chore: split into sub gitlab-ci.yml files

  - test

  - release

build:

  stage: build

  image: docker:19.03.5

  services:

    - docker:19.03.5-dind

  before_script:

    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"

  script:

    - >-

       docker build

       --build-arg "HELM_VERSION=$HELM_VERSION"

       --build-arg "KUBERNETES_VERSION=$KUBERNETES_VERSION"

       --build-arg "GLIBC_VERSION=$GLIBC_VERSION"

       --tag "$BUILD_IMAGE_NAME" .

    - docker push "$BUILD_IMAGE_NAME"

.test-job: &test-job

  stage: test

  image: "$BUILD_IMAGE_NAME"

  services:

    - name: registry.gitlab.com/gitlab-org/cluster-integration/test-utils/k3s-gitlab-ci/releases/v0.6.1

      alias: k3s

      command: ["server", "--cluster-secret", "some-secret"]

  before_script:

    - kubectl config set-cluster k3s --server https://k3s:6443 --insecure-skip-tls-verify

    - kubectl config set-credentials default --username=node --password=some-secret

    - kubectl config set-context k3s --cluster=k3s --user=default

    - kubectl config use-context k3s

    - kubectl version

    - kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml

    - |

        kubectl patch storageclass local-path -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'

    - |

        function expected_error() {

          echo "Expected error but exited with $?, failing build!"

          exit 1

        }

        function failed_as_expected() {

          echo "Failed as expected and exited with $?"

        }

test-shellcheck:

  stage: test

  image: koalaman/shellcheck-alpine:stable

  script:

    - shellcheck src/bin/auto-deploy test/verify-deployment-database

test-shfmt:

  stage: test

  image:

    name: peterdavehello/shfmt:2.6.4

    entrypoint: ["/bin/sh", "-c"]

  script:

    - shfmt -i 2 -ci -l -d src/bin/*

test-dependencies:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

  script:

    - helm version --client

    - tiller -version

    - kubectl version --client

test-kube-domain:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    KUBE_INGRESS_BASE_DOMAIN: example.com

  script:

    - auto-deploy check_kube_domain

test-kube-domain-legacy:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    AUTO_DEVOPS_DOMAIN: example.com

  script:

    - auto-deploy check_kube_domain && expected_error || failed_as_expected

test-kube-domain_error:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

  script:

    - auto-deploy check_kube_domain && expected_error || failed_as_expected

test-download-chart:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

  script:

    - auto-deploy download_chart

test-deploy-name:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    CI_ENVIRONMENT_SLUG: production

  script:

    - name=$(auto-deploy deploy_name "stable")

    - |

      if [[ $name != "production" ]]; then

        echo "$name should equal 'production'"

        exit 1

      fi

    - name=$(auto-deploy deploy_name "canary")

    - |

      if [[ $name != "production-canary" ]]; then

        echo "$name should equal 'production-canary'"

        exit 1

      fi

test-auto_database_url:

  <<: *test-job

  variables:

    CI_ENVIRONMENT_SLUG: production

    POSTGRES_USER: user

    POSTGRES_PASSWORD: testing-password

    POSTGRES_DB: $CI_ENVIRONMENT_SLUG

  script:

    - auto_database_url=$(auto-deploy auto_database_url)

    - export expected_url="postgres://user:testing-password@production-postgres:5432/production"

    - |

      if [[ $auto_database_url != $expected_url ]]; then

        echo "\$auto_database_url = '${auto_database_url}', want '${expected_url}'"

        exit 1

      fi

    - export AUTO_DEVOPS_POSTGRES_CHANNEL=2

    - auto_database_url=$(auto-deploy auto_database_url)

    - export expected_url="postgres://user:testing-password@production-postgresql:5432/production"

    - |

      if [[ $auto_database_url != $expected_url ]]; then

        echo "\$auto_database_url = '${auto_database_url}', want '${expected_url}'"

        exit 1

      fi

test-get-replicas:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    CI_ENVIRONMENT_SLUG: production

  script:

    - replicas=$(auto-deploy get_replicas "stable" "100")

    - |

      if [[ $replicas != 1 ]]; then

        echo "$replicas should equal 1"

        exit 1

      fi

test-get-replicas-multiple:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    CI_ENVIRONMENT_SLUG: production

    REPLICAS: "2"

  script:

    - replicas=$(auto-deploy get_replicas "stable" "100")

    - |

      if [[ $replicas != 2 ]]; then

        echo "$replicas should equal 2"

        exit 1

      fi

test-get-replicas-fraction:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    CI_ENVIRONMENT_SLUG: production

    REPLICAS: "2"

  script:

    - replicas=$(auto-deploy get_replicas "stable" "25")

    - |

      if [[ $replicas != 1 ]]; then

        echo "$replicas should 1, (25% of 2 is 0.5, so set a floor of 1)"

        exit 1

      fi

test-get-replicas-zero:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    CI_ENVIRONMENT_SLUG: production

    REPLICAS: "0"

  script:

    - replicas=$(auto-deploy get_replicas "stable" "100")

    - |

      if [[ $replicas != 0 ]]; then

        echo "$replicas should equal 0, as requested"

        exit 1

      fi

test-ensure-namespace:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    KUBE_NAMESPACE: project-123456

  script:

    - auto-deploy ensure_namespace

test-initialize-tiller:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    KUBE_NAMESPACE: default

  script:

    - auto-deploy initialize_tiller

    - ps aufx

    - helm ls --host "localhost:44134"

test-create-secret:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    KUBE_NAMESPACE: default

    CI_REGISTRY: example.com

    CI_DEPLOY_USER: ci-deploy-user

    CI_DEPLOY_PASSWORD: ci-deploy-password

    GITLAB_USER_EMAIL: user@example.com

    CI_PROJECT_VISIBILITY: private

  script:

    - auto-deploy create_secret

    - kubectl get secret "gitlab-registry-${CI_PROJECT_PATH_SLUG}" -n $KUBE_NAMESPACE

# This template is used for the publish jobs, which do the following:

#   * Check to see if there is a version bump based on

#     [Conventional Commits (v1.0.0-beta.2)](https://www.conventionalcommits.org/en/v1.0.0-beta.2/)

#     See README.md for more information

#   * If there is a new release it will tag the repository with the new release as the `ops-gitlab-net`

#     user

.semantic-release:

  image: node:12

  stage: release

  before_script:

    - npm install -g semantic-release @semantic-release/gitlab

  script:

    - semantic-release $DRY_RUN_OPT -b $CI_COMMIT_REF_NAME

  only:

    variables:

      - $CI_API_V4_URL == "https://gitlab.com/api/v4"

test-create-secret-public-project:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    CI_PROJECT_VISIBILITY: public

    KUBE_NAMESPACE: default

  script:

    - auto-deploy create_secret

    - kubectl get secret "gitlab-registry-${CI_PROJECT_PATH_SLUG}" -n $KUBE_NAMESPACE && expected_error || failed_as_expected

test-persist-environment-url:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    CI_ENVIRONMENT_URL: review-app.example.com

  script:

    - auto-deploy persist_environment_url

    - grep review-app.example.com environment_url.txt

test-install-postgres:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    CI_ENVIRONMENT_SLUG: production

    KUBE_NAMESPACE: default

    AUTO_DEVOPS_POSTGRES_CHANNEL: 2

    POSTGRES_USER: user

    POSTGRES_PASSWORD: testing-password

    POSTGRES_DB: $CI_ENVIRONMENT_SLUG

    POSTGRES_VERSION: 9.6.16

  script:

    - auto-deploy initialize_tiller

    - auto-deploy download_chart

    - auto-deploy install_postgresql

    - kubectl get statefulset production-postgresql -n $KUBE_NAMESPACE

test-deploy:

  <<: *test-job

  variables: &deploy-variables

    CI_APPLICATION_REPOSITORY: "registry.gitlab.com/gitlab-org/cluster-integration/auto-deploy-image/auto-build-image-with-psql"

    CI_APPLICATION_TAG: "5d248f6fa69a"

    CI_ENVIRONMENT_SLUG: production

    CI_ENVIRONMENT_URL: example.com

    CI_PROJECT_PATH_SLUG: "gitlab-org/cluster-integration/auto-build-image"

    CI_PROJECT_VISIBILITY: public

    KUBE_NAMESPACE: default

    KUBE_INGRESS_BASE_DOMAIN: example.com

    ROLLOUT_RESOURCE_TYPE: deployment

    POSTGRES_USER: user

    POSTGRES_PASSWORD: testing-password

    POSTGRES_ENABLED: "true"

    POSTGRES_DB: $CI_ENVIRONMENT_SLUG

    POSTGRES_VERSION: 9.6.2

    HELM_HOST: "localhost:44134"

  script:

    - auto-deploy initialize_tiller

    - auto-deploy download_chart

    - auto-deploy deploy

    - helm get production

    - helm get values production --output json | grep "postgres://user:testing-password@production-postgres:5432/production"

    - ./test/verify-deployment-database production production-postgres

test-deploy-postgresql-beta:

  extends: test-deploy

  variables:

    <<: *deploy-variables

    AUTO_DEVOPS_POSTGRES_CHANNEL: 2

    POSTGRES_VERSION: 9.6.16

  script:

    - auto-deploy initialize_tiller

    - auto-deploy download_chart

    - auto-deploy deploy

    - helm get production

    - helm get values production --output json | grep "postgres://user:testing-password@production-postgresql:5432/production"

    - ./test/verify-deployment-database production postgresql

test-deploy-modsecurity:

  extends: test-deploy

  variables:

    <<: *deploy-variables

    AUTO_DEVOPS_MODSECURITY_SEC_RULE_ENGINE: "On"

  script:

    - auto-deploy initialize_tiller

    - auto-deploy download_chart

    - auto-deploy deploy

    - $([[ $(kubectl get ingress production-auto-deploy -n $KUBE_NAMESPACE --no-headers=true -o custom-columns=:"metadata.annotations.nginx\.ingress\.kubernetes\.io/modsecurity-snippet") != "<none>" ]])

test-create-application-secret:

  <<: *test-job

  variables:

    KUBE_NAMESPACE: default

    CI_ENVIRONMENT_SLUG: production

    K8S_SECRET_CODE: 12345

  script:

    - auto-deploy create_application_secret "stable"

    - kubectl get secrets -n $KUBE_NAMESPACE

    - kubectl get secrets production-secret -n $KUBE_NAMESPACE

release-tag:

  stage: release

  image: docker:19.03.5

  services:

    - docker:19.03.5-dind

  script:

    - 'echo ${CI_JOB_TOKEN} | docker login --password-stdin -u $CI_REGISTRY_USER $CI_REGISTRY'

    - export ci_image="${CI_REGISTRY_IMAGE}"

    - export ci_image_tag=${CI_COMMIT_TAG:-$CI_COMMIT_SHORT_SHA}

    - echo "Using tag $ci_image_tag for image"

    - docker pull "$BUILD_IMAGE_NAME"

    - docker tag "$BUILD_IMAGE_NAME" $ci_image:latest

    - docker tag "$BUILD_IMAGE_NAME" $ci_image:$ci_image_tag

    - docker push $ci_image:latest

    - docker push $ci_image:$ci_image_tag

  only:

    - tags

publish:

  extends: .semantic-release

  only:

    refs:

      - master@gitlab-org/cluster-integration/auto-deploy-image

publish-dryrun:

  extends: .semantic-release

  variables:

    DRY_RUN_OPT: '-d'

  only:

    - branches@gitlab-org/cluster-integration/auto-deploy-image

  except:

    refs:

      - master

include:

