You believe in declarative, in GitFlow, in small feature branches. Perfect. Your team is now making small changes on a branch and Merge Requests are happening, the CI is happening, all is good in the world.

Except sometimes people forget and do a kustomize build . | kubectl apply -f - from the wrong branch (e.g. not master, prior to merge). You know that someday the CD will fix this. But someday is not here.

Enter this small hack piece of brilliance.

$ cat agilicus/v1/branchrestrict/BranchRestrict 
 #!/usr/bin/env /usr/bin/python3
 import subprocess
 import sys
 import fnmatch
 import yaml
 with open(sys.argv[1], 'r') as stream:
     try:
         data = yaml.safe_load(stream)
     except yaml.YAMLError as exc:
         print("Error parsing BranchRestrict generator input (%s)",
               file=sys.stderr)
 branch = subprocess.check_output(['/usr/bin/git',
                                   'rev-parse',
                                   '--abbrev-ref',
                                   'HEAD']).strip().decode('ascii')
 def allow(branch, target):
     print("---")
     sys.exit(0)
 def denied(branch, target):
     print(f"Error: branch '{branch}', denied by rule '{target}'",
            file=sys.stderr)
     sys.exit(1)
 for target in data['allowed_branches']:
     if fnmatch.filter([branch], target):
         allow(branch, target)

 for target in data['denied_branches']:
     if fnmatch.filter([branch], target):
         denied(branch, target)

OK, a plugin generator. We’ll use that like:

$ cat master-only.yaml 
--- 
apiVersion: agilicus/v1
kind: BranchRestrict
metadata:
  name: not-used-br
name: branch-restrict
allowed_branches:
master
denied_branches:
'*' 

Perfect. Now no-one will forget and accidentally apply from their not-yet-merged feature branch. Beauty.

Share This

Share this post with your friends!