feat: migrate to CI/CD component

    file: '/templates/validation.yml'

  - project: 'to-be-continuous/bash'

    ref: '3.3'

    file: 'templates/gitlab-ci-bash.yml'

    file: '/templates/gitlab-ci-bash.yml'

  - project: 'to-be-continuous/semantic-release'

    ref: '3.7'

    file: '/templates/gitlab-ci-semrel.yml'    

## Usage

In order to include this template in your project, add the following to your `gitlab-ci.yml`:

This template can be used both as a [CI/CD component](https://docs.gitlab.com/ee/ci/components/#use-a-component-in-a-cicd-configuration) 

or using the legacy [`include:project`](https://docs.gitlab.com/ee/ci/yaml/index.html#includeproject) syntax.

### Use as a CI/CD component

Add the following to your `gitlab-ci.yml`:

```yaml

include:

  # 1: include the component

  - component: gitlab.com/to-be-continuous/helmfile/gitlab-ci-helmfile@3.1.1

    # 2: set/override component inputs

    inputs:

      # ⚠ this is only an example

      base-app-name: wonderapp

      review-enabled: true

      staging-enabled: true

      prod-enabled: true

```

### Use as a CI/CD template (legacy)

Add the following to your `gitlab-ci.yml`:

```yaml

include:

  # 1: include the template

  - project: 'to-be-continuous/helmfile'

    ref: '3.1.1'

    file: '/templates/gitlab-ci-helmfile.yml'

variables:

  # 2: set/override template variables

  # ⚠ this is only an example

  HELMFILE_BASE_APP_NAME: wonderapp

  HELMFILE_REVIEW_ENABLED: "true"

  HELMFILE_STAGING_ENABLED: "true"

  HELMFILE_PROD_ENABLED: "true"

```

## Understand

The Helm template uses some global configuration used throughout all jobs.

| Name                  | Description                            | Default value     |

| Input / Variable | Description                            | Default value     |

| --------------------- | -------------------------------------- | ----------------- |

| `HELMFILE_CLI_IMAGE`      | The Docker image used to run helmfile <br/>:warning: **set the version required by your Kubernetes server** | `ghcr.io/helmfile/helmfile:latest` |

| `HELMFILE_PATH`     | The path to your `helmfile.yaml` | `./helmfile.yaml` |

| `HELMFILE_SCRIPTS_DIR`     | The folder where hook scripts are located | `.` _(root project dir)_ |

| `KUBE_NAMESPACE`      | The default Kubernetes namespace to use | `"${CI_PROJECT_NAME}-${CI_PROJECT_ID}-${CI_ENVIRONMENT_SLUG}"` ([see GitLab doc](https://docs.gitlab.com/ee/ci/variables/predefined_variables.html)) |

| `cli-image` / `HELMFILE_CLI_IMAGE` | The Docker image used to run helmfile <br/>:warning: **set the version required by your Kubernetes server** | `ghcr.io/helmfile/helmfile:latest` |

| `path` / `HELMFILE_PATH` | The path to your `helmfile.yaml` | `./helmfile.yaml` |

| `scripts-dir` / `HELMFILE_SCRIPTS_DIR` | The folder where hook scripts are located | `.` _(root project dir)_ |

| `kube-namespace` / `KUBE_NAMESPACE` | The default Kubernetes namespace to use | `"${CI_PROJECT_NAME}-${CI_PROJECT_ID}-${CI_ENVIRONMENT_SLUG}"` ([see GitLab doc](https://docs.gitlab.com/ee/ci/variables/predefined_variables.html)) |

| `KUBE_CONTEXT`      | Defines the context to be used in `KUBECONFIG`. When using [GitLab agents with the CI/CD workflow](https://docs.gitlab.com/ee/user/clusters/agent/ci_cd_workflow.html), the value should be like `path/to/agent/project:agent-name`. To use different agents per environment, define an [environment-scoped CI/CD variable](https://docs.gitlab.com/ee/ci/environments/index.html#limit-the-environment-scope-of-a-cicd-variable) for each agent. | _none_ |

| :lock: `HELMFILE_DEFAULT_KUBE_CONFIG` | The default kubeconfig to use (either content or file variable) | `$KUBECONFIG` (thus supports the [GitLab Kubernetes integration](https://docs.gitlab.com/ee/user/project/clusters/index.html) when enabled) |

| `HELMFILE_DEPLOY_ARGS`    | The helmfile [command with options](https://helmfile.readthedocs.io/en/latest/#apply) to deploy the application (_without dynamic global parameters such as `helmfile.yaml` path and environment name_) | `apply --wait` |

| `HELMFILE_DELETE_ARGS`    | The helmfile [command with options](https://helmfile.readthedocs.io/en/latest/#destroy) to cleanup the application (_without dynamic global parameters such as `helmfile.yaml` path and environment name_) | `destroy` |

| `HELMFILE_BASE_APP_NAME`  | Base application name                  | `$CI_PROJECT_NAME` ([see GitLab doc](https://docs.gitlab.com/ee/ci/variables/predefined_variables.html)) |

| `HELMFILE_ENVIRONMENT_URL`    | Default environments url _(only define for static environment URLs declaration)_<br/>_supports late variable expansion (ex: `https://%{environment_name}.helm.acme.com`)_ | _none_ |

| `HELMFILE_PGP_PRIVATE_KEY_FILE` | PGP Private key for decrypting helmfile secrets (optional) | _none_ |

| `HELMFILE_PGP_PASSPHRASE` | Passphrase for PGP private key (optional) | _none_ |

| `HELMFILE_IMAGE_PULL_SECRET_NAME` | Name of the `docker-registry` k8s secret that will be created if the special [GitLab deploy token](https://docs.gitlab.com/ee/user/project/deploy_tokens/#gitlab-deploy-token) is available. | `gitlab-registry` |

| `deploy-args` / `HELMFILE_DEPLOY_ARGS` | The helmfile [command with options](https://helmfile.readthedocs.io/en/latest/#apply) to deploy the application (_without dynamic global parameters such as `helmfile.yaml` path and environment name_) | `apply --wait` |

| `delete-args` / `HELMFILE_DELETE_ARGS` | The helmfile [command with options](https://helmfile.readthedocs.io/en/latest/#destroy) to cleanup the application (_without dynamic global parameters such as `helmfile.yaml` path and environment name_) | `destroy` |

| `base-app-name` / `HELMFILE_BASE_APP_NAME` | Base application name                  | `$CI_PROJECT_NAME` ([see GitLab doc](https://docs.gitlab.com/ee/ci/variables/predefined_variables.html)) |

| `environment-url` / `HELMFILE_ENVIRONMENT_URL`    | Default environments url _(only define for static environment URLs declaration)_<br/>_supports late variable expansion (ex: `https://%{environment_name}.helm.acme.com`)_ | _none_ |

| :lock: `HELMFILE_PGP_PRIVATE_KEY_FILE` | PGP Private key for decrypting helmfile secrets (optional) | _none_ |

| :lock: `HELMFILE_PGP_PASSPHRASE` | Passphrase for PGP private key (optional) | _none_ |

| `image-pull-secret-name` / `HELMFILE_IMAGE_PULL_SECRET_NAME` | Name of the `docker-registry` k8s secret that will be created if the special [GitLab deploy token](https://docs.gitlab.com/ee/user/project/deploy_tokens/#gitlab-deploy-token) is available. | `gitlab-registry` |

### Review environments configuration

Here are variables supported to configure review environments:

| Name                         | Description                            | Default value     |

| Input / Variable | Description                            | Default value     |

| ---------------------------- | -------------------------------------- | ----------------- |

| `HELMFILE_REVIEW_ENABLED`    | Set to `true` to enable `review` env   | _none_ (disabled) |

| `HELMFILE_REVIEW_APP_NAME`   | Application name for `review` env      | `"${HELM_BASE_APP_NAME}-${CI_ENVIRONMENT_SLUG}"` (ex: `myproject-review-fix-bug-12`) |

| `HELMFILE_REVIEW_ENVIRONMENT_URL`| The review environments url _(only define for static environment URLs declaration and if different from default)_ | `$HELMFILE_ENVIRONMENT_URL` |

| `HELMFILE_REVIEW_NAMESPACE`  | The Kubernetes namespace to use for `review` env _(only define to override default)_ | `$KUBE_NAMESPACE` |

| `review-enabled` / `HELMFILE_REVIEW_ENABLED` | Set to `true` to enable `review` env   | _none_ (disabled) |

| `review-app-name` / `HELMFILE_REVIEW_APP_NAME` | Application name for `review` env      | `"${HELMFILE_BASE_APP_NAME}-${CI_ENVIRONMENT_SLUG}"` (ex: `myproject-review-fix-bug-12`) |

| `review-environment-url` / `HELMFILE_REVIEW_ENVIRONMENT_URL`| The review environments url _(only define for static environment URLs declaration and if different from default)_ | `$HELMFILE_ENVIRONMENT_URL` |

| `review-namespace` / `HELMFILE_REVIEW_NAMESPACE` | The Kubernetes namespace to use for `review` env _(only define to override default)_ | `$KUBE_NAMESPACE` |

| :lock: `HELMFILE_REVIEW_KUBE_CONFIG` | Specific kubeconfig for `review` env _(only define to override default)_ | `$HELMFILE_DEFAULT_KUBE_CONFIG` |

| `HELMFILE_REVIEW_AUTOSTOP_DURATION`| The amount of time before GitLab will automatically stop `review` environments | `4 hours` |

| `review-autostop-duration` / `HELMFILE_REVIEW_AUTOSTOP_DURATION` | The amount of time before GitLab will automatically stop `review` environments | `4 hours` |

### Integration environment configuration

Here are variables supported to configure the integration environment:

| Name                         | Description                            | Default value     |

| Input / Variable | Description                            | Default value     |

| ---------------------------- | -------------------------------------- | ----------------- |

| `HELMFILE_INTEG_ENABLED`     | Set to `true` to enable `integration` env | _none_ (disabled) |

| `HELMFILE_INTEG_APP_NAME`    | Application name for `integration` env | `$HELMFILE_BASE_APP_NAME-integration` |

| `HELMFILE_INTEG_ENVIRONMENT_URL`| The integration environment url _(only define for static environment URLs declaration and if different from default)_ | `$HELMFILE_ENVIRONMENT_URL` |

| `HELMFILE_INTEG_NAMESPACE`   | The Kubernetes namespace to use for `integration` env _(only define to override default)_ | `$KUBE_NAMESPACE` |

| `integ-enabled` / `HELMFILE_INTEG_ENABLED` | Set to `true` to enable `integration` env | _none_ (disabled) |

| `integ-app-name` / `HELMFILE_INTEG_APP_NAME` | Application name for `integration` env | `$HELMFILE_BASE_APP_NAME-integration` |

| `integ-environment-url` / `HELMFILE_INTEG_ENVIRONMENT_URL`| The integration environment url _(only define for static environment URLs declaration and if different from default)_ | `$HELMFILE_ENVIRONMENT_URL` |

| `integ-namespace` / `HELMFILE_INTEG_NAMESPACE` | The Kubernetes namespace to use for `integration` env _(only define to override default)_ | `$KUBE_NAMESPACE` |

| :lock: `HELMFILE_INTEG_KUBE_CONFIG` | Specific kubeconfig for `integration` env _(only define to override default)_ | `$HELMFILE_DEFAULT_KUBE_CONFIG` |

| `HELMFILE_INTEG_AUTOSTOP_DURATION`| The amount of time before GitLab will automatically stop the `integration` env | `never` |

| `integ-autostop-duration` / `HELMFILE_INTEG_AUTOSTOP_DURATION` | The amount of time before GitLab will automatically stop the `integration` env | `never` |

### Staging environment configuration

Here are variables supported to configure the staging environment:

| Name                         | Description                            | Default value     |

| Input / Variable | Description                            | Default value     |

| ---------------------------- | -------------------------------------- | ----------------- |

| `HELMFILE_STAGING_ENABLED`   | Set to `true` to enable `staging` env  | _none_ (disabled) |

| `HELMFILE_STAGING_APP_NAME`  | Application name for `staging` env     | `$HELMFILE_BASE_APP_NAME-staging` |

| `HELMFILE_STAGING_ENVIRONMENT_URL`| The staging environment url _(only define for static environment URLs declaration and if different from default)_ | `$HELMFILE_ENVIRONMENT_URL` |

| `HELMFILE_STAGING_NAMESPACE` | The Kubernetes namespace to use for `staging` env _(only define to override default)_ | `$KUBE_NAMESPACE` |

| `staging-enabled` / `HELMFILE_STAGING_ENABLED` | Set to `true` to enable `staging` env  | _none_ (disabled) |

| `staging-app-name` / `HELMFILE_STAGING_APP_NAME` | Application name for `staging` env     | `$HELMFILE_BASE_APP_NAME-staging` |

| `staging-environment-url` / `HELMFILE_STAGING_ENVIRONMENT_URL`| The staging environment url _(only define for static environment URLs declaration and if different from default)_ | `$HELMFILE_ENVIRONMENT_URL` |

| `staging-namespace` / `HELMFILE_STAGING_NAMESPACE` | The Kubernetes namespace to use for `staging` env _(only define to override default)_ | `$KUBE_NAMESPACE` |

| :lock: `HELMFILE_STAGING_KUBE_CONFIG` | Specific kubeconfig for `staging` env _(only define to override default)_ | `$HELMFILE_DEFAULT_KUBE_CONFIG` |

| `HELMFILE_STAGING_AUTOSTOP_DURATION`| The amount of time before GitLab will automatically stop the `staging` env | `never` |

| `staging-autostop-duration` / `HELMFILE_STAGING_AUTOSTOP_DURATION` | The amount of time before GitLab will automatically stop the `staging` env | `never` |

### Production environment configuration

Here are variables supported to configure the production environment:

| Name                     | Description                            | Default value     |

| Input / Variable | Description                            | Default value     |

| ------------------------ | -------------------------------------- | ----------------- |

| `HELMFILE_PROD_DISABLED` | Set to `true` to disable `production` env | _none_ (disabled)  |

| `HELMFILE_PROD_APP_NAME` | Application name for `production` env  | `$HELMFILE_BASE_APP_NAME` |

| `HELMFILE_PROD_ENVIRONMENT_URL`| The production environment url _(only define for static environment URLs declaration and if different from default)_ | `$HELMFILE_ENVIRONMENT_URL` |

| `HELMFILE_PROD_NAMESPACE`    | The Kubernetes namespace to use for `production` env _(only define to override default)_ | `$KUBE_NAMESPACE` |

| `prod-app-name` / `HELMFILE_PROD_APP_NAME` | Application name for `production` env  | `$HELMFILE_BASE_APP_NAME` |

| `prod-environment-url` / `HELMFILE_PROD_ENVIRONMENT_URL`| The production environment url _(only define for static environment URLs declaration and if different from default)_ | `$HELMFILE_ENVIRONMENT_URL` |

| `prod-namespace` / `HELMFILE_PROD_NAMESPACE` | The Kubernetes namespace to use for `production` env _(only define to override default)_ | `$KUBE_NAMESPACE` |

| :lock: `HELMFILE_PROD_KUBE_CONFIG` | Specific kubeconfig for `production` env _(only define to override default)_ | `$HELMFILE_DEFAULT_KUBE_CONFIG` |

| `HELMFILE_PROD_DEPLOY_STRATEGY`| Defines the deployment to production strategy. One of `manual` (i.e. _one-click_) or `auto`. | `manual` |

| `prod-deploy-strategy` / `HELMFILE_PROD_DEPLOY_STRATEGY` | Defines the deployment to production strategy. One of `manual` (i.e. _one-click_) or `auto`. | `manual` |

### `helmfile-lint` job

This job runs a [helm lint](https://helm.sh/docs/helm/helm_lint/) across all of the charts/releases in the helmfile manifest and

uses the following variables:

| Name                  | Description                               | Default value     |

| Input / Variable | Description                               | Default value     |

| --------------------- | ----------------------------------------- | ----------------- |

| `HELMFILE_LINT_ENABLED`   | Set to `true` to enable Helmfile lint | _none_ (disabled) |

| `HELMFILE_LINT_ARGS`      | The helmfile [command with options](https://helmfile.readthedocs.io/en/latest/#lint) to trigger the analysis | `lint` |

| `lint-enabled` / `HELMFILE_LINT_ENABLED` | Set to `true` to enable Helmfile lint | _none_ (disabled) |

| `lint-args` / `HELMFILE_LINT_ARGS` | The helmfile [command with options](https://helmfile.readthedocs.io/en/latest/#lint) to trigger the analysis | `lint` |

### `helmfile-test` job

It uses the following variables:

| Name                     | Description                              | Default value     |

| Input / Variable | Description                              | Default value     |

| ------------------------ | ---------------------------------------- | ----------------- |

| `HELMFILE_TEST_ENABLED`  | Set to `true` to enable Helm test                 | _none_ (disabled) |

| `HELMFILE_TEST_ARGS`      | The helmfile [command with options](https://helmfile.readthedocs.io/en/latest/#test)

| `test-enabled` / `HELMFILE_TEST_ENABLED` | Set to `true` to enable Helm test                 | _none_ (disabled) |

| `test-args` / `HELMFILE_TEST_ARGS` | The helmfile [command with options](https://helmfile.readthedocs.io/en/latest/#test)

to perform acceptance test (_without dynamic global arguments such as the helmfile.yaml path, namespace and environment name_) | `test`        |

## Variants

In order to be able to communicate with the Vault server, the variant requires the additional configuration parameters:

| Name              | Description                            | Default value     |

| Input / Variable | Description                            | Default value     |

| ----------------- | -------------------------------------- | ----------------- |

| `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master` |

| `VAULT_BASE_URL`  | The Vault server base API url          | _none_ |

| `VAULT_OIDC_AUD`  | The `aud` claim for the JWT | `$CI_SERVER_URL` |

| `vault-base-url` / `VAULT_BASE_URL` | The Vault server base API url          | _none_ |

| `vault-oidc-aud` / `VAULT_OIDC_AUD` | The `aud` claim for the JWT | `$CI_SERVER_URL` |

| :lock: `VAULT_ROLE_ID`   | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | **must be defined** |

| :lock: `VAULT_SECRET_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID | **must be defined** |

With:

| Name                             | Description                            |

| Parameter                        | Description                            |

| -------------------------------- | -------------------------------------- |

| `secret_path` (_path parameter_) | this is your secret location in the Vault server |

| `field` (_query parameter_)      | parameter to access a single basic field from the secret JSON payload |

```yaml

include:

  # main template

  - project: 'to-be-continuous/helmfile'

    ref: '3.1.1'

    file: '/templates/gitlab-ci-helmfile.yml'

  - component: gitlab.com/to-be-continuous/helmfile/gitlab-ci-helmfile@3.1.1

  # Vault variant

  - project: 'to-be-continuous/helmfile'

    ref: '3.1.1'

    file: '/templates/gitlab-ci-helmfile-vault.yml'

  - component: gitlab.com/to-be-continuous/helmfile/gitlab-ci-helmfile-vault@3.1.1

    inputs:

      # audience claim for JWT

      vault-oidc-aud: "https://vault.acme.host"

      vault-base-url: "https://vault.acme.host/v1"

      # $VAULT_ROLE_ID and $VAULT_SECRET_ID defined as a secret CI/CD variable

variables:

    # audience claim for JWT

    VAULT_OIDC_AUD: "https://vault.acme.host"

  # Secrets managed by Vault

  HELMFILE_DEFAULT_KUBE_CONFIG: "@url@http://vault-secrets-provider/api/secrets/b7ecb6ebabc231/my-app/helmfile/noprod?field=kube_config"

  HELMFILE_PROD_KUBE_CONFIG: "@url@http://vault-secrets-provider/api/secrets/b7ecb6ebabc231/my-app/helmfile/prod?field=kube_config"

    VAULT_BASE_URL: "https://vault.acme.host/v1"

    # $VAULT_ROLE_ID and $VAULT_SECRET_ID defined as a secret CI/CD variable

```

  log_info "Bump version from \\e[33;1m${curVer}\\e[0m to \\e[33;1m${nextVer}\\e[0m (release type: $relType)..."

  # replace in README

  sed -e "s/ref: '$curVer'/ref: '$nextVer'/" README.md > README.md.next

  sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\”/ref: \”$nextVer\”/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next

  mv -f README.md.next README.md

  # replace in template and variants

  for tmpl in templates/*.yml

  do

    sed -e "s/\"$curVer\"/\"$nextVer\"/" "$tmpl" > "$tmpl.next"

    sed -e "s/command: *\[\"--service\", \"\(.*\)\", \"$curVer\"\]/command: [\"--service\", \"\1\", \"$nextVer\"]/" "$tmpl" > "$tmpl.next"

    mv -f "$tmpl.next" "$tmpl"

  done

else

  "description": "Deploy your application to a [Kubernetes](https://kubernetes.io/) platform using [helmfile](https://github.com/helmfile/helmfile)",

  "template_path": "templates/gitlab-ci-helmfile.yml",

  "kind": "hosting",

  "prefix": "helmfile",

  "is_component": true,

  "variables": [

    {

      "name": "HELMFILE_CLI_IMAGE",

        {

          "name": "HELMFILE_REVIEW_APP_NAME",

          "description": "The application name for `review` env _(only define to override default)_",

          "default": "${HELMFILE_BASE_APP_NAME}-${CI_ENVIRONMENT_SLUG}",

          "advanced": true

        },

        {

        {

          "name": "HELMFILE_REVIEW_NAMESPACE",

          "description": "The Kubernetes namespace to use for `review` env _(only define to override default)_",

          "default": "$KUBE_NAMESPACE",

          "advanced": true

        },

        {

          "name": "HELMFILE_REVIEW_KUBE_CONFIG",

          "description": "Specific kubeconfig for review env (only define to override default)",

          "default": "$HELMFILE_DEFAULT_KUBE_CONFIG",

          "advanced": true,

          "secret": true

        }

        {

          "name": "HELMFILE_INTEG_APP_NAME",

          "description": "The application name for `integration` env _(only define to override default)_",

          "default": "${HELMFILE_BASE_APP_NAME}-integration",

          "advanced": true

        },

        {

        {

          "name": "HELMFILE_INTEG_NAMESPACE",

          "description": "The Kubernetes namespace to use for `integration` env _(only define to override default)_",

          "default": "$KUBE_NAMESPACE",

          "advanced": true

        },

        {

          "name": "HELMFILE_INTEG_KUBE_CONFIG",

          "description": "Specific kubeconfig for integration env (only define to override default)",

          "default": "$HELMFILE_DEFAULT_KUBE_CONFIG",

          "advanced": true,

          "secret": true

        }

        {

          "name": "HELMFILE_STAGING_APP_NAME",

          "description": "The application name for `staging` env _(only define to override default)_",

          "default": "${HELMFILE_BASE_APP_NAME}-staging",

          "advanced": true

        },

        {

        {

          "name": "HELMFILE_STAGING_NAMESPACE",

          "description": "The Kubernetes namespace to use for `staging` env _(only define to override default)_",

          "default": "$KUBE_NAMESPACE",

          "advanced": true

        },

        {

          "name": "HELMFILE_STAGING_KUBE_CONFIG",

          "description": "Specific kubeconfig for staging env (only define to override default)",

          "default": "$HELMFILE_DEFAULT_KUBE_CONFIG",

          "advanced": true,

          "secret": true

        }

        {

          "name": "HELMFILE_PROD_APP_NAME",

          "description": "The application name for `production` env _(only define to override default)_",

          "default": "${HELMFILE_BASE_APP_NAME}",

          "advanced": true

        },

        {

        {

          "name": "HELMFILE_PROD_NAMESPACE",

          "description": "The Kubernetes namespace to use for `production` env _(only define to override default)_",

          "default": "$KUBE_NAMESPACE",

          "advanced": true

        },

        {

          "name": "HELMFILE_PROD_KUBE_CONFIG",

          "description": "Specific kubeconfig for production env (only define to override default)",

          "default": "$HELMFILE_DEFAULT_KUBE_CONFIG",

          "advanced": true,

          "secret": true

        }