feat(publish): redesign publish on prod strategy

BREAKING CHANGE: $PUBLISH_ON_PROD no longer supported (replaced by $DOCKER_PROD_PUBLISH_STRATEGY - see doc)

feat(publish): redesign publish on prod strategy
524ccc10 · Pierre Smeyers · df8424e3 · 524ccc10 · 524ccc10 · 524ccc10
Commit 524ccc10 authored 1 year ago by Pierre Smeyers
--- a/README.md
+++ b/README.md
@@ -80,7 +80,7 @@ You may perfectly override this and use another Docker registry, but be aware of
 * the `DOCKER_SNAPSHOT_IMAGE` requires a Docker registry that allows tag overwrite,
 * the `DOCKER_RELEASE_IMAGE` _may_ use a Docker registry that doesn't allow tag overwrite, but:
    1. you should avoid overwriting a Git tag (at it will obviously fail while trying to (re)push the Docker image),
-    2. you have to deactivate publish on `master` branch by setting the `$PUBLISH_ON_PROD` variable to `false` (as it would lead to the `master` tag being overwritten).
+    2. you have to deactivate publish on `main` (or `master`) branch by setting the `$DOCKER_PROD_PUBLISH_STRATEGY` variable to `none` (as it would lead to the `main` tag being overwritten).

 ### Registries and credentials

@@ -417,8 +417,7 @@ This job pushes (_promotes_) the built image as the _release_ image [skopeo](htt
 | --------------------- | --------------------------------------------------------------------------- | ----------------- |
 | `DOCKER_SKOPEO_IMAGE` | The Docker image used to run [skopeo](https://github.com/containers/skopeo) | `quay.io/skopeo/stable:latest` |
 | `DOCKER_PUBLISH_ARGS` | Additional [`skopeo copy` arguments](https://github.com/containers/skopeo/blob/master/docs/skopeo-copy.1.md#options) | _(none)_          |
-| `AUTODEPLOY_TO_PROD`  | Set to enable automatic publish (and deploy) on `master` branch             | _none_ (enabled)  |
-| `PUBLISH_ON_PROD`     | Determines whether this job is enabled on `master` branch                   | `true` (enabled)  |
+| `DOCKER_PROD_PUBLISH_STRATEGY`| Defines the publish to production strategy. One of `manual` (i.e. _one-click_), `auto` or `none` (disabled). | `manual` |
 | `DOCKER_SEMREL_RELEASE_DISABLED` | Set to `true` to disable [semantic-release integration](#semantic-release-integration)   | _none_ (enabled) |

 This job produces _output variables_ that are propagated to downstream jobs (using [dotenv artifacts](https://docs.gitlab.com/ee/ci/pipelines/job_artifacts.html#artifactsreportsdotenv)):

--- a/kicker.json
+++ b/kicker.json
@@ -70,6 +70,13 @@
      "default": "true",
      "type": "boolean"
    },
+    {
+      "name": "DOCKER_PROD_PUBLISH_STRATEGY",
+      "description": "Defines the publish to production strategy.",
+      "type": "enum",
+      "values": ["none", "manual", "auto"],
+      "default": "manual"
+    },
    {
      "name": "DOCKER_SEMREL_RELEASE_DISABLED",
      "description": "Disable integration with the [semantic release template](https://gitlab.com/to-be-continuous/semantic-release/)",

--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -73,9 +73,9 @@ variables:
  DOCKER_SBOM_IMAGE: "registry.hub.docker.com/anchore/syft:debug"
  DOCKER_SBOM_OPTS: "--catalogers rpm-db-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger,portage-cataloger"

-  # by default: DevOps pipeline
-  PUBLISH_ON_PROD: "true"
-
+  # default: one-click publish
+  DOCKER_PROD_PUBLISH_STRATEGY: manual
+  
  # default production ref name (pattern)
  PROD_REF: '/^(master|main)$/'
  # default integration ref name (pattern)
@@ -762,13 +762,12 @@ docker-publish:
    # exclude non-production branches
    - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF'
      when: never
-    # exclude if $PUBLISH_ON_PROD disabled
-    - if: '$PUBLISH_ON_PROD != "true"'
-      when: never
    # exclude if snapshot is same as release image and semrel info not enabled or semrel integration disabled
    - if: '$DOCKER_SNAPSHOT_IMAGE == $DOCKER_RELEASE_IMAGE && ($SEMREL_INFO_ON == null || $SEMREL_INFO_ON == "" || $DOCKER_SEMREL_RELEASE_DISABLED == "true")'
      when: never
-    # if $AUTODEPLOY_TO_PROD: auto
-    - if: '$AUTODEPLOY_TO_PROD == "true"'
-    # else: manual + blocking
-    - when: manual
+    # support former variable (prevent breaking change)
+    - if: '$PUBLISH_ON_PROD == "false"'
+      when: never
+    - if: '$DOCKER_PROD_PUBLISH_STRATEGY == "manual"'
+      when: manual
+    - if: '$DOCKER_PROD_PUBLISH_STRATEGY == "auto"'