From bc8028dd93e03ca1be2eb1453feb89d447465433 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thorsten=20Ro=C3=9Fner?= <thorsten.rossner.extern@zendis.de>
Date: Thu, 5 Jun 2025 09:28:38 +0200
Subject: [PATCH] ci: Add `diff-on-branch` feature

---
 .gitlab-ci.yml | 36 ++++++++++++++++++++++++++++++++++--
 1 file changed, 34 insertions(+), 2 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 59d36744..d9ae7b60 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -182,6 +182,9 @@ variables:
     options:
       - "yes"
       - "no"
+  DIFF_ON_BRANCH:
+    description: "Provide a branch to run `helmfile diff` for the specified branch."
+    value: ""
   RUN_TESTS:
     description: "Triggers execution of E2E-tests."
     value: "no"
@@ -220,6 +223,9 @@ variables:
   TESTS_PROJECT_URL:
     description: "Project url for e2e-tests (`<domain of gitlab>/api/v4/projects/<id>`)"
     value: "gitlab.opencode.de/api/v4/projects/1506"
+  HELM_IMAGE_PIN:
+    description: "The Helm image tag/checksum."
+    value: "1.3.3@sha256:3e195942e6988b8b93c62349700c0ed8428e3a8fbe2655bd7f5378dc88bc8ccb"
 
 # Declare .environments which is in `opendesk-env` repository. In case it is not available
 # 'cache' is used because job as a dummy key, as the job is not allowed to be empty.
@@ -232,8 +238,7 @@ variables:
   extends: ".environments"
   environment:
     name: "${NAMESPACE}"
-  image: "registry.opencode.de/bmi/opendesk/components/platform-development/images/helm:1.3.2\
-          @sha256:87358b39af7403c9a536d1b71fd87ee84394310497dc0fbc90f78b75a3057712"
+  image: "registry.opencode.de/bmi/opendesk/components/platform-development/images/helm:${HELM_IMAGE_PIN}"
   script:
     - "cd ${CI_PROJECT_DIR}/helmfile/apps/${COMPONENT}"
     # MASTER_PASSWORD_WEB_VAR as precedence for MASTER_PASSWORD
@@ -671,6 +676,33 @@ fetch-administrator-credentials:
     reports:
       dotenv: ".env"
 
+diff-on-branch:
+  stage: "post-execute"
+  cache: {}
+  dependencies: []
+  extends: ".environments"
+  image: "registry.opencode.de/bmi/opendesk/components/platform-development/images/helm:${HELM_IMAGE_PIN}"
+  environment:
+    name: "${NAMESPACE}"
+  rules:
+    - if: "$DIFF_ON_BRANCH"
+  script:
+    - |
+      echo "Downloading branch ${DIFF_ON_BRANCH}"
+      SAFE_BRANCH_NAME=$(echo "$DIFF_ON_BRANCH" | tr '/' '-')
+      BASE_URL="https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/archive"
+      FILE_NAME="opendesk-${SAFE_BRANCH_NAME}.tar.gz"
+      curl -L "${BASE_URL}/${DIFF_ON_BRANCH}/${FILE_NAME}" -o branch.tar.gz
+      mkdir branch && tar -xzf branch.tar.gz -C branch --strip-components=1
+      cd branch
+      helmfile --namespace ${NAMESPACE} diff | grep -v '^ ' || true
+  tags:
+    - "docker"
+    - "kubernetes"
+    - "${CLUSTER}"
+  variables:
+    HELMFILE_ENVIRONMENT: "dev"
+
 import-default-accounts:
   stage: "post-execute"
   extends: ".environments"