Skip to content

Commit

Permalink
Pipeline standardization
Browse files Browse the repository at this point in the history 
- Added bump-VERSION jobs to trigger new releases
- Added automatically-release-new-patch to do just that
- Added release notes resource that can be passed between jobs
- Added step to create github release
- Updated docker image checks to happen less frequently
  • Loading branch information
@jpalermo
jpalermo committed Jan 3, 2025
1 parent 3ccac6c commit c13ca17
Showing 1 changed file with 142 additions and 26 deletions.
168 changes: 142 additions & 26 deletions ci/pipeline.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@
custom:
timeouts:
long: &timeouts-long 2h
build_log_retention:
builds: &build_logs_to_retain 500
debug_bats: &debug_bats true

jobs:
Expand All @@ -25,8 +23,6 @@ jobs:

- name: run-specs
serial: true
build_log_retention:
builds: *build_logs_to_retain
plan:
- in_parallel:
- get: openstack-cpi-release-docker-image
Expand All @@ -40,8 +36,6 @@ jobs:
- name: lifecycle
serial: true
serial_groups: [ cleanup-lock-lifecycle ]
build_log_retention:
builds: *build_logs_to_retain
plan:
- in_parallel:
- get: bosh-openstack-cpi-release
Expand Down Expand Up @@ -117,8 +111,6 @@ jobs:
- name: bats-ubuntu-manual
serial: true
serial_groups: [ cleanup-lock-bats-ubuntu-manual ]
build_log_retention:
builds: *build_logs_to_retain
plan:
- in_parallel:
- { trigger: true, passed: [ run-specs ], get: bosh-openstack-cpi-release, timeout: *timeouts-long }
Expand Down Expand Up @@ -212,23 +204,108 @@ jobs:
get_params:
action: destroy

- name: bump-major
serial_groups: [ version ]
plan:
- put: release-version-semver
params:
bump: major

- name: bump-minor
serial_groups: [ version ]
plan:
- put: release-version-semver
params:
bump: minor

- name: bump-patch
serial_groups: [ version ]
plan:
- put: release-version-semver
params:
bump: patch

- name: automatically-release-new-patch
serial_groups: [ version ]
plan:
- in_parallel:
- get: bosh-openstack-cpi-release
trigger: true
passed:
- lifecycle
- bats-ubuntu-manual
- get: bosh-shared-ci
- get: version
resource: release-version-semver
- get: patched-version
resource: release-version-semver
params:
bump: patch
- get: bosh-security-scanner-registry-image
- try:
task: check-for-patched-cves
file: bosh-shared-ci/tasks/release/check-for-patched-cves.yml
image: bosh-security-scanner-registry-image
input_mapping:
input_repo: bosh-openstack-cpi-release
params:
SEVERITY: CRITICAL,HIGH
on_success:
do:
- put: release-notes
params:
file: release-notes/release-notes.md
- put: release-version-semver
params:
file: patched-version/version
- task: ensure-cve-checker-succeeded
file: bosh-shared-ci/tasks/release/ensure-task-succeeded.yml
image: bosh-security-scanner-registry-image
input_mapping:
task-output-folder: patched_cves
- try:
task: check-for-updated-vendored-packages
file: bosh-shared-ci/tasks/release/check-for-updated-vendored-packages.yml
image: bosh-security-scanner-registry-image
input_mapping:
input_repo: bosh-openstack-cpi-release
params:
PACKAGES:
- golang-1-linux
- openstack-ruby-3.1
on_success:
do:
- put: release-notes
params:
file: release-notes/release-notes.md
- put: release-version-semver
params:
file: patched-version/version
- task: ensure-vendored-package-checker-succeeded
file: bosh-shared-ci/tasks/release/ensure-task-succeeded.yml
image: bosh-security-scanner-registry-image
input_mapping:
task-output-folder: package-updates

- name: promote-candidate
serial: true
build_log_retention:
builds: *build_logs_to_retain
serial_groups: [ version ]
plan:
- in_parallel:
- { trigger: false, get: bosh-shared-ci, timeout: *timeouts-long }
- { trigger: false, passed: [ lifecycle, bats-ubuntu-manual ], get: bosh-openstack-cpi-release, timeout: *timeouts-long }
- { trigger: false, get: release-version-semver, params: { bump: major }, timeout: *timeouts-long }

- get: bosh-shared-ci
- get: bosh-openstack-cpi-release
passed:
- lifecycle
- bats-ubuntu-manual
- get: version
resource: release-version-semver
trigger: true
- get: release-notes
- task: promote
tags: [ "nimbus" ]
timeout: *timeouts-long
file: bosh-shared-ci/tasks/release/create-final-release.yml
input_mapping:
release_repo: bosh-openstack-cpi-release
version: release-version-semver
params:
GIT_USER_NAME: CI Bot
GIT_USER_EMAIL: bots@cloudfoundry.org
Expand All @@ -238,17 +315,22 @@ jobs:
options:
credentials_source: static
json_key: '((cloud-foundry-gcp-credentials))'
- put: release-version-semver
timeout: *timeouts-long
params: { file: release-version-semver/number }

- put: bosh-openstack-cpi-release
timeout: *timeouts-long
params:
repository: release_repo
rebase: true
tag: release_metadata/tag-name
- put: bosh-openstack-cpi-release-github-release
params:
name: release_metadata/tag-name
tag: release_metadata/tag-name
body: release-notes/release-notes
commitish: bosh-openstack-cpi-release/.git/ref
generate_release_notes: true
- put: release-notes
params:
file: release_metadata/empty-file

- name: bump-deps
plan:
Expand Down Expand Up @@ -334,21 +416,30 @@ jobs:
resource_types:
- name: terraform
type: registry-image
check_every: 168h
source:
repository: ljfranklin/terraform-resource
username: ((docker.username))
password: ((docker.password))
- name: bosh-release
type: docker-image
type: registry-image
check_every: 168h
source:
repository: dpb587/bosh-release-resource
username: ((docker.username))
password: ((docker.password))
- name: gcs
type: registry-image
check_every: 168h
source:
repository: frodenas/gcs-resource
username: ((docker.username))
password: ((docker.password))
- name: semver
type: docker-image
type: registry-image
check_every: 168h
source:
repository: concourse/semver-resource
tag: 1.6
username: ((docker.username))
password: ((docker.password))

Expand Down Expand Up @@ -378,10 +469,17 @@ resources:
type: gcs
tags: [ "nimbus" ]
source:
bucket: bosh-openstack-cpi-blobs # OpenStack CPI account
bucket: bosh-openstack-cpi-blobs
versioned_file: lifecycle.log
json_key: ((cloud-foundry-gcp-credentials))

- name: release-notes
type: gcs
source:
bucket: bosh-openstack-cpi-blobs
versioned_file: release-notes
json_key: ((cloud-foundry-gcp-credentials))

- name: bosh-openstack-cpi-release
type: git
tags: [ "nimbus" ]
Expand All @@ -390,9 +488,15 @@ resources:
branch: master
private_key: ((github_deploy_key_bosh-openstack-cpi-release.private_key))

- name: bosh-openstack-cpi-release-github-release
type: github-release
source:
owner: cloudfoundry
repository: bosh-openstack-cpi-release
access_token: ((github_public_repo_token))

- name: release-version-semver
type: semver
tags: [ "nimbus" ]
source:
initial_version: "35.0.0"
driver: git
Expand Down Expand Up @@ -429,16 +533,27 @@ resources:

- name: openstack-cpi-release-docker-image
type: docker-image
check_every: never
source:
username: ((docker.username))
password: ((docker.password))
repository: boshcpi/openstack-cpi-release
- name: bosh-ruby-release-registry-image
type: registry-image
check_every: 168h
source:
repository: bosh/ruby-release
username: ((docker.username))
password: ((docker.password))

- name: bosh-security-scanner-registry-image
type: registry-image
check_every: 24h
source:
repository: bosh/security-scanner
username: ((docker.username))
password: ((docker.password))

- name: golang-release
type: git
source:
Expand All @@ -449,6 +564,7 @@ resources:
uri: https://github.com/cloudfoundry/bosh-package-ruby-release.git
- name: bosh-ecosystem-concourse-image
type: registry-image
check_every: 168h
source:
repository: bosh/bosh-ecosystem-concourse
username: ((docker.username))
Expand Down

0 comments on commit c13ca17

Please sign in to comment.