Loading templates/gitlab-ci-helm-gcp.yml +0 −1 Original line number Diff line number Diff line Loading @@ -105,7 +105,6 @@ variables: aud: "$GCP_OIDC_AUD" .helm-publish: extends: .helm-base services: - name: "$TBC_TRACKING_IMAGE" command: ["--service", "docker", "9.0.2"] Loading templates/gitlab-ci-helm.yml +224 −216 Original line number Diff line number Diff line Loading @@ -1059,7 +1059,7 @@ stages: # ENDSCRIPT # job prototype # base job prototype # defines default Docker image, tracking probe, cache policy and tags .helm-base: image: Loading @@ -1080,207 +1080,18 @@ stages: - .cache - .config # Value Lint job prototype # Can be extended for each concrete environment # # @arg ENV_TYPE : environment type # @arg ENV_VALUES : env-specific Helm values .helm-values-lint: extends: .helm-base image: name: $HELM_YAMLLINT_IMAGE entrypoint: [""] stage: test script: - TBC_ENVSUBST_ENCODING=jsonstr tbc_envsubst "$ENV_VALUES" > generated-values.yml - yamllint -d "$HELM_YAMLLINT_CONFIG" $HELM_YAMLLINT_ARGS generated-values.yml helm-values-lint-review: extends: .helm-values-lint variables: ENV_TYPE: review ENV_VALUES: "$HELM_REVIEW_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_YAMLLINT_DISABLED is set - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never # exclude if $HELM_REVIEW_VALUES unset - if: '$HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == ""' when: never # exclude on integration or prod branch - if: '$CI_COMMIT_REF_NAME =~ $INTEG_REF || $CI_COMMIT_REF_NAME =~ $PROD_REF' when: never - !reference [.test-policy, rules] helm-values-lint-integration: extends: .helm-values-lint variables: ENV_TYPE: integration ENV_VALUES: "$HELM_INTEG_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_YAMLLINT_DISABLED is set - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never # exclude if $HELM_INTEG_VALUES unset - if: '$HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == ""' when: never # exclude on prod branch - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF' when: never - !reference [.test-policy, rules] helm-values-lint-staging: extends: .helm-values-lint variables: ENV_TYPE: staging ENV_VALUES: "$HELM_STAGING_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_YAMLLINT_DISABLED is set - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never # exclude if $HELM_STAGING_VALUES unset - if: '$HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == ""' when: never - !reference [.test-policy, rules] helm-values-lint-production: extends: .helm-values-lint variables: ENV_TYPE: production ENV_VALUES: "$HELM_PROD_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_YAMLLINT_DISABLED is set - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never # exclude if $HELM_PROD_VALUES unset - if: '$HELM_PROD_VALUES == null || $HELM_PROD_VALUES == ""' when: never - !reference [.test-policy, rules] # Helm Score job prototype # Can be extended for each concrete environment # # @arg ENV_TYPE : environment type # @arg ENV_VALUES : env-specific Helm values .helm-score: extends: .helm-base image: name: $HELM_KUBE_SCORE_IMAGE entrypoint: [""] stage: package-test before_script: - !reference [.helm-scripts] - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}" - | if [ -f "$HELM_CHART_DIR/Chart.yaml" ] then helm $HELM_DEPENDENCY_ARGS $HELM_CHART_DIR helm_package=$HELM_CHART_DIR elif [ ! -z "${HELM_DEPLOY_CHART}" ] then add_helm_repositories helm_package=$HELM_DEPLOY_CHART else log_error "You need at least one Chart.yaml or external deploy chart reference" exit 1 fi script: - TBC_ENVSUBST_ENCODING=jsonstr tbc_envsubst "${HELM_COMMON_VALUES:-/dev/null}" > generated-values-common.yml - TBC_ENVSUBST_ENCODING=jsonstr tbc_envsubst "$ENV_VALUES" > generated-values-env.yml - helm template $helm_package ${HELM_K8S_VERSION:+--kube-version "$HELM_K8S_VERSION"} --values generated-values-common.yml --values generated-values-env.yml | kube-score score ${HELM_K8S_VERSION:+--kubernetes-version "$HELM_K8S_VERSION"} ${HELM_KUBE_SCORE_ARGS} - helm-score-review: extends: .helm-score variables: ENV_TYPE: review ENV_VALUES: "$HELM_REVIEW_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # exclude if $HELM_REVIEW_VALUES unset - if: '$HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == ""' when: never # exclude on integration or prod branch - if: '$CI_COMMIT_REF_NAME =~ $INTEG_REF || $CI_COMMIT_REF_NAME =~ $PROD_REF' when: never - !reference [.test-policy, rules] helm-score-integration: extends: .helm-score variables: ENV_TYPE: integration ENV_VALUES: "$HELM_INTEG_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # exclude if $HELM_INTEG_VALUES unset - if: '$HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == ""' when: never # exclude on prod branch - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF' when: never - !reference [.test-policy, rules] helm-score-staging: extends: .helm-score variables: ENV_TYPE: staging ENV_VALUES: "$HELM_STAGING_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # exclude if $HELM_STAGING_VALUES unset - if: '$HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == ""' when: never - !reference [.test-policy, rules] helm-score-production: extends: .helm-score variables: ENV_TYPE: production ENV_VALUES: "$HELM_PROD_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # exclude if $HELM_PROD_VALUES unset - if: '$HELM_PROD_VALUES == null || $HELM_PROD_VALUES == ""' when: never - !reference [.test-policy, rules] # ================================================== # Stage: check # Helm Chart build jobs # -------------------------------------------------- # Jobs related to building/publishing Helm Charts # ================================================== # base job for Helm Chart build .helm-build-base: extends: .helm-base # lint-job is used to check the syntax of the Helm Chart for best practices. helm-lint: extends: .helm-base extends: .helm-build-base stage: test before_script: - !reference [.helm-scripts] Loading @@ -1297,16 +1108,11 @@ helm-lint: # workaround https://gitlab.com/gitlab-org/gitlab/-/issues/451764 - "Chart.yaml" # ================================================== # Stage: For helm-package and helm-publish, we need a hidden job that could be override by authentication variant. # ================================================== # base job for Helm Chart publishing .helm-publish: extends: .helm-base extends: .helm-build-base # ================================================== # Stage: package-build # ================================================== # Helm Chart packaging helm-package: extends: .helm-publish stage: package-build Loading @@ -1329,9 +1135,7 @@ helm-package: reports: dotenv: helm-package.env # ================================================== # Stage: publish # ================================================== # Helm Chart publish helm-publish: extends: .helm-publish stage: publish Loading Loading @@ -1369,6 +1173,62 @@ helm-publish: # workaround https://gitlab.com/gitlab-org/gitlab/-/issues/451764 - "Chart.yaml" # ================================================== # Helm Chart deployment jobs # -------------------------------------------------- # Jobs related to Helm Charts deployments # ================================================== # base job for Helm Chart deployments .helm-deploy-base: extends: .helm-base # Value Lint job prototype # Can be extended for each concrete environment # # @arg ENV_TYPE : environment type # @arg ENV_VALUES : env-specific Helm values .helm-values-lint: extends: .helm-deploy-base image: name: $HELM_YAMLLINT_IMAGE entrypoint: [""] stage: test script: - TBC_ENVSUBST_ENCODING=jsonstr tbc_envsubst "$ENV_VALUES" > generated-values.yml - yamllint -d "$HELM_YAMLLINT_CONFIG" $HELM_YAMLLINT_ARGS generated-values.yml # Helm Score job prototype # Can be extended for each concrete environment # # @arg ENV_TYPE : environment type # @arg ENV_VALUES : env-specific Helm values .helm-score: extends: .helm-deploy-base image: name: $HELM_KUBE_SCORE_IMAGE entrypoint: [""] stage: package-test before_script: - !reference [.helm-scripts] - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}" - | if [ -f "$HELM_CHART_DIR/Chart.yaml" ] then helm $HELM_DEPENDENCY_ARGS $HELM_CHART_DIR helm_package=$HELM_CHART_DIR elif [ ! -z "${HELM_DEPLOY_CHART}" ] then add_helm_repositories helm_package=$HELM_DEPLOY_CHART else log_error "You need at least one Chart.yaml or external deploy chart reference" exit 1 fi script: - TBC_ENVSUBST_ENCODING=jsonstr tbc_envsubst "${HELM_COMMON_VALUES:-/dev/null}" > generated-values-common.yml - TBC_ENVSUBST_ENCODING=jsonstr tbc_envsubst "$ENV_VALUES" > generated-values-env.yml - helm template $helm_package ${HELM_K8S_VERSION:+--kube-version "$HELM_K8S_VERSION"} --values generated-values-common.yml --values generated-values-env.yml | kube-score score ${HELM_K8S_VERSION:+--kubernetes-version "$HELM_K8S_VERSION"} ${HELM_KUBE_SCORE_ARGS} - # Deploy job prototype # Can be extended to define a concrete environment # Loading @@ -1380,7 +1240,7 @@ helm-publish: # @arg ENV_NAMESPACE : env-specific Kubernetes namespace # @arg ENV_VALUES : env-specific Helm values .helm-deploy: extends: .helm-base extends: .helm-deploy-base stage: deploy variables: ENV_APP_SUFFIX: "-$CI_ENVIRONMENT_SLUG" Loading Loading @@ -1410,7 +1270,7 @@ helm-publish: # @arg ENV_KUBE_CONFIG: env-specific Kubeconfig # @arg ENV_NAMESPACE : env-specific Kubernetes namespace .helm-cleanup: extends: .helm-base extends: .helm-deploy-base stage: deploy # force no dependencies dependencies: [] Loading @@ -1433,7 +1293,7 @@ helm-publish: # @arg ENV_KUBE_CONFIG: env-specific Kubeconfig # @arg ENV_NAMESPACE : env-specific Kubernetes namespace .helm-test: extends: .helm-base extends: .helm-deploy-base stage: acceptance before_script: - !reference [.helm-scripts] Loading @@ -1443,8 +1303,48 @@ helm-publish: - helm_test # ================================================== # Stage: review # Env: review # ================================================== helm-values-lint-review: extends: .helm-values-lint variables: ENV_TYPE: review ENV_VALUES: "$HELM_REVIEW_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_YAMLLINT_DISABLED is set - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never # exclude if $HELM_REVIEW_VALUES unset - if: '$HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == ""' when: never # exclude on integration or prod branch - if: '$CI_COMMIT_REF_NAME =~ $INTEG_REF || $CI_COMMIT_REF_NAME =~ $PROD_REF' when: never - !reference [.test-policy, rules] helm-score-review: extends: .helm-score variables: ENV_TYPE: review ENV_VALUES: "$HELM_REVIEW_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # exclude if $HELM_REVIEW_VALUES unset - if: '$HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == ""' when: never # exclude on integration or prod branch - if: '$CI_COMMIT_REF_NAME =~ $INTEG_REF || $CI_COMMIT_REF_NAME =~ $PROD_REF' when: never - !reference [.test-policy, rules] # deploy to review env (only for feature branches) # disabled by default, enable this job by setting $HELM_REVIEW_ENABLED helm-review: Loading Loading @@ -1511,8 +1411,48 @@ helm-test-review: - !reference [.test-policy, rules] # ================================================== # Stage: integration # Env: integration # ================================================== helm-values-lint-integration: extends: .helm-values-lint variables: ENV_TYPE: integration ENV_VALUES: "$HELM_INTEG_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_YAMLLINT_DISABLED is set - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never # exclude if $HELM_INTEG_VALUES unset - if: '$HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == ""' when: never # exclude on prod branch - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF' when: never - !reference [.test-policy, rules] helm-score-integration: extends: .helm-score variables: ENV_TYPE: integration ENV_VALUES: "$HELM_INTEG_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # exclude if $HELM_INTEG_VALUES unset - if: '$HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == ""' when: never # exclude on prod branch - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF' when: never - !reference [.test-policy, rules] # deploy to integration env (only for integration branches) # disabled by default, enable this job by setting $HELM_INTEG_ENABLED helm-integration: Loading Loading @@ -1580,8 +1520,42 @@ helm-test-integration: - !reference [.test-policy, rules] # ================================================== # Stage: staging # Env: staging # ================================================== helm-values-lint-staging: extends: .helm-values-lint variables: ENV_TYPE: staging ENV_VALUES: "$HELM_STAGING_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_YAMLLINT_DISABLED is set - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never # exclude if $HELM_STAGING_VALUES unset - if: '$HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == ""' when: never - !reference [.test-policy, rules] helm-score-staging: extends: .helm-score variables: ENV_TYPE: staging ENV_VALUES: "$HELM_STAGING_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # exclude if $HELM_STAGING_VALUES unset - if: '$HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == ""' when: never - !reference [.test-policy, rules] helm-staging: extends: .helm-deploy variables: Loading Loading @@ -1645,8 +1619,42 @@ helm-test-staging: - !reference [.test-policy, rules] # ================================================== # Stage: production # Env: production # ================================================== helm-values-lint-production: extends: .helm-values-lint variables: ENV_TYPE: production ENV_VALUES: "$HELM_PROD_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_YAMLLINT_DISABLED is set - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never # exclude if $HELM_PROD_VALUES unset - if: '$HELM_PROD_VALUES == null || $HELM_PROD_VALUES == ""' when: never - !reference [.test-policy, rules] helm-score-production: extends: .helm-score variables: ENV_TYPE: production ENV_VALUES: "$HELM_PROD_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # exclude if $HELM_PROD_VALUES unset - if: '$HELM_PROD_VALUES == null || $HELM_PROD_VALUES == ""' when: never - !reference [.test-policy, rules] helm-production: extends: .helm-deploy stage: production Loading Loading
templates/gitlab-ci-helm-gcp.yml +0 −1 Original line number Diff line number Diff line Loading @@ -105,7 +105,6 @@ variables: aud: "$GCP_OIDC_AUD" .helm-publish: extends: .helm-base services: - name: "$TBC_TRACKING_IMAGE" command: ["--service", "docker", "9.0.2"] Loading
templates/gitlab-ci-helm.yml +224 −216 Original line number Diff line number Diff line Loading @@ -1059,7 +1059,7 @@ stages: # ENDSCRIPT # job prototype # base job prototype # defines default Docker image, tracking probe, cache policy and tags .helm-base: image: Loading @@ -1080,207 +1080,18 @@ stages: - .cache - .config # Value Lint job prototype # Can be extended for each concrete environment # # @arg ENV_TYPE : environment type # @arg ENV_VALUES : env-specific Helm values .helm-values-lint: extends: .helm-base image: name: $HELM_YAMLLINT_IMAGE entrypoint: [""] stage: test script: - TBC_ENVSUBST_ENCODING=jsonstr tbc_envsubst "$ENV_VALUES" > generated-values.yml - yamllint -d "$HELM_YAMLLINT_CONFIG" $HELM_YAMLLINT_ARGS generated-values.yml helm-values-lint-review: extends: .helm-values-lint variables: ENV_TYPE: review ENV_VALUES: "$HELM_REVIEW_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_YAMLLINT_DISABLED is set - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never # exclude if $HELM_REVIEW_VALUES unset - if: '$HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == ""' when: never # exclude on integration or prod branch - if: '$CI_COMMIT_REF_NAME =~ $INTEG_REF || $CI_COMMIT_REF_NAME =~ $PROD_REF' when: never - !reference [.test-policy, rules] helm-values-lint-integration: extends: .helm-values-lint variables: ENV_TYPE: integration ENV_VALUES: "$HELM_INTEG_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_YAMLLINT_DISABLED is set - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never # exclude if $HELM_INTEG_VALUES unset - if: '$HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == ""' when: never # exclude on prod branch - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF' when: never - !reference [.test-policy, rules] helm-values-lint-staging: extends: .helm-values-lint variables: ENV_TYPE: staging ENV_VALUES: "$HELM_STAGING_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_YAMLLINT_DISABLED is set - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never # exclude if $HELM_STAGING_VALUES unset - if: '$HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == ""' when: never - !reference [.test-policy, rules] helm-values-lint-production: extends: .helm-values-lint variables: ENV_TYPE: production ENV_VALUES: "$HELM_PROD_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_YAMLLINT_DISABLED is set - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never # exclude if $HELM_PROD_VALUES unset - if: '$HELM_PROD_VALUES == null || $HELM_PROD_VALUES == ""' when: never - !reference [.test-policy, rules] # Helm Score job prototype # Can be extended for each concrete environment # # @arg ENV_TYPE : environment type # @arg ENV_VALUES : env-specific Helm values .helm-score: extends: .helm-base image: name: $HELM_KUBE_SCORE_IMAGE entrypoint: [""] stage: package-test before_script: - !reference [.helm-scripts] - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}" - | if [ -f "$HELM_CHART_DIR/Chart.yaml" ] then helm $HELM_DEPENDENCY_ARGS $HELM_CHART_DIR helm_package=$HELM_CHART_DIR elif [ ! -z "${HELM_DEPLOY_CHART}" ] then add_helm_repositories helm_package=$HELM_DEPLOY_CHART else log_error "You need at least one Chart.yaml or external deploy chart reference" exit 1 fi script: - TBC_ENVSUBST_ENCODING=jsonstr tbc_envsubst "${HELM_COMMON_VALUES:-/dev/null}" > generated-values-common.yml - TBC_ENVSUBST_ENCODING=jsonstr tbc_envsubst "$ENV_VALUES" > generated-values-env.yml - helm template $helm_package ${HELM_K8S_VERSION:+--kube-version "$HELM_K8S_VERSION"} --values generated-values-common.yml --values generated-values-env.yml | kube-score score ${HELM_K8S_VERSION:+--kubernetes-version "$HELM_K8S_VERSION"} ${HELM_KUBE_SCORE_ARGS} - helm-score-review: extends: .helm-score variables: ENV_TYPE: review ENV_VALUES: "$HELM_REVIEW_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # exclude if $HELM_REVIEW_VALUES unset - if: '$HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == ""' when: never # exclude on integration or prod branch - if: '$CI_COMMIT_REF_NAME =~ $INTEG_REF || $CI_COMMIT_REF_NAME =~ $PROD_REF' when: never - !reference [.test-policy, rules] helm-score-integration: extends: .helm-score variables: ENV_TYPE: integration ENV_VALUES: "$HELM_INTEG_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # exclude if $HELM_INTEG_VALUES unset - if: '$HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == ""' when: never # exclude on prod branch - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF' when: never - !reference [.test-policy, rules] helm-score-staging: extends: .helm-score variables: ENV_TYPE: staging ENV_VALUES: "$HELM_STAGING_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # exclude if $HELM_STAGING_VALUES unset - if: '$HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == ""' when: never - !reference [.test-policy, rules] helm-score-production: extends: .helm-score variables: ENV_TYPE: production ENV_VALUES: "$HELM_PROD_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # exclude if $HELM_PROD_VALUES unset - if: '$HELM_PROD_VALUES == null || $HELM_PROD_VALUES == ""' when: never - !reference [.test-policy, rules] # ================================================== # Stage: check # Helm Chart build jobs # -------------------------------------------------- # Jobs related to building/publishing Helm Charts # ================================================== # base job for Helm Chart build .helm-build-base: extends: .helm-base # lint-job is used to check the syntax of the Helm Chart for best practices. helm-lint: extends: .helm-base extends: .helm-build-base stage: test before_script: - !reference [.helm-scripts] Loading @@ -1297,16 +1108,11 @@ helm-lint: # workaround https://gitlab.com/gitlab-org/gitlab/-/issues/451764 - "Chart.yaml" # ================================================== # Stage: For helm-package and helm-publish, we need a hidden job that could be override by authentication variant. # ================================================== # base job for Helm Chart publishing .helm-publish: extends: .helm-base extends: .helm-build-base # ================================================== # Stage: package-build # ================================================== # Helm Chart packaging helm-package: extends: .helm-publish stage: package-build Loading @@ -1329,9 +1135,7 @@ helm-package: reports: dotenv: helm-package.env # ================================================== # Stage: publish # ================================================== # Helm Chart publish helm-publish: extends: .helm-publish stage: publish Loading Loading @@ -1369,6 +1173,62 @@ helm-publish: # workaround https://gitlab.com/gitlab-org/gitlab/-/issues/451764 - "Chart.yaml" # ================================================== # Helm Chart deployment jobs # -------------------------------------------------- # Jobs related to Helm Charts deployments # ================================================== # base job for Helm Chart deployments .helm-deploy-base: extends: .helm-base # Value Lint job prototype # Can be extended for each concrete environment # # @arg ENV_TYPE : environment type # @arg ENV_VALUES : env-specific Helm values .helm-values-lint: extends: .helm-deploy-base image: name: $HELM_YAMLLINT_IMAGE entrypoint: [""] stage: test script: - TBC_ENVSUBST_ENCODING=jsonstr tbc_envsubst "$ENV_VALUES" > generated-values.yml - yamllint -d "$HELM_YAMLLINT_CONFIG" $HELM_YAMLLINT_ARGS generated-values.yml # Helm Score job prototype # Can be extended for each concrete environment # # @arg ENV_TYPE : environment type # @arg ENV_VALUES : env-specific Helm values .helm-score: extends: .helm-deploy-base image: name: $HELM_KUBE_SCORE_IMAGE entrypoint: [""] stage: package-test before_script: - !reference [.helm-scripts] - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}" - | if [ -f "$HELM_CHART_DIR/Chart.yaml" ] then helm $HELM_DEPENDENCY_ARGS $HELM_CHART_DIR helm_package=$HELM_CHART_DIR elif [ ! -z "${HELM_DEPLOY_CHART}" ] then add_helm_repositories helm_package=$HELM_DEPLOY_CHART else log_error "You need at least one Chart.yaml or external deploy chart reference" exit 1 fi script: - TBC_ENVSUBST_ENCODING=jsonstr tbc_envsubst "${HELM_COMMON_VALUES:-/dev/null}" > generated-values-common.yml - TBC_ENVSUBST_ENCODING=jsonstr tbc_envsubst "$ENV_VALUES" > generated-values-env.yml - helm template $helm_package ${HELM_K8S_VERSION:+--kube-version "$HELM_K8S_VERSION"} --values generated-values-common.yml --values generated-values-env.yml | kube-score score ${HELM_K8S_VERSION:+--kubernetes-version "$HELM_K8S_VERSION"} ${HELM_KUBE_SCORE_ARGS} - # Deploy job prototype # Can be extended to define a concrete environment # Loading @@ -1380,7 +1240,7 @@ helm-publish: # @arg ENV_NAMESPACE : env-specific Kubernetes namespace # @arg ENV_VALUES : env-specific Helm values .helm-deploy: extends: .helm-base extends: .helm-deploy-base stage: deploy variables: ENV_APP_SUFFIX: "-$CI_ENVIRONMENT_SLUG" Loading Loading @@ -1410,7 +1270,7 @@ helm-publish: # @arg ENV_KUBE_CONFIG: env-specific Kubeconfig # @arg ENV_NAMESPACE : env-specific Kubernetes namespace .helm-cleanup: extends: .helm-base extends: .helm-deploy-base stage: deploy # force no dependencies dependencies: [] Loading @@ -1433,7 +1293,7 @@ helm-publish: # @arg ENV_KUBE_CONFIG: env-specific Kubeconfig # @arg ENV_NAMESPACE : env-specific Kubernetes namespace .helm-test: extends: .helm-base extends: .helm-deploy-base stage: acceptance before_script: - !reference [.helm-scripts] Loading @@ -1443,8 +1303,48 @@ helm-publish: - helm_test # ================================================== # Stage: review # Env: review # ================================================== helm-values-lint-review: extends: .helm-values-lint variables: ENV_TYPE: review ENV_VALUES: "$HELM_REVIEW_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_YAMLLINT_DISABLED is set - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never # exclude if $HELM_REVIEW_VALUES unset - if: '$HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == ""' when: never # exclude on integration or prod branch - if: '$CI_COMMIT_REF_NAME =~ $INTEG_REF || $CI_COMMIT_REF_NAME =~ $PROD_REF' when: never - !reference [.test-policy, rules] helm-score-review: extends: .helm-score variables: ENV_TYPE: review ENV_VALUES: "$HELM_REVIEW_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # exclude if $HELM_REVIEW_VALUES unset - if: '$HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == ""' when: never # exclude on integration or prod branch - if: '$CI_COMMIT_REF_NAME =~ $INTEG_REF || $CI_COMMIT_REF_NAME =~ $PROD_REF' when: never - !reference [.test-policy, rules] # deploy to review env (only for feature branches) # disabled by default, enable this job by setting $HELM_REVIEW_ENABLED helm-review: Loading Loading @@ -1511,8 +1411,48 @@ helm-test-review: - !reference [.test-policy, rules] # ================================================== # Stage: integration # Env: integration # ================================================== helm-values-lint-integration: extends: .helm-values-lint variables: ENV_TYPE: integration ENV_VALUES: "$HELM_INTEG_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_YAMLLINT_DISABLED is set - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never # exclude if $HELM_INTEG_VALUES unset - if: '$HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == ""' when: never # exclude on prod branch - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF' when: never - !reference [.test-policy, rules] helm-score-integration: extends: .helm-score variables: ENV_TYPE: integration ENV_VALUES: "$HELM_INTEG_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # exclude if $HELM_INTEG_VALUES unset - if: '$HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == ""' when: never # exclude on prod branch - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF' when: never - !reference [.test-policy, rules] # deploy to integration env (only for integration branches) # disabled by default, enable this job by setting $HELM_INTEG_ENABLED helm-integration: Loading Loading @@ -1580,8 +1520,42 @@ helm-test-integration: - !reference [.test-policy, rules] # ================================================== # Stage: staging # Env: staging # ================================================== helm-values-lint-staging: extends: .helm-values-lint variables: ENV_TYPE: staging ENV_VALUES: "$HELM_STAGING_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_YAMLLINT_DISABLED is set - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never # exclude if $HELM_STAGING_VALUES unset - if: '$HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == ""' when: never - !reference [.test-policy, rules] helm-score-staging: extends: .helm-score variables: ENV_TYPE: staging ENV_VALUES: "$HELM_STAGING_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # exclude if $HELM_STAGING_VALUES unset - if: '$HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == ""' when: never - !reference [.test-policy, rules] helm-staging: extends: .helm-deploy variables: Loading Loading @@ -1645,8 +1619,42 @@ helm-test-staging: - !reference [.test-policy, rules] # ================================================== # Stage: production # Env: production # ================================================== helm-values-lint-production: extends: .helm-values-lint variables: ENV_TYPE: production ENV_VALUES: "$HELM_PROD_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_YAMLLINT_DISABLED is set - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never # exclude if $HELM_PROD_VALUES unset - if: '$HELM_PROD_VALUES == null || $HELM_PROD_VALUES == ""' when: never - !reference [.test-policy, rules] helm-score-production: extends: .helm-score variables: ENV_TYPE: production ENV_VALUES: "$HELM_PROD_VALUES" rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # exclude if $HELM_PROD_VALUES unset - if: '$HELM_PROD_VALUES == null || $HELM_PROD_VALUES == ""' when: never - !reference [.test-policy, rules] helm-production: extends: .helm-deploy stage: production Loading
