2020-12-09 15:31:34 +00:00
|
|
|
version: 2.1
|
2021-11-22 16:20:40 +00:00
|
|
|
only_branches: &only_branches
|
|
|
|
filters:
|
|
|
|
branches:
|
|
|
|
ignore:
|
|
|
|
- main
|
2020-12-09 15:31:34 +00:00
|
|
|
orbs:
|
2021-01-27 11:54:57 +00:00
|
|
|
go: circleci/go@1.5.0
|
2021-10-04 15:02:11 +00:00
|
|
|
codecov: codecov/codecov@3.1.0
|
2021-11-22 16:20:40 +00:00
|
|
|
snyk: snyk/snyk@1.1.2
|
2020-12-09 15:31:34 +00:00
|
|
|
jobs:
|
2021-01-27 11:54:57 +00:00
|
|
|
test_acc:
|
2021-02-15 14:21:54 +00:00
|
|
|
parameters:
|
|
|
|
pattern:
|
|
|
|
type: string
|
2021-01-27 11:54:57 +00:00
|
|
|
machine:
|
|
|
|
image: ubuntu-2004:202010-01
|
|
|
|
environment:
|
2021-02-15 14:21:54 +00:00
|
|
|
ACC_PATTERN: << parameters.pattern >>
|
2021-01-27 11:54:57 +00:00
|
|
|
AWS_DEFAULT_REGION: us-east-1
|
2021-07-09 14:38:40 +00:00
|
|
|
CHECKPOINT_DISABLE: 'true' # Disable terraform version check
|
2021-08-05 12:06:52 +00:00
|
|
|
CLOUDSDK_CORE_PROJECT: driftctl-qa-1
|
|
|
|
GOOGLE_APPLICATION_CREDENTIALS: /tmp/google.json
|
|
|
|
ACC_GOOGLE_CREDENTIALS: /tmp/google-admin.json
|
2021-01-27 11:54:57 +00:00
|
|
|
steps:
|
|
|
|
- checkout
|
|
|
|
- go/install:
|
2021-03-30 12:56:20 +00:00
|
|
|
version: "1.16.2"
|
2021-02-24 08:41:57 +00:00
|
|
|
# Disable cache at it seem to broke go 1.16 installation
|
|
|
|
cache: false
|
2021-01-27 11:54:57 +00:00
|
|
|
- run: make install-tools
|
2021-08-05 12:06:52 +00:00
|
|
|
- run:
|
|
|
|
name: Setup Google credentials
|
|
|
|
command: |
|
|
|
|
echo ${GCLOUD_KEYFILE} | base64 -d > /tmp/google.json
|
|
|
|
echo ${ACC_GCLOUD_KEYFILE} | base64 -d > /tmp/google-admin.json
|
2021-01-27 11:54:57 +00:00
|
|
|
- run:
|
|
|
|
name: Run acceptance tests
|
|
|
|
command: make acc
|
2021-03-10 09:57:09 +00:00
|
|
|
no_output_timeout: 30m
|
2021-10-04 15:02:11 +00:00
|
|
|
- codecov/upload:
|
|
|
|
flags: << parameters.pattern >>
|
|
|
|
file: cover-acc.out
|
2021-01-27 11:54:57 +00:00
|
|
|
- run:
|
|
|
|
name: Discord notification
|
|
|
|
when: on_fail
|
|
|
|
command: |
|
|
|
|
curl -X POST \
|
|
|
|
-H "Content-Type: application/json" \
|
2021-02-16 09:35:11 +00:00
|
|
|
-d "{\"content\": \"❌ Acceptance tests failed\nSuite: ${ACC_PATTERN}\n<${CIRCLE_BUILD_URL}>\" }"\
|
2021-01-27 11:54:57 +00:00
|
|
|
${DISCORD_WEBHOOK}
|
|
|
|
- store_test_results:
|
|
|
|
path: ./
|
2021-02-08 14:47:26 +00:00
|
|
|
lint:
|
2020-12-09 15:31:34 +00:00
|
|
|
docker:
|
2021-02-17 08:59:51 +00:00
|
|
|
- image: golang:1.16
|
2020-12-09 15:31:34 +00:00
|
|
|
steps:
|
|
|
|
- checkout
|
2020-12-23 09:54:06 +00:00
|
|
|
- run:
|
|
|
|
name: Enforce Go Formatted Code
|
|
|
|
command: |
|
|
|
|
go fmt ./...
|
|
|
|
if [[ -z $(git status --porcelain) ]]; then
|
|
|
|
echo "Git directory is clean."
|
|
|
|
else
|
|
|
|
echo "Git directory is dirty. Run make fmt locally and commit any formatting fixes or generated code."
|
|
|
|
git status --porcelain
|
|
|
|
exit 1
|
|
|
|
fi
|
2020-12-09 15:31:34 +00:00
|
|
|
- run: make install-tools
|
2021-02-08 14:47:26 +00:00
|
|
|
- run: make lint
|
|
|
|
test:
|
2021-08-10 14:18:31 +00:00
|
|
|
machine:
|
|
|
|
image: ubuntu-2004:202107-02
|
2021-02-08 14:47:26 +00:00
|
|
|
steps:
|
|
|
|
- checkout
|
2021-08-10 14:18:31 +00:00
|
|
|
- run:
|
|
|
|
name: Run tests
|
|
|
|
command: |
|
|
|
|
docker run\
|
|
|
|
-v$(pwd):/app\
|
|
|
|
-w /app\
|
|
|
|
golang:1.16\
|
|
|
|
bash -c 'make install-tools && make test'
|
2021-10-04 15:02:11 +00:00
|
|
|
- codecov/upload:
|
|
|
|
flags: unit
|
2020-12-09 15:31:34 +00:00
|
|
|
- store_test_results:
|
|
|
|
path: ./
|
2021-07-22 08:33:04 +00:00
|
|
|
release:
|
2021-07-21 09:57:55 +00:00
|
|
|
docker:
|
2021-07-22 08:33:04 +00:00
|
|
|
- image: golang:1.16
|
2021-07-21 09:57:55 +00:00
|
|
|
steps:
|
2021-07-27 13:03:13 +00:00
|
|
|
- checkout
|
2021-07-21 09:57:55 +00:00
|
|
|
- run:
|
|
|
|
name: "Ensure GnuPG is available"
|
|
|
|
command: gpg --version
|
|
|
|
- run:
|
|
|
|
name: "Import cloudskiff signing key"
|
|
|
|
command: |
|
2021-07-27 13:13:57 +00:00
|
|
|
echo ${SIGNINGKEY} | base64 -d | gpg --import
|
2021-07-15 15:33:35 +00:00
|
|
|
- run:
|
|
|
|
name: "Build and publish release"
|
|
|
|
command: make release
|
2021-07-27 13:37:02 +00:00
|
|
|
no_output_timeout: 30m
|
2021-07-22 15:33:36 +00:00
|
|
|
- persist_to_workspace:
|
|
|
|
root: ~/project
|
|
|
|
paths:
|
|
|
|
- bin/driftctl_SHA256SUMS
|
2021-04-08 13:38:17 +00:00
|
|
|
publish-aur:
|
|
|
|
environment:
|
|
|
|
AUR_GIT: ssh://aur@aur.archlinux.org/driftctl-bin.git
|
|
|
|
docker:
|
|
|
|
- image: cimg/base:2020.01
|
|
|
|
steps:
|
|
|
|
- checkout
|
2021-07-22 15:33:36 +00:00
|
|
|
- attach_workspace:
|
|
|
|
at: ~/project
|
2021-04-08 13:38:17 +00:00
|
|
|
# Add ssh private key to allow access to AUR repository
|
2021-11-17 15:01:56 +00:00
|
|
|
# This key is bound to user snyk on AUR
|
2021-04-08 13:38:17 +00:00
|
|
|
- add_ssh_keys:
|
|
|
|
fingerprints:
|
|
|
|
- "ba:05:09:d6:a6:2a:45:34:89:c4:5e:22:23:22:e8:9f"
|
|
|
|
- run:
|
|
|
|
name: Bump package version
|
|
|
|
command: |
|
|
|
|
mkdir -p ~/.ssh
|
|
|
|
echo 'aur.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuBKrPzbawxA/k2g6NcyV5jmqwJ2s+zpgZGZ7tpLIcN' >> ~/.ssh/known_hosts
|
|
|
|
# Ensure ssh is properly configured
|
|
|
|
ssh aur@aur.archlinux.org list-repos
|
|
|
|
git clone "${AUR_GIT}" driftctl-bin
|
|
|
|
cd driftctl-bin
|
2021-11-17 15:01:56 +00:00
|
|
|
git config user.name "snyk"
|
|
|
|
git config user.email elie.charra@snyk.io
|
2021-04-08 13:38:17 +00:00
|
|
|
cp ~/project/bin/driftctl_SHA256SUMS .
|
|
|
|
./bump.sh "${CIRCLE_TAG}"
|
|
|
|
echo "--- PKGBUILD ---"
|
|
|
|
cat PKGBUILD
|
|
|
|
echo "--- .SRCINFO ---"
|
|
|
|
cat .SRCINFO
|
|
|
|
git add PKGBUILD .SRCINFO
|
|
|
|
git commit -m "Updated to version ${CIRCLE_TAG}"
|
|
|
|
git push
|
2020-12-09 15:31:34 +00:00
|
|
|
update-lambda:
|
|
|
|
environment:
|
|
|
|
FUNCTION_NAME: driftctl-version
|
2021-04-27 15:27:12 +00:00
|
|
|
docker:
|
|
|
|
- image: cimg/base:2021.04
|
2020-12-09 15:31:34 +00:00
|
|
|
steps:
|
|
|
|
- run:
|
|
|
|
name: "Update Lambda version"
|
|
|
|
command: |
|
2021-04-27 15:27:12 +00:00
|
|
|
wget "https://github.com/cloudskiff/lambda-env-updater/releases/download/v1.0.0/lambda-env-updater_linux_amd64" && chmod +x lambda-env-updater_linux_amd64
|
|
|
|
./lambda-env-updater_linux_amd64\
|
|
|
|
-name ${FUNCTION_NAME}\
|
|
|
|
-env "LATEST_VERSION=${CIRCLE_TAG}"
|
2021-11-22 16:20:40 +00:00
|
|
|
security-oss:
|
|
|
|
docker:
|
|
|
|
- image: cimg/go:1.17.2
|
|
|
|
steps:
|
|
|
|
- checkout
|
|
|
|
- snyk/scan:
|
|
|
|
severity-threshold: medium
|
|
|
|
monitor-on-build: true
|
|
|
|
project: ${CIRCLE_PROJECT_REPONAME}
|
|
|
|
organization: snyk-iac-group-seceng
|
2021-11-24 09:53:54 +00:00
|
|
|
security-code:
|
|
|
|
docker:
|
|
|
|
- image: cimg/go:1.17.2
|
|
|
|
steps:
|
|
|
|
- checkout
|
|
|
|
- snyk/scan:
|
|
|
|
command: code test
|
|
|
|
severity-threshold: medium
|
|
|
|
monitor-on-build: false
|
|
|
|
project: ${CIRCLE_PROJECT_REPONAME}
|
|
|
|
organization: snyk-iac-group-seceng
|
2020-12-09 15:31:34 +00:00
|
|
|
workflows:
|
2021-01-27 11:54:57 +00:00
|
|
|
nightly:
|
|
|
|
jobs:
|
|
|
|
- test_acc:
|
2021-02-15 14:21:54 +00:00
|
|
|
name: "Acceptance tests: << matrix.pattern >>"
|
|
|
|
matrix:
|
|
|
|
parameters:
|
|
|
|
pattern:
|
|
|
|
- TestAcc_Aws
|
|
|
|
- TestAcc_Github_
|
2021-08-05 12:06:52 +00:00
|
|
|
- TestAcc_Google
|
2021-08-24 08:32:56 +00:00
|
|
|
- TestAcc_Azure_
|
2021-05-31 15:32:16 +00:00
|
|
|
context:
|
|
|
|
- driftctl-acc
|
2021-01-27 11:54:57 +00:00
|
|
|
triggers:
|
|
|
|
- schedule:
|
|
|
|
cron: "0 3 * * *"
|
|
|
|
filters:
|
|
|
|
branches:
|
|
|
|
only:
|
|
|
|
- main
|
2020-12-09 15:31:34 +00:00
|
|
|
pullrequest:
|
|
|
|
jobs:
|
2021-02-08 14:47:26 +00:00
|
|
|
- lint:
|
2021-11-22 16:20:40 +00:00
|
|
|
<<: *only_branches
|
2020-12-09 15:31:34 +00:00
|
|
|
- test:
|
2021-11-22 16:20:40 +00:00
|
|
|
<<: *only_branches
|
2021-11-24 09:53:54 +00:00
|
|
|
- security-code:
|
|
|
|
name: Snyk code
|
|
|
|
context:
|
|
|
|
- snyk
|
|
|
|
<<: *only_branches
|
2021-11-22 16:20:40 +00:00
|
|
|
- security-oss:
|
|
|
|
name: Snyk test
|
|
|
|
context:
|
|
|
|
- snyk
|
|
|
|
<<: *only_branches
|
2021-06-21 14:17:11 +00:00
|
|
|
pullrequest_acc:
|
|
|
|
jobs:
|
|
|
|
- hold:
|
|
|
|
type: approval # presents manual approval button in the UI
|
2021-05-31 15:32:16 +00:00
|
|
|
- test_acc:
|
|
|
|
name: "Acceptance tests: << matrix.pattern >>"
|
2021-06-21 14:17:11 +00:00
|
|
|
requires:
|
|
|
|
- hold
|
2021-05-31 15:32:16 +00:00
|
|
|
matrix:
|
|
|
|
parameters:
|
|
|
|
pattern:
|
|
|
|
- TestAcc_Aws
|
|
|
|
- TestAcc_Github_
|
2021-08-05 12:06:52 +00:00
|
|
|
- TestAcc_Google
|
2021-08-24 08:32:56 +00:00
|
|
|
- TestAcc_Azure_
|
2021-05-31 15:32:16 +00:00
|
|
|
context:
|
|
|
|
- driftctl-acc
|
2020-12-09 15:31:34 +00:00
|
|
|
push:
|
|
|
|
jobs:
|
|
|
|
- test:
|
|
|
|
filters:
|
|
|
|
branches:
|
|
|
|
only:
|
2021-01-29 09:42:43 +00:00
|
|
|
- main
|
2020-12-09 15:31:34 +00:00
|
|
|
release:
|
|
|
|
jobs:
|
2021-02-08 14:47:26 +00:00
|
|
|
- lint:
|
|
|
|
filters:
|
|
|
|
tags:
|
|
|
|
only: /^v.*/
|
|
|
|
branches:
|
|
|
|
ignore: /.*/
|
2020-12-09 15:31:34 +00:00
|
|
|
- test:
|
|
|
|
filters:
|
|
|
|
tags:
|
|
|
|
only: /^v.*/
|
|
|
|
branches:
|
|
|
|
ignore: /.*/
|
2021-07-15 15:33:35 +00:00
|
|
|
- release:
|
2021-07-21 09:57:55 +00:00
|
|
|
context:
|
|
|
|
- driftctl
|
|
|
|
- cloudskiff-signing
|
2020-12-09 15:31:34 +00:00
|
|
|
requires:
|
2021-07-09 14:38:40 +00:00
|
|
|
- lint
|
|
|
|
- test
|
2020-12-09 15:31:34 +00:00
|
|
|
filters:
|
2021-07-21 09:57:55 +00:00
|
|
|
tags:
|
|
|
|
only: /^v.*/
|
|
|
|
branches:
|
|
|
|
ignore: /.*/
|
2021-04-08 13:38:17 +00:00
|
|
|
- publish-aur:
|
|
|
|
requires:
|
2021-07-15 15:33:35 +00:00
|
|
|
- release
|
2021-04-08 13:38:17 +00:00
|
|
|
filters:
|
2021-06-17 08:42:45 +00:00
|
|
|
tags:
|
|
|
|
only: /^v.*/
|
|
|
|
branches:
|
|
|
|
ignore: /.*/
|
2020-12-09 15:31:34 +00:00
|
|
|
- update-lambda:
|
|
|
|
context: driftctl-version-lambda
|
|
|
|
requires:
|
2021-07-15 15:33:35 +00:00
|
|
|
- release
|
2020-12-09 15:31:34 +00:00
|
|
|
filters:
|
|
|
|
tags:
|
|
|
|
only: /^v.*/
|
|
|
|
branches:
|
|
|
|
ignore: /.*/
|