gitlab ci: release fixes and improvements (#37601)

* gitlab ci: release fixes and improvements - use rules to reduce boilerplate in .gitlab-ci.yml - support copy-only pipeline jobs - make pipelines for release branches rebuild everything - make pipelines for protected tags copy-only * gitlab ci: remove url changes used in testing * gitlab ci: tag mirrors need public key Make sure that mirrors associated with release branches and tags contain the public key needed to verify the signed binaries. This also ensures that when stack-specific mirror contents are copied to the root, the root mirror has the public key as well. * review: be more specific about tags, curl flags * Make the check in ci.yaml consistent with the .gitlab-ci.yml --------- Co-authored-by: Ryan Krattiger <ryan.krattiger@kitware.com>
2023-05-12 14:22:42 -06:00
parent 4e5fb62679
commit c08be95d5e
4 changed files with 218 additions and 464 deletions
--- a/share/spack/gitlab/cloud_pipelines/configs/ci.yaml
+++ b/share/spack/gitlab/cloud_pipelines/configs/ci.yaml
@@ -36,6 +36,34 @@ ci:
        - aws s3 sync --exclude "*" --include "*spec.json.sig*" /tmp ${SPACK_REMOTE_MIRROR_OVERRIDE}/build_cache
        - aws s3 cp /tmp/public_keys ${SPACK_REMOTE_MIRROR_OVERRIDE}/build_cache/_pgp --recursive --exclude "*" --include "*.pub"

+  - copy-job:
+      tags: ["service", "x86_64"]
+      image: "ghcr.io/spack/python-aws-bash:0.0.1"
+      before_script:
+      - - if [[ $CI_COMMIT_TAG == "v"* ]]; then export SPACK_REPLACE_VERSION=$(echo "$CI_COMMIT_TAG" | sed 's/\(v[[:digit:]]\+\.[[:digit:]]\+\).*/releases\/\1/'); fi
+        - if [[ $CI_COMMIT_TAG == "develop-"* ]]; then export SPACK_REPLACE_VERSION=develop; fi
+        - export SPACK_BUILDCACHE_SOURCE=${SPACK_SOURCE_MIRROR//SPACK_REPLACE_VERSION/${SPACK_REPLACE_VERSION}}
+      script:
+      - - cd ${SPACK_CONCRETE_ENV_DIR}
+        - spack env activate --without-view .
+        - echo Copying environment specs from ${SRC_MIRROR} to ${SPACK_BUILDCACHE_DESTINATION}
+        - spack buildcache sync "${SPACK_BUILDCACHE_SOURCE}" "${SPACK_BUILDCACHE_DESTINATION}"
+        - curl -fLsS https://spack.github.io/keys/spack-public-binary-key.pub -o /tmp/spack-public-binary-key.pub
+        - aws s3 cp /tmp/spack-public-binary-key.pub "${SPACK_BUILDCACHE_DESTINATION}/build_cache/_pgp/spack-public-binary-key.pub"
+        - spack buildcache update-index --keys "${SPACK_BUILDCACHE_DESTINATION}"
+      when: "always"
+      retry:
+        max: 2
+        when:
+        - "runner_system_failure"
+        - "stuck_or_timeout_failure"
+        - "script_failure"
+      interruptible: true
+      variables:
+        CI_JOB_SIZE: "medium"
+        KUBERNETES_CPU_REQUEST: "4000m"
+        KUBERNETES_MEMORY_REQUEST: "16G"
+
  - reindex-job:
      tags: ["service"]
      variables: