Commit a97ec13d authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

Merge branch 'feat/adaptive-pipeline' into 'master'

Adaptive pipeline

See merge request to-be-continuous/terraform!41
parents 3602af1d 735514e1
Loading
Loading
Loading
Loading
+32 −26
Original line number Diff line number Diff line
@@ -13,14 +13,33 @@
# program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
# Floor, Boston, MA  02110-1301, USA.
# =========================================================================================
# default workflow rules
# default workflow rules: Merge Request pipelines
workflow:
  rules:
    # exclude merge requests
    - if: $CI_MERGE_REQUEST_ID
    # prevent branch pipeline when an MR is open (prefer MR pipeline)
    - if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS'
      when: never
    - when: always

# test job prototype: implement adaptive pipeline rules
.test-policy:
  rules:
    # on tag: auto & failing
    - if: $CI_COMMIT_TAG
    # on ADAPTIVE_PIPELINE_DISABLED: auto & failing
    - if: '$ADAPTIVE_PIPELINE_DISABLED == "true"'
    # on production or integration branch(es): auto & failing
    - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
    # early stage (dev branch, no MR): manual & non-failing
    - if: '$CI_MERGE_REQUEST_ID == null && $CI_OPEN_MERGE_REQUESTS == null'
      when: manual
      allow_failure: true
    # Draft MR: auto & non-failing
    - if: '$CI_MERGE_REQUEST_TITLE =~ /^Draft:.*/'
      allow_failure: true
    # else (Ready MR): auto & failing
    - when: on_success

variables:
  # variabilized tracking image
  TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master"
@@ -527,7 +546,6 @@ stages:

  # ENDSCRIPT


.tf-commands:
  default:
    init: tf_init "${ENV_INIT_OPTS:-$TF_INIT_OPTS}" "${ENV_EXTRA_OPTS:-$TF_EXTRA_OPTS}"
@@ -635,12 +653,9 @@ tf-tfsec:
      - $TF_PROJECT_DIR/reports/
  dependencies: []
  rules:
    # on any branch: when $TFSEC_ENABLED is set
    # on production or integration branches: auto
    - if: '$TF_TFSEC_ENABLED == "true" && ($CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF)'
    # else (development branches): allow failure
    - if: '$TF_TFSEC_ENABLED == "true"'
      allow_failure: true
    - if: '$TF_TFSEC_ENABLED != "true"'
      when: never
    - !reference [.test-policy, rules]

tf-tflint:
  extends: .tf-base
@@ -664,11 +679,9 @@ tf-tflint:
      - $TF_PROJECT_DIR/reports/
  dependencies: []
  rules:
    # exclude merge requests
    - if: '$TF_TFLINT_DISABLED == "true"'
      when: never
    - if: $CI_COMMIT_REF_NAME  # useless but prevents GitLab from warning

    - !reference [.test-policy, rules]

tf-checkov:
  extends: .tf-base
@@ -692,12 +705,9 @@ tf-checkov:
      - $TF_PROJECT_DIR/reports/
  dependencies: []
  rules:
    # on any branch: when $TF_CHECKOV_ENABLED is set
    # on production or integration branches: auto
    - if: '$TF_CHECKOV_ENABLED == "true" && ($CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF)'
    # else (development branches): allow failure
    - if: '$TF_CHECKOV_ENABLED == "true"'
      allow_failure: true
    - if: '$TF_CHECKOV_ENABLED != "true"'
      when: never
    - !reference [.test-policy, rules]

tf-infracost:
  extends: .tf-base
@@ -711,13 +721,9 @@ tf-infracost:
  script:
    - tf_infracost
  rules:
    # on any branch: when $TF_INFRACOST_ENABLED is set
    # on production or integration branches: auto
    - if: '$TF_INFRACOST_ENABLED == "true" && ($CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF)'
    # else (development branches): allow failure
    - if: '$TF_INFRACOST_ENABLED == "true"'
      allow_failure: true

    - if: '$TF_INFRACOST_ENABLED != "true"'
      when: never
    - !reference [.test-policy, rules]

# =============================================================================
# === Review env jobs