From 134d5017139e1582e64683c79262ba099c3e7834 Mon Sep 17 00:00:00 2001 From: Rory Carson Date: Tue, 26 Sep 2023 14:40:38 +0200 Subject: [PATCH 1/4] [SEC-3232]Add template and remove old deployment stuff --- app-prod.yaml | 12 ------------ app-staging.yaml | 12 ------------ catalog-info-template.yaml | 28 ++++++++++++++++++++++++++++ cloudbuild.yaml | 15 --------------- deploy | 5 ----- 5 files changed, 28 insertions(+), 44 deletions(-) delete mode 100644 app-prod.yaml delete mode 100644 app-staging.yaml create mode 100644 catalog-info-template.yaml delete mode 100644 cloudbuild.yaml delete mode 100755 deploy diff --git a/app-prod.yaml b/app-prod.yaml deleted file mode 100644 index cebb5385..00000000 --- a/app-prod.yaml +++ /dev/null @@ -1,12 +0,0 @@ -runtime: custom -env: flex -manual_scaling: - instances: 1 -resources: - cpu: 2 - memory_gb: 12 - disk_size_gb: 100 -env_variables: - APP_ID: 119816 - KEY_SECRET: "gcpsecretmanager://projects/allstar-ossf/secrets/allstar-private-key?decoder=bytes" - DO_NOTHING_ON_OPT_OUT: true diff --git a/app-staging.yaml b/app-staging.yaml deleted file mode 100644 index 081b9c48..00000000 --- a/app-staging.yaml +++ /dev/null @@ -1,12 +0,0 @@ -runtime: custom -env: flex -service: staging -manual_scaling: - instances: 1 -resources: - cpu: 2 - memory_gb: 12 - disk_size_gb: 100 -env_variables: - APP_ID: 166485 - KEY_SECRET: "gcpsecretmanager://projects/allstar-ossf/secrets/allstar-staging-private-key?decoder=bytes" diff --git a/catalog-info-template.yaml b/catalog-info-template.yaml new file mode 100644 index 00000000..7b52bb03 --- /dev/null +++ b/catalog-info-template.yaml @@ -0,0 +1,28 @@ +# Backstage documentation +# https://backstage.io/docs/features/software-catalog/descriptor-format/ + +apiVersion: backstage.io/v1alpha1 +kind: unknown +metadata: + name: ${{ github.event.repository.name }} + description: ${{ github.event.repository.description }} + annotations: + github.com/project-slug: ${{ github.repository }} + contentful.com/service-tier: "unknown" #1, 2, 3, 4 + + tags: + - update-me + #need to add sast.yaml to .github/workflows and enable it in polaris dashboard + #once that is done this can be changed to sast-enabled + - sast-disabled + #make this match the value from service-tier above + - tier-unknown +spec: + #cli, component, contentful.com/template, documentation, function, library, service, template, website + type: unknown + #deprecated, experimental, production, unknown + lifecycle: unknown + system: unknown + #we can assign owner based on who created the repo or submitted the first PR but theres + #no guarantee 1. they still work here, 2. are on the owning team anymore + owner: team-unknown \ No newline at end of file diff --git a/cloudbuild.yaml b/cloudbuild.yaml deleted file mode 100644 index 4fdcfcba..00000000 --- a/cloudbuild.yaml +++ /dev/null @@ -1,15 +0,0 @@ -steps: -- name: golang:1.20 - entrypoint: go - args: ['install', 'github.com/google/ko@v0.13.0'] -- name: golang:1.20 - entrypoint: bash - args: ['-c', 'KO_DOCKER_REPO="gcr.io/allstar-ossf" /go/bin/ko publish ./cmd/allstar > container'] -- name: gcr.io/google.com/cloudsdktool/cloud-sdk - entrypoint: bash - args: ['-c', 'gcloud app deploy --appyaml=app-staging.yaml --project=allstar-ossf --image-url $(cat container)'] -timeout: 1200s -options: - volumes: - - name: go-modules - path: /go diff --git a/deploy b/deploy deleted file mode 100755 index 157afd06..00000000 --- a/deploy +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -export KO_DOCKER_REPO="gcr.io/allstar-ossf" -cont=$(ko publish ./cmd/allstar) -gcloud app deploy --image-url ${cont} From 97c31f41198c097c455cab040e37753fc122d4f8 Mon Sep 17 00:00:00 2001 From: Rory Carson Date: Wed, 27 Sep 2023 09:15:21 +0200 Subject: [PATCH 2/4] add group to owner for proper matching --- catalog-info-template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/catalog-info-template.yaml b/catalog-info-template.yaml index 7b52bb03..3955ee04 100644 --- a/catalog-info-template.yaml +++ b/catalog-info-template.yaml @@ -25,4 +25,4 @@ spec: system: unknown #we can assign owner based on who created the repo or submitted the first PR but theres #no guarantee 1. they still work here, 2. are on the owning team anymore - owner: team-unknown \ No newline at end of file + owner: group:team-unknown \ No newline at end of file From f520e99a7bbce2017bf82da1f233929b5ad26deb Mon Sep 17 00:00:00 2001 From: Rory Carson Date: Wed, 27 Sep 2023 09:31:13 +0200 Subject: [PATCH 3/4] change to bash variables --- catalog-info-template.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/catalog-info-template.yaml b/catalog-info-template.yaml index 3955ee04..3219e57b 100644 --- a/catalog-info-template.yaml +++ b/catalog-info-template.yaml @@ -4,10 +4,10 @@ apiVersion: backstage.io/v1alpha1 kind: unknown metadata: - name: ${{ github.event.repository.name }} - description: ${{ github.event.repository.description }} + name: $REPO_NAME + description: $REPO_DESCRIPTION annotations: - github.com/project-slug: ${{ github.repository }} + github.com/project-slug: $PROJECT_SLUG contentful.com/service-tier: "unknown" #1, 2, 3, 4 tags: From 8c0f378129f5e58001a4bd3f2a8993967793970c Mon Sep 17 00:00:00 2001 From: Rory Carson Date: Thu, 28 Sep 2023 10:24:52 +0200 Subject: [PATCH 4/4] more notes --- catalog-info-template.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/catalog-info-template.yaml b/catalog-info-template.yaml index 3219e57b..d4c97533 100644 --- a/catalog-info-template.yaml +++ b/catalog-info-template.yaml @@ -4,10 +4,10 @@ apiVersion: backstage.io/v1alpha1 kind: unknown metadata: - name: $REPO_NAME - description: $REPO_DESCRIPTION + name: $REPO_NAME #pulled from gh api + description: $REPO_DESCRIPTION #pulled from gh api annotations: - github.com/project-slug: $PROJECT_SLUG + github.com/project-slug: $PROJECT_SLUG #pulled from gh api contentful.com/service-tier: "unknown" #1, 2, 3, 4 tags: