From 21706914d9f010da8cae43bfd8e6a12dd2c52fcf Mon Sep 17 00:00:00 2001 From: Shohei Maeda <11495867+smaeda-ks@users.noreply.github.com> Date: Mon, 4 Apr 2022 21:53:54 +0900 Subject: [PATCH] Update orb-tools version (#4) --- .circleci/config.yml | 145 ++++++++------------------------------ .circleci/test-deploy.yml | 79 +++++++++++++++++++++ 2 files changed, 108 insertions(+), 116 deletions(-) create mode 100644 .circleci/test-deploy.yml diff --git a/.circleci/config.yml b/.circleci/config.yml index 5a1b658..263f86e 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,125 +1,38 @@ version: 2.1 - +setup: true orbs: - orb-hashicorp-vault-cli: smaeda-ks/orb-hashicorp-vault-cli@<> - orb-tools: circleci/orb-tools@10.0 - bats: circleci/bats@1.0 - -# Pipeline Parameters -## These parameters are used internally by orb-tools. Skip to the Jobs section. -parameters: - run-integration-tests: - description: An internal flag to prevent integration test from running before a development version has been created. - type: boolean - default: false - dev-orb-version: - description: > - The development version of the orb to test. - This value is automatically adjusted by the "trigger-integration-tests-workflow" job to correspond with the specific version created by the commit and should not be edited. - A "dev:alpha" version must exist for the initial pipeline run. - type: string - default: "dev:alpha" - -jobs: - integration-test-1: - machine: true - steps: - - checkout - - run: - name: Start local Vault dev server (Docker) - command: | - docker run -d --cap-add=IPC_LOCK -p 8200:8200 -e 'VAULT_DEV_ROOT_TOKEN_ID=myroot' vault - - orb-hashicorp-vault-cli/install - - run: vault --version - - run: - name: Set up Vault dev server - command: | - vault auth enable jwt + orb-tools: circleci/orb-tools@11.1 + # shellcheck: circleci/shellcheck@3.1 - vault write auth/jwt/config \ - bound_issuer="https://oidc.circleci.com/org/${CIRCLECI_ORG_ID}" \ - oidc_discovery_url="https://oidc.circleci.com/org/${CIRCLECI_ORG_ID}" +filters: &filters + tags: + only: /.*/ - vault kv put secret/circleci/orb test=foo - - vault policy write circleci-orb-dev -\<> + lint-pack: jobs: - - orb-tools/lint # Lint Yaml files - - orb-tools/pack # Pack orb source - # optional: Run BATS tests against your scripts - # - bats/run: - # path: ./src/tests - # Publish development version(s) of the orb. - - orb-tools/publish-dev: + - orb-tools/lint: + filters: *filters + - orb-tools/pack: + filters: *filters + - orb-tools/review: + filters: *filters + exclude: RC006,RC009 + # - shellcheck/check: + # exclude: SC2148,SC2038,SC2086,SC2002,SC2016 + # filters: *filters + - orb-tools/publish: orb-name: smaeda-ks/orb-hashicorp-vault-cli - context: orb-publishing # A restricted context containing your private publishing credentials. Will only execute if approved by an authorized user. - requires: - - orb-tools/lint - - orb-tools/pack - # - bats/run - # Trigger an integration workflow to test the - # dev:${CIRCLE_SHA1:0:7} version of your orb - - orb-tools/trigger-integration-tests-workflow: - name: trigger-integration-dev - context: orb-publishing + vcs-type: << pipeline.project.type >> requires: - - orb-tools/publish-dev - - # This `integration-test_deploy` workflow will only run - # when the run-integration-tests pipeline parameter is set to true. - # It is meant to be triggered by the "trigger-integration-tests-workflow" - # job, and run tests on @dev:${CIRCLE_SHA1:0:7}. - integration-test_deploy: - when: << pipeline.parameters.run-integration-tests >> - jobs: - # Run any integration tests defined within the `jobs` key. - - integration-test-1: + [orb-tools/lint, orb-tools/review, orb-tools/pack] + # Use a context to hold your publishing token. context: orb-publishing - # Publish a semver version of the orb. relies on - # the commit subject containing the text "[semver:patch|minor|major|skip]" - # as that will determine whether a patch, minor or major - # version will be published or if publishing should - # be skipped. - # e.g. [semver:patch] will cause a patch version to be published. - - orb-tools/dev-promote-prod-from-commit-subject: - orb-name: smaeda-ks/orb-hashicorp-vault-cli - context: orb-publishing - add-pr-comment: false - fail-if-semver-not-indicated: true - publish-version-tag: false - requires: - - integration-test-1 - filters: - branches: - only: - - master - - main + filters: *filters + # Triggers the next workflow in the Orb Development Kit. + - orb-tools/continue: + config-path: .circleci/test-deploy.yml + pipeline-number: << pipeline.number >> + vcs-type: << pipeline.project.type >> + requires: [orb-tools/publish] + filters: *filters diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml new file mode 100644 index 0000000..1f7762f --- /dev/null +++ b/.circleci/test-deploy.yml @@ -0,0 +1,79 @@ +version: 2.1 +orbs: + orb-hashicorp-vault-cli: smaeda-ks/orb-hashicorp-vault-cli@dev:<> + orb-tools: circleci/orb-tools@11.1 + +filters: &filters + tags: + only: /.*/ + +jobs: + integration-test: + machine: true + steps: + - checkout + - run: + name: Start local Vault dev server (Docker) + command: | + docker run -d --cap-add=IPC_LOCK -p 8200:8200 -e 'VAULT_DEV_ROOT_TOKEN_ID=myroot' vault + - orb-hashicorp-vault-cli/install + - run: vault --version + - run: + name: Set up Vault dev server + command: | + vault auth enable jwt + + vault write auth/jwt/config \ + bound_issuer="https://oidc.circleci.com/org/${CIRCLECI_ORG_ID}" \ + oidc_discovery_url="https://oidc.circleci.com/org/${CIRCLECI_ORG_ID}" + + vault kv put secret/circleci/orb test=foo + + vault policy write circleci-orb-dev -\<> + pub-type: production + enable-pr-comment: false + requires: + - orb-tools/pack + - integration-test + context: orb-publishing + filters: + branches: + ignore: /.*/ + tags: + only: /^v[0-9]+\.[0-9]+\.[0-9]+$/