Force re-deploy when Auto DevOps application secrets are updated

Followup from https://gitlab.com/gitlab-org/gitlab-ce/issues/49056

Problem

When I:

• update a K8S_SECRET_* variable without any code change
• manually create a new pipeline

I observe that:

• the secret is updated with the updated application secret variables
• pods are not re-created
• pods still have old application secrets in env

This happens because no code has changed, hence there's no new git SHA which means there's no change to the values given to Helm, especially CI_APPLICATION_TAG. So Helm does not trigger an update to the Deployment. See also https://github.com/helm/helm/issues/1844#issuecomment-275485470

NOTE: This is actually desirable in many cases as env vars go together with the code.

Workaround

Workarounds user can do:

1. Force some code change
2. Manually delete pods. Kubernetes will then create pods which will have updated secret variables

Proposal

Include a checksum of the env var values so it will restart the pods if the env vars are changed.

Maybe always force Helm to update the Deployment ??

Calculate sha of combined values for application secret, and pass that to Deployment some how

Links / Resources

• https://gitlab.com/gitlab-org/gitlab-ce/issues/49056#note_110795733

• https://github.com/helm/helm/blob/master/docs/charts_tips_and_tricks.md#automatically-roll-deployments-when-configmaps-or-secrets-change