forked from application-stacks/runtime-component-operator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.one-pipeline.yaml
205 lines (192 loc) · 8.6 KB
/
.one-pipeline.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
version: '1'
setup:
image: icr.io/continuous-delivery/pipeline/pipeline-base-image:2.12@sha256:ff4053b0bca784d6d105fee1d008cfb20db206011453071e86b69ca3fde706a4
script: |
#!/usr/bin/env bash
echo "setup"
test:
dind: true
abort_on_failure: true
image: icr.io/continuous-delivery/pipeline/pipeline-base-image:2.12@sha256:ff4053b0bca784d6d105fee1d008cfb20db206011453071e86b69ca3fde706a4
script: |
#!/usr/bin/env bash
# Download and configure golang
wget --header "Accept: application/octet-stream" "https://golang.org/dl/go1.16.linux-amd64.tar.gz"
rm -rf /usr/local/go && tar -C /usr/local -xf go1.16.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/bin
apt-get update
apt-get -y install build-essential
# Run unit tests
#export DOCKER_USERNAME=$(get_env docker-username)
#export DOCKER_PASSWORD=$(get_env docker-password)
make unit-test
#make docker-login
#make build-image
static-scan:
dind: true
image: icr.io/continuous-delivery/pipeline/pipeline-base-image:2.12@sha256:ff4053b0bca784d6d105fee1d008cfb20db206011453071e86b69ca3fde706a4
script: |
#!/usr/bin/env bash
read -r SONAR_HOST_URL <<< "$(get_env sonarqube | jq -r '.parameters.dashboard_url' | sed 's:/*$::')"
read -r SONAR_USER <<< "$(get_env sonarqube | jq -r '.parameters.user_login')"
SONARQUBE_INSTANCE_ID=$(get_env sonarqube | jq -r '.instance_id')
read -r SONAR_PASS <<< "$(jq -r --arg sonar_instance "$SONARQUBE_INSTANCE_ID" '[.services[] | select(."service_id"=="sonarqube")][] | select(."instance_id"==$sonar_instance) | .parameters.user_password' /toolchain/toolchain.json)"
touch "$WORKSPACE"/runtime-component-operator/sonar-project.properties
cat << EOF > "$WORKSPACE"/runtime-component-operator/sonar-project.properties
sonar.projectKey=runtime-component-operator
sonar.host.url=$SONAR_HOST_URL
sonar.sources=.
sonar.login=$SONAR_USER
sonar.password=$SONAR_PASS
sonar.c.file.suffixes=-
sonar.cpp.file.suffixes=-
sonar.objc.file.suffixes=-
EOF
chmod -x "$WORKSPACE"/runtime-component-operator/sonar-project.properties
#echo "$SONAR_PASS" >> /tmp/sonarqube-token
"${ONE_PIPELINE_PATH}"/internal/sonarqube/sonarqube_run
containerize:
dind: true
abort_on_failure: true
image: icr.io/continuous-delivery/pipeline/pipeline-base-image:2.12@sha256:ff4053b0bca784d6d105fee1d008cfb20db206011453071e86b69ca3fde706a4
script: |
#!/usr/bin/env bash
if [[ "$PIPELINE_DEBUG" == 1 ]]; then
trap env EXIT
env
set -x
fi
# Download and configure golang
wget --header "Accept: application/octet-stream" "https://golang.org/dl/go1.16.linux-amd64.tar.gz"
rm -rf /usr/local/go && tar -C /usr/local -xf go1.16.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/bin
apt-get update
apt-get -qq -y install build-essential software-properties-common uidmap
# Download and install skopeo
if ! command -v skopeo &> /dev/null; then
if [ ! -f "/apt/sources.list.d/devel:kubic:libcontainers:stable.list" ]; then
sudo sh -c "echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_18.04/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list"
wget --no-check-certificate -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_18.04/Release.key -O- | sudo apt-key add -
sudo apt-get update -qq
fi
sudo apt-get -y install skopeo
else
skopeo --version
fi
# Build images
export PIPELINE_USERNAME=$(get_env ibmcloud-api-user)
export PIPELINE_PASSWORD=$(get_env ibmcloud-api-key)
PIPELINE_REGISTRY=$(get_env pipeline-registry)
PIPELINE_OPERATOR_IMAGE=$(get_env pipeline-operator-image)
# Build amd64 image
make build-pipeline-releases
# Build ppc64le and s390x images
./scripts/pipeline/launch-travis.sh -t $(get_env travis-token) -r "https://github.com/application-stacks/runtime-component-operator" -b $(get_env branch) -l
# Build manifest
make build-pipeline-manifest
# Build bundle image
./scripts/pipeline/launch-catalog-build.sh -t $(get_env travis-token) -r "https://github.com/application-stacks/runtime-component-operator" -b $(get_env branch) -l
# Save artifacts
declare -a tags=("daily-amd64" "daily-ppc64le" "daily-s390x")
for i in "${tags[@]}"
do
IMAGE=$PIPELINE_REGISTRY/$PIPELINE_OPERATOR_IMAGE:$i
DIGEST="$(skopeo inspect docker://$IMAGE | grep Digest | grep -o 'sha[^\"]*')"
ARCH=$(echo $i | cut -d'-' -f 2)
echo "Saving artifact $i name=$IMAGE digest=$DIGEST"
save_artifact $i type=image name="$IMAGE" "digest=$DIGEST" "arch=$ARCH"
done
declare -a catalogs=("catalog-daily")
for i in "${catalogs[@]}"
do
IMAGE=$PIPELINE_REGISTRY/$PIPELINE_OPERATOR_IMAGE:$i
DIGEST="$(skopeo inspect docker://$IMAGE | grep Digest | grep -o 'sha[^\"]*')"
#ARCH=$(echo $i | cut -d'-' -f 2)
ARCH=amd64
echo "Saving artifact $i name=$IMAGE digest=$DIGEST"
save_artifact $i type=image name="$IMAGE" "digest=$DIGEST" "arch=$ARCH"
done
deploy:
image: icr.io/continuous-delivery/pipeline/pipeline-base-image:2.12@sha256:ff4053b0bca784d6d105fee1d008cfb20db206011453071e86b69ca3fde706a4
script: |
#!/usr/bin/env bash
if [[ "$PIPELINE_DEBUG" == 1 ]]; then
trap env EXIT
env
set -x
fi
echo "deploy"
dynamic-scan:
abort_on_failure: false
image: icr.io/continuous-delivery/pipeline/pipeline-base-image:2.12@sha256:ff4053b0bca784d6d105fee1d008cfb20db206011453071e86b69ca3fde706a4
script: |
#!/usr/bin/env bash
echo "dynamic-scan"
#export APP_URL=$(cat ../app-url)
# feature preivew this until evidence locker v2 usage is full feature ready
# can be triggered, and owasp will run for preview purposes
#source scripts/zap/trigger_api_scan.sh
acceptance-test:
dind: true
abort_on_failure: true
image: icr.io/continuous-delivery/pipeline/pipeline-base-image:2.12@sha256:ff4053b0bca784d6d105fee1d008cfb20db206011453071e86b69ca3fde706a4
script: |
#!/usr/bin/env bash
echo "acceptance-test"
# Download and configure golang
wget --header "Accept: application/octet-stream" "https://golang.org/dl/go1.16.linux-amd64.tar.gz"
rm -rf /usr/local/go && tar -C /usr/local -xf go1.16.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/bin
apt-get update
apt-get -y install build-essential
export PIPELINE_USERNAME=$(get_env ibmcloud-api-user)
export PIPELINE_PASSWORD=$(get_env ibmcloud-api-key)
export DOCKER_USERNAME=$(get_env docker-username)
export DOCKER_PASSWORD=$(get_env docker-password)
export CLUSTER_URL=$(get_env test-cluster-url)
export CLUSTER_TOKEN=$(get_env test-cluster-token)
export TRAVIS_BUILD_NUMBER=$BUILD_NUMBER
make setup
make test-pipeline-e2e
scan-artifact:
abort_on_failure: false
image: icr.io/continuous-delivery/pipeline/pipeline-base-image:2.6@sha256:7f588468622a981f89cf5e1212aaf75fface9da6169b5345ca52ab63d8215907
script: |
#!/usr/bin/env bash
echo "twistlock-scan"
./scripts/pipeline/twistlock-scan.sh
echo "VA scan"
. scripts/pipeline/va_scan
if which list_artifacts >/dev/null; then
list_artifacts | while IFS= read -r artifact; do
image="$(load_artifact "$artifact" "name")"
type="$(load_artifact "$artifact" "type")"
digest="$(load_artifact "$artifact" "digest")"
name="$(echo "$artifact" | awk '{print $1}')"
if [[ "$type" == "image" ]]; then
if [[ "$image" == *"icr.io"* ]]; then
start_va_scan "$name" "$image" "$digest"
fi
fi
done
fi
release:
abort_on_failure: false
image: wcp-compliance-automation-team-docker-local.artifactory.swg-devops.com/ibm-compliance-automation:1.9.1@sha256:3f3e344a1efb160d83c48cf2ee878a39cbad058c8640c423472e0546316232fd
script: |
#!/usr/bin/env bash
echo "release"
set_env ibmcloud-api-key $(get_env ibmcloud-api-key-prod)
#owasp-zap-api:
# dind: true
# abort_on_failure: false
# image: icr.io/continuous-delivery/pipeline/pipeline-base-image:2.12@sha256:ff4053b0bca784d6d105fee1d008cfb20db206011453071e86b69ca3fde706a4
# script: |
# !/usr/bin/env bash
# if [[ "$PIPELINE_DEBUG" == 1 ]]; then
# trap env EXIT
# env
# set -x
# fi
# source scripts/zap/setup_api_scan.sh
# source scripts/zap/run_api_scan.sh