From 2d77bb030cef4c48f4743d2495bbac63b9639f0c Mon Sep 17 00:00:00 2001
From: Felix Gerking <felix.gerking@garz-fricke.com>
Date: Wed, 23 Feb 2022 17:41:43 +0100
Subject: [PATCH] CI: Add gitlab-ci for reproducible builds

BCS 746-000016
---
 .gitlab-ci     |   1 +
 .gitlab-ci.yml | 122 +++++++++++++++++++++++++++++++++++++++++++++++++
 .gitmodules    |   3 ++
 3 files changed, 126 insertions(+)
 create mode 160000 .gitlab-ci
 create mode 100644 .gitlab-ci.yml
 create mode 100644 .gitmodules

diff --git a/.gitlab-ci b/.gitlab-ci
new file mode 160000
index 0000000..610e4a4
--- /dev/null
+++ b/.gitlab-ci
@@ -0,0 +1 @@
+Subproject commit 610e4a46b18fd050a0cbf030a9a83ae01e764b22
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..6f7b0b0
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,122 @@
+# ---------------------------------------------------------------------------------------
+# Global
+# ---------------------------------------------------------------------------------------
+image: "${CI_IMAGES}/python/3.9:99e363bc5feaa27ff18dbe7731a76ff04d7d0deb"
+
+stages:
+  - integrate
+  - merge
+  - build
+  - check
+
+variables:
+  # CI_IMAGES_BASEPATH: Environment variable configure in gitlab
+  CI_IMAGES: ${CI_IMAGES_BASEPATH}/ci-images
+  # Include git submodules
+  GIT_SUBMODULE_STRATEGY: recursive
+  # FIXME: due to a missing feature in GitLab we cannot use this variable
+  # in the build stage further down this file. If it ever changes, it has
+  # to be changed there too.
+  # (https://gitlab.com/gitlab-org/gitlab/-/issues/249583)
+  MANIFEST_PROJECT: ${CI_PROJECT_ROOT_NAMESPACE}/yocto/manifest
+  MASTER_BRANCH_MANIFEST: dunfell
+  MASTER_BRANCH_PROJECT: dunfell
+  # We add the recipe name here to resolve the corresponding bitbake recipe. 
+  # Otherwise a very strict repository <-> recipe naming would be required. 
+  # The recipe name is used to modify the correct source version.
+  BB_RECIPE_NAME: xconfig
+
+workflow:
+  rules:
+    # Do not run pipelines on forked projects
+    - if: $CI_PROJECT_PATH == "SECO-Northern-Europe/tools/xconfig"
+        && $CI_MERGE_REQUEST_SOURCE_PROJECT_ID == $CI_MERGE_REQUEST_PROJECT_ID
+
+# ---------------------------------------------------------------------------------------
+# Stage: integrate
+# ---------------------------------------------------------------------------------------
+integrate:
+  stage: integrate
+  rules:
+    # We have to make sure that the pipeline runs for the current manifest
+    # master at the time a merge request is created. Otherwise we cannot
+    # guarantee a green master after merging.
+    - if: $CI_MERGE_REQUEST_IID
+  tags:
+    - infrastructure
+  timeout: 2m
+  cache:
+    policy: push
+  script:
+    - cd ${CI_PROJECT_DIR}
+    - .gitlab-ci/integrate_into_manifest.py
+        --gitlab-url=${CI_SERVER_URL}
+        --token=${GITBOT_TOKEN}
+        --manifest-project=${MANIFEST_PROJECT}
+        --integration-base=${MASTER_BRANCH_MANIFEST}
+        --project=${CI_PROJECT_PATH}
+        --merge-request=${CI_MERGE_REQUEST_IID}
+        --save-revision-to=manifest_revision
+        --recipe-name=${BB_RECIPE_NAME}
+  artifacts:
+    paths:
+      - manifest_revision
+
+# ---------------------------------------------------------------------------------------
+# Stage: merge
+# ---------------------------------------------------------------------------------------
+merge:
+  stage: merge
+  rules:
+    - if: $CI_COMMIT_BRANCH == $MASTER_BRANCH_PROJECT
+  tags:
+    - infrastructure
+  timeout: 3m
+  script:
+    - cd ${CI_PROJECT_DIR}
+    - .gitlab-ci/merge_into_manifest.py
+        --gitlab-url=${CI_SERVER_URL}
+        --token=${GITBOT_TOKEN}
+        --manifest-project=${MANIFEST_PROJECT}
+        --master-branch=${MASTER_BRANCH_MANIFEST}
+        --project=${CI_PROJECT_PATH}
+        --master-branch-project=${MASTER_BRANCH_PROJECT}
+        --commit=${CI_COMMIT_SHA}
+        --save-revision-to=manifest_revision
+        --recipe-name=${BB_RECIPE_NAME}
+  artifacts:
+    paths:
+      - manifest_revision
+
+# ---------------------------------------------------------------------------------------
+# Stage: build
+# ---------------------------------------------------------------------------------------
+build:
+  stage: build
+  rules:
+    - if: $CI_MERGE_REQUEST_IID
+  trigger:
+    project: SECO-Northern-Europe/yocto/manifest
+    branch: "integrate/${CI_PROJECT_NAME}/${CI_COMMIT_REF_NAME}"
+    strategy: depend
+
+# ---------------------------------------------------------------------------------------
+# Stage: check
+# ---------------------------------------------------------------------------------------
+check:
+  stage: check
+  rules:
+    - if: $CI_MERGE_REQUEST_IID
+  needs: ["integrate"]
+  tags:
+    - infrastructure
+  timeout: 2m
+  script:
+    - cd ${CI_PROJECT_DIR}
+    - .gitlab-ci/check_if_integration_branch_is_up_to_date.py
+        --gitlab-url=${CI_SERVER_URL}
+        --token=${GITBOT_TOKEN}
+        --manifest-project=${MANIFEST_PROJECT}
+        --integration-base=${MASTER_BRANCH_MANIFEST}
+        --project=${CI_PROJECT_PATH}
+        --merge-request=${CI_MERGE_REQUEST_IID}
diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..56ac8dd
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule ".gitlab-ci"]
+	path = .gitlab-ci
+	url = ../../yocto/infrastructure/gitlab-ci.git
-- 
GitLab