Skip to content

Commit 31ce94c

Browse files
jhuntjhunt
committed
CI/CD for SHIELD Addons
1 parent 2eecd45 commit 31ce94c

File tree

9 files changed

+1004
-0
lines changed

9 files changed

+1004
-0
lines changed

ci/pipeline.yml

Lines changed: 385 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,385 @@
1+
---
2+
#
3+
# ci/pipeline.yml
4+
#
5+
# Pipeline structure file for a BOSH Release pipeline
6+
#
7+
# DO NOT MAKE CHANGES TO THIS FILE. Instead, modify
8+
# ci/settings.yml and override what needs overridden.
9+
# This uses spruce, so you have some options there.
10+
#
11+
# author: James Hunt <[email protected]>
12+
# created: 2016-03-30
13+
14+
meta:
15+
name: (( param "Please name your pipeline" ))
16+
release: (( grab meta.name ))
17+
target: (( param "Please identify the name of the target Concourse CI" ))
18+
url: (( param "Please specify the full url of the target Concourse CI" ))
19+
pipeline: (( concat meta.name "-boshrelease" ))
20+
manifest:
21+
path: (( concat "manifests/" meta.name ".yml" ))
22+
vars: "--- {}"
23+
vars-pr: (( grab meta.manifest.vars ))
24+
operator_file_paths: "" # comma separated list relative to repo root
25+
26+
git:
27+
email: (( param "Please provide the git email for automated commits" ))
28+
name: (( param "Please provide the git name for automated commits" ))
29+
30+
image:
31+
name: starkandwayne/concourse
32+
tag: latest
33+
34+
aws:
35+
bucket: (( concat meta.pipeline "-pipeline" ))
36+
region_name: us-east-1
37+
access_key: (( param "Please set your AWS Access Key ID for your pipeline S3 Bucket" ))
38+
secret_key: (( param "Please set your AWS Secret Key ID for your pipeline S3 Bucket" ))
39+
40+
github:
41+
uri: (( concat "[email protected]:" meta.github.owner "/" meta.github.repo ))
42+
owner: (( param "Please specify the name of the user / organization that owns the Github repository" ))
43+
repo: (( param "Please specify the name of the Github repository" ))
44+
branch: master
45+
private_key: (( param "Please generate an SSH Deployment Key for this repo and specify it here" ))
46+
access_token: (( param "Please generate a Personal Access Token to be used for creating github releases (do you have a ci-bot?)" ))
47+
48+
bosh-lite:
49+
target: (( param "Please specify the BOSH target URI for the bosh-lite to run test deployments against" ))
50+
cacert: (( param "Please specify the BOSH Director Root CA cert" ))
51+
username: admin
52+
password: (( param "Please specify the BOSH Director admin password" ))
53+
deployment: (( concat meta.name "-testflight" ))
54+
deployment-pr: (( concat meta.name "-testflight-pr" ))
55+
56+
slack:
57+
webhook: (( param "Please specify your Slack Incoming Webhook Integration URL" ))
58+
success_moji: ":airplane_departure:"
59+
fail_moji: ":airplane_arriving:"
60+
upset_moji: ":sad_panda:"
61+
channel: (( param "Please specify the channel (#name) or user (@user) to send messages to" ))
62+
username: concourse
63+
icon: http://cl.ly/image/3e1h0H3H2s0P/concourse-logo.png
64+
fail_url: '(( concat "<" meta.url "/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME| Concourse Failure! " meta.slack.upset_moji ">" ))'
65+
66+
groups:
67+
- name: (( grab meta.pipeline ))
68+
jobs:
69+
- testflight
70+
- testflight-pr
71+
- rc
72+
- shipit
73+
- major
74+
- minor
75+
76+
jobs:
77+
- name: testflight
78+
public: true
79+
serial: true
80+
plan:
81+
- name: main
82+
do:
83+
- name: get
84+
aggregate:
85+
- { get: git, trigger: true }
86+
- name: testflights
87+
aggregate:
88+
- name: testflight
89+
task: testflight
90+
config:
91+
platform: linux
92+
image_resource:
93+
type: docker-image
94+
source:
95+
repository: (( grab meta.image.name ))
96+
tag: (( grab meta.image.tag ))
97+
inputs:
98+
- { name: git }
99+
run:
100+
path: ./git/ci/scripts/testflight
101+
args: []
102+
params:
103+
REPO_ROOT: git
104+
BOSH_ENVIRONMENT: (( grab meta.bosh-lite.target ))
105+
BOSH_CA_CERT: (( grab meta.bosh-lite.cacert ))
106+
BOSH_CLIENT: (( grab meta.bosh-lite.username ))
107+
BOSH_CLIENT_SECRET: (( grab meta.bosh-lite.password ))
108+
BOSH_DEPLOYMENT: (( grab meta.bosh-lite.deployment ))
109+
TEST_ERRANDS: (( grab meta.test-errands || meta.test-errand || ~ ))
110+
AWS_ACCESS_KEY: (( grab meta.aws.access_key ))
111+
AWS_SECRET_KEY: (( grab meta.aws.secret_key ))
112+
MANIFEST_PATH: (( grab meta.manifest.path ))
113+
MANIFEST_VARS: (( grab meta.manifest.vars ))
114+
MANIFEST_OP_PATHS: (( grab meta.manifest.operator_file_paths ))
115+
on_failure:
116+
put: notify
117+
params:
118+
channel: (( grab meta.slack.channel ))
119+
username: (( grab meta.slack.username ))
120+
icon_url: (( grab meta.slack.icon ))
121+
text: '(( concat meta.slack.fail_url " " meta.pipeline ": testflight job failed" ))'
122+
123+
- name: testflight-pr
124+
public: true
125+
serial: true
126+
plan:
127+
- name: main
128+
do:
129+
- name: get
130+
aggregate:
131+
- { get: git-pull-requests, trigger: true, version: every }
132+
- name: pending-status
133+
put: git-pull-requests
134+
params:
135+
path: git-pull-requests
136+
status: pending
137+
- name: testflights
138+
aggregate:
139+
- name: testflight
140+
task: testflight
141+
config:
142+
platform: linux
143+
image_resource:
144+
type: docker-image
145+
source:
146+
repository: (( grab meta.image.name ))
147+
tag: (( grab meta.image.tag ))
148+
inputs:
149+
- { name: git-pull-requests }
150+
run:
151+
path: ./git-pull-requests/ci/scripts/testflight
152+
args: []
153+
params:
154+
REPO_ROOT: git-pull-requests
155+
BOSH_ENVIRONMENT: (( grab meta.bosh-lite.target ))
156+
BOSH_CA_CERT: (( grab meta.bosh-lite.cacert ))
157+
BOSH_CLIENT: (( grab meta.bosh-lite.username ))
158+
BOSH_CLIENT_SECRET: (( grab meta.bosh-lite.password ))
159+
BOSH_DEPLOYMENT: (( grab meta.bosh-lite.deployment-pr ))
160+
TEST_ERRANDS: (( grab meta.test-errands || meta.test-errand || ~ ))
161+
AWS_ACCESS_KEY: (( grab meta.aws.access_key ))
162+
AWS_SECRET_KEY: (( grab meta.aws.secret_key ))
163+
MANIFEST_PATH: (( grab meta.manifest.path ))
164+
MANIFEST_VARS: (( grab meta.manifest.vars-pr ))
165+
MANIFEST_OP_PATHS: (( grab meta.manifest.operator_file_paths ))
166+
on_success:
167+
put: git-pull-requests
168+
params:
169+
path: git-pull-requests
170+
status: success
171+
on_failure:
172+
put: git-pull-requests
173+
params:
174+
path: git-pull-requests
175+
status: failure
176+
- name: pr-success-message
177+
task: pr-success-message
178+
config:
179+
platform: linux
180+
image_resource:
181+
type: docker-image
182+
source:
183+
repository: (( grab meta.image.name ))
184+
tag: (( grab meta.image.tag ))
185+
inputs:
186+
- { name: git-pull-requests }
187+
outputs:
188+
- { name: message }
189+
run:
190+
path: sh
191+
args:
192+
- -ce
193+
- |
194+
cd git-pull-requests
195+
pr_url=$(git config --get pullrequest.url)
196+
cd -
197+
echo "<${pr_url}|Pull request passed testflight> Merge when ready: ${pr_url}" > message/body
198+
on_success:
199+
put: notify
200+
params:
201+
channel: (( grab meta.slack.channel ))
202+
username: (( grab meta.slack.username ))
203+
icon_url: (( grab meta.slack.icon ))
204+
text_file: message/body
205+
206+
- name: rc
207+
public: true
208+
plan:
209+
- do:
210+
- aggregate:
211+
- { get: git, trigger: true, passed: [testflight] }
212+
- { get: version, trigger: true, params: {pre: rc} }
213+
- put: version
214+
params: {file: version/number}
215+
on_failure:
216+
put: notify
217+
params:
218+
channel: (( grab meta.slack.channel ))
219+
username: (( grab meta.slack.username ))
220+
icon_url: (( grab meta.slack.icon ))
221+
text: '(( concat meta.slack.fail_url " " meta.pipeline ": rc job failed" ))'
222+
223+
- name: minor
224+
public: true
225+
plan:
226+
- do:
227+
- { get: version, trigger: false, params: {bump: minor} }
228+
- { put: version, params: {file: version/number} }
229+
on_failure:
230+
put: notify
231+
params:
232+
channel: (( grab meta.slack.channel ))
233+
username: (( grab meta.slack.username ))
234+
icon_url: (( grab meta.slack.icon ))
235+
text: '(( concat meta.slack.fail_url " " meta.pipeline ": minor job failed" ))'
236+
237+
- name: major
238+
public: true
239+
plan:
240+
- do:
241+
- { get: version, trigger: false, params: {bump: major} }
242+
- { put: version, params: {file: version/number} }
243+
on_failure:
244+
put: notify
245+
params:
246+
channel: (( grab meta.slack.channel ))
247+
username: (( grab meta.slack.username ))
248+
icon_url: (( grab meta.slack.icon ))
249+
text: '(( concat meta.slack.fail_url " " meta.pipeline ": major job failed" ))'
250+
251+
- name: shipit
252+
public: true
253+
serial: true
254+
plan:
255+
- do:
256+
- name: inputs
257+
aggregate:
258+
- { get: version, passed: [rc], params: {bump: final} }
259+
- { get: git, passed: [rc] }
260+
- name: release
261+
task: release
262+
config:
263+
platform: linux
264+
image_resource:
265+
type: docker-image
266+
source:
267+
repository: (( grab meta.image.name ))
268+
tag: (( grab meta.image.tag ))
269+
inputs:
270+
- name: version
271+
- name: git
272+
outputs:
273+
- name: gh
274+
- name: pushme
275+
- name: notifications
276+
run:
277+
path: ./git/ci/scripts/shipit
278+
args: []
279+
params:
280+
REPO_ROOT: git
281+
VERSION_FROM: version/number
282+
RELEASE_ROOT: gh
283+
REPO_OUT: pushme
284+
NOTIFICATION_OUT: notifications
285+
BRANCH: (( grab meta.github.branch ))
286+
GITHUB_OWNER: (( grab meta.github.owner ))
287+
GIT_EMAIL: (( grab meta.git.email ))
288+
GIT_NAME: (( grab meta.git.name ))
289+
AWS_ACCESS_KEY: (( grab meta.aws.access_key ))
290+
AWS_SECRET_KEY: (( grab meta.aws.secret_key ))
291+
292+
- name: upload-git
293+
put: git
294+
params:
295+
rebase: true
296+
repository: pushme/git
297+
- name: tarball
298+
put: s3-tarball
299+
params:
300+
file: (( concat "gh/artifacts/" meta.name "-*.tgz" ))
301+
- name: github-release
302+
put: github
303+
params:
304+
name: gh/name
305+
tag: gh/tag
306+
body: gh/notes.md
307+
globs: [gh/artifacts/*]
308+
- name: version-bump
309+
put: version
310+
params:
311+
bump: patch
312+
- name: notify
313+
aggregate:
314+
- put: notify
315+
params:
316+
channel: (( grab meta.slack.channel ))
317+
username: (( grab meta.slack.username ))
318+
icon_url: (( grab meta.slack.icon ))
319+
text_file: notifications/message
320+
on_failure:
321+
put: notify
322+
params:
323+
channel: (( grab meta.slack.channel ))
324+
username: (( grab meta.slack.username ))
325+
icon_url: (( grab meta.slack.icon ))
326+
text: '(( concat meta.slack.fail_url " " meta.pipeline ": shipit job failed" ))'
327+
328+
resource_types:
329+
- name: slack-notification
330+
type: docker-image
331+
source:
332+
repository: cfcommunity/slack-notification-resource
333+
334+
- name: pull-request
335+
type: docker-image
336+
source:
337+
repository: jtarchie/pr
338+
339+
resources:
340+
- name: git
341+
type: git
342+
source:
343+
uri: (( grab meta.github.uri ))
344+
branch: (( grab meta.github.branch ))
345+
private_key: (( grab meta.github.private_key ))
346+
347+
- name: git-pull-requests
348+
type: pull-request
349+
source:
350+
access_token: (( grab meta.github.access_token ))
351+
private_key: (( grab meta.github.private_key ))
352+
repo: (( concat meta.github.owner "/" meta.github.repo ))
353+
base: (( grab meta.github.branch ))
354+
355+
- name: version
356+
type: semver
357+
source :
358+
driver: s3
359+
bucket: (( grab meta.aws.bucket ))
360+
region_name: (( grab meta.aws.region_name ))
361+
key: version
362+
access_key_id: (( grab meta.aws.access_key ))
363+
secret_access_key: (( grab meta.aws.secret_key ))
364+
initial_version: (( grab meta.initial_version || "0.0.1" ))
365+
366+
- name: notify
367+
type: slack-notification
368+
source:
369+
url: (( grab meta.slack.webhook ))
370+
371+
- name: github
372+
type: github-release
373+
source:
374+
user: (( grab meta.github.owner ))
375+
repository: (( grab meta.github.repo ))
376+
access_token: (( grab meta.github.access_token ))
377+
378+
- name: s3-tarball
379+
type: s3
380+
source:
381+
bucket: (( grab meta.aws.bucket ))
382+
region_name: (( grab meta.aws.region_name ))
383+
regexp: (( concat meta.name "-(.*).tgz" ))
384+
access_key_id: (( grab meta.aws.access_key ))
385+
secret_access_key: (( grab meta.aws.secret_key ))

0 commit comments

Comments
 (0)