From 617edd2da72887bf58b29fddb397551453dff6a2 Mon Sep 17 00:00:00 2001
From: Pierre Smeyers <pierre.smeyers@gmail.com>
Date: Tue, 30 Jan 2024 12:27:03 +0100
Subject: [PATCH] fix: sanitize empty variable test expressions

rewrite all '$SOME_VAR' test expressions to '($SOME_VAR != null && $SOME_VAR != "")'
---
 templates/gitlab-ci-openshift.yml | 32 +++++++++++++++++++++----------
 1 file changed, 22 insertions(+), 10 deletions(-)

diff --git a/templates/gitlab-ci-openshift.yml b/templates/gitlab-ci-openshift.yml
index 0c374f5..305b43b 100644
--- a/templates/gitlab-ci-openshift.yml
+++ b/templates/gitlab-ci-openshift.yml
@@ -812,8 +812,11 @@ os-review:
     # exclude if $CLEANUP_ALL_REVIEW set to 'force'
     - if: '$CLEANUP_ALL_REVIEW == "force"'
       when: never
-    # only on non-production, non-integration branches, with $OS_REVIEW_PROJECT set
-    - if: '$OS_REVIEW_PROJECT && $CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF'
+    # exclude if $OS_REVIEW_PROJECT not set
+    - if: '$OS_REVIEW_PROJECT == null || $OS_REVIEW_PROJECT == ""'
+      when: never
+    # only on non-production, non-integration branches
+    - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF'
 
 # stop review env (automatically triggered once branches are deleted)
 os-cleanup-review:
@@ -835,8 +838,11 @@ os-cleanup-review:
     # exclude if $CLEANUP_ALL_REVIEW set to 'force'
     - if: '$CLEANUP_ALL_REVIEW == "force"'
       when: never
-    # only on non-production, non-integration branches, with $OS_REVIEW_PROJECT set
-    - if: '$OS_REVIEW_PROJECT && $CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF'
+    # exclude if $OS_REVIEW_PROJECT not set
+    - if: '$OS_REVIEW_PROJECT == null || $OS_REVIEW_PROJECT == ""'
+      when: never
+    # only on non-production, non-integration branches
+    - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF'
       when: manual
       allow_failure: true
 
@@ -864,8 +870,8 @@ os-cleanup-all-review:
     - if: '$CLEANUP_ALL_REVIEW == "force"'
       when: always
       allow_failure: true
-    # on production: manual
-    - if: '$CLEANUP_ALL_REVIEW && $CI_COMMIT_REF_NAME =~ $PROD_REF'
+    # on production: manual if $CLEANUP_ALL_REVIEW set to 'true'
+    - if: '$CLEANUP_ALL_REVIEW == "true" && $CI_COMMIT_REF_NAME =~ $PROD_REF'
       when: manual
       allow_failure: true
 
@@ -882,8 +888,11 @@ os-integration:
     name: integration
   resource_group: integration
   rules:
-    # only on integration branch(es), with $OS_INTEG_PROJECT set
-    - if: '$OS_INTEG_PROJECT && $CI_COMMIT_REF_NAME =~ $INTEG_REF'
+    # exclude if $OS_INTEG_PROJECT not set
+    - if: '$OS_INTEG_PROJECT == null || $OS_INTEG_PROJECT == ""'
+      when: never
+    # only on integration branch(es)
+    - if: '$CI_COMMIT_REF_NAME =~ $INTEG_REF'
 
 
 # Staging deploys are disabled by default since
@@ -904,8 +913,11 @@ os-staging:
     name: staging
   resource_group: staging
   rules:
-    # only on production branch(es), with $OS_STAGING_PROJECT set
-    - if: '$OS_STAGING_PROJECT && $CI_COMMIT_REF_NAME =~ $PROD_REF'
+    # exclude if $OS_STAGING_PROJECT not set
+    - if: '$OS_STAGING_PROJECT == null || $OS_STAGING_PROJECT == ""'
+      when: never
+    # only on production branch(es)
+    - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF'
 
 os-production:
   extends: .os-deploy
-- 
GitLab