gitlab-qa 7.24.6 → 7.26.0

data/bin/notify_upstream

@@ -0,0 +1,98 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'gitlab'
+
+# Default to "Multi-pipeline (from 'gitlab-org/gitlab-qa' 'notify_upstream:*' jobs)" from current project
+api_token = ENV.fetch('GITLAB_QA_PROJECT_ACCESS_TOKEN') do
+  puts "The $GITLAB_BOT_MULTI_PROJECT_PIPELINE_POLLING_TOKEN variable is deprecated in favor of a dedicated project access token: $GITLAB_QA_PROJECT_ACCESS_TOKEN."
+  puts "See https://gitlab.com/groups/gitlab-org/quality/-/epics/17 for more details."
+  ENV['GITLAB_BOT_MULTI_PROJECT_PIPELINE_POLLING_TOKEN']
+end
+
+# Configure credentials to be used with gitlab gem
+Gitlab.configure do |config|
+  config.endpoint = 'https://gitlab.com/api/v4'
+  config.private_token = api_token
+end
+
+class CommitComment
+  UPSTREAM_COMMENT = <<~COMMENT
+    - The [`gitlab-qa-mirror` downstream pipeline](%<pipeline_url>s) for https://gitlab.com/%<project_path>s/-/merge_requests/%<mr_iid>s/diffs?commit_id=%<commit_sha>s %<status_with_icon>s
+  COMMENT
+  IDENTIFIABLE_NOTE_TAG = 'gitlab-qa:upstream-notification-note'
+
+  def self.mr?
+    ENV.key?('TOP_UPSTREAM_SOURCE_PROJECT') &&
+      ENV.key?('TOP_UPSTREAM_MERGE_REQUEST_IID') &&
+      ENV.key?('TOP_UPSTREAM_SOURCE_SHA') &&
+      !ENV['TOP_UPSTREAM_SOURCE_PROJECT'].to_s.empty? &&
+      !ENV['TOP_UPSTREAM_MERGE_REQUEST_IID'].to_s.empty? &&
+      !ENV['TOP_UPSTREAM_SOURCE_SHA'].to_s.empty?
+  end
+
+  def self.post!(status)
+    unless mr?
+      puts "All the 'TOP_UPSTREAM_SOURCE_PROJECT', 'TOP_UPSTREAM_MERGE_REQUEST_IID', and 'TOP_UPSTREAM_SOURCE_SHA' environment variables need to be present. We cannot post a comment on the upstream merge request."
+      return
+    end
+
+    # Look for an existing note
+    upstream_notification_note = Gitlab.merge_request_notes(project_path, mr_iid).auto_paginate.find do |note|
+      note.body.include?(IDENTIFIABLE_NOTE_TAG)
+    end
+
+    if upstream_notification_note
+      Gitlab.edit_merge_request_note(project_path, mr_iid, upstream_notification_note.id, [upstream_notification_note.body, build_comment(status)].join("\n"))
+    else
+      Gitlab.create_merge_request_comment(project_path, mr_iid, "<!-- #{IDENTIFIABLE_NOTE_TAG} -->\n#{build_comment(status)}")
+    end
+  rescue Gitlab::Error::Error => error
+    puts "Ignoring the following error: #{error}"
+  end
+
+  def self.project_path
+    ENV['TOP_UPSTREAM_SOURCE_PROJECT']
+  end
+
+  def self.mr_iid
+    ENV['TOP_UPSTREAM_MERGE_REQUEST_IID']
+  end
+
+  def self.pipeline_url
+    ENV['CI_PIPELINE_URL']
+  end
+
+  def self.commit_sha
+    ENV['TOP_UPSTREAM_SOURCE_SHA']
+  end
+
+  def self.build_comment(status)
+    format(UPSTREAM_COMMENT,
+      project_path: project_path,
+      mr_iid: mr_iid,
+      pipeline_url: pipeline_url,
+      status_with_icon: status_with_icon(status),
+      commit_sha: commit_sha
+    )
+  end
+
+  def self.status_with_icon(status)
+    case status
+    when :success
+      "passed. :white_check_mark:"
+    when :failure
+      "failed! :boom:"
+    end
+  end
+
+  def self.post_to_mr(project_id, mr_iid, comment)
+    Gitlab.create_merge_request_comment(project_id, mr_iid, comment)
+  end
+end
+
+status = ARGV.shift.to_s.strip
+
+abort "Please provide a status!" if status == ''
+
+CommitComment.post!(status.to_sym)

data/docs/what_tests_can_be_run.md

@@ -818,6 +818,21 @@ $ export GITLAB_PASSWORD="$GITLAB_QA_PASSWORD"
 $ gitlab-qa Test::Instance::StagingGeo
 ```
 
+### `Test::Instance::StagingRefGeo`
+
+This scenario tests that the Geo staging deployment (with [`staging-ref.gitlab.com`](https://staging-ref.gitlab.com) as the primary site and [`geo.staging-ref.gitlab.com`](https://geo.staging-ref.gitlab.com) as the secondary site) works as expected by running tests tagged `:geo` against it. This is done by spinning up a GitLab QA (`gitlab/gitlab-qa`) container and running the `QA::EE::Scenario::Test::Geo` scenario. Note that the Geo setup steps in the `QA::EE::Scenario::Test::Geo` scenario are skipped when testing a live Geo deployment.
