Simple branching model and CI CD pipeline

Hello !

I am trying to set up a simple branching model for my monorepos :

  • Devs create temporary branches for their current project
  • When done working, they merge into [Master], then merge [Master] to [Preprod] in order to deploy to preprod environment
  • This merge should also create a PR to [Production], which is a protected branch (no merge, no push for devs)
  • After testing the work in the preprod environment, the validation team accept or refuse the PR
  • If PR is accepted, it fire the deployment on production environement.

So far my gitlab-ci.yml looks like this :

stages:
  - test
  - preprod
  - prod

.test_template:
  stage: test
  rules:
    - if : $CI_PIPELINE_SOURCE == "push"
      changes:
        - $DIRNAME/**/*
    - when: never
  script:
    - '&"$ENV:DIRNAME\build.ps1" -Tasks analyze, test'

.deploy_preprod_template:
  stage: preprod
  rules:
    - if : $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "preprod"
      changes:
        - $DIRNAME/**/*
    - when: never
  script:
    - '&"$ENV:DIRNAME\build.ps1" -Tasks analyze, test,deploytopreprod'
 
.deploy_prod_template:
  stage: prod
  rules:
    - if : $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "prod"
      changes:
        - $DIRNAME/**/*
    - when: never
  script:
    - '&"$ENV:DIRNAME\build.ps1" -Tasks analyze, test,deploytoprod'
 
TC:test:
  extends: .test_template
  variables:
    DIRNAME: "taclient"
TC:deploypreprod:
  extends: .deploy_preprod_template
  variables:
    DIRNAME: "taclient"
TC:deployprod:
  extends: .deploy_prod_template
  variables:
    DIRNAME: "taclient"

TS:test:
  extends: .test_template
  variables:
    DIRNAME: "taserver"

=> At each push, the code goes thru linting and testing phases
=> When pushing on [Preprod] the code is deployed to preprod env
=> When pushing on [Prod], same for prod env.

But now i want some more security in my pipeline :
=> So far, nothing forbids devs to use [Preprod] as their working branch. I tried to protect the branch with “no push allowed, only merge”, but then i don’t know how to merge [master] directly into [origin\Preprod] , it always add a local [Preprod] branch and merge into it then i have to push to [origin\Preprod] => forbidden…Argggll

=> I am wondering how to configure my pipeline to trigger a PR after the deployment to preprod env.

Any help on theses points would be great :slight_smile:

Thanks !