Loading templates/gitlab-ci-helm.yml +91 −51 Original line number Diff line number Diff line Loading @@ -13,14 +13,33 @@ # program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth # Floor, Boston, MA 02110-1301, USA. # ========================================================================================= # default workflow rules # default workflow rules: Merge Request pipelines workflow: rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID # prevent branch pipeline when an MR is open (prefer MR pipeline) - if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS' when: never - when: always # test job prototype: implement adaptive pipeline rules .test-policy: rules: # on tag: auto & failing - if: $CI_COMMIT_TAG # on ADAPTIVE_PIPELINE_DISABLED: auto & failing - if: '$ADAPTIVE_PIPELINE_DISABLED == "true"' # on production or integration branch(es): auto & failing - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF' # early stage (dev branch, no MR): manual & non-failing - if: '$CI_MERGE_REQUEST_ID == null && $CI_OPEN_MERGE_REQUESTS == null' when: manual allow_failure: true # Draft MR: auto & non-failing - if: '$CI_MERGE_REQUEST_TITLE =~ /^Draft:.*/' allow_failure: true # else (Ready MR): auto & failing - when: on_success variables: # variabilized tracking image TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master" Loading Loading @@ -508,7 +527,6 @@ stages: # ================================================== # Stage: check # ================================================== # lint-job is used to check the syntax of the Helm Chart for best practices. helm-lint: extends: .helm-base Loading @@ -535,8 +553,9 @@ helm-values-common-lint: rules: - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never - if: '$HELM_COMMON_VALUES' - if: '$HELM_COMMON_VALUES == null || $HELM_COMMON_VALUES == ""' when: never - !reference [.test-policy, rules] helm-values-review-lint: extends: .helm-values-lint Loading @@ -546,8 +565,12 @@ helm-values-review-lint: rules: - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never - if: '$HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == ""' when: never # only on non-production, non-integration branches - if: '$HELM_REVIEW_VALUES && $CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF' - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF' when: never - !reference [.test-policy, rules] helm-values-integration-lint: extends: .helm-values-lint Loading @@ -557,8 +580,12 @@ helm-values-integration-lint: rules: - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never # only on integration branch(es) - if: '$HELM_INTEG_VALUES && $CI_COMMIT_REF_NAME =~ $INTEG_REF' - if: '$HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == ""' when: never # only on non-production branches - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF' when: never - !reference [.test-policy, rules] helm-values-staging-lint: extends: .helm-values-lint Loading @@ -568,8 +595,9 @@ helm-values-staging-lint: rules: - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never # only on production branch(es) - if: '$HELM_STAGING_VALUES && $CI_COMMIT_REF_NAME =~ $PROD_REF' - if: '$HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == ""' when: never - !reference [.test-policy, rules] helm-values-prod-lint: extends: .helm-values-lint Loading @@ -579,8 +607,9 @@ helm-values-prod-lint: rules: - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never # only on production branch(es) - if: '$HELM_PROD_VALUES && $CI_COMMIT_REF_NAME =~ $PROD_REF' - if: '$HELM_PROD_VALUES == null || $HELM_PROD_VALUES == ""' when: never - !reference [.test-policy, rules] helm-review-score: extends: .helm-score Loading @@ -593,11 +622,12 @@ helm-review-score: # exclude when $HELM_KUBE_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # else: only on non-production, non-integration branches + allow failure - if: $HELM_REVIEW_VALUES && $CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF exists: - "**/Chart.yaml" allow_failure: true - if: '$HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == ""' when: never # only on non-production, non-integration branches - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF' when: never - !reference [.test-policy, rules] helm-integration-score: extends: .helm-score Loading @@ -610,11 +640,12 @@ helm-integration-score: # exclude when $K8S_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # else: only on integration branch(es) + allow failure - if: $HELM_INTEG_VALUES && $CI_COMMIT_REF_NAME =~ $INTEG_REF exists: - "**/Chart.yaml" allow_failure: true - if: '$HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == ""' when: never # only on non-production branches - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF' when: never - !reference [.test-policy, rules] helm-staging-score: extends: .helm-score Loading @@ -627,11 +658,9 @@ helm-staging-score: # exclude when $K8S_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # else: only on production branch(es) + allow failure - if: $HELM_STAGING_VALUES && $CI_COMMIT_REF_NAME =~ $PROD_REF exists: - "**/Chart.yaml" allow_failure: true - if: '$HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == ""' when: never - !reference [.test-policy, rules] helm-prod-score: extends: .helm-score Loading @@ -644,11 +673,9 @@ helm-prod-score: # exclude when $K8S_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # else: only on production branch(es) + allow failure - if: $HELM_PROD_VALUES && $CI_COMMIT_REF_NAME =~ $PROD_REF exists: - "**/Chart.yaml" allow_failure: true - if: '$HELM_PROD_VALUES == null || $HELM_PROD_VALUES == ""' when: never - !reference [.test-policy, rules] # ================================================== # Stage: package-build Loading Loading @@ -803,11 +830,9 @@ helm-publish: script: - test "$environment_type" "$environment_name" "${ENV_NAMESPACE:-${KUBE_NAMESPACE}}" # ================================================== # Stage: review # ================================================== # deploy to review env (only for feature branches) # enabled by default, disable this job by setting $HELM_REVIEW_DISABLED helm-review: Loading @@ -824,7 +849,7 @@ helm-review: on_stop: helm-cleanup-review resource_group: review/$CI_COMMIT_REF_NAME rules: # exclude merge requests, tags and on $HELM_REVIEW_DISABLED set # exclude tags and on $HELM_REVIEW_DISABLED set - if: '$HELM_REVIEW_DISABLED == "true" || $CI_COMMIT_TAG' when: never # only on non-production, non-integration branches Loading @@ -843,7 +868,7 @@ helm-cleanup-review: action: stop resource_group: review/$CI_COMMIT_REF_NAME rules: # exclude merge requests, tags and on $HELM_REVIEW_DISABLED set # exclude tags and on $HELM_REVIEW_DISABLED set - if: '$HELM_REVIEW_DISABLED == "true" || $CI_COMMIT_TAG' when: never # only on non-production, non-integration branches Loading @@ -860,16 +885,21 @@ helm-test-review: ENV_KUBE_CONFIG: "$HELM_REVIEW_KUBE_CONFIG" ENV_NAMESPACE: "$HELM_REVIEW_NAMESPACE" rules: # exclude merge requests, tags and on $HELM_REVIEW_DISABLED set - if: '$HELM_REVIEW_DISABLED == "true" || $CI_COMMIT_TAG' - if: $CI_COMMIT_TAG when: never # only on non-production, non-integration branches - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF && $HELM_TEST_ENABLED == "true"' - if: '$HELM_TEST_ENABLED != "true"' when: never - if: '$HELM_REVIEW_DISABLED == "true"' when: never # exclude on production or integration branch(es) - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF' when: never # then use common test jobs policy - !reference [.test-policy, rules] # ================================================== # Stage: integration # ================================================== # deploy to integration env (only for integration branches) # enabled by default, disable this job by setting $HELM_INTEG_DISABLED helm-integration: Loading Loading @@ -923,16 +953,21 @@ helm-test-integration: ENV_NAMESPACE: "$HELM_INTEG_NAMESPACE" ENV_VALUES: "$HELM_INTEG_VALUES" rules: # exclude merge requests and on $HELM_INTEG_DISABLED set - if: $CI_COMMIT_TAG when: never - if: '$HELM_TEST_ENABLED != "true"' when: never - if: '$HELM_INTEG_DISABLED == "true"' when: never # only on integration branch(es) - if: '$CI_COMMIT_REF_NAME =~ $INTEG_REF && $HELM_TEST_ENABLED == "true"' # exclude on non-integration branch - if: '$CI_COMMIT_REF_NAME !~ $INTEG_REF' when: never # then use common test jobs policy - !reference [.test-policy, rules] # ================================================== # Stage: staging # ================================================== helm-staging: extends: .helm-deploy variables: Loading Loading @@ -974,7 +1009,6 @@ helm-cleanup-staging: when: manual allow_failure: true helm-test-staging: extends: .helm-test variables: Loading @@ -983,15 +1017,21 @@ helm-test-staging: ENV_NAMESPACE: "$HELM_STAGING_NAMESPACE" ENV_VALUES: "$HELM_STAGING_VALUES" rules: # exclude merge requests and on $HELM_STAGING_DISABLED set - if: $CI_COMMIT_TAG when: never - if: '$HELM_TEST_ENABLED != "true"' when: never - if: '$HELM_STAGING_DISABLED == "true"' when: never # only on production branch(es) - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF && $HELM_TEST_ENABLED == "true" ' # exclude on non-production branch - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF' when: never # then use common test jobs policy - !reference [.test-policy, rules] # ================================================== # Stage: production # ================================================== helm-production: extends: .helm-deploy stage: production Loading Loading
templates/gitlab-ci-helm.yml +91 −51 Original line number Diff line number Diff line Loading @@ -13,14 +13,33 @@ # program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth # Floor, Boston, MA 02110-1301, USA. # ========================================================================================= # default workflow rules # default workflow rules: Merge Request pipelines workflow: rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID # prevent branch pipeline when an MR is open (prefer MR pipeline) - if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS' when: never - when: always # test job prototype: implement adaptive pipeline rules .test-policy: rules: # on tag: auto & failing - if: $CI_COMMIT_TAG # on ADAPTIVE_PIPELINE_DISABLED: auto & failing - if: '$ADAPTIVE_PIPELINE_DISABLED == "true"' # on production or integration branch(es): auto & failing - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF' # early stage (dev branch, no MR): manual & non-failing - if: '$CI_MERGE_REQUEST_ID == null && $CI_OPEN_MERGE_REQUESTS == null' when: manual allow_failure: true # Draft MR: auto & non-failing - if: '$CI_MERGE_REQUEST_TITLE =~ /^Draft:.*/' allow_failure: true # else (Ready MR): auto & failing - when: on_success variables: # variabilized tracking image TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master" Loading Loading @@ -508,7 +527,6 @@ stages: # ================================================== # Stage: check # ================================================== # lint-job is used to check the syntax of the Helm Chart for best practices. helm-lint: extends: .helm-base Loading @@ -535,8 +553,9 @@ helm-values-common-lint: rules: - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never - if: '$HELM_COMMON_VALUES' - if: '$HELM_COMMON_VALUES == null || $HELM_COMMON_VALUES == ""' when: never - !reference [.test-policy, rules] helm-values-review-lint: extends: .helm-values-lint Loading @@ -546,8 +565,12 @@ helm-values-review-lint: rules: - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never - if: '$HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == ""' when: never # only on non-production, non-integration branches - if: '$HELM_REVIEW_VALUES && $CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF' - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF' when: never - !reference [.test-policy, rules] helm-values-integration-lint: extends: .helm-values-lint Loading @@ -557,8 +580,12 @@ helm-values-integration-lint: rules: - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never # only on integration branch(es) - if: '$HELM_INTEG_VALUES && $CI_COMMIT_REF_NAME =~ $INTEG_REF' - if: '$HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == ""' when: never # only on non-production branches - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF' when: never - !reference [.test-policy, rules] helm-values-staging-lint: extends: .helm-values-lint Loading @@ -568,8 +595,9 @@ helm-values-staging-lint: rules: - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never # only on production branch(es) - if: '$HELM_STAGING_VALUES && $CI_COMMIT_REF_NAME =~ $PROD_REF' - if: '$HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == ""' when: never - !reference [.test-policy, rules] helm-values-prod-lint: extends: .helm-values-lint Loading @@ -579,8 +607,9 @@ helm-values-prod-lint: rules: - if: '$HELM_YAMLLINT_DISABLED == "true"' when: never # only on production branch(es) - if: '$HELM_PROD_VALUES && $CI_COMMIT_REF_NAME =~ $PROD_REF' - if: '$HELM_PROD_VALUES == null || $HELM_PROD_VALUES == ""' when: never - !reference [.test-policy, rules] helm-review-score: extends: .helm-score Loading @@ -593,11 +622,12 @@ helm-review-score: # exclude when $HELM_KUBE_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # else: only on non-production, non-integration branches + allow failure - if: $HELM_REVIEW_VALUES && $CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF exists: - "**/Chart.yaml" allow_failure: true - if: '$HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == ""' when: never # only on non-production, non-integration branches - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF' when: never - !reference [.test-policy, rules] helm-integration-score: extends: .helm-score Loading @@ -610,11 +640,12 @@ helm-integration-score: # exclude when $K8S_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # else: only on integration branch(es) + allow failure - if: $HELM_INTEG_VALUES && $CI_COMMIT_REF_NAME =~ $INTEG_REF exists: - "**/Chart.yaml" allow_failure: true - if: '$HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == ""' when: never # only on non-production branches - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF' when: never - !reference [.test-policy, rules] helm-staging-score: extends: .helm-score Loading @@ -627,11 +658,9 @@ helm-staging-score: # exclude when $K8S_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # else: only on production branch(es) + allow failure - if: $HELM_STAGING_VALUES && $CI_COMMIT_REF_NAME =~ $PROD_REF exists: - "**/Chart.yaml" allow_failure: true - if: '$HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == ""' when: never - !reference [.test-policy, rules] helm-prod-score: extends: .helm-score Loading @@ -644,11 +673,9 @@ helm-prod-score: # exclude when $K8S_SCORE_DISABLED is set - if: '$HELM_KUBE_SCORE_DISABLED == "true"' when: never # else: only on production branch(es) + allow failure - if: $HELM_PROD_VALUES && $CI_COMMIT_REF_NAME =~ $PROD_REF exists: - "**/Chart.yaml" allow_failure: true - if: '$HELM_PROD_VALUES == null || $HELM_PROD_VALUES == ""' when: never - !reference [.test-policy, rules] # ================================================== # Stage: package-build Loading Loading @@ -803,11 +830,9 @@ helm-publish: script: - test "$environment_type" "$environment_name" "${ENV_NAMESPACE:-${KUBE_NAMESPACE}}" # ================================================== # Stage: review # ================================================== # deploy to review env (only for feature branches) # enabled by default, disable this job by setting $HELM_REVIEW_DISABLED helm-review: Loading @@ -824,7 +849,7 @@ helm-review: on_stop: helm-cleanup-review resource_group: review/$CI_COMMIT_REF_NAME rules: # exclude merge requests, tags and on $HELM_REVIEW_DISABLED set # exclude tags and on $HELM_REVIEW_DISABLED set - if: '$HELM_REVIEW_DISABLED == "true" || $CI_COMMIT_TAG' when: never # only on non-production, non-integration branches Loading @@ -843,7 +868,7 @@ helm-cleanup-review: action: stop resource_group: review/$CI_COMMIT_REF_NAME rules: # exclude merge requests, tags and on $HELM_REVIEW_DISABLED set # exclude tags and on $HELM_REVIEW_DISABLED set - if: '$HELM_REVIEW_DISABLED == "true" || $CI_COMMIT_TAG' when: never # only on non-production, non-integration branches Loading @@ -860,16 +885,21 @@ helm-test-review: ENV_KUBE_CONFIG: "$HELM_REVIEW_KUBE_CONFIG" ENV_NAMESPACE: "$HELM_REVIEW_NAMESPACE" rules: # exclude merge requests, tags and on $HELM_REVIEW_DISABLED set - if: '$HELM_REVIEW_DISABLED == "true" || $CI_COMMIT_TAG' - if: $CI_COMMIT_TAG when: never # only on non-production, non-integration branches - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF && $HELM_TEST_ENABLED == "true"' - if: '$HELM_TEST_ENABLED != "true"' when: never - if: '$HELM_REVIEW_DISABLED == "true"' when: never # exclude on production or integration branch(es) - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF' when: never # then use common test jobs policy - !reference [.test-policy, rules] # ================================================== # Stage: integration # ================================================== # deploy to integration env (only for integration branches) # enabled by default, disable this job by setting $HELM_INTEG_DISABLED helm-integration: Loading Loading @@ -923,16 +953,21 @@ helm-test-integration: ENV_NAMESPACE: "$HELM_INTEG_NAMESPACE" ENV_VALUES: "$HELM_INTEG_VALUES" rules: # exclude merge requests and on $HELM_INTEG_DISABLED set - if: $CI_COMMIT_TAG when: never - if: '$HELM_TEST_ENABLED != "true"' when: never - if: '$HELM_INTEG_DISABLED == "true"' when: never # only on integration branch(es) - if: '$CI_COMMIT_REF_NAME =~ $INTEG_REF && $HELM_TEST_ENABLED == "true"' # exclude on non-integration branch - if: '$CI_COMMIT_REF_NAME !~ $INTEG_REF' when: never # then use common test jobs policy - !reference [.test-policy, rules] # ================================================== # Stage: staging # ================================================== helm-staging: extends: .helm-deploy variables: Loading Loading @@ -974,7 +1009,6 @@ helm-cleanup-staging: when: manual allow_failure: true helm-test-staging: extends: .helm-test variables: Loading @@ -983,15 +1017,21 @@ helm-test-staging: ENV_NAMESPACE: "$HELM_STAGING_NAMESPACE" ENV_VALUES: "$HELM_STAGING_VALUES" rules: # exclude merge requests and on $HELM_STAGING_DISABLED set - if: $CI_COMMIT_TAG when: never - if: '$HELM_TEST_ENABLED != "true"' when: never - if: '$HELM_STAGING_DISABLED == "true"' when: never # only on production branch(es) - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF && $HELM_TEST_ENABLED == "true" ' # exclude on non-production branch - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF' when: never # then use common test jobs policy - !reference [.test-policy, rules] # ================================================== # Stage: production # ================================================== helm-production: extends: .helm-deploy stage: production Loading
