github.com/w3security/driftctl@v0.38.0/.circleci/config.yml (about) 1 version: 2.1 2 only_branches: &only_branches 3 filters: 4 branches: 5 ignore: 6 - main 7 only_maintainers: &only_maintainers 8 filters: 9 branches: 10 # Forked pull requests have CIRCLE_BRANCH set to pull/XXX 11 ignore: /pull\/[0-9]+/ 12 orbs: 13 go: circleci/go@1.7.0 14 w3security: w3security/w3security@1.1.2 15 gh: circleci/github-cli@1.1.0 16 slack: circleci/slack@4.12.5 17 parameters: 18 ACC_TESTS: 19 type: string 20 description: manually run acceptance tests 21 default: "0" 22 commands: 23 notify_slack_on_failure: 24 steps: 25 - slack/notify: 26 channel: team-cloud-context-alerts 27 event: fail 28 custom: | 29 { 30 "blocks": [ 31 { 32 "type": "header", 33 "text": { 34 "type": "plain_text", 35 "text": ":warning: Driftctl acceptance tests failed :warning:", 36 "emoji": true 37 } 38 }, 39 { 40 "type": "divider" 41 }, 42 { 43 "type": "section", 44 "fields": [ 45 { 46 "type": "mrkdwn", 47 "text": "*Suite*: ${ACC_PATTERN}" 48 }, 49 { 50 "type": "mrkdwn", 51 "text": "*Branch*: ${CIRCLE_BRANCH}" 52 } 53 ], 54 "accessory": { 55 "type": "button", 56 "text": { 57 "type": "plain_text", 58 "emoji": true, 59 "text": "View Job" 60 }, 61 "url": "${CIRCLE_BUILD_URL}" 62 } 63 } 64 ] 65 } 66 jobs: 67 test_acc: 68 parameters: 69 pattern: 70 type: string 71 resource_class: large 72 machine: 73 image: ubuntu-2004:202010-01 74 environment: 75 ACC_PATTERN: << parameters.pattern >> 76 AWS_DEFAULT_REGION: us-east-1 77 CHECKPOINT_DISABLE: "true" # Disable terraform version check 78 CLOUDSDK_CORE_PROJECT: driftctl-qa-1 79 GOOGLE_APPLICATION_CREDENTIALS: /tmp/google.json 80 ACC_GOOGLE_CREDENTIALS: /tmp/google-admin.json 81 steps: 82 - checkout 83 - go/install: 84 version: "1.18.3" 85 - go/load-cache: 86 key: test_acc 87 - run: make install-tools 88 - run: 89 name: Setup Google credentials 90 command: | 91 echo ${GCLOUD_KEYFILE} | base64 -d > /tmp/google.json 92 echo ${ACC_GCLOUD_KEYFILE} | base64 -d > /tmp/google-admin.json 93 - run: 94 name: Run acceptance tests 95 command: make acc 96 no_output_timeout: 30m 97 - notify_slack_on_failure 98 - go/save-cache: 99 key: test_acc 100 path: /home/circleci/.go_workspace/pkg/mod 101 - store_test_results: 102 path: ./ 103 lint: 104 docker: 105 - image: golang:1.18 106 steps: 107 - checkout 108 - run: 109 name: Ensure go mod is tidy 110 command: | 111 go mod tidy 112 git diff --exit-code go.mod go.sum 113 - run: 114 name: Enforce Go Formatted Code 115 command: | 116 go fmt ./... 117 if [[ -z $(git status --porcelain) ]]; then 118 echo "Git directory is clean." 119 else 120 echo "Git directory is dirty. Run make fmt locally and commit any formatting fixes or generated code." 121 git status --porcelain 122 exit 1 123 fi 124 - run: make install-tools 125 - run: make lint 126 127 test: 128 resource_class: large 129 executor: 130 name: go/default 131 tag: "1.18.3" 132 steps: 133 - checkout 134 - go/load-cache: 135 key: test-docker 136 - run: make install-tools 137 - run: 138 name: Run tests 139 command: make test 140 - go/save-cache: 141 key: test-docker 142 - store_test_results: 143 path: ./ 144 release: 145 resource_class: large 146 docker: 147 - image: cimg/go:1.18 148 steps: 149 - checkout 150 - gh/setup: 151 version: 2.2.0 152 - run: 153 name: "Ensure GnuPG is available" 154 command: gpg --version 155 - run: 156 name: "Import signing key" 157 command: | 158 echo ${SIGNINGKEY} | base64 -d | gpg --import 159 - run: 160 name: "Build and publish release" 161 command: make release 162 no_output_timeout: 30m 163 - persist_to_workspace: 164 root: ~/project 165 paths: 166 - bin/driftctl_SHA256SUMS 167 release-docs: 168 docker: 169 - image: cimg/base:2020.01 170 steps: 171 - checkout 172 - attach_workspace: 173 at: ~/project 174 - run: 175 name: Trigger driftctl-docs new version 176 command: | 177 curl -X POST https://api.github.com/repos/w3security/driftctl-docs/dispatches \ 178 -d '{"event_type": "new_version"}' \ 179 -H "Authorization: token $GITHUB_TOKEN" 180 issue-tagging: 181 machine: 182 image: ubuntu-2004:202010-01 183 steps: 184 - checkout 185 - gh/setup: 186 version: 2.2.0 187 - attach_workspace: 188 at: ~/project 189 - run: 190 name: Auto label issues with the newly released version 191 command: | 192 ./scripts/issue-tagging.sh 193 update-lambda: 194 environment: 195 FUNCTION_NAME: driftctl-version 196 docker: 197 - image: cimg/base:2021.04 198 steps: 199 - run: 200 name: "Update Lambda version" 201 command: | 202 wget "https://github.com/w3security/lambda-env-updater/releases/download/v1.0.0/lambda-env-updater_linux_amd64" && chmod +x lambda-env-updater_linux_amd64 203 ./lambda-env-updater_linux_amd64\ 204 -name ${FUNCTION_NAME}\ 205 -env "LATEST_VERSION=${CIRCLE_TAG}" 206 security-oss: 207 docker: 208 - image: cimg/go:1.18 209 steps: 210 - checkout 211 - w3security/scan: 212 severity-threshold: high 213 monitor-on-build: false 214 project: ${CIRCLE_PROJECT_REPONAME} 215 organization: cloud-cloud 216 security-code: 217 docker: 218 - image: cimg/go:1.18.3 219 steps: 220 - checkout 221 - w3security/scan: 222 command: code test 223 severity-threshold: high 224 monitor-on-build: false 225 project: ${CIRCLE_PROJECT_REPONAME} 226 organization: cloud-cloud 227 workflows: 228 nightly: 229 jobs: 230 - test_acc: 231 name: "Acceptance tests: << matrix.pattern >>" 232 matrix: 233 parameters: 234 pattern: 235 - TestAcc_Aws 236 - TestAcc_Google 237 - TestAcc_Azure_ 238 - TestAcc_StateReader_ 239 240 # Disable this rather than create a new test org 241 # - TestAcc_Github_ 242 context: 243 - driftctl-acc 244 - w3security-bot-slack 245 triggers: 246 - schedule: 247 cron: "0 3 * * *" 248 filters: 249 branches: 250 only: 251 - main 252 manual-acc-tests: 253 when: 254 equal: ["1", << pipeline.parameters.ACC_TESTS >>] 255 jobs: 256 - test_acc: 257 name: "Acceptance tests: << matrix.pattern >>" 258 matrix: 259 parameters: 260 pattern: 261 - TestAcc_Aws 262 - TestAcc_Google 263 - TestAcc_Azure_ 264 - TestAcc_StateReader_ 265 266 # Disable this rather than create a new test org 267 # - TestAcc_Github_ 268 context: 269 - driftctl-acc 270 - w3security-bot-slack 271 pullrequest: 272 jobs: 273 - lint: 274 <<: *only_branches 275 - test: 276 <<: *only_branches 277 - security-code: 278 name: W3Security code 279 context: 280 - driftctl-w3security 281 <<: *only_maintainers 282 - security-oss: 283 name: W3Security test 284 context: 285 - driftctl-w3security 286 <<: *only_maintainers 287 # Disabled since it makes every PR to stay in "pending" state 288 # https://ideas.circleci.com/cloud-feature-requests/p/show-overall-all-checks-have-passed-status-in-github-even-on-builds-with-incompl 289 # pullrequest_acc: 290 # jobs: 291 # - hold: 292 # type: approval # presents manual approval button in the UI 293 # - test_acc: 294 # name: "Acceptance tests: << matrix.pattern >>" 295 # requires: 296 # - hold 297 # matrix: 298 # parameters: 299 # pattern: 300 # - TestAcc_Aws 301 # - TestAcc_Github_ 302 # - TestAcc_Google 303 # - TestAcc_Azure_ 304 # context: 305 # - driftctl-acc 306 push: 307 jobs: 308 - test: 309 filters: 310 branches: 311 only: 312 - main 313 release: 314 jobs: 315 - lint: 316 filters: 317 tags: 318 only: /^v.*/ 319 branches: 320 ignore: /.*/ 321 - test: 322 filters: 323 tags: 324 only: /^v.*/ 325 branches: 326 ignore: /.*/ 327 - release: 328 context: 329 - driftctl 330 - driftctl-w3security 331 - driftctl-signing 332 requires: 333 - lint 334 - test 335 filters: 336 tags: 337 only: /^v.*/ 338 branches: 339 ignore: /.*/ 340 - update-lambda: 341 context: driftctl-version-lambda 342 requires: 343 - release 344 filters: 345 tags: 346 only: /^v.*/ 347 branches: 348 ignore: /.*/ 349 - release-docs: 350 context: 351 - driftctl 352 requires: 353 - release 354 filters: 355 tags: 356 only: /^v.*/ 357 branches: 358 ignore: /.*/ 359 - issue-tagging: 360 context: 361 - driftctl 362 requires: 363 - release 364 filters: 365 tags: 366 only: /^v.*/ 367 branches: 368 ignore: /.*/