sundowndev
/
driftctl
mirror of https://github.com/sundowndev/driftctl.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
driftctl/.circleci/config.yml

346 lines
9.6 KiB
YAML
Raw Blame History

version: 2.1
only_branches: &only_branches
filters:
branches:
ignore:
- main
only_maintainers: &only_maintainers
filters:
branches:
# Forked pull requests have CIRCLE_BRANCH set to pull/XXX
ignore: /pull\/[0-9]+/
orbs:
go: circleci/go@1.7.0
codecov: codecov/codecov@3.1.0
snyk: snyk/snyk@1.1.2
gh: circleci/github-cli@1.1.0
jobs:
test_acc:
parameters:
pattern:
type: string
resource_class: large
machine:
image: ubuntu-2004:202010-01
environment:
ACC_PATTERN: << parameters.pattern >>
AWS_DEFAULT_REGION: us-east-1
CHECKPOINT_DISABLE: 'true' # Disable terraform version check
CLOUDSDK_CORE_PROJECT: driftctl-qa-1
GOOGLE_APPLICATION_CREDENTIALS: /tmp/google.json
ACC_GOOGLE_CREDENTIALS: /tmp/google-admin.json
steps:
- checkout
- go/install:
version: "1.18.3"
- go/load-cache:
key: test_acc
- run: make install-tools
- run:
name: Setup Google credentials
command: |
echo ${GCLOUD_KEYFILE} | base64 -d > /tmp/google.json
echo ${ACC_GCLOUD_KEYFILE} | base64 -d > /tmp/google-admin.json
- run:
name: Run acceptance tests
command: make acc
no_output_timeout: 30m
- codecov/upload:
flags: << parameters.pattern >>
file: cover-acc.out
- run:
name: Discord notification
when: on_fail
command: |
curl -X POST \
-H "Content-Type: application/json" \
-d "{\"content\": \"❌ Acceptance tests failed\nSuite: ${ACC_PATTERN}\n<${CIRCLE_BUILD_URL}>\" }"\
${DISCORD_WEBHOOK}
- go/save-cache:
key: test_acc
path: /home/circleci/.go_workspace/pkg/mod
- store_test_results:
path: ./
lint:
docker:
- image: golang:1.18
steps:
- checkout
- run:
name: Enforce Go Formatted Code
command: |
go fmt ./...
if [[ -z $(git status --porcelain) ]]; then
echo "Git directory is clean."
else
echo "Git directory is dirty. Run make fmt locally and commit any formatting fixes or generated code."
git status --porcelain
exit 1
fi
- run: make install-tools
- run: make lint
test:
resource_class: large
executor:
name: go/default
tag: '1.18.3'
steps:
- checkout
- go/load-cache:
key: test-docker
- run: make install-tools
- run:
name: Run tests
command: make test
- go/save-cache:
key: test-docker
- codecov/upload:
flags: unit
- store_test_results:
path: ./
release:
resource_class: large
docker:
- image: cimg/go:1.18
steps:
- checkout
- gh/setup:
version: 2.2.0
- run:
name: "Ensure GnuPG is available"
command: gpg --version
- run:
name: "Import signing key"
command: |
echo ${SIGNINGKEY} | base64 -d | gpg --import
- run:
name: "Build and publish release"
command: make release
no_output_timeout: 30m
- persist_to_workspace:
root: ~/project
paths:
- bin/driftctl_SHA256SUMS
publish-aur:
environment:
AUR_GIT: ssh://aur@aur.archlinux.org/driftctl-bin.git
docker:
- image: cimg/base:2020.01
steps:
- checkout
- attach_workspace:
at: ~/project
# Add ssh private key to allow access to AUR repository
# This key is bound to user snyk on AUR
- add_ssh_keys:
fingerprints:
- "ba:05:09:d6:a6:2a:45:34:89:c4:5e:22:23:22:e8:9f"
- run:
name: Bump package version
command: |
mkdir -p ~/.ssh
echo 'aur.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuBKrPzbawxA/k2g6NcyV5jmqwJ2s+zpgZGZ7tpLIcN' >> ~/.ssh/known_hosts
# Ensure ssh is properly configured
ssh aur@aur.archlinux.org list-repos
git clone "${AUR_GIT}" driftctl-bin
cd driftctl-bin
git config user.name "snyk"
git config user.email elie.charra@snyk.io
cp ~/project/bin/driftctl_SHA256SUMS .
./bump.sh "${CIRCLE_TAG}"
echo "--- PKGBUILD ---"
cat PKGBUILD
echo "--- .SRCINFO ---"
cat .SRCINFO
git add PKGBUILD .SRCINFO
git commit -m "Updated to version ${CIRCLE_TAG}"
git push
release-docs:
docker:
- image: cimg/base:2020.01
steps:
- checkout
- attach_workspace:
at: ~/project
- run:
name: Trigger driftctl-docs new version
command: |
curl -X POST https://api.github.com/repos/snyk/driftctl-docs/dispatches \
-d '{"event_type": "new_version"}' \
-H "Authorization: token $GITHUB_TOKEN"
issue-tagging:
machine:
image: ubuntu-2004:202010-01
steps:
- checkout
- gh/setup:
version: 2.2.0
- attach_workspace:
at: ~/project
- run:
name: Auto label issues with the newly released version
command: |
./scripts/issue-tagging.sh
update-lambda:
environment:
FUNCTION_NAME: driftctl-version
docker:
- image: cimg/base:2021.04
steps:
- run:
name: "Update Lambda version"
command: |
wget "https://github.com/snyk/lambda-env-updater/releases/download/v1.0.0/lambda-env-updater_linux_amd64" && chmod +x lambda-env-updater_linux_amd64
./lambda-env-updater_linux_amd64\
-name ${FUNCTION_NAME}\
-env "LATEST_VERSION=${CIRCLE_TAG}"
security-oss:
docker:
- image: cimg/go:1.18
steps:
- checkout
- snyk/scan:
severity-threshold: medium
monitor-on-build: true
project: ${CIRCLE_PROJECT_REPONAME}
organization: snyk-iac-group-seceng
security-code:
docker:
- image: cimg/go:1.18.3
steps:
- checkout
- snyk/scan:
command: code test
severity-threshold: medium
monitor-on-build: false
project: ${CIRCLE_PROJECT_REPONAME}
organization: snyk-iac-group-seceng
workflows:
nightly:
jobs:
- test_acc:
name: "Acceptance tests: << matrix.pattern >>"
matrix:
parameters:
pattern:
- TestAcc_Aws
- TestAcc_Github_
- TestAcc_Google
- TestAcc_Azure_
- TestAcc_StateReader_
context:
- driftctl-acc
triggers:
- schedule:
cron: "0 3 * * *"
filters:
branches:
only:
- main
pullrequest:
jobs:
- lint:
<<: *only_branches
- test:
<<: *only_branches
- security-code:
name: Snyk code
context:
- driftctl-snyk
<<: *only_maintainers
- security-oss:
name: Snyk test
context:
- driftctl-snyk
<<: *only_maintainers
# Disabled since it makes every PR to stay in "pending" state
# https://ideas.circleci.com/cloud-feature-requests/p/show-overall-all-checks-have-passed-status-in-github-even-on-builds-with-incompl
# pullrequest_acc:
# jobs:
# - hold:
# type: approval # presents manual approval button in the UI
# - test_acc:
# name: "Acceptance tests: << matrix.pattern >>"
# requires:
# - hold
# matrix:
# parameters:
# pattern:
# - TestAcc_Aws
# - TestAcc_Github_
# - TestAcc_Google
# - TestAcc_Azure_
# context:
# - driftctl-acc
push:
jobs:
- test:
filters:
branches:
only:
- main
release:
jobs:
- lint:
filters:
tags:
only: /^v.*/
branches:
ignore: /.*/
- test:
filters:
tags:
only: /^v.*/
branches:
ignore: /.*/
- release:
context:
- driftctl
- driftctl-snyk
- driftctl-signing
requires:
- lint
- test
filters:
tags:
only: /^v.*/
branches:
ignore: /.*/
- publish-aur:
requires:
- release
filters:
tags:
only: /^v.*/
branches:
ignore: /.*/
- update-lambda:
context: driftctl-version-lambda
requires:
- release
filters:
tags:
only: /^v.*/
branches:
ignore: /.*/
- release-docs:
context:
- driftctl
requires:
- release
filters:
tags:
only: /^v.*/
branches:
ignore: /.*/
- issue-tagging:
context:
- driftctl
requires:
- release
filters:
tags:
only: /^v.*/
branches:
ignore: /.*/
Reference in New Issue View Git Blame Copy Permalink