci.yml
+
+release-environments-build-cng-env:
+  allow_failure: true
+  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}-alpine3.16
+  stage: prepare
+  needs:
+    # We need this job because we need its `cached-assets-hash.txt` artifact, so that we can pass the assets image tag to the downstream CNG pipeline.
+    - pipeline: $PARENT_PIPELINE_ID
+      job: build-assets-image
+  variables:
+    BUILD_ENV: build.env
+  before_script:
+    - source ./scripts/utils.sh
+    - install_gitlab_gem
+  script:
+    - 'ruby -r./scripts/trigger-build.rb -e "puts Trigger.variables_for_env_file(Trigger::CNG.new.variables)" > $BUILD_ENV'
+    - echo "GITLAB_ASSETS_TAG=$(assets_image_tag)" >> $BUILD_ENV
+    - ruby -e 'puts "FULL_RUBY_VERSION=#{RUBY_VERSION}"' >> build.env
+    - cat $BUILD_ENV
+  artifacts:
+    reports:
+      dotenv: $BUILD_ENV
+    paths:
+      - $BUILD_ENV
+    expire_in: 7 days
+    when: always
+
+release-environments-build-cng:
+  allow_failure: true
+  stage: prepare
+  needs: ["release-environments-build-cng-env"]
+  inherit:
+    variables: false
+  variables:
+    GITLAB_REF_SLUG: "${GITLAB_REF_SLUG}"
+    # CNG pipeline specific variables
+    GITLAB_VERSION: "${GITLAB_VERSION}"
+    GITLAB_TAG: "${GITLAB_TAG}"
+    GITLAB_ASSETS_TAG: "${GITLAB_ASSETS_TAG}"
+    FORCE_RAILS_IMAGE_BUILDS: "${FORCE_RAILS_IMAGE_BUILDS}"
+    CE_PIPELINE: "${CE_PIPELINE}"  # Based on https://docs.gitlab.com/ee/ci/jobs/job_control.html#check-if-a-variable-exists, `if: '$CE_PIPELINE'` will evaluate to `false` when this variable is empty
+    EE_PIPELINE: "${EE_PIPELINE}"  # Based on https://docs.gitlab.com/ee/ci/jobs/job_control.html#check-if-a-variable-exists, `if: '$EE_PIPELINE'` will evaluate to `false` when this variable is empty
+    GITLAB_ELASTICSEARCH_INDEXER_VERSION: "${GITLAB_ELASTICSEARCH_INDEXER_VERSION}"
+    GITLAB_KAS_VERSION: "${GITLAB_KAS_VERSION}"
+    GITLAB_METRICS_EXPORTER_VERSION: "${GITLAB_METRICS_EXPORTER_VERSION}"
+    GITLAB_PAGES_VERSION: "${GITLAB_PAGES_VERSION}"
+    GITLAB_SHELL_VERSION: "${GITLAB_SHELL_VERSION}"
+    GITALY_SERVER_VERSION: "${GITALY_SERVER_VERSION}"
+    RUBY_VERSION: "${FULL_RUBY_VERSION}"
+  trigger:
+    project: gitlab-org/build/CNG-mirror
+    branch: $TRIGGER_BRANCH
+    strategy: depend
diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml
index 894dafca8c365..066654565b230 100644
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -1905,6 +1905,13 @@
       when: never
     - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable-ee$/'
 
+.releases:rules:canonical-dot-com-gitlab-stable-branch-only-setup-test-env-patterns:
+  rules:
+    - if: '$CI_COMMIT_MESSAGE =~ /\[merge-train skip\]/'
+      when: never
+    - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable-ee$/'
+      changes: *setup-test-env-patterns
+
 .releases:rules:canonical-dot-com-security-gitlab-stable-branch-only:
   rules:
     - if: '$CI_COMMIT_MESSAGE =~ /\[merge-train skip\]/'
@@ -2299,3 +2306,14 @@
     - <<: *if-dot-com-gitlab-org-merge-request
       changes: *feature-flag-development-config-patterns
       allow_failure: true  # See https://gitlab.com/gitlab-org/gitlab/-/issues/351136
+
+##############################
+# release-environments rules #
+##############################
+.release-environments:rules:start-release-environments-pipeline:
+  rules:
+    - <<: *if-not-ee
+      when: never
+    - <<: *if-merge-request-labels-pipeline-expedite
+      when: never
+    - !reference [".releases:rules:canonical-dot-com-gitlab-stable-branch-only-setup-test-env-patterns", rules]
-- 
GitLab