forked from cloudfoundry/persi-ci
-
Notifications
You must be signed in to change notification settings - Fork 0
/
nfsbroker.yml
190 lines (171 loc) · 4.95 KB
/
nfsbroker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
---
# This pipeline is set automatics, any none committed changes will be lost.
#
# To set the pipeline, run:
# fly -t cryo-runway set-pipeline -p nfsbroker -c nfsbroker.yml
#
# ************************************
# Secrets we need to run this pipeline
# ************************************
secrets:
# used to get pull requests and get git repos
- &github_ssh_key ((github.ssh_key))
- &github_access_token ((github.access_token))
#! github_email and github_username were used on 2023-12-13 for committing bumped blobs to git. They refer to the team github-ci account from lastpass.
- &github_email ((github.email))
- &github_user ((github.user))
#! gcr_viewer_key was needed on 2024-03-24 for getting concourse container images from our GCR instance. Generated by using personal creds to log into the mapbu-cryogenics google cloud project.
- &gcr_viewer_key ((gcr.viewer_key))
# **************
# End of secrets
# **************
groups:
- name: test
jobs:
- security-scan
- unit-and-integration-test
- merge-pr
- name: bump
jobs:
- bump-go-module
resource_types:
- name: pull-request
type: registry-image
source:
repository: us-west2-docker.pkg.dev/mapbu-cryogenics/concourse-resources/pr-queue-resource
username: _json_key
password: *gcr_viewer_key
resources:
- name: persi-ci
type: git
icon: github
source:
uri: https://github.com/cloudfoundry/persi-ci.git
branch: master
- name: nfsbroker
type: pull-request
icon: source-pull
source:
repository: cloudfoundry/nfsbroker
base_branch: &base_branch master
disable_forks: true
access_token: *github_access_token
- name: run-once-a-week
type: time
icon: timer-outline
source:
days: [ Tuesday ]
- name: nfsbroker-repo
type: git
icon: github
source:
private_key: *github_ssh_key
uri: &source-repo [email protected]:cloudfoundry/nfsbroker.git
branch: *base_branch
- name: nfsbroker-repo-write
type: git
icon: github
source:
private_key: *github_ssh_key
uri: *source-repo
commit_filter:
exclude:
- ;resource comment; This resource is used exclusively for pushing new changes
- name: credhub
type: git
icon: github
source:
branch: main
uri: https://github.com/cloudfoundry-incubator/credhub
- name: image-cryogenics-essentials
type: registry-image
icon: docker
source:
repository: us-west2-docker.pkg.dev/mapbu-cryogenics/essentials/cryo-essentials
username: _json_key
password: *gcr_viewer_key
- name: cryogenics-concourse-tasks
type: git
icon: github
source:
private_key: *github_ssh_key
uri: [email protected]:pivotal/cryogenics-concourse-tasks.git
branch: main
jobs:
- name: security-scan
plan:
- in_parallel:
- get: persi-ci
- get: image-cryogenics-essentials
- get: nfsbroker
trigger: true
- task: build
image: image-cryogenics-essentials
file: persi-ci/scripts/ci/security-scan.build.yml
params:
PATHS: "./"
input_mapping:
release-dir: nfsbroker
- name: unit-and-integration-test
public: true
plan:
- in_parallel:
- get: nfsbroker
trigger: true
- get: credhub
- get: image-cryogenics-essentials
- task: build
image: image-cryogenics-essentials
file: nfsbroker/scripts/ci/run_unit_and_integration.build.yml
- name: merge-pr
plan:
- get: nfsbroker
trigger: true
passed:
- security-scan
- unit-and-integration-test
- put: nfsbroker
params:
merge: true
repository: nfsbroker
- name: bump-go-module
serial: true
plan:
- in_parallel:
- get: run-once-a-week
trigger: true
- get: source-repo
resource: nfsbroker-repo
- get: cryogenics-concourse-tasks
- get: image-cryogenics-essentials
- task: bump-go-module
image: image-cryogenics-essentials
file: cryogenics-concourse-tasks/deps-automation/bump-go-module/task.yml
params:
GIT_USERNAME: *github_user
GIT_EMAIL: *github_email
- try:
load_var: go-module-update-branch
file: destination-repo/.update-branch-name
reveal: true
on_success:
do:
- put: nfsbroker-repo-write
params:
repository: destination-repo
branch: &go-module-branch ((.:go-module-update-branch))
- task: create-pull-request
image: image-cryogenics-essentials
file: cryogenics-concourse-tasks/github-automation/create-pr/task.yml
params:
BASE: *base_branch
BRANCH: *go-module-branch
LABELS: dependencies
TITLE: Bump go module ((.:go-module-update-branch)) in v5.0
MESSAGE: |
This is an automatically generated Pull Request from the Cryogenics CI Bot.
I have detected a new version of a go module and automatically bumped
it to benefit from the latest changes.
If this does not look right, please reach out to the mapbu-cryogenics team.
input_mapping:
source-repo: nfsbroker-repo-write