feat: adaptive pipeline

BREAKING CHANGE: change default workflow from Branch pipeline to MR pipeline

templates/gitlab-ci-helm.yml

@@ -13,14 +13,33 @@
 # program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth 
 # Floor, Boston, MA  02110-1301, USA.
 # =========================================================================================
-# default workflow rules
+# default workflow rules: Merge Request pipelines
 workflow:
   rules:
-    # exclude merge requests
-    - if: $CI_MERGE_REQUEST_ID
+    # prevent branch pipeline when an MR is open (prefer MR pipeline)
+    - if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS'
       when: never
     - when: always
 
+# test job prototype: implement adaptive pipeline rules
+.test-policy:
+  rules:
+    # on tag: auto & failing
+    - if: $CI_COMMIT_TAG
+    # on ADAPTIVE_PIPELINE_DISABLED: auto & failing
+    - if: '$ADAPTIVE_PIPELINE_DISABLED == "true"'
+    # on production or integration branch(es): auto & failing
+    - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
+    # early stage (dev branch, no MR): manual & non-failing
+    - if: '$CI_MERGE_REQUEST_ID == null && $CI_OPEN_MERGE_REQUESTS == null'
+      when: manual
+      allow_failure: true
+    # Draft MR: auto & non-failing
+    - if: '$CI_MERGE_REQUEST_TITLE =~ /^Draft:.*/'
+      allow_failure: true
+    # else (Ready MR): auto & failing
+    - when: on_success
+
 variables:
   # variabilized tracking image
   TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master"
@@ -508,7 +527,6 @@ stages:
 # ==================================================
 # Stage: check
 # ==================================================
-
 # lint-job is used to check the syntax of the Helm Chart for best practices.
 helm-lint:
   extends: .helm-base
@@ -535,8 +553,9 @@ helm-values-common-lint:
   rules:
     - if: '$HELM_YAMLLINT_DISABLED == "true"'
       when: never
-    - if: '$HELM_COMMON_VALUES'
-
+    - if: '$HELM_COMMON_VALUES == null || $HELM_COMMON_VALUES == ""'
+      when: never
+    - !reference [.test-policy, rules]
 
 helm-values-review-lint:
   extends: .helm-values-lint
@@ -546,8 +565,12 @@ helm-values-review-lint:
   rules:
     - if: '$HELM_YAMLLINT_DISABLED == "true"'
       when: never
+    - if: '$HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == ""'
+      when: never
     # only on non-production, non-integration branches
-    - if: '$HELM_REVIEW_VALUES && $CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF'
+    - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
+      when: never
+    - !reference [.test-policy, rules]
 
 helm-values-integration-lint:
   extends: .helm-values-lint
@@ -557,8 +580,12 @@ helm-values-integration-lint:
   rules:
     - if: '$HELM_YAMLLINT_DISABLED == "true"'
       when: never
-    # only on integration branch(es)
-    - if: '$HELM_INTEG_VALUES && $CI_COMMIT_REF_NAME =~ $INTEG_REF'
+    - if: '$HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == ""'
+      when: never
+    # only on non-production branches
+    - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF'
+      when: never
+    - !reference [.test-policy, rules]
 
 helm-values-staging-lint:
   extends: .helm-values-lint
@@ -568,8 +595,9 @@ helm-values-staging-lint:
   rules:
     - if: '$HELM_YAMLLINT_DISABLED == "true"'
       when: never
-    # only on production branch(es)
-    - if: '$HELM_STAGING_VALUES && $CI_COMMIT_REF_NAME =~ $PROD_REF'
+    - if: '$HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == ""'
+      when: never
+    - !reference [.test-policy, rules]
 
 helm-values-prod-lint:
   extends: .helm-values-lint
@@ -579,8 +607,9 @@ helm-values-prod-lint:
   rules:
     - if: '$HELM_YAMLLINT_DISABLED == "true"'
       when: never
-    # only on production branch(es)
-    - if: '$HELM_PROD_VALUES && $CI_COMMIT_REF_NAME =~ $PROD_REF'
+    - if: '$HELM_PROD_VALUES == null || $HELM_PROD_VALUES == ""'
+      when: never
+    - !reference [.test-policy, rules]
 
 helm-review-score:
   extends: .helm-score
@@ -593,11 +622,12 @@ helm-review-score:
     # exclude when $HELM_KUBE_SCORE_DISABLED is set
     - if: '$HELM_KUBE_SCORE_DISABLED == "true"'
       when: never
-    # else: only on non-production, non-integration branches + allow failure
-    - if: $HELM_REVIEW_VALUES && $CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF
-      exists:
-        - "**/Chart.yaml"
-      allow_failure: true
+    - if: '$HELM_REVIEW_VALUES == null || $HELM_REVIEW_VALUES == ""'
+      when: never
+    # only on non-production, non-integration branches
+    - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
+      when: never
+    - !reference [.test-policy, rules]
 
 helm-integration-score:
   extends: .helm-score
@@ -610,11 +640,12 @@ helm-integration-score:
     # exclude when $K8S_SCORE_DISABLED is set
     - if: '$HELM_KUBE_SCORE_DISABLED == "true"'
       when: never
-    # else: only on integration branch(es) + allow failure
-    - if: $HELM_INTEG_VALUES && $CI_COMMIT_REF_NAME =~ $INTEG_REF
-      exists:
-        - "**/Chart.yaml"
-      allow_failure: true
+    - if: '$HELM_INTEG_VALUES == null || $HELM_INTEG_VALUES == ""'
+      when: never
+    # only on non-production branches
+    - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF'
+      when: never
+    - !reference [.test-policy, rules]
 
 helm-staging-score:
   extends: .helm-score
@@ -627,11 +658,9 @@ helm-staging-score:
     # exclude when $K8S_SCORE_DISABLED is set
     - if: '$HELM_KUBE_SCORE_DISABLED == "true"'
       when: never
-    # else: only on production branch(es) + allow failure
-    - if: $HELM_STAGING_VALUES && $CI_COMMIT_REF_NAME =~ $PROD_REF
-      exists:
-        - "**/Chart.yaml"
-      allow_failure: true
+    - if: '$HELM_STAGING_VALUES == null || $HELM_STAGING_VALUES == ""'
+      when: never
+    - !reference [.test-policy, rules]
 
 helm-prod-score:
   extends: .helm-score
@@ -644,11 +673,9 @@ helm-prod-score:
     # exclude when $K8S_SCORE_DISABLED is set
     - if: '$HELM_KUBE_SCORE_DISABLED == "true"'
       when: never
-    # else: only on production branch(es) + allow failure
-    - if: $HELM_PROD_VALUES && $CI_COMMIT_REF_NAME =~ $PROD_REF
-      exists:
-        - "**/Chart.yaml"
-      allow_failure: true
+    - if: '$HELM_PROD_VALUES == null || $HELM_PROD_VALUES == ""'
+      when: never
+    - !reference [.test-policy, rules]
 
 # ==================================================
 # Stage: package-build
@@ -803,11 +830,9 @@ helm-publish:
   script:
     - test "$environment_type" "$environment_name" "${ENV_NAMESPACE:-${KUBE_NAMESPACE}}"
 
-
 # ==================================================
 # Stage: review
 # ==================================================
-
 # deploy to review env (only for feature branches)
 # enabled by default, disable this job by setting $HELM_REVIEW_DISABLED
 helm-review:
@@ -824,7 +849,7 @@ helm-review:
     on_stop: helm-cleanup-review
   resource_group: review/$CI_COMMIT_REF_NAME
   rules:
-    # exclude merge requests, tags and on $HELM_REVIEW_DISABLED set
+    # exclude tags and on $HELM_REVIEW_DISABLED set
     - if: '$HELM_REVIEW_DISABLED == "true" || $CI_COMMIT_TAG'
       when: never
     # only on non-production, non-integration branches
@@ -843,7 +868,7 @@ helm-cleanup-review:
     action: stop
   resource_group: review/$CI_COMMIT_REF_NAME
   rules:
-    # exclude merge requests, tags and on $HELM_REVIEW_DISABLED set
+    # exclude tags and on $HELM_REVIEW_DISABLED set
     - if: '$HELM_REVIEW_DISABLED == "true" || $CI_COMMIT_TAG'
       when: never
     # only on non-production, non-integration branches
@@ -860,16 +885,21 @@ helm-test-review:
     ENV_KUBE_CONFIG: "$HELM_REVIEW_KUBE_CONFIG"
     ENV_NAMESPACE: "$HELM_REVIEW_NAMESPACE"
   rules:
-    # exclude merge requests, tags and on $HELM_REVIEW_DISABLED set
-    - if: '$HELM_REVIEW_DISABLED == "true" || $CI_COMMIT_TAG'
+    - if: $CI_COMMIT_TAG
       when: never
-    # only on non-production, non-integration branches
-    - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF && $HELM_TEST_ENABLED == "true"'
+    - if: '$HELM_TEST_ENABLED != "true"'
+      when: never
+    - if: '$HELM_REVIEW_DISABLED == "true"'
+      when: never
+    # exclude on production or integration branch(es)
+    - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
+      when: never
+    # then use common test jobs policy
+    - !reference [.test-policy, rules]
 
 # ==================================================
 # Stage: integration
 # ==================================================
-
 # deploy to integration env (only for integration branches)
 # enabled by default, disable this job by setting $HELM_INTEG_DISABLED
 helm-integration:
@@ -923,16 +953,21 @@ helm-test-integration:
     ENV_NAMESPACE: "$HELM_INTEG_NAMESPACE"
     ENV_VALUES: "$HELM_INTEG_VALUES"
   rules:
-    # exclude merge requests and on $HELM_INTEG_DISABLED set
+    - if: $CI_COMMIT_TAG
+      when: never
+    - if: '$HELM_TEST_ENABLED != "true"'
+      when: never
     - if: '$HELM_INTEG_DISABLED == "true"'
       when: never
-    # only on integration branch(es)
-    - if: '$CI_COMMIT_REF_NAME =~ $INTEG_REF && $HELM_TEST_ENABLED == "true"'
+    # exclude on non-integration branch
+    - if: '$CI_COMMIT_REF_NAME !~ $INTEG_REF'
+      when: never
+    # then use common test jobs policy
+    - !reference [.test-policy, rules]
 
 # ==================================================
 # Stage: staging
 # ==================================================
-
 helm-staging:
   extends: .helm-deploy
   variables:
@@ -974,7 +1009,6 @@ helm-cleanup-staging:
       when: manual
       allow_failure: true
 
-
 helm-test-staging:
   extends: .helm-test
   variables:
@@ -983,15 +1017,21 @@ helm-test-staging:
     ENV_NAMESPACE: "$HELM_STAGING_NAMESPACE"
     ENV_VALUES: "$HELM_STAGING_VALUES"
   rules:
-    # exclude merge requests and on $HELM_STAGING_DISABLED set
+    - if: $CI_COMMIT_TAG
+      when: never
+    - if: '$HELM_TEST_ENABLED != "true"'
+      when: never
     - if: '$HELM_STAGING_DISABLED == "true"'
       when: never
-    # only on production branch(es)
-    - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF && $HELM_TEST_ENABLED == "true" '
+    # exclude on non-production branch
+    - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF'
+      when: never
+    # then use common test jobs policy
+    - !reference [.test-policy, rules]
+
 # ==================================================
 # Stage: production
 # ==================================================
-
 helm-production:
   extends: .helm-deploy
   stage: production