Commit f8015a20 authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

Merge branch 'feat/publish-strategy' into 'master' 

feat(publish): redesign publish on prod strategy

See merge request to-be-continuous/cnb!20
parents 1cc631ac 4acbdec7

README.md

+2 −3
Original line number Diff line number Diff line
@@ -73,7 +73,7 @@ You may perfectly override this and use another container registry, but be aware 
* the `CNB_SNAPSHOT_IMAGE` requires a container registry that allows tag overwrite,

* the `CNB_RELEASE_IMAGE` _may_ use a container registry that doesn't allow tag overwrite, but:

    1. you should avoid overwriting a Git tag (at it will obviously fail while trying to (re)push the image),

    2. you have to deactivate publish on `master` branch by setting the `$PUBLISH_ON_PROD` variable to `false` (as it would lead to the `master` tag being overwritten).

    2. you have to deactivate publish on `main` (or `master`) branch by setting the `$CNB_PROD_PUBLISH_STRATEGY` variable to `none` (as it would lead to the `main` tag being overwritten).



### Registries and credentials
@@ -182,8 +182,7 @@ This job pushes (_promotes_) the built image as the _release_ image using [skope 
| --------------------- | --------------------------------------------------------------------------- | ----------------- |

| `CNB_SKOPEO_IMAGE`    | The Docker image used to run [skopeo](https://github.com/containers/skopeo) | `quay.io/skopeo/stable:latest` |

| `CNB_PUBLISH_ARGS`    | Additional [`skopeo copy` arguments](https://github.com/containers/skopeo/blob/master/docs/skopeo-copy.1.md#options) | _(none)_          |

| `AUTODEPLOY_TO_PROD`  | Set to enable automatic publish (and deploy) on `master` branch             | _none_ (enabled)  |

| `PUBLISH_ON_PROD`     | Determines whether this job is enabled on `master` branch                   | `true`_ (enabled)  |

| `CNB_PROD_PUBLISH_STRATEGY`| Defines the publish to production strategy. One of `manual` (i.e. _one-click_), `auto` or `none` (disabled). | `manual` |



This job produces _output variables_ that are propagated to downstream jobs (using [dotenv artifacts](https://docs.gitlab.com/ee/ci/pipelines/job_artifacts.html#artifactsreportsdotenv)):

kicker.json

+5 −4
Original line number Diff line number Diff line
@@ -55,10 +55,11 @@ 
          "advanced": true

        },

        {

          "name": "PUBLISH_ON_PROD",

          "description": "Determines whether publish is enabled on `main` branch",

          "default": "true",

          "type": "boolean"

          "name": "CNB_PROD_PUBLISH_STRATEGY",

          "description": "Defines the publish to production strategy.",

          "type": "enum",

          "values": ["none", "manual", "auto"],

          "default": "manual"

        }

      ]

    }

templates/gitlab-ci-cnb.yml

+8 −9
Original line number Diff line number Diff line
@@ -59,8 +59,8 @@ variables: 
  # default final image hierarchy root dir

  CNB_APP_DIR: "/workspace"



  # by default: DevOps pipeline

  PUBLISH_ON_PROD: "true"

  # default: one-click publish

  CNB_PROD_PUBLISH_STRATEGY: manual



  # default production ref name (pattern)

  PROD_REF: '/^(master|main)$/'
@@ -434,13 +434,12 @@ cnb-publish: 
    # exclude non-production branches

    - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF'

      when: never

    # exclude if $PUBLISH_ON_PROD disabled

    - if: '$PUBLISH_ON_PROD != "true"'

      when: never

    # exclude if snapshot is same as release image

    - if: '$CNB_SNAPSHOT_IMAGE == $CNB_RELEASE_IMAGE'

      when: never

    # if $AUTODEPLOY_TO_PROD: auto

    - if: '$AUTODEPLOY_TO_PROD == "true"'

    # else: manual + blocking

    - when: manual
 
    # support former variable (prevent breaking change)

    - if: '$PUBLISH_ON_PROD == "false"'

      when: never

    - if: '$CNB_PROD_PUBLISH_STRATEGY == "manual"'

      when: manual

    - if: '$CNB_PROD_PUBLISH_STRATEGY == "auto"'