From 83784ba7149909defb24a8e7402e96fc30e12832 Mon Sep 17 00:00:00 2001
From: Quentin Duchemin <quentinduchemin@tuta.io>
Date: Thu, 28 May 2020 22:09:43 +0200
Subject: [PATCH] [CI] Remove absolute bullshit set-variables step

More seriously, this step was useful once upon a time because it also used to build the base image for each commit. Now that we have pica-ci-base, this step was only useful to determine what folder have been modified and export some environement variable in a cached file. But Gitlab has race conditions with cache and it will randomly fail, annoying the users of the CI. We will execute the script to set these environment variables at each step of the CI, with a really minimal overhead.
---
 .gitlab-ci.yml                                | 28 ++++++-------------
 ...-image.sh => image_modified_last_commit.sh |  0
 2 files changed, 8 insertions(+), 20 deletions(-)
 rename get-modified-image.sh => image_modified_last_commit.sh (100%)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 747e0c74..f3e55f6a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -21,12 +21,14 @@ stages:
   - push
 
 # Hidden key meant to be included in other jobs, for factorization
+# Login to registry and pull built image
 .pull-modified-image: &pull-modified-image
   image: $REGISTRY_PROD/pica-ci-base
   tags: [build]
   before_script:
-    - echo $REGISTRY_PASSWORD | docker login $REGISTRY -u $REGISTRY_USERNAME --password-stdin
+    - sh image_modified_last_commit.sh
     - source variables
+    - echo $REGISTRY_PASSWORD | docker login $REGISTRY -u $REGISTRY_USERNAME --password-stdin
     - docker pull $MODIFIED_IMAGE_FULL_TEST
 
 # Build the base image used for all further steps : this is done only when pica-ci's Dockerfile is modified
@@ -48,33 +50,16 @@ pica-ci-base:
       allow_failure: true
     - when: never
 
-# Create a file a few environment variables added (which Dockerfile has been modified, the complete name of the image...)
-# The file will be an artifact shared with further steps
-set-variables:
-  stage: ci-base
-  tags: [build]
-  image: $REGISTRY_PROD/pica-ci-base
-  script:
-    - chmod +x ./get-modified-image.sh
-    - ./get-modified-image.sh
-  # If there are changes in any of the files and folders of 'pica-*' or
-  # 'meta-*', then propose a manual build
-  rules:
-    - changes:
-      - "pica-*/**"
-      when: always
-      allow_failure: true
-    - when: never
-
 # Build the image that was modified
 build:
   stage: build
   tags: [build]
   image: $REGISTRY_PROD/pica-ci-base
   before_script:
+    - sh image_modified_last_commit.sh
+    - source variables
     # First login on the production registry, in case the image is based on another registry image
     - echo $REGISTRY_PROD_PASSWORD | docker login $REGISTRY_PROD -u $REGISTRY_PROD_USERNAME --password-stdin
-    - source variables
   script:
     # Build the image
     - docker build -f $MODIFIED_IMAGE/Dockerfile $MODIFIED_IMAGE -t $MODIFIED_IMAGE_FULL_TEST
@@ -159,7 +144,9 @@ docker-bench-security:
       - "meta-*/**"
       when: manual
       allow_failure: true
+    - when: never
 
+    
 # Push the generated image on the production registry,
 # once it passed all security tests and has been successfully built
 # and run on the test virtual machine
@@ -178,3 +165,4 @@ push-prod:
       changes:
       - "pica-*/**"
       when: manual
+    - when: never
diff --git a/get-modified-image.sh b/image_modified_last_commit.sh
similarity index 100%
rename from get-modified-image.sh
rename to image_modified_last_commit.sh
-- 
GitLab