Docker ci image/add dep and dependency checks jobs
What does this MR do?
Adds dep check
(executed on each Pipeline) and dep status -old
(to be executed with Pipeline Schedules) checks.
Why was this MR needed?
dep check
will ensure that any changes in dependencies added during development are properly finalized (so Gopkg.toml
, Gopkg.lock
and vendor/*
are consistent).
dep status
, executed from time to time with Pipeline schedule, will let us know if there are an updates of used dependencies, available for the constraints specified in Gopkg.toml
.
https://gitlab.com/gitlab-org/gitlab-runner/pipelines/32318340 shows an example of:
- a Pipeline that detects content of
vendor/
not in sync withGopkg.lock
- https://gitlab.com/gitlab-org/gitlab-runner/-/jobs/105837983 - a Pipeline that contains
dep status
job (started with a specific env variable, that will be used for Pipeline Schedule) and that finds available updates withdep status
- https://gitlab.com/gitlab-org/gitlab-runner/-/jobs/105837984
https://gitlab.com/gitlab-org/gitlab-runner/pipelines/32333735 shows an example of:
- a Pipeline that doesn't have
dep status
job (started from a normal push) - a Pipeline that confirms that
Gopkg.toml
,Gopkg.lock
andvendor/
are in sync - https://gitlab.com/gitlab-org/gitlab-runner/-/jobs/105895643
Are there points in the code the reviewer needs to double check?
Jobs were added to the Release
stage, just like Static QA
job, so we'll be able to test whole pipeline even if there will be some minor problems with dependencies. Maybe it's time to consider another stage introduced after Release
that would hold such tests.
Does this MR meet the acceptance criteria?
-
Documentation created/updated -
Added tests for this feature/bug -
In case of conflicts with master
- branch was rebased
What are the relevant issue numbers?
Follow up #3645