forked from cloudfoundry/persi-ci
-
Notifications
You must be signed in to change notification settings - Fork 0
/
lts-nfsv3driver-v5.0.yml
248 lines (224 loc) · 6.98 KB
/
lts-nfsv3driver-v5.0.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
---
# This pipeline is set automatics, any none committed changes will be lost.
#
# To set the pipeline, run:
# fly -t cryo-runway set-pipeline -p lts-nfsv3driver-v5.0 -c lts-nfsv3driver-v5.0.yml
#
# ************************************
# Secrets we need to run this pipeline
# ************************************
#! this needs to come first, else all other vars can't be resolved.
#! cerberus creds are required to access the teams vault instance managed by cerberus. The creds have been created manually via the vault-cli targetting the teams cerberus vault. Example steps to create an approle are here: https://developer.hashicorp.com/vault/docs/auth/approle the required value for policies is `restricted-admin` the auth method is mounted on the standard path.
cerberus_secrets:
- &github_ssh_key ((github.ssh_key))
- &github_access_token ((github.access_token))
# used to get pull requests and get git repos
- &github_user ((github.user))
- &github_email ((github.email))
#! GitHub email and username are used to sign the commits and PRs for go module auto bumps. Added 2024-02-15
#! gcr_viewer_key was needed on 2024-03-24 for getting concourse container images from our GCR instance. Generated by using personal creds to log into the mapbu-cryogenics google cloud project.
- &gcr_viewer_key ((gcr.viewer_key))
# **************
# End of secrets
# **************
groups:
- name: test
jobs:
- unit-test
- security-scan
- integration
- merge-pr
- name: updates
jobs:
- bump-go-module
resource_types:
- name: pull-request
type: docker-image
source:
repository: us-west2-docker.pkg.dev/mapbu-cryogenics/concourse-resources/pr-queue-resource
username: _json_key
password: *gcr_viewer_key
resources:
- name: nfsv3driver
type: pull-request
icon: source-pull
source:
repository: cloudfoundry/nfsv3driver
base_branch: v5.0
disable_forks: true
access_token: *github_access_token
- name: nfsv3driver-read
type: git
icon: github
source:
uri: https://github.com/cloudfoundry/nfsv3driver
branch: v5.0
- name: nfsv3driver-write
type: git
icon: git
source:
uri: [email protected]:cloudfoundry/nfsv3driver.git
private_key: *github_ssh_key
commit_filter:
exclude:
- ;resource comment; This resource is used exclusively for pushing new changes
- name: cryogenics-concourse-tasks
type: git
icon: github
source:
uri: [email protected]:pivotal/cryogenics-concourse-tasks.git
private_key: *github_ssh_key
branch: main
- name: cfpersi-nfs-integration-tests
type: registry-image
source:
repository: us-west2-docker.pkg.dev/mapbu-cryogenics/dockerhub-proxy-cache/cfpersi/nfs-integration-tests
username: _json_key
password: *gcr_viewer_key
- name: image-cryogenics-essentials
icon: docker
type: registry-image
source:
repository: us-west2-docker.pkg.dev/mapbu-cryogenics/essentials/cryo-essentials
tag: latest
username: _json_key
password: *gcr_viewer_key
- name: persi-ci
type: git
icon: github
source:
uri: https://github.com/cloudfoundry/persi-ci.git
branch: master
- name: mapfs
type: git
icon: github
source:
branch: master
uri: [email protected]:cloudfoundry/mapfs.git
private_key: *github_ssh_key
- name: docker_driver_integration_tests
type: git
icon: github
source:
branch: main
uri: https://github.com/cloudfoundry/docker_driver_integration_tests
- name: once-a-week
type: time
icon: clock-outline
source:
days: [ Thursday ]
jobs:
- name: unit-test
public: true
plan:
- in_parallel:
- get: nfsv3driver
trigger: true
- get: image-cryogenics-essentials
- task: build
image: image-cryogenics-essentials
file: nfsv3driver/scripts/ci/run_unit.build.yml
- name: security-scan
plan:
- in_parallel:
- get: persi-ci
- get: image-cryogenics-essentials
- get: nfsv3driver
trigger: true
passed:
- unit-test
- task: build
image: image-cryogenics-essentials
file: persi-ci/scripts/ci/security-scan.build.yml
params:
PATHS: "./"
input_mapping:
release-dir: nfsv3driver
- name: integration
serial: true
plan:
- in_parallel:
fail_fast: true
steps:
- get: persi-ci
- get: docker_driver_integration_tests
- get: cfpersi-nfs-integration-tests
- get: nfsv3driver
passed:
- unit-test
trigger: true
- get: mapfs
- in_parallel:
fail_fast: true
steps:
- task: run_docker_driver_integration_tests
image: cfpersi-nfs-integration-tests
file: nfsv3driver/scripts/ci/run_docker_driver_integration_tests.build.yml
privileged: true
params:
TEST_PACKAGE: docker_driver_integration_tests/
- task: run_docker_driver_lazy_unmount_integration_tests
file: nfsv3driver/scripts/ci/run_docker_driver_integration_tests.build.yml
image: cfpersi-nfs-integration-tests
privileged: true
params:
TEST_PACKAGE: docker_driver_integration_tests/lazy_unmount
- task: run_driver_broker_compatibility_tests
file: nfsv3driver/scripts/ci/run_docker_driver_integration_tests.build.yml
image: cfpersi-nfs-integration-tests
privileged: true
params:
TEST_PACKAGE: docker_driver_integration_tests/compatibility
- name: merge-pr
serial: true
plan:
- get: nfsv3driver
trigger: true
passed:
- security-scan
- integration
- put: nfsv3driver
params:
merge: true
repository: nfsv3driver
- name: bump-go-module
plan:
- in_parallel:
- get: source-repo
resource: nfsv3driver-read
- get: cryogenics-concourse-tasks
- get: image-cryogenics-essentials
- get: once-a-week
trigger: true
- task: bump-go-module
file: cryogenics-concourse-tasks/deps-automation/bump-go-module/task.yml
image: image-cryogenics-essentials
params:
GIT_USERNAME: *github_user
GIT_EMAIL: *github_email
ROOT_DIRECTORIES: .
BRANCH_PREFIX: v5.0-
- try:
load_var: go-module-update-branch
file: destination-repo/.update-branch-name
on_success:
do:
- put: nfsv3driver-write
params:
repository: destination-repo
branch: &go-module-branch ((.:go-module-update-branch))
- task: create-go-module-bump-pull-request
file: cryogenics-concourse-tasks/github-automation/create-pr/task.yml
image: image-cryogenics-essentials
params:
BASE: v5.0
BRANCH: *go-module-branch
LABELS: dependencies
TITLE: Bump go module ((.:go-module-update-branch))
MESSAGE: |
This is an automatically generated Pull Request from the Cryogenics CI Bot.
I have detected a new version of a go module and automatically bumped
it to benefit from the latest changes.
If this does not look right, please reach out to the mapbu-cryogenics team.
input_mapping:
source-repo: nfsv3driver-write