Loading templates/gitlab-ci-terraform.yml +11 −44 Original line number Diff line number Diff line Loading @@ -13,6 +13,14 @@ # program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth # Floor, Boston, MA 02110-1301, USA. # ========================================================================================= # default workflow rules workflow: rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never - when: always variables: # variabilized tracking image TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master" Loading Loading @@ -580,9 +588,6 @@ tf-tfsec: - $TF_PROJECT_DIR/reports/ dependencies: [] rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # on any branch: when $TFSEC_ENABLED is set # on production or integration branches: auto - if: '$TF_TFSEC_ENABLED == "true" && ($CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF)' Loading Loading @@ -613,7 +618,7 @@ tf-tflint: dependencies: [] rules: # exclude merge requests - if: '$CI_MERGE_REQUEST_ID || $TF_TFLINT_DISABLED == "true"' - if: '$TF_TFLINT_DISABLED == "true"' when: never - if: $CI_COMMIT_REF_NAME # useless but prevents GitLab from warning Loading @@ -640,9 +645,6 @@ tf-checkov: - $TF_PROJECT_DIR/reports/ dependencies: [] rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # on any branch: when $TF_CHECKOV_ENABLED is set # on production or integration branches: auto - if: '$TF_CHECKOV_ENABLED == "true" && ($CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF)' Loading @@ -662,9 +664,6 @@ tf-infracost: script: - tf_infracost rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # on any branch: when $TF_INFRACOST_ENABLED is set # on production or integration branches: auto - if: '$TF_INFRACOST_ENABLED == "true" && ($CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF)' Loading @@ -689,9 +688,6 @@ tf-plan-review: action: prepare resource_group: tf-review/$CI_COMMIT_REF_NAME rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # exclude tags - if: $CI_COMMIT_TAG when: never Loading @@ -718,9 +714,6 @@ tf-review: action: start resource_group: tf-review/$CI_COMMIT_REF_NAME rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # exclude tags - if: $CI_COMMIT_TAG when: never Loading Loading @@ -749,9 +742,6 @@ tf-destroy-review: action: stop resource_group: tf-review/$CI_COMMIT_REF_NAME rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # exclude tags - if: $CI_COMMIT_TAG when: never Loading @@ -776,9 +766,6 @@ tf-plan-integration: action: prepare resource_group: tf-integration rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # exclude non-integration branches - if: '$CI_COMMIT_REF_NAME !~ $INTEG_REF' when: never Loading @@ -802,9 +789,6 @@ tf-integration: action: start resource_group: tf-integration rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # exclude non-integration branches - if: '$CI_COMMIT_REF_NAME !~ $INTEG_REF' when: never Loading @@ -830,9 +814,6 @@ tf-destroy-integration: action: stop resource_group: tf-integration rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # only on integration branch(es), with $TF_INTEG_ENABLED set - if: '$TF_INTEG_ENABLED == "true" && $CI_COMMIT_REF_NAME =~ $INTEG_REF' when: manual Loading @@ -854,9 +835,6 @@ tf-plan-staging: action: prepare resource_group: tf-staging rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # exclude non-production branches - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF' when: never Loading @@ -880,9 +858,6 @@ tf-staging: action: start resource_group: tf-staging rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # exclude non-production branches - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF' when: never Loading @@ -908,9 +883,6 @@ tf-destroy-staging: action: stop resource_group: tf-staging rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # only on production branch(es), with $TF_STAGING_ENABLED set - if: '$TF_STAGING_ENABLED == "true" && $CI_COMMIT_REF_NAME =~ $PROD_REF' when: manual Loading @@ -932,9 +904,6 @@ tf-plan-production: action: prepare resource_group: tf-production rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # exclude tags - if: $CI_COMMIT_TAG when: never Loading @@ -944,8 +913,9 @@ tf-plan-production: # exclude if $TF_PROD_PLAN_ENABLED not set - if: '$TF_PROD_PLAN_ENABLED != "true"' when: never # enabled on merge requests # enabled on merge requests (2 rules depending on the selected workflow) - if: $CI_OPEN_MERGE_REQUESTS - if: '$CI_MERGE_REQUEST_ID && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ $PROD_REF' # enabled on production branches - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF' Loading @@ -964,9 +934,6 @@ tf-production: action: start resource_group: tf-production rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # exclude non-production branches - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF' when: never Loading Loading
templates/gitlab-ci-terraform.yml +11 −44 Original line number Diff line number Diff line Loading @@ -13,6 +13,14 @@ # program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth # Floor, Boston, MA 02110-1301, USA. # ========================================================================================= # default workflow rules workflow: rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never - when: always variables: # variabilized tracking image TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master" Loading Loading @@ -580,9 +588,6 @@ tf-tfsec: - $TF_PROJECT_DIR/reports/ dependencies: [] rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # on any branch: when $TFSEC_ENABLED is set # on production or integration branches: auto - if: '$TF_TFSEC_ENABLED == "true" && ($CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF)' Loading Loading @@ -613,7 +618,7 @@ tf-tflint: dependencies: [] rules: # exclude merge requests - if: '$CI_MERGE_REQUEST_ID || $TF_TFLINT_DISABLED == "true"' - if: '$TF_TFLINT_DISABLED == "true"' when: never - if: $CI_COMMIT_REF_NAME # useless but prevents GitLab from warning Loading @@ -640,9 +645,6 @@ tf-checkov: - $TF_PROJECT_DIR/reports/ dependencies: [] rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # on any branch: when $TF_CHECKOV_ENABLED is set # on production or integration branches: auto - if: '$TF_CHECKOV_ENABLED == "true" && ($CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF)' Loading @@ -662,9 +664,6 @@ tf-infracost: script: - tf_infracost rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # on any branch: when $TF_INFRACOST_ENABLED is set # on production or integration branches: auto - if: '$TF_INFRACOST_ENABLED == "true" && ($CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF)' Loading @@ -689,9 +688,6 @@ tf-plan-review: action: prepare resource_group: tf-review/$CI_COMMIT_REF_NAME rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # exclude tags - if: $CI_COMMIT_TAG when: never Loading @@ -718,9 +714,6 @@ tf-review: action: start resource_group: tf-review/$CI_COMMIT_REF_NAME rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # exclude tags - if: $CI_COMMIT_TAG when: never Loading Loading @@ -749,9 +742,6 @@ tf-destroy-review: action: stop resource_group: tf-review/$CI_COMMIT_REF_NAME rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # exclude tags - if: $CI_COMMIT_TAG when: never Loading @@ -776,9 +766,6 @@ tf-plan-integration: action: prepare resource_group: tf-integration rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # exclude non-integration branches - if: '$CI_COMMIT_REF_NAME !~ $INTEG_REF' when: never Loading @@ -802,9 +789,6 @@ tf-integration: action: start resource_group: tf-integration rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # exclude non-integration branches - if: '$CI_COMMIT_REF_NAME !~ $INTEG_REF' when: never Loading @@ -830,9 +814,6 @@ tf-destroy-integration: action: stop resource_group: tf-integration rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # only on integration branch(es), with $TF_INTEG_ENABLED set - if: '$TF_INTEG_ENABLED == "true" && $CI_COMMIT_REF_NAME =~ $INTEG_REF' when: manual Loading @@ -854,9 +835,6 @@ tf-plan-staging: action: prepare resource_group: tf-staging rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # exclude non-production branches - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF' when: never Loading @@ -880,9 +858,6 @@ tf-staging: action: start resource_group: tf-staging rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # exclude non-production branches - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF' when: never Loading @@ -908,9 +883,6 @@ tf-destroy-staging: action: stop resource_group: tf-staging rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # only on production branch(es), with $TF_STAGING_ENABLED set - if: '$TF_STAGING_ENABLED == "true" && $CI_COMMIT_REF_NAME =~ $PROD_REF' when: manual Loading @@ -932,9 +904,6 @@ tf-plan-production: action: prepare resource_group: tf-production rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # exclude tags - if: $CI_COMMIT_TAG when: never Loading @@ -944,8 +913,9 @@ tf-plan-production: # exclude if $TF_PROD_PLAN_ENABLED not set - if: '$TF_PROD_PLAN_ENABLED != "true"' when: never # enabled on merge requests # enabled on merge requests (2 rules depending on the selected workflow) - if: $CI_OPEN_MERGE_REQUESTS - if: '$CI_MERGE_REQUEST_ID && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ $PROD_REF' # enabled on production branches - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF' Loading @@ -964,9 +934,6 @@ tf-production: action: start resource_group: tf-production rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID when: never # exclude non-production branches - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF' when: never Loading