diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 8ad7b87..d863f1b 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,3 +1,6 @@ +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + # To get started with Dependabot version updates, you'll need to specify which # package ecosystems to update and where the package manifests are located. # Please see the documentation for all configuration options: diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml new file mode 100644 index 0000000..adf381d --- /dev/null +++ b/.github/workflows/audit.yml @@ -0,0 +1,22 @@ +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +name: Audit + +on: + pull_request: + branches: [main] + +jobs: + audit: + name: Audit + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 + with: + node-version: 20 + cache: "yarn" + - run: yarn install --frozen-lockfile + - name: Run audit + run: make audit diff --git a/.github/workflows/check-code.yml b/.github/workflows/check-code.yml new file mode 100644 index 0000000..4efe9f4 --- /dev/null +++ b/.github/workflows/check-code.yml @@ -0,0 +1,22 @@ +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +name: Check Code + +on: + pull_request: + branches: [main] + +jobs: + check-code: + name: Check Code + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 + with: + node-version: 20 + cache: "yarn" + - run: yarn install --frozen-lockfile + - name: Run check code + run: make check-code diff --git a/.github/workflows/nodejs-audit.yml b/.github/workflows/nodejs-audit.yml deleted file mode 100644 index f378d24..0000000 --- a/.github/workflows/nodejs-audit.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: "Nodejs Audit" - -on: - pull_request: - branches: [ main ] - -jobs: - integration: - name: Nodejs Audit - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: actions/setup-node@v2 - - name: Run ci audit task - run: ./ci/vendor/tasks/nodejs-audit.sh diff --git a/.github/workflows/nodejs-check-code.yml b/.github/workflows/nodejs-check-code.yml deleted file mode 100644 index 50e91e2..0000000 --- a/.github/workflows/nodejs-check-code.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: 'Nodejs Check Code' - -on: - pull_request: - branches: [main] - -jobs: - check-code: - name: Nodejs Check Code - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: actions/setup-node@v2 - - run: yarn install - - name: Run check code - run: make check-code diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml index 556acf7..b680269 100644 --- a/.github/workflows/spelling.yml +++ b/.github/workflows/spelling.yml @@ -1,4 +1,8 @@ +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + name: Spelling + on: pull_request: branches: [ main ] @@ -8,9 +12,9 @@ jobs: name: Spell Check with Typos runs-on: ubuntu-latest steps: - - name: Checkout Actions Repository - uses: actions/checkout@v2 - - name: Spell Check Repo - uses: crate-ci/typos@master - with: - config: typos.toml + - name: Checkout Actions Repository + uses: actions/checkout@v3 + - name: Spell Check Repo + uses: crate-ci/typos@master + with: + config: typos.toml diff --git a/.github/workflows/vendor/nodejs-audit.yml b/.github/workflows/vendor/nodejs-audit.yml new file mode 100644 index 0000000..adf381d --- /dev/null +++ b/.github/workflows/vendor/nodejs-audit.yml @@ -0,0 +1,22 @@ +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +name: Audit + +on: + pull_request: + branches: [main] + +jobs: + audit: + name: Audit + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 + with: + node-version: 20 + cache: "yarn" + - run: yarn install --frozen-lockfile + - name: Run audit + run: make audit diff --git a/.github/workflows/vendor/nodejs-check-code.yml b/.github/workflows/vendor/nodejs-check-code.yml new file mode 100644 index 0000000..4efe9f4 --- /dev/null +++ b/.github/workflows/vendor/nodejs-check-code.yml @@ -0,0 +1,22 @@ +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +name: Check Code + +on: + pull_request: + branches: [main] + +jobs: + check-code: + name: Check Code + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 + with: + node-version: 20 + cache: "yarn" + - run: yarn install --frozen-lockfile + - name: Run check code + run: make check-code diff --git a/.github/workflows/vendor/spelling.yml b/.github/workflows/vendor/spelling.yml new file mode 100644 index 0000000..b680269 --- /dev/null +++ b/.github/workflows/vendor/spelling.yml @@ -0,0 +1,20 @@ +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +name: Spelling + +on: + pull_request: + branches: [ main ] + +jobs: + spelling: + name: Spell Check with Typos + runs-on: ubuntu-latest + steps: + - name: Checkout Actions Repository + uses: actions/checkout@v3 + - name: Spell Check Repo + uses: crate-ci/typos@master + with: + config: typos.toml diff --git a/ci/vendir.lock.yml b/ci/vendir.lock.yml index 57e4b1d..735073e 100755 --- a/ci/vendir.lock.yml +++ b/ci/vendir.lock.yml @@ -2,8 +2,14 @@ apiVersion: vendir.k14s.io/v1alpha1 directories: - contents: - git: - commitTitle: 'fix: REPO_PATH initialization' - sha: 70728a1b62e43be803a337bfae5968b2324f7ea8 + commitTitle: 'fix: rm bundled deps from inputs' + sha: 8ce8d05594881f5012402c84db80b4075c448a1b + path: . + path: ../.github/workflows/vendor +- contents: + - git: + commitTitle: 'fix: rm bundled deps from inputs' + sha: 8ce8d05594881f5012402c84db80b4075c448a1b path: . path: vendor kind: LockConfig diff --git a/ci/vendir.yml b/ci/vendir.yml index eeb21aa..6e061dd 100644 --- a/ci/vendir.yml +++ b/ci/vendir.yml @@ -1,13 +1,28 @@ apiVersion: vendir.k14s.io/v1alpha1 kind: Config +# Relative to ci/ directories: -- path: vendor +- path: ../.github/workflows/vendor + contents: + - path: . # Copy this folder out to .. + git: + url: https://github.com/GaloyMoney/concourse-shared.git + ref: 8ce8d05594881f5012402c84db80b4075c448a1b + includePaths: + - shared/actions/* + excludePaths: + - shared/actions/rust-* + newRootPath: shared/actions + +- path: ./vendor contents: - path: . git: url: https://github.com/GaloyMoney/concourse-shared.git - ref: 70728a1b62e43be803a337bfae5968b2324f7ea8 + ref: 8ce8d05594881f5012402c84db80b4075c448a1b includePaths: - - shared/**/* - newRootPath: shared + - shared/ci/**/* + excludePaths: + - shared/ci/**/rust-* + newRootPath: shared/ci diff --git a/ci/vendor/actions/nodejs-audit.yml b/ci/vendor/actions/nodejs-audit.yml deleted file mode 100644 index f378d24..0000000 --- a/ci/vendor/actions/nodejs-audit.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: "Nodejs Audit" - -on: - pull_request: - branches: [ main ] - -jobs: - integration: - name: Nodejs Audit - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: actions/setup-node@v2 - - name: Run ci audit task - run: ./ci/vendor/tasks/nodejs-audit.sh diff --git a/ci/vendor/actions/nodejs-check-code.yml b/ci/vendor/actions/nodejs-check-code.yml deleted file mode 100644 index 50e91e2..0000000 --- a/ci/vendor/actions/nodejs-check-code.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: 'Nodejs Check Code' - -on: - pull_request: - branches: [main] - -jobs: - check-code: - name: Nodejs Check Code - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: actions/setup-node@v2 - - run: yarn install - - name: Run check code - run: make check-code diff --git a/ci/vendor/actions/spelling.yml b/ci/vendor/actions/spelling.yml deleted file mode 100644 index 556acf7..0000000 --- a/ci/vendor/actions/spelling.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: Spelling -on: - pull_request: - branches: [ main ] - -jobs: - spelling: - name: Spell Check with Typos - runs-on: ubuntu-latest - steps: - - name: Checkout Actions Repository - uses: actions/checkout@v2 - - name: Spell Check Repo - uses: crate-ci/typos@master - with: - config: typos.toml diff --git a/ci/vendor/actions/test-integration.yml b/ci/vendor/actions/test-integration.yml deleted file mode 100644 index 0c00e71..0000000 --- a/ci/vendor/actions/test-integration.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: "Integration Tests" - -on: - pull_request: - branches: [ main ] - -jobs: - integration: - name: Integration Test - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Run integration tests - run: docker compose -f docker-compose.yml run integration-tests diff --git a/ci/vendor/config/git-cliff.toml b/ci/vendor/config/git-cliff.toml index b172d45..3404a4f 100644 --- a/ci/vendor/config/git-cliff.toml +++ b/ci/vendor/config/git-cliff.toml @@ -1,3 +1,6 @@ +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + # configuration file for git-cliff (0.1.0) [changelog] diff --git a/ci/vendor/nodejs-dependabot.yml b/ci/vendor/nodejs-dependabot.yml deleted file mode 100644 index 8ad7b87..0000000 --- a/ci/vendor/nodejs-dependabot.yml +++ /dev/null @@ -1,11 +0,0 @@ -# To get started with Dependabot version updates, you'll need to specify which -# package ecosystems to update and where the package manifests are located. -# Please see the documentation for all configuration options: -# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates - -version: 2 -updates: -- package-ecosystem: "npm" # See documentation for possible values - directory: "/" # Location of package manifests - schedule: - interval: "daily" diff --git a/ci/vendor/pipeline-fragments.lib.yml b/ci/vendor/pipeline-fragments.lib.yml index 40efd68..db93433 100644 --- a/ci/vendor/pipeline-fragments.lib.yml +++ b/ci/vendor/pipeline-fragments.lib.yml @@ -4,6 +4,10 @@ #@ return "us.gcr.io/galoy-org" #@ end +#@ def private_docker_registry(): +#@ return "gcr.io/galoy-org" +#@ end + #@ def nodejs_concourse_image(): #@ return public_docker_registry() + "/nodejs-concourse" #@ end @@ -40,6 +44,12 @@ source: repository: #@ release_concourse_image() #@ end +#@ def nix_task_image_config(): +type: registry-image +source: + repository: nixpkgs/nix-flakes +#@ end + #@ def slack_failure_notification(): #@ fail_url = "<$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME| :face_with_symbols_on_mouth: $BUILD_JOB_NAME> failed!" put: slack @@ -50,6 +60,25 @@ params: text: #@ fail_url #@ end +#@ def check_code(): +name: check-code +serial: true +plan: +- in_parallel: + - { get: repo, trigger: true } + - { get: pipeline-tasks } +- task: check-code + config: + platform: linux + image_resource: #@ nix_task_image_config() + inputs: + - name: pipeline-tasks + - name: repo + run: + path: pipeline-tasks/ci/vendor/tasks/check-code.sh +on_failure: #@ slack_failure_notification() +#@ end + #@ def nodejs_check_code(): name: check-code serial: true @@ -67,7 +96,7 @@ plan: - name: pipeline-tasks - name: repo run: - path: pipeline-tasks/ci/vendor/tasks/check-code.sh + path: pipeline-tasks/ci/vendor/tasks/nodejs-check-code.sh on_failure: #@ slack_failure_notification() #@ end @@ -89,7 +118,7 @@ plan: - path: cargo-home - path: cargo-target-dir run: - path: pipeline-tasks/ci/vendor/tasks/check-code.sh + path: pipeline-tasks/ci/vendor/tasks/rust-check-code.sh on_failure: #@ slack_failure_notification() #@ end @@ -111,13 +140,53 @@ plan: outputs: - name: bundled-deps run: - path: pipeline-tasks/ci/vendor/tasks/cache-yarn-deps.sh + path: pipeline-tasks/ci/vendor/tasks/nodejs-cache-yarn-deps.sh - put: bundled-deps params: file: bundled-deps/bundled-deps-*.tgz on_failure: #@ slack_failure_notification() #@ end +#@ def test_on_docker_host(container, additional_params={}): +#@ params = dict(additional_params) +#@ params["REPO_PATH"] = data.values.gh_repository + "-" + container +#@ params["GOOGLE_CREDENTIALS"] = "((staging-gcp-creds.creds_json))" +#@ params["SSH_PRIVATE_KEY"] = "((staging-ssh.ssh_private_key))" +#@ params["SSH_PUB_KEY"] = "((staging-ssh.ssh_public_key))" +#@ params["TEST_CONTAINER"] = container +#@ params["JEST_TIMEOUT"] = 90000 +name: #@ container +serial: true +plan: +- { put: docker-host, params: { acquire: true } } +- in_parallel: + - { get: repo, trigger: true } + - { get: pipeline-tasks } +- task: #@ container + attempts: 2 + timeout: 12m + tags: ["galoy-staging"] + config: + platform: linux + image_resource: #@ rust_task_image_config() + inputs: + - name: pipeline-tasks + - name: docker-host + - name: repo + path: #@ data.values.gh_repository + "-" + container + caches: + - path: cargo-home + - path: cargo-target-dir + params: #@ params + run: + path: pipeline-tasks/ci/vendor/tasks/test-on-docker-host.sh + ensure: + put: docker-host + params: + release: docker-host +on_failure: #@ slack_failure_notification() +#@ end + #@ def nodejs_integration_test(): name: test-integration serial: true @@ -145,7 +214,7 @@ plan: SSH_PUB_KEY: ((staging-ssh.ssh_public_key)) JEST_TIMEOUT: 90000 run: - path: pipeline-tasks/ci/vendor/tasks/test-integration.sh + path: pipeline-tasks/ci/vendor/tasks/chart-test-integration.sh on_failure: #@ slack_failure_notification() #@ end @@ -176,7 +245,7 @@ plan: SSH_PRIVATE_KEY: ((staging-ssh.ssh_private_key)) SSH_PUB_KEY: ((staging-ssh.ssh_public_key)) run: - path: pipeline-tasks/ci/vendor/tasks/test-integration.sh + path: pipeline-tasks/ci/vendor/tasks/chart-test-integration.sh on_failure: #@ slack_failure_notification() #@ end @@ -219,23 +288,29 @@ plan: outputs: - name: repo run: - path: pipeline-tasks/ci/vendor/tasks/prep-docker-build-env.sh + path: pipeline-tasks/ci/vendor/tasks/docker-prep-docker-build-env.sh - task: build - privileged: true config: platform: linux image_resource: type: registry-image source: - repository: vito/oci-build-task + repository: gcr.io/kaniko-project/executor + tag: debug inputs: - name: repo outputs: - name: image - params: - CONTEXT: repo run: - path: build + path: /kaniko/executor + args: + - --dockerfile=Dockerfile + - --context=repo + - --use-new-run + - --single-snapshot + - --cache=false + - --no-push + - --tar-path=image/image.tar - put: edge-image params: image: image/image.tar @@ -316,7 +391,7 @@ plan: BRANCH: #@ data.values.git_charts_branch CHARTS_SUBDIR: #@ data.values.gh_repository run: - path: pipeline-tasks/ci/vendor/tasks/bump-image-digest.sh + path: pipeline-tasks/ci/vendor/tasks/docker-bump-image-digest.sh - put: charts-repo-bot-branch params: repository: charts-repo @@ -326,6 +401,7 @@ plan: platform: linux image_resource: #@ nodejs_task_image_config() inputs: + - name: repo - name: pipeline-tasks - name: edge-image - name: charts-repo @@ -335,10 +411,10 @@ plan: BOT_BRANCH: #@ data.values.git_charts_bot_branch CHARTS_SUBDIR: #@ data.values.gh_repository run: - path: pipeline-tasks/ci/vendor/tasks/open-charts-pr.sh + path: pipeline-tasks/ci/vendor/tasks/chart-open-charts-pr.sh #@ end -#@ def repo_resource(): +#@ def repo_resource(webhook = False): name: repo type: git source: @@ -347,6 +423,9 @@ source: uri: #@ data.values.git_uri branch: #@ data.values.git_branch private_key: #@ data.values.github_private_key +#@ if webhook: +webhook_token: ((webhook.secret)) +#@ end #@ end #@ def pipeline_tasks_resource(): @@ -359,17 +438,17 @@ source: private_key: #@ data.values.github_private_key #@ end -#@ def edge_image_resource(): +#@ def edge_image_resource(publicRepo = True): name: edge-image type: registry-image source: tag: edge username: #@ data.values.docker_registry_user password: #@ data.values.docker_registry_password - repository: #@ public_docker_registry() + "/" + data.values.gh_repository + repository: #@ public_docker_registry() + "/" + data.values.gh_repository if publicRepo else private_docker_registry() + "/" + data.values.gh_repository #@ end -#@ def nodejs_deps_resource(): +#@ def nodejs_deps_resource(webhook = False): name: deps type: git source: @@ -377,6 +456,9 @@ source: uri: #@ data.values.git_uri branch: #@ data.values.git_branch private_key: #@ data.values.github_private_key +#@ if webhook: +webhook_token: ((webhook.secret)) +#@ end #@ end #@ def deps_version_resource(): @@ -427,13 +509,13 @@ source: private_key: #@ data.values.github_private_key #@ end -#@ def versioned_image_resource(): +#@ def versioned_image_resource(publicRepo = True): name: versioned-image type: registry-image source: username: #@ data.values.docker_registry_user password: #@ data.values.docker_registry_password - repository: #@ public_docker_registry() + "/" + data.values.gh_repository + repository: #@ public_docker_registry() + "/" + data.values.gh_repository if publicRepo else private_docker_registry() + "/" + data.values.gh_repository #@ end #@ def gh_release_resource(): @@ -454,6 +536,16 @@ source: private_key: #@ data.values.github_private_key #@ end +#@ def docker_host_pool(): +name: docker-host +type: pool +source: + uri: git@github.com:GaloyMoney/concourse-locks.git + branch: main + pool: docker-hosts + private_key: #@ data.values.github_private_key +#@ end + #@ def gcr_resource_type(): name: gcs-resource type: docker-image diff --git a/ci/vendor/rust-dependabot.yml b/ci/vendor/rust-dependabot.yml deleted file mode 100644 index 14527ca..0000000 --- a/ci/vendor/rust-dependabot.yml +++ /dev/null @@ -1,11 +0,0 @@ -# To get started with Dependabot version updates, you'll need to specify which -# package ecosystems to update and where the package manifests are located. -# Please see the documentation for all configuration options: -# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates - -version: 2 -updates: -- package-ecosystem: "cargo" # See documentation for possible values - directory: "/" # Location of package manifests - schedule: - interval: "daily" diff --git a/ci/vendor/tasks/open-charts-pr.sh b/ci/vendor/tasks/chart-open-charts-pr.sh similarity index 58% rename from ci/vendor/tasks/open-charts-pr.sh rename to ci/vendor/tasks/chart-open-charts-pr.sh index d6a4dd2..4803ce4 100755 --- a/ci/vendor/tasks/open-charts-pr.sh +++ b/ci/vendor/tasks/chart-open-charts-pr.sh @@ -1,14 +1,20 @@ #!/bin/bash +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + set -eu export digest=$(cat ./edge-image/digest) +export ref=$(cat ./repo/.git/short_ref) pushd charts-repo -ref=$(yq e '.image.git_ref' charts/${CHARTS_SUBDIR}/values.yaml) git checkout ${BRANCH} -old_ref=$(yq e '.image.git_ref' charts/${CHARTS_SUBDIR}/values.yaml) + +old_digest=$(yq e '.image.digest' "./charts/${CHARTS_SUBDIR}/values.yaml") +old_ref=$(grep "digest: \"${old_digest}\"" "./charts/${CHARTS_SUBDIR}/values.yaml" \ + | sed -n 's/.*commit_ref=\([^;]*\);.*/\1/p' | tr -d ' \n') cat <> ../body.md # Bump ${CHARTS_SUBDIR} image diff --git a/ci/vendor/tasks/test-integration.sh b/ci/vendor/tasks/chart-test-integration.sh similarity index 85% rename from ci/vendor/tasks/test-integration.sh rename to ci/vendor/tasks/chart-test-integration.sh index e363d59..69e20cd 100755 --- a/ci/vendor/tasks/test-integration.sh +++ b/ci/vendor/tasks/chart-test-integration.sh @@ -1,5 +1,8 @@ #!/bin/bash +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + set -eu . pipeline-tasks/ci/vendor/tasks/helpers.sh @@ -36,7 +39,7 @@ rsync --delete --exclude target -avr -e "ssh -l ${DOCKER_HOST_USER} ${ADDITIONAL ./ ${DOCKER_HOST_IP}:${REPO_PATH} > /dev/null echo "Done!" -docker compose down --volumes --remove-orphans --timeout 1 +docker compose down --remove-orphans --timeout 1 ssh ${ADDITIONAL_SSH_OPTS} ${DOCKER_HOST_USER}@${DOCKER_HOST_IP} \ "cd ${REPO_PATH}; docker compose -f docker-compose.yml up integration-tests" @@ -44,6 +47,6 @@ ssh ${ADDITIONAL_SSH_OPTS} ${DOCKER_HOST_USER}@${DOCKER_HOST_IP} \ container_id=$(docker ps -q -f status=exited -f name="${PWD##*/}-integration-tests-") test_status=$(docker inspect $container_id --format='{{.State.ExitCode}}') -docker compose down --volumes --remove-orphans --timeout 1 +docker compose down --remove-orphans --timeout 1 exit $test_status diff --git a/ci/vendor/tasks/check-code.sh b/ci/vendor/tasks/check-code.sh old mode 100755 new mode 100644 index e04497c..2dcd194 --- a/ci/vendor/tasks/check-code.sh +++ b/ci/vendor/tasks/check-code.sh @@ -1,13 +1,10 @@ #!/bin/bash -set -eu - -export REPO_PATH=repo +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared -. pipeline-tasks/ci/vendor/tasks/helpers.sh - -unpack_deps +set -eu pushd repo -make check-code +nix develop -c make check-code diff --git a/ci/vendor/tasks/bump-image-digest.sh b/ci/vendor/tasks/docker-bump-image-digest.sh similarity index 67% rename from ci/vendor/tasks/bump-image-digest.sh rename to ci/vendor/tasks/docker-bump-image-digest.sh index dab4f13..2616b7b 100755 --- a/ci/vendor/tasks/bump-image-digest.sh +++ b/ci/vendor/tasks/docker-bump-image-digest.sh @@ -1,5 +1,8 @@ #!/bin/bash +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + set -eu export digest=$(cat ./edge-image/digest) @@ -9,7 +12,9 @@ export app_version=$(cat version/version) pushd charts-repo yq -i e '.image.digest = strenv(digest)' ./charts/${CHARTS_SUBDIR}/values.yaml -yq -i e '.image.git_ref = strenv(ref)' ./charts/${CHARTS_SUBDIR}/values.yaml + +sed -i "s|\(digest: \"${digest}\"\).*$|\1 # METADATA:: repository=https://github.com/GaloyMoney/${CHARTS_SUBDIR};commit_ref=${ref};app=${CHARTS_SUBDIR};|g" "./charts/${CHARTS_SUBDIR}/values.yaml" + yq -i e '.appVersion = strenv(app_version)' ./charts/${CHARTS_SUBDIR}/Chart.yaml if [[ -z $(git config --global user.email) ]]; then diff --git a/ci/vendor/tasks/docker-prep-docker-build-env.sh b/ci/vendor/tasks/docker-prep-docker-build-env.sh new file mode 100755 index 0000000..9c0826b --- /dev/null +++ b/ci/vendor/tasks/docker-prep-docker-build-env.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +if [[ -f version/version ]]; then + echo "VERSION=$(cat version/version)" >> repo/.env +fi + +echo "COMMITHASH=$(cat repo/.git/ref)" >> repo/.env +echo "BUILDTIME=$(date -u '+%F-%T')" >> repo/.env diff --git a/ci/vendor/tasks/helpers.sh b/ci/vendor/tasks/helpers.sh old mode 100644 new mode 100755 index 7ab9bff..2571ca7 --- a/ci/vendor/tasks/helpers.sh +++ b/ci/vendor/tasks/helpers.sh @@ -1,5 +1,14 @@ -export CARGO_HOME="$(pwd)/cargo-home" -export CARGO_TARGET_DIR="$(pwd)/cargo-target-dir" +#!/bin/bash + +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +if [[ -z $(git config --global user.email) ]]; then + git config --global user.email "bot@galoy.io" +fi +if [[ -z $(git config --global user.name) ]]; then + git config --global user.name "CI Bot" +fi function unpack_deps() { REPO_PATH=${REPO_PATH:-repo} diff --git a/ci/vendor/tasks/nodejs-audit.sh b/ci/vendor/tasks/nodejs-audit.sh index c1f900e..7c2ad61 100755 --- a/ci/vendor/tasks/nodejs-audit.sh +++ b/ci/vendor/tasks/nodejs-audit.sh @@ -1,5 +1,8 @@ #!/bin/bash +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + set -eu REPO_ROOT=${REPO_ROOT:-./} diff --git a/ci/vendor/tasks/cache-yarn-deps.sh b/ci/vendor/tasks/nodejs-cache-yarn-deps.sh similarity index 61% rename from ci/vendor/tasks/cache-yarn-deps.sh rename to ci/vendor/tasks/nodejs-cache-yarn-deps.sh index acc7070..d0862bd 100755 --- a/ci/vendor/tasks/cache-yarn-deps.sh +++ b/ci/vendor/tasks/nodejs-cache-yarn-deps.sh @@ -1,5 +1,8 @@ #!/bin/bash +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + set -eu tar_out="$(pwd)/bundled-deps" diff --git a/ci/vendor/tasks/nodejs-check-code.sh b/ci/vendor/tasks/nodejs-check-code.sh new file mode 100755 index 0000000..9db530b --- /dev/null +++ b/ci/vendor/tasks/nodejs-check-code.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +set -eu + +export REPO_PATH=repo + +. pipeline-tasks/ci/vendor/tasks/helpers.sh + +unpack_deps + +pushd repo + +make check-code diff --git a/ci/vendor/tasks/prep-docker-build-env.sh b/ci/vendor/tasks/prep-docker-build-env.sh deleted file mode 100755 index 1c2ec62..0000000 --- a/ci/vendor/tasks/prep-docker-build-env.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -echo "COMMITHASH=$(cat repo/.git/ref)" >> repo/.env -echo "BUILDTIME=$(date -u '+%F-%T')" >> repo/.env diff --git a/ci/vendor/tasks/prep-release-src.sh b/ci/vendor/tasks/prep-release-src.sh index 8624c81..1de0040 100755 --- a/ci/vendor/tasks/prep-release-src.sh +++ b/ci/vendor/tasks/prep-release-src.sh @@ -1,5 +1,8 @@ #!/bin/bash +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + set -eu # ------------ CHANGELOG ------------ diff --git a/ci/vendor/tasks/test-on-docker-host.sh b/ci/vendor/tasks/test-on-docker-host.sh new file mode 100755 index 0000000..31f127c --- /dev/null +++ b/ci/vendor/tasks/test-on-docker-host.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +set -eu + +export CI_ROOT=$(pwd) + +host_name=$(cat docker-host/metadata | jq -r '.docker_host_name') +echo "Running on host: ${host_name}" +host_zone=$(cat docker-host/metadata | jq -r '.docker_host_zone') +gcp_project=$(cat docker-host/metadata | jq -r '.docker_host_project') + +gcloud_ssh() { + gcloud compute ssh ${host_name} \ + --zone=${host_zone} \ + --project=${gcp_project} \ + --ssh-key-file=${CI_ROOT}/login.ssh \ + --tunnel-through-iap \ + --command "$@" 2> /dev/null +} + +cat < ${CI_ROOT}/gcloud-creds.json +${GOOGLE_CREDENTIALS} +EOF +cat < ${CI_ROOT}/login.ssh +${SSH_PRIVATE_KEY} +EOF +chmod 600 ${CI_ROOT}/login.ssh +cat < ${CI_ROOT}/login.ssh.pub +${SSH_PUB_KEY} +EOF +gcloud auth activate-service-account --key-file ${CI_ROOT}/gcloud-creds.json 2> /dev/null + +gcloud_ssh "docker ps -qa | xargs docker rm -fv || true; sudo rm -rf ${REPO_PATH} || true; mkdir -p ${REPO_PATH} && cd ${REPO_PATH}/../ && rmdir $(basename ${REPO_PATH})" + +pushd ${REPO_PATH} + +make create-tmp-env-ci || true + +gcloud compute scp --ssh-key-file=${CI_ROOT}/login.ssh \ + --recurse $(pwd) ${host_name}:${REPO_PATH} \ + --tunnel-through-iap \ + --zone=${host_zone} \ + --project=${gcp_project} > /dev/null + +gcloud_ssh "cd ${REPO_PATH}; export TMP_ENV_CI=tmp.env.ci; export COMPOSE_PROJECT_NAME=$(basename ${REPO_PATH}); source .envrc || true; docker compose pull; docker compose -f docker-compose.yml up ${TEST_CONTAINER} --attach ${TEST_CONTAINER} 2>&1" + +container_id=$(gcloud_ssh "docker ps -q -f status=exited -f name=${PWD##*/}-${TEST_CONTAINER}-") +test_status=$(gcloud_ssh "docker inspect $container_id --format='{{.State.ExitCode}}'") + +gcloud_ssh "cd ${REPO_PATH}; export COMPOSE_PROJECT_NAME=$(basename ${REPO_PATH}); docker compose down --remove-orphans --timeout 1" + +exit $test_status