From a2f66faab62e2e9f42b825fddeef043be5e51668 Mon Sep 17 00:00:00 2001
From: vincent_stchu <wbshu@gitlab.cn>
Date: Thu, 14 Dec 2023 16:07:35 +0800
Subject: [PATCH 01/16] update

---
 .gitlab-ci.yml                                |  34 ++---
 .gitlab-ci/{hk-aprd.yml => hk-tprd.yml}       | 130 +++++++++---------
 .gitlab-ci/mtest.yml                          |  50 -------
 inventories/hk-aprd/group_vars/all.yml        |   5 -
 inventories/hk-aprd/hk_aprd_azure_rm.yml      |  28 ----
 inventories/hk-astg/hk_astg_azure_rm.yml      |  28 ----
 .../{hk-astg => hk-tprd}/group_vars/all.yml   |   0
 .../tstg.cvm.yml => hk-tprd/hk-tprd.cvm.yml}  |  10 +-
 inventories/mtest/group_vars/all.yml          |   4 -
 9 files changed, 83 insertions(+), 206 deletions(-)
 rename .gitlab-ci/{hk-aprd.yml => hk-tprd.yml} (59%)
 delete mode 100644 .gitlab-ci/mtest.yml
 delete mode 100644 inventories/hk-aprd/group_vars/all.yml
 delete mode 100644 inventories/hk-aprd/hk_aprd_azure_rm.yml
 delete mode 100644 inventories/hk-astg/hk_astg_azure_rm.yml
 rename inventories/{hk-astg => hk-tprd}/group_vars/all.yml (100%)
 rename inventories/{mtest/tstg.cvm.yml => hk-tprd/hk-tprd.cvm.yml} (82%)
 delete mode 100644 inventories/mtest/group_vars/all.yml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 376de60..ec91f86 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -27,22 +27,17 @@ stages:
   - "tprd-postdeploy-migrations"
   - "tprd-finish"
 
-  - "mtest-prepare"
-  - "mtest-upgrade"
-  - "mtest-tke"
-  - "mtest-finish"
-
-  - "hk-aprd-cny-prepare"
-  - "hk-aprd-cny-migration"
-  - "hk-aprd-cny-rollback-tke"
-  - "hk-aprd-cny-gitaly"
-  - "hk-aprd-cny-praefect"
-  - "hk-aprd-cny-finish"
-  - "hk-aprd-prepare"
-  - "hk-aprd-rollback-tke"
-  - "hk-aprd-gitaly"
-  - "hk-aprd-postdeploy-migrations"
-  - "hk-aprd-finish"
+  - "hk-tprd-cny-prepare"
+  - "hk-tprd-cny-migration"
+  - "hk-tprd-cny-rollback-tke"
+  - "hk-tprd-cny-gitaly"
+  - "hk-tprd-cny-praefect"
+  - "hk-tprd-cny-finish"
+  - "hk-tprd-prepare"
+  - "hk-tprd-rollback-tke"
+  - "hk-tprd-gitaly"
+  - "hk-tprd-postdeploy-migrations"
+  - "hk-tprd-finish"
 
   - "release-prepare"
   - "release-upgrade"
@@ -183,15 +178,12 @@ include:
   - local: /.gitlab-ci/tprd.yml
     rules:
       - if: $DEPLOY_ENVIRONMENT == 'tprd'
-  - local: /.gitlab-ci/mtest.yml
-    rules:
-      - if: $DEPLOY_ENVIRONMENT == 'mtest'
   - local: /.gitlab-ci/release.yml
     rules:
       - if: $DEPLOY_ENVIRONMENT == 'release'
-  - local: /.gitlab-ci/hk-aprd.yml
+  - local: /.gitlab-ci/hk-tprd.yml
     rules:
-      - if: $DEPLOY_ENVIRONMENT == 'hk-aprd'
+      - if: $DEPLOY_ENVIRONMENT == 'hk-tprd'
   - project: jihulab/jh-infra/common-ci-tasks
     ref: v1.1.0
     file: prepare-vault-secrets.yml
diff --git a/.gitlab-ci/hk-aprd.yml b/.gitlab-ci/hk-tprd.yml
similarity index 59%
rename from .gitlab-ci/hk-aprd.yml
rename to .gitlab-ci/hk-tprd.yml
index 7d8892b..e34e70d 100644
--- a/.gitlab-ci/hk-aprd.yml
+++ b/.gitlab-ci/hk-tprd.yml
@@ -1,38 +1,38 @@
 .hk_job_image:
-  image: ops-registry-hk.jihulab.net/jihulab/jh-infra/ci-images/ansible:${INFRA_CI_IMAGE_ANSIBLE_TAG}
+  image: dev-ops.gitlab.cn:5050/jihulab/jh-infra/ci-images/ansible:${INFRA_CI_IMAGE_ANSIBLE_TAG}
 
-.var_hk_aprd_cny: &var_hk_aprd_cny
-  JOB_ENV: hk-aprd
+.var_hk_tprd_cny: &var_hk_tprd_cny
+  JOB_ENV: hk-tprd
   JOB_STAGE: cny
 
-.var_hk_aprd: &var_hk_aprd
-  JOB_ENV: hk-aprd
+.var_hk_tprd: &var_hk_tprd
+  JOB_ENV: hk-tprd
   JOB_STAGE: main
 
-.only_hk_aprd_cny: &only_hk_aprd_cny
+.only_hk_tprd_cny: &only_hk_tprd_cny
   only:
     variables:
-      - $DEPLOY_ENVIRONMENT == 'hk-aprd' && $DEPLOY_STAGE == "cny"
+      - $DEPLOY_ENVIRONMENT == 'hk-tprd' && $DEPLOY_STAGE == "cny"
   except:
     variables:
       - $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true'
       - $RUN_THIS_JOB_ONLY_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == null
-      - $DEPLOY_ENVIRONMENT == 'hk-aprd'
+      - $DEPLOY_ENVIRONMENT == 'hk-tprd'
       - $CMD
 
-.only_hk_aprd: &only_hk_aprd
+.only_hk_tprd: &only_hk_tprd
   only:
     variables:
-      - $DEPLOY_ENVIRONMENT == 'hk-aprd' && $DEPLOY_STAGE == "main"
+      - $DEPLOY_ENVIRONMENT == 'hk-tprd' && $DEPLOY_STAGE == "main"
       - $CI_COMMIT_REF_NAME != 'main'
   except:
     variables:
       - $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true'
       - $RUN_THIS_JOB_ONLY_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == null
-      - $DEPLOY_ENVIRONMENT == 'hk-aprd'
+      - $DEPLOY_ENVIRONMENT == 'hk-tprd'
       - $CMD
 
-.runner_tags_hk_aprd: &runner_tags_hk_aprd
+.runner_tags_hk_tprd: &runner_tags_hk_tprd
   tags:
     - azure-hk
 
@@ -40,64 +40,64 @@
   tags:
     - helmfile
 
-hk-aprd-cny-secrets:
-  stage: "hk-aprd-cny-prepare"
+hk-tprd-cny-secrets:
+  stage: "hk-tprd-cny-prepare"
   extends:
     - .runner_tags_secrets
     - .prepare-secrets
     - .rules_prepare_env_vars
   variables:
-    ARTIFACT_FILE_PREFIX: hk-aprd
-    VAULT_PATHS: hk-saas-aprd/gitlab
-    <<: *var_hk_aprd_cny
+    ARTIFACT_FILE_PREFIX: hk-tprd
+    VAULT_PATHS: hk-saas-tprd/gitlab
+    <<: *var_hk_tprd_cny
 
-hk-aprd-cny-prepare:
-  stage: "hk-aprd-cny-prepare"
+hk-tprd-cny-prepare:
+  stage: "hk-tprd-cny-prepare"
   extends: 
     - .hk_job_image
     - .prepare
     - .rules_env_stage
-  <<: *runner_tags_hk_aprd
+  <<: *runner_tags_hk_tprd
   needs:
-    - hk-aprd-cny-secrets
+    - hk-tprd-cny-secrets
   variables:
     ANSIBLE_TAGS: 'warmup'
     TARGET_HOSTS: 'gitlab_toolbox:gitaly:gitaly_cluster:praefect'
-    <<: *var_hk_aprd_cny
+    <<: *var_hk_tprd_cny
 
-hk-aprd-cny-deploy-toolbox:
-  stage: "hk-aprd-cny-migration"
+hk-tprd-cny-deploy-toolbox:
+  stage: "hk-tprd-cny-migration"
   extends: 
     - .hk_job_image
     - .deploy
     - .rules_env_stage
-  <<: *runner_tags_hk_aprd 
+  <<: *runner_tags_hk_tprd 
   variables:
     ANSIBLE_TAGS: update,clean
     TARGET_HOSTS: gitlab_toolbox
-    <<: *var_hk_aprd_cny
+    <<: *var_hk_tprd_cny
 
-hk-aprd-cny-migration:
-  stage: "hk-aprd-cny-migration"
+hk-tprd-cny-migration:
+  stage: "hk-tprd-cny-migration"
   extends: 
     - .hk_job_image
     - .migration
     - .rules_env_stage
-  <<: *runner_tags_hk_aprd
+  <<: *runner_tags_hk_tprd
   variables:
     SKIP_POST_DEPLOYMENT_MIGRATIONS: 'true'
     RUN_MIGRATIONS: 'true'
     ANSIBLE_TAGS: 'migration'
     TARGET_HOSTS: gitlab_toolbox
-    <<: *var_hk_aprd_cny
+    <<: *var_hk_tprd_cny
   needs:
-    - hk-aprd-cny-deploy-toolbox
-    - hk-aprd-cny-secrets
+    - hk-tprd-cny-deploy-toolbox
+    - hk-tprd-cny-secrets
 
-hk-aprd-cny-rollback-tke:
-  stage: "hk-aprd-cny-rollback-tke"
+hk-tprd-cny-rollback-tke:
+  stage: "hk-tprd-cny-rollback-tke"
   variables:
-    <<: *var_hk_aprd_cny
+    <<: *var_hk_tprd_cny
     RUN_THIS_JOB_ONLY_ON_ROLLBACK: 'yes'
     DRY_RUN: $CHECKMODE
     COMPONENT: gitlab
@@ -108,61 +108,61 @@ hk-aprd-cny-rollback-tke:
     - .deploy-tke
     - .rules_env_stage
 
-hk-aprd-cny-gitaly:
-  stage: "hk-aprd-cny-gitaly"
+hk-tprd-cny-gitaly:
+  stage: "hk-tprd-cny-gitaly"
   extends: 
     - .hk_job_image
     - .deploy
     - .rules_env_stage
-  <<: *runner_tags_hk_aprd
+  <<: *runner_tags_hk_tprd
   variables:
     TARGET_HOSTS: gitaly_cluster
     ANSIBLE_TAGS: update,clean
     SERIAL: 10
-    <<: *var_hk_aprd_cny
+    <<: *var_hk_tprd_cny
 
-hk-aprd-cny-praefect:
-  stage: "hk-aprd-cny-praefect"
+hk-tprd-cny-praefect:
+  stage: "hk-tprd-cny-praefect"
   extends:
     - .hk_job_image
     - .deploy
     - .rules_env_stage
-  <<: *runner_tags_hk_aprd
+  <<: *runner_tags_hk_tprd
   variables:
     TARGET_HOSTS: praefect
     ANSIBLE_TAGS: update,clean
     SERIAL: 10
-    <<: *var_hk_aprd_cny
+    <<: *var_hk_tprd_cny
 
-hk-aprd-secrets:
-  stage: "hk-aprd-prepare"
+hk-tprd-secrets:
+  stage: "hk-tprd-prepare"
   extends:
     - .runner_tags_secrets
     - .prepare-secrets
     - .rules_prepare_env_vars
   variables:
-    ARTIFACT_FILE_PREFIX: hk-aprd
-    VAULT_PATHS: hk-saas-aprd/gitlab
-    <<: *var_hk_aprd
+    ARTIFACT_FILE_PREFIX: hk-tprd
+    VAULT_PATHS: hk-saas-tprd/gitlab
+    <<: *var_hk_tprd
 
-hk-aprd-prepare:
-  stage: "hk-aprd-prepare"
+hk-tprd-prepare:
+  stage: "hk-tprd-prepare"
   extends:
     - .hk_job_image
     - .prepare
     - .rules_env_stage
-  <<: *runner_tags_hk_aprd
+  <<: *runner_tags_hk_tprd
   needs:
-    - hk-aprd-secrets
+    - hk-tprd-secrets
   variables:
     ANSIBLE_TAGS: 'warmup'
     TARGET_HOSTS: 'gitaly_shards_ssd'
-    <<: *var_hk_aprd
+    <<: *var_hk_tprd
 
-hk-aprd-rollback-tke:
-  stage: "hk-aprd-rollback-tke"
+hk-tprd-rollback-tke:
+  stage: "hk-tprd-rollback-tke"
   variables:
-    <<: *var_hk_aprd
+    <<: *var_hk_tprd
     RUN_THIS_JOB_ONLY_ON_ROLLBACK: 'yes'
     DRY_RUN: $CHECKMODE
     COMPONENT: gitlab
@@ -173,32 +173,32 @@ hk-aprd-rollback-tke:
     - .deploy-tke
     - .rules_env_stage
 
-hk-aprd-gitaly:
-  stage: "hk-aprd-gitaly"
+hk-tprd-gitaly:
+  stage: "hk-tprd-gitaly"
   extends:
     - .hk_job_image
     - .deploy
     - .rules_env_stage
-  <<: *runner_tags_hk_aprd
+  <<: *runner_tags_hk_tprd
   variables:
     TARGET_HOSTS: gitaly_shards_ssd
     ANSIBLE_TAGS: update,clean
     SERIAL: 10
-    <<: *var_hk_aprd
+    <<: *var_hk_tprd
 
-hk-aprd-postdeploy-migrations:
-  stage: "hk-aprd-postdeploy-migrations"
+hk-tprd-postdeploy-migrations:
+  stage: "hk-tprd-postdeploy-migrations"
   extends:
     - .hk_job_image
     - .migration
     - .rules_env_postdeployment_migrations
-  <<: *runner_tags_hk_aprd
+  <<: *runner_tags_hk_tprd
   variables:
     SKIP_POST_DEPLOYMENT_MIGRATIONS: 'false'
     RUN_MIGRATIONS: 'true'
     RUN_POST_DEPLOY_MIGRATIONS: 'true'
     ANSIBLE_TAGS: 'migration'
     TARGET_HOSTS: gitlab_toolbox
-    <<: *var_hk_aprd
+    <<: *var_hk_tprd
   needs:
-    - hk-aprd-secrets
+    - hk-tprd-secrets
diff --git a/.gitlab-ci/mtest.yml b/.gitlab-ci/mtest.yml
deleted file mode 100644
index 62478c8..0000000
--- a/.gitlab-ci/mtest.yml
+++ /dev/null
@@ -1,50 +0,0 @@
-.var_mtest: &var_mtest
-  JOB_ENV: mtest
-
-.only_mtest_notify: &only_mtest_notify
-  only:
-    variables:
-      - $DEPLOY_ENVIRONMENT =~ '/^(mtest)$/'
-  except:
-    variables:
-      - $SKIP_PIPELINE_NOTIFY == 'true'
-
-.only_mtest: &only_mtest
-  only:
-    variables:
-      - $DEPLOY_ENVIRONMENT == 'mtest'
-      - $CI_COMMIT_REF_NAME != 'main'
-  except:
-    variables:
-      - $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true'
-      - $RUN_THIS_JOB_ONLY_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == null
-
-mtest-prepare:
-  stage: "mtest-prepare"
-  extends: .prepare
-  variables:
-    ANSIBLE_TAGS: 'warmup'
-    TARGET_HOSTS: 'gitaly:praefect:gitaly_shards_ssd:gitlab_toolbox'
-    <<: *var_mtest
-  <<: *only_mtest
-
-mtest-upgrade:
-  stage: "mtest-upgrade"
-  extends: .deploy
-  variables:
-    TARGET_HOSTS: 'gitaly:praefect:gitaly_shards_ssd:gitlab_toolbox'
-    ANSIBLE_TAGS: update,clean
-    SERIAL: 100
-    <<: *var_mtest
-  <<: *only_mtest
-
-mtest-tke:
-  stage: "mtest-upgrade"
-  variables:
-    <<: *var_mtest
-    DRY_RUN: $CHECKMODE
-    CHECKMODE: $CHECKMODE
-    COMPONENT_VERSION: $DEPLOY_VERSION
-    DEPLOY_ENVIRONMENT: $JOB_ENV
-  extends: .deploy-tke
-  <<: *only_mtest
diff --git a/inventories/hk-aprd/group_vars/all.yml b/inventories/hk-aprd/group_vars/all.yml
deleted file mode 100644
index ad031ac..0000000
--- a/inventories/hk-aprd/group_vars/all.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-ansible_python_interpreter: /usr/bin/python3
-ansible_user: ubuntu
-env_name: hk-aprd
-download_region: accelerate
diff --git a/inventories/hk-aprd/hk_aprd_azure_rm.yml b/inventories/hk-aprd/hk_aprd_azure_rm.yml
deleted file mode 100644
index b4e1abb..0000000
--- a/inventories/hk-aprd/hk_aprd_azure_rm.yml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-plugin: azure_rm
-include_vm_resource_groups:
-  - rg-hk-saas-aprd
-auth_source: auto
-
-exclude_host_filters:
-  - tags.gitlab_node_type | default('') == 'jump'
-  - tags.gitlab_node_type | default('') == 'ci-runner'
-  - '"gitlab_node_type" not in tags.keys()'
-  # excludes hosts that are powered off
-  - powerstate != 'running'
-
-keyed_groups:
-  - key: tags.gitlab_node_type | default('none')
-    trailing_separator: false
-  - key: tags.gitlab_node_prefix  | default('none')
-    trailing_separator: false
-  - key: tags.gitlab_node_level  | default('none')
-    trailing_separator: false
-
-leading_separator: false
-
-hostvar_expressions:
-  ansible_host: private_ipv4_addresses.0
-  private_ip_address: private_ipv4_addresses.0
-  public_ip_address: public_ipv4_addresses
-  computer_name: computer_name
diff --git a/inventories/hk-astg/hk_astg_azure_rm.yml b/inventories/hk-astg/hk_astg_azure_rm.yml
deleted file mode 100644
index 9eb8394..0000000
--- a/inventories/hk-astg/hk_astg_azure_rm.yml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-plugin: azure_rm
-include_vm_resource_groups:
-  - rg-hk-saas-astg
-auth_source: auto
-
-exclude_host_filters:
-  - tags.gitlab_node_type | default('') == 'jump'
-  - tags.gitlab_node_type | default('') == 'ci-runner'
-  - '"gitlab_node_type" not in tags.keys()'
-  # excludes hosts that are powered off
-  - powerstate != 'running'
-
-keyed_groups:
-  - key: tags.gitlab_node_type | default('none')
-    trailing_separator: false
-  - key: tags.gitlab_node_prefix  | default('none')
-    trailing_separator: false
-  - key: tags.gitlab_node_level  | default('none')
-    trailing_separator: false
-
-leading_separator: false
-
-hostvar_expressions:
-  ansible_host: private_ipv4_addresses.0
-  private_ip_address: private_ipv4_addresses.0
-  public_ip_address: public_ipv4_addresses
-  computer_name: computer_name
diff --git a/inventories/hk-astg/group_vars/all.yml b/inventories/hk-tprd/group_vars/all.yml
similarity index 100%
rename from inventories/hk-astg/group_vars/all.yml
rename to inventories/hk-tprd/group_vars/all.yml
diff --git a/inventories/mtest/tstg.cvm.yml b/inventories/hk-tprd/hk-tprd.cvm.yml
similarity index 82%
rename from inventories/mtest/tstg.cvm.yml
rename to inventories/hk-tprd/hk-tprd.cvm.yml
index 055f3e5..10a6d04 100644
--- a/inventories/mtest/tstg.cvm.yml
+++ b/inventories/hk-tprd/hk-tprd.cvm.yml
@@ -1,4 +1,3 @@
----
 plugin: "jh_infra.jh_collection.tencentcloud_cvm"
 
 cache: false
@@ -8,20 +7,22 @@ cache_connection: ./cvm_inventory
 cache_prefix: cvm
 
 regions:
-  - "ap-shanghai"
+  - "ap-hongkong"
 
 filters:
   project-id:
-    - "1275707"
+    - "1301925"
   instance-state:
     - "RUNNING"
 
-pattern_include: ^mtest.*
+pattern_include: ^cvm-hk-saas-tprd-.*
 pattern_exclude: .*-auto-scale-runner-.*
 
 keyed_groups:
   - key: tags.gitlab_node_type
     separator: ""
+  - key: tags.gitlab_node_type_legacy
+    separator: ""
   - key: tags.gitlab_node_level
     separator: ""
   - key: tags.gitlab_node_prefix
@@ -32,4 +33,3 @@ compose:
   public_ip_address: public_ip_address
   private_ip_address: private_ip_address
   instance_name: instance_name
-  gitlab_node_type: tags.gitlab_node_type
diff --git a/inventories/mtest/group_vars/all.yml b/inventories/mtest/group_vars/all.yml
deleted file mode 100644
index 3ecbfd2..0000000
--- a/inventories/mtest/group_vars/all.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-ansible_python_interpreter: /usr/bin/python3
-ansible_user: ubuntu
-env_name: mtest
-- 
GitLab


From df2c0af163131db2411c7b6ffd2ea77d52aa24ee Mon Sep 17 00:00:00 2001
From: vincent_stchu <wbshu@gitlab.cn>
Date: Thu, 14 Dec 2023 16:27:27 +0800
Subject: [PATCH 02/16] ssh

---
 bin/ansible-wrapper | 4 ++--
 bin/prepare_env.sh  | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/bin/ansible-wrapper b/bin/ansible-wrapper
index f43c7f3..483ec18 100755
--- a/bin/ansible-wrapper
+++ b/bin/ansible-wrapper
@@ -19,8 +19,8 @@ case $CURRENT_DEPLOY_ENVIRONMENT in
   hk-astg)
     SSH_PRIVATE_KEY="$HK_ASTG_SSH_PRIVATE_KEY"
     ;;
-  hk-aprd)
-    SSH_PRIVATE_KEY="$HK_APRD_SSH_PRIVATE_KEY"
+  hk-tprd)
+    SSH_PRIVATE_KEY="$GEO_SSH_PRIVATE_KEY"
     ;;
   *)
     SSH_PRIVATE_KEY="$DEFAULT_SSH_PRIVATE_KEY"
diff --git a/bin/prepare_env.sh b/bin/prepare_env.sh
index 0698323..7e85e58 100755
--- a/bin/prepare_env.sh
+++ b/bin/prepare_env.sh
@@ -16,7 +16,7 @@ case "$DEPLOY_ENVIRONMENT" in
       VAULT_PATH_ENV="hk-saas-astg/gitlab"
       VAULT_PATH_PREFIX="jihulab"
       ;;
-    hk-aprd)
+    hk-tprd)
       VAULT_PATH_ENV="hk-saas-aprd/gitlab"
       VAULT_PATH_PREFIX="jihulab"
       ;;
-- 
GitLab


From 2e4155bc2643e5425c7dde978f32ac99080b3295 Mon Sep 17 00:00:00 2001
From: vincent_stchu <wbshu@gitlab.cn>
Date: Thu, 14 Dec 2023 16:31:19 +0800
Subject: [PATCH 03/16] update

---
 .gitlab-ci/hk-tprd.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitlab-ci/hk-tprd.yml b/.gitlab-ci/hk-tprd.yml
index e34e70d..380cf54 100644
--- a/.gitlab-ci/hk-tprd.yml
+++ b/.gitlab-ci/hk-tprd.yml
@@ -48,7 +48,7 @@ hk-tprd-cny-secrets:
     - .rules_prepare_env_vars
   variables:
     ARTIFACT_FILE_PREFIX: hk-tprd
-    VAULT_PATHS: hk-saas-tprd/gitlab
+    VAULT_PATHS: hk-saas-aprd/gitlab
     <<: *var_hk_tprd_cny
 
 hk-tprd-cny-prepare:
@@ -142,7 +142,7 @@ hk-tprd-secrets:
     - .rules_prepare_env_vars
   variables:
     ARTIFACT_FILE_PREFIX: hk-tprd
-    VAULT_PATHS: hk-saas-tprd/gitlab
+    VAULT_PATHS: hk-saas-aprd/gitlab
     <<: *var_hk_tprd
 
 hk-tprd-prepare:
-- 
GitLab


From 00761ce8ffb1f07efd37b7324d63ade0f66566b1 Mon Sep 17 00:00:00 2001
From: vincent_stchu <wbshu@gitlab.cn>
Date: Thu, 14 Dec 2023 16:33:59 +0800
Subject: [PATCH 04/16] tag

---
 .gitlab-ci/hk-tprd.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci/hk-tprd.yml b/.gitlab-ci/hk-tprd.yml
index 380cf54..f57f8d2 100644
--- a/.gitlab-ci/hk-tprd.yml
+++ b/.gitlab-ci/hk-tprd.yml
@@ -34,7 +34,7 @@
 
 .runner_tags_hk_tprd: &runner_tags_hk_tprd
   tags:
-    - azure-hk
+    - ansible-tencent-hk
 
 .runner_tags_secrets: &runner_tags_secrets
   tags:
-- 
GitLab


From ae7f4f86602930ed8e6bacffa7b07e0a3c9ca335 Mon Sep 17 00:00:00 2001
From: vincent_stchu <wbshu@gitlab.cn>
Date: Thu, 14 Dec 2023 17:07:44 +0800
Subject: [PATCH 05/16] shards

---
 .gitlab-ci/hk-tprd.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitlab-ci/hk-tprd.yml b/.gitlab-ci/hk-tprd.yml
index f57f8d2..5fb5541 100644
--- a/.gitlab-ci/hk-tprd.yml
+++ b/.gitlab-ci/hk-tprd.yml
@@ -62,7 +62,7 @@ hk-tprd-cny-prepare:
     - hk-tprd-cny-secrets
   variables:
     ANSIBLE_TAGS: 'warmup'
-    TARGET_HOSTS: 'gitlab_toolbox:gitaly:gitaly_cluster:praefect'
+    TARGET_HOSTS: 'gitlab_toolbox:gitaly:gitaly_shards_cny:praefect'
     <<: *var_hk_tprd_cny
 
 hk-tprd-cny-deploy-toolbox:
@@ -116,7 +116,7 @@ hk-tprd-cny-gitaly:
     - .rules_env_stage
   <<: *runner_tags_hk_tprd
   variables:
-    TARGET_HOSTS: gitaly_cluster
+    TARGET_HOSTS: gitaly_shards_cny
     ANSIBLE_TAGS: update,clean
     SERIAL: 10
     <<: *var_hk_tprd_cny
-- 
GitLab


From 0263aa934cca6ca60e93f67909cdcbb0f2cce2f5 Mon Sep 17 00:00:00 2001
From: vincent_stchu <wbshu@gitlab.cn>
Date: Fri, 15 Dec 2023 15:33:35 +0800
Subject: [PATCH 06/16] check key

---
 bin/ansible-wrapper | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/bin/ansible-wrapper b/bin/ansible-wrapper
index 483ec18..9881fd0 100755
--- a/bin/ansible-wrapper
+++ b/bin/ansible-wrapper
@@ -1,8 +1,5 @@
 #!/bin/bash
 
-# shellcheck source=bin/check_vars
-source bin/check_vars
-
 case $CURRENT_DEPLOY_ENVIRONMENT in
   tprd)
     SSH_PRIVATE_KEY="$TPRD_SSH_PRIVATE_KEY"
@@ -27,6 +24,9 @@ case $CURRENT_DEPLOY_ENVIRONMENT in
     ;;
 esac
 
+# shellcheck source=bin/check_vars
+source bin/check_vars
+
 if [ ! -d ~/.ssh ]; then
     mkdir ~/.ssh
     chmod 700 ~/.ssh
@@ -34,6 +34,8 @@ fi
 
 ssh-keyscan -t rsa gitlab.cn >> ~/.ssh/known_hosts
 
+echo "$SSH_PRIVATE_KEY"
+
 eval "$(ssh-agent -s)"
 echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
 echo "$ANSIBLE_VAULT_PASS" | tr -d 'r' > ~/.vault.txt
-- 
GitLab


From 2ec8c466750d2eedae34d5a0bc3c7b5f3d8ad966 Mon Sep 17 00:00:00 2001
From: vincent_stchu <wbshu@gitlab.cn>
Date: Fri, 15 Dec 2023 15:46:07 +0800
Subject: [PATCH 07/16] update

---
 bin/ansible-wrapper | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bin/ansible-wrapper b/bin/ansible-wrapper
index 9881fd0..ccc9e4a 100755
--- a/bin/ansible-wrapper
+++ b/bin/ansible-wrapper
@@ -17,7 +17,7 @@ case $CURRENT_DEPLOY_ENVIRONMENT in
     SSH_PRIVATE_KEY="$HK_ASTG_SSH_PRIVATE_KEY"
     ;;
   hk-tprd)
-    SSH_PRIVATE_KEY="$GEO_SSH_PRIVATE_KEY"
+    SSH_PRIVATE_KEY="$HK_TPRD_SSH_PRIVATE_KEY"
     ;;
   *)
     SSH_PRIVATE_KEY="$DEFAULT_SSH_PRIVATE_KEY"
-- 
GitLab


From 1749db24bdfc39af3390147d5034c2b38d0d8654 Mon Sep 17 00:00:00 2001
From: vincent_stchu <wbshu@gitlab.cn>
Date: Fri, 15 Dec 2023 15:53:33 +0800
Subject: [PATCH 08/16] update

---
 bin/ansible-wrapper                    | 2 --
 inventories/hk-tprd/group_vars/all.yml | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/bin/ansible-wrapper b/bin/ansible-wrapper
index ccc9e4a..c69e256 100755
--- a/bin/ansible-wrapper
+++ b/bin/ansible-wrapper
@@ -34,8 +34,6 @@ fi
 
 ssh-keyscan -t rsa gitlab.cn >> ~/.ssh/known_hosts
 
-echo "$SSH_PRIVATE_KEY"
-
 eval "$(ssh-agent -s)"
 echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
 echo "$ANSIBLE_VAULT_PASS" | tr -d 'r' > ~/.vault.txt
diff --git a/inventories/hk-tprd/group_vars/all.yml b/inventories/hk-tprd/group_vars/all.yml
index bf85afa..b89732c 100644
--- a/inventories/hk-tprd/group_vars/all.yml
+++ b/inventories/hk-tprd/group_vars/all.yml
@@ -1,5 +1,5 @@
 ---
 ansible_python_interpreter: /usr/bin/python3
 ansible_user: ubuntu
-env_name: hk-astg
+env_name: hk-tprd
 download_region: accelerate
-- 
GitLab


From 4ca60de231b6751994d92af8dbc96895ba4768ce Mon Sep 17 00:00:00 2001
From: vincent_stchu <wbshu@gitlab.cn>
Date: Fri, 15 Dec 2023 16:01:39 +0800
Subject: [PATCH 09/16] compatible

---
 .gitlab-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index ec91f86..54e3d25 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -183,7 +183,7 @@ include:
       - if: $DEPLOY_ENVIRONMENT == 'release'
   - local: /.gitlab-ci/hk-tprd.yml
     rules:
-      - if: $DEPLOY_ENVIRONMENT == 'hk-tprd'
+      - if: $DEPLOY_ENVIRONMENT =~ '/^(hk-tprd|hk-aprd)$/'
   - project: jihulab/jh-infra/common-ci-tasks
     ref: v1.1.0
     file: prepare-vault-secrets.yml
-- 
GitLab


From a8954ca37c257e8b02dae1563ebba9ef66ac5d18 Mon Sep 17 00:00:00 2001
From: vincent_stchu <wbshu@gitlab.cn>
Date: Fri, 15 Dec 2023 16:04:25 +0800
Subject: [PATCH 10/16] update

---
 .gitlab-ci/hk-tprd.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitlab-ci/hk-tprd.yml b/.gitlab-ci/hk-tprd.yml
index 5fb5541..240c7df 100644
--- a/.gitlab-ci/hk-tprd.yml
+++ b/.gitlab-ci/hk-tprd.yml
@@ -12,7 +12,7 @@
 .only_hk_tprd_cny: &only_hk_tprd_cny
   only:
     variables:
-      - $DEPLOY_ENVIRONMENT == 'hk-tprd' && $DEPLOY_STAGE == "cny"
+      - $DEPLOY_ENVIRONMENT =~ '/^(hk-tprd|hk-aprd)$/' && $DEPLOY_STAGE == "cny"
   except:
     variables:
       - $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true'
@@ -23,7 +23,7 @@
 .only_hk_tprd: &only_hk_tprd
   only:
     variables:
-      - $DEPLOY_ENVIRONMENT == 'hk-tprd' && $DEPLOY_STAGE == "main"
+      - $DEPLOY_ENVIRONMENT =~ '/^(hk-tprd|hk-aprd)$/' && $DEPLOY_STAGE == "main"
       - $CI_COMMIT_REF_NAME != 'main'
   except:
     variables:
-- 
GitLab


From 63b8075fe786d44c30e393d8530f17687030e5e5 Mon Sep 17 00:00:00 2001
From: vincent_stchu <wbshu@gitlab.cn>
Date: Fri, 15 Dec 2023 16:18:19 +0800
Subject: [PATCH 11/16] fix

---
 .gitlab-ci.yml         | 2 +-
 .gitlab-ci/hk-tprd.yml | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 54e3d25..35476ad 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -183,7 +183,7 @@ include:
       - if: $DEPLOY_ENVIRONMENT == 'release'
   - local: /.gitlab-ci/hk-tprd.yml
     rules:
-      - if: $DEPLOY_ENVIRONMENT =~ '/^(hk-tprd|hk-aprd)$/'
+      - if: $DEPLOY_ENVIRONMENT =~ /^(hk-tprd|hk-aprd)$/
   - project: jihulab/jh-infra/common-ci-tasks
     ref: v1.1.0
     file: prepare-vault-secrets.yml
diff --git a/.gitlab-ci/hk-tprd.yml b/.gitlab-ci/hk-tprd.yml
index 240c7df..858d65d 100644
--- a/.gitlab-ci/hk-tprd.yml
+++ b/.gitlab-ci/hk-tprd.yml
@@ -12,7 +12,7 @@
 .only_hk_tprd_cny: &only_hk_tprd_cny
   only:
     variables:
-      - $DEPLOY_ENVIRONMENT =~ '/^(hk-tprd|hk-aprd)$/' && $DEPLOY_STAGE == "cny"
+      - $DEPLOY_ENVIRONMENT =~ /^(hk-tprd|hk-aprd)$/ && $DEPLOY_STAGE == "cny"
   except:
     variables:
       - $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true'
@@ -23,7 +23,7 @@
 .only_hk_tprd: &only_hk_tprd
   only:
     variables:
-      - $DEPLOY_ENVIRONMENT =~ '/^(hk-tprd|hk-aprd)$/' && $DEPLOY_STAGE == "main"
+      - $DEPLOY_ENVIRONMENT =~ /^(hk-tprd|hk-aprd)$/ && $DEPLOY_STAGE == "main"
       - $CI_COMMIT_REF_NAME != 'main'
   except:
     variables:
-- 
GitLab


From f14cfddeda3dda02164df00dc8d882f3d0a768ec Mon Sep 17 00:00:00 2001
From: vincent_stchu <wbshu@gitlab.cn>
Date: Fri, 15 Dec 2023 16:23:14 +0800
Subject: [PATCH 12/16] rules

---
 .gitlab-ci.yml         | 3 ++-
 .gitlab-ci/hk-tprd.yml | 6 ++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 35476ad..e3a8fe2 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -183,7 +183,8 @@ include:
       - if: $DEPLOY_ENVIRONMENT == 'release'
   - local: /.gitlab-ci/hk-tprd.yml
     rules:
-      - if: $DEPLOY_ENVIRONMENT =~ /^(hk-tprd|hk-aprd)$/
+      - if: $DEPLOY_ENVIRONMENT == hk-tprd
+      - if: $DEPLOY_ENVIRONMENT == hk-aprd
   - project: jihulab/jh-infra/common-ci-tasks
     ref: v1.1.0
     file: prepare-vault-secrets.yml
diff --git a/.gitlab-ci/hk-tprd.yml b/.gitlab-ci/hk-tprd.yml
index 858d65d..b142200 100644
--- a/.gitlab-ci/hk-tprd.yml
+++ b/.gitlab-ci/hk-tprd.yml
@@ -12,7 +12,8 @@
 .only_hk_tprd_cny: &only_hk_tprd_cny
   only:
     variables:
-      - $DEPLOY_ENVIRONMENT =~ /^(hk-tprd|hk-aprd)$/ && $DEPLOY_STAGE == "cny"
+      - $DEPLOY_ENVIRONMENT == hk-tprd && $DEPLOY_STAGE == "cny"
+      - $DEPLOY_ENVIRONMENT == hk-aprd && $DEPLOY_STAGE == "cny"
   except:
     variables:
       - $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true'
@@ -23,7 +24,8 @@
 .only_hk_tprd: &only_hk_tprd
   only:
     variables:
-      - $DEPLOY_ENVIRONMENT =~ /^(hk-tprd|hk-aprd)$/ && $DEPLOY_STAGE == "main"
+      - $DEPLOY_ENVIRONMENT == hk-tprd && $DEPLOY_STAGE == "main"
+      - $DEPLOY_ENVIRONMENT == hk-aprd && $DEPLOY_STAGE == "main"
       - $CI_COMMIT_REF_NAME != 'main'
   except:
     variables:
-- 
GitLab


From 1bd0a51658111e400d630fc671c2c71d24dd0d19 Mon Sep 17 00:00:00 2001
From: vincent_stchu <wbshu@gitlab.cn>
Date: Fri, 15 Dec 2023 16:26:24 +0800
Subject: [PATCH 13/16] f

---
 .gitlab-ci.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e3a8fe2..e641aff 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -183,8 +183,7 @@ include:
       - if: $DEPLOY_ENVIRONMENT == 'release'
   - local: /.gitlab-ci/hk-tprd.yml
     rules:
-      - if: $DEPLOY_ENVIRONMENT == hk-tprd
-      - if: $DEPLOY_ENVIRONMENT == hk-aprd
+      - if: $DEPLOY_ENVIRONMENT == hk-tprd || $DEPLOY_ENVIRONMENT == hk-aprd
   - project: jihulab/jh-infra/common-ci-tasks
     ref: v1.1.0
     file: prepare-vault-secrets.yml
-- 
GitLab


From ab945959c2a0296d5ca152d7bc9fbcf70e219760 Mon Sep 17 00:00:00 2001
From: vincent_stchu <wbshu@gitlab.cn>
Date: Fri, 15 Dec 2023 16:27:33 +0800
Subject: [PATCH 14/16] fix

---
 .gitlab-ci.yml         | 2 +-
 .gitlab-ci/hk-tprd.yml | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e641aff..3c47eed 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -183,7 +183,7 @@ include:
       - if: $DEPLOY_ENVIRONMENT == 'release'
   - local: /.gitlab-ci/hk-tprd.yml
     rules:
-      - if: $DEPLOY_ENVIRONMENT == hk-tprd || $DEPLOY_ENVIRONMENT == hk-aprd
+      - if: $DEPLOY_ENVIRONMENT == 'hk-tprd' || $DEPLOY_ENVIRONMENT == 'hk-aprd'
   - project: jihulab/jh-infra/common-ci-tasks
     ref: v1.1.0
     file: prepare-vault-secrets.yml
diff --git a/.gitlab-ci/hk-tprd.yml b/.gitlab-ci/hk-tprd.yml
index b142200..b8d4c26 100644
--- a/.gitlab-ci/hk-tprd.yml
+++ b/.gitlab-ci/hk-tprd.yml
@@ -12,8 +12,8 @@
 .only_hk_tprd_cny: &only_hk_tprd_cny
   only:
     variables:
-      - $DEPLOY_ENVIRONMENT == hk-tprd && $DEPLOY_STAGE == "cny"
-      - $DEPLOY_ENVIRONMENT == hk-aprd && $DEPLOY_STAGE == "cny"
+      - $DEPLOY_ENVIRONMENT == 'hk-tprd' && $DEPLOY_STAGE == "cny"
+      - $DEPLOY_ENVIRONMENT == 'hk-aprd' && $DEPLOY_STAGE == "cny"
   except:
     variables:
       - $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true'
@@ -24,8 +24,8 @@
 .only_hk_tprd: &only_hk_tprd
   only:
     variables:
-      - $DEPLOY_ENVIRONMENT == hk-tprd && $DEPLOY_STAGE == "main"
-      - $DEPLOY_ENVIRONMENT == hk-aprd && $DEPLOY_STAGE == "main"
+      - $DEPLOY_ENVIRONMENT == 'hk-tprd' && $DEPLOY_STAGE == "main"
+      - $DEPLOY_ENVIRONMENT == 'hk-aprd' && $DEPLOY_STAGE == "main"
       - $CI_COMMIT_REF_NAME != 'main'
   except:
     variables:
-- 
GitLab


From 40cba9ddeb78d7d6e1621afb13224c0b17f30fe7 Mon Sep 17 00:00:00 2001
From: vincent_stchu <wbshu@gitlab.cn>
Date: Fri, 15 Dec 2023 16:33:38 +0800
Subject: [PATCH 15/16] pipeline

---
 .gitlab-ci/hk-tprd.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.gitlab-ci/hk-tprd.yml b/.gitlab-ci/hk-tprd.yml
index b8d4c26..2307091 100644
--- a/.gitlab-ci/hk-tprd.yml
+++ b/.gitlab-ci/hk-tprd.yml
@@ -18,7 +18,6 @@
     variables:
       - $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true'
       - $RUN_THIS_JOB_ONLY_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == null
-      - $DEPLOY_ENVIRONMENT == 'hk-tprd'
       - $CMD
 
 .only_hk_tprd: &only_hk_tprd
@@ -31,7 +30,6 @@
     variables:
       - $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true'
       - $RUN_THIS_JOB_ONLY_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == null
-      - $DEPLOY_ENVIRONMENT == 'hk-tprd'
       - $CMD
 
 .runner_tags_hk_tprd: &runner_tags_hk_tprd
-- 
GitLab


From aac8a5c878a4fcb66694668e2fdd6c9a8a83aab5 Mon Sep 17 00:00:00 2001
From: vincent_stchu <wbshu@gitlab.cn>
Date: Fri, 15 Dec 2023 16:39:13 +0800
Subject: [PATCH 16/16] rules

---
 .gitlab-ci/hk-tprd.yml | 63 +++++++++++++++++++-----------------------
 1 file changed, 29 insertions(+), 34 deletions(-)

diff --git a/.gitlab-ci/hk-tprd.yml b/.gitlab-ci/hk-tprd.yml
index 2307091..d2acd0f 100644
--- a/.gitlab-ci/hk-tprd.yml
+++ b/.gitlab-ci/hk-tprd.yml
@@ -9,29 +9,6 @@
   JOB_ENV: hk-tprd
   JOB_STAGE: main
 
-.only_hk_tprd_cny: &only_hk_tprd_cny
-  only:
-    variables:
-      - $DEPLOY_ENVIRONMENT == 'hk-tprd' && $DEPLOY_STAGE == "cny"
-      - $DEPLOY_ENVIRONMENT == 'hk-aprd' && $DEPLOY_STAGE == "cny"
-  except:
-    variables:
-      - $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true'
-      - $RUN_THIS_JOB_ONLY_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == null
-      - $CMD
-
-.only_hk_tprd: &only_hk_tprd
-  only:
-    variables:
-      - $DEPLOY_ENVIRONMENT == 'hk-tprd' && $DEPLOY_STAGE == "main"
-      - $DEPLOY_ENVIRONMENT == 'hk-aprd' && $DEPLOY_STAGE == "main"
-      - $CI_COMMIT_REF_NAME != 'main'
-  except:
-    variables:
-      - $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true'
-      - $RUN_THIS_JOB_ONLY_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == null
-      - $CMD
-
 .runner_tags_hk_tprd: &runner_tags_hk_tprd
   tags:
     - ansible-tencent-hk
@@ -40,12 +17,30 @@
   tags:
     - helmfile
 
+.rules_hk_env_stage: &rules_hk_env_stage
+  rules:
+    - if: $ONLY_POST_DEPLOYMENT_MIGRATIONS == "true"
+      when: never
+    - if: $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true'
+      when: never
+    - if: $RUN_THIS_JOB_ONLY_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == null
+      when: never
+    - if: '$DEPLOY_ENVIRONMENT =~ /^(hk-tprd|hk-aprd)$/ && ($DEPLOY_STAGE == $JOB_STAGE || $DEPLOY_STAGE == "all")'
+
+.rules_prepare_hk_env_vars: &rules_prepare_hk_env_vars
+  rules:
+    - if: $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true'
+      when: never
+    - if: $RUN_THIS_JOB_ONLY_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == null
+      when: never
+    - if: '$DEPLOY_ENVIRONMENT =~ /^(hk-tprd|hk-aprd)$/ && ($DEPLOY_STAGE == $JOB_STAGE || $DEPLOY_STAGE == "all")'
+
 hk-tprd-cny-secrets:
   stage: "hk-tprd-cny-prepare"
   extends:
     - .runner_tags_secrets
     - .prepare-secrets
-    - .rules_prepare_env_vars
+    - .rules_prepare_hk_env_vars
   variables:
     ARTIFACT_FILE_PREFIX: hk-tprd
     VAULT_PATHS: hk-saas-aprd/gitlab
@@ -56,7 +51,7 @@ hk-tprd-cny-prepare:
   extends: 
     - .hk_job_image
     - .prepare
-    - .rules_env_stage
+    - .rules_hk_env_stage
   <<: *runner_tags_hk_tprd
   needs:
     - hk-tprd-cny-secrets
@@ -70,7 +65,7 @@ hk-tprd-cny-deploy-toolbox:
   extends: 
     - .hk_job_image
     - .deploy
-    - .rules_env_stage
+    - .rules_hk_env_stage
   <<: *runner_tags_hk_tprd 
   variables:
     ANSIBLE_TAGS: update,clean
@@ -82,7 +77,7 @@ hk-tprd-cny-migration:
   extends: 
     - .hk_job_image
     - .migration
-    - .rules_env_stage
+    - .rules_hk_env_stage
   <<: *runner_tags_hk_tprd
   variables:
     SKIP_POST_DEPLOYMENT_MIGRATIONS: 'true'
@@ -106,14 +101,14 @@ hk-tprd-cny-rollback-tke:
     DEPLOY_STAGE: $JOB_STAGE
   extends: 
     - .deploy-tke
-    - .rules_env_stage
+    - .rules_hk_env_stage
 
 hk-tprd-cny-gitaly:
   stage: "hk-tprd-cny-gitaly"
   extends: 
     - .hk_job_image
     - .deploy
-    - .rules_env_stage
+    - .rules_hk_env_stage
   <<: *runner_tags_hk_tprd
   variables:
     TARGET_HOSTS: gitaly_shards_cny
@@ -126,7 +121,7 @@ hk-tprd-cny-praefect:
   extends:
     - .hk_job_image
     - .deploy
-    - .rules_env_stage
+    - .rules_hk_env_stage
   <<: *runner_tags_hk_tprd
   variables:
     TARGET_HOSTS: praefect
@@ -139,7 +134,7 @@ hk-tprd-secrets:
   extends:
     - .runner_tags_secrets
     - .prepare-secrets
-    - .rules_prepare_env_vars
+    - .rules_prepare_hk_env_vars
   variables:
     ARTIFACT_FILE_PREFIX: hk-tprd
     VAULT_PATHS: hk-saas-aprd/gitlab
@@ -150,7 +145,7 @@ hk-tprd-prepare:
   extends:
     - .hk_job_image
     - .prepare
-    - .rules_env_stage
+    - .rules_hk_env_stage
   <<: *runner_tags_hk_tprd
   needs:
     - hk-tprd-secrets
@@ -171,14 +166,14 @@ hk-tprd-rollback-tke:
     DEPLOY_STAGE: $JOB_STAGE
   extends:
     - .deploy-tke
-    - .rules_env_stage
+    - .rules_hk_env_stage
 
 hk-tprd-gitaly:
   stage: "hk-tprd-gitaly"
   extends:
     - .hk_job_image
     - .deploy
-    - .rules_env_stage
+    - .rules_hk_env_stage
   <<: *runner_tags_hk_tprd
   variables:
     TARGET_HOSTS: gitaly_shards_ssd
-- 
GitLab