fdo-mirrors/mesa
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/mesa/mesa.git synced 2025-12-26 02:00:12 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

ci: Fix for GitLab 18.2.2 upgrade
Some checks are pending
macOS-CI / macOS-CI (dri) (push) Waiting to run
Details
macOS-CI / macOS-CI (xlib) (push) Waiting to run
Details

Browse source 
Now the `subject` from S3 id_token JWT refers to the target project when
we are in an MR pipeline, due to this patch [1].
So, let's use workflow variables to help us define where the S3 paths
should be pointing at.

[1] 7e9f329e8f

Signed-off-by: Guilherme Gallo <guilherme.gallo@collabora.com>
Suggested-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/36832>
This commit is contained in:
Guilherme Gallo 2025-08-18 18:26:05 -03:00
parent 9e0991eff5
commit ece0d4f998
11 changed files with 23 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
.gitlab-ci.yml
View file

@ -45,6 +45,7 @@ workflow:
JOB_PRIORITY: 75
# fast-fail in merge pipelines: stop early if we get this many unexpected fails/crashes
DEQP_RUNNER_MAX_FAILS: 40
S3_PROJECT_PATH: ${CI_MERGE_REQUEST_SOURCE_PROJECT_PATH}
# Post-merge pipeline
- if: &is-post-merge $GITLAB_USER_LOGIN == "marge-bot" && $CI_PIPELINE_SOURCE == "push"
variables:
@ -53,6 +54,8 @@ workflow:
FDO_RUNNER_JOB_PRIORITY_TAG_AARCH64: priority:high-aarch64
# Pre-merge pipeline (because merge pipelines are already caught above)
- if: &is-merge-request $CI_PIPELINE_SOURCE == "merge_request_event"
variables:
S3_PROJECT_PATH: ${CI_MERGE_REQUEST_SOURCE_PROJECT_PATH}
# Push to a branch on a fork
- if: &is-push-to-fork $CI_PROJECT_NAMESPACE != "mesa" && $CI_PIPELINE_SOURCE == "push"
# Nightly pipeline
@ -104,8 +107,11 @@ variables:
S3_TRACIE_PRIVATE_BUCKET: mesa-tracie-private
# Base path used for various artifacts
S3_BASE_PATH: "${S3_HOST}/${S3_KERNEL_BUCKET}"
# Since GitLab 18.2.2, the JWT subject for MRs are the target project path
# This can be overridden by the variables in the workflow rules
S3_PROJECT_PATH: ${CI_PROJECT_PATH}
# per-pipeline artifact storage on MinIO
PIPELINE_ARTIFACTS_BASE: ${S3_HOST}/${S3_ARTIFACTS_BUCKET}/${CI_PROJECT_PATH}/${CI_PIPELINE_ID}
PIPELINE_ARTIFACTS_BASE: ${S3_HOST}/${S3_ARTIFACTS_BUCKET}/${S3_PROJECT_PATH}/${CI_PIPELINE_ID}
# per-job artifact storage on MinIO
JOB_ARTIFACTS_BASE: ${PIPELINE_ARTIFACTS_BASE}/${CI_JOB_ID}
# reference images stored for traces

6
.gitlab-ci/conditional-build-image-tags.yml
View file

@ -1,7 +1,7 @@
variables:
CONDITIONAL_BUILD_ANDROID_CTS_TAG: b018634d732f438027ec58c0383615e7
CONDITIONAL_BUILD_ANDROID_CTS_TAG: b0f48de11f870c340c4c4ad4ac2b8f13
CONDITIONAL_BUILD_ANGLE_TAG: 9aaedd74072834a3c553656b6ddc17a7
CONDITIONAL_BUILD_CROSVM_TAG: 4079babd375b09761d59eacb25a0598a
CONDITIONAL_BUILD_FLUSTER_TAG: e13f8521875ebd70e207ec0f6f3d3e5b
CONDITIONAL_BUILD_FLUSTER_TAG: 7c6f5e2af781cd4e39358500c1549541
CONDITIONAL_BUILD_PIGLIT_TAG: 3dec1e03175e4cca1f644435e4e479d5
CONDITIONAL_BUILD_VKD3D_PROTON_TAG: af0d99317a3483526f9b59eac3d88451
CONDITIONAL_BUILD_VKD3D_PROTON_TAG: a1ec19b34712ffc19b496abc6e3cbcc8

2
.gitlab-ci/container/baremetal_build.sh
View file

@ -12,7 +12,7 @@ S3_PATH="https://${S3_HOST}/${S3_KERNEL_BUCKET}"
if curl -L --retry 3 -f --retry-delay 10 -s --head "${S3_PATH}/${FDO_UPSTREAM_REPO}/${LAVA_DISTRIBUTION_TAG}/lava-rootfs.tar.zst"; then
ARTIFACTS_URL="${S3_PATH}/${FDO_UPSTREAM_REPO}/${LAVA_DISTRIBUTION_TAG}"
else
ARTIFACTS_URL="${S3_PATH}/${CI_PROJECT_PATH}/${LAVA_DISTRIBUTION_TAG}"
ARTIFACTS_URL="${S3_PATH}/${S3_PROJECT_PATH}/${LAVA_DISTRIBUTION_TAG}"
fi
curl -L --retry 4 -f --retry-all-errors --retry-delay 60 \

2
.gitlab-ci/container/build-android-cts.sh
View file

@ -61,7 +61,7 @@ else
# the extraction is faster, also LAVA overlays don't support zip compression.
tar --zstd -cf "${CTS_FILENAME}.tar.zst" /android-cts
ci-fairy s3cp --token-file "${S3_JWT_FILE}" "${CTS_FILENAME}.tar.zst" \
"https://${S3_BASE_PATH}/${CI_PROJECT_PATH}/${ARTIFACT_PATH}"
"https://${S3_BASE_PATH}/${S3_PROJECT_PATH}/${ARTIFACT_PATH}"
fi
section_end android-cts

8
.gitlab-ci/container/build-android-x86_64-llvm.sh
View file

@ -9,7 +9,7 @@ set -exu
# If CI vars are not set, assign an empty value, this prevents -u to fail
: "${CI:=}"
: "${CI_PROJECT_PATH:=}"
: "${S3_PROJECT_PATH:=}"
# Early check for required env variables, relies on `set -u`
: "$ANDROID_NDK_VERSION"
@ -26,13 +26,13 @@ if [ -n "$CI" ] && [ ! -s "${S3_JWT_FILE}" ]; then
exit 1
fi
if curl -s -o /dev/null -I -L -f --retry 4 --retry-delay 15 "https://${S3_HOST}/${S3_ANDROID_BUCKET}/${CI_PROJECT_PATH}/${ANDROID_LLVM_ARTIFACT_NAME}.tar.zst"; then
if curl -s -o /dev/null -I -L -f --retry 4 --retry-delay 15 "https://${S3_HOST}/${S3_ANDROID_BUCKET}/${S3_PROJECT_PATH}/${ANDROID_LLVM_ARTIFACT_NAME}.tar.zst"; then
echo "Artifact ${ANDROID_LLVM_ARTIFACT_NAME}.tar.zst already exists, skip re-building."
# Download prebuilt LLVM libraries for Android when they have not changed,
# to save some time
curl -L --retry 4 -f --retry-all-errors --retry-delay 60 \
-o "/${ANDROID_LLVM_ARTIFACT_NAME}.tar.zst" "https://${S3_HOST}/${S3_ANDROID_BUCKET}/${CI_PROJECT_PATH}/${ANDROID_LLVM_ARTIFACT_NAME}.tar.zst"
-o "/${ANDROID_LLVM_ARTIFACT_NAME}.tar.zst" "https://${S3_HOST}/${S3_ANDROID_BUCKET}/${S3_PROJECT_PATH}/${ANDROID_LLVM_ARTIFACT_NAME}.tar.zst"
tar -C / --zstd -xf "/${ANDROID_LLVM_ARTIFACT_NAME}.tar.zst"
rm "/${ANDROID_LLVM_ARTIFACT_NAME}.tar.zst"
@ -114,7 +114,7 @@ tar --zstd -cf "${ANDROID_LLVM_ARTIFACT_NAME}.tar.zst" "$LLVM_INSTALL_PREFIX"
# version does not change, and delete it.
# The file is not deleted for non-CI because it can be useful in local runs.
if [ -n "$CI" ]; then
ci-fairy s3cp --token-file "${S3_JWT_FILE}" "${ANDROID_LLVM_ARTIFACT_NAME}.tar.zst" "https://${S3_HOST}/${S3_ANDROID_BUCKET}/${CI_PROJECT_PATH}/${ANDROID_LLVM_ARTIFACT_NAME}.tar.zst"
ci-fairy s3cp --token-file "${S3_JWT_FILE}" "${ANDROID_LLVM_ARTIFACT_NAME}.tar.zst" "https://${S3_HOST}/${S3_ANDROID_BUCKET}/${S3_PROJECT_PATH}/${ANDROID_LLVM_ARTIFACT_NAME}.tar.zst"
rm "${ANDROID_LLVM_ARTIFACT_NAME}.tar.zst"
fi

2
.gitlab-ci/container/build-fluster.sh
View file

@ -45,7 +45,7 @@ else
# Build fluster vectors archive and upload it
tar --zstd -cf "vectors.tar.zst" fluster/resources/
ci-fairy s3cp --token-file "${S3_JWT_FILE}" "vectors.tar.zst" \
"https://${S3_BASE_PATH}/${CI_PROJECT_PATH}/${ARTIFACT_PATH}"
"https://${S3_BASE_PATH}/${S3_PROJECT_PATH}/${ARTIFACT_PATH}"
mv fluster/ /
fi

2
.gitlab-ci/container/build-vkd3d-proton.sh
View file

@ -57,7 +57,7 @@ else
echo "Uploaded vkd3d-proton not found, reuploading..."
tar --zstd -cf "$VKD3D_PROTON_S3_ARTIFACT" -C / "${VKD3D_PROTON_DST_DIR#/}" "${VKD3D_PROTON_WINE_DIR#/}"
ci-fairy s3cp --token-file "${S3_JWT_FILE}" "$VKD3D_PROTON_S3_ARTIFACT" \
"https://${S3_BASE_PATH}/${CI_PROJECT_PATH}/${ARTIFACT_PATH}"
"https://${S3_BASE_PATH}/${S3_PROJECT_PATH}/${ARTIFACT_PATH}"
rm "$VKD3D_PROTON_S3_ARTIFACT"
fi

2
.gitlab-ci/container/fdo_cntr_export.sh
View file

@ -78,4 +78,4 @@ buildah rm "$container"
curl --fail --retry-connrefused --retry 4 --retry-delay 30 \
--header "Authorization: Bearer $(cat "${S3_JWT_FILE}")" \
-X PUT --form file=@"$ROOTFSTAR" \
"https://${S3_HOST}/${S3_KERNEL_BUCKET}/${CI_PROJECT_PATH}/${CI_JOB_NAME}:${FDO_DISTRIBUTION_TAG}"
"https://${S3_HOST}/${S3_KERNEL_BUCKET}/${S3_PROJECT_PATH}/${CI_JOB_NAME}:${FDO_DISTRIBUTION_TAG}"

4
.gitlab-ci/image-tags.yml
View file

@ -19,10 +19,10 @@ include:
- .gitlab-ci/conditional-build-image-tags.yml
variables:
DEBIAN_BUILD_BASE_TAG: "20250803-noxvfb"
DEBIAN_BUILD_BASE_TAG: "20250818-s3url"
DEBIAN_BUILD_TAG: "20250722-libwayland"
DEBIAN_TEST_BASE_TAG: "20250812-crosvm"
DEBIAN_TEST_BASE_TAG: "20250818-s3url"
DEBIAN_TEST_ANDROID_TAG: "20250805-vkcts"
DEBIAN_TEST_GL_TAG: "20250805-vkcts"
DEBIAN_TEST_VIDEO_TAG: "20250813-vector"

2
.gitlab-ci/piglit/piglit-traces.sh
View file

@ -106,7 +106,7 @@ replay_s3_upload_images() {
__TRACE="${line%-*-*}"
if grep -q "^$__PREFIX/$__TRACE: pass$" ".gitlab-ci/piglit/$PIGLIT_RESULTS.txt.orig"; then
if [ "x$CI_PROJECT_PATH" != "x$FDO_UPSTREAM_REPO" ]; then
if [ "x$S3_PROJECT_PATH" != "x$FDO_UPSTREAM_REPO" ]; then
continue
fi
__S3_PATH="$PIGLIT_REPLAY_REFERENCE_IMAGES_BASE"

2
.gitlab-ci/setup-test-env.sh
View file

@ -300,7 +300,7 @@ function find_s3_project_artifact() {
x_off
local artifact_path="$1"
for project in "${FDO_UPSTREAM_REPO}" "${CI_PROJECT_PATH}"; do
for project in "${FDO_UPSTREAM_REPO}" "${S3_PROJECT_PATH}"; do
local full_path="${FDO_HTTP_CACHE_URI:-}${S3_BASE_PATH}/${project}/${artifact_path}"
if curl-with-retry -s --head "https://${full_path}" >/dev/null; then
echo "https://${full_path}"