mirror of
https://github.com/thegeeklab/ansible-later.git
synced 2024-11-10 15:20:40 +00:00
650 lines
13 KiB
YAML
650 lines
13 KiB
YAML
---
|
|
kind: pipeline
|
|
name: lint
|
|
|
|
platform:
|
|
os: linux
|
|
arch: amd64
|
|
|
|
steps:
|
|
- name: yapf
|
|
image: python:3.10
|
|
commands:
|
|
- git fetch -tq
|
|
- pip install poetry poetry-dynamic-versioning -qq
|
|
- poetry config experimental.new-installer false
|
|
- poetry install
|
|
- poetry run yapf -dr ./ansiblelater
|
|
environment:
|
|
PY_COLORS: 1
|
|
|
|
- name: flake8
|
|
image: python:3.10
|
|
commands:
|
|
- git fetch -tq
|
|
- pip install poetry poetry-dynamic-versioning -qq
|
|
- poetry install -E ansible-core
|
|
- poetry run flake8 ./ansiblelater
|
|
environment:
|
|
PY_COLORS: 1
|
|
|
|
trigger:
|
|
ref:
|
|
- refs/heads/main
|
|
- refs/tags/**
|
|
- refs/pull/**
|
|
|
|
---
|
|
kind: pipeline
|
|
name: test
|
|
|
|
platform:
|
|
os: linux
|
|
arch: amd64
|
|
|
|
steps:
|
|
- name: fetch
|
|
image: python:3.10
|
|
commands:
|
|
- git fetch -tq
|
|
|
|
- name: python38-pytest
|
|
image: python:3.8
|
|
commands:
|
|
- pip install poetry poetry-dynamic-versioning -qq
|
|
- poetry config experimental.new-installer false
|
|
- poetry install -E ansible-core
|
|
- poetry run pytest
|
|
- poetry version
|
|
- poetry run ansible-later --help
|
|
environment:
|
|
PY_COLORS: 1
|
|
depends_on:
|
|
- fetch
|
|
|
|
- name: python39-pytest
|
|
image: python:3.9
|
|
commands:
|
|
- pip install poetry poetry-dynamic-versioning -qq
|
|
- poetry config experimental.new-installer false
|
|
- poetry install -E ansible-core
|
|
- poetry run pytest
|
|
- poetry version
|
|
- poetry run ansible-later --help
|
|
environment:
|
|
PY_COLORS: 1
|
|
depends_on:
|
|
- fetch
|
|
|
|
- name: python310-pytest
|
|
image: python:3.10
|
|
commands:
|
|
- pip install poetry poetry-dynamic-versioning -qq
|
|
- poetry config experimental.new-installer false
|
|
- poetry install -E ansible-core
|
|
- poetry run pytest
|
|
- poetry version
|
|
- poetry run ansible-later --help
|
|
environment:
|
|
PY_COLORS: 1
|
|
depends_on:
|
|
- fetch
|
|
|
|
- name: python311-pytest
|
|
image: python:3.11
|
|
commands:
|
|
- pip install poetry poetry-dynamic-versioning -qq
|
|
- poetry config experimental.new-installer false
|
|
- poetry install -E ansible-core
|
|
- poetry run pytest
|
|
- poetry version
|
|
- poetry run ansible-later --help
|
|
environment:
|
|
PY_COLORS: 1
|
|
depends_on:
|
|
- fetch
|
|
|
|
- name: codecov
|
|
image: python:3.10
|
|
commands:
|
|
- pip install codecov -qq
|
|
- codecov --required -X gcov
|
|
environment:
|
|
CODECOV_TOKEN:
|
|
from_secret: codecov_token
|
|
PY_COLORS: 1
|
|
depends_on:
|
|
- python38-pytest
|
|
- python39-pytest
|
|
- python310-pytest
|
|
|
|
trigger:
|
|
ref:
|
|
- refs/heads/main
|
|
- refs/tags/**
|
|
- refs/pull/**
|
|
|
|
depends_on:
|
|
- lint
|
|
|
|
---
|
|
kind: pipeline
|
|
name: security
|
|
|
|
platform:
|
|
os: linux
|
|
arch: amd64
|
|
|
|
steps:
|
|
- name: bandit
|
|
image: python:3.10
|
|
commands:
|
|
- git fetch -tq
|
|
- pip install poetry poetry-dynamic-versioning -qq
|
|
- poetry install -E ansible-core
|
|
- poetry run bandit -r ./ansiblelater -x ./ansiblelater/test
|
|
environment:
|
|
PY_COLORS: 1
|
|
|
|
trigger:
|
|
ref:
|
|
- refs/heads/main
|
|
- refs/tags/**
|
|
- refs/pull/**
|
|
|
|
depends_on:
|
|
- test
|
|
|
|
---
|
|
kind: pipeline
|
|
name: build-package
|
|
|
|
platform:
|
|
os: linux
|
|
arch: amd64
|
|
|
|
steps:
|
|
- name: build
|
|
image: python:3.10
|
|
commands:
|
|
- git fetch -tq
|
|
- pip install poetry poetry-dynamic-versioning -qq
|
|
- poetry build
|
|
|
|
- name: checksum
|
|
image: alpine
|
|
commands:
|
|
- cd dist/ && sha256sum * > ../sha256sum.txt
|
|
|
|
- name: changelog-generate
|
|
image: thegeeklab/git-chglog
|
|
commands:
|
|
- git fetch -tq
|
|
- git-chglog --no-color --no-emoji -o CHANGELOG.md ${DRONE_TAG:---next-tag unreleased unreleased}
|
|
|
|
- name: changelog-format
|
|
image: thegeeklab/alpine-tools
|
|
commands:
|
|
- prettier CHANGELOG.md
|
|
- prettier -w CHANGELOG.md
|
|
|
|
- name: publish-github
|
|
image: plugins/github-release
|
|
settings:
|
|
api_key:
|
|
from_secret: github_token
|
|
files:
|
|
- dist/*
|
|
- sha256sum.txt
|
|
note: CHANGELOG.md
|
|
overwrite: true
|
|
title: ${DRONE_TAG}
|
|
when:
|
|
ref:
|
|
- refs/tags/**
|
|
|
|
- name: publish-pypi
|
|
image: python:3.10
|
|
commands:
|
|
- git fetch -tq
|
|
- pip install poetry poetry-dynamic-versioning -qq
|
|
- poetry publish -n
|
|
environment:
|
|
POETRY_HTTP_BASIC_PYPI_PASSWORD:
|
|
from_secret: pypi_password
|
|
POETRY_HTTP_BASIC_PYPI_USERNAME:
|
|
from_secret: pypi_username
|
|
when:
|
|
ref:
|
|
- refs/tags/**
|
|
|
|
trigger:
|
|
ref:
|
|
- refs/heads/main
|
|
- refs/tags/**
|
|
- refs/pull/**
|
|
|
|
depends_on:
|
|
- security
|
|
|
|
---
|
|
kind: pipeline
|
|
name: build-container-amd64
|
|
|
|
platform:
|
|
os: linux
|
|
arch: amd64
|
|
|
|
steps:
|
|
- name: build
|
|
image: python:3.10
|
|
commands:
|
|
- git fetch -tq
|
|
- pip install poetry poetry-dynamic-versioning -qq
|
|
- poetry build
|
|
|
|
- name: dryrun
|
|
image: thegeeklab/drone-docker:19
|
|
settings:
|
|
dockerfile: docker/Dockerfile.amd64
|
|
dry_run: true
|
|
password:
|
|
from_secret: docker_password
|
|
repo: thegeeklab/${DRONE_REPO_NAME}
|
|
username:
|
|
from_secret: docker_username
|
|
when:
|
|
ref:
|
|
- refs/pull/**
|
|
depends_on:
|
|
- build
|
|
|
|
- name: publish-dockerhub
|
|
image: thegeeklab/drone-docker:19
|
|
settings:
|
|
auto_tag: true
|
|
auto_tag_suffix: amd64
|
|
dockerfile: docker/Dockerfile.amd64
|
|
password:
|
|
from_secret: docker_password
|
|
repo: thegeeklab/${DRONE_REPO_NAME}
|
|
username:
|
|
from_secret: docker_username
|
|
when:
|
|
ref:
|
|
- refs/heads/main
|
|
- refs/tags/**
|
|
depends_on:
|
|
- dryrun
|
|
|
|
- name: publish-quay
|
|
image: thegeeklab/drone-docker:19
|
|
settings:
|
|
auto_tag: true
|
|
auto_tag_suffix: amd64
|
|
dockerfile: docker/Dockerfile.amd64
|
|
password:
|
|
from_secret: quay_password
|
|
registry: quay.io
|
|
repo: quay.io/thegeeklab/${DRONE_REPO_NAME}
|
|
username:
|
|
from_secret: quay_username
|
|
when:
|
|
ref:
|
|
- refs/heads/main
|
|
- refs/tags/**
|
|
depends_on:
|
|
- dryrun
|
|
|
|
trigger:
|
|
ref:
|
|
- refs/heads/main
|
|
- refs/tags/**
|
|
- refs/pull/**
|
|
|
|
depends_on:
|
|
- security
|
|
|
|
---
|
|
kind: pipeline
|
|
name: build-container-arm64
|
|
|
|
platform:
|
|
os: linux
|
|
arch: arm64
|
|
|
|
steps:
|
|
- name: build
|
|
image: python:3.10
|
|
commands:
|
|
- git fetch -tq
|
|
- pip install poetry poetry-dynamic-versioning -qq
|
|
- poetry build
|
|
|
|
- name: dryrun
|
|
image: thegeeklab/drone-docker:19
|
|
settings:
|
|
dockerfile: docker/Dockerfile.arm64
|
|
dry_run: true
|
|
password:
|
|
from_secret: docker_password
|
|
repo: thegeeklab/${DRONE_REPO_NAME}
|
|
username:
|
|
from_secret: docker_username
|
|
when:
|
|
ref:
|
|
- refs/pull/**
|
|
depends_on:
|
|
- build
|
|
|
|
- name: publish-dockerhub
|
|
image: thegeeklab/drone-docker:19
|
|
settings:
|
|
auto_tag: true
|
|
auto_tag_suffix: arm64
|
|
dockerfile: docker/Dockerfile.arm64
|
|
password:
|
|
from_secret: docker_password
|
|
repo: thegeeklab/${DRONE_REPO_NAME}
|
|
username:
|
|
from_secret: docker_username
|
|
when:
|
|
ref:
|
|
- refs/heads/main
|
|
- refs/tags/**
|
|
depends_on:
|
|
- dryrun
|
|
|
|
- name: publish-quay
|
|
image: thegeeklab/drone-docker:19
|
|
settings:
|
|
auto_tag: true
|
|
auto_tag_suffix: arm64
|
|
dockerfile: docker/Dockerfile.arm64
|
|
password:
|
|
from_secret: quay_password
|
|
registry: quay.io
|
|
repo: quay.io/thegeeklab/${DRONE_REPO_NAME}
|
|
username:
|
|
from_secret: quay_username
|
|
when:
|
|
ref:
|
|
- refs/heads/main
|
|
- refs/tags/**
|
|
depends_on:
|
|
- dryrun
|
|
|
|
trigger:
|
|
ref:
|
|
- refs/heads/main
|
|
- refs/tags/**
|
|
- refs/pull/**
|
|
|
|
depends_on:
|
|
- security
|
|
|
|
---
|
|
kind: pipeline
|
|
name: build-container-arm
|
|
|
|
platform:
|
|
os: linux
|
|
arch: arm
|
|
|
|
steps:
|
|
- name: build
|
|
image: python:3.10-alpine
|
|
commands:
|
|
- apk add -Uq --no-cache build-base openssl-dev libffi-dev musl-dev python3-dev git cargo
|
|