+
+Scenario requirements are the same as [`Test::Instance::StagingGeo`](#testinstancestaginggeo) described above.
+
+```
+$ export GITLAB_QA_ACCESS_TOKEN=your_api_access_token
+$ export GITLAB_QA_DEV_ACCESS_TOKEN=your_dev_registry_access_token
+$ export GITLAB_USERNAME="gitlab-qa"
+$ export GITLAB_PASSWORD="$GITLAB_QA_PASSWORD"
+
+$ gitlab-qa Test::Instance::StagingRefGeo
+```
+
 ### `Test::Instance::Production`
 
 This scenario functions the same as `Test::Instance::Staging`

data/lib/gitlab/qa/component/base.rb

@@ -124,7 +124,6 @@ module Gitlab
 
           return unless docker.running?(name)
 
-          docker.stop(name)
           docker.remove(name)
         end
 

data/lib/gitlab/qa/component/gitlab.rb

@@ -1,10 +1,12 @@
 # frozen_string_literal: true
+# rubocop:disable Metrics/AbcSize
 
 require 'securerandom'
 require 'net/http'
 require 'uri'
 require 'forwardable'
 require 'openssl'
+require 'tempfile'
 
 module Gitlab
   module QA
@@ -13,15 +15,17 @@ module Gitlab
         extend Forwardable
 
         attr_reader :release, :omnibus_configuration, :omnibus_gitlab_rails_env
-        attr_accessor :tls, :skip_availability_check, :runner_network
+        attr_accessor :tls, :skip_availability_check, :runner_network, :seed_admin_token, :seed_db
         attr_writer :name, :relative_path
 
         def_delegators :release, :tag, :image, :edition
 
         CERTIFICATES_PATH = File.expand_path('../../../../tls_certificates', __dir__)
+        DATA_SEED_PATH = File.expand_path('../../../../support/data', __dir__)
 
         SSL_PATH = '/etc/gitlab/ssl'
         TRUSTED_PATH = '/etc/gitlab/trusted-certs'
+        DATA_PATH = '/tmp/data-seeds'
 
         def initialize
           super
@@ -39,6 +43,9 @@ module Gitlab
           @volumes[@gitlab_cert_path] = SSL_PATH
           @volumes[@authority_cert_path] = TRUSTED_PATH
 
+          @seed_admin_token = Runtime::Scenario.seed_admin_token
+          @seed_db = Runtime::Scenario.seed_db
+
           self.release = 'CE'
         end
 
@@ -166,6 +173,16 @@ module Gitlab
           end
         end
 
+        def process_exec_commands
+          @docker.copy(name, DATA_SEED_PATH, DATA_PATH) if seed_admin_token || seed_db
+
+          self.exec_commands += seed_admin_token_command if seed_admin_token
+          self.exec_commands += seed_test_data_command if seed_db
+
+          Runtime::Logger.info("Running exec_commands...")
+          exec_commands.flatten.uniq.each { |command| @docker.exec(name, command) }
+        end
+
         def sha_version
           json = @docker.read_file(
             @release.image, @release.tag,
@@ -176,6 +193,19 @@ module Gitlab
           manifest['software']['gitlab-rails']['locked_version']
         end
 
+        def copy_key_file(env_key)
+          key_dir = ENV['CI_PROJECT_DIR'] || Dir.tmpdir
+          key_file = Tempfile.new(env_key.downcase, key_dir)
+          key_file.write(ENV.fetch(env_key))
+          key_file.close
+
+          File.chmod(0o744, key_file.path)
+
+          @volumes[key_file.path] = key_file.path
+
+          key_file.path
+        end
+
         private
 
         # Copy certs to a temporary directory in current working directory.
@@ -196,6 +226,22 @@ module Gitlab
           end
         end
 
+        def seed_test_data_command
+          cmd = []
+
+          Runtime::Scenario.seed_db.each do |file_patterns|
+            Dir["#{DATA_SEED_PATH}/#{file_patterns}"].map { |f| File.basename f }.each do |file|
+              cmd << "gitlab-rails runner #{DATA_PATH}/#{file}"
+            end
+          end
+
+          cmd.uniq
+        end
+
+        def seed_admin_token_command
+          ["gitlab-rails runner #{DATA_PATH}/admin_access_token_seed.rb"]
+        end
+
         class Availability
           def initialize(name, relative_path: '', scheme: 'http', protocol_port: 80)
             @docker = Docker::Engine.new
@@ -241,3 +287,4 @@ module Gitlab
     end
   end
 end
+# rubocop:enable Metrics/AbcSize

data/lib/gitlab/qa/component/staging_ref.rb

@@ -3,6 +3,7 @@ module Gitlab
     module Component
       class StagingRef < Staging
         ADDRESS = 'https://staging-ref.gitlab.com'.freeze
+        GEO_SECONDARY_ADDRESS = 'https://geo.staging-ref.gitlab.com'.freeze
       end
     end
   end

data/lib/gitlab/qa/docker/engine.rb

@@ -76,6 +76,10 @@ module Gitlab
           Docker::Command.execute("attach --sig-proxy=false #{name}", &block)
         end
 
+        def copy(name, src_path, dest_path)
+          Docker::Command.execute("cp #{src_path} #{name}:#{dest_path}")
+        end
+
         def restart(name)
           Docker::Command.execute("restart #{name}")
         end

data/lib/gitlab/qa/release.rb

@@ -147,7 +147,7 @@ module Gitlab
             registry: DEV_REGISTRY
           }
         elsif omnibus_mirror?
-          username, password = if Runtime::Env.ci_job_token && Runtime::Env.ci_pipeline_source == 'pipeline'
+          username, password = if Runtime::Env.ci_job_token && Runtime::Env.ci_pipeline_source.include?('pipeline')
                                  ['gitlab-ci-token', Runtime::Env.ci_job_token]
                                elsif Runtime::Env.qa_container_registry_access_token
                                  [Runtime::Env.gitlab_username, Runtime::Env.qa_container_registry_access_token]

data/lib/gitlab/qa/report/gitlab_issue_client.rb

@@ -101,6 +101,18 @@ module Gitlab
           end
         end
 
+        def upload_file(file_fullpath:)
+          ignore_gitlab_client_exceptions do
+            Gitlab.upload_file(project, file_fullpath)
+          end
+        end
+
+        def ignore_gitlab_client_exceptions
+          yield
+        rescue StandardError, SystemCallError, OpenSSL::SSL::SSLError, Net::OpenTimeout, Net::ReadTimeout, Gitlab::Error::Error => e
+          puts "Ignoring the following error: #{e}"
+        end
+
         def handle_gitlab_client_exceptions
           yield
         rescue Gitlab::Error::NotFound

data/lib/gitlab/qa/report/relate_failure_issue.rb

@@ -47,7 +47,7 @@ module Gitlab
           puts "  => Searching issues for test '#{test.name}'..."
 
           begin
-            issue = find_and_link_issue(test) || create_issue(test)
+            issue = test.quarantine? ? find_and_link_issue(test) : find_and_link_issue(test) || create_issue(test)
             return unless issue
 
             update_labels(issue, test)
@@ -72,6 +72,8 @@ module Gitlab
           issue = super
           puts "for test '#{test.name}'."
 
+          post_or_update_failed_job_note(issue, test)
+
           issue
         end
 
@@ -158,7 +160,8 @@ module Gitlab
             "\n\n### Stack trace",
             "```\n#{test.failures.first['message_lines'].join("\n")}\n```",
             "First happened in #{test.ci_job_url}.",
-            "Related test case: #{test.testcase}."
+            "Related test case: #{test.testcase}.",
+            screenshot_section(test)
           ].join("\n\n")
         end
 
@@ -194,6 +197,18 @@ module Gitlab
 
           false
         end
+
+        def screenshot_section(test)
+          section = ''
+
+          if test.screenshot? && !test.failures.first['message'].include?('500 Internal Server Error')
+            relative_url = gitlab.upload_file(file_fullpath: test.failure_screenshot)
+
+            section = "### Screenshot: #{relative_url.markdown}"
+          end
+
+          section
+        end
       end
     end
   end

data/lib/gitlab/qa/report/test_result.rb

@@ -95,6 +95,14 @@ module Gitlab
             report['quarantine']['issue'] if quarantine?
           end
 
+          def screenshot?
+            report['screenshot'].present?
+          end
+
+          def failure_screenshot
+            report['screenshot']['image'] if screenshot?
+          end
+
           private
 
           # rubocop:disable Metrics/AbcSize

data/lib/gitlab/qa/report/update_screenshot_path.rb

@@ -1,4 +1,6 @@
 require 'nokogiri'
+require 'json'
+require 'active_support/core_ext/object/blank'
 
 module Gitlab
   module QA
@@ -9,30 +11,50 @@ module Gitlab
         end
 
         REGEX = %r{(?<gitlab_qa_run>gitlab-qa-run-.*?(?=\/))\/(?<gitlab_ce_ee_qa>gitlab-(ee|ce)-qa-.*?(?=\/))}
+        CONTAINER_PATH = File.join(Docker::Volumes::QA_CONTAINER_WORKDIR, 'tmp').freeze
 
         def invoke!
           Dir.glob(@files).each do |rspec_report_file|
-            report = rewrite_each_screenshot_path(rspec_report_file)
+            match_data = rspec_report_file.match(REGEX)
+            artifact_path = "#{match_data[:gitlab_qa_run]}/#{match_data[:gitlab_ce_ee_qa]}"
 
-            File.write(rspec_report_file, report)
+            xml_report = rewrite_each_xml_screenshot_path(rspec_report_file, artifact_path)
+
+            File.write(rspec_report_file, xml_report)
 
             puts "Saved #{rspec_report_file}"
+
+            json_rspec_report_file = rspec_report_file.gsub('.xml', '.json')
+            json_report = rewrite_each_json_screenshot_path(json_rspec_report_file, artifact_path)
+
+            File.write(json_rspec_report_file, json_report)
+
+            puts "Saved #{json_rspec_report_file}"
           end
         end
 
         private
 
-        def rewrite_each_screenshot_path(rspec_report_file)
+        def rewrite_each_xml_screenshot_path(rspec_report_file, artifact_path)
           report = Nokogiri::XML(File.open(rspec_report_file))
 
-          match_data = rspec_report_file.match(REGEX)
-
           report.xpath('//system-out').each do |system_out|
-            system_out.content = system_out.content.gsub(File.join(Docker::Volumes::QA_CONTAINER_WORKDIR, 'tmp'), "#{match_data[:gitlab_qa_run]}/#{match_data[:gitlab_ce_ee_qa]}")
+            system_out.content = system_out.content.gsub(CONTAINER_PATH, artifact_path)
           end
 
           report.to_s
         end
+
+        def rewrite_each_json_screenshot_path(json_rspec_report_file, artifact_path)
+          report = JSON.parse(File.read(json_rspec_report_file))
+          examples = report['examples']
+
+          examples.each do |example|
+            example['screenshot']['image'] = example['screenshot']['image'].gsub(CONTAINER_PATH, artifact_path) if example['screenshot'].present?
+          end
+
+          JSON.pretty_generate(report)
+        end
       end
     end
   end

data/lib/gitlab/qa/runner.rb

@@ -12,9 +12,13 @@ module Gitlab
         Runtime::Scenario.define(:run_tests, true)
         Runtime::Scenario.define(:qa_image, Runtime::Env.qa_image) if Runtime::Env.qa_image
         Runtime::Scenario.define(:omnibus_configuration, Runtime::OmnibusConfiguration.new)
+        Runtime::Scenario.define(:seed_db, false)
+        Runtime::Scenario.define(:seed_admin_token, true) # Create an admin access token for root user by default
+        Runtime::Scenario.define(:omnibus_exec_commands, [])
 
         # Omnibus Configurators specified by flags
         @active_configurators = []
+        @seed_scripts = []
         @omnibus_configurations = %w[default] # always load default configuration
 
         @options = OptionParser.new do |opts|
@@ -29,6 +33,10 @@ module Gitlab
             Runtime::Scenario.define(:teardown, false)
           end
 
+          opts.on('--no-admin-token', 'Skip admin token creation for root user') do
+            Runtime::Scenario.define(:seed_admin_token, false)
+          end
+
           opts.on('--qa-image QA_IMAGE', String, 'Specifies a QA image to be used instead of inferring it from the GitLab image. See Gitlab::QA::Release#qa_image') do |value|
             Runtime::Scenario.define(:qa_image, value)
           end
@@ -45,6 +53,14 @@ module Gitlab
             end
           end
 
+          opts.on('--seed-db search_pattern1[,search_pattern2,...]', 'Seed application database with sample test data') do |file_pattern|
+            file_pattern.split(',').each do |pattern|
+              @seed_scripts << pattern
+            end
+
+            Runtime::Scenario.define(:seed_db, @seed_scripts)
+          end
+
           opts.on_tail('-h', '--help', 'Show the usage') do
             puts opts
             exit
@@ -125,6 +141,7 @@ module Gitlab
             # # Runtime::OmnibusConfiguration::Packages
             # gitlab_rails['packages_enabled'] = true
             Runtime::Scenario.omnibus_configuration << "# #{configurator.class.name}"
+            Runtime::Scenario.omnibus_exec_commands << configurator.exec_commands
 
             # Load the configuration
             configurator.configuration.split("\n").each { |c| Runtime::Scenario.omnibus_configuration << c }

data/lib/gitlab/qa/runtime/env.rb

@@ -127,6 +127,11 @@ module Gitlab
           'GOOGLE_PROJECT' => :google_project,
           'GOOGLE_CLIENT_EMAIL' => :google_client_email,
           'GOOGLE_JSON_KEY' => :google_json_key,
+          'GOOGLE_CDN_JSON_KEY' => :google_cdn_json_key,
+          'GOOGLE_CDN_LB' => :google_cdn_load_balancer,
+          'GOOGLE_CDN_SIGNURL_KEY' => :google_cdn_signurl_key,
+          'GOOGLE_CDN_SIGNURL_KEY_NAME' => :google_cdn_signurl_key_name,
+          'GCS_CDN_BUCKET_NAME' => :gcs_cdn_bucket_name,
           'GCS_BUCKET_NAME' => :gcs_bucket_name,
           'SMOKE_ONLY' => :smoke_only,
           'NO_ADMIN' => :no_admin,
@@ -212,7 +217,7 @@ module Gitlab
         end
 
         def elastic_version
-          env_var_value_if_defined('ELASTIC_VERSION') || '6.4.2'.freeze
+          env_var_value_if_defined('ELASTIC_VERSION') || '7.17.0'.freeze
         end
 
         def require_license!
@@ -275,6 +280,14 @@ module Gitlab
           end
         end
 
+        def require_gcs_with_cdn_environment!
+          %w[GOOGLE_CDN_JSON_KEY GCS_CDN_BUCKET_NAME GOOGLE_CDN_LB GOOGLE_CDN_SIGNURL_KEY GOOGLE_CDN_SIGNURL_KEY_NAME].each do |env_key|
+            unless ENV.key?(env_key)
+              raise ArgumentError, "Environment variable #{env_key} must be set to run GCS with CDN enabled scenario"
+            end
+          end
+        end
+
         def require_initial_password!
           return unless env_var_value_if_defined('GITLAB_INITIAL_ROOT_PASSWORD').to_s.strip.empty?
 

data/lib/gitlab/qa/runtime/omnibus_configuration.rb

@@ -33,7 +33,7 @@ module Gitlab
         # @return Any instance of [Gitlab::QA::Component::Base]
         def prepare; end
 
-        # Commands to execute before GitLab boots
+        # Commands to execute before tests are run against GitLab (after reconfigure)
         def exec_commands
           []
         end

data/lib/gitlab/qa/runtime/omnibus_configurations/ci_decomposition.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module QA
+    module Runtime
+      module OmnibusConfigurations
+        class CiDecomposition < Default
+          def configuration
+            # HACK: commenting commands out as these commands should be run *after* the first
+            # reconfiguration (see first command in #exec_commands)
+            <<~OMNIBUS
+              #gitlab_rails['databases']['main']['enable'] = true
+              #gitlab_rails['databases']['ci']['enable'] = true
+              #gitlab_rails['databases']['ci']['db_database'] = 'gitlabhq_production_ci'
+            OMNIBUS
+          end
+
+          def exec_commands
+            [
+              "sed -i 's/#gitlab_rails/gitlab_rails/g' /etc/gitlab/gitlab.rb",
+              "gitlab-ctl reconfigure",
+              "gitlab-psql -c 'create database gitlabhq_production_ci owner gitlab'",
+              "gitlab-psql -d gitlabhq_production_ci -c 'create extension btree_gist'",
+              "gitlab-psql -d gitlabhq_production_ci -c 'create extension pg_trgm'",
+              "gitlab-rake db:structure:load:ci"
+            ].freeze
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/qa/scenario/test/instance/deployment_base.rb

@@ -27,6 +27,7 @@ module Gitlab
                 specs.suite = @suite
                 specs.release = release
                 specs.args = non_rspec_args.push(*args)
+                specs.volumes[host_knapsack_report_path] = "/home/gitlab/qa/knapsack" if host_knapsack_report_path
               end
             end
 
@@ -37,6 +38,10 @@ module Gitlab
             def deployment_component
               raise NotImplementedError, 'Please define the Component for the deployment environment associated with this scenario.'
             end
+
+            def host_knapsack_report_path
+              ENV["QA_KNAPSACK_REPORT_PATH"]
+            end
           end
         end
       end

data/lib/gitlab/qa/scenario/test/instance/staging_ref_geo.rb

@@ -0,0 +1,27 @@
+module Gitlab
+  module QA
+    module Scenario
+      module Test
+        module Instance
+          class StagingRefGeo < DeploymentBase
+            def initialize
+              @suite = 'QA::EE::Scenario::Test::Geo'
+            end
+
+            def deployment_component
+              Component::StagingRef
+            end
+
+            def non_rspec_args
+              [
+                '--primary-address', deployment_component::ADDRESS,
+                '--secondary-address', deployment_component::GEO_SECONDARY_ADDRESS,
+                '--without-setup'
+              ]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/qa/scenario/test/integration/geo.rb

@@ -16,6 +16,7 @@ module Gitlab
                 primary.release = release
                 primary.name = 'gitlab-primary'
                 primary.network = 'geo'
+                primary.seed_admin_token = false
                 primary.omnibus_configuration << <<~OMNIBUS
                   gitlab_rails['db_key_base'] = '4dd58204865eb41bca93bd38131d51cc';
                   geo_primary_role['enable'] = true;
@@ -54,7 +55,7 @@ module Gitlab
                       sidekiq['concurrency'] = 2;
                       puma['worker_processes'] = 2;
                     OMNIBUS
-                    secondary.exec_commands = fast_ssh_key_lookup_commands + QA::Scenario::CLICommands.git_lfs_install_commands
+                    secondary.exec_commands += fast_ssh_key_lookup_commands + QA::Scenario::CLICommands.git_lfs_install_commands
 
                     secondary.act do
                       # TODO, we do not wait for secondary to start because of

data/lib/gitlab/qa/scenario/test/integration/gitaly_cluster.rb

@@ -37,6 +37,7 @@ module Gitlab
                 praefect.name = @praefect_node_name
                 praefect.network = @network
                 praefect.skip_availability_check = true
+                praefect.seed_admin_token = false
 
                 praefect.omnibus_configuration << praefect_omnibus_configuration
 
@@ -196,6 +197,7 @@ module Gitlab
                 gitaly.name = name
                 gitaly.network = @network
                 gitaly.skip_availability_check = true
+                gitaly.seed_admin_token = false
                 gitaly.omnibus_configuration << gitaly_omnibus_configuration
                 gitaly.instance(skip_teardown: true)
               end

data/lib/gitlab/qa/scenario/test/integration/mattermost.rb

@@ -22,7 +22,11 @@ module Gitlab
                     specs.suite = 'Test::Integration::Mattermost'
                     specs.release = gitlab.release
                     specs.network = gitlab.network
-                    specs.args = [gitlab.address, mattermost_external_url, *rspec_args]
+                    specs.args = [
+                      gitlab.address,
+                      "--mattermost-address", mattermost_external_url,
+                      *rspec_args
+                    ]
                   end
                 end
               end

data/lib/gitlab/qa/scenario/test/integration/mtls.rb

@@ -19,6 +19,7 @@ module Gitlab
                 gitaly.name = @gitaly_name
                 gitaly.network = @network
                 gitaly.skip_availability_check = true
+                gitaly.seed_admin_token = false
 
                 gitaly.omnibus_configuration << gitaly_omnibus
                 gitaly.gitaly_tls