Skip to content

Enable Sec CI for MR's labelled sec-decomposition

Gregory Havenga requested to merge enable-sec-decomposition-connection-ci into master

What does this MR do and why?

This MR enables CI tests to be executed with a fully separate SEC database for MR's where the pipeline:single-db-sec-connection label is applied. This does not stop the current tests from running, only adds them additionally. This work is in support of sec-decomposition for ensuring we have minimized gaps in tracking outstanding work.

The MR introduces skip_when_sec_conn_enabled(url: '...') which is a thin wrapper around skip_if_database_exists?(:sec) to enable issue tracking of known skips. It also converts many of the previous skips added with Sec Decomposition skip tests for pre-decomposit... (!171707 - merged) for improved tracking.

This is a massive MR, but it largely doing one of two things. Either skipping spec that fails when a Sec database connection is used (which we will then fix in followups) or setting spec to use the Sec database connection by default (usually background migrations) as this is how those migrations will be run once we conduct the decomposition.

Notable exceptions, which I have flagged in the code:

  • Enabling the CI variable to allow this work.
  • No-op'ing a migration that predates the Sec connection and is dev only, so not worth fixing.

Ideally we want to get this approved and merged sooner rather than later, as introduction of new code, usually background migrations, can result in the Sec enabled CI pipelines failing and preventing the merge. Once merged, we can ask users to run the Sec enabled pipelines to avoid introducing more work for us.

Fixes Rollout multi-DB CI testing for gitlab_sec (#493983)

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Lucas Charles

Merge request reports