From 03e37623585042f5256aeeae426c6350bf3d4b04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 25 Sep 2025 12:20:24 +0200 Subject: [PATCH 1/5] Deduplicate Git NAME and EMAIL variables As an additional perk, I hope JOB_ID will make it easier to debug it something goes wrong with automated commits. (cherry picked from commit 43b96289554936028bf6acf0e8ee8b4216953998) --- .gitlab-ci.yml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 960f0189c7..3fdaf2f936 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -4,6 +4,12 @@ variables: # Locale settings do not affect the build, but might affect tests. LC_ALL: C + # automated commits will inherit identification from pipeline trigger + GIT_AUTHOR_NAME: "$GITLAB_USER_NAME (GitLab job $CI_JOB_ID)" + GIT_AUTHOR_EMAIL: "$GITLAB_USER_EMAIL" + GIT_COMMITTER_NAME: "$GIT_AUTHOR_NAME" + GIT_COMMITTER_EMAIL: "$GIT_AUTHOR_EMAIL" + CI_REGISTRY_IMAGE: registry.gitlab.isc.org/isc-projects/images/bind9 CCACHE_DIR: "/ccache" @@ -862,10 +868,6 @@ changelog: rules: - if: '$CI_MERGE_REQUEST_TITLE =~ /\s(dev|usr|pkg):/' variables: - GIT_AUTHOR_NAME: $GITLAB_USER_NAME - GIT_AUTHOR_EMAIL: $GITLAB_USER_EMAIL - GIT_COMMITTER_NAME: $GITLAB_USER_NAME - GIT_COMMITTER_EMAIL: $GITLAB_USER_EMAIL DOC_MAKE_TARGET: html before_script: - echo -e "$CI_MERGE_REQUEST_TITLE\n" > commitmsg @@ -2157,9 +2159,6 @@ pairwise: # post-merge processes should run even if another MR was merged while the job was running (or queued) interruptible: false variables: - # automated commits will inherit identification from the user who pressed Merge button - GIT_COMMITTER_NAME: $GITLAB_USER_NAME - GIT_COMMITTER_EMAIL: $GITLAB_USER_EMAIL # avoid leftover branches from previous jobs GIT_STRATEGY: clone # assumed max depth of a MR for backport or a rebased force-push From 697e241206d334417fb3198e2eaf060633b1fe33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 25 Sep 2025 12:22:41 +0200 Subject: [PATCH 2/5] Do not fail post-merge jobs after force-push Rebase happens in -sub branches regularly so these failures would produce log noice. (cherry picked from commit cbaf4fe6cd234da949c83894c197ceca92ac541b) --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3fdaf2f936..2cc0e7836f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -2168,7 +2168,7 @@ pairwise: - > echo "previous branch tip: $CI_COMMIT_BEFORE_SHA" - set +o pipefail; git log --format='%H' | grep --silent "$CI_COMMIT_BEFORE_SHA" && PREVIOUS_TIP_REACHABLE=1 - - test "$PREVIOUS_TIP_REACHABLE" != "1" && echo "force-push detected, stop" && exit 1 + - test "$PREVIOUS_TIP_REACHABLE" != "1" && echo "force-push detected, stop" && exit 0 # non-fast-forward merges are disabled so we have to have merge commit on top - MERGE_REQUEST_ID="$(git log -1 --format='%b' | sed --silent -e "s|^See merge request ${CI_PROJECT_PATH}\!||p")" - > From 3c4fb8625f19fb8f660bb1346ab6972a53c8fa93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 25 Sep 2025 13:21:23 +0200 Subject: [PATCH 3/5] Do not fail post-merge jobs if merge request reference is missing Push without merge request reference on top happens when merging tags back into the public project so these failures would produce log noise. (cherry picked from commit 545ef542a1cf3c6b7f24d44952fe055e237752d3) --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2cc0e7836f..ddb9d35642 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -2173,7 +2173,7 @@ pairwise: - MERGE_REQUEST_ID="$(git log -1 --format='%b' | sed --silent -e "s|^See merge request ${CI_PROJECT_PATH}\!||p")" - > : stop if this is not a merge request in the current project\'s namespace - - test -n "$MERGE_REQUEST_ID" + - test -n "$MERGE_REQUEST_ID" || exit 0 - git clone --depth 1 https://gitlab.isc.org/isc-projects/bind9-qa.git backports: From 8bf52ff025138b1c7f2c89d46d90bd46cd58fb33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 18 Sep 2025 16:15:05 +0200 Subject: [PATCH 4/5] Trigger rebase in private project after merge into the public one Actual rebase and push is handled by pipeline inside the private project. (cherry picked from commit d65ac00715da693c0ea71aa322bbcd63e6a10804) --- .gitlab-ci.yml | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ddb9d35642..5deec2b2be 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -310,10 +310,10 @@ stages: - if: '$CI_COMMIT_TAG != null' .rule_source_other_than_mr: &rule_source_other_than_mr - - if: '$CI_PIPELINE_SOURCE =~ /^(api|pipeline|schedule|trigger|web)$/' + - if: '$CI_PIPELINE_SOURCE =~ /^(api|pipeline|schedule|trigger|web)$/ && $REBASE_ONLY != "1"' .rule_source_all: &rule_source_all - - if: '$CI_PIPELINE_SOURCE =~ /^(api|merge_request_event|pipeline|schedule|trigger|web)$/' + - if: '$CI_PIPELINE_SOURCE =~ /^(api|merge_request_event|pipeline|schedule|trigger|web)$/ && $REBASE_ONLY != "1"' .api-pipelines-schedules-tags-triggers-web-triggering-rules: &api_pipelines_schedules_tags_triggers_web_triggering_rules rules: @@ -503,7 +503,7 @@ stages: # variables: # SHOTGUN_ROUNDS: 3 # - &shotgun_rule_other - # if: '$CI_PIPELINE_SOURCE =~ /^(api|pipeline|schedule|trigger|web)$/' + # if: '$CI_PIPELINE_SOURCE =~ /^(api|pipeline|schedule|trigger|web)$/ && $REBASE_ONLY != "1"' # when using data from a single run, the overall instability of the results # causes quite high false positive rate, rerun the test to attemp to reduce those retry: 1 @@ -1863,7 +1863,7 @@ customer-git:branch: - if: '$CI_PROJECT_NAMESPACE == "isc-private" && $CI_PIPELINE_SOURCE == "merge_request_event"' variables: BRANCH: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME' - - if: '$CI_PROJECT_NAMESPACE == "isc-private" && $CI_PIPELINE_SOURCE =~ /^(api|pipeline|trigger|web)$/' + - if: '$CI_PROJECT_NAMESPACE == "isc-private" && $CI_PIPELINE_SOURCE =~ /^(api|pipeline|trigger|web)$/ && $REBASE_ONLY != "1"' variables: BRANCH: '$CI_COMMIT_BRANCH' before_script: @@ -2075,7 +2075,7 @@ stress-test-child-pipeline: when: manual # don't run on each MR unless requested allow_failure: true - if: '$CI_COMMIT_TAG != null' - - if: '$CI_PIPELINE_SOURCE =~ /^(api|pipeline|schedule|trigger|web)$/' + - if: '$CI_PIPELINE_SOURCE =~ /^(api|pipeline|schedule|trigger|web)$/ && $REBASE_ONLY != "1"' trigger: include: - artifact: stress-test-configs.yml @@ -2192,3 +2192,17 @@ merged-metadata: - if: '$CI_PIPELINE_SOURCE == "push" && ($CI_COMMIT_REF_NAME =~ /^bind-9.[0-9]+(-sub)?$/ || $CI_COMMIT_REF_NAME =~ /^v9.[0-9]+.[0-9]+-release$/ || $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH)' script: - bind9-qa/releng/after_merge.py "$CI_PROJECT_ID" "$MERGE_REQUEST_ID" + +auto-rebase-trigger: + stage: postmerge + rules: + - if: '$CI_PROJECT_NAMESPACE == "isc-projects" && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME =~ /^bind-9.[0-9]+$/' + needs: [] + interruptible: true + inherit: + variables: false + variables: + REBASE_ONLY: 1 + trigger: + project: isc-private/bind9 + branch: "${CI_COMMIT_BRANCH}-sub" From 2a99eb5d092a136e02a2260bd8d5807d9727af0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 25 Sep 2025 14:24:45 +0200 Subject: [PATCH 5/5] Apply special git tag rules only in the private project We do not want to re-release tags we create in the private project anyway. Moreover pushing tags back into the public project after release caused to Gitlab to create tag pipelines which never finished, which was only confusing thing. (cherry picked from commit 675d9c74251fee8ec034e87bdd43e7da97119a5d) --- .gitlab-ci.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5deec2b2be..f5c4f53ea1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -307,7 +307,7 @@ stages: allow_failure: true # don't block the pipeline or the pipeline result .rule_tag: &rule_tag - - if: '$CI_COMMIT_TAG != null' + - if: '$CI_PROJECT_NAMESPACE == "isc-private" && $CI_COMMIT_TAG != null' .rule_source_other_than_mr: &rule_source_other_than_mr - if: '$CI_PIPELINE_SOURCE =~ /^(api|pipeline|schedule|trigger|web)$/ && $REBASE_ONLY != "1"' @@ -499,7 +499,7 @@ stages: when: manual # don't run on each MR unless requested allow_failure: true # - &shotgun_rule_tag - # if: '$CI_COMMIT_TAG != null' + # if: '$CI_PROJECT_NAMESPACE == "isc-private" && $CI_COMMIT_TAG != null' # variables: # SHOTGUN_ROUNDS: 3 # - &shotgun_rule_other @@ -1757,7 +1757,7 @@ release: - job: docs artifacts: true rules: - - if: '$CI_COMMIT_TAG != null' + - *rule_tag artifacts: paths: - "*-release" @@ -1801,7 +1801,7 @@ sign: - job: release artifacts: true rules: - - if: '$CI_COMMIT_TAG != null' + - *rule_tag when: manual allow_failure: false @@ -1879,7 +1879,7 @@ customer-git:tag: - job: release artifacts: false rules: - - if: '$CI_PROJECT_NAMESPACE == "isc-private" && $CI_COMMIT_TAG != null' + - *rule_tag before_script: - git clone --depth 1 https://gitlab.isc.org/isc-projects/bind9-qa.git - git clone --depth 1 "https://token:${ISC_CUSTOMERS_WRITE_TOKEN}@gitlab.isc.org/isc-customers/isc-customer-settings.git" @@ -2074,7 +2074,7 @@ stress-test-child-pipeline: - if: '$CI_MERGE_REQUEST_DIFF_BASE_SHA != null' when: manual # don't run on each MR unless requested allow_failure: true - - if: '$CI_COMMIT_TAG != null' + - *rule_tag - if: '$CI_PIPELINE_SOURCE =~ /^(api|pipeline|schedule|trigger|web)$/ && $REBASE_ONLY != "1"' trigger: include: