diff --git a/templates/gitlab-ci-helm.yml b/templates/gitlab-ci-helm.yml
index 12b543ae2e1aa3cc7f24b277f1a578cf6b4c8fcb..52036edeedff9f7428587121af776b76011d373c 100644
--- a/templates/gitlab-ci-helm.yml
+++ b/templates/gitlab-ci-helm.yml
@@ -707,14 +707,54 @@ stages:
- .cache
- .config
-.helm-values-lint:
+helm-values-lint:
extends: .helm-base
image:
name: $HELM_YAMLLINT_IMAGE
entrypoint: [""]
stage: test
+ parallel:
+ matrix:
+ - VAR_PREFIX: COMMON
+ - VAR_PREFIX: REVIEW
+ - VAR_PREFIX: INTEG
+ - VAR_PREFIX: STAGING
+ - VAR_PREFIX: PROD
+ script:
+ - values_file=$(eval echo "\$HELM_${VAR_PREFIX}_VALUES")
+ - awkenvsubst < "$values_file" > generated-values.yml
+ - yamllint -d "$HELM_YAMLLINT_CONFIG" $HELM_YAMLLINT_ARGS generated-values.yml
+ rules:
+ # exclude tags
+ - if: $CI_COMMIT_TAG
+ when: never
+ # exclude when $HELM_YAMLLINT_DISABLED is set
+ - if: '$HELM_YAMLLINT_DISABLED == "true"'
+ when: never
+ # exclude common if $HELM_COMMON_VALUES unset
+ - if: '$VAR_PREFIX == "COMMON" && ($HELM_COMMON_VALUES == null || $HELM_COMMON_VALUES == "")'
+ when: never
+ # exclude review if $HELM_REVIEW_VALUES unset
+ - if: '$VAR_PREFIX == "REVIEW" && ($HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == "")'
+ when: never
+ # exclude review on integration or prod branch
+ - if: '$VAR_PREFIX == "REVIEW" && ($CI_COMMIT_REF_NAME =~ $INTEG_REF || $CI_COMMIT_REF_NAME =~ $PROD_REF)'
+ when: never
+ # exclude integration if $HELM_INTEG_VALUES unset
+ - if: '$VAR_PREFIX == "INTEG" && ($HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == "")'
+ when: never
+ # exclude integration on prod branch
+ - if: '$VAR_PREFIX == "INTEG" && $CI_COMMIT_REF_NAME =~ $PROD_REF'
+ when: never
+ # exclude staging if $HELM_STAGING_VALUES unset
+ - if: '$VAR_PREFIX == "STAGING" && ($HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == "")'
+ when: never
+ # exclude production if $HELM_PROD_VALUES unset
+ - if: '$VAR_PREFIX == "PROD" && ($HELM_PROD_VALUES == null || $HELM_PROD_VALUES == "")'
+ when: never
+ - !reference [.test-policy, rules]
-.helm-score:
+helm-score:
extends: .helm-base
image:
name: $HELM_KUBE_SCORE_IMAGE
@@ -736,6 +776,47 @@ stages:
log_error "You need at least one Chart.yaml or external deploy chart reference"
exit 1
fi
+ parallel:
+ matrix:
+ - ENV_TYPE: review
+ VAR_PREFIX: REVIEW
+ - ENV_TYPE: integration
+ VAR_PREFIX: INTEG
+ - ENV_TYPE: staging
+ VAR_PREFIX: STAGING
+ - ENV_TYPE: production
+ VAR_PREFIX: PROD
+ script:
+ - awkenvsubst < "${HELM_COMMON_VALUES:-/dev/null}" > generated-values-common.yml
+ - env_values=$(eval echo "\$HELM_${VAR_PREFIX}_VALUES")
+ - awkenvsubst < "$env_values" > generated-values-env.yml
+ - helm template $helm_package --values generated-values-common.yml --values generated-values-env.yml | kube-score score ${HELM_KUBE_SCORE_ARGS} -
+ rules:
+ # exclude tags
+ - if: $CI_COMMIT_TAG
+ when: never
+ # exclude when $HELM_SCORE_DISABLED is set
+ - if: '$HELM_KUBE_SCORE_DISABLED == "true"'
+ when: never
+ # exclude review if $HELM_REVIEW_VALUES unset
+ - if: '$ENV_TYPE == "review" && ($HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == "")'
+ when: never
+ # exclude review on integration or prod branch
+ - if: '$ENV_TYPE == "review" && ($CI_COMMIT_REF_NAME =~ $INTEG_REF || $CI_COMMIT_REF_NAME =~ $PROD_REF)'
+ when: never
+ # exclude integration if $HELM_INTEG_VALUES unset
+ - if: '$ENV_TYPE == "integration" && ($HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == "")'
+ when: never
+ # exclude integration on prod branch
+ - if: '$ENV_TYPE == "integration" && $CI_COMMIT_REF_NAME =~ $PROD_REF'
+ when: never
+ # exclude staging if $HELM_STAGING_VALUES unset
+ - if: '$ENV_TYPE == "staging" && ($HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == "")'
+ when: never
+ # exclude production if $HELM_PROD_VALUES unset
+ - if: '$ENV_TYPE == "production" && ($HELM_PROD_VALUES == null || $HELM_PROD_VALUES == "")'
+ when: never
+ - !reference [.test-policy, rules]
# ==================================================
# Stage: check
@@ -757,139 +838,6 @@ helm-lint:
- exists:
- "**/Chart.yaml"
-# yamllint-job is used to check the syntax of the values files.
-helm-values-common-lint:
- extends: .helm-values-lint
- script:
- - awkenvsubst < "$HELM_COMMON_VALUES" > generated-values-common.yml
- - yamllint -d "$HELM_YAMLLINT_CONFIG" $HELM_YAMLLINT_ARGS generated-values-common.yml
- rules:
- - if: '$HELM_YAMLLINT_DISABLED == "true"'
- when: never
- - if: '$HELM_COMMON_VALUES == null || $HELM_COMMON_VALUES == ""'
- when: never
- - !reference [.test-policy, rules]
-
-helm-values-review-lint:
- extends: .helm-values-lint
- script:
- - awkenvsubst < "$HELM_REVIEW_VALUES" > generated-values-review.yml
- - yamllint -d "$HELM_YAMLLINT_CONFIG" $HELM_YAMLLINT_ARGS generated-values-review.yml
- rules:
- - if: '$HELM_YAMLLINT_DISABLED == "true"'
- when: never
- - if: '$HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == ""'
- when: never
- # only on non-production, non-integration branches
- - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
- when: never
- - !reference [.test-policy, rules]
-
-helm-values-integration-lint:
- extends: .helm-values-lint
- script:
- - awkenvsubst < "$HELM_INTEG_VALUES" > generated-values-integration.yml
- - yamllint -d "$HELM_YAMLLINT_CONFIG" $HELM_YAMLLINT_ARGS generated-values-integration.yml
- rules:
- - if: '$HELM_YAMLLINT_DISABLED == "true"'
- when: never
- - if: '$HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == ""'
- when: never
- # only on non-production branches
- - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF'
- when: never
- - !reference [.test-policy, rules]
-
-helm-values-staging-lint:
- extends: .helm-values-lint
- script:
- - awkenvsubst < "$HELM_STAGING_VALUES" > generated-values-staging.yml
- - yamllint -d "$HELM_YAMLLINT_CONFIG" $HELM_YAMLLINT_ARGS generated-values-staging.yml
- rules:
- - if: '$HELM_YAMLLINT_DISABLED == "true"'
- when: never
- - if: '$HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == ""'
- when: never
- - !reference [.test-policy, rules]
-
-helm-values-prod-lint:
- extends: .helm-values-lint
- script:
- - awkenvsubst < "$HELM_PROD_VALUES" > generated-values-prod.yml
- - yamllint -d "$HELM_YAMLLINT_CONFIG" $HELM_YAMLLINT_ARGS generated-values-prod.yml
- rules:
- - if: '$HELM_YAMLLINT_DISABLED == "true"'
- when: never
- - if: '$HELM_PROD_VALUES == null || $HELM_PROD_VALUES == ""'
- when: never
- - !reference [.test-policy, rules]
-
-helm-review-score:
- extends: .helm-score
- script:
- - if [ -z "$HELM_COMMON_VALUES" ]; then HELM_COMMON_VALUES=/dev/null; fi
- - awkenvsubst < "$HELM_COMMON_VALUES" > generated-values-common.yml
- - awkenvsubst < "$HELM_REVIEW_VALUES" > generated-values-review.yml
- - helm template $helm_package --values generated-values-common.yml --values generated-values-review.yml | kube-score score ${HELM_KUBE_SCORE_ARGS} -
- rules:
- # exclude when $HELM_KUBE_SCORE_DISABLED is set
- - if: '$HELM_KUBE_SCORE_DISABLED == "true"'
- when: never
- - if: '$HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == ""'
- when: never
- # only on non-production, non-integration branches
- - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
- when: never
- - !reference [.test-policy, rules]
-
-helm-integration-score:
- extends: .helm-score
- script:
- - if [ -z "$HELM_COMMON_VALUES" ]; then HELM_COMMON_VALUES=/dev/null; fi
- - awkenvsubst < "$HELM_COMMON_VALUES" > generated-values-common.yml
- - awkenvsubst < "$HELM_INTEG_VALUES" > generated-values-integration.yml
- - helm template $helm_package --values generated-values-common.yml --values generated-values-integration.yml | kube-score score ${HELM_KUBE_SCORE_ARGS} -
- rules:
- # exclude when $HELM_SCORE_DISABLED is set
- - if: '$HELM_KUBE_SCORE_DISABLED == "true"'
- when: never
- - if: '$HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == ""'
- when: never
- # only on non-production branches
- - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF'
- when: never
- - !reference [.test-policy, rules]
-
-helm-staging-score:
- extends: .helm-score
- script:
- - if [ -z "$HELM_COMMON_VALUES" ]; then HELM_COMMON_VALUES=/dev/null; fi
- - awkenvsubst < "$HELM_COMMON_VALUES" > generated-values-common.yml
- - awkenvsubst < "$HELM_STAGING_VALUES" > generated-values-staging.yml
- - helm template $helm_package --values generated-values-common.yml --values generated-values-staging.yml | kube-score score ${HELM_KUBE_SCORE_ARGS} -
- rules:
- # exclude when $HELM_SCORE_DISABLED is set
- - if: '$HELM_KUBE_SCORE_DISABLED == "true"'
- when: never
- - if: '$HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == ""'
- when: never
- - !reference [.test-policy, rules]
-
-helm-prod-score:
- extends: .helm-score
- script:
- - if [ -z "$HELM_COMMON_VALUES" ]; then HELM_COMMON_VALUES=/dev/null; fi
- - awkenvsubst < "$HELM_COMMON_VALUES" > generated-values-common.yml
- - awkenvsubst < "$HELM_PROD_VALUES" > generated-values-prod.yml
- - helm template $helm_package --values generated-values-common.yml --values generated-values-prod.yml | kube-score score ${HELM_KUBE_SCORE_ARGS} -
- rules:
- # exclude when $HELM_SCORE_DISABLED is set
- - if: '$HELM_KUBE_SCORE_DISABLED == "true"'
- when: never
- - if: '$HELM_PROD_VALUES == null || $HELM_PROD_VALUES == ""'
- when: never
- - !reference [.test-policy, rules]
-
# ==================================================
# Stage: package-build
# ==================================================