cleanup of job template rules
The CI job templates and associated rules are in need of a cleanup.
TL;DR
parent | MR | train | gating | push | deployment | |
---|---|---|---|---|---|---|
generic linting | ||||||
generic tests | ||||||
image-specific tests | ||||||
downstream pipelines | ||||||
image build child pipelines | ||||||
dev/stage/prod image tagging |
Pipeline types
In general, there are only a few types of pipelines.
parent
)
parent pipelines (- these jobs run inside a child pipeline
- in an ideal world, one could think of a child pipeline as something atomic, so the rules should happen on the trigger job
- in rare cases it might be needed to switch some jobs to manual/allow_failure=true
MR
)
MR pipelines (- cannot be configured in any way
- should run everything
- deploy to MR environments automatically
- deploy to prod/staging via manual jobs
- triggers:
$CI_PIPELINE_SOURCE == 'merge_request_event' && $CI_MERGE_REQUEST_EVENT_TYPE != 'merge_train'
train
)
merge train pipelines (- should run final pre-merge sanity checks, but should not take too long
- are weird beasts regarding environments
- triggers:
$CI_PIPELINE_SOURCE == 'merge_request_event' && $CI_MERGE_REQUEST_EVENT_TYPE == 'merge_train'
gating
)
dependent gating pipelines (- running on the production branch
- check upstream changes, but this could also mean building derived images from e.g.
base
->cki-tools
- there are some wild chains like rhel-backport->containers->pipeline-definition+kernel-ark and containers/base->cki-tools->everything
- optionally limited via ONLY_JOB_NAME
- triggers:
$CI_PIPELINE_SOURCE == 'pipeline'
push
)
default branch and tag pipelines (- should run everything
- deploy to prod/staging automatically
- might be triggered via the web
- optionally limited via ONLY_JOB_NAME
- triggers:
-
$CI_PIPELINE_SOURCE == 'web'
(web) -
$CI_PIPELINE_SOURCE == 'push'
(merge/tags)
-
deployment
)
scheduled/bot-triggered (re)deployment pipelines (- running on the production branch
- deploy to prod/staging automatically
- optionally limited via ONLY_JOB_NAME
- triggers:
-
$CI_PIPELINE_SOURCE == 'schedule'
(schedule) -
$CI_PIPELINE_SOURCE == 'api'
(bot)
-
Job types
.lint
)
generic linting (- deployment-all linting jobs
.shellcheck
.test
)
generic tests (- tox/shellspec tests that run in the cki-tools image
.tox
.shellspec
.test
with IMAGE_NAME
)
image-specific tests (- tox/shellspec tests that run on the matrix of pipeline images
.tox
.shellspec
image build child pipelines
.build
.publish
.tag
dev/stage/prod image tagging
.deploy
Edited by Michael Hofmann