gitlabform
WIP: Add protected environments processor
@gdubicki , sorry for the sloppy code, but I thought it best to ask for feedback 😬
I left TODO comments on things I was not sure about or where you'll probably have a better idea on how to solve the issue I face.
I tested it against a live Gitlab installation, it works, I'll look into writing the tests next.
Hey @zanella! Thanks for the PR! I added some comments. We can try jumping on our Slack if you prefer to chat about it. Let me know!
Yeah, sounds good, do you need to generate an invite link for that ?
Hey @zanella! Thanks for the PR! I added some comments. We can try jumping on our Slack if you prefer to chat about it. Let me know!
Yeah, sounds good, do you need to generate an invite link for that ?
https://join.slack.com/t/gitlabform/shared_invite/zt-1i5h4dds0-NO4x63W5_GWL~WWrWy9DQg
Codecov Report
Merging #423 (c3b3b5f) into main (cbb87cd) will increase coverage by
0.00%. The diff coverage is93.05%.
Additional details and impacted files
@@ Coverage Diff @@
## main #423 +/- ##
=======================================
Coverage 85.36% 85.37%
=======================================
Files 60 62 +2
Lines 2228 2291 +63
=======================================
+ Hits 1902 1956 +54
- Misses 326 335 +9
| Impacted Files | Coverage Δ | |
|---|---|---|
| gitlabform/gitlab/projects.py | 74.61% <ø> (-0.20%) |
:arrow_down: |
| ...itlabform/gitlab/project_protected_environments.py | 78.57% <78.57%> (ø) |
|
| gitlabform/processors/abstract_processor.py | 88.70% <95.23%> (+2.99%) |
:arrow_up: |
| gitlabform/transform.py | 89.06% <95.45%> (+3.01%) |
:arrow_up: |
| gitlabform/gitlab/__init__.py | 100.00% <100.00%> (ø) |
|
| gitlabform/gitlab/core.py | 94.65% <100.00%> (-1.53%) |
:arrow_down: |
| ...tlabform/processors/multiple_entities_processor.py | 96.38% <100.00%> (ø) |
|
| gitlabform/processors/project/__init__.py | 100.00% <100.00%> (ø) |
|
| ...cessors/shared/protected_environments_processor.py | 100.00% <100.00%> (ø) |
|
| gitlabform/processors/util/branch_protector.py | 76.06% <0.00%> (-1.71%) |
:arrow_down: |
| ... and 1 more |
What will the config syntax be for protected environments when this is merged?
What will the config syntax be for protected environments when this is merged?
"group_name/project_name":
protected_environments:
foo:
name: foo
deploy_access_levels: &an_anchor_can_be_used_to_reuse #
- access_level: maintenance # or - number: 40
#group_inheritance_type: 1
- user_id: 123
#group_inheritance_type: 0
- user: john_doe
blah:
name: blah
deploy_access_levels: *an_anchor_can_be_used_to_reuse
I did a fix (there would be a missing link to the new article in the docs' index) and some updates to the docs and now I think we are good to go. Thank you for all the work on this feature, @zanella!
This code has been pre-released in v3.3.0rc1. Please feel free to check it out before a final release with this that should come within a few days.
I'm away from work next few weeks. So I can't test it out at the moment but really looking forward to it. Do we want visit the config syntax before this feature is released out of RC?
https://github.com/gitlabform/gitlabform/pull/423#issuecomment-1279287453
There's a redundant key name, which is treated as a label instead of the actual name of the env. Also the parent config, protected_environments is a departure from protected branch config, which is called branches.
There's a redundant key name, which is treated as a label instead of the actual name of the env.
Yes, on second thought it would be nice for this to be cleaned. We could do this relatively easy with a config transformation where:
protected_branches:
foo:
(...)
...would internally be converted to:
protected_branches:
foo:
name: foo
(...)
Wdyt, @zanella?
Also the parent config,
protected_environmentsis a departure from protected branch config, which is calledbranches.
I think you are right. It would be better to rename this to just environments, it would be more consistent.
But until we would also implement #164 it might be disappointing to some users that you cannot really manage all the envs but only protect them.
Also it's a bit of a problem with how enforce: true would work - now it unprotects all undefined envs while if this section would be called environments I would expect it to delete all undefined envs...
Also it's a bit of a problem with how enforce: true would work - now it unprotects all undefined envs while if this section would be called environments I would expect it to delete all undefined envs...
Ahh... I see. Didn't know the current implementation detail about this feature. I think you're right. I would also expect enforce: true under environment to delete all the other envs that are not in the config and I can see how that can also be unexpected. We probably need to hash out the details for regular environment config.
But until we would also implement https://github.com/gitlabform/gitlabform/issues/164 it might be disappointing to some users that you cannot really manage all the envs but only protect them.
This made me think perhaps we should have a separate key under environments to indicate whether an env should be protected or not. For example: protected: true. This also follows the config syntax for branch protection. Protected env is a subset of overall environment feature. So, we can implement the rest of it for #164 later if/as needed.