Project

General

Profile

Actions

action #151675

closed

coordination #96596: [qe-core][CI] CI/CD and Coding style improvements

[qe-core] CI/CD gitlab forks should not deploy to OSD

Added by amanzini about 1 year ago. Updated 11 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Infrastructure
Target version:
QA (public, currently private due to #173521) - QE-Core: Ready
Start date:
2023-11-29
Due date:
% Done:

0%

Estimated time:
Difficulty:

Description

When I fork a JobGroup repo, it's required to setup APIKEY / APISECRET variables in order to let the CI run the checks.
If I am an openQA admin, when I push to master on my fork, the CI/CD runs check and, when passed, deploys the result to OSD.

This risks to propagate any error I can make in my fork to the global environment and can be avoided by running the CI/CD for deployment only on one "source-of-truth" repository, with a protected master branch.

Actions #1

Updated by amanzini about 1 year ago

  • Description updated (diff)
Actions #2

Updated by amanzini about 1 year ago

  • Description updated (diff)
Actions #3

Updated by szarate about 1 year ago

  • Parent task set to #96596
Actions #4

Updated by josegomezr about 1 year ago ยท Edited

GitLab does not support natively detection for Forks. It's invisible for the CI if the repo was the original or a fork.

However, a fork could be detected. Not the most pretty way but:

$CI_PROJECT_NAMESPACE says what's the Project Namespace (anything after gitlab.suse.de, anything before the actual repo name). See the docs.

something along the lines of:

  rules:
    - if: $CI_PROJECT_NAMESPACE == "%name of the main project namespace%"

should only schedule that pipeline job when it's on the main repo and not forks.

Actions #5

Updated by josegomezr about 1 year ago

  • Status changed from New to Workable
Actions #6

Updated by amanzini about 1 year ago

  • Subject changed from [qe-core] CI/CD gitlab forks deploy to OSD to [qe-core] CI/CD gitlab forks should not deploy to OSD
Actions #7

Updated by amanzini 11 months ago

  • Assignee set to amanzini
Actions #8

Updated by amanzini 11 months ago

  • Status changed from Workable to In Progress
Actions #9

Updated by amanzini 11 months ago

  • Status changed from In Progress to Feedback

MR: https://gitlab.suse.de/qe-core/qa-sle-functional-userspace/-/merge_requests/196

unfortunately we cannot use the newer rules: syntax, because there are already some only: conditions and they cannot be mixed.
As the only: keyword is deprecated, ideally we should rewrite the whole CI to use rules: keyword.

As proposal for a new ticket, when re-engineering the CI also make it deploy only the changed schedule[s] and not reuse .deploy-template: for both testing and deployment :)

Actions #10

Updated by amanzini 11 months ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF