From fef438bd1d9813a4af9d4be7a9c7e43fb6279a89 Mon Sep 17 00:00:00 2001 From: DanStough Date: Tue, 10 Oct 2023 12:59:12 -0400 Subject: [PATCH] bulid: add CRT pipeline --- .release/ci.hcl | 131 ++++++++++++++++++++++++++++++++++ .release/release.metadata.hcl | 5 ++ .release/security-scan.hcl | 13 ++++ 3 files changed, 149 insertions(+) diff --git a/.release/ci.hcl b/.release/ci.hcl index e69de29b..7aa18a89 100644 --- a/.release/ci.hcl +++ b/.release/ci.hcl @@ -0,0 +1,131 @@ +schema = "1" + +project "http-echo" { + // the team key is not used by CRT currently + team = "team-consul" + slack { + notification_channel = "C0253EQ5B40" + } + github { + organization = "hashicorp" + repository = "http-echo" + // An allow-list of branch names where artifacts are built. Note that wildcards are accepted! + // Artifacts built from these branches will be processed through CRT and get into a + // "release ready" state. + release_branches = [ + "main", + "release/**" + ] + } +} + +event "merge" { + // "entrypoint" to use if build is not run automatically + // i.e. send "merge" complete signal to orchestrator to trigger build +} + +event "build" { + depends = ["merge"] + action "build" { + organization = "hashicorp" + repository = "http-echo" + workflow = "build" + } +} + +// Read more about what the `prepare` workflow does here: +// https://hashicorp.atlassian.net/wiki/spaces/RELENG/pages/2489712686/Dec+7th+2022+-+Introducing+the+new+Prepare+workflow +event "prepare" { + depends = ["build"] + + action "prepare" { + organization = "hashicorp" + repository = "crt-workflows-common" + workflow = "prepare" + depends = ["build"] + } + + notification { + on = "fail" + } +} + +## These are promotion and post-publish events +## they should be added to the end of the file after the verify event stanza. + +event "trigger-staging" { +// This event is dispatched by the bob trigger-promotion command +// and is required - do not delete. +} + +event "promote-staging" { + depends = ["trigger-staging"] + action "promote-staging" { + organization = "hashicorp" + repository = "crt-workflows-common" + workflow = "promote-staging" + config = "release-metadata.hcl" + } + + notification { + on = "always" + } +} + +event "promote-staging-docker" { + depends = ["promote-staging"] + action "promote-staging-docker" { + organization = "hashicorp" + repository = "crt-workflows-common" + workflow = "promote-staging-docker" + } + + notification { + on = "always" + } +} + +event "trigger-production" { +// This event is dispatched by the bob trigger-promotion command +// and is required - do not delete. +} + +event "promote-production" { + depends = ["trigger-production"] + action "promote-production" { + organization = "hashicorp" + repository = "crt-workflows-common" + workflow = "promote-production" + } + + notification { + on = "always" + } +} + +event "promote-production-docker" { + depends = ["promote-production"] + action "promote-production-docker" { + organization = "hashicorp" + repository = "crt-workflows-common" + workflow = "promote-production-docker" + } + + notification { + on = "always" + } +} + + +event "bump-version-patch" { + depends = ["promote-production-docker"] + action "bump-version" { + organization = "HashiCorp-RelEng-Dev" + repository = "crt-workflows-common" + workflow = "bump-version" + } + + notification { + on = "fail" + } +} diff --git a/.release/release.metadata.hcl b/.release/release.metadata.hcl index e69de29b..5f10587e 100644 --- a/.release/release.metadata.hcl +++ b/.release/release.metadata.hcl @@ -0,0 +1,5 @@ +url_docker_registry_dockerhub = "https://hub.docker.com/r/hashicorp/http-echo" +url_source_repository = "https://github/hashicorp/http-echo" +url_project_website = "https://github/hashicorp/http-echo" +url_license = "https://github.com/hashicorp/http-echo/blob/main/LICENSE" +url_release_notes = "https://github.com/hashicorp/http-echo/releases" diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl index e69de29b..c8e08063 100644 --- a/.release/security-scan.hcl +++ b/.release/security-scan.hcl @@ -0,0 +1,13 @@ +container { + dependencies = true + alpine_secdb = true + secrets = true +} + +binary { + secrets = true + go_modules = true + osv = true + oss_index = false + nvd = false +}