Merge branch 'feat/support-parallel-matrix' into 'main'

To implement the **dynamic way**, your deployment script shall simply generate a `environment_url.txt` file in the working directory, containing only

the dynamically generated url. When detected by the template, it will use it as the newly deployed environment url.

### Multiple environments support

The Helm template allows deploying multiple environments in parallel. Use cases of this include:

- monorepo, where a single Git repository might host several separate deployable components or apps,

- multi-instances deployment of the same application.

This feature can be enabled using the [parallel matrix jobs](https://docs.gitlab.com/ee/ci/yaml/#parallelmatrix)

pattern at the `.helm-deploy-base` job level (this is the top parent job of all deployment jobs). 

Environments namespacing is ensured by the `HELM_ENVIRONMENT_NAMESPACE` variable (must start with a slash `/`).

Here is the example of the `.gitlab-ci.yml` file for a project deploying both a frontend and a backend applications:

```yaml

.helm-deploy-base:

  parallel:

    matrix:

      - HELM_ENVIRONMENT_NAMESPACE: "/front"

        # Helm Chart is located in the ./front/ directory

        HELM_CHART_DIR: "front"

      - HELM_ENVIRONMENT_NAMESPACE: "/back"

        # Helm Chart is located in the ./back/ directory

        HELM_CHART_DIR: "back"

# ⚠ on_stop must be unset when defining parallel:matrix environments

# see: https://gitlab.com/gitlab-org/gitlab/-/issues/332247

helm-review:

  environment:

    on_stop: null

```

The above configuration will deploy 2 environments on each pipeline:

- on feature branches: `review/front/$CI_COMMIT_REF_NAME` and `review/back/$CI_COMMIT_REF_NAME`

- on the integration branch: `integration/front` and `integration/back` 

- on the production branch: `staging/front` and `staging/back` (and finally `production/front` and `production/back`)

### Deployment output variables

Each deployment job produces _output variables_ that are propagated to downstream jobs (using [dotenv artifacts](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportsdotenv)):

You may also add and propagate your own custom variables, by pushing them to the `helm.env` file in your [deployment script](#deployment-and-cleanup-scripts).

> [!important]

> If [multiple environments](#multiple-environments-support) are configured, the output variables are prefixed with a 

> sluggified value of the `HELM_ENVIRONMENT_NAMESPACE` variable (stripped of punctuation characters and converted to lowercase):

> 

> * `<namespace_slug>_environment_type`: set to the type of environment (`review`, `integration`, `staging` or `production`),

> * `<namespace_slug>_environment_name`: the application name (see below),

> * `<namespace_slug>_environment_url`: set to the environment URL (whether determined statically or dynamically).

> 

> The output dotenv file will be `aws.env.<namespace_slug>` instead, and the dynamic variable `${environment_namespace}` can be used in your scripts and manifests to access the contextual value of `<namespace_slug>`.

### Working with repositories & OCI-based registries

The Helm template supports indifferently the use of [chart repositories](https://helm.sh/docs/topics/chart_repository/) and [OCI-based registries](https://helm.sh/docs/topics/registries/) (requires Helm 3 or above).

| `repos` / `HELM_REPOS` | The Helm [chart repositories](https://helm.sh/docs/topics/chart_repository/) to use (formatted as `repo_name_1@repo_url_1 repo_name_2@repo_url_2 ...`) | `stable@https://charts.helm.sh/stable bitnami@https://charts.bitnami.com/bitnami` |

| `base-app-name` / `HELM_BASE_APP_NAME` | Base application name                  | `$CI_PROJECT_NAME` ([see GitLab doc](https://docs.gitlab.com/ci/variables/predefined_variables/)) |

| `environment-url` / `HELM_ENVIRONMENT_URL`    | Default environments url _(only define for static environment URLs declaration)_<br/>_supports late variable expansion (ex: `https://%{environment_name}.helm.acme.com`)_ | _none_ |

| `environment-namespace` / `HELM_ENVIRONMENT_NAMESPACE` | Extra [GitLab environments](https://docs.gitlab.com/ci/environments/) namespace _(only required when deploying [multiple environments](#multiple-environments-support))_<br/>:warning: must start with a slash `/` | _none_ |

