diff --git a/.drone.jsonnet b/.drone.jsonnet index d4d5ab6..c636cd4 100644 --- a/.drone.jsonnet +++ b/.drone.jsonnet @@ -1,5 +1,5 @@ -local PythonVersions(pyversion="2.7", py="27") = { - name: "python" + pyversion + "-ansible", +local PythonVersion(pyversion="2.7") = { + name: "python" + std.strReplace(pyversion, '.', '') + "-ansible", image: "python:" + pyversion, pull: "always", environment: { @@ -7,57 +7,53 @@ local PythonVersions(pyversion="2.7", py="27") = { }, commands: [ "pip install tox -qq", - "tox -e $(tox -l | grep py" + py + " | xargs | sed 's/ /,/g') -q", + "tox -e $(tox -l | grep py" + std.strReplace(pyversion, '.', '') + " | xargs | sed 's/ /,/g') -q", ], depends_on: [ "clone", ], }; -local PipelineTesting = { +local PipelineLint = { + kind: "pipeline", + name: "lint", + platform: { + os: "linux", + arch: "amd64", + }, + steps: [ + { + name: "flake8", + image: "python:3.7", + pull: "always", + environment: { + PY_COLORS: 1 + }, + commands: [ + "pip install -r test-requirements.txt -qq", + "pip install -qq .", + "flake8 ./ansiblelater", + ], + }, + ], + trigger: { + ref: ["refs/heads/master", "refs/tags/**", "refs/pull/**"], + }, +}; + +local PipelineTest = { kind: "pipeline", - name: "testing", + name: "test", platform: { os: "linux", arch: "amd64", }, steps: [ - PythonVersions(pyversion="2.7", py="27"), - PythonVersions(pyversion="3.5", py="35"), - PythonVersions(pyversion="3.6", py="36"), - PythonVersions(pyversion="3.7", py="37"), - { - name: "python-flake8", - image: "python:3.7", - pull: "always", - environment: { - PY_COLORS: 1 - }, - commands: [ - "pip install -r test-requirements.txt -qq", - "pip install -qq .", - "flake8 ./ansiblelater", - ], - depends_on: [ - "clone", - ], - }, - { - name: "python-bandit", - image: "python:3.7", - pull: "always", - environment: { - PY_COLORS: 1 - }, - commands: [ - "pip install -r test-requirements.txt -qq", - "pip install -qq .", - "bandit -r ./ansiblelater -x ./ansiblelater/tests", - ], - depends_on: [ - "clone", - ], - }, + PythonVersion(pyversion="2.7"), + PythonVersion(pyversion="3.5"), + PythonVersion(pyversion="3.6"), + PythonVersion(pyversion="3.7"), + PythonVersion(pyversion="3.8-rc"), { name: "codecov", image: "python:3.7", @@ -72,24 +68,120 @@ local PipelineTesting = { "codecov --required" ], depends_on: [ - "python2.7-ansible", - "python3.5-ansible", - "python3.6-ansible", - "python3.7-ansible" + "python27-ansible", + "python35-ansible", + "python36-ansible", + "python37-ansible", + "python38-rc-ansible", ], } ], + depends_on: [ + "lint", + ], trigger: { ref: ["refs/heads/master", "refs/tags/**", "refs/pull/**"], }, }; -local PipelineBuild = { +local PipelineSecurity = { + kind: "pipeline", + name: "security", + platform: { + os: "linux", + arch: "amd64", + }, + steps: [ + { + name: "bandit", + image: "python:3.7", + pull: "always", + environment: { + PY_COLORS: 1 + }, + commands: [ + "pip install -r test-requirements.txt -qq", + "pip install -qq .", + "bandit -r ./ansiblelater -x ./ansiblelater/tests", + ], + }, + ], + depends_on: [ + "test", + ], + trigger: { + ref: ["refs/heads/master", "refs/tags/**", "refs/pull/**"], + }, +}; + +local PipelineBuildPackage = { + kind: "pipeline", + name: "build-package", + platform: { + os: "linux", + arch: "amd64", + }, + steps: [ + { + name: "build", + image: "python:3.7", + pull: "always", + commands: [ + "python setup.py sdist bdist_wheel", + ] + }, + { + name: "checksum", + image: "alpine", + pull: "always", + commands: [ + "cd dist/ && sha256sum * > ../sha256sum.txt" + ], + }, + { + name: "publish-github", + image: "plugins/github-release", + pull: "always", + settings: { + overwrite: true, + api_key: { "from_secret": "github_token"}, + files: ["dist/*", "sha256sum.txt"], + title: "${DRONE_TAG}", + note: "CHANGELOG.md", + }, + when: { + ref: [ "refs/tags/**" ], + }, + }, + { + name: "publish-pypi", + image: "plugins/pypi", + pull: "always", + settings: { + username: { "from_secret": "pypi_username" }, + password: { "from_secret": "pypi_password" }, + repository: "https://upload.pypi.org/legacy/", + skip_build: true + }, + when: { + ref: [ "refs/tags/**" ], + }, + }, + ], + depends_on: [ + "security", + ], + trigger: { + ref: ["refs/heads/master", "refs/tags/**", "refs/pull/**"], + }, +}; + +local PipelineBuildContainer(arch="amd64") = { kind: "pipeline", - name: "build", + name: "build-container-" + arch, platform: { os: "linux", - arch: "amd64", + arch: arch, }, steps: [ { @@ -97,69 +189,46 @@ local PipelineBuild = { image: "python:3.7", pull: "always", commands: [ - "python setup.py sdist bdist_wheel", + "python setup.py bdist_wheel", ] }, { - name: "checksum", - image: "alpine", - pull: "always", - commands: [ - "apk add --no-cache coreutils", - "sha256sum -b dist/* > sha256sum.txt" - ], - }, - { - name: "gpg-sign", - image: "plugins/gpgsign:1", + name: "dryrun", + image: "plugins/docker:18-linux-" + arch, pull: "always", settings: { - key: { "from_secret": "gpgsign_key" }, - passphrase: { "from_secret": "gpgsign_passphrase" }, - detach_sign: true, - files: [ "dist/*" ], + dry_run: true, + dockerfile: "Dockerfile", + repo: "xoxys/ansible-later", + username: { "from_secret": "docker_username" }, + password: { "from_secret": "docker_password" }, }, when: { - event: { - exclude: ['pull_request'], - }, + ref: ["refs/pull/**"], }, }, { - name: "publish-github", - image: "plugins/github-release", + name: "publish", + image: "plugins/docker:18-linux-" + arch, pull: "always", settings: { - api_key: { "from_secret": "github_token"}, - overwrite: true, - files: ["dist/*", "sha256sum.txt"], - title: "${DRONE_TAG}", - note: "CHANGELOG.md", + auto_tag: true, + auto_tag_suffix: arch, + dockerfile: "Dockerfile", + repo: "xoxys/ansible-later", + username: { "from_secret": "docker_username" }, + password: { "from_secret": "docker_password" }, }, when: { - event: [ "tag" ], - }, - }, - { - name: "publish-pypi", - image: "plugins/pypi", - pull: "always", - settings: { - username: { "from_secret": "pypi_username" }, - password: { "from_secret": "pypi_password" }, - repository: "https://upload.pypi.org/legacy/", - skip_build: true - }, - when: { - event: [ "tag" ], + ref: ["refs/heads/master", "refs/tags/**"], }, }, ], depends_on: [ - "testing", + "security", ], trigger: { - ref: ["refs/heads/master", "refs/tags/**", "refs/pull/**"], + ref: ["refs/heads/master", "refs/tags/**", "refs/pull/**"], }, }; @@ -171,6 +240,51 @@ local PipelineNotifications = { arch: "amd64", }, steps: [ + { + image: "plugins/manifest", + name: "manifest", + pull: "always", + settings: { + ignore_missing: true, + auto_tag: true, + username: { from_secret: "docker_username" }, + password: { from_secret: "docker_password" }, + spec: "manifest.tmpl", + }, + when: { + ref: [ + 'refs/heads/master', + 'refs/tags/**', + ], + }, + }, + { + name: "readme", + image: "sheogorath/readme-to-dockerhub", + pull: "always", + environment: { + DOCKERHUB_USERNAME: { from_secret: "docker_username" }, + DOCKERHUB_PASSWORD: { from_secret: "docker_password" }, + DOCKERHUB_REPO_PREFIX: "xoxys", + DOCKERHUB_REPO_NAME: "ansible-later", + README_PATH: "README.md", + SHORT_DESCRIPTION: "ansible-later - Simple annotation based documentation for your roles" + }, + when: { + ref: [ + 'refs/heads/master', + 'refs/tags/**', + ], + }, + }, + { + name: "microbadger", + image: "plugins/webhook", + pull: "always", + settings: { + urls: { from_secret: "microbadger_url" }, + }, + }, { name: "matrix", image: "plugins/matrix", @@ -184,7 +298,10 @@ local PipelineNotifications = { }, ], depends_on: [ - "build", + "build-package", + "build-container-amd64", + "build-container-arm64", + "build-container-arm" ], trigger: { ref: ["refs/heads/master", "refs/tags/**"], @@ -193,7 +310,12 @@ local PipelineNotifications = { }; [ - PipelineTesting, - PipelineBuild, + PipelineLint, + PipelineTest, + PipelineSecurity, + PipelineBuildPackage, + PipelineBuildContainer(arch="amd64"), + PipelineBuildContainer(arch="arm64"), + PipelineBuildContainer(arch="arm"), PipelineNotifications, ] diff --git a/.drone.yml b/.drone.yml index 0bc6e78..04c3372 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,13 +1,38 @@ --- kind: pipeline -name: testing +name: lint platform: os: linux arch: amd64 steps: -- name: python2.7-ansible +- name: flake8 + pull: always + image: python:3.7 + commands: + - pip install -r test-requirements.txt -qq + - pip install -qq . + - flake8 ./ansiblelater + environment: + PY_COLORS: 1 + +trigger: + ref: + - refs/heads/master + - "refs/tags/**" + - "refs/pull/**" + +--- +kind: pipeline +name: test + +platform: + os: linux + arch: amd64 + +steps: +- name: python27-ansible pull: always image: python:2.7 commands: @@ -18,7 +43,7 @@ steps: depends_on: - clone -- name: python3.5-ansible +- name: python35-ansible pull: always image: python:3.5 commands: @@ -29,7 +54,7 @@ steps: depends_on: - clone -- name: python3.6-ansible +- name: python36-ansible pull: always image: python:3.6 commands: @@ -40,7 +65,7 @@ steps: depends_on: - clone -- name: python3.7-ansible +- name: python37-ansible pull: always image: python:3.7 commands: @@ -51,25 +76,12 @@ steps: depends_on: - clone -- name: python-flake8 +- name: python38-rc-ansible pull: always - image: python:3.7 + image: python:3.8-rc commands: - - pip install -r test-requirements.txt -qq - - pip install -qq . - - flake8 ./ansiblelater - environment: - PY_COLORS: 1 - depends_on: - - clone - -- name: python-bandit - pull: always - image: python:3.7 - commands: - - pip install -r test-requirements.txt -qq - - pip install -qq . - - bandit -r ./ansiblelater -x ./ansiblelater/tests + - pip install tox -qq + - "tox -e $(tox -l | grep py38-rc | xargs | sed 's/ /,/g') -q" environment: PY_COLORS: 1 depends_on: @@ -87,10 +99,11 @@ steps: from_secret: codecov_token PY_COLORS: 1 depends_on: - - python2.7-ansible - - python3.5-ansible - - python3.6-ansible - - python3.7-ansible + - python27-ansible + - python35-ansible + - python36-ansible + - python37-ansible + - python38-rc-ansible trigger: ref: @@ -98,9 +111,40 @@ trigger: - "refs/tags/**" - "refs/pull/**" +depends_on: +- lint + --- kind: pipeline -name: build +name: security + +platform: + os: linux + arch: amd64 + +steps: +- name: bandit + pull: always + image: python:3.7 + commands: + - pip install -r test-requirements.txt -qq + - pip install -qq . + - bandit -r ./ansiblelater -x ./ansiblelater/tests + environment: + PY_COLORS: 1 + +trigger: + ref: + - refs/heads/master + - "refs/tags/**" + - "refs/pull/**" + +depends_on: +- test + +--- +kind: pipeline +name: build-package platform: os: linux @@ -117,24 +161,7 @@ steps: pull: always image: alpine commands: - - apk add --no-cache coreutils - - "sha256sum -b dist/* > sha256sum.txt" - -- name: gpg-sign - pull: always - image: plugins/gpgsign:1 - settings: - detach_sign: true - files: - - "dist/*" - key: - from_secret: gpgsign_key - passphrase: - from_secret: gpgsign_passphrase - when: - event: - exclude: - - pull_request + - "cd dist/ && sha256sum * > ../sha256sum.txt" - name: publish-github pull: always @@ -149,8 +176,8 @@ steps: overwrite: true title: "${DRONE_TAG}" when: - event: - - tag + ref: + - "refs/tags/**" - name: publish-pypi pull: always @@ -163,8 +190,8 @@ steps: username: from_secret: pypi_username when: - event: - - tag + ref: + - "refs/tags/**" trigger: ref: @@ -173,7 +200,175 @@ trigger: - "refs/pull/**" depends_on: -- testing +- security + +--- +kind: pipeline +name: build-container-amd64 + +platform: + os: linux + arch: amd64 + +steps: +- name: build + pull: always + image: python:3.7 + commands: + - python setup.py bdist_wheel + +- name: dryrun + pull: always + image: plugins/docker:18-linux-amd64 + settings: + dockerfile: Dockerfile + dry_run: true + password: + from_secret: docker_password + repo: xoxys/ansible-later + username: + from_secret: docker_username + when: + ref: + - "refs/pull/**" + +- name: publish + pull: always + image: plugins/docker:18-linux-amd64 + settings: + auto_tag: true + auto_tag_suffix: amd64 + dockerfile: Dockerfile + password: + from_secret: docker_password + repo: xoxys/ansible-later + username: + from_secret: docker_username + when: + ref: + - refs/heads/master + - "refs/tags/**" + +trigger: + ref: + - refs/heads/master + - "refs/tags/**" + - "refs/pull/**" + +depends_on: +- security + +--- +kind: pipeline +name: build-container-arm64 + +platform: + os: linux + arch: arm64 + +steps: +- name: build + pull: always + image: python:3.7 + commands: + - python setup.py bdist_wheel + +- name: dryrun + pull: always + image: plugins/docker:18-linux-arm64 + settings: + dockerfile: Dockerfile + dry_run: true + password: + from_secret: docker_password + repo: xoxys/ansible-later + username: + from_secret: docker_username + when: + ref: + - "refs/pull/**" + +- name: publish + pull: always + image: plugins/docker:18-linux-arm64 + settings: + auto_tag: true + auto_tag_suffix: arm64 + dockerfile: Dockerfile + password: + from_secret: docker_password + repo: xoxys/ansible-later + username: + from_secret: docker_username + when: + ref: + - refs/heads/master + - "refs/tags/**" + +trigger: + ref: + - refs/heads/master + - "refs/tags/**" + - "refs/pull/**" + +depends_on: +- security + +--- +kind: pipeline +name: build-container-arm + +platform: + os: linux + arch: arm + +steps: +- name: build + pull: always + image: python:3.7 + commands: + - python setup.py bdist_wheel + +- name: dryrun + pull: always + image: plugins/docker:18-linux-arm + settings: + dockerfile: Dockerfile + dry_run: true + password: + from_secret: docker_password + repo: xoxys/ansible-later + username: + from_secret: docker_username + when: + ref: + - "refs/pull/**" + +- name: publish + pull: always + image: plugins/docker:18-linux-arm + settings: + auto_tag: true + auto_tag_suffix: arm + dockerfile: Dockerfile + password: + from_secret: docker_password + repo: xoxys/ansible-later + username: + from_secret: docker_username + when: + ref: + - refs/heads/master + - "refs/tags/**" + +trigger: + ref: + - refs/heads/master + - "refs/tags/**" + - "refs/pull/**" + +depends_on: +- security --- kind: pipeline @@ -184,6 +379,46 @@ platform: arch: amd64 steps: +- name: manifest + pull: always + image: plugins/manifest + settings: + auto_tag: true + ignore_missing: true + password: + from_secret: docker_password + spec: manifest.tmpl + username: + from_secret: docker_username + when: + ref: + - refs/heads/master + - "refs/tags/**" + +- name: readme + pull: always + image: sheogorath/readme-to-dockerhub + environment: + DOCKERHUB_PASSWORD: + from_secret: docker_password + DOCKERHUB_REPO_NAME: ansible-later + DOCKERHUB_REPO_PREFIX: xoxys + DOCKERHUB_USERNAME: + from_secret: docker_username + README_PATH: README.md + SHORT_DESCRIPTION: ansible-later - Simple annotation based documentation for your roles + when: + ref: + - refs/heads/master + - "refs/tags/**" + +- name: microbadger + pull: always + image: plugins/webhook + settings: + urls: + from_secret: microbadger_url + - name: matrix image: plugins/matrix settings: @@ -204,6 +439,13 @@ trigger: - failure depends_on: -- build +- build-package +- build-container-amd64 +- build-container-arm64 +- build-container-arm + +--- +kind: signature +hmac: 16fda397e94995b67b04af6d36fb22c81393687fce44291b980d4e9812f39125 ... diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..2bbda29 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,21 @@ +FROM python:3.7-alpine + +LABEL maintainer="Robert Kaussow " \ + org.label-schema.name="ansible-later" \ + org.label-schema.vcs-url="https://github.com/xoxys/ansible-later" \ + org.label-schema.vendor="Robert Kaussow" \ + org.label-schema.schema-version="1.0" + +ADD dist/ansible_later-*.whl / + +RUN \ + apk update --no-cache && \ + rm -rf /var/cache/apk/* && \ + pip install --upgrade --no-cache-dir pip && \ + pip install --no-cache-dir --find-links=. ansible-later && \ + rm -f ansible_later-*.whl && \ + rm -rf /root/.cache/ + +USER root +CMD [] +ENTRYPOINT ["/usr/local/bin/ansible-later"] diff --git a/manifest.tmpl b/manifest.tmpl new file mode 100644 index 0000000..53c09aa --- /dev/null +++ b/manifest.tmpl @@ -0,0 +1,24 @@ +image: xoxys/ansible-later:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}} +{{#if build.tags}} +tags: +{{#each build.tags}} + - {{this}} +{{/each}} +{{/if}} +manifests: + - image: xoxys/ansible-later:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}amd64 + platform: + architecture: amd64 + os: linux + + - image: xoxys/ansible-later:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}arm64 + platform: + architecture: arm64 + os: linux + variant: v8 + + - image: xoxys/ansible-later:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}arm + platform: + architecture: arm + os: linux + variant: v7