diff --git a/.github/dependabot.yml b/.github/dependabot.yml index e574638e93..d863f1b63d 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,3 +1,6 @@ +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + # To get started with Dependabot version updates, you'll need to specify which # package ecosystems to update and where the package manifests are located. # Please see the documentation for all configuration options: @@ -5,7 +8,7 @@ version: 2 updates: - - package-ecosystem: "npm" # See documentation for possible values - directory: "/" # Location of package manifests - schedule: - interval: "weekly" +- package-ecosystem: "npm" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "daily" diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml new file mode 100644 index 0000000000..adf381d89a --- /dev/null +++ b/.github/workflows/audit.yml @@ -0,0 +1,22 @@ +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +name: Audit + +on: + pull_request: + branches: [main] + +jobs: + audit: + name: Audit + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 + with: + node-version: 20 + cache: "yarn" + - run: yarn install --frozen-lockfile + - name: Run audit + run: make audit diff --git a/.github/workflows/check-code.yml b/.github/workflows/check-code.yml index f9bdf1e35f..4efe9f4070 100644 --- a/.github/workflows/check-code.yml +++ b/.github/workflows/check-code.yml @@ -1,7 +1,12 @@ -name: "Check code" +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +name: Check Code + on: pull_request: branches: [main] + jobs: check-code: name: Check Code @@ -11,6 +16,7 @@ jobs: - uses: actions/setup-node@v3 with: node-version: 20 - - run: yarn install + cache: "yarn" + - run: yarn install --frozen-lockfile - name: Run check code - run: yarn check-code + run: make check-code diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml index a8c9f9784a..b680269998 100644 --- a/.github/workflows/spelling.yml +++ b/.github/workflows/spelling.yml @@ -1,7 +1,11 @@ +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + name: Spelling + on: pull_request: - branches: [main] + branches: [ main ] jobs: spelling: diff --git a/.github/workflows/vendor/nodejs-audit.yml b/.github/workflows/vendor/nodejs-audit.yml new file mode 100644 index 0000000000..adf381d89a --- /dev/null +++ b/.github/workflows/vendor/nodejs-audit.yml @@ -0,0 +1,22 @@ +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +name: Audit + +on: + pull_request: + branches: [main] + +jobs: + audit: + name: Audit + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 + with: + node-version: 20 + cache: "yarn" + - run: yarn install --frozen-lockfile + - name: Run audit + run: make audit diff --git a/.github/workflows/vendor/nodejs-check-code.yml b/.github/workflows/vendor/nodejs-check-code.yml new file mode 100644 index 0000000000..4efe9f4070 --- /dev/null +++ b/.github/workflows/vendor/nodejs-check-code.yml @@ -0,0 +1,22 @@ +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +name: Check Code + +on: + pull_request: + branches: [main] + +jobs: + check-code: + name: Check Code + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 + with: + node-version: 20 + cache: "yarn" + - run: yarn install --frozen-lockfile + - name: Run check code + run: make check-code diff --git a/.github/workflows/vendor/spelling.yml b/.github/workflows/vendor/spelling.yml new file mode 100644 index 0000000000..b680269998 --- /dev/null +++ b/.github/workflows/vendor/spelling.yml @@ -0,0 +1,20 @@ +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +name: Spelling + +on: + pull_request: + branches: [ main ] + +jobs: + spelling: + name: Spell Check with Typos + runs-on: ubuntu-latest + steps: + - name: Checkout Actions Repository + uses: actions/checkout@v3 + - name: Spell Check Repo + uses: crate-ci/typos@master + with: + config: typos.toml diff --git a/ci/vendir.lock.yml b/ci/vendir.lock.yml index c1bcb2acac..ac958af822 100644 --- a/ci/vendir.lock.yml +++ b/ci/vendir.lock.yml @@ -2,14 +2,14 @@ apiVersion: vendir.k14s.io/v1alpha1 directories: - contents: - git: - commitTitle: 'fix: git cliff config should be pulled from pipeline-tasks (#4)' - sha: fc36c9834e4da8374728298ffd362b7bc1280bc5 + commitTitle: 'fix: allow versioned img uploading to private repo (#41)' + sha: 0f5b967c838dbb9496da86453c0eece933a556a9 path: . - path: tasks/vendor + path: ../.github/workflows/vendor - contents: - git: - commitTitle: 'fix: git cliff config should be pulled from pipeline-tasks (#4)' - sha: fc36c9834e4da8374728298ffd362b7bc1280bc5 + commitTitle: 'fix: allow versioned img uploading to private repo (#41)' + sha: 0f5b967c838dbb9496da86453c0eece933a556a9 path: . - path: config/vendor + path: ./vendor kind: LockConfig diff --git a/ci/vendir.yml b/ci/vendir.yml index 4d83171fb4..b343acf2dd 100644 --- a/ci/vendir.yml +++ b/ci/vendir.yml @@ -1,23 +1,32 @@ apiVersion: vendir.k14s.io/v1alpha1 kind: Config +# Relative to ci/ directories: -- path: tasks/vendor +- path: ../.github/workflows/vendor contents: - - path: . + - path: . # Copy this folder out to .. git: url: https://github.com/GaloyMoney/concourse-shared.git - ref: fc36c9834e4da8374728298ffd362b7bc1280bc5 + ref: 0f5b967c838dbb9496da86453c0eece933a556a9 includePaths: - - tasks/**/* - newRootPath: tasks + - shared/actions/* + excludePaths: + - shared/actions/rust-* + - shared/actions/docker-* + - shared/actions/chart-* + newRootPath: shared/actions -- path: config/vendor +- path: ./vendor contents: - path: . git: url: https://github.com/GaloyMoney/concourse-shared.git - ref: fc36c9834e4da8374728298ffd362b7bc1280bc5 + ref: 0f5b967c838dbb9496da86453c0eece933a556a9 includePaths: - - config/**/* - newRootPath: config + - shared/ci/**/* + excludePaths: + - shared/ci/**/rust-* + - shared/ci/**/chart-* + - shared/ci/**/docker-* + newRootPath: shared/ci diff --git a/ci/vendor/config/git-cliff.toml b/ci/vendor/config/git-cliff.toml new file mode 100644 index 0000000000..3404a4f0f2 --- /dev/null +++ b/ci/vendor/config/git-cliff.toml @@ -0,0 +1,57 @@ +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +# configuration file for git-cliff (0.1.0) + +[changelog] +# changelog header +header = """""" + +# template for the changelog body +# https://tera.netlify.app/docs/#introduction +body = """ +{% if version %}\ + ## [{{ version | trim_start_matches(pat="v") }}] - {{ timestamp | date(format="%Y-%m-%d") }} +{% endif %}\ +{% for group, commits in commits | group_by(attribute="group") %} + ### {{ group | upper_first }} + {% for commit in commits %} + - {% if commit.breaking %}[**breaking**] {% endif %}{{ commit.message | upper_first }}\ + {% endfor %} +{% endfor %}\n +""" +# remove the leading and trailing whitespaces from the template +trim = true +# changelog footer +footer = """""" + +[git] +# parse the commits based on https://www.conventionalcommits.org +conventional_commits = true +# filter out the commits that are not conventional +filter_unconventional = true +# regex for parsing and grouping commits +commit_parsers = [ + { message = "^feat", group = "Features"}, + { message = "^fix", group = "Bug Fixes"}, + { message = "^doc", group = "Documentation"}, + { message = "^perf", group = "Performance"}, + { message = "^refactor", group = "Refactor"}, + { message = "^style", group = "Styling"}, + { message = "^test", group = "Testing"}, + { message = "^chore\\(release\\): prepare for", skip = true}, + { message = "^chore", group = "Miscellaneous Tasks"}, + { body = ".*security", group = "Security"}, +] +# filter out the commits that are not matched by commit parsers +filter_commits = true +# glob pattern for matching git tags +tag_pattern = "v[0-9]*" +# regex for skipping tags +skip_tags = "v0.1.0-beta.1" +# regex for ignoring tags +ignore_tags = "" +# sort the tags topologically +topo_order = false +# sort the commits inside sections by oldest/newest order +sort_commits = "newest" diff --git a/ci/vendor/pipeline-fragments.lib.yml b/ci/vendor/pipeline-fragments.lib.yml new file mode 100644 index 0000000000..79f386e304 --- /dev/null +++ b/ci/vendor/pipeline-fragments.lib.yml @@ -0,0 +1,537 @@ +#@ load("@ytt:data", "data") + +#@ def public_docker_registry(): +#@ return "us.gcr.io/galoy-org" +#@ end + +#@ def private_docker_registry(): +#@ return "gcr.io/galoy-org" +#@ end + +#@ def nodejs_concourse_image(): +#@ return public_docker_registry() + "/nodejs-concourse" +#@ end + +#@ def rust_concourse_image(): +#@ return public_docker_registry() + "/rust-concourse" +#@ end + +#@ def release_concourse_image(): +#@ return public_docker_registry() + "/release-pipeline" +#@ end + +#@ def nodejs_task_image_config(): +type: registry-image +source: + username: ((docker-creds.username)) + password: ((docker-creds.password)) + repository: #@ nodejs_concourse_image() +#@ end + +#@ def rust_task_image_config(): +type: registry-image +source: + username: ((docker-creds.username)) + password: ((docker-creds.password)) + repository: #@ rust_concourse_image() +#@ end + +#@ def release_task_image_config(): +type: registry-image +source: + username: ((docker-creds.username)) + password: ((docker-creds.password)) + repository: #@ release_concourse_image() +#@ end + +#@ def slack_failure_notification(): +#@ fail_url = "<$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME| :face_with_symbols_on_mouth: $BUILD_JOB_NAME> failed!" +put: slack +params: + channel: #@ data.values.slack_channel + username: concourse + icon_url: https://cl.ly/2F421Y300u07/concourse-logo-blue-transparent.png + text: #@ fail_url +#@ end + +#@ def nodejs_check_code(): +name: check-code +serial: true +plan: +- in_parallel: + - { get: repo, trigger: true } + - { get: pipeline-tasks } + - { get: bundled-deps, trigger: true} +- task: check-code + config: + platform: linux + image_resource: #@ nodejs_task_image_config() + inputs: + - name: bundled-deps + - name: pipeline-tasks + - name: repo + run: + path: pipeline-tasks/ci/vendor/tasks/nodejs-check-code.sh +on_failure: #@ slack_failure_notification() +#@ end + +#@ def rust_check_code(): +name: check-code +serial: true +plan: +- in_parallel: + - { get: repo, trigger: true } + - { get: pipeline-tasks } +- task: check-code + config: + platform: linux + image_resource: #@ rust_task_image_config() + inputs: + - name: pipeline-tasks + - name: repo + caches: + - path: cargo-home + - path: cargo-target-dir + run: + path: pipeline-tasks/ci/vendor/tasks/rust-check-code.sh +on_failure: #@ slack_failure_notification() +#@ end + +#@ def install_yarn_deps(): +name: install-deps +plan: +- in_parallel: + - {get: deps, trigger: true} + - {get: pipeline-tasks} + - {put: deps-version, params: {bump: patch}} +- task: install-deps + config: + platform: linux + image_resource: #@ nodejs_task_image_config() + inputs: + - name: pipeline-tasks + - name: deps + - name: deps-version + outputs: + - name: bundled-deps + run: + path: pipeline-tasks/ci/vendor/tasks/nodejs-cache-yarn-deps.sh +- put: bundled-deps + params: + file: bundled-deps/bundled-deps-*.tgz +on_failure: #@ slack_failure_notification() +#@ end + +#@ def test_on_docker_host(container, additional_params={}): +#@ params = dict(additional_params) +#@ params["REPO_PATH"] = data.values.gh_repository + "-" + container +#@ params["GOOGLE_CREDENTIALS"] = "((staging-gcp-creds.creds_json))" +#@ params["SSH_PRIVATE_KEY"] = "((staging-ssh.ssh_private_key))" +#@ params["SSH_PUB_KEY"] = "((staging-ssh.ssh_public_key))" +#@ params["TEST_CONTAINER"] = container +#@ params["JEST_TIMEOUT"] = 90000 +name: #@ container +serial: true +plan: +- { put: docker-host, params: { acquire: true } } +- in_parallel: + - { get: repo, trigger: true } + - { get: pipeline-tasks } +- task: #@ container + attempts: 2 + timeout: 12m + tags: ["galoy-staging"] + config: + platform: linux + image_resource: #@ rust_task_image_config() + inputs: + - name: pipeline-tasks + - name: docker-host + - name: repo + path: #@ data.values.gh_repository + "-" + container + caches: + - path: cargo-home + - path: cargo-target-dir + params: #@ params + run: + path: pipeline-tasks/ci/vendor/tasks/test-on-docker-host.sh + ensure: + put: docker-host + params: + release: docker-host +on_failure: #@ slack_failure_notification() +#@ end + +#@ def nodejs_integration_test(): +name: test-integration +serial: true +plan: +- in_parallel: + - { get: repo, trigger: true } + - { get: pipeline-tasks } + - { get: bundled-deps, tags: ["galoy-staging"], trigger: true} +- task: test-integration + timeout: 12m + tags: ["galoy-staging"] + config: + platform: linux + image_resource: #@ nodejs_task_image_config() + inputs: + - name: bundled-deps + - name: pipeline-tasks + - name: repo + path: #@ data.values.gh_repository + "-integration" + params: + REPO_PATH: #@ data.values.gh_repository + "-integration" + DOCKER_HOST_IP: ((staging-ssh.docker_host_ip)) + GOOGLE_CREDENTIALS: ((staging-gcp-creds.creds_json)) + SSH_PRIVATE_KEY: ((staging-ssh.ssh_private_key)) + SSH_PUB_KEY: ((staging-ssh.ssh_public_key)) + JEST_TIMEOUT: 90000 + run: + path: pipeline-tasks/ci/vendor/tasks/chart-test-integration.sh +on_failure: #@ slack_failure_notification() +#@ end + +#@ def rust_integration_test(): +name: test-integration +serial: true +plan: +- in_parallel: + - { get: repo, trigger: true } + - { get: pipeline-tasks } +- task: test-integration + timeout: 12m + tags: ["galoy-staging"] + config: + platform: linux + image_resource: #@ rust_task_image_config() + inputs: + - name: pipeline-tasks + - name: repo + path: #@ data.values.gh_repository + "-integration" + caches: + - path: cargo-home + - path: cargo-target-dir + params: + REPO_PATH: #@ data.values.gh_repository + "-integration" + DOCKER_HOST_IP: ((staging-ssh.docker_host_ip)) + GOOGLE_CREDENTIALS: ((staging-gcp-creds.creds_json)) + SSH_PRIVATE_KEY: ((staging-ssh.ssh_private_key)) + SSH_PUB_KEY: ((staging-ssh.ssh_public_key)) + run: + path: pipeline-tasks/ci/vendor/tasks/chart-test-integration.sh +on_failure: #@ slack_failure_notification() +#@ end + +#@ def nodejs_audit(level = "high"): +name: audit +serial: true +plan: +- in_parallel: + - { get: repo, trigger: true } + - { get: pipeline-tasks } +- task: audit + config: + platform: linux + image_resource: #@ nodejs_task_image_config() + inputs: + - name: pipeline-tasks + - name: repo + params: + LEVEL: #@ level + REPO_ROOT: repo + run: + path: pipeline-tasks/ci/vendor/tasks/nodejs-audit.sh +on_failure: #@ slack_failure_notification() +#@ end + +#@ def build_edge_image(): +name: build-edge-image +serial: true +plan: +- in_parallel: + - { get: repo, trigger: true } + - { get: pipeline-tasks } +- task: prepare-docker-build + config: + platform: linux + image_resource: #@ nodejs_task_image_config() + inputs: + - name: pipeline-tasks + - name: repo + outputs: + - name: repo + run: + path: pipeline-tasks/ci/vendor/tasks/docker-prep-docker-build-env.sh +- task: build + privileged: true + config: + platform: linux + image_resource: + type: registry-image + source: + repository: vito/oci-build-task + inputs: + - name: repo + outputs: + - name: image + params: + CONTEXT: repo + run: + path: build +- put: edge-image + params: + image: image/image.tar +#@ end + +#@ def release(): +name: release +serial: true +plan: +- in_parallel: + - get: repo + trigger: true + passed: [ build-edge-image, audit, check-code ] + - get: edge-image + passed: [ build-edge-image ] + params: + format: oci + - get: pipeline-tasks + - get: version +- task: prep-release + config: + platform: linux + image_resource: #@ release_task_image_config() + inputs: + - name: repo + - name: pipeline-tasks + - name: edge-image + - name: version + outputs: + - name: version + - name: artifacts + run: + path: pipeline-tasks/ci/vendor/tasks/prep-release-src.sh +- in_parallel: + - put: versioned-image + params: + image: edge-image/image.tar + additional_tags: artifacts/gh-release-tag + - put: gh-release + params: + name: artifacts/gh-release-name + tag: artifacts/gh-release-tag + body: artifacts/gh-release-notes.md + - put: version + params: + file: version/version +#@ end + +#@ def open_charts_pr(): +name: bump-image-in-chart +plan: + - in_parallel: + - get: edge-image + passed: [ release ] + params: { skip_download: true } + - get: repo + trigger: true + passed: [ release ] + - get: version + trigger: true + passed: [ release ] + - get: charts-repo + params: { skip_download: true } + - get: pipeline-tasks + - task: bump-image-digest-in-values + config: + platform: linux + image_resource: #@ nodejs_task_image_config() + inputs: + - name: repo + - name: edge-image + - name: pipeline-tasks + - name: charts-repo + - name: version + outputs: + - name: charts-repo + params: + BRANCH: #@ data.values.git_charts_branch + CHARTS_SUBDIR: #@ data.values.gh_repository + run: + path: pipeline-tasks/ci/vendor/tasks/docker-bump-image-digest.sh + - put: charts-repo-bot-branch + params: + repository: charts-repo + force: true + - task: open-charts-pr + config: + platform: linux + image_resource: #@ nodejs_task_image_config() + inputs: + - name: repo + - name: pipeline-tasks + - name: edge-image + - name: charts-repo + params: + GH_TOKEN: #@ data.values.github_token + BRANCH: #@ data.values.git_charts_branch + BOT_BRANCH: #@ data.values.git_charts_bot_branch + CHARTS_SUBDIR: #@ data.values.gh_repository + run: + path: pipeline-tasks/ci/vendor/tasks/chart-open-charts-pr.sh +#@ end + +#@ def repo_resource(webhook = False): +name: repo +type: git +source: + ignore_paths: ["ci/*[^md]"] + fetch_tags: true + uri: #@ data.values.git_uri + branch: #@ data.values.git_branch + private_key: #@ data.values.github_private_key +#@ if webhook: +webhook_token: ((webhook.secret)) +#@ end +#@ end + +#@ def pipeline_tasks_resource(): +name: pipeline-tasks +type: git +source: + paths: [ci/vendor/*, ci/tasks/*, ci/config/*, Makefile] + uri: #@ data.values.git_uri + branch: #@ data.values.git_branch + private_key: #@ data.values.github_private_key +#@ end + +#@ def edge_image_resource(publicRepo = True): +name: edge-image +type: registry-image +source: + tag: edge + username: #@ data.values.docker_registry_user + password: #@ data.values.docker_registry_password + repository: #@ public_docker_registry() + "/" + data.values.gh_repository if publicRepo else private_docker_registry() + "/" + data.values.gh_repository +#@ end + +#@ def nodejs_deps_resource(webhook = False): +name: deps +type: git +source: + paths: [yarn.lock] + uri: #@ data.values.git_uri + branch: #@ data.values.git_branch + private_key: #@ data.values.github_private_key +#@ if webhook: +webhook_token: ((webhook.secret)) +#@ end +#@ end + +#@ def deps_version_resource(): +name: deps-version +type: semver +source: + initial_version: 0.1.0 + driver: gcs + bucket: ((staging-gcp-creds.bucket_name)) + json_key: ((staging-gcp-creds.creds_json)) + key: #@ data.values.gh_repository + "-artifacts/versions/deps" +#@ end + +#@ def bundled_deps_resource(): +name: bundled-deps +type: gcs-resource +source: + bucket: ((staging-gcp-creds.bucket_name)) + json_key: ((staging-gcp-creds.creds_json)) + regexp: #@ data.values.gh_repository + "-artifacts/deps/bundled-deps-v(.*)-.*.tgz" +#@ end + +#@ def slack_resource(): +name: slack +type: slack-notification +source: + url: #@ data.values.slack_webhook_url +#@ end + +#@ def version_resource(): +name: version +type: semver +source: + initial_version: 0.0.0 + driver: git + file: version + uri: #@ data.values.git_uri + branch: #@ data.values.git_version_branch + private_key: #@ data.values.github_private_key +#@ end + +#@ def charts_repo_resource(): +name: charts-repo +type: git +source: + uri: #@ data.values.git_charts_uri + branch: #@ data.values.git_charts_branch + private_key: #@ data.values.github_private_key +#@ end + +#@ def versioned_image_resource(publicRepo = True): +name: versioned-image +type: registry-image +source: + username: #@ data.values.docker_registry_user + password: #@ data.values.docker_registry_password + repository: #@ public_docker_registry() + "/" + data.values.gh_repository if publicRepo else private_docker_registry() + "/" + data.values.gh_repository +#@ end + +#@ def gh_release_resource(): +name: gh-release +type: github-release +source: + owner: #@ data.values.gh_org + repository: #@ data.values.gh_repository + access_token: #@ data.values.github_token +#@ end + +#@ def charts_repo_bot_branch(): +name: charts-repo-bot-branch +type: git +source: + uri: #@ data.values.git_charts_uri + branch: #@ "bot-bump-" + data.values.gh_repository + "-image" + private_key: #@ data.values.github_private_key +#@ end + +#@ def docker_host_pool(): +name: docker-host +type: pool +source: + uri: git@github.com:GaloyMoney/concourse-locks.git + branch: main + pool: docker-hosts + private_key: #@ data.values.github_private_key +#@ end + +#@ def gcr_resource_type(): +name: gcs-resource +type: docker-image +source: + repository: frodenas/gcs-resource +#@ end + +#@ def slack_resource_type(): +name: slack-notification +type: docker-image +source: + repository: cfcommunity/slack-notification-resource +#@ end + +#@ def npm_resource_type(): +name: npm +type: docker-image +source: + repository: timotto/concourse-npm-resource +#@ end diff --git a/ci/vendor/tasks/helpers.sh b/ci/vendor/tasks/helpers.sh new file mode 100755 index 0000000000..2571ca7d04 --- /dev/null +++ b/ci/vendor/tasks/helpers.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +if [[ -z $(git config --global user.email) ]]; then + git config --global user.email "bot@galoy.io" +fi +if [[ -z $(git config --global user.name) ]]; then + git config --global user.name "CI Bot" +fi + +function unpack_deps() { + REPO_PATH=${REPO_PATH:-repo} + + if [[ -f ${REPO_PATH}/yarn.lock ]]; then + echo "Unpacking nodejs deps... " + + pushd ${REPO_PATH} > /dev/null + + tar -zxvf ../bundled-deps/bundled-deps-*.tgz ./node_modules/ ./yarn.lock > /dev/null + + if [[ "$(git status -s -uno)" != "" ]]; then + echo "Extracting deps has created a diff - deps are not in sync" + git --no-pager diff + exit 1; + fi + + echo "Done!" + + popd + else + echo "Skipping unpack deps" + fi +} diff --git a/ci/vendor/tasks/nodejs-audit.sh b/ci/vendor/tasks/nodejs-audit.sh new file mode 100755 index 0000000000..7c2ad61e5b --- /dev/null +++ b/ci/vendor/tasks/nodejs-audit.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +set -eu + +REPO_ROOT=${REPO_ROOT:-./} +LEVEL=${LEVEL:-high} + +pushd ${REPO_ROOT} + +set +e +yarn audit --groups dependencies --level ${LEVEL} +audit_return=$? +set -e + +# See https://classic.yarnpkg.com/lang/en/docs/cli/audit for explanation of exit codes +if [[ ${LEVEL} == "critical" ]] && [[ ${audit_return} -ge 16 ]]; then + exit 1 +elif [[ ${LEVEL} == "high" ]] && [[ ${audit_return} -ge 8 ]]; then + exit 1 +fi diff --git a/ci/vendor/tasks/nodejs-cache-yarn-deps.sh b/ci/vendor/tasks/nodejs-cache-yarn-deps.sh new file mode 100755 index 0000000000..d0862bd313 --- /dev/null +++ b/ci/vendor/tasks/nodejs-cache-yarn-deps.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +set -eu + +tar_out="$(pwd)/bundled-deps" + +pushd deps +yarn install +git log --pretty=format:'%h' -n 1 > gitref + +tar -zcvf "${tar_out}/bundled-deps-v$(cat ../deps-version/number)-$(cat gitref).tgz" . > /dev/null + +popd diff --git a/ci/vendor/tasks/nodejs-check-code.sh b/ci/vendor/tasks/nodejs-check-code.sh new file mode 100755 index 0000000000..9db530b7d8 --- /dev/null +++ b/ci/vendor/tasks/nodejs-check-code.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +set -eu + +export REPO_PATH=repo + +. pipeline-tasks/ci/vendor/tasks/helpers.sh + +unpack_deps + +pushd repo + +make check-code diff --git a/ci/vendor/tasks/prep-release-src.sh b/ci/vendor/tasks/prep-release-src.sh new file mode 100755 index 0000000000..1de0040244 --- /dev/null +++ b/ci/vendor/tasks/prep-release-src.sh @@ -0,0 +1,57 @@ +#!/bin/bash + +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +set -eu + +# ------------ CHANGELOG ------------ + +pushd repo + +# First time +if [[ $(cat ../version/version) == "0.0.0" ]]; then + git cliff --config ../pipeline-tasks/ci/vendor/config/git-cliff.toml > ../artifacts/gh-release-notes.md + +# Fetch changelog from last ref +else + export prev_ref=$(git rev-list -n 1 $(cat ../version/version)) + export new_ref=$(git rev-parse HEAD) + + git cliff --config ../pipeline-tasks/ci/vendor/config/git-cliff.toml $prev_ref..$new_ref > ../artifacts/gh-release-notes.md +fi + +popd + +# Generate Changelog +echo "CHANGELOG:" +echo "-------------------------------" +cat artifacts/gh-release-notes.md +echo "-------------------------------" + +# ------------ BUMP VERSION ------------ + +echo -n "Prev Version: " +cat version/version +echo "" + +# Initial Version +if [[ $(cat version/version) == "0.0.0" ]]; then + echo "0.1.0" > version/version +# Figure out proper version to release +elif [[ $(cat artifacts/gh-release-notes.md | grep breaking) != '' ]] || [[ $(cat artifacts/gh-release-notes.md | grep feature) != '' ]]; then + echo "Breaking change / Feature Addition found, bumping minor version..." + bump2version minor --current-version $(cat version/version) --allow-dirty version/version +else + echo "Only patches and fixes found - no breaking changes, bumping patch version..." + bump2version patch --current-version $(cat version/version) --allow-dirty version/version +fi + +echo -n "Release Version: " +cat version/version +echo "" + +# ------------ ARTIFACTS ------------ + +cat version/version > artifacts/gh-release-tag +echo "v$(cat version/version) Release" > artifacts/gh-release-name diff --git a/ci/vendor/tasks/test-on-docker-host.sh b/ci/vendor/tasks/test-on-docker-host.sh new file mode 100755 index 0000000000..31f127c573 --- /dev/null +++ b/ci/vendor/tasks/test-on-docker-host.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +set -eu + +export CI_ROOT=$(pwd) + +host_name=$(cat docker-host/metadata | jq -r '.docker_host_name') +echo "Running on host: ${host_name}" +host_zone=$(cat docker-host/metadata | jq -r '.docker_host_zone') +gcp_project=$(cat docker-host/metadata | jq -r '.docker_host_project') + +gcloud_ssh() { + gcloud compute ssh ${host_name} \ + --zone=${host_zone} \ + --project=${gcp_project} \ + --ssh-key-file=${CI_ROOT}/login.ssh \ + --tunnel-through-iap \ + --command "$@" 2> /dev/null +} + +cat < ${CI_ROOT}/gcloud-creds.json +${GOOGLE_CREDENTIALS} +EOF +cat < ${CI_ROOT}/login.ssh +${SSH_PRIVATE_KEY} +EOF +chmod 600 ${CI_ROOT}/login.ssh +cat < ${CI_ROOT}/login.ssh.pub +${SSH_PUB_KEY} +EOF +gcloud auth activate-service-account --key-file ${CI_ROOT}/gcloud-creds.json 2> /dev/null + +gcloud_ssh "docker ps -qa | xargs docker rm -fv || true; sudo rm -rf ${REPO_PATH} || true; mkdir -p ${REPO_PATH} && cd ${REPO_PATH}/../ && rmdir $(basename ${REPO_PATH})" + +pushd ${REPO_PATH} + +make create-tmp-env-ci || true + +gcloud compute scp --ssh-key-file=${CI_ROOT}/login.ssh \ + --recurse $(pwd) ${host_name}:${REPO_PATH} \ + --tunnel-through-iap \ + --zone=${host_zone} \ + --project=${gcp_project} > /dev/null + +gcloud_ssh "cd ${REPO_PATH}; export TMP_ENV_CI=tmp.env.ci; export COMPOSE_PROJECT_NAME=$(basename ${REPO_PATH}); source .envrc || true; docker compose pull; docker compose -f docker-compose.yml up ${TEST_CONTAINER} --attach ${TEST_CONTAINER} 2>&1" + +container_id=$(gcloud_ssh "docker ps -q -f status=exited -f name=${PWD##*/}-${TEST_CONTAINER}-") +test_status=$(gcloud_ssh "docker inspect $container_id --format='{{.State.ExitCode}}'") + +gcloud_ssh "cd ${REPO_PATH}; export COMPOSE_PROJECT_NAME=$(basename ${REPO_PATH}); docker compose down --remove-orphans --timeout 1" + +exit $test_status