add docker image build to ci pipeline

This commit is contained in:
Robert Kaussow 2019-10-10 17:58:58 +02:00
parent e02053dd15
commit 170a2444ae
4 changed files with 554 additions and 145 deletions

View File

@ -1,5 +1,5 @@
local PythonVersions(pyversion="2.7", py="27") = {
name: "python" + pyversion + "-ansible",
local PythonVersion(pyversion="2.7") = {
name: "python" + std.strReplace(pyversion, '.', '') + "-ansible",
image: "python:" + pyversion,
pull: "always",
environment: {
@ -7,27 +7,23 @@ local PythonVersions(pyversion="2.7", py="27") = {
},
commands: [
"pip install tox -qq",
"tox -e $(tox -l | grep py" + py + " | xargs | sed 's/ /,/g') -q",
"tox -e $(tox -l | grep py" + std.strReplace(pyversion, '.', '') + " | xargs | sed 's/ /,/g') -q",
],
depends_on: [
"clone",
],
};
local PipelineTesting = {
local PipelineLint = {
kind: "pipeline",
name: "testing",
name: "lint",
platform: {
os: "linux",
arch: "amd64",
},
steps: [
PythonVersions(pyversion="2.7", py="27"),
PythonVersions(pyversion="3.5", py="35"),
PythonVersions(pyversion="3.6", py="36"),
PythonVersions(pyversion="3.7", py="37"),
{
name: "python-flake8",
name: "flake8",
image: "python:3.7",
pull: "always",
environment: {
@ -38,26 +34,26 @@ local PipelineTesting = {
"pip install -qq .",
"flake8 ./ansiblelater",
],
depends_on: [
"clone",
],
},
{
name: "python-bandit",
image: "python:3.7",
pull: "always",
environment: {
PY_COLORS: 1
},
commands: [
"pip install -r test-requirements.txt -qq",
"pip install -qq .",
"bandit -r ./ansiblelater -x ./ansiblelater/tests",
],
depends_on: [
"clone",
],
trigger: {
ref: ["refs/heads/master", "refs/tags/**", "refs/pull/**"],
},
};
local PipelineTest = {
kind: "pipeline",
name: "test",
platform: {
os: "linux",
arch: "amd64",
},
steps: [
PythonVersion(pyversion="2.7"),
PythonVersion(pyversion="3.5"),
PythonVersion(pyversion="3.6"),
PythonVersion(pyversion="3.7"),
PythonVersion(pyversion="3.8-rc"),
{
name: "codecov",
image: "python:3.7",
@ -72,21 +68,55 @@ local PipelineTesting = {
"codecov --required"
],
depends_on: [
"python2.7-ansible",
"python3.5-ansible",
"python3.6-ansible",
"python3.7-ansible"
"python27-ansible",
"python35-ansible",
"python36-ansible",
"python37-ansible",
"python38-rc-ansible",
],
}
],
depends_on: [
"lint",
],
trigger: {
ref: ["refs/heads/master", "refs/tags/**", "refs/pull/**"],
},
};
local PipelineBuild = {
local PipelineSecurity = {
kind: "pipeline",
name: "build",
name: "security",
platform: {
os: "linux",
arch: "amd64",
},
steps: [
{
name: "bandit",
image: "python:3.7",
pull: "always",
environment: {
PY_COLORS: 1
},
commands: [
"pip install -r test-requirements.txt -qq",
"pip install -qq .",
"bandit -r ./ansiblelater -x ./ansiblelater/tests",
],
},
],
depends_on: [
"test",
],
trigger: {
ref: ["refs/heads/master", "refs/tags/**", "refs/pull/**"],
},
};
local PipelineBuildPackage = {
kind: "pipeline",
name: "build-package",
platform: {
os: "linux",
arch: "amd64",
@ -105,39 +135,22 @@ local PipelineBuild = {
image: "alpine",
pull: "always",
commands: [
"apk add --no-cache coreutils",
"sha256sum -b dist/* > sha256sum.txt"
"cd dist/ && sha256sum * > ../sha256sum.txt"
],
},
{
name: "gpg-sign",
image: "plugins/gpgsign:1",
pull: "always",
settings: {
key: { "from_secret": "gpgsign_key" },
passphrase: { "from_secret": "gpgsign_passphrase" },
detach_sign: true,
files: [ "dist/*" ],
},
when: {
event: {
exclude: ['pull_request'],
},
},
},
{
name: "publish-github",
image: "plugins/github-release",
pull: "always",
settings: {
api_key: { "from_secret": "github_token"},
overwrite: true,
api_key: { "from_secret": "github_token"},
files: ["dist/*", "sha256sum.txt"],
title: "${DRONE_TAG}",
note: "CHANGELOG.md",
},
when: {
event: [ "tag" ],
ref: [ "refs/tags/**" ],
},
},
{
@ -151,12 +164,68 @@ local PipelineBuild = {
skip_build: true
},
when: {
event: [ "tag" ],
ref: [ "refs/tags/**" ],
},
},
],
depends_on: [
"testing",
"security",
],
trigger: {
ref: ["refs/heads/master", "refs/tags/**", "refs/pull/**"],
},
};
local PipelineBuildContainer(arch="amd64") = {
kind: "pipeline",
name: "build-container-" + arch,
platform: {
os: "linux",
arch: arch,
},
steps: [
{
name: "build",
image: "python:3.7",
pull: "always",
commands: [
"python setup.py bdist_wheel",
]
},
{
name: "dryrun",
image: "plugins/docker:18-linux-" + arch,
pull: "always",
settings: {
dry_run: true,
dockerfile: "Dockerfile",
repo: "xoxys/ansible-later",
username: { "from_secret": "docker_username" },
password: { "from_secret": "docker_password" },
},
when: {
ref: ["refs/pull/**"],
},
},
{
name: "publish",
image: "plugins/docker:18-linux-" + arch,
pull: "always",
settings: {
auto_tag: true,
auto_tag_suffix: arch,
dockerfile: "Dockerfile",
repo: "xoxys/ansible-later",
username: { "from_secret": "docker_username" },
password: { "from_secret": "docker_password" },
},
when: {
ref: ["refs/heads/master", "refs/tags/**"],
},
},
],
depends_on: [
"security",
],
trigger: {
ref: ["refs/heads/master", "refs/tags/**", "refs/pull/**"],
@ -171,6 +240,51 @@ local PipelineNotifications = {
arch: "amd64",
},
steps: [
{
image: "plugins/manifest",
name: "manifest",
pull: "always",
settings: {
ignore_missing: true,
auto_tag: true,
username: { from_secret: "docker_username" },
password: { from_secret: "docker_password" },
spec: "manifest.tmpl",
},
when: {
ref: [
'refs/heads/master',
'refs/tags/**',
],
},
},
{
name: "readme",
image: "sheogorath/readme-to-dockerhub",
pull: "always",
environment: {
DOCKERHUB_USERNAME: { from_secret: "docker_username" },
DOCKERHUB_PASSWORD: { from_secret: "docker_password" },
DOCKERHUB_REPO_PREFIX: "xoxys",
DOCKERHUB_REPO_NAME: "ansible-later",
README_PATH: "README.md",
SHORT_DESCRIPTION: "ansible-later - Simple annotation based documentation for your roles"
},
when: {
ref: [
'refs/heads/master',
'refs/tags/**',
],
},
},
{
name: "microbadger",
image: "plugins/webhook",
pull: "always",
settings: {
urls: { from_secret: "microbadger_url" },
},
},
{
name: "matrix",
image: "plugins/matrix",
@ -184,7 +298,10 @@ local PipelineNotifications = {
},
],
depends_on: [
"build",
"build-package",
"build-container-amd64",
"build-container-arm64",
"build-container-arm"
],
trigger: {
ref: ["refs/heads/master", "refs/tags/**"],
@ -193,7 +310,12 @@ local PipelineNotifications = {
};
[
PipelineTesting,
PipelineBuild,
PipelineLint,
PipelineTest,
PipelineSecurity,
PipelineBuildPackage,
PipelineBuildContainer(arch="amd64"),
PipelineBuildContainer(arch="arm64"),
PipelineBuildContainer(arch="arm"),
PipelineNotifications,
]

View File

@ -1,13 +1,38 @@
---
kind: pipeline
name: testing
name: lint
platform:
os: linux
arch: amd64
steps:
- name: python2.7-ansible
- name: flake8
pull: always
image: python:3.7
commands:
- pip install -r test-requirements.txt -qq
- pip install -qq .
- flake8 ./ansiblelater
environment:
PY_COLORS: 1
trigger:
ref:
- refs/heads/master
- "refs/tags/**"
- "refs/pull/**"
---
kind: pipeline
name: test
platform:
os: linux
arch: amd64
steps:
- name: python27-ansible
pull: always
image: python:2.7
commands:
@ -18,7 +43,7 @@ steps:
depends_on:
- clone
- name: python3.5-ansible
- name: python35-ansible
pull: always
image: python:3.5
commands:
@ -29,7 +54,7 @@ steps:
depends_on:
- clone
- name: python3.6-ansible
- name: python36-ansible
pull: always
image: python:3.6
commands:
@ -40,7 +65,7 @@ steps:
depends_on:
- clone
- name: python3.7-ansible
- name: python37-ansible
pull: always
image: python:3.7
commands:
@ -51,25 +76,12 @@ steps:
depends_on:
- clone
- name: python-flake8
- name: python38-rc-ansible
pull: always
image: python:3.7
image: python:3.8-rc
commands:
- pip install -r test-requirements.txt -qq
- pip install -qq .
- flake8 ./ansiblelater
environment:
PY_COLORS: 1
depends_on:
- clone
- name: python-bandit
pull: always
image: python:3.7
commands:
- pip install -r test-requirements.txt -qq
- pip install -qq .
- bandit -r ./ansiblelater -x ./ansiblelater/tests
- pip install tox -qq
- "tox -e $(tox -l | grep py38-rc | xargs | sed 's/ /,/g') -q"
environment:
PY_COLORS: 1
depends_on:
@ -87,10 +99,11 @@ steps:
from_secret: codecov_token
PY_COLORS: 1
depends_on:
- python2.7-ansible
- python3.5-ansible
- python3.6-ansible
- python3.7-ansible
- python27-ansible
- python35-ansible
- python36-ansible
- python37-ansible
- python38-rc-ansible
trigger:
ref:
@ -98,9 +111,40 @@ trigger:
- "refs/tags/**"
- "refs/pull/**"
depends_on:
- lint
---
kind: pipeline
name: build
name: security
platform:
os: linux
arch: amd64
steps:
- name: bandit
pull: always
image: python:3.7
commands:
- pip install -r test-requirements.txt -qq
- pip install -qq .
- bandit -r ./ansiblelater -x ./ansiblelater/tests
environment:
PY_COLORS: 1
trigger:
ref:
- refs/heads/master
- "refs/tags/**"
- "refs/pull/**"
depends_on:
- test
---
kind: pipeline
name: build-package
platform:
os: linux
@ -117,24 +161,7 @@ steps:
pull: always
image: alpine
commands:
- apk add --no-cache coreutils
- "sha256sum -b dist/* > sha256sum.txt"
- name: gpg-sign
pull: always
image: plugins/gpgsign:1
settings:
detach_sign: true
files:
- "dist/*"
key:
from_secret: gpgsign_key
passphrase:
from_secret: gpgsign_passphrase
when:
event:
exclude:
- pull_request
- "cd dist/ && sha256sum * > ../sha256sum.txt"
- name: publish-github
pull: always
@ -149,8 +176,8 @@ steps:
overwrite: true
title: "${DRONE_TAG}"
when:
event:
- tag
ref:
- "refs/tags/**"
- name: publish-pypi
pull: always
@ -163,8 +190,8 @@ steps:
username:
from_secret: pypi_username
when:
event:
- tag
ref:
- "refs/tags/**"
trigger:
ref:
@ -173,7 +200,175 @@ trigger:
- "refs/pull/**"
depends_on:
- testing
- security
---
kind: pipeline
name: build-container-amd64
platform:
os: linux
arch: amd64
steps:
- name: build
pull: always
image: python:3.7
commands:
- python setup.py bdist_wheel
- name: dryrun
pull: always
image: plugins/docker:18-linux-amd64
settings:
dockerfile: Dockerfile
dry_run: true
password:
from_secret: docker_password
repo: xoxys/ansible-later
username:
from_secret: docker_username
when:
ref:
- "refs/pull/**"
- name: publish
pull: always
image: plugins/docker:18-linux-amd64
settings:
auto_tag: true
auto_tag_suffix: amd64
dockerfile: Dockerfile
password:
from_secret: docker_password
repo: xoxys/ansible-later
username:
from_secret: docker_username
when:
ref:
- refs/heads/master
- "refs/tags/**"
trigger:
ref:
- refs/heads/master
- "refs/tags/**"
- "refs/pull/**"
depends_on:
- security
---
kind: pipeline
name: build-container-arm64
platform:
os: linux
arch: arm64
steps:
- name: build
pull: always
image: python:3.7
commands:
- python setup.py bdist_wheel
- name: dryrun
pull: always
image: plugins/docker:18-linux-arm64
settings:
dockerfile: Dockerfile
dry_run: true
password:
from_secret: docker_password
repo: xoxys/ansible-later
username:
from_secret: docker_username
when:
ref:
- "refs/pull/**"
- name: publish
pull: always
image: plugins/docker:18-linux-arm64
settings:
auto_tag: true
auto_tag_suffix: arm64
dockerfile: Dockerfile
password:
from_secret: docker_password
repo: xoxys/ansible-later
username:
from_secret: docker_username
when:
ref:
- refs/heads/master
- "refs/tags/**"
trigger:
ref:
- refs/heads/master
- "refs/tags/**"
- "refs/pull/**"
depends_on:
- security
---
kind: pipeline
name: build-container-arm
platform:
os: linux
arch: arm
steps:
- name: build
pull: always
image: python:3.7
commands:
- python setup.py bdist_wheel
- name: dryrun
pull: always
image: plugins/docker:18-linux-arm
settings:
dockerfile: Dockerfile
dry_run: true
password:
from_secret: docker_password
repo: xoxys/ansible-later
username:
from_secret: docker_username
when:
ref:
- "refs/pull/**"
- name: publish
pull: always
image: plugins/docker:18-linux-arm
settings:
auto_tag: true
auto_tag_suffix: arm
dockerfile: Dockerfile
password:
from_secret: docker_password
repo: xoxys/ansible-later
username:
from_secret: docker_username
when:
ref:
- refs/heads/master
- "refs/tags/**"
trigger:
ref:
- refs/heads/master
- "refs/tags/**"
- "refs/pull/**"
depends_on:
- security
---
kind: pipeline
@ -184,6 +379,46 @@ platform:
arch: amd64
steps:
- name: manifest
pull: always
image: plugins/manifest
settings:
auto_tag: true
ignore_missing: true
password:
from_secret: docker_password
spec: manifest.tmpl
username:
from_secret: docker_username
when:
ref:
- refs/heads/master
- "refs/tags/**"
- name: readme
pull: always
image: sheogorath/readme-to-dockerhub
environment:
DOCKERHUB_PASSWORD:
from_secret: docker_password
DOCKERHUB_REPO_NAME: ansible-later
DOCKERHUB_REPO_PREFIX: xoxys
DOCKERHUB_USERNAME:
from_secret: docker_username
README_PATH: README.md
SHORT_DESCRIPTION: ansible-later - Simple annotation based documentation for your roles
when:
ref:
- refs/heads/master
- "refs/tags/**"
- name: microbadger
pull: always
image: plugins/webhook
settings:
urls:
from_secret: microbadger_url
- name: matrix
image: plugins/matrix
settings:
@ -204,6 +439,13 @@ trigger:
- failure
depends_on:
- build
- build-package
- build-container-amd64
- build-container-arm64
- build-container-arm
---
kind: signature
hmac: 16fda397e94995b67b04af6d36fb22c81393687fce44291b980d4e9812f39125
...

21
Dockerfile Normal file
View File

@ -0,0 +1,21 @@
FROM python:3.7-alpine
LABEL maintainer="Robert Kaussow <mail@geeklabor.de>" \
org.label-schema.name="ansible-later" \
org.label-schema.vcs-url="https://github.com/xoxys/ansible-later" \
org.label-schema.vendor="Robert Kaussow" \
org.label-schema.schema-version="1.0"
ADD dist/ansible_later-*.whl /
RUN \
apk update --no-cache && \
rm -rf /var/cache/apk/* && \
pip install --upgrade --no-cache-dir pip && \
pip install --no-cache-dir --find-links=. ansible-later && \
rm -f ansible_later-*.whl && \
rm -rf /root/.cache/
USER root
CMD []
ENTRYPOINT ["/usr/local/bin/ansible-later"]

24
manifest.tmpl Normal file
View File

@ -0,0 +1,24 @@
image: xoxys/ansible-later:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
{{#if build.tags}}
tags:
{{#each build.tags}}
- {{this}}
{{/each}}
{{/if}}
manifests:
- image: xoxys/ansible-later:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}amd64
platform:
architecture: amd64
os: linux
- image: xoxys/ansible-later:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}arm64
platform:
architecture: arm64
os: linux
variant: v8
- image: xoxys/ansible-later:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}arm
platform:
architecture: arm
os: linux
variant: v7