diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..b5b90bd --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,14 @@ +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: +- package-ecosystem: "cargo" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "daily" diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml new file mode 100644 index 0000000..5a9a427 --- /dev/null +++ b/.github/workflows/audit.yml @@ -0,0 +1,17 @@ +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +name: Audit + +on: + pull_request: + branches: [ main ] + +jobs: + security_audit: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions-rs/audit-check@v1 + with: + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/check-code.yml b/.github/workflows/check-code.yml new file mode 100644 index 0000000..cf1e144 --- /dev/null +++ b/.github/workflows/check-code.yml @@ -0,0 +1,21 @@ +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +name: Check Code + +on: + pull_request: + branches: [main] + +jobs: + check-code: + name: Check Code + runs-on: ubuntu-latest + steps: + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v4 + - name: Run the Magic Nix Cache + uses: DeterminateSystems/magic-nix-cache-action@v2 + - uses: actions/checkout@v3 + - name: Run check code + run: nix develop -c make check-code diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml new file mode 100644 index 0000000..b680269 --- /dev/null +++ b/.github/workflows/spelling.yml @@ -0,0 +1,20 @@ +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +name: Spelling + +on: + pull_request: + branches: [ main ] + +jobs: + spelling: + name: Spell Check with Typos + runs-on: ubuntu-latest + steps: + - name: Checkout Actions Repository + uses: actions/checkout@v3 + - name: Spell Check Repo + uses: crate-ci/typos@master + with: + config: typos.toml diff --git a/.github/workflows/vendor/rust-audit.yml b/.github/workflows/vendor/rust-audit.yml new file mode 100644 index 0000000..5a9a427 --- /dev/null +++ b/.github/workflows/vendor/rust-audit.yml @@ -0,0 +1,17 @@ +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +name: Audit + +on: + pull_request: + branches: [ main ] + +jobs: + security_audit: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions-rs/audit-check@v1 + with: + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/vendor/rust-check-code.yml b/.github/workflows/vendor/rust-check-code.yml new file mode 100644 index 0000000..cf1e144 --- /dev/null +++ b/.github/workflows/vendor/rust-check-code.yml @@ -0,0 +1,21 @@ +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +name: Check Code + +on: + pull_request: + branches: [main] + +jobs: + check-code: + name: Check Code + runs-on: ubuntu-latest + steps: + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v4 + - name: Run the Magic Nix Cache + uses: DeterminateSystems/magic-nix-cache-action@v2 + - uses: actions/checkout@v3 + - name: Run check code + run: nix develop -c make check-code diff --git a/.github/workflows/vendor/spelling.yml b/.github/workflows/vendor/spelling.yml new file mode 100644 index 0000000..b680269 --- /dev/null +++ b/.github/workflows/vendor/spelling.yml @@ -0,0 +1,20 @@ +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +name: Spelling + +on: + pull_request: + branches: [ main ] + +jobs: + spelling: + name: Spell Check with Typos + runs-on: ubuntu-latest + steps: + - name: Checkout Actions Repository + uses: actions/checkout@v3 + - name: Spell Check Repo + uses: crate-ci/typos@master + with: + config: typos.toml diff --git a/ci/vendir.lock.yml b/ci/vendir.lock.yml new file mode 100644 index 0000000..4439877 --- /dev/null +++ b/ci/vendir.lock.yml @@ -0,0 +1,15 @@ +apiVersion: vendir.k14s.io/v1alpha1 +directories: +- contents: + - git: + commitTitle: 'chore: rm bundled-deps' + sha: 7cb2d7f641f5658e5abc01fb17047966f51d9ddb + path: . + path: ../.github/workflows/vendor +- contents: + - git: + commitTitle: 'chore: rm bundled-deps' + sha: 7cb2d7f641f5658e5abc01fb17047966f51d9ddb + path: . + path: vendor +kind: LockConfig diff --git a/ci/vendir.yml b/ci/vendir.yml new file mode 100644 index 0000000..e99966d --- /dev/null +++ b/ci/vendir.yml @@ -0,0 +1,30 @@ +apiVersion: vendir.k14s.io/v1alpha1 +kind: Config + +# Relative to ci/ +directories: +- path: ../.github/workflows/vendor + contents: + - path: . # Copy this folder out to .. + git: + url: https://github.com/GaloyMoney/concourse-shared.git + ref: 7cb2d7f641f5658e5abc01fb17047966f51d9ddb + includePaths: + - shared/actions/* + excludePaths: + - shared/actions/nodejs-* + - shared/actions/chart-* + newRootPath: shared/actions + +- path: ./vendor + contents: + - path: . + git: + url: https://github.com/GaloyMoney/concourse-shared.git + ref: 7cb2d7f641f5658e5abc01fb17047966f51d9ddb + includePaths: + - shared/ci/**/* + excludePaths: + - shared/ci/**/nodejs-* + - shared/ci/**/chart-* + newRootPath: shared/ci diff --git a/ci/vendor/config/git-cliff.toml b/ci/vendor/config/git-cliff.toml new file mode 100644 index 0000000..3404a4f --- /dev/null +++ b/ci/vendor/config/git-cliff.toml @@ -0,0 +1,57 @@ +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +# configuration file for git-cliff (0.1.0) + +[changelog] +# changelog header +header = """""" + +# template for the changelog body +# https://tera.netlify.app/docs/#introduction +body = """ +{% if version %}\ + ## [{{ version | trim_start_matches(pat="v") }}] - {{ timestamp | date(format="%Y-%m-%d") }} +{% endif %}\ +{% for group, commits in commits | group_by(attribute="group") %} + ### {{ group | upper_first }} + {% for commit in commits %} + - {% if commit.breaking %}[**breaking**] {% endif %}{{ commit.message | upper_first }}\ + {% endfor %} +{% endfor %}\n +""" +# remove the leading and trailing whitespaces from the template +trim = true +# changelog footer +footer = """""" + +[git] +# parse the commits based on https://www.conventionalcommits.org +conventional_commits = true +# filter out the commits that are not conventional +filter_unconventional = true +# regex for parsing and grouping commits +commit_parsers = [ + { message = "^feat", group = "Features"}, + { message = "^fix", group = "Bug Fixes"}, + { message = "^doc", group = "Documentation"}, + { message = "^perf", group = "Performance"}, + { message = "^refactor", group = "Refactor"}, + { message = "^style", group = "Styling"}, + { message = "^test", group = "Testing"}, + { message = "^chore\\(release\\): prepare for", skip = true}, + { message = "^chore", group = "Miscellaneous Tasks"}, + { body = ".*security", group = "Security"}, +] +# filter out the commits that are not matched by commit parsers +filter_commits = true +# glob pattern for matching git tags +tag_pattern = "v[0-9]*" +# regex for skipping tags +skip_tags = "v0.1.0-beta.1" +# regex for ignoring tags +ignore_tags = "" +# sort the tags topologically +topo_order = false +# sort the commits inside sections by oldest/newest order +sort_commits = "newest" diff --git a/ci/vendor/pipeline-fragments.lib.yml b/ci/vendor/pipeline-fragments.lib.yml new file mode 100644 index 0000000..a960311 --- /dev/null +++ b/ci/vendor/pipeline-fragments.lib.yml @@ -0,0 +1,569 @@ +#@ load("@ytt:data", "data") + +#@ def public_docker_registry(): +#@ return "us.gcr.io/galoy-org" +#@ end + +#@ def private_docker_registry(): +#@ return "gcr.io/galoy-org" +#@ end + +#@ def nodejs_concourse_image(): +#@ return public_docker_registry() + "/nodejs-concourse" +#@ end + +#@ def rust_concourse_image(): +#@ return public_docker_registry() + "/rust-concourse" +#@ end + +#@ def release_concourse_image(): +#@ return public_docker_registry() + "/release-pipeline" +#@ end + +#@ def nodejs_task_image_config(): +type: registry-image +source: + username: ((docker-creds.username)) + password: ((docker-creds.password)) + repository: #@ nodejs_concourse_image() +#@ end + +#@ def rust_task_image_config(): +type: registry-image +source: + username: ((docker-creds.username)) + password: ((docker-creds.password)) + repository: #@ rust_concourse_image() +#@ end + +#@ def release_task_image_config(): +type: registry-image +source: + username: ((docker-creds.username)) + password: ((docker-creds.password)) + repository: #@ release_concourse_image() +#@ end + +#@ def nix_task_image_config(): +type: registry-image +source: + repository: nixpkgs/nix-flakes +#@ end + +#@ def slack_failure_notification(): +#@ fail_url = "<$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME| :face_with_symbols_on_mouth: $BUILD_JOB_NAME> failed!" +put: slack +params: + channel: #@ data.values.slack_channel + username: concourse + icon_url: https://cl.ly/2F421Y300u07/concourse-logo-blue-transparent.png + text: #@ fail_url +#@ end + +#@ def check_code(): +name: check-code +serial: true +plan: +- in_parallel: + - { get: repo, trigger: true } + - { get: pipeline-tasks } +- task: check-code + config: + platform: linux + image_resource: #@ nix_task_image_config() + inputs: + - name: bundled-deps + - name: pipeline-tasks + - name: repo + run: + path: pipeline-tasks/ci/vendor/tasks/check-code.sh +on_failure: #@ slack_failure_notification() +#@ end + +#@ def nodejs_check_code(): +name: check-code +serial: true +plan: +- in_parallel: + - { get: repo, trigger: true } + - { get: pipeline-tasks } + - { get: bundled-deps, trigger: true} +- task: check-code + config: + platform: linux + image_resource: #@ nodejs_task_image_config() + inputs: + - name: bundled-deps + - name: pipeline-tasks + - name: repo + run: + path: pipeline-tasks/ci/vendor/tasks/nodejs-check-code.sh +on_failure: #@ slack_failure_notification() +#@ end + +#@ def rust_check_code(): +name: check-code +serial: true +plan: +- in_parallel: + - { get: repo, trigger: true } + - { get: pipeline-tasks } +- task: check-code + config: + platform: linux + image_resource: #@ rust_task_image_config() + inputs: + - name: pipeline-tasks + - name: repo + caches: + - path: cargo-home + - path: cargo-target-dir + run: + path: pipeline-tasks/ci/vendor/tasks/rust-check-code.sh +on_failure: #@ slack_failure_notification() +#@ end + +#@ def install_yarn_deps(): +name: install-deps +plan: +- in_parallel: + - {get: deps, trigger: true} + - {get: pipeline-tasks} + - {put: deps-version, params: {bump: patch}} +- task: install-deps + config: + platform: linux + image_resource: #@ nodejs_task_image_config() + inputs: + - name: pipeline-tasks + - name: deps + - name: deps-version + outputs: + - name: bundled-deps + run: + path: pipeline-tasks/ci/vendor/tasks/nodejs-cache-yarn-deps.sh +- put: bundled-deps + params: + file: bundled-deps/bundled-deps-*.tgz +on_failure: #@ slack_failure_notification() +#@ end + +#@ def test_on_docker_host(container, additional_params={}): +#@ params = dict(additional_params) +#@ params["REPO_PATH"] = data.values.gh_repository + "-" + container +#@ params["GOOGLE_CREDENTIALS"] = "((staging-gcp-creds.creds_json))" +#@ params["SSH_PRIVATE_KEY"] = "((staging-ssh.ssh_private_key))" +#@ params["SSH_PUB_KEY"] = "((staging-ssh.ssh_public_key))" +#@ params["TEST_CONTAINER"] = container +#@ params["JEST_TIMEOUT"] = 90000 +name: #@ container +serial: true +plan: +- { put: docker-host, params: { acquire: true } } +- in_parallel: + - { get: repo, trigger: true } + - { get: pipeline-tasks } +- task: #@ container + attempts: 2 + timeout: 12m + tags: ["galoy-staging"] + config: + platform: linux + image_resource: #@ rust_task_image_config() + inputs: + - name: pipeline-tasks + - name: docker-host + - name: repo + path: #@ data.values.gh_repository + "-" + container + caches: + - path: cargo-home + - path: cargo-target-dir + params: #@ params + run: + path: pipeline-tasks/ci/vendor/tasks/test-on-docker-host.sh + ensure: + put: docker-host + params: + release: docker-host +on_failure: #@ slack_failure_notification() +#@ end + +#@ def nodejs_integration_test(): +name: test-integration +serial: true +plan: +- in_parallel: + - { get: repo, trigger: true } + - { get: pipeline-tasks } + - { get: bundled-deps, tags: ["galoy-staging"], trigger: true} +- task: test-integration + timeout: 12m + tags: ["galoy-staging"] + config: + platform: linux + image_resource: #@ nodejs_task_image_config() + inputs: + - name: bundled-deps + - name: pipeline-tasks + - name: repo + path: #@ data.values.gh_repository + "-integration" + params: + REPO_PATH: #@ data.values.gh_repository + "-integration" + DOCKER_HOST_IP: ((staging-ssh.docker_host_ip)) + GOOGLE_CREDENTIALS: ((staging-gcp-creds.creds_json)) + SSH_PRIVATE_KEY: ((staging-ssh.ssh_private_key)) + SSH_PUB_KEY: ((staging-ssh.ssh_public_key)) + JEST_TIMEOUT: 90000 + run: + path: pipeline-tasks/ci/vendor/tasks/chart-test-integration.sh +on_failure: #@ slack_failure_notification() +#@ end + +#@ def rust_integration_test(): +name: test-integration +serial: true +plan: +- in_parallel: + - { get: repo, trigger: true } + - { get: pipeline-tasks } +- task: test-integration + timeout: 12m + tags: ["galoy-staging"] + config: + platform: linux + image_resource: #@ rust_task_image_config() + inputs: + - name: pipeline-tasks + - name: repo + path: #@ data.values.gh_repository + "-integration" + caches: + - path: cargo-home + - path: cargo-target-dir + params: + REPO_PATH: #@ data.values.gh_repository + "-integration" + DOCKER_HOST_IP: ((staging-ssh.docker_host_ip)) + GOOGLE_CREDENTIALS: ((staging-gcp-creds.creds_json)) + SSH_PRIVATE_KEY: ((staging-ssh.ssh_private_key)) + SSH_PUB_KEY: ((staging-ssh.ssh_public_key)) + run: + path: pipeline-tasks/ci/vendor/tasks/chart-test-integration.sh +on_failure: #@ slack_failure_notification() +#@ end + +#@ def nodejs_audit(level = "high"): +name: audit +serial: true +plan: +- in_parallel: + - { get: repo, trigger: true } + - { get: pipeline-tasks } +- task: audit + config: + platform: linux + image_resource: #@ nodejs_task_image_config() + inputs: + - name: pipeline-tasks + - name: repo + params: + LEVEL: #@ level + REPO_ROOT: repo + run: + path: pipeline-tasks/ci/vendor/tasks/nodejs-audit.sh +on_failure: #@ slack_failure_notification() +#@ end + +#@ def build_edge_image(): +name: build-edge-image +serial: true +plan: +- in_parallel: + - { get: repo, trigger: true } + - { get: pipeline-tasks } +- task: prepare-docker-build + config: + platform: linux + image_resource: #@ nodejs_task_image_config() + inputs: + - name: pipeline-tasks + - name: repo + outputs: + - name: repo + run: + path: pipeline-tasks/ci/vendor/tasks/docker-prep-docker-build-env.sh +- task: build + config: + platform: linux + image_resource: + type: registry-image + source: + repository: gcr.io/kaniko-project/executor + tag: debug + inputs: + - name: repo + outputs: + - name: image + run: + path: /kaniko/executor + args: + - --dockerfile=Dockerfile + - --context=repo + - --use-new-run + - --single-snapshot + - --cache=false + - --no-push + - --tar-path=image/image.tar +- put: edge-image + params: + image: image/image.tar +#@ end + +#@ def release(): +name: release +serial: true +plan: +- in_parallel: + - get: repo + trigger: true + passed: [ build-edge-image, audit, check-code ] + - get: edge-image + passed: [ build-edge-image ] + params: + format: oci + - get: pipeline-tasks + - get: version +- task: prep-release + config: + platform: linux + image_resource: #@ release_task_image_config() + inputs: + - name: repo + - name: pipeline-tasks + - name: edge-image + - name: version + outputs: + - name: version + - name: artifacts + run: + path: pipeline-tasks/ci/vendor/tasks/prep-release-src.sh +- in_parallel: + - put: versioned-image + params: + image: edge-image/image.tar + additional_tags: artifacts/gh-release-tag + - put: gh-release + params: + name: artifacts/gh-release-name + tag: artifacts/gh-release-tag + body: artifacts/gh-release-notes.md + - put: version + params: + file: version/version +#@ end + +#@ def open_charts_pr(): +name: bump-image-in-chart +plan: + - in_parallel: + - get: edge-image + passed: [ release ] + params: { skip_download: true } + - get: repo + trigger: true + passed: [ release ] + - get: version + trigger: true + passed: [ release ] + - get: charts-repo + params: { skip_download: true } + - get: pipeline-tasks + - task: bump-image-digest-in-values + config: + platform: linux + image_resource: #@ nodejs_task_image_config() + inputs: + - name: repo + - name: edge-image + - name: pipeline-tasks + - name: charts-repo + - name: version + outputs: + - name: charts-repo + params: + BRANCH: #@ data.values.git_charts_branch + CHARTS_SUBDIR: #@ data.values.gh_repository + run: + path: pipeline-tasks/ci/vendor/tasks/docker-bump-image-digest.sh + - put: charts-repo-bot-branch + params: + repository: charts-repo + force: true + - task: open-charts-pr + config: + platform: linux + image_resource: #@ nodejs_task_image_config() + inputs: + - name: repo + - name: pipeline-tasks + - name: edge-image + - name: charts-repo + params: + GH_TOKEN: #@ data.values.github_token + BRANCH: #@ data.values.git_charts_branch + BOT_BRANCH: #@ data.values.git_charts_bot_branch + CHARTS_SUBDIR: #@ data.values.gh_repository + run: + path: pipeline-tasks/ci/vendor/tasks/chart-open-charts-pr.sh +#@ end + +#@ def repo_resource(webhook = False): +name: repo +type: git +source: + ignore_paths: ["ci/*[^md]"] + fetch_tags: true + uri: #@ data.values.git_uri + branch: #@ data.values.git_branch + private_key: #@ data.values.github_private_key +#@ if webhook: +webhook_token: ((webhook.secret)) +#@ end +#@ end + +#@ def pipeline_tasks_resource(): +name: pipeline-tasks +type: git +source: + paths: [ci/vendor/*, ci/tasks/*, ci/config/*, Makefile] + uri: #@ data.values.git_uri + branch: #@ data.values.git_branch + private_key: #@ data.values.github_private_key +#@ end + +#@ def edge_image_resource(publicRepo = True): +name: edge-image +type: registry-image +source: + tag: edge + username: #@ data.values.docker_registry_user + password: #@ data.values.docker_registry_password + repository: #@ public_docker_registry() + "/" + data.values.gh_repository if publicRepo else private_docker_registry() + "/" + data.values.gh_repository +#@ end + +#@ def nodejs_deps_resource(webhook = False): +name: deps +type: git +source: + paths: [yarn.lock] + uri: #@ data.values.git_uri + branch: #@ data.values.git_branch + private_key: #@ data.values.github_private_key +#@ if webhook: +webhook_token: ((webhook.secret)) +#@ end +#@ end + +#@ def deps_version_resource(): +name: deps-version +type: semver +source: + initial_version: 0.1.0 + driver: gcs + bucket: ((staging-gcp-creds.bucket_name)) + json_key: ((staging-gcp-creds.creds_json)) + key: #@ data.values.gh_repository + "-artifacts/versions/deps" +#@ end + +#@ def bundled_deps_resource(): +name: bundled-deps +type: gcs-resource +source: + bucket: ((staging-gcp-creds.bucket_name)) + json_key: ((staging-gcp-creds.creds_json)) + regexp: #@ data.values.gh_repository + "-artifacts/deps/bundled-deps-v(.*)-.*.tgz" +#@ end + +#@ def slack_resource(): +name: slack +type: slack-notification +source: + url: #@ data.values.slack_webhook_url +#@ end + +#@ def version_resource(): +name: version +type: semver +source: + initial_version: 0.0.0 + driver: git + file: version + uri: #@ data.values.git_uri + branch: #@ data.values.git_version_branch + private_key: #@ data.values.github_private_key +#@ end + +#@ def charts_repo_resource(): +name: charts-repo +type: git +source: + uri: #@ data.values.git_charts_uri + branch: #@ data.values.git_charts_branch + private_key: #@ data.values.github_private_key +#@ end + +#@ def versioned_image_resource(publicRepo = True): +name: versioned-image +type: registry-image +source: + username: #@ data.values.docker_registry_user + password: #@ data.values.docker_registry_password + repository: #@ public_docker_registry() + "/" + data.values.gh_repository if publicRepo else private_docker_registry() + "/" + data.values.gh_repository +#@ end + +#@ def gh_release_resource(): +name: gh-release +type: github-release +source: + owner: #@ data.values.gh_org + repository: #@ data.values.gh_repository + access_token: #@ data.values.github_token +#@ end + +#@ def charts_repo_bot_branch(): +name: charts-repo-bot-branch +type: git +source: + uri: #@ data.values.git_charts_uri + branch: #@ "bot-bump-" + data.values.gh_repository + "-image" + private_key: #@ data.values.github_private_key +#@ end + +#@ def docker_host_pool(): +name: docker-host +type: pool +source: + uri: git@github.com:GaloyMoney/concourse-locks.git + branch: main + pool: docker-hosts + private_key: #@ data.values.github_private_key +#@ end + +#@ def gcr_resource_type(): +name: gcs-resource +type: docker-image +source: + repository: frodenas/gcs-resource +#@ end + +#@ def slack_resource_type(): +name: slack-notification +type: docker-image +source: + repository: cfcommunity/slack-notification-resource +#@ end + +#@ def npm_resource_type(): +name: npm +type: docker-image +source: + repository: timotto/concourse-npm-resource +#@ end diff --git a/ci/vendor/tasks/check-code.sh b/ci/vendor/tasks/check-code.sh new file mode 100644 index 0000000..2dcd194 --- /dev/null +++ b/ci/vendor/tasks/check-code.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +set -eu + +pushd repo + +nix develop -c make check-code diff --git a/ci/vendor/tasks/docker-bump-image-digest.sh b/ci/vendor/tasks/docker-bump-image-digest.sh new file mode 100755 index 0000000..2616b7b --- /dev/null +++ b/ci/vendor/tasks/docker-bump-image-digest.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +set -eu + +export digest=$(cat ./edge-image/digest) +export ref=$(cat ./repo/.git/short_ref) +export app_version=$(cat version/version) + +pushd charts-repo + +yq -i e '.image.digest = strenv(digest)' ./charts/${CHARTS_SUBDIR}/values.yaml + +sed -i "s|\(digest: \"${digest}\"\).*$|\1 # METADATA:: repository=https://github.com/GaloyMoney/${CHARTS_SUBDIR};commit_ref=${ref};app=${CHARTS_SUBDIR};|g" "./charts/${CHARTS_SUBDIR}/values.yaml" + +yq -i e '.appVersion = strenv(app_version)' ./charts/${CHARTS_SUBDIR}/Chart.yaml + +if [[ -z $(git config --global user.email) ]]; then + git config --global user.email "bot@galoy.io" +fi +if [[ -z $(git config --global user.name) ]]; then + git config --global user.name "CI Bot" +fi + +( + cd $(git rev-parse --show-toplevel) + git merge --no-edit ${BRANCH} + git add -A + git status + git commit -m "chore(${CHARTS_SUBDIR}): bump ${CHARTS_SUBDIR} image to '${digest}'" +) diff --git a/ci/vendor/tasks/docker-prep-docker-build-env.sh b/ci/vendor/tasks/docker-prep-docker-build-env.sh new file mode 100755 index 0000000..9c0826b --- /dev/null +++ b/ci/vendor/tasks/docker-prep-docker-build-env.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +if [[ -f version/version ]]; then + echo "VERSION=$(cat version/version)" >> repo/.env +fi + +echo "COMMITHASH=$(cat repo/.git/ref)" >> repo/.env +echo "BUILDTIME=$(date -u '+%F-%T')" >> repo/.env diff --git a/ci/vendor/tasks/helpers.sh b/ci/vendor/tasks/helpers.sh new file mode 100755 index 0000000..8aca168 --- /dev/null +++ b/ci/vendor/tasks/helpers.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +if [[ -z $(git config --global user.email) ]]; then + git config --global user.email "bot@galoy.io" +fi +if [[ -z $(git config --global user.name) ]]; then + git config --global user.name "CI Bot" +fi + +export CARGO_HOME="$(pwd)/cargo-home" +export CARGO_TARGET_DIR="$(pwd)/cargo-target-dir" + +unpack_deps() { echo ""; } diff --git a/ci/vendor/tasks/prep-release-src.sh b/ci/vendor/tasks/prep-release-src.sh new file mode 100755 index 0000000..1de0040 --- /dev/null +++ b/ci/vendor/tasks/prep-release-src.sh @@ -0,0 +1,57 @@ +#!/bin/bash + +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +set -eu + +# ------------ CHANGELOG ------------ + +pushd repo + +# First time +if [[ $(cat ../version/version) == "0.0.0" ]]; then + git cliff --config ../pipeline-tasks/ci/vendor/config/git-cliff.toml > ../artifacts/gh-release-notes.md + +# Fetch changelog from last ref +else + export prev_ref=$(git rev-list -n 1 $(cat ../version/version)) + export new_ref=$(git rev-parse HEAD) + + git cliff --config ../pipeline-tasks/ci/vendor/config/git-cliff.toml $prev_ref..$new_ref > ../artifacts/gh-release-notes.md +fi + +popd + +# Generate Changelog +echo "CHANGELOG:" +echo "-------------------------------" +cat artifacts/gh-release-notes.md +echo "-------------------------------" + +# ------------ BUMP VERSION ------------ + +echo -n "Prev Version: " +cat version/version +echo "" + +# Initial Version +if [[ $(cat version/version) == "0.0.0" ]]; then + echo "0.1.0" > version/version +# Figure out proper version to release +elif [[ $(cat artifacts/gh-release-notes.md | grep breaking) != '' ]] || [[ $(cat artifacts/gh-release-notes.md | grep feature) != '' ]]; then + echo "Breaking change / Feature Addition found, bumping minor version..." + bump2version minor --current-version $(cat version/version) --allow-dirty version/version +else + echo "Only patches and fixes found - no breaking changes, bumping patch version..." + bump2version patch --current-version $(cat version/version) --allow-dirty version/version +fi + +echo -n "Release Version: " +cat version/version +echo "" + +# ------------ ARTIFACTS ------------ + +cat version/version > artifacts/gh-release-tag +echo "v$(cat version/version) Release" > artifacts/gh-release-name diff --git a/ci/vendor/tasks/rust-check-code.sh b/ci/vendor/tasks/rust-check-code.sh new file mode 100755 index 0000000..c44b5e0 --- /dev/null +++ b/ci/vendor/tasks/rust-check-code.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +#! Auto synced from Shared CI Resources repository +#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared + +set -eu + +pushd repo + +make check-code diff --git a/ci/vendor/tasks/test-on-docker-host.sh b/ci/vendor/tasks/test-on-docker-host.sh new file mode 100755 index 0000000..31f127c --- /dev/null +++ b/ci/vendor/tasks/test-on-docker-host.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +set -eu + +export CI_ROOT=$(pwd) + +host_name=$(cat docker-host/metadata | jq -r '.docker_host_name') +echo "Running on host: ${host_name}" +host_zone=$(cat docker-host/metadata | jq -r '.docker_host_zone') +gcp_project=$(cat docker-host/metadata | jq -r '.docker_host_project') + +gcloud_ssh() { + gcloud compute ssh ${host_name} \ + --zone=${host_zone} \ + --project=${gcp_project} \ + --ssh-key-file=${CI_ROOT}/login.ssh \ + --tunnel-through-iap \ + --command "$@" 2> /dev/null +} + +cat < ${CI_ROOT}/gcloud-creds.json +${GOOGLE_CREDENTIALS} +EOF +cat < ${CI_ROOT}/login.ssh +${SSH_PRIVATE_KEY} +EOF +chmod 600 ${CI_ROOT}/login.ssh +cat < ${CI_ROOT}/login.ssh.pub +${SSH_PUB_KEY} +EOF +gcloud auth activate-service-account --key-file ${CI_ROOT}/gcloud-creds.json 2> /dev/null + +gcloud_ssh "docker ps -qa | xargs docker rm -fv || true; sudo rm -rf ${REPO_PATH} || true; mkdir -p ${REPO_PATH} && cd ${REPO_PATH}/../ && rmdir $(basename ${REPO_PATH})" + +pushd ${REPO_PATH} + +make create-tmp-env-ci || true + +gcloud compute scp --ssh-key-file=${CI_ROOT}/login.ssh \ + --recurse $(pwd) ${host_name}:${REPO_PATH} \ + --tunnel-through-iap \ + --zone=${host_zone} \ + --project=${gcp_project} > /dev/null + +gcloud_ssh "cd ${REPO_PATH}; export TMP_ENV_CI=tmp.env.ci; export COMPOSE_PROJECT_NAME=$(basename ${REPO_PATH}); source .envrc || true; docker compose pull; docker compose -f docker-compose.yml up ${TEST_CONTAINER} --attach ${TEST_CONTAINER} 2>&1" + +container_id=$(gcloud_ssh "docker ps -q -f status=exited -f name=${PWD##*/}-${TEST_CONTAINER}-") +test_status=$(gcloud_ssh "docker inspect $container_id --format='{{.State.ExitCode}}'") + +gcloud_ssh "cd ${REPO_PATH}; export COMPOSE_PROJECT_NAME=$(basename ${REPO_PATH}); docker compose down --remove-orphans --timeout 1" + +exit $test_status diff --git a/typos.toml b/typos.toml new file mode 100644 index 0000000..bf27f28 --- /dev/null +++ b/typos.toml @@ -0,0 +1,2 @@ +[files] +extend-exclude = ["CHANGELOG.md"]