From 1c12371c05d78e2640398461b830aab31578b669 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 25 Sep 2025 12:20:24 +0200 Subject: [PATCH 1/5] Deduplicate Git NAME and EMAIL variables As an additional perk, I hope JOB_ID will make it easier to debug it something goes wrong with automated commits. (cherry picked from commit 43b96289554936028bf6acf0e8ee8b4216953998) --- .gitlab-ci.yml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index df4e9a8807..f3cd485548 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -4,6 +4,12 @@ variables: # Locale settings do not affect the build, but might affect tests. LC_ALL: C + # automated commits will inherit identification from pipeline trigger + GIT_AUTHOR_NAME: "$GITLAB_USER_NAME (GitLab job $CI_JOB_ID)" + GIT_AUTHOR_EMAIL: "$GITLAB_USER_EMAIL" + GIT_COMMITTER_NAME: "$GIT_AUTHOR_NAME" + GIT_COMMITTER_EMAIL: "$GIT_AUTHOR_EMAIL" + CI_REGISTRY_IMAGE: registry.gitlab.isc.org/isc-projects/images/bind9 CCACHE_DIR: "/ccache" @@ -816,10 +822,6 @@ changelog: rules: - if: '$CI_MERGE_REQUEST_TITLE =~ /\s(dev|usr|pkg):/' variables: - GIT_AUTHOR_NAME: $GITLAB_USER_NAME - GIT_AUTHOR_EMAIL: $GITLAB_USER_EMAIL - GIT_COMMITTER_NAME: $GITLAB_USER_NAME - GIT_COMMITTER_EMAIL: $GITLAB_USER_EMAIL DOC_MAKE_TARGET: html before_script: - echo -e "$CI_MERGE_REQUEST_TITLE\n" > commitmsg @@ -1973,9 +1975,6 @@ pairwise: # post-merge processes should run even if another MR was merged while the job was running (or queued) interruptible: false variables: - # automated commits will inherit identification from the user who pressed Merge button - GIT_COMMITTER_NAME: $GITLAB_USER_NAME - GIT_COMMITTER_EMAIL: $GITLAB_USER_EMAIL # avoid leftover branches from previous jobs GIT_STRATEGY: clone # assumed max depth of a MR for backport or a rebased force-push From 5f5cf5f1e441d814f53225bc24157995797b1b54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 25 Sep 2025 12:22:41 +0200 Subject: [PATCH 2/5] Do not fail post-merge jobs after force-push Rebase happens in -sub branches regularly so these failures would produce log noice. (cherry picked from commit cbaf4fe6cd234da949c83894c197ceca92ac541b) --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f3cd485548..6a635f6825 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1984,7 +1984,7 @@ pairwise: - > echo "previous branch tip: $CI_COMMIT_BEFORE_SHA" - set +o pipefail; git log --format='%H' | grep --silent "$CI_COMMIT_BEFORE_SHA" && PREVIOUS_TIP_REACHABLE=1 - - test "$PREVIOUS_TIP_REACHABLE" != "1" && echo "force-push detected, stop" && exit 1 + - test "$PREVIOUS_TIP_REACHABLE" != "1" && echo "force-push detected, stop" && exit 0 # non-fast-forward merges are disabled so we have to have merge commit on top - MERGE_REQUEST_ID="$(git log -1 --format='%b' | sed --silent -e "s|^See merge request ${CI_PROJECT_PATH}\!||p")" - > From 25695f31c84d5870a687e08f8afc3d459fca6409 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 25 Sep 2025 13:21:23 +0200 Subject: [PATCH 3/5] Do not fail post-merge jobs if merge request reference is missing Push without merge request reference on top happens when merging tags back into the public project so these failures would produce log noise. (cherry picked from commit 545ef542a1cf3c6b7f24d44952fe055e237752d3) --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6a635f6825..6a1178508e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1989,7 +1989,7 @@ pairwise: - MERGE_REQUEST_ID="$(git log -1 --format='%b' | sed --silent -e "s|^See merge request ${CI_PROJECT_PATH}\!||p")" - > : stop if this is not a merge request in the current project\'s namespace - - test -n "$MERGE_REQUEST_ID" + - test -n "$MERGE_REQUEST_ID" || exit 0 - git clone --depth 1 https://gitlab.isc.org/isc-projects/bind9-qa.git backports: From 5ba88abdb1ec6109977d09c54e54da5c7a06ccab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 18 Sep 2025 16:15:05 +0200 Subject: [PATCH 4/5] Trigger rebase in private project after merge into the public one Actual rebase and push is handled by pipeline inside the private project. (cherry picked from commit d65ac00715da693c0ea71aa322bbcd63e6a10804) --- .gitlab-ci.yml | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6a1178508e..4bc24a330d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -279,10 +279,10 @@ stages: - if: '$CI_COMMIT_TAG != null' .rule_source_other_than_mr: &rule_source_other_than_mr - - if: '$CI_PIPELINE_SOURCE =~ /^(api|pipeline|schedule|trigger|web)$/' + - if: '$CI_PIPELINE_SOURCE =~ /^(api|pipeline|schedule|trigger|web)$/ && $REBASE_ONLY != "1"' .rule_source_all: &rule_source_all - - if: '$CI_PIPELINE_SOURCE =~ /^(api|merge_request_event|pipeline|schedule|trigger|web)$/' + - if: '$CI_PIPELINE_SOURCE =~ /^(api|merge_request_event|pipeline|schedule|trigger|web)$/ && $REBASE_ONLY != "1"' .api-pipelines-schedules-tags-triggers-web-triggering-rules: &api_pipelines_schedules_tags_triggers_web_triggering_rules rules: @@ -459,7 +459,7 @@ stages: # variables: # SHOTGUN_ROUNDS: 3 # - &shotgun_rule_other - # if: '$CI_PIPELINE_SOURCE =~ /^(api|pipeline|schedule|trigger|web)$/' + # if: '$CI_PIPELINE_SOURCE =~ /^(api|pipeline|schedule|trigger|web)$/ && $REBASE_ONLY != "1"' # when using data from a single run, the overall instability of the results # causes quite high false positive rate, rerun the test to attemp to reduce those retry: 1 @@ -1693,7 +1693,7 @@ customer-git:branch: - if: '$CI_PROJECT_NAMESPACE == "isc-private" && $CI_PIPELINE_SOURCE == "merge_request_event"' variables: BRANCH: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME' - - if: '$CI_PROJECT_NAMESPACE == "isc-private" && $CI_PIPELINE_SOURCE =~ /^(api|pipeline|trigger|web)$/' + - if: '$CI_PROJECT_NAMESPACE == "isc-private" && $CI_PIPELINE_SOURCE =~ /^(api|pipeline|trigger|web)$/ && $REBASE_ONLY != "1"' variables: BRANCH: '$CI_COMMIT_BRANCH' before_script: @@ -1907,7 +1907,7 @@ stress-test-child-pipeline: when: manual # don't run on each MR unless requested allow_failure: true - if: '$CI_COMMIT_TAG != null' - - if: '$CI_PIPELINE_SOURCE =~ /^(api|pipeline|schedule|trigger|web)$/' + - if: '$CI_PIPELINE_SOURCE =~ /^(api|pipeline|schedule|trigger|web)$/ && $REBASE_ONLY != "1"' trigger: include: - artifact: stress-test-configs.yml @@ -2008,3 +2008,17 @@ merged-metadata: - if: '$CI_PIPELINE_SOURCE == "push" && ($CI_COMMIT_REF_NAME =~ /^bind-9.[0-9]+(-sub)?$/ || $CI_COMMIT_REF_NAME =~ /^v9.[0-9]+.[0-9]+-release$/ || $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH)' script: - bind9-qa/releng/after_merge.py "$CI_PROJECT_ID" "$MERGE_REQUEST_ID" + +auto-rebase-trigger: + stage: postmerge + rules: + - if: '$CI_PROJECT_NAMESPACE == "isc-projects" && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME =~ /^bind-9.[0-9]+$/' + needs: [] + interruptible: true + inherit: + variables: false + variables: + REBASE_ONLY: 1 + trigger: + project: isc-private/bind9 + branch: "${CI_COMMIT_BRANCH}-sub" From 6b7e61ce1ed6dd1ea9f3881f5f8994f34af2e0e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 25 Sep 2025 14:24:45 +0200 Subject: [PATCH 5/5] Apply special git tag rules only in the private project We do not want to re-release tags we create in the private project anyway. Moreover pushing tags back into the public project after release caused to Gitlab to create tag pipelines which never finished, which was only confusing thing. (cherry picked from commit 675d9c74251fee8ec034e87bdd43e7da97119a5d) --- .gitlab-ci.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4bc24a330d..eaec374bb7 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -276,7 +276,7 @@ stages: allow_failure: true # don't block the pipeline or the pipeline result .rule_tag: &rule_tag - - if: '$CI_COMMIT_TAG != null' + - if: '$CI_PROJECT_NAMESPACE == "isc-private" && $CI_COMMIT_TAG != null' .rule_source_other_than_mr: &rule_source_other_than_mr - if: '$CI_PIPELINE_SOURCE =~ /^(api|pipeline|schedule|trigger|web)$/ && $REBASE_ONLY != "1"' @@ -455,7 +455,7 @@ stages: when: manual # don't run on each MR unless requested allow_failure: true # - &shotgun_rule_tag - # if: '$CI_COMMIT_TAG != null' + # if: '$CI_PROJECT_NAMESPACE == "isc-private" && $CI_COMMIT_TAG != null' # variables: # SHOTGUN_ROUNDS: 3 # - &shotgun_rule_other @@ -1587,7 +1587,7 @@ release: - job: docs:pdf artifacts: true rules: - - if: '$CI_COMMIT_TAG != null' + - *rule_tag artifacts: paths: - "*-release" @@ -1631,7 +1631,7 @@ sign: - job: release artifacts: true rules: - - if: '$CI_COMMIT_TAG != null' + - *rule_tag when: manual allow_failure: false @@ -1709,7 +1709,7 @@ customer-git:tag: - job: release artifacts: false rules: - - if: '$CI_PROJECT_NAMESPACE == "isc-private" && $CI_COMMIT_TAG != null' + - *rule_tag before_script: - git clone --depth 1 https://gitlab.isc.org/isc-projects/bind9-qa.git - git clone --depth 1 "https://token:${ISC_CUSTOMERS_WRITE_TOKEN}@gitlab.isc.org/isc-customers/isc-customer-settings.git" @@ -1906,7 +1906,7 @@ stress-test-child-pipeline: - if: '$CI_MERGE_REQUEST_DIFF_BASE_SHA != null' when: manual # don't run on each MR unless requested allow_failure: true - - if: '$CI_COMMIT_TAG != null' + - *rule_tag - if: '$CI_PIPELINE_SOURCE =~ /^(api|pipeline|schedule|trigger|web)$/ && $REBASE_ONLY != "1"' trigger: include: