This repository has been archived by the owner on Sep 24, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
/
nfsbroker.yml
191 lines (171 loc) · 4.96 KB
/
nfsbroker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
---
# This pipeline is set automatics, any none committed changes will be lost.
#
# To set the pipeline, run:
# fly -t cryo set-pipeline -p nfsbroker -c nfsbroker.yml
#
# ************************************
# Secrets we need to run this pipeline
# ************************************
secrets:
#! GitHub SSH Key is used to push git commits and accessing repositories. Added 2024-02-19
- &github_access_token ((github-tas-runtime-bot/access-token))
- &github_ssh_key ((github-tas-runtime-bot/private-key))
#! GitHub email and username are used to sign the commits and PRs for go module auto bumps. Added 2024-02-19
- &github_user App Platform Runtime Working Group CI Bot
- &github_email [email protected]
- &gcr_viewer_key ((gcp-tas-runtime-service-account/config-json))
# **************
# End of secrets
# **************
groups:
- name: test
jobs:
- security-scan
- unit-and-integration-test
- merge-pr
- name: bump
jobs:
- bump-go-module
resource_types:
- name: pull-request
type: registry-image
source:
repository: us-west2-docker.pkg.dev/mapbu-cryogenics/concourse-resources/pr-queue-resource
username: _json_key
password: *gcr_viewer_key
resources:
- name: persi-ci
type: git
icon: github
source:
uri: https://github.com/cloudfoundry/persi-ci.git
branch: master
- name: nfsbroker
type: pull-request
icon: source-pull
source:
repository: cloudfoundry/nfsbroker
base_branch: &base_branch master
disable_forks: true
access_token: *github_access_token
- name: run-once-a-week
type: time
icon: timer-outline
source:
days: [ Thursday ]
- name: nfsbroker-repo
type: git
icon: github
source:
private_key: *github_ssh_key
uri: &source-repo [email protected]:cloudfoundry/nfsbroker.git
branch: *base_branch
- name: nfsbroker-repo-write
type: git
icon: github
source:
private_key: *github_ssh_key
uri: *source-repo
commit_filter:
exclude:
- ;resource comment; This resource is used exclusively for pushing new changes
- name: credhub
type: git
icon: github
source:
branch: main
uri: https://github.com/cloudfoundry-incubator/credhub
- name: image-cryogenics-essentials
type: registry-image
icon: docker
source:
repository: us-west2-docker.pkg.dev/mapbu-cryogenics/essentials/cryo-essentials
username: _json_key
password: *gcr_viewer_key
- name: cryogenics-concourse-tasks
type: git
icon: github
source:
private_key: ((tas-runtime-bot-cryo-deploy-key-for-pivotal-org/private_key))
uri: [email protected]:pivotal/cryogenics-concourse-tasks.git
branch: main
jobs:
- name: security-scan
plan:
- in_parallel:
- get: persi-ci
- get: image-cryogenics-essentials
- get: nfsbroker
trigger: true
- task: build
image: image-cryogenics-essentials
file: persi-ci/scripts/ci/security-scan.build.yml
params:
PATHS: "./"
input_mapping:
release-dir: nfsbroker
- name: unit-and-integration-test
public: true
plan:
- in_parallel:
- get: nfsbroker
trigger: true
- get: credhub
- get: image-cryogenics-essentials
- task: build
image: image-cryogenics-essentials
file: nfsbroker/scripts/ci/run_unit_and_integration.build.yml
- name: merge-pr
plan:
- get: nfsbroker
trigger: true
passed:
- security-scan
- unit-and-integration-test
- put: nfsbroker
params:
merge: true
repository: nfsbroker
- name: bump-go-module
serial: true
plan:
- in_parallel:
- get: run-once-a-week
trigger: true
- get: source-repo
resource: nfsbroker-repo
- get: cryogenics-concourse-tasks
- get: image-cryogenics-essentials
- task: bump-go-module
image: image-cryogenics-essentials
file: cryogenics-concourse-tasks/deps-automation/bump-go-module/task.yml
params:
GIT_USERNAME: *github_user
GIT_EMAIL: *github_email
- try:
load_var: go-module-update-branch
file: destination-repo/.update-branch-name
reveal: true
on_success:
do:
- put: nfsbroker-repo-write
params:
repository: destination-repo
branch: &go-module-branch ((.:go-module-update-branch))
- task: create-pull-request
image: image-cryogenics-essentials
file: cryogenics-concourse-tasks/github-automation/create-pr/task.yml
params:
GH_TOKEN: *github_access_token
BASE: *base_branch
BRANCH: *go-module-branch
LABELS: dependencies
TITLE: Bump go module ((.:go-module-update-branch)) in v5.0
MESSAGE: |
This is an automatically generated Pull Request from the Cryogenics CI Bot.
I have detected a new version of a go module and automatically bumped
it to benefit from the latest changes.
If this does not look right, please reach out to the mapbu-cryogenics team.
input_mapping:
source-repo: nfsbroker-repo-write