Gitlab-ci Workflow
The following is meant to serve as an overview of the pipeline stages required to get a commit merged. There are package, bigbang, and infrastructure pipelines.
Table of Contents:
Generic Package Pipeline Stages
This pipeline is triggered by the following for individual bigbang packages:
- merge request events
- Note: Currently upgrade step only runs during MR events
- manual tag events
- commits to default branch
Link to draw.io diagram file. This diagram file should be modified on draw.io and exported into this repository when the developer / ci workflow changes. It is provided here for ease of use.
Configuration Validation
This stage runs a helm conftest which is a plugin for testing helm charts with Open Policy Agent. It provides the following checks:
- confirms that the helm chart is valid (should fail similar to how a helm lint fails if there is bad yaml, etc)
- runs the helm chart against a set of rego policies - currently these tests will only raise warnings on "insecure" things and will allow pipeline to proceed.
Package Tests
This stage verifies several easy to check assumptions such as:
- does package successfully install
- does package successfully upgrade (from master)
- package specific tests
If required, the upgrade step can skipped when MR title starts with 'SKIP UPGRADE'
BigBang Pipeline Stages
This pipeline is triggered by the following for individual bigbang packages:
- merge request events
- Note: Currently upgrade step only runs during MR events
- manual tag events
- commits to default branch
The pipeline is split into several stages: