mirror of
https://github.com/FairwindsOps/polaris.git
synced 2026-02-14 09:59:53 +00:00
184 lines
5.7 KiB
YAML
184 lines
5.7 KiB
YAML
version: 2.1
|
|
|
|
orbs:
|
|
rok8s: fairwinds/rok8s-scripts@12
|
|
oss-docs: fairwinds/oss-docs@0
|
|
|
|
executors:
|
|
vm:
|
|
machine:
|
|
enabled: true
|
|
|
|
commands:
|
|
install_goreleaser_dependencies:
|
|
description: Installs dependencies for CI scripts
|
|
steps:
|
|
- run: apk update
|
|
# gettext provides envsubst
|
|
- run: apk add gettext
|
|
# Register other docker platforms, to build arm64.
|
|
# This shouldn't be needed, why TBD.
|
|
- run: docker run --privileged --rm tonistiigi/binfmt --install all
|
|
|
|
references:
|
|
set_environment_variables: &set_environment_variables
|
|
run:
|
|
name: Set Environment Variables
|
|
command: |
|
|
echo 'export CI_SHA1=$CIRCLE_SHA1' >> ${BASH_ENV}
|
|
echo 'export CI_BRANCH=$CIRCLE_BRANCH' >> ${BASH_ENV}
|
|
echo 'export CI_BUILD_NUM=$CIRCLE_BUILD_NUM' >> ${BASH_ENV}
|
|
echo 'export CI_TAG=$CIRCLE_TAG' >> ${BASH_ENV}
|
|
echo 'export PUSH_ALL_VERSION_TAGS=true' >> ${BASH_ENV}
|
|
echo 'export GOPROXY=https://proxy.golang.org' >> ${BASH_ENV}
|
|
echo 'export GO111MODULE=on' >> ${BASH_ENV}
|
|
echo 'export GOFLAGS=-mod=mod' >> ${BASH_ENV}
|
|
echo 'export GORELEASER_CURRENT_TAG="${CIRCLE_TAG}"' >> $BASH_ENV
|
|
|
|
install_k8s: &install_k8s
|
|
run:
|
|
name: Install K8s
|
|
command: |
|
|
sudo apt-get update
|
|
echo "Installing git and jq"
|
|
sudo apt-get install -yqq jq git
|
|
|
|
echo "Installing KIND"
|
|
curl -sLO https://github.com/kubernetes-sigs/kind/releases/download/v0.19.0/kind-linux-amd64
|
|
chmod 0755 kind-linux-amd64
|
|
sudo mv kind-linux-amd64 /usr/local/bin/kind
|
|
kind version
|
|
|
|
echo "Installing Kubectl"
|
|
curl -sLO https://storage.googleapis.com/kubernetes-release/release/v1.25.10/bin/linux/amd64/kubectl
|
|
chmod 0755 kubectl
|
|
sudo mv kubectl /usr/local/bin/
|
|
kubectl version --client
|
|
|
|
|
|
echo "Creating Kubernetes Cluster with Kind"
|
|
kind create cluster --wait=90s --image kindest/node:v1.25.9@sha256:c08d6c52820aa42e533b70bce0c2901183326d86dcdcbedecc9343681db45161
|
|
docker ps -a
|
|
|
|
kubectl version
|
|
|
|
echo "Installing Helm"
|
|
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
|
|
chmod 700 get_helm.sh
|
|
./get_helm.sh
|
|
|
|
echo "Installing cert-manager"
|
|
helm repo add jetstack https://charts.jetstack.io
|
|
helm repo update
|
|
echo "Helm install"
|
|
helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v1.12.1 --set "installCRDs=true" --wait --create-namespace
|
|
echo "Install cert-manager successful"
|
|
|
|
test_binary_dashboard: &test_binary_dashboard
|
|
run:
|
|
name: Test Dashboard
|
|
command: |
|
|
go run main.go dashboard --port 3000 --audit-path ./pkg/config/examples &
|
|
sleep 30
|
|
curl -f http://localhost:3000 > /dev/null
|
|
curl -f http://localhost:3000/health > /dev/null
|
|
curl -f http://localhost:3000/favicon.ico > /dev/null
|
|
curl -f http://localhost:3000/static/css/main.css > /dev/null
|
|
curl -f http://localhost:3000/results.json > /dev/null
|
|
curl -f http://localhost:3000/details/security > /dev/null
|
|
test_k8s: &test_k8s
|
|
run:
|
|
name: Test Kubernetes Deployments
|
|
command: |
|
|
if [[ -z $CIRCLE_PR_NUMBER ]]; then
|
|
./test/webhook_test.sh
|
|
./test/kube_dashboard_test.sh
|
|
else
|
|
echo "Skipping Kubernetes tests for forked PR"
|
|
fi
|
|
|
|
install_vault_alpine: &install_vault_alpine
|
|
run:
|
|
name: install hashicorp vault
|
|
command: |
|
|
apk --update add curl yq
|
|
cd /tmp
|
|
curl -LO https://releases.hashicorp.com/vault/1.13.2/vault_1.13.2_linux_amd64.zip
|
|
sha256sum vault_1.13.2_linux_amd64.zip | grep f7930279de8381de7c532164b4a4408895d9606c0d24e2e9d2f9acb5dfe99b3c
|
|
unzip vault_1.13.2_linux_amd64.zip
|
|
mv vault /usr/bin/vault
|
|
jobs:
|
|
test_k8s:
|
|
working_directory: ~/polaris
|
|
resource_class: medium
|
|
executor: vm
|
|
steps:
|
|
- checkout
|
|
- *set_environment_variables
|
|
- *install_k8s
|
|
- *test_k8s
|
|
|
|
test:
|
|
docker:
|
|
- image: cimg/go:1.24.4
|
|
steps:
|
|
- checkout
|
|
- *set_environment_variables
|
|
- run: go vet ./...
|
|
- run: go test ./... -coverprofile=coverage.txt -covermode=count
|
|
- *test_binary_dashboard
|
|
|
|
build_and_push:
|
|
working_directory: /go/src/github.com/fairwindsops/polaris/
|
|
resource_class: large
|
|
shell: /bin/bash
|
|
docker:
|
|
# The goreleaser image tag determins the version of Go.
|
|
# Manually check goreleaser images for their version of Go.
|
|
# Ref: https://hub.docker.com/r/goreleaser/goreleaser/tags
|
|
- image: goreleaser/goreleaser:v2.10.2
|
|
steps:
|
|
- checkout
|
|
- setup_remote_docker
|
|
- *install_vault_alpine
|
|
- rok8s/get_vault_env:
|
|
vault_path: repo/global/env
|
|
- rok8s/get_vault_env:
|
|
vault_path: repo/polaris/env
|
|
- *set_environment_variables
|
|
- run: docker login quay.io -u="${FAIRWINDS_QUAY_USER}" -p="${FAIRWINDS_QUAY_TOKEN}"
|
|
- install_goreleaser_dependencies
|
|
- run: scripts/goreleaser.sh
|
|
|
|
workflows:
|
|
version: 2
|
|
|
|
release:
|
|
jobs:
|
|
- test:
|
|
filters:
|
|
tags:
|
|
only: /.*/
|
|
- build_and_push:
|
|
context: org-global
|
|
filters:
|
|
branches:
|
|
ignore: /pull\/[0-9]+/
|
|
tags:
|
|
ignore: /^testing-.*/
|
|
- test_k8s:
|
|
requires:
|
|
- build_and_push
|
|
filters:
|
|
branches:
|
|
ignore: /pull\/[0-9]+/
|
|
tags:
|
|
ignore: /^testing-.*/
|
|
- oss-docs/publish-docs:
|
|
repository: polaris
|
|
filters:
|
|
branches:
|
|
ignore: /.*/
|
|
tags:
|
|
ignore: /^testing-.*/
|