Review Apps

Review Apps are automatically deployed by each pipeline, both in CE and EE.

How does it work?

  1. On every pipeline during the test stage, the review-deploy job is automatically started.
  2. The review-deploy job:
    1. Waits for the gitlab:assets:compile job to finish since the CNG-mirror pipeline triggerred in the following step depends on it.
    2. Triggers a pipeline in the CNG-mirror project.
      • We use the CNG-mirror project so that the CNG, (Cloud Native GitLab), project’s registry is not overloaded with a lot of transient Docker images.
      • The CNG-mirror pipeline creates the Docker images of each component (e.g. gitlab-rails-ee, gitlab-shell, gitaly etc.) based on the commit from the GitLab pipeline and store them in its registry.
    3. Once all images are built by CNG-mirror, the Review App is deployed using the official GitLab Helm chart to the review-apps-ce / review-apps-ee Kubernetes cluster on GCP.
  3. Once the review-deploy job succeeds, you should be able to use your Review App thanks to the direct link to it from the MR widget. The default username is root and its password can be found in the 1Password secure note named gitlab-{ce,ee} Review App’s root password (note that there’s currently a bug where the default password seems to be overridden).

Additional notes:

  • The Kubernetes cluster is connected to the gitlab-{ce,ee} projects using GitLab’s Kubernetes integration. This basically allows to have a link to the Review App directly from the merge request widget.
  • If the Review App deployment fails, you can simply retry it (there’s no need to run the review-stop job first).
  • The manual review-stop in the test stage can be used to stop a Review App manually, and is also started by GitLab once a branch is deleted.
  • Review Apps are cleaned up regularly using a pipeline schedule that runs the schedule:review-cleanup job.

QA runs

On every pipeline during the test stage, the review-qa-smoke job is automatically started: it runs the smoke QA suite. You can also manually start the review-qa-all: it runs the full QA suite.

Note that both jobs first wait for the review-deploy job to be finished.

How to?

Find my Review App slug?

  1. Open the review-deploy job.
  2. Look for Checking for previous deployment of review-*.
  3. For instance for Checking for previous deployment of review-qa-raise-e-12chm0, your Review App slug would be review-qa-raise-e-12chm0 in this case.

Run a Rails console?

  1. Filter Workloads by your Review App slug , e.g. review-29951-issu-id2qax.
  2. Find and open the task-runner Deployment, e.g. review-29951-issu-id2qax-task-runner.
  3. Click on the Pod in the “Managed pods” section, e.g. review-29951-issu-id2qax-task-runner-d5455cc8-2lsvz.
  4. Click on the KUBECTL dropdown, then Exec -> task-runner.
  5. Replace -c task-runner -- ls with -- /srv/gitlab/bin/rails c from the default command or - Run kubectl exec --namespace review-apps-ce -it review-29951-issu-id2qax-task-runner-d5455cc8-2lsvz -- /srv/gitlab/bin/rails c and - Replace review-apps-ce with review-apps-ee if the Review App is running EE, and - Replace review-29951-issu-id2qax-task-runner-d5455cc8-2lsvz with your Pod’s name.

Dig into a Pod’s logs?

  1. Filter Workloads by your Review App slug , e.g. review-1979-1-mul-dnvlhv.
  2. Find and open the migrations Deployment, e.g. review-1979-1-mul-dnvlhv-migrations.1.
  3. Click on the Pod in the “Managed pods” section, e.g. review-1979-1-mul-dnvlhv-migrations.1-nqwtx.
  4. Click on the Container logs link.

Frequently Asked Questions

Isn’t it too much to trigger CNG image builds on every test run? This creates thousands of unused Docker images.

We have to start somewhere and improve later. Also, we’re using the CNG-mirror project to store these Docker images so that we can just wipe out the registry at some point, and use a new fresh, empty one.

How big are the Kubernetes clusters (review-apps-ce and review-apps-ee)?

The clusters are currently set up with a single pool of preemptible nodes, with a minimum of 1 node and a maximum of 100 nodes.

What are the machine running on the cluster?

We’re currently using n1-standard-4 (4 vCPUs, 15 GB memory) machines.

How do we secure this from abuse? Apps are open to the world so we need to find a way to limit it to only us.

This isn’t enabled for forks.

Return to Testing documentation