Merge branch 'main' into production

baf7a85f · Gregor Schulz · 3804062b · 95a64dbb · baf7a85f
Commit baf7a85f authored 4 months ago by Gregor Schulz
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -18,23 +18,23 @@ variables:
  # This variable needs to be named differently than in triggering projects
  # because if not, it gets set to '/api_domain', which breaks the e2e stage
  # due to the file not being in the artifacts.
-  API_DOMAIN_FILE: "$CI_PROJECT_DIR/api_domain"
+  API_DOMAIN_FILE: '$CI_PROJECT_DIR/api_domain'

 # job templates

 .deploy:
-  image: 
+  image:
    name: 'europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/hashicorp/terraform:1.6.6'
    # default entrypoint is terraform command, but we want to run shell scripts
-    entrypoint: ["/bin/sh", "-c"]
+    entrypoint: ['/bin/sh', '-c']
  variables:
    ENVIRONMENT_ID: $CI_ENVIRONMENT_SLUG
  artifacts:
    paths:
-      - "terraform/environments/crash.log" # optional, only available in case of a crash/panic
-      - "terraform/environments/terraform-*.log" # separate log for every step/command
+      - 'terraform/environments/crash.log' # optional, only available in case of a crash/panic
+      - 'terraform/environments/terraform-*.log' # separate log for every step/command
      - $API_DOMAIN_FILE
-    name: "${CI_JOB_NAME}_${CI_JOB_ID}"
+    name: '${CI_JOB_NAME}_${CI_JOB_ID}'
    #when: on_failure
    expire_in: 1 week
  script:
@@ -44,7 +44,7 @@ variables:
  interruptible: false

 .smoketest:
-  stage: "smoketest"
+  stage: 'smoketest'
  image: 'europe-north1-docker.pkg.dev/holi-shared/docker/holi-docker/holi-k6-builder'
  script:
    - API_DOMAIN=$(cat $API_DOMAIN_FILE)
@@ -78,7 +78,7 @@ sast:
  needs: ['install_lint_test']
  stage: build
 include:
- template: Security/SAST.gitlab-ci.yml
+  - template: Security/SAST.gitlab-ci.yml

 .build_mesh:
  needs: ['install_lint_test']
@@ -91,7 +91,7 @@ include:
    - 4cpu-4gb
  artifacts:
    paths:
-      - ".mesh/"
+      - '.mesh/'

 .build_docker:
  needs: ['install_lint_test']
@@ -123,6 +123,9 @@ build_mesh_staging:
    REDIS_HOST: 10.104.0.3
    REDIS_PORT: 6379
    REDIS_DB: 5
+  rules:
+    - if: $CI_COMMIT_BRANCH == "main"
+      when: on_success

 build_docker_staging:
  stage: build
@@ -130,8 +133,11 @@ build_docker_staging:
  needs: ['build_mesh_staging']
  variables:
    ENVIRONMENT_ID: staging
+  rules:
+    - if: $CI_COMMIT_BRANCH == "main"
+      when: on_success

-## review environments 
+## review environments
 deploy_review:
  stage: deploy
  extends: .deploy
@@ -141,18 +147,20 @@ deploy_review:
    url: https://$CI_ENVIRONMENT_SLUG.unified.apis.holi.social
    on_stop: destroy_review
    auto_stop_in: 1 week
-  except:
-    - main
-    - production
-    - /^noenv\/.*/
+  rules:
+    - if: $CI_COMMIT_BRANCH =~ /^main$|^production$|^noenv\/.*/
+      when: never
+    - if: $CI_COMMIT_BRANCH
+      when: on_success

 smoketest_review:
  extends: .smoketest
  needs: ['deploy_review']
-  except:
-    - main
-    - production
-    - /^noenv\/.*/
+  rules:
+    - if: $CI_COMMIT_BRANCH =~ /^main$|^production$|^noenv\/.*/
+      when: never
+    - if: $CI_COMMIT_BRANCH
+      when: on_success

 destroy_review:
  stage: destroy
@@ -160,7 +168,7 @@ destroy_review:
  image:
    name: 'europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/hashicorp/terraform:1.6.6'
    # default entrypoint is terraform command, but we want to run shell scripts
-    entrypoint: ["/bin/sh", "-c"]
+    entrypoint: ['/bin/sh', '-c']
  variables:
    # has to be set to none for auto stop
    GIT_STRATEGY: none
@@ -177,10 +185,11 @@ destroy_review:
  # can't use rules here: https://gitlab.com/gitlab-org/gitlab/-/issues/34077
  when: manual
  allow_failure: false
-  except:
-    - main
-    - production
-    - /^noenv\/.*/
+  rules:
+    - if: $CI_COMMIT_BRANCH =~ /^main$|^production$|^noenv\/.*/
+      when: never
+    - if: $CI_COMMIT_BRANCH
+      when: on_success
  resource_group: $ENVIRONMENT_ID # never execute terraform in parallel on the same environment
  interruptible: false

@@ -196,14 +205,16 @@ deploy_staging:
    url: https://staging.unified.apis.holi.social
  variables:
    ENVIRONMENT_ID: staging
-  only:
-    - main
+  rules:
+    - if: $CI_COMMIT_BRANCH == "main"
+      when: on_success

 smoketest_staging:
  extends: .smoketest
  needs: ['deploy_staging']
-  only:
-    - main
+  rules:
+    - if: $CI_COMMIT_BRANCH == "main"
+      when: on_success

 ## production environment

@@ -223,8 +234,9 @@ build_mesh_production:
    REDIS_HOST: 10.104.0.3
    REDIS_PORT: 6379
    REDIS_DB: 13
-  only:
-    - production
+  rules:
+    - if: $CI_COMMIT_BRANCH == "production"
+      when: on_success

 build_docker_production:
  stage: build
@@ -232,8 +244,9 @@ build_docker_production:
  needs: ['build_mesh_production']
  variables:
    ENVIRONMENT_ID: production
-  only:
-    - production
+  rules:
+    - if: $CI_COMMIT_BRANCH == "production"
+      when: on_success

 deploy_production:
  stage: deploy
@@ -246,14 +259,16 @@ deploy_production:
    url: https://production.unified.apis.holi.social
  variables:
    ENVIRONMENT_ID: production
-  only:
-    - production
+  rules:
+    - if: $CI_COMMIT_BRANCH == "production"
+      when: on_success

 smoketest_production:
  extends: .smoketest
  needs: ['deploy_production']
-  only:
-    - production
+  rules:
+    - if: $CI_COMMIT_BRANCH == "production"
+      when: on_success

 trigger_docs_generation:
  stage: deploy
@@ -262,5 +277,6 @@ trigger_docs_generation:
    project: app/app.gitlab-pages.holi.team
    branch: main
    strategy: depend
-  only:
-    - production
+  rules:
+    - if: $CI_COMMIT_BRANCH == "production"
+      when: on_success