### Review environments configuration

      "type": "url",

      "description": "The default environments url _(only define for static environment URLs declaration)_\n\n_supports late variable expansion (ex: `https://%{environment_name}.helm.acme.com`)_"

    },

    {

      "name": "HELM_ENVIRONMENT_NAMESPACE",

      "description": "Extra [GitLab environments](https://docs.gitlab.com/ci/environments/) namespace _(only required when deploying multiple environments)_\n\n:warning: must start with a slash `/`",

      "advanced": true

    },

    {

      "name": "HELM_DEPLOY_ARGS",

      "description": "The Helm [command with options](https://helm.sh/docs/helm/helm_upgrade/) to deploy the application (_without dynamic arguments such as release name and chart_)",

      echo '[WARN] $GCP_JWT is not set: cannot setup Application Default Credentials (ADC) authentication'

    fi

.helm-diff:

.helm-env-base:

  before_script:

    - !reference [.helm-scripts]

    - !reference [.helm-base, before_script]

    - !reference [.helm-gcp-adc]

    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"

    - add_helm_repositories

    - setup_kubeconfig

    - helm_plugin_diff false

  id_tokens:

    GCP_JWT:

      aud: "$GCP_OIDC_AUD"

.helm-deploy:

  before_script:

    - !reference [.helm-scripts]

    - !reference [.helm-gcp-adc]

    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"

    - add_helm_repositories

    - setup_kubeconfig

  id_tokens:

    GCP_JWT:

        _supports late variable expansion (ex: `https://%{environment_name}.helm.acme.com`)_

      default: ''

    environment-namespace:

      description: |-

        Extra [GitLab environments](https://docs.gitlab.com/ci/environments/) namespace _(only required when deploying multiple environments)_

        :warning: must start with a slash `/`

      default: ''

    deploy-args:

      description: The Helm [command with options](https://helm.sh/docs/helm/helm_upgrade/) to deploy the application (_without dynamic arguments such as release name and chart_)

      default: upgrade --install --atomic --timeout 120s

  HELM_DEPLOY_CHART: $[[ inputs.deploy-chart ]]

  KUBE_NAMESPACE: $[[ inputs.kube-namespace ]]

  HELM_ENVIRONMENT_URL: $[[ inputs.environment-url ]]

  HELM_ENVIRONMENT_NAMESPACE: $[[ inputs.environment-namespace ]]

  HELM_LINT_DISABLED: $[[ inputs.lint-disabled ]]

  HELM_TEST_ENABLED: $[[ inputs.test-enabled ]]

  HELM_DIFF_DISABLED: $[[ inputs.diff-disabled ]]

    export kube_namespace=${ENV_NAMESPACE:-${KUBE_NAMESPACE}}

    values_files=$ENV_VALUES

    environment_url=${ENV_URL:-$HELM_ENVIRONMENT_URL}

    environment_namespace=$(echo "$HELM_ENVIRONMENT_NAMESPACE" | tr -d '[:punct:]' | tr '[:upper:]' '[:lower:]')

    export environment_namespace

    # variables expansion in $environment_url

    environment_url=$(echo "$environment_url" | TBC_ENVSUBST_ENCODING=uricomp tbc_envsubst)

    log_info "--- \$hostname: \\e[33;1m${hostname}\\e[0m (Helm variable '$HELM_HOSTNAME_VALUE_NAME')"

    # unset any upstream deployment env & artifacts

    rm -f helm.env

    rm -f helm.env*

    rm -f environment_url.txt

    # maybe execute pre deploy script

    else

      echo "$environment_url" > environment_url.txt

    fi

    echo -e "environment_type=$environment_type\\nenvironment_name=$environment_name\\nenvironment_url=$environment_url" >> helm.env

    chmod 644 environment_url.txt helm.env

    # var prefix ('_' if namespace)

    prefix="${environment_namespace:+${environment_namespace}_}"

    dotenvfile="helm.env${environment_namespace:+.${environment_namespace}}"

    {

      echo "${prefix}environment_type=${environment_type}"

      echo "${prefix}environment_name=${environment_name}"

      echo "${prefix}environment_url=${environment_url}"

      # '$environment_url' is required by GitLab (dynamic env URL)

      if [[ "$environment_namespace" ]]; then echo "environment_url=${environment_url}"; fi

    } >> "$dotenvfile"

    chmod 644 environment_url.txt "$dotenvfile"

  }

  # delete application (and dependencies)

  }

  # test application (and dependencies)

  # $environment_type and $environment_name are propagated by dotenv artifact

  function helm_test() {

    export kube_namespace=${ENV_NAMESPACE:-${KUBE_NAMESPACE}}

    export environment_type=$ENV_TYPE

    export environment_name=${ENV_APP_NAME:-${HELM_BASE_APP_NAME}${ENV_APP_SUFFIX}}

    log_info "--- \\e[32mtest\\e[0m (env: ${environment_type})"

    log_info "--- \$kube_namespace: \\e[33;1m${kube_namespace}\\e[0m"

  extends: .helm-build-base

  stage: test

  before_script:

    - !reference [.helm-scripts]

    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"

    - !reference [.helm-base, before_script]

    - add_helm_repositories

  script:

    - helm $HELM_DEPENDENCY_ARGS $HELM_CHART_DIR

  extends: .helm-publish

  stage: package-build

  before_script:

    - !reference [.helm-scripts]

    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"

    - !reference [.helm-base, before_script]

    - add_helm_repositories

  script:

    - helm_package

    entrypoint: [""]

  stage: package-test

  before_script:

    - !reference [.helm-scripts]

    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"

    - !reference [.helm-base, before_script]

    - |

      if [ -f "$HELM_CHART_DIR/Chart.yaml" ]

      then

    - TBC_ENVSUBST_ENCODING=jsonstr tbc_envsubst "$ENV_VALUES" > generated-values-env.yml

    - helm template $helm_package ${HELM_K8S_VERSION:+--kube-version "$HELM_K8S_VERSION"} --values generated-values-common.yml --values generated-values-env.yml | kube-score score ${HELM_K8S_VERSION:+--kubernetes-version "$HELM_K8S_VERSION"} ${HELM_KUBE_SCORE_ARGS} -

.helm-diff:

# Env base job prototype

# Centralizes environment name and resource_group

# for both deploy and cleanup jobs

#

# @arg ENV_TYPE      : environment type

# @arg ENV_APP_NAME  : env-specific application name

# @arg ENV_APP_SUFFIX: env-specific application suffix

# @arg ENV_KUBE_CONFIG: env-specific Kubeconfig

# @arg ENV_NAMESPACE : env-specific Kubernetes namespace

.helm-env-base:

  extends: .helm-deploy-base

  stage: package-test

  stage: deploy

  variables:

    HELM_DIFF_COLOR: "true"

    ENV_APP_SUFFIX: "-$CI_ENVIRONMENT_SLUG"

  before_script:

    - !reference [.helm-scripts]

    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"

    - add_helm_repositories

    - !reference [.helm-base, before_script]

    - setup_kubeconfig

    - helm_plugin_diff false

  script:

    - helm_diff

  resource_group: $CI_ENVIRONMENT_NAME

  environment:

    name: ${ENV_TYPE}${HELM_ENVIRONMENT_NAMESPACE}

  resource_group: ${ENV_TYPE}${HELM_ENVIRONMENT_NAMESPACE}

# Deploy job prototype

# Can be extended to define a concrete environment

#

# @arg ENV_TYPE      : environment type

# @arg ENV_APP_NAME  : env-specific application name

# @arg ENV_APP_SUFFIX: env-specific application suffix

# @arg ENV_URL       : env-specific application url

# @arg ENV_KUBE_CONFIG: env-specific Kubeconfig

# @arg ENV_NAMESPACE : env-specific Kubernetes namespace

# @arg ENV_VALUES    : env-specific Helm values

.helm-deploy:

  extends: .helm-deploy-base

  stage: deploy

  variables:

    ENV_APP_SUFFIX: "-$CI_ENVIRONMENT_SLUG"

  extends: .helm-env-base

  before_script:

    - !reference [.helm-scripts]

    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"

    - !reference [.helm-env-base, before_script]

    - add_helm_repositories

    - setup_kubeconfig

  script:

    - helm_deploy

  artifacts:

    paths:

      - environment_url.txt

    reports:

      dotenv: helm.env

  resource_group: $CI_ENVIRONMENT_NAME

      dotenv: helm.env*

  environment:

    action: start

    url: "$environment_url" # can be either static or dynamic

# Cleanup job prototype

# Can be extended for each deletable environment

#

# @arg ENV_TYPE      : environment type

# @arg ENV_APP_NAME  : env-specific application name

# @arg ENV_APP_SUFFIX: env-specific application suffix

# @arg ENV_KUBE_CONFIG: env-specific Kubeconfig

# @arg ENV_NAMESPACE : env-specific Kubernetes namespace

.helm-cleanup:

  extends: .helm-deploy-base

  stage: deploy

  extends: .helm-env-base

  # force no dependencies

  dependencies: []

  variables:

    ENV_APP_SUFFIX: "-$CI_ENVIRONMENT_SLUG"

  before_script:

    - !reference [.helm-scripts]

    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"

    - setup_kubeconfig

  script:

    - helm_delete

  environment:

    action: stop

  resource_group: $CI_ENVIRONMENT_NAME

# Test job prototype

# Can be extended to define a concrete environment

#

# @arg ENV_TYPE      : environment type

# @arg ENV_KUBE_CONFIG: env-specific Kubeconfig

# @arg ENV_NAMESPACE : env-specific Kubernetes namespace

.helm-test:

  extends: .helm-deploy-base

  extends: .helm-env-base

  stage: acceptance

  before_script:

    - !reference [.helm-scripts]

    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"

    - setup_kubeconfig

  environment:

    action: verify

  script:

    - helm_test

# ==================================================

# Env: review

# ==================================================

# show diff for review env (only for feature branches)

helm-diff-review:

  extends: .helm-diff

# Diff job prototype

# Can be extended to define a concrete environment

.helm-diff:

  extends: .helm-env-base

  stage: package-test

  variables:

    ENV_TYPE: review

    ENV_APP_NAME: "$HELM_REVIEW_APP_NAME"

    ENV_URL: "${HELM_REVIEW_ENVIRONMENT_URL}"

    ENV_KUBE_CONFIG: "$HELM_REVIEW_KUBE_CONFIG"

    ENV_NAMESPACE: "$HELM_REVIEW_NAMESPACE"

    ENV_VALUES: "$HELM_REVIEW_VALUES"

    HELM_DIFF_COLOR: "true"

  before_script:

    - !reference [.helm-env-base, before_script]

    - add_helm_repositories

    - helm_plugin_diff false

  script:

    - helm_diff

  environment:

    name: review/$CI_COMMIT_REF_NAME

  resource_group: review/$CI_COMMIT_REF_NAME

  rules:

    # Exclude if HELM_DIFF_DISABLED is true or HELM_REVIEW_ENABLED is not true or on tag

    - if: '$HELM_DIFF_DISABLED == "true" || $HELM_REVIEW_ENABLED != "true" || $CI_COMMIT_TAG'

      when: never

    # Only on non-production, non-integration branches

    - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF'

    action: prepare

# ==================================================

# Env: review

# ==================================================

helm-values-lint-review:

  extends: .helm-values-lint

  variables:

      when: never

    - !reference [.test-policy, rules]

# show diff for review env (only for feature branches)

helm-diff-review:

  extends: .helm-diff

  variables:

    ENV_TYPE: review

    ENV_APP_NAME: "$HELM_REVIEW_APP_NAME"

    ENV_URL: "${HELM_REVIEW_ENVIRONMENT_URL}"

    ENV_KUBE_CONFIG: "$HELM_REVIEW_KUBE_CONFIG"

    ENV_NAMESPACE: "$HELM_REVIEW_NAMESPACE"

