version: 2.1 orbs: go: circleci/go@1.5.0 jobs: build: docker: - image: golang:1.16.2 steps: - checkout - run: make release - persist_to_workspace: root: ~/project paths: - bin/ test_acc: parameters: pattern: type: string machine: image: ubuntu-2004:202010-01 environment: ACC_PATTERN: << parameters.pattern >> AWS_DEFAULT_REGION: us-east-1 CHECKPOINT_DISABLE: true # Disable terraform version check steps: - checkout - go/install: version: "1.16.2" # Disable cache at it seem to broke go 1.16 installation cache: false - run: make deps - run: make install-tools - run: name: Run acceptance tests command: make acc no_output_timeout: 30m - run: name: Discord notification when: on_fail command: | curl -X POST \ -H "Content-Type: application/json" \ -d "{\"content\": \"❌ Acceptance tests failed\nSuite: ${ACC_PATTERN}\n<${CIRCLE_BUILD_URL}>\" }"\ ${DISCORD_WEBHOOK} - store_test_results: path: ./ lint: docker: - image: golang:1.16 steps: - checkout - run: name: Enforce Go Formatted Code command: | go fmt ./... if [[ -z $(git status --porcelain) ]]; then echo "Git directory is clean." else echo "Git directory is dirty. Run make fmt locally and commit any formatting fixes or generated code." git status --porcelain exit 1 fi - run: make install-tools - run: make deps - run: make lint test: docker: - image: golang:1.16 steps: - checkout - run: make install-tools - run: make test - run: name: Check Codecov command: | curl -s -o codecov https://codecov.io/bash \ && VERSION=$(grep 'VERSION=\".*\"' codecov | cut -d'"' -f2) \ && shasum -a 512 -c --ignore-missing <(curl -s https://raw.githubusercontent.com/codecov/codecov-bash/${VERSION}/SHA512SUM) - run: name: Codecov upload command: | chmod +x codecov ./codecov - store_test_results: path: ./ sign_release: docker: - image: cimg/base:2020.01 steps: - attach_workspace: at: ~/project - run: name: "Ensure GnuPG is available" command: gpg --version - run: name: "Import cloudskiff signing key" command: | echo ${SIGNINGKEY} | base64 -d > signingkey gpg --import signingkey - run: name: "Sign release" command: | gpg --output bin/driftctl_SHA256SUMS.gpg -u security@cloudskiff.com --detach-sig bin/driftctl_SHA256SUMS - run: name: "Verify signature" command: | gpg --verify bin/driftctl_SHA256SUMS.gpg bin/driftctl_SHA256SUMS - persist_to_workspace: root: ~/project paths: - bin/ release: environment: CIRCLE_PROJECT_USERNAME: cloudskiff CIRCLE_PROJECT_REPONAME: driftctl docker: - image: cibuilds/github:0.13 steps: - attach_workspace: at: ~/project - run: name: "Publish Release on GitHub" command: | VERSION=$(./bin/driftctl_linux_amd64 version) ghr -t ${GITHUB_TOKEN} -u ${CIRCLE_PROJECT_USERNAME} -r ${CIRCLE_PROJECT_REPONAME} -c ${CIRCLE_SHA1} -n ${VERSION} ${VERSION} ./bin/ publish-aur: environment: AUR_GIT: ssh://aur@aur.archlinux.org/driftctl-bin.git docker: - image: cimg/base:2020.01 steps: - checkout - attach_workspace: at: ~/project # Add ssh private key to allow access to AUR repository # This key is bound to user cloudskiff on AUR - add_ssh_keys: fingerprints: - "ba:05:09:d6:a6:2a:45:34:89:c4:5e:22:23:22:e8:9f" - run: name: Bump package version command: | mkdir -p ~/.ssh echo 'aur.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuBKrPzbawxA/k2g6NcyV5jmqwJ2s+zpgZGZ7tpLIcN' >> ~/.ssh/known_hosts # Ensure ssh is properly configured ssh aur@aur.archlinux.org list-repos git clone "${AUR_GIT}" driftctl-bin cd driftctl-bin git config user.name "cloudskiff" git config user.email tech@cloudskiff.com cp ~/project/bin/driftctl_SHA256SUMS . ./bump.sh "${CIRCLE_TAG}" echo "--- PKGBUILD ---" cat PKGBUILD echo "--- .SRCINFO ---" cat .SRCINFO git add PKGBUILD .SRCINFO git commit -m "Updated to version ${CIRCLE_TAG}" git push update-lambda: environment: FUNCTION_NAME: driftctl-version docker: - image: cimg/base:2021.04 steps: - run: name: "Update Lambda version" command: | wget "https://github.com/cloudskiff/lambda-env-updater/releases/download/v1.0.0/lambda-env-updater_linux_amd64" && chmod +x lambda-env-updater_linux_amd64 ./lambda-env-updater_linux_amd64\ -name ${FUNCTION_NAME}\ -env "LATEST_VERSION=${CIRCLE_TAG}" workflows: nightly: jobs: - test_acc: name: "Acceptance tests: << matrix.pattern >>" matrix: parameters: pattern: - TestAcc_Aws - TestAcc_Github_ context: - driftctl-acc triggers: - schedule: cron: "0 3 * * *" filters: branches: only: - main pullrequest: jobs: - lint: filters: branches: ignore: - main - test: filters: branches: ignore: - main pullrequest_acc: jobs: - hold: type: approval # presents manual approval button in the UI - test_acc: name: "Acceptance tests: << matrix.pattern >>" requires: - hold matrix: parameters: pattern: - TestAcc_Aws - TestAcc_Github_ context: - driftctl-acc push: jobs: - test: filters: branches: only: - main release: jobs: - build: filters: tags: only: /^v.*/ branches: ignore: /.*/ - lint: filters: tags: only: /^v.*/ branches: ignore: /.*/ - test: filters: tags: only: /^v.*/ branches: ignore: /.*/ - sign_release: context: cloudskiff-signing requires: - build filters: tags: only: /^v.*/ branches: ignore: /.*/ - release: context: driftctl requires: - lint - test - sign_release filters: tags: only: /^v.*/ branches: ignore: /.*/ - publish-aur: requires: - release filters: tags: only: /^v.*/ branches: ignore: /.*/ - update-lambda: context: driftctl-version-lambda requires: - release filters: tags: only: /^v.*/ branches: ignore: /.*/