Loading templates/gitlab-ci-helm.yml +83 −135 Original line number Diff line number Diff line Loading @@ -706,14 +706,54 @@ stages: - .cache - .config .helm-values-lint: helm-values-lint: extends: .helm-base image: name: $HELM_YAMLLINT_IMAGE entrypoint: [""] stage: test parallel: matrix: - VAR_PREFIX: COMMON - VAR_PREFIX: REVIEW - VAR_PREFIX: INTEG - VAR_PREFIX: STAGING - VAR_PREFIX: PROD script: - values_file=$(eval echo "\$HELM_${VAR_PREFIX}_VALUES") - awkenvsubst < "$values_file" > generated-values.yml - yamllint -d "$HELM_YAMLLINT_CONFIG" $HELM_YAMLLINT_ARGS generated-values.yml rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_YAMLLINT_DISABLED is set - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never # exclude common if $HELM_COMMON_VALUES unset - if: '$VAR_PREFIX == "COMMON" && ($HELM_COMMON_VALUES == null || $HELM_COMMON_VALUES == "")' when: never # exclude review if $HELM_REVIEW_VALUES unset - if: '$VAR_PREFIX == "REVIEW" && ($HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == "")' when: never # exclude review on integration or prod branch - if: '$VAR_PREFIX == "REVIEW" && ($CI_COMMIT_REF_NAME =~ $INTEG_REF || $CI_COMMIT_REF_NAME =~ $PROD_REF)' when: never # exclude integration if $HELM_INTEG_VALUES unset - if: '$VAR_PREFIX == "INTEG" && ($HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == "")' when: never # exclude integration on prod branch - if: '$VAR_PREFIX == "INTEG" && $CI_COMMIT_REF_NAME =~ $PROD_REF' when: never # exclude staging if $HELM_STAGING_VALUES unset - if: '$VAR_PREFIX == "STAGING" && ($HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == "")' when: never # exclude production if $HELM_PROD_VALUES unset - if: '$VAR_PREFIX == "PROD" && ($HELM_PROD_VALUES == null || $HELM_PROD_VALUES == "")' when: never - !reference [.test-policy, rules] .helm-score: helm-score: extends: .helm-base image: name: $HELM_KUBE_SCORE_IMAGE Loading @@ -735,6 +775,47 @@ stages: log_error "You need at least one Chart.yaml or external deploy chart reference" exit 1 fi parallel: matrix: - ENV_TYPE: review VAR_PREFIX: REVIEW - ENV_TYPE: integration VAR_PREFIX: INTEG - ENV_TYPE: staging VAR_PREFIX: STAGING - ENV_TYPE: production VAR_PREFIX: PROD script: - awkenvsubst < "${HELM_COMMON_VALUES:-/dev/null}" > generated-values-common.yml - env_values=$(eval echo "\$HELM_${VAR_PREFIX}_VALUES") - awkenvsubst < "$env_values" > generated-values-env.yml - helm template $helm_package --values generated-values-common.yml --values generated-values-env.yml | kube-score score ${HELM_KUBE_SCORE_ARGS} - rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # exclude review if $HELM_REVIEW_VALUES unset - if: '$ENV_TYPE == "review" && ($HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == "")' when: never # exclude review on integration or prod branch - if: '$ENV_TYPE == "review" && ($CI_COMMIT_REF_NAME =~ $INTEG_REF || $CI_COMMIT_REF_NAME =~ $PROD_REF)' when: never # exclude integration if $HELM_INTEG_VALUES unset - if: '$ENV_TYPE == "integration" && ($HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == "")' when: never # exclude integration on prod branch - if: '$ENV_TYPE == "integration" && $CI_COMMIT_REF_NAME =~ $PROD_REF' when: never # exclude staging if $HELM_STAGING_VALUES unset - if: '$ENV_TYPE == "staging" && ($HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == "")' when: never # exclude production if $HELM_PROD_VALUES unset - if: '$ENV_TYPE == "production" && ($HELM_PROD_VALUES == null || $HELM_PROD_VALUES == "")' when: never - !reference [.test-policy, rules] # ================================================== # Stage: check Loading @@ -756,139 +837,6 @@ helm-lint: - exists: - "**/Chart.yaml" # yamllint-job is used to check the syntax of the values files. helm-values-common-lint: extends: .helm-values-lint script: - awkenvsubst < "$HELM_COMMON_VALUES" > generated-values-common.yml - yamllint -d "$HELM_YAMLLINT_CONFIG" $HELM_YAMLLINT_ARGS generated-values-common.yml rules: - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never - if: '$HELM_COMMON_VALUES == null || $HELM_COMMON_VALUES == ""' when: never - !reference [.test-policy, rules] helm-values-review-lint: extends: .helm-values-lint script: - awkenvsubst < "$HELM_REVIEW_VALUES" > generated-values-review.yml - yamllint -d "$HELM_YAMLLINT_CONFIG" $HELM_YAMLLINT_ARGS generated-values-review.yml rules: - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never - if: '$HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == ""' when: never # only on non-production, non-integration branches - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF' when: never - !reference [.test-policy, rules] helm-values-integration-lint: extends: .helm-values-lint script: - awkenvsubst < "$HELM_INTEG_VALUES" > generated-values-integration.yml - yamllint -d "$HELM_YAMLLINT_CONFIG" $HELM_YAMLLINT_ARGS generated-values-integration.yml rules: - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never - if: '$HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == ""' when: never # only on non-production branches - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF' when: never - !reference [.test-policy, rules] helm-values-staging-lint: extends: .helm-values-lint script: - awkenvsubst < "$HELM_STAGING_VALUES" > generated-values-staging.yml - yamllint -d "$HELM_YAMLLINT_CONFIG" $HELM_YAMLLINT_ARGS generated-values-staging.yml rules: - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never - if: '$HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == ""' when: never - !reference [.test-policy, rules] helm-values-prod-lint: extends: .helm-values-lint script: - awkenvsubst < "$HELM_PROD_VALUES" > generated-values-prod.yml - yamllint -d "$HELM_YAMLLINT_CONFIG" $HELM_YAMLLINT_ARGS generated-values-prod.yml rules: - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never - if: '$HELM_PROD_VALUES == null || $HELM_PROD_VALUES == ""' when: never - !reference [.test-policy, rules] helm-review-score: extends: .helm-score script: - if [ -z "$HELM_COMMON_VALUES" ]; then HELM_COMMON_VALUES=/dev/null; fi - awkenvsubst < "$HELM_COMMON_VALUES" > generated-values-common.yml - awkenvsubst < "$HELM_REVIEW_VALUES" > generated-values-review.yml - helm template $helm_package --values generated-values-common.yml --values generated-values-review.yml | kube-score score ${HELM_KUBE_SCORE_ARGS} - rules: # exclude when $HELM_KUBE_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never - if: '$HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == ""' when: never # only on non-production, non-integration branches - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF' when: never - !reference [.test-policy, rules] helm-integration-score: extends: .helm-score script: - if [ -z "$HELM_COMMON_VALUES" ]; then HELM_COMMON_VALUES=/dev/null; fi - awkenvsubst < "$HELM_COMMON_VALUES" > generated-values-common.yml - awkenvsubst < "$HELM_INTEG_VALUES" > generated-values-integration.yml - helm template $helm_package --values generated-values-common.yml --values generated-values-integration.yml | kube-score score ${HELM_KUBE_SCORE_ARGS} - rules: # exclude when $HELM_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never - if: '$HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == ""' when: never # only on non-production branches - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF' when: never - !reference [.test-policy, rules] helm-staging-score: extends: .helm-score script: - if [ -z "$HELM_COMMON_VALUES" ]; then HELM_COMMON_VALUES=/dev/null; fi - awkenvsubst < "$HELM_COMMON_VALUES" > generated-values-common.yml - awkenvsubst < "$HELM_STAGING_VALUES" > generated-values-staging.yml - helm template $helm_package --values generated-values-common.yml --values generated-values-staging.yml | kube-score score ${HELM_KUBE_SCORE_ARGS} - rules: # exclude when $HELM_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never - if: '$HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == ""' when: never - !reference [.test-policy, rules] helm-prod-score: extends: .helm-score script: - if [ -z "$HELM_COMMON_VALUES" ]; then HELM_COMMON_VALUES=/dev/null; fi - awkenvsubst < "$HELM_COMMON_VALUES" > generated-values-common.yml - awkenvsubst < "$HELM_PROD_VALUES" > generated-values-prod.yml - helm template $helm_package --values generated-values-common.yml --values generated-values-prod.yml | kube-score score ${HELM_KUBE_SCORE_ARGS} - rules: # exclude when $HELM_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never - if: '$HELM_PROD_VALUES == null || $HELM_PROD_VALUES == ""' when: never - !reference [.test-policy, rules] # ================================================== # Stage: package-build # ================================================== Loading Loading
templates/gitlab-ci-helm.yml +83 −135 Original line number Diff line number Diff line Loading @@ -706,14 +706,54 @@ stages: - .cache - .config .helm-values-lint: helm-values-lint: extends: .helm-base image: name: $HELM_YAMLLINT_IMAGE entrypoint: [""] stage: test parallel: matrix: - VAR_PREFIX: COMMON - VAR_PREFIX: REVIEW - VAR_PREFIX: INTEG - VAR_PREFIX: STAGING - VAR_PREFIX: PROD script: - values_file=$(eval echo "\$HELM_${VAR_PREFIX}_VALUES") - awkenvsubst < "$values_file" > generated-values.yml - yamllint -d "$HELM_YAMLLINT_CONFIG" $HELM_YAMLLINT_ARGS generated-values.yml rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_YAMLLINT_DISABLED is set - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never # exclude common if $HELM_COMMON_VALUES unset - if: '$VAR_PREFIX == "COMMON" && ($HELM_COMMON_VALUES == null || $HELM_COMMON_VALUES == "")' when: never # exclude review if $HELM_REVIEW_VALUES unset - if: '$VAR_PREFIX == "REVIEW" && ($HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == "")' when: never # exclude review on integration or prod branch - if: '$VAR_PREFIX == "REVIEW" && ($CI_COMMIT_REF_NAME =~ $INTEG_REF || $CI_COMMIT_REF_NAME =~ $PROD_REF)' when: never # exclude integration if $HELM_INTEG_VALUES unset - if: '$VAR_PREFIX == "INTEG" && ($HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == "")' when: never # exclude integration on prod branch - if: '$VAR_PREFIX == "INTEG" && $CI_COMMIT_REF_NAME =~ $PROD_REF' when: never # exclude staging if $HELM_STAGING_VALUES unset - if: '$VAR_PREFIX == "STAGING" && ($HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == "")' when: never # exclude production if $HELM_PROD_VALUES unset - if: '$VAR_PREFIX == "PROD" && ($HELM_PROD_VALUES == null || $HELM_PROD_VALUES == "")' when: never - !reference [.test-policy, rules] .helm-score: helm-score: extends: .helm-base image: name: $HELM_KUBE_SCORE_IMAGE Loading @@ -735,6 +775,47 @@ stages: log_error "You need at least one Chart.yaml or external deploy chart reference" exit 1 fi parallel: matrix: - ENV_TYPE: review VAR_PREFIX: REVIEW - ENV_TYPE: integration VAR_PREFIX: INTEG - ENV_TYPE: staging VAR_PREFIX: STAGING - ENV_TYPE: production VAR_PREFIX: PROD script: - awkenvsubst < "${HELM_COMMON_VALUES:-/dev/null}" > generated-values-common.yml - env_values=$(eval echo "\$HELM_${VAR_PREFIX}_VALUES") - awkenvsubst < "$env_values" > generated-values-env.yml - helm template $helm_package --values generated-values-common.yml --values generated-values-env.yml | kube-score score ${HELM_KUBE_SCORE_ARGS} - rules: # exclude tags - if: $CI_COMMIT_TAG when: never # exclude when $HELM_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # exclude review if $HELM_REVIEW_VALUES unset - if: '$ENV_TYPE == "review" && ($HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == "")' when: never # exclude review on integration or prod branch - if: '$ENV_TYPE == "review" && ($CI_COMMIT_REF_NAME =~ $INTEG_REF || $CI_COMMIT_REF_NAME =~ $PROD_REF)' when: never # exclude integration if $HELM_INTEG_VALUES unset - if: '$ENV_TYPE == "integration" && ($HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == "")' when: never # exclude integration on prod branch - if: '$ENV_TYPE == "integration" && $CI_COMMIT_REF_NAME =~ $PROD_REF' when: never # exclude staging if $HELM_STAGING_VALUES unset - if: '$ENV_TYPE == "staging" && ($HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == "")' when: never # exclude production if $HELM_PROD_VALUES unset - if: '$ENV_TYPE == "production" && ($HELM_PROD_VALUES == null || $HELM_PROD_VALUES == "")' when: never - !reference [.test-policy, rules] # ================================================== # Stage: check Loading @@ -756,139 +837,6 @@ helm-lint: - exists: - "**/Chart.yaml" # yamllint-job is used to check the syntax of the values files. helm-values-common-lint: extends: .helm-values-lint script: - awkenvsubst < "$HELM_COMMON_VALUES" > generated-values-common.yml - yamllint -d "$HELM_YAMLLINT_CONFIG" $HELM_YAMLLINT_ARGS generated-values-common.yml rules: - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never - if: '$HELM_COMMON_VALUES == null || $HELM_COMMON_VALUES == ""' when: never - !reference [.test-policy, rules] helm-values-review-lint: extends: .helm-values-lint script: - awkenvsubst < "$HELM_REVIEW_VALUES" > generated-values-review.yml - yamllint -d "$HELM_YAMLLINT_CONFIG" $HELM_YAMLLINT_ARGS generated-values-review.yml