1. Patchew
  2. QEMU
  3. View series

[PATCH v2] gitlab: only let pages be published from default branch

Daniel P. Berrangé posted 1 patch 2 years, 9 months ago
Test checkpatch passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20210723113051.2792799-1-berrange@redhat.com
.gitlab-ci.d/buildtest.yml | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
[PATCH v2] gitlab: only let pages be published from default branch
Posted by Daniel P. Berrangé 2 years, 9 months ago 
GitLab will happily publish pages generated by the latest CI pipeline
from any branch:

https://docs.gitlab.com/ee/user/project/pages/introduction.html

  "Remember that GitLab Pages are by default branch/tag agnostic
   and their deployment relies solely on what you specify in
   .gitlab-ci.yml. You can limit the pages job with the only
   parameter, whenever a new commit is pushed to a branch used
   specifically for your pages."

The current "pages" job is not limited, so it is happily publishing
docs content from any branch/tag in qemu.git that gets pushed to.
This means we're potentially publishing from the "staging" branch
or worse from outdated "stable-NNN" branches

This change restricts it to only publish from the default branch
in the main repository. For contributor forks, however, we allow
it to publish from any branch, since users will have arbitrarily
named topic branches in flight at any time.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 .gitlab-ci.d/buildtest.yml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/.gitlab-ci.d/buildtest.yml b/.gitlab-ci.d/buildtest.yml
index 89df51517c..80b57b7082 100644
--- a/.gitlab-ci.d/buildtest.yml
+++ b/.gitlab-ci.d/buildtest.yml
@@ -663,6 +663,17 @@ build-tools-and-docs-debian:
 
 # Prepare for GitLab pages deployment. Anything copied into the
 # "public" directory will be deployed to $USER.gitlab.io/$PROJECT
+#
+# GitLab publishes from any branch that triggers a CI pipeline
+#
+# For the main repo we don't want to publish from 'staging'
+# since that content may not be pushed, nor do we wish to
+# publish from 'stable-NNN' branches as that content is outdated.
+# Thus we restrict to just the default branch
+#
+# For contributor forks we want to publish from any repo so
+# that users can see the results of their commits, regardless
+# of what topic branch they're currently using
 pages:
   image: $CI_REGISTRY_IMAGE/qemu/debian-amd64:latest
   stage: test
@@ -681,3 +692,10 @@ pages:
   artifacts:
     paths:
       - public
+  rules:
+    - if: '$CI_PROJECT_NAMESPACE == "qemu-project" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+      when: on_success
+    - if: '$CI_PROJECT_NAMESPACE == "qemu-project"'
+      when: never
+    - if: '$CI_PROJECT_NAMESPACE != "qemu-project"'
+      when: on_success
-- 
2.31.1
Re: [PATCH v2] gitlab: only let pages be published from default branch
Posted by Thomas Huth 2 years, 9 months ago 
On 23/07/2021 13.30, Daniel P. Berrangé wrote:
> GitLab will happily publish pages generated by the latest CI pipeline
> from any branch:
> 
> https://docs.gitlab.com/ee/user/project/pages/introduction.html
> 
>    "Remember that GitLab Pages are by default branch/tag agnostic
>     and their deployment relies solely on what you specify in
>     .gitlab-ci.yml. You can limit the pages job with the only
>     parameter, whenever a new commit is pushed to a branch used
>     specifically for your pages."
> 
> The current "pages" job is not limited, so it is happily publishing
> docs content from any branch/tag in qemu.git that gets pushed to.
> This means we're potentially publishing from the "staging" branch
> or worse from outdated "stable-NNN" branches
> 
> This change restricts it to only publish from the default branch
> in the main repository. For contributor forks, however, we allow
> it to publish from any branch, since users will have arbitrarily
> named topic branches in flight at any time.
> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>   .gitlab-ci.d/buildtest.yml | 18 ++++++++++++++++++
>   1 file changed, 18 insertions(+)
> 
> diff --git a/.gitlab-ci.d/buildtest.yml b/.gitlab-ci.d/buildtest.yml
> index 89df51517c..80b57b7082 100644
> --- a/.gitlab-ci.d/buildtest.yml
> +++ b/.gitlab-ci.d/buildtest.yml
> @@ -663,6 +663,17 @@ build-tools-and-docs-debian:
>   
>   # Prepare for GitLab pages deployment. Anything copied into the
>   # "public" directory will be deployed to $USER.gitlab.io/$PROJECT
> +#
> +# GitLab publishes from any branch that triggers a CI pipeline
> +#
> +# For the main repo we don't want to publish from 'staging'
> +# since that content may not be pushed, nor do we wish to
> +# publish from 'stable-NNN' branches as that content is outdated.
> +# Thus we restrict to just the default branch
> +#
> +# For contributor forks we want to publish from any repo so
> +# that users can see the results of their commits, regardless
> +# of what topic branch they're currently using
>   pages:
>     image: $CI_REGISTRY_IMAGE/qemu/debian-amd64:latest
>     stage: test
> @@ -681,3 +692,10 @@ pages:
>     artifacts:
>       paths:
>         - public
> +  rules:
> +    - if: '$CI_PROJECT_NAMESPACE == "qemu-project" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
> +      when: on_success
> +    - if: '$CI_PROJECT_NAMESPACE == "qemu-project"'
> +      when: never
> +    - if: '$CI_PROJECT_NAMESPACE != "qemu-project"'
> +      when: on_success
> 


Reviewed-by: Thomas Huth <thuth@redhat.com>
Re: [PATCH v2] gitlab: only let pages be published from default branch
Posted by Willian Rampazzo 2 years, 9 months ago 
On Fri, Jul 23, 2021 at 8:31 AM Daniel P. Berrangé <berrange@redhat.com> wrote:
>
> GitLab will happily publish pages generated by the latest CI pipeline
> from any branch:
>
> https://docs.gitlab.com/ee/user/project/pages/introduction.html
>
>   "Remember that GitLab Pages are by default branch/tag agnostic
>    and their deployment relies solely on what you specify in
>    .gitlab-ci.yml. You can limit the pages job with the only
>    parameter, whenever a new commit is pushed to a branch used
>    specifically for your pages."
>
> The current "pages" job is not limited, so it is happily publishing
> docs content from any branch/tag in qemu.git that gets pushed to.
> This means we're potentially publishing from the "staging" branch
> or worse from outdated "stable-NNN" branches
>
> This change restricts it to only publish from the default branch
> in the main repository. For contributor forks, however, we allow
> it to publish from any branch, since users will have arbitrarily
> named topic branches in flight at any time.
>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>  .gitlab-ci.d/buildtest.yml | 18 ++++++++++++++++++
>  1 file changed, 18 insertions(+)
>

Reviewed-by: Willian Rampazzo <willianr@redhat.com>
Re: [PATCH v2] gitlab: only let pages be published from default branch
Posted by Philippe Mathieu-Daudé 2 years, 9 months ago 
On 7/23/21 1:30 PM, Daniel P. Berrangé wrote:
> GitLab will happily publish pages generated by the latest CI pipeline
> from any branch:
> 
> https://docs.gitlab.com/ee/user/project/pages/introduction.html
> 
>   "Remember that GitLab Pages are by default branch/tag agnostic
>    and their deployment relies solely on what you specify in
>    .gitlab-ci.yml. You can limit the pages job with the only
>    parameter, whenever a new commit is pushed to a branch used
>    specifically for your pages."
> 
> The current "pages" job is not limited, so it is happily publishing
> docs content from any branch/tag in qemu.git that gets pushed to.
> This means we're potentially publishing from the "staging" branch
> or worse from outdated "stable-NNN" branches
> 
> This change restricts it to only publish from the default branch
> in the main repository. For contributor forks, however, we allow
> it to publish from any branch, since users will have arbitrarily
> named topic branches in flight at any time.
> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>  .gitlab-ci.d/buildtest.yml | 18 ++++++++++++++++++
>  1 file changed, 18 insertions(+)
> 
> diff --git a/.gitlab-ci.d/buildtest.yml b/.gitlab-ci.d/buildtest.yml
> index 89df51517c..80b57b7082 100644
> --- a/.gitlab-ci.d/buildtest.yml
> +++ b/.gitlab-ci.d/buildtest.yml
> @@ -663,6 +663,17 @@ build-tools-and-docs-debian:
>  
>  # Prepare for GitLab pages deployment. Anything copied into the
>  # "public" directory will be deployed to $USER.gitlab.io/$PROJECT
> +#
> +# GitLab publishes from any branch that triggers a CI pipeline
> +#
> +# For the main repo we don't want to publish from 'staging'
> +# since that content may not be pushed, nor do we wish to
> +# publish from 'stable-NNN' branches as that content is outdated.
> +# Thus we restrict to just the default branch
> +#
> +# For contributor forks we want to publish from any repo so
> +# that users can see the results of their commits, regardless
> +# of what topic branch they're currently using
>  pages:
>    image: $CI_REGISTRY_IMAGE/qemu/debian-amd64:latest
>    stage: test
> @@ -681,3 +692,10 @@ pages:
>    artifacts:
>      paths:
>        - public
> +  rules:
> +    - if: '$CI_PROJECT_NAMESPACE == "qemu-project" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
> +      when: on_success
> +    - if: '$CI_PROJECT_NAMESPACE == "qemu-project"'
> +      when: never
> +    - if: '$CI_PROJECT_NAMESPACE != "qemu-project"'
> +      when: on_success
> 

This is the same than:

  rules:
  - if: '$CI_PROJECT_NAMESPACE == "qemu-project" && $CI_COMMIT_BRANCH ==
$CI_DEFAULT_BRANCH'
  - if: '$CI_PROJECT_NAMESPACE != "qemu-project"'
  - when: never

But in your case defaults are explicit, so better.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Re: [PATCH v2] gitlab: only let pages be published from default branch
Posted by Daniel P. Berrangé 2 years, 9 months ago 
On Fri, Jul 23, 2021 at 02:41:47PM +0200, Philippe Mathieu-Daudé wrote:
> On 7/23/21 1:30 PM, Daniel P. Berrangé wrote:
> > GitLab will happily publish pages generated by the latest CI pipeline
> > from any branch:
> > 
> > https://docs.gitlab.com/ee/user/project/pages/introduction.html
> > 
> >   "Remember that GitLab Pages are by default branch/tag agnostic
> >    and their deployment relies solely on what you specify in
> >    .gitlab-ci.yml. You can limit the pages job with the only
> >    parameter, whenever a new commit is pushed to a branch used
> >    specifically for your pages."
> > 
> > The current "pages" job is not limited, so it is happily publishing
> > docs content from any branch/tag in qemu.git that gets pushed to.
> > This means we're potentially publishing from the "staging" branch
> > or worse from outdated "stable-NNN" branches
> > 
> > This change restricts it to only publish from the default branch
> > in the main repository. For contributor forks, however, we allow
> > it to publish from any branch, since users will have arbitrarily
> > named topic branches in flight at any time.
> > 
> > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> > ---
> >  .gitlab-ci.d/buildtest.yml | 18 ++++++++++++++++++
> >  1 file changed, 18 insertions(+)
> > 
> > diff --git a/.gitlab-ci.d/buildtest.yml b/.gitlab-ci.d/buildtest.yml
> > index 89df51517c..80b57b7082 100644
> > --- a/.gitlab-ci.d/buildtest.yml
> > +++ b/.gitlab-ci.d/buildtest.yml
> > @@ -663,6 +663,17 @@ build-tools-and-docs-debian:
> >  
> >  # Prepare for GitLab pages deployment. Anything copied into the
> >  # "public" directory will be deployed to $USER.gitlab.io/$PROJECT
> > +#
> > +# GitLab publishes from any branch that triggers a CI pipeline
> > +#
> > +# For the main repo we don't want to publish from 'staging'
> > +# since that content may not be pushed, nor do we wish to
> > +# publish from 'stable-NNN' branches as that content is outdated.
> > +# Thus we restrict to just the default branch
> > +#
> > +# For contributor forks we want to publish from any repo so
> > +# that users can see the results of their commits, regardless
> > +# of what topic branch they're currently using
> >  pages:
> >    image: $CI_REGISTRY_IMAGE/qemu/debian-amd64:latest
> >    stage: test
> > @@ -681,3 +692,10 @@ pages:
> >    artifacts:
> >      paths:
> >        - public
> > +  rules:
> > +    - if: '$CI_PROJECT_NAMESPACE == "qemu-project" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
> > +      when: on_success
> > +    - if: '$CI_PROJECT_NAMESPACE == "qemu-project"'
> > +      when: never
> > +    - if: '$CI_PROJECT_NAMESPACE != "qemu-project"'
> > +      when: on_success
> > 
> 
> This is the same than:
> 
>   rules:
>   - if: '$CI_PROJECT_NAMESPACE == "qemu-project" && $CI_COMMIT_BRANCH ==
> $CI_DEFAULT_BRANCH'
>   - if: '$CI_PROJECT_NAMESPACE != "qemu-project"'
>   - when: never
> 
> But in your case defaults are explicit, so better.

yeah, i find it confusing when the 'when:' clause is left out


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.