diff --git a/.circleci/config.yml b/.circleci/config.yml index 1d128e707..315a31629 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -3,19 +3,80 @@ commands: description: Install Helm steps: - run: - command: | - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 - chmod 700 get_helm.sh - ./get_helm.sh - name: Install Helm - install_python_requests: - description: Install requests library + command: | + curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 + chmod 700 get_helm.sh + ./get_helm.sh + name: Install Helm + + notify_slack_on_failure: steps: - - run: - command: | - sudo apt update - sudo apt install python3-requests - when: always + - slack/notify: + branch_pattern: master,staging + channel: team-test-enrichment-deployment + event: fail + mentions: '@testenrichers' + custom: | + { + "blocks": [ + { + "type": "header", + "text": { + "type": "plain_text", + "text": "CICD pipeline failed :circleci-fail:", + "emoji": true + } + }, + { + "type": "divider" + }, + { + "type": "section", + "fields": [ + { + "type": "mrkdwn", + "text": "*Project*: ${CIRCLE_PROJECT_REPONAME}" + }, + { + "type": "mrkdwn", + "text": "*Job*: ${CIRCLE_JOB}" + }, + { + "type": "mrkdwn", + "text": "*Branch*: ${CIRCLE_BRANCH}" + }, + { + "type": "mrkdwn", + "text": "*Author*: ${CIRCLE_USERNAME}" + } + ] + }, + { + "type": "section", + "fields": [ + { + "type": "mrkdwn", + "text": "*Mentions*: ${SLACK_PARAM_MENTIONS}" + } + ] + }, + { + "type": "actions", + "elements": [ + { + "type": "button", + "action_id": "basic_fail_view", + "text": { + "type": "plain_text", + "text": "View Job" + }, + "url": "${CIRCLE_BUILD_URL}" + } + ] + } + ] + } + jobs: security-scans: docker: @@ -23,52 +84,47 @@ jobs: steps: - checkout - prodsec/security_scans: - mode: auto - release-branch: master - open-source-additional-arguments: --exclude=test + mode: auto + release-branch: master + open-source-additional-arguments: --exclude=test build_image: docker: - image: cimg/base:current steps: - checkout - setup_remote_docker - - install_python_requests - run: - command: | - IMAGE_TAG=$([[ "$CIRCLE_BRANCH" == "staging" ]] && echo "staging-candidate" || echo "discardable") - IMAGE_NAME_CANDIDATE=snyk/kubernetes-monitor:${IMAGE_TAG}-${CIRCLE_SHA1} - IMAGE_NAME_CANDIDATE_UBI9=snyk/kubernetes-monitor:${IMAGE_TAG}-ubi9-${CIRCLE_SHA1:0:8} - echo "export IMAGE_NAME_CANDIDATE=$IMAGE_NAME_CANDIDATE" >> $BASH_ENV - echo "export IMAGE_NAME_CANDIDATE_UBI9=$IMAGE_NAME_CANDIDATE_UBI9" >> $BASH_ENV - name: Export environment variables + command: | + IMAGE_TAG=$([[ "$CIRCLE_BRANCH" == "staging" ]] && echo "staging-candidate" || echo "discardable") + IMAGE_NAME_CANDIDATE=snyk/kubernetes-monitor:${IMAGE_TAG}-${CIRCLE_SHA1} + IMAGE_NAME_CANDIDATE_UBI9=snyk/kubernetes-monitor:${IMAGE_TAG}-ubi9-${CIRCLE_SHA1:0:8} + echo "export IMAGE_NAME_CANDIDATE=$IMAGE_NAME_CANDIDATE" >> $BASH_ENV + echo "export IMAGE_NAME_CANDIDATE_UBI9=$IMAGE_NAME_CANDIDATE_UBI9" >> $BASH_ENV + name: Export environment variables - run: - command: | - docker login --username ${DOCKERHUB_USER} --password ${DOCKERHUB_PASSWORD} - ./scripts/docker/build-image.sh ${IMAGE_NAME_CANDIDATE} - ./scripts/docker/build-image-ubi9.sh ${IMAGE_NAME_CANDIDATE_UBI9} - name: Build image + command: | + docker login --username ${DOCKERHUB_USER} --password ${DOCKERHUB_PASS} + ./scripts/docker/build-image.sh ${IMAGE_NAME_CANDIDATE} + ./scripts/docker/build-image-ubi9.sh ${IMAGE_NAME_CANDIDATE_UBI9} + name: Build image - snyk/scan: - additional-arguments: --project-name=alpine --policy-path=.snyk - docker-image-name: ${IMAGE_NAME_CANDIDATE} - monitor-on-build: false - severity-threshold: high - target-file: Dockerfile + additional-arguments: --project-name=alpine --policy-path=.snyk + docker-image-name: ${IMAGE_NAME_CANDIDATE} + monitor-on-build: false + severity-threshold: high + target-file: Dockerfile - snyk/scan: - additional-arguments: --project-name=ubi9 --policy-path=.snyk - docker-image-name: ${IMAGE_NAME_CANDIDATE_UBI9} - monitor-on-build: false - severity-threshold: critical - target-file: Dockerfile.ubi9 + additional-arguments: --project-name=ubi9 --policy-path=.snyk + docker-image-name: ${IMAGE_NAME_CANDIDATE_UBI9} + monitor-on-build: false + severity-threshold: critical + target-file: Dockerfile.ubi9 - run: - command: | - docker push ${IMAGE_NAME_CANDIDATE} - docker push ${IMAGE_NAME_CANDIDATE_UBI9} - name: Push image - - run: - command: | - ./scripts/slack/notify_failure_on_branch.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}" - name: Notify Slack on failure - when: on_fail + command: | + docker push ${IMAGE_NAME_CANDIDATE} + docker push ${IMAGE_NAME_CANDIDATE_UBI9} + name: Push image + - notify_slack_on_failure working_directory: ~/kubernetes-monitor code_formatter: docker: @@ -76,45 +132,32 @@ jobs: steps: - checkout - run: - command: npm ci - - install_python_requests - - run: - command: | - npm run format:check - name: code formatter check + command: npm ci - run: - command: | - ./scripts/slack/notify_failure_on_branch.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}" - name: Notify Slack on failure - when: on_fail + command: | + npm run format:check + name: code formatter check + - notify_slack_on_failure working_directory: ~/kubernetes-monitor prepare_to_deploy: docker: - image: cimg/base:current steps: - checkout - - install_python_requests - - run: - command: ./scripts/circleci-jobs/prepare_to_deploy.sh - name: Deploy to dev - run: - command: ./scripts/slack/notify_failure.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}" - name: Notify Slack on failure - when: on_fail + command: ./scripts/circleci-jobs/prepare_to_deploy.sh + name: Deploy to dev + - notify_slack_on_failure working_directory: ~/kubernetes-monitor deploy_to_prod: docker: - image: cimg/base:current steps: - checkout - - install_python_requests - run: - command: ./scripts/circleci-jobs/deploy_to_prod.sh - name: Deploy to prod - - run: - command: ./scripts/slack/notify_failure.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}" - name: Notify Slack on failure - when: on_fail + command: ./scripts/circleci-jobs/deploy_to_prod.sh + name: Deploy to prod + - notify_slack_on_failure working_directory: ~/kubernetes-monitor lint: docker: @@ -122,17 +165,12 @@ jobs: steps: - checkout - run: - command: npm ci - - install_python_requests - - run: - command: | - npm run lint - name: lint + command: npm ci - run: - command: | - ./scripts/slack/notify_failure_on_branch.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}" - name: Notify Slack on failure - when: on_fail + command: | + npm run lint + name: lint + - notify_slack_on_failure working_directory: ~/kubernetes-monitor publish: docker: @@ -140,57 +178,51 @@ jobs: steps: - checkout - setup_remote_docker - - install_python_requests - install_helm - run: - command: | - LATEST_TAG_WITH_V=`git describe --abbrev=0 --tags ${CIRCLE_SHA1}` - LATEST_TAG=${LATEST_TAG_WITH_V:1} - IMAGE_NAME_APPROVED=snyk/kubernetes-monitor:${LATEST_TAG}-approved - IMAGE_NAME_PUBLISHED=snyk/kubernetes-monitor:${LATEST_TAG} - IMAGE_NAME_APPROVED_UBI9=snyk/kubernetes-monitor:${LATEST_TAG}-ubi9-approved - IMAGE_NAME_PUBLISHED_UBI9=snyk/kubernetes-monitor:${LATEST_TAG}-ubi9 - echo "export LATEST_TAG=${LATEST_TAG}" >> $BASH_ENV - echo "export IMAGE_NAME_APPROVED=${IMAGE_NAME_APPROVED}" >> $BASH_ENV - echo "export IMAGE_NAME_PUBLISHED=${IMAGE_NAME_PUBLISHED}" >> $BASH_ENV - echo "export IMAGE_NAME_APPROVED_UBI9=${IMAGE_NAME_APPROVED_UBI9}" >> $BASH_ENV - echo "export IMAGE_NAME_PUBLISHED_UBI9=${IMAGE_NAME_PUBLISHED_UBI9}" >> $BASH_ENV - name: Export environment variables + command: | + LATEST_TAG_WITH_V=`git describe --abbrev=0 --tags ${CIRCLE_SHA1}` + LATEST_TAG=${LATEST_TAG_WITH_V:1} + IMAGE_NAME_APPROVED=snyk/kubernetes-monitor:${LATEST_TAG}-approved + IMAGE_NAME_PUBLISHED=snyk/kubernetes-monitor:${LATEST_TAG} + IMAGE_NAME_APPROVED_UBI9=snyk/kubernetes-monitor:${LATEST_TAG}-ubi9-approved + IMAGE_NAME_PUBLISHED_UBI9=snyk/kubernetes-monitor:${LATEST_TAG}-ubi9 + echo "export LATEST_TAG=${LATEST_TAG}" >> $BASH_ENV + echo "export IMAGE_NAME_APPROVED=${IMAGE_NAME_APPROVED}" >> $BASH_ENV + echo "export IMAGE_NAME_PUBLISHED=${IMAGE_NAME_PUBLISHED}" >> $BASH_ENV + echo "export IMAGE_NAME_APPROVED_UBI9=${IMAGE_NAME_APPROVED_UBI9}" >> $BASH_ENV + echo "export IMAGE_NAME_PUBLISHED_UBI9=${IMAGE_NAME_PUBLISHED_UBI9}" >> $BASH_ENV + name: Export environment variables - snyk/scan: - additional-arguments: --project-name=alpine --policy-path=.snyk - command: container test - docker-image-name: ${IMAGE_NAME_APPROVED} - fail-on-issues: true - monitor-on-build: true - severity-threshold: high - target-file: Dockerfile - token-variable: SNYK_TOKEN + additional-arguments: --project-name=alpine --policy-path=.snyk + command: container test + docker-image-name: ${IMAGE_NAME_APPROVED} + fail-on-issues: true + monitor-on-build: true + severity-threshold: high + target-file: Dockerfile + token-variable: SNYK_TOKEN - snyk/scan: - additional-arguments: --project-name=ubi9 --policy-path=.snyk - command: container test - docker-image-name: ${IMAGE_NAME_APPROVED_UBI9} - fail-on-issues: true - monitor-on-build: true - severity-threshold: critical - target-file: Dockerfile.ubi9 - token-variable: SNYK_TOKEN - - run: - command: | - docker login --username ${DOCKERHUB_USER} --password ${DOCKERHUB_PASSWORD} && - docker pull ${IMAGE_NAME_APPROVED} && - docker tag ${IMAGE_NAME_APPROVED} ${IMAGE_NAME_PUBLISHED} && - docker push ${IMAGE_NAME_PUBLISHED} && - docker pull ${IMAGE_NAME_APPROVED_UBI9} && - docker tag ${IMAGE_NAME_APPROVED_UBI9} ${IMAGE_NAME_PUBLISHED_UBI9} && - docker push ${IMAGE_NAME_PUBLISHED_UBI9} && - ./scripts/slack/notify_push.py ${IMAGE_NAME_PUBLISHED} && - ./scripts/slack/notify_push.py ${IMAGE_NAME_PUBLISHED_UBI9} && - ./scripts/publish-gh-pages.sh ${LATEST_TAG} - name: Publish + additional-arguments: --project-name=ubi9 --policy-path=.snyk + command: container test + docker-image-name: ${IMAGE_NAME_APPROVED_UBI9} + fail-on-issues: true + monitor-on-build: true + severity-threshold: critical + target-file: Dockerfile.ubi9 + token-variable: SNYK_TOKEN - run: - command: ./scripts/slack/notify_failure.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}" - name: Notify Slack on failure - when: on_fail + command: | + docker login --username ${DOCKERHUB_USER} --password ${DOCKERHUB_PASS} && + docker pull ${IMAGE_NAME_APPROVED} && + docker tag ${IMAGE_NAME_APPROVED} ${IMAGE_NAME_PUBLISHED} && + docker push ${IMAGE_NAME_PUBLISHED} && + docker pull ${IMAGE_NAME_APPROVED_UBI9} && + docker tag ${IMAGE_NAME_APPROVED_UBI9} ${IMAGE_NAME_PUBLISHED_UBI9} && + docker push ${IMAGE_NAME_PUBLISHED_UBI9} && + ./scripts/publish-gh-pages.sh ${LATEST_TAG} + name: Publish + - notify_slack_on_failure working_directory: ~/kubernetes-monitor system_tests: machine: @@ -199,24 +231,19 @@ jobs: steps: - checkout - run: - command: npm ci - - install_python_requests + command: npm ci - run: - command: | - export DEBIAN_FRONTEND=noninteractive - sudo apt-get update -qq - sudo apt-get install skopeo - name: Install Skopeo + command: | + export DEBIAN_FRONTEND=noninteractive + sudo apt-get update -qq + sudo apt-get install skopeo + name: Install Skopeo - run: - command: | - npm run build && - npm run test:system - name: System tests - - run: - command: | - ./scripts/slack/notify_failure_on_branch.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}" - name: Notify Slack on failure - when: on_fail + command: | + npm run build && + npm run test:system + name: System tests + - notify_slack_on_failure working_directory: ~/kubernetes-monitor tag_and_push: docker: @@ -224,23 +251,19 @@ jobs: steps: - checkout - setup_remote_docker - - install_python_requests - - run: - command: | - npm ci && - docker login --username ${DOCKERHUB_USER} --password ${DOCKERHUB_PASSWORD} && - unset CIRCLE_PULL_REQUEST && - unset CI_PULL_REQUEST && - unset CI_PULL_REQUESTS && - unset CIRCLE_PULL_REQUESTS && - npx semantic-release@17.2.2 && - NEW_VERSION=`cat ./package.json | jq -r '.version'` && - ./scripts/docker/approve-image.sh $NEW_VERSION - name: Tag and push - run: - command: ./scripts/slack/notify_failure.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}" - name: Notify Slack on failure - when: on_fail + command: | + npm ci && + docker login --username ${DOCKERHUB_USER} --password ${DOCKERHUB_PASS} && + unset CIRCLE_PULL_REQUEST && + unset CI_PULL_REQUEST && + unset CI_PULL_REQUESTS && + unset CIRCLE_PULL_REQUESTS && + npx semantic-release@17.2.2 && + NEW_VERSION=`cat ./package.json | jq -r '.version'` && + ./scripts/docker/approve-image.sh $NEW_VERSION + name: Tag and push + - notify_slack_on_failure working_directory: ~/kubernetes-monitor unit_tests: docker: @@ -248,18 +271,13 @@ jobs: steps: - checkout - run: - command: npm ci - - install_python_requests - - run: - command: | - npm run build && - npm run test:unit - name: Unit tests + command: npm ci - run: - command: | - ./scripts/slack/notify_failure_on_branch.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}" - name: Notify Slack on failure - when: on_fail + command: | + npm run build && + npm run test:unit + name: Unit tests + - notify_slack_on_failure working_directory: ~/kubernetes-monitor main_branches_filter: filters: @@ -276,6 +294,7 @@ orbs: aws-cli: circleci/aws-cli@2.0.6 azure-cli: circleci/azure-cli@1.2.0 prodsec: snyk/prodsec-orb@1.1 + slack: circleci/slack@4.12.5 snyk: snyk/snyk@2 staging_branch_only_filter: @@ -288,131 +307,155 @@ workflows: MERGE_TO_MASTER: jobs: - security-scans: - name: Security Scans - context: - - analysis_test-enrichment - filters: - branches: - only: - - master + name: Security Scans + context: + - analysis_test-enrichment + filters: + branches: + only: + - master - publish: - context: - - team-container-integration - - analysis_test-enrichment - requires: - - Security Scans - filters: - branches: - only: - - master + context: + - analysis_test-enrichment + - snyk-bot-slack + - team-container-integration + - team-container-integration-docker-hub + requires: + - Security Scans + filters: + branches: + only: + - master - deploy_to_prod: - context: - - team-container-integration-circleci - - kubernetes-monitor - filters: - branches: - only: - - master - requires: - - publish + context: + - kubernetes-monitor + - snyk-bot-slack + - team-container-integration-circleci + filters: + branches: + only: + - master + requires: + - publish MERGE_TO_STAGING: jobs: - build_image: - context: - - analysis_test-enrichment - - go-private-modules - filters: - branches: - only: - - staging + context: + - analysis_test-enrichment + - go-private-modules + - snyk-bot-slack + - team-container-integration-docker-hub + filters: + branches: + only: + - staging - unit_tests: - context: analysis_test-enrichment - filters: - branches: - only: - - staging + context: + - analysis_test-enrichment + - snyk-bot-slack + filters: + branches: + only: + - staging - system_tests: - filters: - branches: - only: - - staging + context: + - snyk-bot-slack + filters: + branches: + only: + - staging - tag_and_push: - context: team-container-integration - filters: - branches: - only: - - staging - requires: - - build_image - - unit_tests - - system_tests + context: + - snyk-bot-slack + - team-container-integration + - team-container-integration-docker-hub + filters: + branches: + only: + - staging + requires: + - build_image + - unit_tests + - system_tests - prepare_to_deploy: - context: - - team-container-integration - - team-container-integration-circleci - - kubernetes-monitor - filters: - branches: - only: - - staging - requires: - - tag_and_push + context: + - kubernetes-monitor + - snyk-bot-slack + - team-container-integration + - team-container-integration-circleci + filters: + branches: + only: + - staging + requires: + - tag_and_push PR_TO_STAGING: jobs: - prodsec/secrets-scan: - name: Scan repository for secrets - trusted-branch: main - context: - - snyk-bot-slack - channel: snyk-on-snyk-analysis_test-enrichment - filters: - branches: - ignore: - - staging - - master + name: Scan repository for secrets + trusted-branch: main + context: + - snyk-bot-slack + channel: snyk-on-snyk-analysis_test-enrichment + filters: + branches: + ignore: + - staging + - master - security-scans: - name: Security Scans - context: - - analysis_test-enrichment - filters: - branches: - ignore: - - staging - - master + name: Security Scans + context: + - analysis_test-enrichment + - snyk-bot-slack + filters: + branches: + ignore: + - staging + - master - build_image: - context: - - analysis_test-enrichment - - go-private-modules - requires: - - Scan repository for secrets - - Security Scans - filters: - branches: - ignore: - - staging - - master + context: + - analysis_test-enrichment + - go-private-modules + - snyk-bot-slack + - team-container-integration-docker-hub + requires: + - Scan repository for secrets + - Security Scans + filters: + branches: + ignore: + - staging + - master - unit_tests: - context: analysis_test-enrichment - filters: - branches: - ignore: - - staging - - master + context: + - analysis_test-enrichment + - snyk-bot-slack + filters: + branches: + ignore: + - staging + - master - lint: - filters: - branches: - ignore: - - staging - - master + context: + - snyk-bot-slack + filters: + branches: + ignore: + - staging + - master - code_formatter: - filters: - branches: - ignore: - - staging - - master + context: + - snyk-bot-slack + filters: + branches: + ignore: + - staging + - master - system_tests: - filters: - branches: - ignore: - - staging - - master + context: + - snyk-bot-slack + filters: + branches: + ignore: + - staging + - master diff --git a/Dockerfile b/Dockerfile index 7de8beb0b..4c9b3e9ef 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,7 @@ RUN go install github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/doc RUN --mount=type=secret,id=gh_token,required=true \ git config --global url."https://$(cat /run/secrets/gh_token):x-oauth-basic@github.com/snyk".insteadOf "https://github.com/snyk" && \ go env -w GOPRIVATE=github.com/snyk && \ - go install github.com/snyk/docker-credential-acr-env@697fe895979cea8a1595b4c0c30ea78a5f5c13ce && \ + go install github.com/snyk/docker-credential-acr-env@62fbee8398a22171cb0f628400a29b2ebaed7a3a && \ git config --global --unset url."https://$(cat /run/secrets/gh_token):x-oauth-basic@github.com/snyk".insteadOf #--------------------------------------------------------------------- diff --git a/Dockerfile.ubi9 b/Dockerfile.ubi9 index ba7794c1c..5d242d428 100644 --- a/Dockerfile.ubi9 +++ b/Dockerfile.ubi9 @@ -7,7 +7,7 @@ RUN GOTOOLCHAIN=go1.23.4 go install github.com/awslabs/amazon-ecr-credential-hel RUN --mount=type=secret,id=gh_token,uid=1001,required=true \ git config --global url."https://$(cat /run/secrets/gh_token):x-oauth-basic@github.com/snyk".insteadOf "https://github.com/snyk" && \ go env -w GOPRIVATE=github.com/snyk && \ - GOTOOLCHAIN=go1.23.4 go install github.com/snyk/docker-credential-acr-env@697fe895979cea8a1595b4c0c30ea78a5f5c13ce && \ + GOTOOLCHAIN=go1.23.4 go install github.com/snyk/docker-credential-acr-env@62fbee8398a22171cb0f628400a29b2ebaed7a3a && \ git config --global --unset url."https://$(cat /run/secrets/gh_token):x-oauth-basic@github.com/snyk".insteadOf #--------------------------------------------------------------------- diff --git a/scripts/circleci-jobs/setup-integration-tests.py b/scripts/circleci-jobs/setup-integration-tests.py deleted file mode 100755 index 1f42d7537..000000000 --- a/scripts/circleci-jobs/setup-integration-tests.py +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/python3 - -import os -import subprocess - -dockerhub_user = os.getenv('DOCKERHUB_USER') -dockerhub_password = os.getenv('DOCKERHUB_PASSWORD') -image_tag_suffix = os.getenv('IMAGE_TAG_UBI_SUFFIX', '') - -subprocess.getoutput("docker login --username " + dockerhub_user + " --password " + dockerhub_password) - -circle_branch = os.getenv("CIRCLE_BRANCH") -if circle_branch == "staging": - image_tag = "staging-candidate" -else: - image_tag = "discardable" -circle_sha1 = os.getenv("CIRCLE_SHA1") if image_tag_suffix == '' else os.getenv("CIRCLE_SHA1")[0:8] -kubernetes_monitor_image_name_and_tag = "snyk/kubernetes-monitor:" + image_tag + image_tag_suffix + "-" + circle_sha1 - -subprocess.getoutput("docker pull " + kubernetes_monitor_image_name_and_tag) - -print(kubernetes_monitor_image_name_and_tag) diff --git a/scripts/docker/approve-image.sh b/scripts/docker/approve-image.sh index bddeb27db..318075747 100755 --- a/scripts/docker/approve-image.sh +++ b/scripts/docker/approve-image.sh @@ -6,7 +6,6 @@ set -e # then it would be null if [ $1 == "null" ]; then echo Semantic-Release did not create a new version, not pushing a new approved image - ./scripts/slack/notify_success_no_release.py else IMAGE_NAME_CANDIDATE=snyk/kubernetes-monitor:staging-candidate-${CIRCLE_SHA1} IMAGE_NAME_APPROVED=snyk/kubernetes-monitor:${1}-approved @@ -14,7 +13,6 @@ else docker pull ${IMAGE_NAME_CANDIDATE} docker tag ${IMAGE_NAME_CANDIDATE} ${IMAGE_NAME_APPROVED} docker push ${IMAGE_NAME_APPROVED} - ./scripts/slack/notify_push.py ${IMAGE_NAME_APPROVED} IMAGE_NAME_CANDIDATE_UBI9=snyk/kubernetes-monitor:staging-candidate-ubi9-${CIRCLE_SHA1:0:8} IMAGE_NAME_APPROVED_UBI9=snyk/kubernetes-monitor:${1}-ubi9-approved @@ -22,5 +20,4 @@ else docker pull ${IMAGE_NAME_CANDIDATE_UBI9} docker tag ${IMAGE_NAME_CANDIDATE_UBI9} ${IMAGE_NAME_APPROVED_UBI9} docker push ${IMAGE_NAME_APPROVED_UBI9} - ./scripts/slack/notify_push.py ${IMAGE_NAME_APPROVED_UBI9} fi diff --git a/scripts/publish-gh-pages.sh b/scripts/publish-gh-pages.sh index 8d11c5b9c..7f61413aa 100755 --- a/scripts/publish-gh-pages.sh +++ b/scripts/publish-gh-pages.sh @@ -15,7 +15,6 @@ git checkout -f gh-pages if grep -Fxq " tag: ${NEW_TAG}" ./snyk-monitor/values.yaml then echo not publishing a new gh-pages commit since this version is already published - ./scripts/slack/notify_success_no_publish.py exit 0 fi @@ -59,5 +58,3 @@ for (( i=0; i<${attempts}; i++ )); do echo "$curl_response" sleep $sleep_time done - -./scripts/slack/notify_push.py "gh-pages" diff --git a/scripts/slack/notify_deploy.py b/scripts/slack/notify_deploy.py deleted file mode 100755 index 5fe95102a..000000000 --- a/scripts/slack/notify_deploy.py +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/python3 - -import os -import requests -import json -import sys - - -def notifySlack(image_name, deployment_env_name): - circle_build_url = os.getenv('CIRCLE_BUILD_URL') - url = os.getenv('SLACK_WEBHOOK') - - data = { - 'attachments': - [ - { - 'color': '#7CD197', - 'fallback': 'Build Notification: ' + circle_build_url, - 'title': 'Kubernetes-Monitor Deploy Notification', - 'text': ':hatching_chick: Deploying Kubernetes-Monitor on `' + deployment_env_name + '`: `' + image_name + '` :hatching_chick:' - } - ] - } - - requests.post(url, data=json.dumps(data)) - - -if __name__ == '__main__': - image_name = sys.argv[1] - deployment_env_name = sys.argv[2] - notifySlack(image_name, deployment_env_name) diff --git a/scripts/slack/notify_failure.py b/scripts/slack/notify_failure.py deleted file mode 100755 index 00367b59b..000000000 --- a/scripts/slack/notify_failure.py +++ /dev/null @@ -1,33 +0,0 @@ -#!/usr/bin/python3 - -import os -import requests -import json -import sys - - -def notifySlack(branch_name: str, job_name: str, build_url: str, pr_url: str, slack_webhook: str): - job_name_message = 'Job name: `' + job_name + '`\n' - build_url_message = 'Build URL: ' + build_url + '\n' - pr_url_message = 'Pull request URL: ' + pr_url + '\n' - message = ':egg_broken_1: Kubernetes-Monitor broken branch: `' + branch_name + \ - '` :egg_broken_1:\n' + job_name_message + build_url_message + pr_url_message - - data = { - 'attachments': - [ - { - 'color': '#EE0000', - 'fallback': 'Build Notification: ' + build_url, - 'title': ':warning: Kubernetes-Monitor Merge Failure :warning:', - 'text': message - } - ] - } - - requests.post(slack_webhook, data=json.dumps(data)) - - -if __name__ == '__main__': - _, branch_name, job_name, build_url, pr_url, slack_webhook = sys.argv - notifySlack(branch_name, job_name, build_url, pr_url, slack_webhook) diff --git a/scripts/slack/notify_failure_on_branch.py b/scripts/slack/notify_failure_on_branch.py deleted file mode 100755 index 436ac2e25..000000000 --- a/scripts/slack/notify_failure_on_branch.py +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/python3 - -import os -from notify_failure import notifySlack -import sys - - -def notifyOnBranch(branch_name: str, job_name: str, build_url: str, pr_url: str, slack_webhook: str): - if branch_name == 'staging': - notifySlack(branch_name, job_name, build_url, pr_url, slack_webhook) - else: - print('Current branch is ' + branch_name + - ' so skipping notifying Slack') - - -if __name__ == '__main__': - _, branch_name, job_name, build_url, pr_url, slack_webhook = sys.argv - display_branch_name = sys.argv[1] - notifyOnBranch(branch_name, job_name, build_url, pr_url, slack_webhook) diff --git a/scripts/slack/notify_push.py b/scripts/slack/notify_push.py deleted file mode 100755 index 217d1c0e9..000000000 --- a/scripts/slack/notify_push.py +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/python3 - -import os -import requests -import json -import sys - -def notifySlack(branch_name): - circle_build_url = os.getenv('CIRCLE_BUILD_URL') - url = os.getenv('SLACK_WEBHOOK') - - data = { - 'attachments': - [ - { - 'color': '#7CD197', - 'fallback': 'Build Notification: ' + circle_build_url, - 'title': 'Kubernetes-Monitor Publish Notification', - 'text': ':egg_fancy: Published Kubernetes-Monitor: `' + branch_name + '` :egg_fancy:' - } - ] - } - - requests.post(url, data=json.dumps(data)) - -if __name__ == '__main__': - branch_name = sys.argv[1] - notifySlack(branch_name) diff --git a/scripts/slack/notify_success_no_publish.py b/scripts/slack/notify_success_no_publish.py deleted file mode 100755 index c77f78faf..000000000 --- a/scripts/slack/notify_success_no_publish.py +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/python3 - -import os -import requests -import json - -def notifySlack(): - circle_build_url = os.getenv('CIRCLE_BUILD_URL') - url = os.getenv('SLACK_WEBHOOK') - - data = { - 'attachments': - [ - { - 'color': '#7CD197', - 'fallback': 'Build Notification: ' + circle_build_url, - 'title': 'Kubernetes-Monitor Publish Notification', - 'text': ':egg_fancy: Successful `master` merge, but no `gh-pages` release occurring :egg_fancy:' - } - ] - } - - requests.post(url, data=json.dumps(data)) - -if __name__ == '__main__': - notifySlack() diff --git a/scripts/slack/notify_success_no_release.py b/scripts/slack/notify_success_no_release.py deleted file mode 100755 index b040200f7..000000000 --- a/scripts/slack/notify_success_no_release.py +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/python3 - -import os -import requests -import json - -def notifySlack(): - circle_build_url = os.getenv('CIRCLE_BUILD_URL') - url = os.getenv('SLACK_WEBHOOK') - - data = { - 'attachments': - [ - { - 'color': '#7CD197', - 'fallback': 'Build Notification: ' + circle_build_url, - 'title': 'Kubernetes-Monitor Publish Notification', - 'text': ':egg_fancy: Successful `staging` merge, but no semantic-release occurring :egg_fancy:' - } - ] - } - - requests.post(url, data=json.dumps(data)) - -if __name__ == '__main__': - notifySlack()