rules: - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never - if: '$HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == ""' when: never # only on non-production, non-integration branches - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF' when: never - !reference [.test-policy, rules] helm-values-integration-lint: extends: .helm-values-lint script: - awkenvsubst < "$HELM_INTEG_VALUES" > generated-values-integration.yml - yamllint -d "$HELM_YAMLLINT_CONFIG" $HELM_YAMLLINT_ARGS generated-values-integration.yml rules: - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never - if: '$HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == ""' when: never # only on non-production branches - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF' when: never - !reference [.test-policy, rules] helm-values-staging-lint: extends: .helm-values-lint script: - awkenvsubst < "$HELM_STAGING_VALUES" > generated-values-staging.yml - yamllint -d "$HELM_YAMLLINT_CONFIG" $HELM_YAMLLINT_ARGS generated-values-staging.yml rules: - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never - if: '$HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == ""' when: never - !reference [.test-policy, rules] helm-values-prod-lint: extends: .helm-values-lint script: - awkenvsubst < "$HELM_PROD_VALUES" > generated-values-prod.yml - yamllint -d "$HELM_YAMLLINT_CONFIG" $HELM_YAMLLINT_ARGS generated-values-prod.yml rules: - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never - if: '$HELM_PROD_VALUES == null || $HELM_PROD_VALUES == ""' when: never - !reference [.test-policy, rules] helm-review-score: extends: .helm-score script: - if [ -z "$HELM_COMMON_VALUES" ]; then HELM_COMMON_VALUES=/dev/null; fi - awkenvsubst < "$HELM_COMMON_VALUES" > generated-values-common.yml - awkenvsubst < "$HELM_REVIEW_VALUES" > generated-values-review.yml - helm template $helm_package --values generated-values-common.yml --values generated-values-review.yml | kube-score score ${HELM_KUBE_SCORE_ARGS} - rules: # exclude when $HELM_KUBE_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never - if: '$HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == ""' when: never # only on non-production, non-integration branches - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF' when: never - !reference [.test-policy, rules] helm-integration-score: extends: .helm-score script: - if [ -z "$HELM_COMMON_VALUES" ]; then HELM_COMMON_VALUES=/dev/null; fi - awkenvsubst < "$HELM_COMMON_VALUES" > generated-values-common.yml - awkenvsubst < "$HELM_INTEG_VALUES" > generated-values-integration.yml - helm template $helm_package --values generated-values-common.yml --values generated-values-integration.yml | kube-score score ${HELM_KUBE_SCORE_ARGS} - rules: # exclude when $HELM_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never - if: '$HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == ""' when: never # only on non-production branches - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF' when: never - !reference [.test-policy, rules] helm-staging-score: extends: .helm-score script: - if [ -z "$HELM_COMMON_VALUES" ]; then HELM_COMMON_VALUES=/dev/null; fi - awkenvsubst < "$HELM_COMMON_VALUES" > generated-values-common.yml - awkenvsubst < "$HELM_STAGING_VALUES" > generated-values-staging.yml - helm template $helm_package --values generated-values-common.yml --values generated-values-staging.yml | kube-score score ${HELM_KUBE_SCORE_ARGS} - rules: # exclude when $HELM_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never - if: '$HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == ""' when: never - !reference [.test-policy, rules] helm-prod-score: extends: .helm-score script: - if [ -z "$HELM_COMMON_VALUES" ]; then HELM_COMMON_VALUES=/dev/null; fi - awkenvsubst < "$HELM_COMMON_VALUES" > generated-values-common.yml - awkenvsubst < "$HELM_PROD_VALUES" > generated-values-prod.yml - helm template $helm_package --values generated-values-common.yml --values generated-values-prod.yml | kube-score score ${HELM_KUBE_SCORE_ARGS} - rules: # exclude when $HELM_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never - if: '$HELM_PROD_VALUES == null || $HELM_PROD_VALUES == ""' when: never - !reference [.test-policy, rules] # ================================================== # Stage: package-build # ================================================== Loading