    ENV_VALUES: "$HELM_REVIEW_VALUES"

  environment:

    name: ${ENV_TYPE}${HELM_ENVIRONMENT_NAMESPACE}/$CI_COMMIT_REF_NAME

  resource_group: ${ENV_TYPE}${HELM_ENVIRONMENT_NAMESPACE}/$CI_COMMIT_REF_NAME

  rules:

    - if: '$HELM_DIFF_DISABLED == "true"'

      when: never

    # exclude tags and on $HELM_REVIEW_ENABLED not set

    - if: '$HELM_REVIEW_ENABLED != "true" || $CI_COMMIT_TAG'

      when: never

    # only on non-production, non-integration branches

    - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF'

# deploy to review env (only for feature branches)

# disabled by default, enable this job by setting $HELM_REVIEW_ENABLED

helm-review:

    ENV_NAMESPACE: "$HELM_REVIEW_NAMESPACE"

    ENV_VALUES: "$HELM_REVIEW_VALUES"

  environment:

    name: review/$CI_COMMIT_REF_NAME

    name: ${ENV_TYPE}${HELM_ENVIRONMENT_NAMESPACE}/$CI_COMMIT_REF_NAME

    # ⚠ on_stop must be unset when defining parallel:matrix environments

    # see: https://gitlab.com/gitlab-org/gitlab/-/issues/332247

    on_stop: helm-cleanup-review

    auto_stop_in: "$HELM_REVIEW_AUTOSTOP_DURATION"

  resource_group: review/$CI_COMMIT_REF_NAME

  resource_group: ${ENV_TYPE}${HELM_ENVIRONMENT_NAMESPACE}/$CI_COMMIT_REF_NAME

  rules:

    # exclude tags and on $HELM_REVIEW_ENABLED not set

    - if: '$HELM_REVIEW_ENABLED != "true" || $CI_COMMIT_TAG'

    ENV_KUBE_CONFIG: "$HELM_REVIEW_KUBE_CONFIG"

    ENV_NAMESPACE: "$HELM_REVIEW_NAMESPACE"

  environment:

    name: review/$CI_COMMIT_REF_NAME

    action: stop

  resource_group: review/$CI_COMMIT_REF_NAME

    name: ${ENV_TYPE}${HELM_ENVIRONMENT_NAMESPACE}/$CI_COMMIT_REF_NAME

  resource_group: ${ENV_TYPE}${HELM_ENVIRONMENT_NAMESPACE}/$CI_COMMIT_REF_NAME

  rules:

    # exclude tags and on $HELM_REVIEW_ENABLED not set

    - if: '$HELM_REVIEW_ENABLED != "true" || $CI_COMMIT_TAG'

  extends: .helm-test

  variables:

    ENV_TYPE: review

    ENV_APP_NAME: "$HELM_REVIEW_APP_NAME"

    ENV_KUBE_CONFIG: "$HELM_REVIEW_KUBE_CONFIG"

    ENV_NAMESPACE: "$HELM_REVIEW_NAMESPACE"

    ENV_VALUES: "$HELM_REVIEW_VALUES"

  environment:

    name: ${ENV_TYPE}${HELM_ENVIRONMENT_NAMESPACE}/$CI_COMMIT_REF_NAME

  resource_group: ${ENV_TYPE}${HELM_ENVIRONMENT_NAMESPACE}/$CI_COMMIT_REF_NAME

  rules:

    - if: $CI_COMMIT_TAG

      when: never

# ==================================================

# Env: integration

# ==================================================

# show diff for integration env

helm-diff-integration:

  extends: .helm-diff

  variables:

    ENV_TYPE: integration

    ENV_APP_NAME: "$HELM_INTEG_APP_NAME"

    ENV_URL: "${HELM_INTEG_ENVIRONMENT_URL}"

    ENV_KUBE_CONFIG: "$HELM_INTEG_KUBE_CONFIG"

    ENV_NAMESPACE: "$HELM_INTEG_NAMESPACE"

    ENV_VALUES: "$HELM_INTEG_VALUES"

  environment:

    name: integration

  resource_group: integration

  rules:

    # Exclude if HELM_DIFF_DISABLED is true or HELM_INTEG_ENABLED is not true

    - if: '$HELM_DIFF_DISABLED == "true" || $HELM_INTEG_ENABLED != "true"'

      when: never

    # Only on integration branch(es)

    - if: '$CI_COMMIT_REF_NAME =~ $INTEG_REF'

helm-values-lint-integration:

  extends: .helm-values-lint

  variables:

      when: never

    - !reference [.test-policy, rules]

# show diff for integration env

helm-diff-integration:

  extends: .helm-diff

  variables:

    ENV_TYPE: integration

    ENV_APP_NAME: "$HELM_INTEG_APP_NAME"

    ENV_URL: "${HELM_INTEG_ENVIRONMENT_URL}"

    ENV_KUBE_CONFIG: "$HELM_INTEG_KUBE_CONFIG"

    ENV_NAMESPACE: "$HELM_INTEG_NAMESPACE"

    ENV_VALUES: "$HELM_INTEG_VALUES"

  rules:

    - if: '$HELM_DIFF_DISABLED == "true"'

      when: never

    # exclude on $HELM_INTEG_ENABLED not set

    - if: '$HELM_INTEG_ENABLED != "true"'

      when: never

    # only on integration branch(es)

    - if: '$CI_COMMIT_REF_NAME =~ $INTEG_REF'

# deploy to integration env (only for integration branches)

# disabled by default, enable this job by setting $HELM_INTEG_ENABLED

helm-integration:

    ENV_NAMESPACE: "$HELM_INTEG_NAMESPACE"

    ENV_VALUES: "$HELM_INTEG_VALUES"

  environment:

    name: integration

    on_stop: helm-cleanup-integration

    auto_stop_in: "$HELM_INTEG_AUTOSTOP_DURATION"

  resource_group: integration

  rules:

    # exclude on $HELM_INTEG_ENABLED not set

    - if: '$HELM_INTEG_ENABLED != "true"'

    ENV_APP_NAME: "$HELM_INTEG_APP_NAME"

    ENV_KUBE_CONFIG: "$HELM_INTEG_KUBE_CONFIG"

    ENV_NAMESPACE: "$HELM_INTEG_NAMESPACE"

  environment:

    name: integration

    action: stop

  resource_group: integration

  rules:

    # exclude on $HELM_INTEG_ENABLED not set

    - if: '$HELM_INTEG_ENABLED != "true"'

  extends: .helm-test

  variables:

    ENV_TYPE: integration

    ENV_APP_NAME: "$HELM_INTEG_APP_NAME"

    ENV_KUBE_CONFIG: "$HELM_INTEG_KUBE_CONFIG"

    ENV_NAMESPACE: "$HELM_INTEG_NAMESPACE"

    ENV_VALUES: "$HELM_INTEG_VALUES"

# ==================================================

# Env: staging

# ==================================================

# show diff for staging env

helm-diff-staging:

  extends: .helm-diff

  variables:

    ENV_TYPE: staging

    ENV_APP_NAME: "$HELM_STAGING_APP_NAME"

    ENV_URL: "${HELM_STAGING_ENVIRONMENT_URL}"

    ENV_KUBE_CONFIG: "$HELM_STAGING_KUBE_CONFIG"

    ENV_NAMESPACE: "$HELM_STAGING_NAMESPACE"

    ENV_VALUES: "$HELM_STAGING_VALUES"

  environment:

    name: staging

  resource_group: staging

  rules:

    # Exclude if HELM_DIFF_DISABLED is true or HELM_STAGING_ENABLED is not true

    - if: '$HELM_DIFF_DISABLED == "true" || $HELM_STAGING_ENABLED != "true"'

      when: never

    # Only on production branch(es)

    - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF'

helm-values-lint-staging:

  extends: .helm-values-lint

  variables:

      when: never

    - !reference [.test-policy, rules]

# show diff for staging env

helm-diff-staging:

  extends: .helm-diff

  variables:

    ENV_TYPE: staging

    ENV_APP_NAME: "$HELM_STAGING_APP_NAME"

    ENV_URL: "${HELM_STAGING_ENVIRONMENT_URL}"

    ENV_KUBE_CONFIG: "$HELM_STAGING_KUBE_CONFIG"

    ENV_NAMESPACE: "$HELM_STAGING_NAMESPACE"

    ENV_VALUES: "$HELM_STAGING_VALUES"

  rules:

    - if: '$HELM_DIFF_DISABLED == "true"'

      when: never

    # exclude on $HELM_STAGING_ENABLED not set

    - if: '$HELM_STAGING_ENABLED != "true"'

      when: never

    # only on production branch(es)

    - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF'

helm-staging:

  extends: .helm-deploy

  variables:

    ENV_NAMESPACE: "$HELM_STAGING_NAMESPACE"

    ENV_VALUES: "$HELM_STAGING_VALUES"

  environment:

    name: staging

    on_stop: helm-cleanup-staging

    auto_stop_in: "$HELM_STAGING_AUTOSTOP_DURATION"

  resource_group: staging

  rules:

    # exclude on $HELM_STAGING_ENABLED not set

    - if: '$HELM_STAGING_ENABLED != "true"'

    ENV_APP_NAME: "$HELM_STAGING_APP_NAME"

    ENV_KUBE_CONFIG: "$HELM_STAGING_KUBE_CONFIG"

    ENV_NAMESPACE: "$HELM_STAGING_NAMESPACE"

  environment:

    name: staging

    action: stop

  resource_group: staging

  rules:

    # exclude on $HELM_STAGING_ENABLED not set

    - if: '$HELM_STAGING_ENABLED != "true"'

  extends: .helm-test

  variables:

    ENV_TYPE: staging

    ENV_APP_NAME: "$HELM_STAGING_APP_NAME"

    ENV_KUBE_CONFIG: "$HELM_STAGING_KUBE_CONFIG"

    ENV_NAMESPACE: "$HELM_STAGING_NAMESPACE"

    ENV_VALUES: "$HELM_STAGING_VALUES"

# ==================================================

# Env: production

# ==================================================

# show diff for production env

helm-diff-production:

  extends: .helm-diff

  variables:

    ENV_TYPE: production

    ENV_APP_NAME: "$HELM_PROD_APP_NAME"

    ENV_APP_SUFFIX: ""

    ENV_URL: "${HELM_PROD_ENVIRONMENT_URL}"

    ENV_KUBE_CONFIG: "$HELM_PROD_KUBE_CONFIG"

    ENV_NAMESPACE: "$HELM_PROD_NAMESPACE"

    ENV_VALUES: "$HELM_PROD_VALUES"

  environment:

    name: production

  resource_group: production

  rules:

    # Exclude non-production branches

    - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF'

      when: never

    # Exclude if $HELM_DIFF_DISABLED is true or $HELM_PROD_ENABLED is not true

    - if: '$HELM_DIFF_DISABLED == "true" || $HELM_PROD_ENABLED != "true"'

      when: never

helm-values-lint-production:

  extends: .helm-values-lint

  variables:

      when: never

    - !reference [.test-policy, rules]

# show diff for production env

helm-diff-production:

  extends: .helm-diff

  variables:

    ENV_TYPE: production

    ENV_APP_NAME: "$HELM_PROD_APP_NAME"

    ENV_APP_SUFFIX: ""

    ENV_URL: "${HELM_PROD_ENVIRONMENT_URL}"

    ENV_KUBE_CONFIG: "$HELM_PROD_KUBE_CONFIG"

    ENV_NAMESPACE: "$HELM_PROD_NAMESPACE"

    ENV_VALUES: "$HELM_PROD_VALUES"

  rules:

    - if: '$HELM_DIFF_DISABLED == "true"'

      when: never

    # exclude on $HELM_PROD_ENABLED not set

    - if: '$HELM_PROD_ENABLED != "true"'

      when: never

    # only on production branch(es)

    - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF'

helm-production:

  extends: .helm-deploy

  stage: production

    ENV_KUBE_CONFIG: "$HELM_PROD_KUBE_CONFIG"

    ENV_NAMESPACE: "$HELM_PROD_NAMESPACE"

    ENV_VALUES: "$HELM_PROD_VALUES"

  environment:

    name: production

  resource_group: production

  rules:

    # exclude non-production branches

    - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF'