Show More
| @@ -56,6 +56,17 b' variables:' | |||||
| 56 | # starting. |
|
56 | # starting. | |
| 57 | needs: [] |
|
57 | needs: [] | |
| 58 |
|
58 | |||
|
|
59 | # dummy job that serve dependencies purpose | |||
|
|
60 | .dummy: | |||
|
|
61 | # smallest I know of | |||
|
|
62 | image: busybox | |||
|
|
63 | variables: | |||
|
|
64 | GIT_STRATEGY: none | |||
|
|
65 | CI_CLEVER_CLOUD_FLAVOR: "XS" | |||
|
|
66 | script: | |||
|
|
67 | - echo 'nothing to see here' | |||
|
|
68 | ||||
|
|
69 | ||||
| 59 | # a dummy job that only serve to trigger others |
|
70 | # a dummy job that only serve to trigger others | |
| 60 | # |
|
71 | # | |
| 61 | # This is useful for two reasons: |
|
72 | # This is useful for two reasons: | |
| @@ -63,15 +74,10 b' variables:' | |||||
| 63 | # - manual starting job cannot make the pipeline "fails" and block a merge, |
|
74 | # - manual starting job cannot make the pipeline "fails" and block a merge, | |
| 64 | # while "on_success" job depending on manual trigger works fine in that regard. |
|
75 | # while "on_success" job depending on manual trigger works fine in that regard. | |
| 65 | .trigger: |
|
76 | .trigger: | |
| 66 |
extends: |
|
77 | extends: | |
| 67 | # smallest I know of |
|
78 | - .all | |
| 68 | image: busybox |
|
79 | - .dummy | |
| 69 | when: manual |
|
80 | when: manual | |
| 70 | variables: |
|
|||
| 71 | GIT_STRATEGY: none |
|
|||
| 72 | CI_CLEVER_CLOUD_FLAVOR: "XS" |
|
|||
| 73 | script: |
|
|||
| 74 | - echo 'nothing to see here' |
|
|||
| 75 |
|
81 | |||
| 76 | .build-wheel: |
|
82 | .build-wheel: | |
| 77 | extends: .all |
|
83 | extends: .all | |
| @@ -472,21 +478,10 b' build-c-wheel-macos:' | |||||
| 472 | - wheels |
|
478 | - wheels | |
| 473 | expire_in: 1 week |
|
479 | expire_in: 1 week | |
| 474 |
|
480 | |||
| 475 | # Upload nightly build wheel on the heptapod registry on test success |
|
481 | ||
| 476 | # |
|
482 | .nightly_build_step: | |
| 477 | # At the time this task is added, since the mac wheels are built on shell |
|
|||
| 478 | # runner, those nightly are not be considered fully secured. |
|
|||
| 479 | # |
|
|||
| 480 | # In addition, since any job can upload package, pretty much anyone with CI |
|
|||
| 481 | # access can upload anything pretending to be any version. To fix it we would |
|
|||
| 482 | # have to prevent the CI token to upload to the registry and have dedicated |
|
|||
| 483 | # credential accessible only from protected branches. |
|
|||
| 484 | upload-wheel-nightly: |
|
|||
| 485 | extends: .all |
|
483 | extends: .all | |
| 486 | image: "registry.heptapod.net/mercurial/ci-images/twine:v3.0" |
|
|||
| 487 | stage: upload |
|
484 | stage: upload | |
| 488 | # because we don't want to upload only half of a wheel |
|
|||
| 489 | interruptible: false |
|
|||
| 490 | rules: |
|
485 | rules: | |
| 491 | - if: '$CI_COMMIT_BRANCH =~ $RE_BRANCH' |
|
486 | - if: '$CI_COMMIT_BRANCH =~ $RE_BRANCH' | |
| 492 | # note that at the time of writing this, this job depends on multiple |
|
487 | # note that at the time of writing this, this job depends on multiple | |
| @@ -502,18 +497,56 b' upload-wheel-nightly:' | |||||
| 502 | # if you need to test this, make it |
|
497 | # if you need to test this, make it | |
| 503 | # when: manual |
|
498 | # when: manual | |
| 504 | # allow_failure: true |
|
499 | # allow_failure: true | |
|
|
500 | ||||
|
|
501 | # a dummy job that gather greatly parallel object into one. | |||
|
|
502 | # | |||
|
|
503 | # It exists because gitlab-ci has a "50 jobs" limit on "needs" entries. | |||
|
|
504 | # (yes, this is sad) | |||
|
|
505 | # | |||
|
|
506 | .sink: | |||
|
|
507 | extends: | |||
|
|
508 | - .nightly_build_sink | |||
|
|
509 | - .dummy | |||
|
|
510 | ||||
|
|
511 | linux-test-result: | |||
|
|
512 | extends: .sink | |||
|
|
513 | needs: | |||
|
|
514 | - test-c | |||
|
|
515 | - test-3.8-c | |||
|
|
516 | - test-3.12-c | |||
|
|
517 | - test-3.13-c | |||
|
|
518 | ||||
|
|
519 | macos-test-result: | |||
|
|
520 | extends: .sink | |||
|
|
521 | needs: | |||
|
|
522 | - macos | |||
|
|
523 | ||||
|
|
524 | windows-test-result: | |||
|
|
525 | extends: .sink | |||
|
|
526 | needs: | |||
|
|
527 | - windows | |||
|
|
528 | ||||
|
|
529 | # Upload nightly build wheel on the heptapod registry on test success | |||
|
|
530 | # | |||
|
|
531 | # At the time this task is added, since the mac wheels are built on shell | |||
|
|
532 | # runner, those nightly are not be considered fully secured. | |||
|
|
533 | # | |||
|
|
534 | # In addition, since any job can upload package, pretty much anyone with CI | |||
|
|
535 | # access can upload anything pretending to be any version. To fix it we would | |||
|
|
536 | # have to prevent the CI token to upload to the registry and have dedicated | |||
|
|
537 | # credential accessible only from protected branches. | |||
|
|
538 | upload-wheel-nightly: | |||
|
|
539 | extends: .nightly_build_step | |||
|
|
540 | image: "registry.heptapod.net/mercurial/ci-images/twine:v3.0" | |||
|
|
541 | # because we don't want to upload only half of a wheel | |||
|
|
542 | interruptible: false | |||
| 505 | needs: |
|
543 | needs: | |
| 506 | - build-c-wheel |
|
544 | - build-c-wheel | |
| 507 | - build-c-wheel-macos |
|
545 | - build-c-wheel-macos | |
| 508 | - build-c-wheel-windows |
|
546 | - build-c-wheel-windows | |
| 509 |
- |
|
547 | - linux-test-result | |
| 510 | - macos |
|
548 | - macos-test-result | |
| 511 | # if we also requires windows to be happy, reach the "50 needed jobs" limit. |
|
549 | - windows-test-result | |
| 512 | # So we need some intermediate job to reduce the number. |
|
|||
| 513 | # - windows |
|
|||
| 514 | - test-3.8-c |
|
|||
| 515 | - test-3.12-c |
|
|||
| 516 | - test-3.13-c |
|
|||
| 517 | # It would be nice to be able to restrict that a bit to protected branch only |
|
550 | # It would be nice to be able to restrict that a bit to protected branch only | |
| 518 | variables: |
|
551 | variables: | |
| 519 | TWINE_USERNAME: gitlab-ci-token |
|
552 | TWINE_USERNAME: gitlab-ci-token | |
General Comments 0
You need to be logged in to leave comments.
Login now