Move static environment variables to .gitlab-ci.yml

- Sets `BUILD_ASSETS_IMAGE` to `true` in `.gitlab-ci.yml` (previously
  set to false and overridden to true in the project's variable).
  - There's no need to set it to `false` by default and override it to
    `true` in the project's variable; instead, we can just default to
    `true` in `.gitlab-ci.yml` and override it to `false` in the
    project's variable if needed.
- Changes implementation of `Trigger::CNG#trigger_token` to
  `ENV['BUILD_TRIGGER_TOKEN'] || ENV['CI_JOB_TOKEN']`.
  `ENV['CI_JOB_TOKEN']` will be used used for `cloud-native-image`,
  `ENV['BUILD_TRIGGER_TOKEN']` is set by `review-build-cng`.
- Changes `cache-repo` to cache a shallow clone (and no full clone) by
  default. If the `DISABLE_SHALLOW_REPO_CACHING` variable is set,
  shallow clone caching will be disabled, and full clone caching will
  be enabled instead.
- Sets `DOCS_GITLAB_REPO_SUFFIX` to `ee` in `.gitlab-ci.yml`
  (previously set as a project's variable).
- Sets `REVIEW_APPS_DOMAIN` to `gitlab-review.app` in `.gitlab-ci.yml`.
- Sets `DOCS_REVIEW_APPS_DOMAIN` to `178.62.207.141.nip.io` in `.gitlab-ci.yml`.
- Replaces `REVIEW_APPS_EE_LICENSE` with `REVIEW_APPS_EE_LICENSE_FILE`
  (file variable scoped to the `review/*` environment).
- Sets `RSPEC_FAIL_FAST_ENABLED` to `true` in `.gitlab-ci.yml`
  (previously set to `true` in the project's variable).
  - This can be set to `false` in the project's variable when we want
    to disable RSpec fail-fast.
Signed-off-by: Rémy Coutable <remy@rymai.me>

.gitlab-ci.yml

@@ -57,15 +57,15 @@ variables:
   BUNDLE_INSTALL_FLAGS: "--jobs=$(nproc) --retry=3 --quiet"
   # we override the max_old_space_size to prevent OOM errors
   NODE_OPTIONS: --max_old_space_size=3584
-  SIMPLECOV: "true"
   GIT_DEPTH: "20"
   GIT_SUBMODULE_STRATEGY: "none"
   GET_SOURCES_ATTEMPTS: "3"
+
   KNAPSACK_RSPEC_SUITE_REPORT_PATH: knapsack/report-master.json
   FLAKY_RSPEC_SUITE_REPORT_PATH: rspec_flaky/report-suite.json
   RSPEC_TESTS_MAPPING_PATH: crystalball/mapping.json
   RSPEC_PACKED_TESTS_MAPPING_PATH: crystalball/packed-mapping.json
-  BUILD_ASSETS_IMAGE: "false"
+
   ES_JAVA_OPTS: "-Xms256m -Xmx256m"
   ELASTIC_URL: "http://elastic:changeme@elasticsearch:9200"
   DOCKER_VERSION: "20.10.1"
@@ -73,6 +73,17 @@ variables:
   CHECK_PRECOMPILED_ASSETS: "true"
   FF_USE_FASTZIP: "true"
 
+  DOCS_REVIEW_APPS_DOMAIN: "178.62.207.141.nip.io"
+  DOCS_GITLAB_REPO_SUFFIX: "ee"
+
+  REVIEW_APPS_DOMAIN: "gitlab-review.app"
+  REVIEW_APPS_GCP_PROJECT: "gitlab-review-apps"
+  REVIEW_APPS_GCP_REGION: "us-central1"
+
+  BUILD_ASSETS_IMAGE: "true"  # Set it to "false" to disable assets image building, used in `build-assets-image`
+  RSPEC_FAIL_FAST_ENABLED: "true"  # Set it to "false" to disable RSpec fail-fast
+  SIMPLECOV: "true"
+
   # Preparing custom clone path to reduce space used by all random forks
   # on GitLab.com's Shared Runners. Our main forks - especially the security
   # ones - will have this variable overwritten in the project settings, so that

.gitlab/ci/cache-repo.gitlab-ci.yml

@@ -28,9 +28,9 @@ cache-repo:
   before_script:
     - '[ -z "$CI_REPO_CACHE_CREDENTIALS" ] || gcloud auth activate-service-account --key-file=$CI_REPO_CACHE_CREDENTIALS'
   script:
-    # Enable shallow repo caching only if the $ENABLE_SHALLOW_REPO_CACHING variable exists
+    # Enable shallow repo caching unless the $DISABLE_SHALLOW_REPO_CACHING variable exists (in the case the shallow clone caching isn't working well)
     # The `git repack` call works around a Git bug with shallow clones: https://gitlab.com/gitlab-org/git/-/issues/86
-    - if [ -n "$ENABLE_SHALLOW_REPO_CACHING" ]; then
+    - if [ -z "$DISABLE_SHALLOW_REPO_CACHING" ]; then
         cd .. && rm -rf $CI_PROJECT_NAME;
         today=$(date +%Y-%m-%d);
         year=$(date +%Y);
@@ -47,8 +47,8 @@ cache-repo:
         time gzip /tmp/$SHALLOW_CLONE_TAR_FILENAME;
         [ -z "$CI_REPO_CACHE_CREDENTIALS" ] || (echo "Uploading /tmp/$SHALLOW_CLONE_TAR_FILENAME.gz to GCloud." && time gsutil cp /tmp/$SHALLOW_CLONE_TAR_FILENAME.gz gs://gitlab-ci-git-repo-cache/project-$CI_PROJECT_ID/$SHALLOW_CLONE_TAR_FILENAME.gz);
       fi
-    # By default, we want to cache the full repo, unless the $DISABLE_FULL_REPO_CACHING variable exists (in the case the shallow clone caching is working well)
-    - if [ -z "$DISABLE_FULL_REPO_CACHING" ]; then
+    # Disable the full repo caching unless the $DISABLE_SHALLOW_REPO_CACHING variable exists (in the case the shallow clone caching isn't working well)
+    - if [ -n "$DISABLE_SHALLOW_REPO_CACHING" ]; then
         cd .. && rm -rf $CI_PROJECT_NAME;
         echo "Cloning $CI_REPOSITORY_URL into $CI_PROJECT_NAME.";
         time git clone --progress $CI_REPOSITORY_URL $CI_PROJECT_NAME;

.gitlab/ci/cng.gitlab-ci.yml

@@ -7,4 +7,4 @@ cloud-native-image:
     GIT_DEPTH: "1"
   script:
     - install_gitlab_gem
-    - CNG_PROJECT_PATH="gitlab-org/build/CNG" BUILD_TRIGGER_TOKEN=$CI_JOB_TOKEN ./scripts/trigger-build cng
+    - CNG_PROJECT_PATH="gitlab-org/build/CNG" ./scripts/trigger-build cng

.gitlab/ci/review.gitlab-ci.yml

@@ -34,7 +34,7 @@ review-build-cng:
     - job: compile-production-assets
       artifacts: false
   script:
-    - BUILD_TRIGGER_TOKEN=$REVIEW_APPS_BUILD_TRIGGER_TOKEN ./scripts/trigger-build cng
+    - ./scripts/trigger-build cng
 
 .review-workflow-base:
   extends:
@@ -42,7 +42,6 @@ review-build-cng:
   image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-helm3-kubectl1.14
   variables:
     HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}"
-    REVIEW_APPS_DOMAIN: "temp.gitlab-review.app"  # FIXME: using temporary domain
     DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}"
     GITLAB_HELM_CHART_REF: "v4.6.3"
   environment:

scripts/review_apps/review-apps.sh

@@ -261,15 +261,14 @@ function create_application_secret() {
     echoinfo "The 'shared-gitlab-initial-root-password' secret already exists in the ${namespace} namespace."
   fi
 
-  if [ -z "${REVIEW_APPS_EE_LICENSE}" ]; then echo "License not found" && return; fi
+  if [ -z "${REVIEW_APPS_EE_LICENSE_FILE}" ]; then echo "License not found" && return; fi
 
   gitlab_license_shared_secret=$(kubectl get secret --namespace ${namespace} --no-headers -o=custom-columns=NAME:.metadata.name shared-gitlab-license | tail -n 1)
   if [[ "${gitlab_license_shared_secret}" == "" ]]; then
     echoinfo "Creating the 'shared-gitlab-license' secret in the ${namespace} namespace..." true
-    echo "${REVIEW_APPS_EE_LICENSE}" > /tmp/license.gitlab
     kubectl create secret generic --namespace "${namespace}" \
       "shared-gitlab-license" \
-      --from-file=license=/tmp/license.gitlab \
+      --from-file=license="${REVIEW_APPS_EE_LICENSE_FILE}" \
       --dry-run -o json | kubectl apply -f -
   else
     echoinfo "The 'shared-gitlab-license' secret already exists in the ${namespace} namespace."
@@ -359,7 +358,7 @@ HELM_CMD=$(cat << EOF
 EOF
 )
 
-if [ -n "${REVIEW_APPS_EE_LICENSE}" ]; then
+if [ -n "${REVIEW_APPS_EE_LICENSE_FILE}" ]; then
 HELM_CMD=$(cat << EOF
   ${HELM_CMD} \
   --set global.gitlab.license.secret="shared-gitlab-license"

scripts/trigger-build

@@ -172,7 +172,7 @@ module Trigger
     end
 
     def trigger_token
-      ENV['BUILD_TRIGGER_TOKEN']
+      ENV['CI_JOB_TOKEN']
     end
 
     def extra_variables