gitlab-qa 13.0.0 → 13.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c1b0faca28f971a96c2dbbb66253bb39575c8113f5106ee5845bd7d18a49ad14
-  data.tar.gz: 8d3d7ec33d579c662b765beb542c60912997a7a71711eb6b38c4fdbc8fa3580f
+  metadata.gz: 16a2d1d19d2421861d4698ef692926f2fa15cc9f4081e39d1ca7e4da46a8ba7c
+  data.tar.gz: 0c65e2931b680e7737df751f702943e40851ac207afcb3be7a01765ec2b47291
 SHA512:
-  metadata.gz: 420a71805ccb95a567440373e42592588437b479bcb60d1ad0158e71620d95e679b7f01339a505c626e44c1b262096bfbd0b2b4a9c3eb2011175589de265b1af
-  data.tar.gz: 566711df162bd8506cabc16ffcfc66764d692c86058c5a482343412fd90a75dee821fa086df4459dd0d07abb3f03e6150d9f536afc96c15710a7b7b157b94289
+  metadata.gz: 81c553e7373d1fc790429dd8e4e9c1538e7c2a6afc382b7b79170c0edb6b8b83c4f533a60746defc313c846ab92fb4505f84899f3eede1f21bcdcdc586e7b90c
+  data.tar.gz: 492ad5e00e24b345ab1ac724dcf059c9520d992df141a03b413b674262720138a724ed44d633b9d9a926f40471aa44744994b8dcf38eee8753d03728ad3c715e

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    gitlab-qa (13.0.0)
+    gitlab-qa (13.1.0)
       activesupport (>= 6.1, < 7.1)
       gitlab (~> 4.19)
       http (~> 5.0)

data/docs/what_tests_can_be_run.md

@@ -58,7 +58,8 @@ All environment variables used by GitLab QA should be defined in [`lib/gitlab/qa
 | `GITLAB_QA_ACCESS_TOKEN`|-  | A valid personal access token with the `api` scope. This allows tests to use the API without having to create a new personal access token first. It is also used to check what version [deployed environments](https://gitlab.com/gitlab-org/quality/pipeline-common/-/blob/master/ci/dot-com/README.md#projects) are currently running. Existing tokens for each environment can be found in the shared 1Password vault. |No|
 | `GITLAB_QA_ADMIN_ACCESS_TOKEN` |-  | A valid personal access token with the `api` scope from a user with admin access. Used for API access as an admin during tests. | No|
 | `GITLAB_QA_CONTAINER_REGISTRY_ACCESS_TOKEN` | - | A valid personal access token with the `read_registry` scope. Used to [access the container registry on `registry.gitlab.com` when tests run in a CI job that _is not_ triggered via another pipeline](https://gitlab.com/gitlab-org/gitlab-qa/-/blob/364addb83e7b136ff0f9d8719ca9553d290aa9ab/lib/gitlab/qa/release.rb#L152). For example, if you manually run a [new Staging pipeline](https://ops.gitlab.net/gitlab-org/quality/staging/-/pipelines/new), this token will be used. | No |
-| `EE_LICENSE` |-  | Enterprise Edition license. | No|
+| `EE_LICENSE` |-  | Enterprise Edition license. For Staging license to be applied successfully requires `CUSTOMER_PORTAL_URL` set. | No|
+| `GITLAB_LICENSE_MODE` |- | If set to `test` gitlab-qa will then set customers portal address to Staging address. | No|
 | `QA_EE_ACTIVATION_CODE` |-  | Cloud activation code to enable Enterprise Edition features. | No|
 | `QA_ARTIFACTS_DIR` |`/tmp/gitlab-qa`| Path to a directory where artifacts (logs and screenshots) for failing tests will be saved. | No|
 | `DOCKER_HOST` |`http://localhost`| Docker host to run tests against. | No|
@@ -1173,6 +1174,28 @@ need to be updated, it can be useful to proxy all requests to real `GitHub` inst
 
 Testing import [by direct transfer](https://docs.gitlab.com/ee/user/group/import/#migrate-groups-by-direct-transfer-recommended) is done by spinning up 2 omnibus installations - `import-target` and `import-source`. In order for tests to work, application setting `allow_local_requests_from_web_hooks_and_services` must be enabled in target instance. This is automatically done by test process if environment variable `QA_ALLOW_LOCAL_REQUESTS` is set to `true`.
 
+### `Test::Integration::AiGateway EE|<full image address>`
+
+This scenario spins up a GitLab Omnibus instance integrated with a test AI Gateway using [fake models](https://gitlab.com/gitlab-org/modelops/applied-ml/code-suggestions/ai-assist#faking-out-ai-models). It will run specs tagged with the `:ai_gateway` tag in order to help verify that cloud licensing and authentication for AI features work as expected for self-managed instances.
+
+**Required environment variables:**
+
+- `QA_EE_ACTIVATION_CODE`: An activation code for a Staging-generated Premium or Ultimate cloud license with a purchased AI add-on. This can be found in the GitLab QA 1Password vault.
+- `GITLAB_LICENSE_MODE`: Set to `test` in order to configure GitLab Omnibus with the correct license mode and `CUSTOMER_PORTAL_URL`.
+
+**Optional environment variables:**
+
+- `QA_USE_SYNC_SERVICE_TOKEN_WORKER`: When true, will enable the `use_sync_service_token_worker` feature flag during code suggestions setup to use the `SyncServiceTokenWorker` to fetch a code suggestions JWT during activation instead of the `SyncSeatLinkWorker`. See rollout issue https://gitlab.com/gitlab-org/gitlab/-/issues/431608 for details.
+
+Example:
+
+```shell
+$ export QA_EE_ACTIVATION_CODE="<value from 1Password>"
+$ export GITLAB_LICENSE_MODE="test"
+
+$ gitlab-qa Test::Integration::AiGateway EE
+```
+
 ----
 
 [Back to README.md](../README.md)

data/lib/gitlab/qa/component/ai_gateway.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module QA
+    module Component
+      class AiGateway < Base
+        DOCKER_IMAGE = 'registry.gitlab.com/gitlab-org/modelops/applied-ml/code-suggestions/ai-assist/model-gateway'
+        DOCKER_IMAGE_TAG = 'latest'
+
+        def name
+          @name ||= 'ai-gateway'
+        end
+
+        def configure_environment(gitlab_hostname:)
+          @environment = {
+            'GITLAB_URL' => "http://#{gitlab_hostname}",
+            'GITLAB_API_URL' => "http://#{gitlab_hostname}/api/v4",
+            'CUSTOMER_PORTAL_BASE_URL' => Runtime::Env.customer_portal_url,
+            'USE_FAKE_MODELS' => true,
+            'USE_LOCAL_CACHE' => true
+          }
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/qa/component/gitlab.rb

@@ -83,6 +83,13 @@ module Gitlab
           @environment['ELASTIC_URL'] = url
         end
 
+        def set_ee_activation_code
+          raise 'QA_EE_ACTIVATION_CODE is required!' if Runtime::Env.ee_activation_code.to_s.strip.empty?
+
+          @omnibus_gitlab_rails_env['QA_EE_ACTIVATION_CODE'] = Runtime::Env.ee_activation_code
+          secrets << Runtime::Env.ee_activation_code
+        end
+
         def release=(release)
           @release = QA::Release.new(release)
         end

data/lib/gitlab/qa/runtime/env.rb

@@ -428,6 +428,14 @@ module Gitlab
           env_var_value_if_defined('CUSTOMER_PORTAL_URL') || 'https://customers.staging.gitlab.com'
         end
 
+        def ee_activation_code
+          env_var_value_if_defined('QA_EE_ACTIVATION_CODE')
+        end
+
+        def use_sync_service_token_worker?
+          enabled?(env_var_value_if_defined('QA_USE_SYNC_SERVICE_TOKEN_WORKER'), default: false)
+        end
+
         def geo_staging_url
           env_var_value_if_defined('GEO_STAGING_URL') || 'https://geo.staging.gitlab.com'
         end

data/lib/gitlab/qa/scenario/test/integration/ai_gateway.rb

@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module QA
+    module Scenario
+      module Test
+        module Integration
+          class AiGateway < Scenario::Template
+            SETUP_SRC_PATH = File.expand_path('../../../../../../support/setup', __dir__)
+            SETUP_DEST_PATH = '/tmp/setup-scripts'
+
+            def initialize
+              @network = 'test'
+              @ai_gateway_name = 'ai-gateway'
+              @ai_gateway_hostname = "#{@ai_gateway_name}.#{@network}"
+              @ai_gateway_port = 5000
+            end
+
+            def perform(release, *rspec_args)
+              Component::Gitlab.perform do |gitlab|
+                setup_gitlab(gitlab, release)
+
+                Component::AiGateway.perform do |ai_gateway|
+                  setup_ai_gateway(ai_gateway, gitlab_hostname: gitlab.hostname)
+
+                  ai_gateway.instance do
+                    gitlab.instance do
+                      setup_code_suggestions(gitlab)
+                      run_specs(gitlab, *rspec_args)
+                    end
+                  end
+                end
+              end
+            end
+
+            private
+
+            def setup_gitlab(gitlab, release)
+              gitlab.release = QA::Release.new(release)
+              gitlab.name = 'gitlab'
+              gitlab.network = @network
+
+              gitlab.omnibus_gitlab_rails_env['CODE_SUGGESTIONS_BASE_URL'] = "http://#{@ai_gateway_hostname}:#{@ai_gateway_port}"
+
+              # Determines whether to use the SyncServiceTokenWorker or SyncSeatLinkWorker
+              # for generating a code suggestions access token during license activation
+              gitlab.omnibus_gitlab_rails_env['QA_USE_SYNC_SERVICE_TOKEN_WORKER'] = Runtime::Env.use_sync_service_token_worker?
+
+              gitlab.set_ee_activation_code
+            end
+
+            def setup_ai_gateway(ai_gateway, gitlab_hostname:)
+              ai_gateway.name = @ai_gateway_name
+              ai_gateway.network = @network
+              ai_gateway.ports = [@ai_gateway_port]
+
+              ai_gateway.configure_environment(gitlab_hostname: gitlab_hostname)
+            end
+
+            def setup_code_suggestions(gitlab)
+              Runtime::Logger.info('Setting up Code Suggestions on GitLab instance')
+
+              gitlab.docker.copy(gitlab.name, SETUP_SRC_PATH, SETUP_DEST_PATH)
+
+              gitlab.docker.exec(
+                gitlab.name,
+                "gitlab-rails runner #{SETUP_DEST_PATH}/code_suggestions_setup.rb",
+                mask_secrets: gitlab.secrets
+              )
+            end
+
+            def run_specs(gitlab, *rspec_args)
+              Runtime::Logger.info('Running AI Gateway specs!')
+
+              rspec_args << "--" unless rspec_args.include?('--')
+              rspec_args << %w[--tag ai_gateway]
+
+              Component::Specs.perform do |specs|
+                specs.suite = 'Test::Instance::All'
+                specs.release = gitlab.release
+                specs.network = gitlab.network
+                specs.args = [gitlab.address, *rspec_args]
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/qa/version.rb

@@ -2,6 +2,6 @@
 
 module Gitlab
   module QA
-    VERSION = '13.0.0'
+    VERSION = '13.1.0'
   end
 end

data/support/setup/code_suggestions_setup.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+class CodeSuggestionsSetup
+  class << self
+    def configure!
+      if ENV.fetch('QA_USE_SYNC_SERVICE_TOKEN_WORKER', false)
+        puts 'Enabling use_sync_service_token_worker feature flag...'
+        Feature.enable(:use_sync_service_token_worker)
+      end
+
+      puts 'Enabling code_suggestions_tokens_api feature flag...'
+      Feature.enable(:code_suggestions_tokens_api)
+
+      activate_cloud_license
+
+      # Due to the various async Sidekiq processes involved, we wait to verify
+      # that the code suggestions access token has been generated before proceeding
+      verify_code_suggestions_access_token
+
+      puts 'Enabling application setting instance_level_code_suggestions_enabled...'
+      ApplicationSetting.last.update(instance_level_code_suggestions_enabled: true)
+    end
+
+    private
+
+    def activate_cloud_license
+      puts 'Activating cloud license...'
+      activation_result = ::GitlabSubscriptions::ActivateService.new.execute(ENV.fetch('QA_EE_ACTIVATION_CODE', nil))
+
+      if activation_result[:success]
+        puts 'Cloud license activation successful'
+      else
+        puts 'Cloud license activation failed!'
+        puts Array(result[:errors]).join(' ')
+        exit 1
+      end
+    end
+
+    def verify_code_suggestions_access_token
+      puts 'Waiting for code suggestions access token to be available...'
+
+      max_attempts = 3
+      attempts = 0
+
+      until (tokens = ::Ai::ServiceAccessToken.active.count)&.positive? || attempts == max_attempts
+        puts 'Attempting to verify access token exists...'
+        attempts += 1
+        sleep 30
+      end
+
+      return if tokens&.positive?
+
+      puts "Failed to create code suggestions access token after #{max_attempts} attempts"
+      exit 1
+    end
+  end
+end
+
+CodeSuggestionsSetup.configure!

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-qa
 version: !ruby/object:Gem::Version
-  version: 13.0.0
+  version: 13.1.0
 platform: ruby
 authors:
 - GitLab Quality
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2023-12-06 00:00:00.000000000 Z
+date: 2023-12-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: climate_control
@@ -383,6 +383,7 @@ files:
 - gitlab-qa.gemspec
 - lefthook.yml
 - lib/gitlab/qa.rb
+- lib/gitlab/qa/component/ai_gateway.rb
 - lib/gitlab/qa/component/alpine.rb
 - lib/gitlab/qa/component/base.rb
 - lib/gitlab/qa/component/chaos.rb
@@ -444,6 +445,7 @@ files:
 - lib/gitlab/qa/scenario/test/instance/staging_geo.rb
 - lib/gitlab/qa/scenario/test/instance/staging_ref.rb
 - lib/gitlab/qa/scenario/test/instance/staging_ref_geo.rb
+- lib/gitlab/qa/scenario/test/integration/ai_gateway.rb
 - lib/gitlab/qa/scenario/test/integration/chaos.rb
 - lib/gitlab/qa/scenario/test/integration/client_ssl.rb
 - lib/gitlab/qa/scenario/test/integration/elasticsearch.rb
@@ -496,6 +498,7 @@ files:
 - support/manifests/suggested_reviewer/pubsub.yaml
 - support/manifests/suggested_reviewer/recommender-bot.yaml
 - support/manifests/suggested_reviewer/recommender.yaml
+- support/setup/code_suggestions_setup.rb
 - tls_certificates/authority/ca.crt
 - tls_certificates/authority/ca.key
 - tls_certificates/authority/ca.pem