Merge branch '13-auto-stop-environments' into 'master'

| `AWS_REVIEW_ENABLED`     | AWS project ID for `review` env | _none_ (disabled) |

| `AWS_REVIEW_APP_NAME`    | Application name for `review` env      | `"${AWS_BASE_APP_NAME}-${CI_ENVIRONMENT_SLUG}"` (ex: `myproject-review-fix-bug-12`) |

| `AWS_REVIEW_ENVIRONMENT_URL`| The review environments url _(only define for static environment URLs declaration and if different from default)_ | `$AWS_ENVIRONMENT_URL` |

| `AWS_REVIEW_AUTOSTOP_DURATION`| The amount of time before GitLab will automatically stop `review` environments | `4 hours` |

### Integration environment configuration

          "description": "The application name for review env (only define if different from global)",

          "advanced": true

        },

        {

          "name": "AWS_REVIEW_AUTOSTOP_DURATION",

          "description": "The amount of time before GitLab will automatically stop `review` environments",

          "default": "4 hours"

        },

        {

          "name": "AWS_REVIEW_ENVIRONMENT_URL",

          "type": "url",

  AWS_SCRIPTS_DIR: "."

  AWS_BASE_APP_NAME: "$CI_PROJECT_NAME"

  # deprecated, backward compatibility

  AWS_REVIEW_ENVIRONMENT_SCHEME: "https"

  AWS_REVIEW_AUTOSTOP_DURATION: "4 hours"

  # default: one-click deploy

  AWS_PROD_DEPLOY_STRATEGY: manual

    fi

  }

  function auth() {

    oidc_role_arn="$1"

  function aws_auth() {

    oidc_role_arn=${ENV_OIDC_ROLE_ARN:-${AWS_OIDC_ROLE_ARN}}

    if [[ "$oidc_role_arn" ]]

    then

      log_info "Obtaining temporary credentials with OpenID connect..."

  }

  # application deployment function

  function deploy() {

    export environment_type=$1

    export environment_name=$2

    environment_url=$3

  function aws_deploy() {

    export environment_type=$ENV_TYPE

    export environment_name=${ENV_APP_NAME:-${AWS_BASE_APP_NAME}${ENV_APP_SUFFIX}}

    environment_url=${ENV_URL:-${AWS_ENVIRONMENT_URL:-$ENV_URL_LEGACY}}

    # backward compatibility

    export env=$environment_type

  }

  # environment cleanup function

  function delete() {

    export environment_type=$1

    export environment_name=$2

  function aws_delete() {

    export environment_type=$ENV_TYPE

    export environment_name=${ENV_APP_NAME:-${AWS_BASE_APP_NAME}${ENV_APP_SUFFIX}}

    # backward compatibility

    export env=$environment_type

  before_script:

    - *aws-scripts

    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"

    - auth "${ENV_OIDC_ROLE_ARN:-${AWS_OIDC_ROLE_ARN}}"

    - aws_auth

# Deploy job prototype

# Can be extended to define a concrete environment

  variables:

    ENV_APP_SUFFIX: "-$CI_ENVIRONMENT_SLUG"

  script:

    - deploy "$ENV_TYPE" "${ENV_APP_NAME:-${AWS_BASE_APP_NAME}${ENV_APP_SUFFIX}}" "${ENV_URL:-${AWS_ENVIRONMENT_URL:-$ENV_URL_LEGACY}}"

    - aws_deploy

  artifacts:

    name: "$ENV_TYPE env url for $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"

    paths:

  variables:

    ENV_APP_SUFFIX: "-$CI_ENVIRONMENT_SLUG"

  script:

    - delete "$ENV_TYPE" "${ENV_APP_NAME:-${AWS_BASE_APP_NAME}${ENV_APP_SUFFIX}}"

    - aws_delete

  environment:

    action: stop

    ENV_TYPE: review

    ENV_APP_NAME: "$AWS_REVIEW_APP_NAME"

    ENV_URL: "${AWS_REVIEW_ENVIRONMENT_URL}"

    # deprecated, backward compatibility

    ENV_URL_LEGACY: "${AWS_REVIEW_ENVIRONMENT_SCHEME}://${CI_PROJECT_NAME}-${CI_ENVIRONMENT_SLUG}.${AWS_REVIEW_ENVIRONMENT_DOMAIN}"

    ENV_OIDC_ROLE_ARN: "$AWS_REVIEW_OIDC_ROLE_ARN"

  environment:

    name: review/$CI_COMMIT_REF_NAME

    on_stop: aws-cleanup-review

    auto_stop_in: "$AWS_REVIEW_AUTOSTOP_DURATION"

  resource_group: review/$CI_COMMIT_REF_NAME

  rules:

    # exclude tags