From 524ccc10686991d63aa6f23b40a9b77f68da4cb9 Mon Sep 17 00:00:00 2001 From: Pierre Smeyers <pierre.smeyers@gmail.com> Date: Wed, 5 Apr 2023 18:45:12 +0200 Subject: [PATCH] feat(publish): redesign publish on prod strategy BREAKING CHANGE: $PUBLISH_ON_PROD no longer supported (replaced by $DOCKER_PROD_PUBLISH_STRATEGY - see doc) --- README.md | 5 ++--- kicker.json | 7 +++++++ templates/gitlab-ci-docker.yml | 19 +++++++++---------- 3 files changed, 18 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 24d6b05..e42bc9e 100644 --- a/README.md +++ b/README.md @@ -80,7 +80,7 @@ You may perfectly override this and use another Docker registry, but be aware of * the `DOCKER_SNAPSHOT_IMAGE` requires a Docker registry that allows tag overwrite, * the `DOCKER_RELEASE_IMAGE` _may_ use a Docker registry that doesn't allow tag overwrite, but: 1. you should avoid overwriting a Git tag (at it will obviously fail while trying to (re)push the Docker image), - 2. you have to deactivate publish on `master` branch by setting the `$PUBLISH_ON_PROD` variable to `false` (as it would lead to the `master` tag being overwritten). + 2. you have to deactivate publish on `main` (or `master`) branch by setting the `$DOCKER_PROD_PUBLISH_STRATEGY` variable to `none` (as it would lead to the `main` tag being overwritten). ### Registries and credentials @@ -417,8 +417,7 @@ This job pushes (_promotes_) the built image as the _release_ image [skopeo](htt | --------------------- | --------------------------------------------------------------------------- | ----------------- | | `DOCKER_SKOPEO_IMAGE` | The Docker image used to run [skopeo](https://github.com/containers/skopeo) | `quay.io/skopeo/stable:latest` | | `DOCKER_PUBLISH_ARGS` | Additional [`skopeo copy` arguments](https://github.com/containers/skopeo/blob/master/docs/skopeo-copy.1.md#options) | _(none)_ | -| `AUTODEPLOY_TO_PROD` | Set to enable automatic publish (and deploy) on `master` branch | _none_ (enabled) | -| `PUBLISH_ON_PROD` | Determines whether this job is enabled on `master` branch | `true` (enabled) | +| `DOCKER_PROD_PUBLISH_STRATEGY`| Defines the publish to production strategy. One of `manual` (i.e. _one-click_), `auto` or `none` (disabled). | `manual` | | `DOCKER_SEMREL_RELEASE_DISABLED` | Set to `true` to disable [semantic-release integration](#semantic-release-integration) | _none_ (enabled) | This job produces _output variables_ that are propagated to downstream jobs (using [dotenv artifacts](https://docs.gitlab.com/ee/ci/pipelines/job_artifacts.html#artifactsreportsdotenv)): diff --git a/kicker.json b/kicker.json index b25df87..c652fa2 100644 --- a/kicker.json +++ b/kicker.json @@ -70,6 +70,13 @@ "default": "true", "type": "boolean" }, + { + "name": "DOCKER_PROD_PUBLISH_STRATEGY", + "description": "Defines the publish to production strategy.", + "type": "enum", + "values": ["none", "manual", "auto"], + "default": "manual" + }, { "name": "DOCKER_SEMREL_RELEASE_DISABLED", "description": "Disable integration with the [semantic release template](https://gitlab.com/to-be-continuous/semantic-release/)", diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml index d1b33e0..ecfcb9a 100644 --- a/templates/gitlab-ci-docker.yml +++ b/templates/gitlab-ci-docker.yml @@ -73,9 +73,9 @@ variables: DOCKER_SBOM_IMAGE: "registry.hub.docker.com/anchore/syft:debug" DOCKER_SBOM_OPTS: "--catalogers rpm-db-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger,portage-cataloger" - # by default: DevOps pipeline - PUBLISH_ON_PROD: "true" - + # default: one-click publish + DOCKER_PROD_PUBLISH_STRATEGY: manual + # default production ref name (pattern) PROD_REF: '/^(master|main)$/' # default integration ref name (pattern) @@ -762,13 +762,12 @@ docker-publish: # exclude non-production branches - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF' when: never - # exclude if $PUBLISH_ON_PROD disabled - - if: '$PUBLISH_ON_PROD != "true"' - when: never # exclude if snapshot is same as release image and semrel info not enabled or semrel integration disabled - if: '$DOCKER_SNAPSHOT_IMAGE == $DOCKER_RELEASE_IMAGE && ($SEMREL_INFO_ON == null || $SEMREL_INFO_ON == "" || $DOCKER_SEMREL_RELEASE_DISABLED == "true")' when: never - # if $AUTODEPLOY_TO_PROD: auto - - if: '$AUTODEPLOY_TO_PROD == "true"' - # else: manual + blocking - - when: manual + # support former variable (prevent breaking change) + - if: '$PUBLISH_ON_PROD == "false"' + when: never + - if: '$DOCKER_PROD_PUBLISH_STRATEGY == "manual"' + when: manual + - if: '$DOCKER_PROD_PUBLISH_STRATEGY == "auto"' -- GitLab