From abdc875fe5d820233a16db86a1c35a3d989e9405 Mon Sep 17 00:00:00 2001
From: Pierre Smeyers <pierre.smeyers@orange.com>
Date: Tue, 18 May 2021 15:28:14 +0200
Subject: [PATCH] feat: add scoped variables support
---
templates/gitlab-ci-helm.yml | 85 +++++++++++++++++++++++++++++++++++-
1 file changed, 84 insertions(+), 1 deletion(-)
diff --git a/templates/gitlab-ci-helm.yml b/templates/gitlab-ci-helm.yml
index 7c83c0b..4a94e25 100644
--- a/templates/gitlab-ci-helm.yml
+++ b/templates/gitlab-ci-helm.yml
@@ -132,6 +132,88 @@ stages:
fi
}
+ function unscope_variables() {
+ _scoped_vars=$(env | awk -F '=' "/^scoped__[a-zA-Z0-9_]+=/ {print \$1}" | sort)
+ if [[ -z "$_scoped_vars" ]]; then return; fi
+ log_info "Processing scoped variables..."
+ for _scoped_var in $_scoped_vars
+ do
+ _fields=${_scoped_var//__/:}
+ _condition=$(echo "$_fields" | cut -d: -f3)
+ case "$_condition" in
+ if) _not="";;
+ ifnot) _not=1;;
+ *)
+ log_warn "... unrecognized condition \\e[1;91m$_condition\\e[0m in \\e[33;1m${_scoped_var}\\e[0m"
+ continue
+ ;;
+ esac
+ _target_var=$(echo "$_fields" | cut -d: -f2)
+ _cond_var=$(echo "$_fields" | cut -d: -f4)
+ _cond_val=$(eval echo "\$${_cond_var}")
+ _test_op=$(echo "$_fields" | cut -d: -f5)
+ case "$_test_op" in
+ defined)
+ if [[ -z "$_not" ]] && [[ -z "$_cond_val" ]]; then continue;
+ elif [[ "$_not" ]] && [[ "$_cond_val" ]]; then continue;
+ fi
+ ;;
+ equals|startswith|endswith|contains|in|equals_ic|startswith_ic|endswith_ic|contains_ic|in_ic)
+ # comparison operator
+ # sluggify actual value
+ _cond_val=$(echo "$_cond_val" | tr '[:punct:]' '_')
+ # retrieve comparison value
+ _cmp_val_prefix="scoped__${_target_var}__${_condition}__${_cond_var}__${_test_op}__"
+ _cmp_val=${_scoped_var#$_cmp_val_prefix}
+ # manage 'ignore case'
+ if [[ "$_test_op" == *_ic ]]
+ then
+ # lowercase everything
+ _cond_val=$(echo "$_cond_val" | tr '[:upper:]' '[:lower:]')
+ _cmp_val=$(echo "$_cmp_val" | tr '[:upper:]' '[:lower:]')
+ fi
+ case "$_test_op" in
+ equals*)
+ if [[ -z "$_not" ]] && [[ "$_cond_val" != "$_cmp_val" ]]; then continue;
+ elif [[ "$_not" ]] && [[ "$_cond_val" == "$_cmp_val" ]]; then continue;
+ fi
+ ;;
+ startswith*)
+ if [[ -z "$_not" ]] && [[ "$_cond_val" != "$_cmp_val"* ]]; then continue;
+ elif [[ "$_not" ]] && [[ "$_cond_val" == "$_cmp_val"* ]]; then continue;
+ fi
+ ;;
+ endswith*)
+ if [[ -z "$_not" ]] && [[ "$_cond_val" != *"$_cmp_val" ]]; then continue;
+ elif [[ "$_not" ]] && [[ "$_cond_val" == *"$_cmp_val" ]]; then continue;
+ fi
+ ;;
+ contains*)
+ if [[ -z "$_not" ]] && [[ "$_cond_val" != *"$_cmp_val"* ]]; then continue;
+ elif [[ "$_not" ]] && [[ "$_cond_val" == *"$_cmp_val"* ]]; then continue;
+ fi
+ ;;
+ in*)
+ if [[ -z "$_not" ]] && [[ "__${_cmp_val}__" != *"__${_cond_val}__"* ]]; then continue;
+ elif [[ "$_not" ]] && [[ "__${_cmp_val}__" == *"__${_cond_val}__"* ]]; then continue;
+ fi
+ ;;
+ esac
+ ;;
+ *)
+ log_warn "... unrecognized test operator \\e[1;91m${_test_op}\\e[0m in \\e[33;1m${_scoped_var}\\e[0m"
+ continue
+ ;;
+ esac
+ # matches
+ _val=$(eval echo "\$${_target_var}")
+ log_info "... apply \\e[32m${_target_var}\\e[0m from \\e[32m\$${_scoped_var}\\e[0m${_val:+ (\\e[33;1moverwrite\\e[0m)}"
+ _val=$(eval echo "\$${_scoped_var}")
+ export "${_target_var}"="${_val}"
+ done
+ log_info "... done"
+ }
+
# evaluate and export a secret
# - $1: secret variable name
function eval_secret() {
@@ -196,7 +278,7 @@ stages:
}
function eval_all_secrets() {
- encoded_vars=$(env | awk -F '=' '/^[a-zA-Z0-9_]*=@(b64|hex|url)@/ {print $1}')
+ encoded_vars=$(env | grep -v '^scoped__' | awk -F '=' '/^[a-zA-Z0-9_]*=@(b64|hex|url)@/ {print $1}')
for var in $encoded_vars
do
eval_secret "$var"
@@ -371,6 +453,7 @@ stages:
}
if [[ -z "$TEMPLATE_CHECK_UPDATE_DISABLED" ]]; then check_for_update helm "1.1.1"; fi
+ unscope_variables
eval_all_secrets
# ENDSCRIPT
--
GitLab