forked from cloudfoundry/persi-ci
-
Notifications
You must be signed in to change notification settings - Fork 0
/
smbbroker.yml
182 lines (161 loc) · 4.71 KB
/
smbbroker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
---
#! WARNING: this pipeline is automatically set and manual changes will go away.
#!
#! To set pipeline manually run:
#! fly set-pipeline -p smbbroker -c smbbroker.yml
# ************************************
# Secrets we need to run this pipeline
# ************************************
cerberus_secrets:
#! GitHub SSH Key is used to push git commits and accessing repositories. Added 2024-02-19
- &github_access_token ((github.access_token))
- &github_ssh_key ((github.ssh_key))
#! GitHub email and username are used to sign the commits and PRs for go module auto bumps. Added 2024-02-19
- &github_user ((github.user))
- &github_email ((github.email))
#! gcr_viewer_key was needed on 2024-03-24 for getting concourse container images from our GCR instance. Generated by using personal creds to log into the mapbu-cryogenics google cloud project.
- &gcr_viewer_key ((gcr.viewer_key))
# **************
# End of secrets
# **************
groups:
- name: test
jobs:
- unit-test
- security-scan
- merge-pr
- name: updates
jobs:
- bump-go-module
resource_types:
- name: pull-request
type: registry-image
source:
repository: us-west2-docker.pkg.dev/mapbu-cryogenics/concourse-resources/pr-queue-resource
username: _json_key
password: *gcr_viewer_key
resources:
- name: smbbroker
type: pull-request
icon: source-pull
source:
repository: cloudfoundry/smbbroker
base_branch: master
disable_forks: true
access_token: *github_access_token
- name: git-smbbroker
type: git
icon: github
source:
uri: [email protected]:cloudfoundry/smbbroker.git
private_key: *github_ssh_key
branch: master
- name: git-smbbroker-write
type: git
icon: git
source:
uri: [email protected]:cloudfoundry/smbbroker.git
private_key: *github_ssh_key
commit_filter:
exclude:
- ;resource comment; This resource is used exclusively for pushing new changes
- name: persi-ci
type: git
icon: github
source:
uri: https://github.com/cloudfoundry/persi-ci.git
branch: master
- name: image-cryogenics-essentials
type: registry-image
icon: docker
source:
repository: us-west2-docker.pkg.dev/mapbu-cryogenics/essentials/cryo-essentials
username: _json_key
password: *gcr_viewer_key
- name: cryogenics-concourse-tasks
type: git
icon: github
source:
uri: [email protected]:pivotal/cryogenics-concourse-tasks.git
private_key: *github_ssh_key
branch: main
- name: run-once-a-week
type: time
icon: clock-outline
source:
days: [ Monday ]
jobs:
- name: unit-test
public: true
plan:
- get: smbbroker
trigger: true
- get: image-cryogenics-essentials
- task: build
image: image-cryogenics-essentials
file: smbbroker/scripts/ci/run_unit.build.yml
- name: security-scan
plan:
- in_parallel:
- get: image-cryogenics-essentials
- get: persi-ci
- get: smbbroker
trigger: true
- task: build
image: image-cryogenics-essentials
file: persi-ci/scripts/ci/security-scan.build.yml
params:
PATHS: "./"
input_mapping:
release-dir: smbbroker
- name: merge-pr
plan:
- get: smbbroker
trigger: true
passed:
- security-scan
- unit-test
- put: smbbroker
params:
merge: true
repository: smbbroker
- name: bump-go-module
plan:
- in_parallel:
- get: source-repo
resource: git-smbbroker
- get: cryogenics-concourse-tasks
- get: image-cryogenics-essentials
- get: run-once-a-week
trigger: true
- task: bump-go-module
image: image-cryogenics-essentials
file: cryogenics-concourse-tasks/deps-automation/bump-go-module/task.yml
params:
GIT_USERNAME: *github_user
GIT_EMAIL: *github_email
ROOT_DIRECTORIES: .
- try:
load_var: go-module-update-branch
file: destination-repo/.update-branch-name
on_success:
do:
- put: git-smbbroker-write
params:
repository: destination-repo
branch: &go-module-branch ((.:go-module-update-branch))
- task: create-go-module-bump-pull-request
image: image-cryogenics-essentials
file: cryogenics-concourse-tasks/github-automation/create-pr/task.yml
params:
BASE: master
BRANCH: *go-module-branch
LABELS: dependencies
TITLE: Bump go module ((.:go-module-update-branch))
MESSAGE: |
This is an automatically generated Pull Request from the Cryogenics CI Bot.
I have detected a new version of a go module and automatically bumped
it to benefit from the latest changes.
If this does not look right, please reach out to the mapbu-cryogenics team.
input_mapping:
source-repo: git-smbbroker-write