opal icon indicating copy to clipboard operation
opal copied to clipboard

Published 20 hours ago verified publisher icon permitio

Track git tags

Open philipclaesson opened this issue 7 months ago • 4 comments

This change was discussed on slack and @orweis said a contribution adding tracking of git tags could be considered.

Changes proposed

Why tracking git tags instead of branch

In a way this could be considered "against" how git is supposed to be used - some say tags should be immutable. However, mutable tags are defacto sometimes used, the most clear example being using a "latest" tag or a "v1-latest" tag.

Using tags this way could let you use a policy repo with a single base branch, while still giving control of what is rolled out in each env. Consider the traditional dev/prod setup:

  • the dev instance of OPAL is tracking the base branch (ex. master)
  • the prodinstance of OPAL is tracking a prod tag which can be moved at will once the changes in dev/master is tested properly.

This current way of doing this is to have multiple long lived branches in the same repo - this can be cumbersome and lead to a bunch of manual merging of branches.

Changes

  • Add env variable POLICY_REPO_TAG and cli arg --policy-repo-tag, defaulting to None. When used, OPAL will track the tag.

POLICY_REPO_TAG and POLICY_REPO_MAIN_BRANCH

The two variables are obviously dependent on eachother. My idea was to not break default behaviour.

POLICY_REPO_TAG POLICY_REPO_MAIN_BRANCH Behaviour
Empty Empty OPAL tracks the master branch
Empty Not Empty OPAL tracks the given branch
Not Empty Empty OPAL tracks the given tag
Not Empty Not Empty OPAL fails (cannot decide what to track)

Check List (Check all the applicable boxes)

  • [x] I sign off on contributing this submission to open-source
  • [x] My code follows the code style of this project.
  • [x] My change requires changes to the documentation.
  • [x] I have updated the documentation accordingly.
  • [x] All new and existing tests passed.
  • [x] This PR does not contain plagiarized content.
  • [x] The title of my pull request is a short description of the requested changes.

Note to reviewers

  • Some of tests are a bit flaky on my local machine - but all relevant and new tests should pass
  • I have updated documentation where applicable (I think) - let me know if I've missed anywhere
  • This PR only affects polling a git repo - not via webhooks. I am not sure whether you think webhooks + tag is a strong use case. If you want, I can look into that use case as well.

philipclaesson avatar Nov 17 '23 15:11 philipclaesson