diff --git a/templates/gitlab-ci-helm.yml b/templates/gitlab-ci-helm.yml
index 90dc8d91ffdc691924a1345fff54212658eb91eb..842d5b821b8354b2e518ec2b1c12e368fd150a23 100644
--- a/templates/gitlab-ci-helm.yml
+++ b/templates/gitlab-ci-helm.yml
@@ -13,14 +13,33 @@
# program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
# Floor, Boston, MA 02110-1301, USA.
# =========================================================================================
-# default workflow rules
+# default workflow rules: Merge Request pipelines
workflow:
rules:
- # exclude merge requests
- - if: $CI_MERGE_REQUEST_ID
+ # prevent branch pipeline when an MR is open (prefer MR pipeline)
+ - if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS'
when: never
- when: always
+# test job prototype: implement adaptive pipeline rules
+.test-policy:
+ rules:
+ # on tag: auto & failing
+ - if: $CI_COMMIT_TAG
+ # on ADAPTIVE_PIPELINE_DISABLED: auto & failing
+ - if: '$ADAPTIVE_PIPELINE_DISABLED == "true"'
+ # on production or integration branch(es): auto & failing
+ - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
+ # early stage (dev branch, no MR): manual & non-failing
+ - if: '$CI_MERGE_REQUEST_ID == null && $CI_OPEN_MERGE_REQUESTS == null'
+ when: manual
+ allow_failure: true
+ # Draft MR: auto & non-failing
+ - if: '$CI_MERGE_REQUEST_TITLE =~ /^Draft:.*/'
+ allow_failure: true
+ # else (Ready MR): auto & failing
+ - when: on_success
+
variables:
# variabilized tracking image
TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master"
@@ -508,7 +527,6 @@ stages:
# ==================================================
# Stage: check
# ==================================================
-
# lint-job is used to check the syntax of the Helm Chart for best practices.
helm-lint:
extends: .helm-base
@@ -535,8 +553,9 @@ helm-values-common-lint:
rules:
- if: '$HELM_YAMLLINT_DISABLED == "true"'
when: never
- - if: '$HELM_COMMON_VALUES'
-
+ - if: '$HELM_COMMON_VALUES == null || $HELM_COMMON_VALUES == ""'
+ when: never
+ - !reference [.test-policy, rules]
helm-values-review-lint:
extends: .helm-values-lint
@@ -546,8 +565,12 @@ helm-values-review-lint:
rules:
- if: '$HELM_YAMLLINT_DISABLED == "true"'
when: never
+ - if: '$HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == ""'
+ when: never
# only on non-production, non-integration branches
- - if: '$HELM_REVIEW_VALUES && $CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF'
+ - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
+ when: never
+ - !reference [.test-policy, rules]
helm-values-integration-lint:
extends: .helm-values-lint
@@ -557,8 +580,12 @@ helm-values-integration-lint:
rules:
- if: '$HELM_YAMLLINT_DISABLED == "true"'
when: never
- # only on integration branch(es)
- - if: '$HELM_INTEG_VALUES && $CI_COMMIT_REF_NAME =~ $INTEG_REF'
+ - if: '$HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == ""'
+ when: never
+ # only on non-production branches
+ - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF'
+ when: never
+ - !reference [.test-policy, rules]
helm-values-staging-lint:
extends: .helm-values-lint
@@ -568,8 +595,9 @@ helm-values-staging-lint:
rules:
- if: '$HELM_YAMLLINT_DISABLED == "true"'
when: never
- # only on production branch(es)
- - if: '$HELM_STAGING_VALUES && $CI_COMMIT_REF_NAME =~ $PROD_REF'
+ - if: '$HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == ""'
+ when: never
+ - !reference [.test-policy, rules]
helm-values-prod-lint:
extends: .helm-values-lint
@@ -579,8 +607,9 @@ helm-values-prod-lint:
rules:
- if: '$HELM_YAMLLINT_DISABLED == "true"'
when: never
- # only on production branch(es)
- - if: '$HELM_PROD_VALUES && $CI_COMMIT_REF_NAME =~ $PROD_REF'
+ - if: '$HELM_PROD_VALUES == null || $HELM_PROD_VALUES == ""'
+ when: never
+ - !reference [.test-policy, rules]
helm-review-score:
extends: .helm-score
@@ -593,11 +622,12 @@ helm-review-score:
# exclude when $HELM_KUBE_SCORE_DISABLED is set
- if: '$HELM_KUBE_SCORE_DISABLED == "true"'
when: never
- # else: only on non-production, non-integration branches + allow failure
- - if: $HELM_REVIEW_VALUES && $CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF
- exists:
- - "**/Chart.yaml"
- allow_failure: true
+ - if: '$HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == ""'
+ when: never
+ # only on non-production, non-integration branches
+ - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
+ when: never
+ - !reference [.test-policy, rules]
helm-integration-score:
extends: .helm-score
@@ -610,11 +640,12 @@ helm-integration-score:
# exclude when $K8S_SCORE_DISABLED is set
- if: '$HELM_KUBE_SCORE_DISABLED == "true"'
when: never
- # else: only on integration branch(es) + allow failure
- - if: $HELM_INTEG_VALUES && $CI_COMMIT_REF_NAME =~ $INTEG_REF
- exists:
- - "**/Chart.yaml"
- allow_failure: true
+ - if: '$HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == ""'
+ when: never
+ # only on non-production branches
+ - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF'
+ when: never
+ - !reference [.test-policy, rules]
helm-staging-score:
extends: .helm-score
@@ -627,11 +658,9 @@ helm-staging-score:
# exclude when $K8S_SCORE_DISABLED is set
- if: '$HELM_KUBE_SCORE_DISABLED == "true"'
when: never
- # else: only on production branch(es) + allow failure
- - if: $HELM_STAGING_VALUES && $CI_COMMIT_REF_NAME =~ $PROD_REF
- exists:
- - "**/Chart.yaml"
- allow_failure: true
+ - if: '$HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == ""'
+ when: never
+ - !reference [.test-policy, rules]
helm-prod-score:
extends: .helm-score
@@ -644,11 +673,9 @@ helm-prod-score:
# exclude when $K8S_SCORE_DISABLED is set
- if: '$HELM_KUBE_SCORE_DISABLED == "true"'
when: never
- # else: only on production branch(es) + allow failure
- - if: $HELM_PROD_VALUES && $CI_COMMIT_REF_NAME =~ $PROD_REF
- exists:
- - "**/Chart.yaml"
- allow_failure: true
+ - if: '$HELM_PROD_VALUES == null || $HELM_PROD_VALUES == ""'
+ when: never
+ - !reference [.test-policy, rules]
# ==================================================
# Stage: package-build
@@ -803,11 +830,9 @@ helm-publish:
script:
- test "$environment_type" "$environment_name" "${ENV_NAMESPACE:-${KUBE_NAMESPACE}}"
-
# ==================================================
# Stage: review
# ==================================================
-
# deploy to review env (only for feature branches)
# enabled by default, disable this job by setting $HELM_REVIEW_DISABLED
helm-review:
@@ -824,7 +849,7 @@ helm-review:
on_stop: helm-cleanup-review
resource_group: review/$CI_COMMIT_REF_NAME
rules:
- # exclude merge requests, tags and on $HELM_REVIEW_DISABLED set
+ # exclude tags and on $HELM_REVIEW_DISABLED set
- if: '$HELM_REVIEW_DISABLED == "true" || $CI_COMMIT_TAG'
when: never
# only on non-production, non-integration branches
@@ -843,7 +868,7 @@ helm-cleanup-review:
action: stop
resource_group: review/$CI_COMMIT_REF_NAME
rules:
- # exclude merge requests, tags and on $HELM_REVIEW_DISABLED set
+ # exclude tags and on $HELM_REVIEW_DISABLED set
- if: '$HELM_REVIEW_DISABLED == "true" || $CI_COMMIT_TAG'
when: never
# only on non-production, non-integration branches
@@ -860,16 +885,21 @@ helm-test-review:
ENV_KUBE_CONFIG: "$HELM_REVIEW_KUBE_CONFIG"
ENV_NAMESPACE: "$HELM_REVIEW_NAMESPACE"
rules:
- # exclude merge requests, tags and on $HELM_REVIEW_DISABLED set
- - if: '$HELM_REVIEW_DISABLED == "true" || $CI_COMMIT_TAG'
+ - if: $CI_COMMIT_TAG
when: never
- # only on non-production, non-integration branches
- - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF && $HELM_TEST_ENABLED == "true"'
+ - if: '$HELM_TEST_ENABLED != "true"'
+ when: never
+ - if: '$HELM_REVIEW_DISABLED == "true"'
+ when: never
+ # exclude on production or integration branch(es)
+ - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
+ when: never
+ # then use common test jobs policy
+ - !reference [.test-policy, rules]
# ==================================================
# Stage: integration
# ==================================================
-
# deploy to integration env (only for integration branches)
# enabled by default, disable this job by setting $HELM_INTEG_DISABLED
helm-integration:
@@ -923,16 +953,21 @@ helm-test-integration:
ENV_NAMESPACE: "$HELM_INTEG_NAMESPACE"
ENV_VALUES: "$HELM_INTEG_VALUES"
rules:
- # exclude merge requests and on $HELM_INTEG_DISABLED set
+ - if: $CI_COMMIT_TAG
+ when: never
+ - if: '$HELM_TEST_ENABLED != "true"'
+ when: never
- if: '$HELM_INTEG_DISABLED == "true"'
when: never
- # only on integration branch(es)
- - if: '$CI_COMMIT_REF_NAME =~ $INTEG_REF && $HELM_TEST_ENABLED == "true"'
+ # exclude on non-integration branch
+ - if: '$CI_COMMIT_REF_NAME !~ $INTEG_REF'
+ when: never
+ # then use common test jobs policy
+ - !reference [.test-policy, rules]
# ==================================================
# Stage: staging
# ==================================================
-
helm-staging:
extends: .helm-deploy
variables:
@@ -974,7 +1009,6 @@ helm-cleanup-staging:
when: manual
allow_failure: true
-
helm-test-staging:
extends: .helm-test
variables:
@@ -983,15 +1017,21 @@ helm-test-staging:
ENV_NAMESPACE: "$HELM_STAGING_NAMESPACE"
ENV_VALUES: "$HELM_STAGING_VALUES"
rules:
- # exclude merge requests and on $HELM_STAGING_DISABLED set
+ - if: $CI_COMMIT_TAG
+ when: never
+ - if: '$HELM_TEST_ENABLED != "true"'
+ when: never
- if: '$HELM_STAGING_DISABLED == "true"'
when: never
- # only on production branch(es)
- - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF && $HELM_TEST_ENABLED == "true" '
+ # exclude on non-production branch
+ - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF'
+ when: never
+ # then use common test jobs policy
+ - !reference [.test-policy, rules]
+
# ==================================================
# Stage: production
# ==================================================
-
helm-production:
extends: .helm-deploy
stage: production