  - local: .gitlab/ci/build.gitlab-ci.yml

  - local: .gitlab/ci/shellcheck.gitlab-ci.yml

  - local: .gitlab/ci/test.gitlab-ci.yml

  - local: .gitlab/ci/release.gitlab-ci.yml

build:

  stage: build

  image: docker:19.03.5

  services:

    - docker:19.03.5-dind

  before_script:

    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"

  script:

    - >-

       docker build

       --build-arg "HELM_VERSION=$HELM_VERSION"

       --build-arg "KUBERNETES_VERSION=$KUBERNETES_VERSION"

       --build-arg "GLIBC_VERSION=$GLIBC_VERSION"

       --tag "$BUILD_IMAGE_NAME" .

    - docker push "$BUILD_IMAGE_NAME"

# This template is used for the publish jobs, which do the following:

#   * Check to see if there is a version bump based on

#     [Conventional Commits (v1.0.0-beta.2)](https://www.conventionalcommits.org/en/v1.0.0-beta.2/)

#     See README.md for more information

#   * If there is a new release it will tag the repository with the new release as the `ops-gitlab-net`

#     user

.semantic-release:

  image: node:12

  stage: release

  before_script:

    - npm install -g semantic-release @semantic-release/gitlab

  script:

    - semantic-release $DRY_RUN_OPT -b $CI_COMMIT_REF_NAME

  only:

    variables:

      - $CI_API_V4_URL == "https://gitlab.com/api/v4"

release-tag:

  stage: release

  image: docker:19.03.5

  services:

    - docker:19.03.5-dind

  script:

    - 'echo ${CI_JOB_TOKEN} | docker login --password-stdin -u $CI_REGISTRY_USER $CI_REGISTRY'

    - export ci_image="${CI_REGISTRY_IMAGE}"

    - export ci_image_tag=${CI_COMMIT_TAG:-$CI_COMMIT_SHORT_SHA}

    - echo "Using tag $ci_image_tag for image"

    - docker pull "$BUILD_IMAGE_NAME"

    - docker tag "$BUILD_IMAGE_NAME" $ci_image:latest

    - docker tag "$BUILD_IMAGE_NAME" $ci_image:$ci_image_tag

    - docker push $ci_image:latest

    - docker push $ci_image:$ci_image_tag

  only:

    - tags

publish:

  extends: .semantic-release

  only:

    refs:

      - master@gitlab-org/cluster-integration/auto-deploy-image

publish-dryrun:

  extends: .semantic-release

  variables:

    DRY_RUN_OPT: '-d'

  only:

    - branches@gitlab-org/cluster-integration/auto-deploy-image

  except:

    refs:

      - master

test-shellcheck:

  stage: test

  image: koalaman/shellcheck-alpine:stable

  script:

    - shellcheck src/bin/auto-deploy test/verify-deployment-database

test-shfmt:

  stage: test

  image:

    name: peterdavehello/shfmt:2.6.4

    entrypoint: ["/bin/sh", "-c"]

  script:

    - shfmt -i 2 -ci -l -d src/bin/*

.test-job: &test-job

  stage: test

  image: "$BUILD_IMAGE_NAME"

  services:

    - name: registry.gitlab.com/gitlab-org/cluster-integration/test-utils/k3s-gitlab-ci/releases/v0.6.1

      alias: k3s

      command: ["server", "--cluster-secret", "some-secret"]

  before_script:

    - kubectl config set-cluster k3s --server https://k3s:6443 --insecure-skip-tls-verify

    - kubectl config set-credentials default --username=node --password=some-secret

    - kubectl config set-context k3s --cluster=k3s --user=default

    - kubectl config use-context k3s

    - kubectl version

    - kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml

    - |

        kubectl patch storageclass local-path -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'

    - |

        function expected_error() {

          echo "Expected error but exited with $?, failing build!"

          exit 1

        }

        function failed_as_expected() {

          echo "Failed as expected and exited with $?"

        }

test-dependencies:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

  script:

    - helm version --client

    - tiller -version

    - kubectl version --client

test-kube-domain:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    KUBE_INGRESS_BASE_DOMAIN: example.com

  script:

    - auto-deploy check_kube_domain

test-kube-domain-legacy:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    AUTO_DEVOPS_DOMAIN: example.com

  script:

    - auto-deploy check_kube_domain && expected_error || failed_as_expected

test-kube-domain_error:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

  script:

    - auto-deploy check_kube_domain && expected_error || failed_as_expected

test-download-chart:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

  script:

    - auto-deploy download_chart

test-deploy-name:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    CI_ENVIRONMENT_SLUG: production

  script:

    - name=$(auto-deploy deploy_name "stable")

    - |

      if [[ $name != "production" ]]; then

        echo "$name should equal 'production'"

        exit 1

      fi

    - name=$(auto-deploy deploy_name "canary")

    - |

      if [[ $name != "production-canary" ]]; then

        echo "$name should equal 'production-canary'"

        exit 1

      fi

test-auto_database_url:

  <<: *test-job

  variables:

    CI_ENVIRONMENT_SLUG: production

    POSTGRES_USER: user

    POSTGRES_PASSWORD: testing-password

    POSTGRES_DB: $CI_ENVIRONMENT_SLUG

  script:

    - auto_database_url=$(auto-deploy auto_database_url)

    - export expected_url="postgres://user:testing-password@production-postgres:5432/production"

    - |

      if [[ $auto_database_url != $expected_url ]]; then

        echo "\$auto_database_url = '${auto_database_url}', want '${expected_url}'"

        exit 1

      fi

    - export AUTO_DEVOPS_POSTGRES_CHANNEL=2

    - auto_database_url=$(auto-deploy auto_database_url)

    - export expected_url="postgres://user:testing-password@production-postgresql:5432/production"

    - |

      if [[ $auto_database_url != $expected_url ]]; then

        echo "\$auto_database_url = '${auto_database_url}', want '${expected_url}'"

        exit 1

      fi

test-get-replicas:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    CI_ENVIRONMENT_SLUG: production

  script:

    - replicas=$(auto-deploy get_replicas "stable" "100")

    - |

      if [[ $replicas != 1 ]]; then

        echo "$replicas should equal 1"

        exit 1

      fi

test-get-replicas-multiple:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    CI_ENVIRONMENT_SLUG: production

    REPLICAS: "2"

  script:

    - replicas=$(auto-deploy get_replicas "stable" "100")

    - |

      if [[ $replicas != 2 ]]; then

        echo "$replicas should equal 2"

        exit 1

      fi

test-get-replicas-fraction:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    CI_ENVIRONMENT_SLUG: production

    REPLICAS: "2"

  script:

    - replicas=$(auto-deploy get_replicas "stable" "25")

    - |

      if [[ $replicas != 1 ]]; then

        echo "$replicas should 1, (25% of 2 is 0.5, so set a floor of 1)"

        exit 1

      fi

test-get-replicas-zero:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    CI_ENVIRONMENT_SLUG: production

    REPLICAS: "0"

  script:

    - replicas=$(auto-deploy get_replicas "stable" "100")

    - |

      if [[ $replicas != 0 ]]; then

        echo "$replicas should equal 0, as requested"

        exit 1

      fi

test-ensure-namespace:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    KUBE_NAMESPACE: project-123456

  script:

    - auto-deploy ensure_namespace

test-initialize-tiller:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    KUBE_NAMESPACE: default

  script:

    - auto-deploy initialize_tiller

    - ps aufx

    - helm ls --host "localhost:44134"

test-create-secret:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    KUBE_NAMESPACE: default

    CI_REGISTRY: example.com

    CI_DEPLOY_USER: ci-deploy-user

    CI_DEPLOY_PASSWORD: ci-deploy-password

    GITLAB_USER_EMAIL: user@example.com

    CI_PROJECT_VISIBILITY: private

  script:

    - auto-deploy create_secret

    - kubectl get secret "gitlab-registry-${CI_PROJECT_PATH_SLUG}" -n $KUBE_NAMESPACE

test-create-secret-public-project:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    CI_PROJECT_VISIBILITY: public

    KUBE_NAMESPACE: default

  script:

    - auto-deploy create_secret

    - kubectl get secret "gitlab-registry-${CI_PROJECT_PATH_SLUG}" -n $KUBE_NAMESPACE && expected_error || failed_as_expected

test-persist-environment-url:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    CI_ENVIRONMENT_URL: review-app.example.com

  script:

    - auto-deploy persist_environment_url

    - grep review-app.example.com environment_url.txt

test-install-postgres:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    CI_ENVIRONMENT_SLUG: production

    KUBE_NAMESPACE: default

    AUTO_DEVOPS_POSTGRES_CHANNEL: 2

    POSTGRES_USER: user

    POSTGRES_PASSWORD: testing-password

    POSTGRES_DB: $CI_ENVIRONMENT_SLUG

    POSTGRES_VERSION: 9.6.16

  script:

    - auto-deploy initialize_tiller

    - auto-deploy download_chart

    - auto-deploy install_postgresql

    - kubectl get statefulset production-postgresql -n $KUBE_NAMESPACE

test-deploy:

  <<: *test-job

  variables: &deploy-variables

    CI_APPLICATION_REPOSITORY: "registry.gitlab.com/gitlab-org/cluster-integration/auto-deploy-image/auto-build-image-with-psql"

    CI_APPLICATION_TAG: "5d248f6fa69a"

    CI_ENVIRONMENT_SLUG: production

    CI_ENVIRONMENT_URL: example.com

    CI_PROJECT_PATH_SLUG: "gitlab-org/cluster-integration/auto-build-image"

    CI_PROJECT_VISIBILITY: public

    KUBE_NAMESPACE: default

    KUBE_INGRESS_BASE_DOMAIN: example.com

    ROLLOUT_RESOURCE_TYPE: deployment

    POSTGRES_USER: user

    POSTGRES_PASSWORD: testing-password

    POSTGRES_ENABLED: "true"

    POSTGRES_DB: $CI_ENVIRONMENT_SLUG

    POSTGRES_VERSION: 9.6.2

    HELM_HOST: "localhost:44134"

  script:

    - auto-deploy initialize_tiller

    - auto-deploy download_chart

    - auto-deploy deploy

    - helm get production

    - helm get values production --output json | grep "postgres://user:testing-password@production-postgres:5432/production"

    - ./test/verify-deployment-database production production-postgres

test-deploy-postgresql-beta:

  extends: test-deploy

  variables:

    <<: *deploy-variables

    AUTO_DEVOPS_POSTGRES_CHANNEL: 2

    POSTGRES_VERSION: 9.6.16

  script:

    - auto-deploy initialize_tiller

    - auto-deploy download_chart

    - auto-deploy deploy

    - helm get production

    - helm get values production --output json | grep "postgres://user:testing-password@production-postgresql:5432/production"

    - ./test/verify-deployment-database production postgresql

test-deploy-modsecurity:

  extends: test-deploy

  variables:

    <<: *deploy-variables

    AUTO_DEVOPS_MODSECURITY_SEC_RULE_ENGINE: "On"

  script:

    - auto-deploy initialize_tiller

    - auto-deploy download_chart

    - auto-deploy deploy

    - $([[ $(kubectl get ingress production-auto-deploy -n $KUBE_NAMESPACE --no-headers=true -o custom-columns=:"metadata.annotations.nginx\.ingress\.kubernetes\.io/modsecurity-snippet") != "<none>" ]])

test-create-application-secret:

  <<: *test-job

  variables:

    KUBE_NAMESPACE: default

    CI_ENVIRONMENT_SLUG: production

    K8S_SECRET_CODE: 12345

  script:

    - auto-deploy create_application_secret "stable"

    - kubectl get secrets -n $KUBE_NAMESPACE

    - kubectl get secrets production-secret -n $KUBE_NAMESPACE