Review Apps

Review Apps are automatically deployed by each pipeline, both in CE and EE.

How does it work?

CI/CD architecture diagram

Review Apps CI/CD architecture

Show mermaid source
graph TD
    build-qa-image -.->|once the `prepare` stage is done| gitlab:assets:compile
    review-build-cng -->|triggers a CNG-mirror pipeline and wait for it to be done| CNG-mirror
    review-build-cng -.->|once the `test` stage is done| review-deploy
    review-deploy -.->|once the `review` stage is done| review-qa-smoke

subgraph 1. gitlab-ce/ee `prepare` stage
    build-qa-image
    end

subgraph 2. gitlab-ce/ee `test` stage
    gitlab:assets:compile -->|plays dependent job once done| review-build-cng
    end

subgraph 3. gitlab-ce/ee `review` stage
    review-deploy["review-deploy

Helm deploys the Review App using the Cloud
Native images built by the CNG-mirror pipeline.

Cloud Native images are deployed to the `review-apps-ce` or `review-apps-ee`
Kubernetes (GKE) cluster, in the GCP `gitlab-review-apps` project."] end subgraph 4. gitlab-ce/ee `qa` stage review-qa-smoke[review-qa-smoke

gitlab-qa runs the smoke suite against the Review App.] end subgraph CNG-mirror pipeline CNG-mirror>Cloud Native images are built]; end

Detailed explanation

  1. On every pipeline during the test stage, the gitlab:assets:compile job is automatically started.
    • Once it’s done, it starts the review-build-cng manual job since the CNG-mirror pipeline triggered in the following step depends on it.
  2. The review-build-cng job triggers a pipeline in the CNG-mirror project.
    • The CNG-mirror pipeline creates the Docker images of each component (e.g. gitlab-rails-ee, gitlab-shell, gitaly etc.) based on the commit from the GitLab pipeline and stores them in its registry.
    • We use the CNG-mirror project so that the CNG, (Cloud Native GitLab), project’s registry is not overloaded with a lot of transient Docker images.
    • Note that the official CNG images are built by the cloud-native-image job, which runs only for tags, and triggers itself a CNG pipeline.
  3. Once the test stage is done, the review-deploy job deploys the Review App using the official GitLab Helm chart to the review-apps-ce / review-apps-ee Kubernetes cluster on GCP.
  4. Once the review-deploy job succeeds, you should be able to use your Review App thanks to the direct link to it from the MR widget. To log into the Review App, see “Log into my Review App?” below.

Additional notes:

  • If the review-deploy job keep failing (note that we already retry it twice), please post a message in the #quality channel and/or create a ~Quality ~bug issue with a link to your merge request. Note that the deployment failure can reveal an actual problem introduced in your merge request (i.e. this isn’t necessarily a transient failure)!
  • If the review-qa-smoke job keep failing (note that we already retry it twice), please check the job’s logs: you could discover an actual problem introduced in your merge request. You can also download the artifacts to see screenshots of the page at the time the failures occurred. If you don’t find the cause of the failure or if it seems unrelated to your change, please post a message in the #quality channel and/or create a ~Quality ~bug issue with a link to your merge request.
  • The manual review-stop in the test stage can be used to stop a Review App manually, and is also started by GitLab once a merge request’s branch is deleted after being merged.
  • Review Apps are cleaned up regularly via a pipeline schedule that runs the schedule:review-cleanup job.
  • The Kubernetes cluster is connected to the gitlab-{ce,ee} projects using GitLab’s Kubernetes integration. This basically allows to have a link to the Review App directly from the merge request widget.

QA runs

On every pipeline in the qa stage (which comes after the review stage), the review-qa-smoke job is automatically started and it runs the QA smoke suite.

You can also manually start the review-qa-all: it runs the full QA suite.

Performance Metrics

On every pipeline in the qa stage, the review-performance job is automatically started: this job does basic browser performance testing using a Sitespeed.io Container.

How to:

Log into my Review App

The default username is root and its password can be found in the 1Password secure note named gitlab-{ce,ee} Review App’s root password.

Enable a feature flag for my Review App

  1. Open your Review App and log in as documented above.
  2. Create a personal access token.
  3. Enable the feature flag using the Feature flag API.

Find my Review App slug

  1. Open the review-deploy job.
  2. Look for Checking for previous deployment of review-*.
  3. For instance for Checking for previous deployment of review-qa-raise-e-12chm0, your Review App slug would be review-qa-raise-e-12chm0 in this case.

Run a Rails console

  1. Filter Workloads by your Review App slug , e.g. review-qa-raise-e-12chm0.
  2. Find and open the task-runner Deployment, e.g. review-qa-raise-e-12chm0-task-runner.
  3. Click on the Pod in the “Managed pods” section, e.g. review-qa-raise-e-12chm0-task-runner-d5455cc8-2lsvz.
  4. Click on the KUBECTL dropdown, then Exec -> task-runner.
  5. Replace -c task-runner -- ls with -it -- gitlab-rails console from the default command or
    • Run kubectl exec --namespace review-apps-ce review-qa-raise-e-12chm0-task-runner-d5455cc8-2lsvz -it -- gitlab-rails console and
      • Replace review-apps-ce with review-apps-ee if the Review App is running EE, and
      • Replace review-qa-raise-e-12chm0-task-runner-d5455cc8-2lsvz with your Pod’s name.

Dig into a Pod’s logs

  1. Filter Workloads by your Review App slug, e.g. review-qa-raise-e-12chm0.
  2. Find and open the migrations Deployment, e.g. review-qa-raise-e-12chm0-migrations.1.
  3. Click on the Pod in the “Managed pods” section, e.g. review-qa-raise-e-12chm0-migrations.1-nqwtx.
  4. Click on the Container logs link.

Frequently Asked Questions

Isn’t it too much to trigger CNG image builds on every test run? This creates thousands of unused Docker images.

We have to start somewhere and improve later. Also, we’re using the CNG-mirror project to store these Docker images so that we can just wipe out the registry at some point, and use a new fresh, empty one.

How big are the Kubernetes clusters (review-apps-ce and review-apps-ee)?

The clusters are currently set up with a single pool of preemptible nodes, with a minimum of 1 node and a maximum of 50 nodes.

What are the machine running on the cluster?

We’re currently using n1-standard-16 (16 vCPUs, 60 GB memory) machines.

How do we secure this from abuse? Apps are open to the world so we need to find a way to limit it to only us.

This isn’t enabled for forks.

Other resources


Return to Testing documentation