- git fetch -tq
|
|
- pip install poetry poetry-dynamic-versioning -qq
|
|
- poetry build
|
|
environment:
|
|
CARGO_NET_GIT_FETCH_WITH_CLI: true
|
|
|
|
- name: dryrun
|
|
image: thegeeklab/drone-docker:19
|
|
settings:
|
|
dockerfile: docker/Dockerfile.arm
|
|
dry_run: true
|
|
password:
|
|
from_secret: docker_password
|
|
repo: thegeeklab/${DRONE_REPO_NAME}
|
|
username:
|
|
from_secret: docker_username
|
|
when:
|
|
ref:
|
|
- refs/pull/**
|
|
depends_on:
|
|
- build
|
|
|
|
- name: publish-dockerhub
|
|
image: thegeeklab/drone-docker:19
|
|
settings:
|
|
auto_tag: true
|
|
auto_tag_suffix: arm
|
|
dockerfile: docker/Dockerfile.arm
|
|
password:
|
|
from_secret: docker_password
|
|
repo: thegeeklab/${DRONE_REPO_NAME}
|
|
username:
|
|
from_secret: docker_username
|
|
when:
|
|
ref:
|
|
- refs/heads/main
|
|
- refs/tags/**
|
|
depends_on:
|
|
- dryrun
|
|
|
|
- name: publish-quay
|
|
image: thegeeklab/drone-docker:19
|
|
settings:
|
|
auto_tag: true
|
|
auto_tag_suffix: arm
|
|
dockerfile: docker/Dockerfile.arm
|
|
password:
|
|
from_secret: quay_password
|
|
registry: quay.io
|
|
repo: quay.io/thegeeklab/${DRONE_REPO_NAME}
|
|
username:
|
|
from_secret: quay_username
|
|
when:
|
|
ref:
|
|
- refs/heads/main
|
|
- refs/tags/**
|
|
depends_on:
|
|
- dryrun
|
|
|
|
trigger:
|
|
ref:
|
|
- refs/heads/main
|
|
- refs/tags/**
|
|
- refs/pull/**
|
|
|
|
depends_on:
|
|
- security
|
|
|
|
---
|
|
kind: pipeline
|
|
name: docs
|
|
|
|
platform:
|
|
os: linux
|
|
arch: amd64
|
|
|
|
concurrency:
|
|
limit: 1
|
|
|
|
steps:
|
|
- name: assets
|
|
image: thegeeklab/alpine-tools
|
|
commands:
|
|
- make doc
|
|
|
|
- name: markdownlint
|
|
image: thegeeklab/markdownlint-cli
|
|
commands:
|
|
- markdownlint 'docs/content/**/*.md' 'README.md' 'CONTRIBUTING.md'
|
|
|
|
- name: spellcheck
|
|
image: thegeeklab/alpine-tools
|
|
commands:
|
|
- spellchecker --files 'docs/content/**/*.md' 'README.md' -d .dictionary -p spell indefinite-article syntax-urls --no-suggestions
|
|
environment:
|
|
FORCE_COLOR: true
|
|
NPM_CONFIG_LOGLEVEL: error
|
|
|
|
- name: testbuild
|
|
image: thegeeklab/hugo:0.97.3
|
|
commands:
|
|
- hugo --panicOnWarning -s docs/ -b http://localhost:8000/
|
|
|
|
- name: link-validation
|
|
image: thegeeklab/link-validator
|
|
commands:
|
|
- link-validator --nice --external --skip-file .linkcheckignore
|
|
environment:
|
|
LINK_VALIDATOR_BASE_DIR: docs/public
|
|
|
|
- name: build
|
|
image: thegeeklab/hugo:0.97.3
|
|
commands:
|
|
- hugo --panicOnWarning -s docs/
|
|
|
|
- name: beautify
|
|
image: thegeeklab/alpine-tools
|
|
commands:
|
|
- html-beautify -r -f 'docs/public/**/*.html'
|
|
environment:
|
|
FORCE_COLOR: true
|
|
NPM_CONFIG_LOGLEVEL: error
|
|
|
|
- name: publish
|
|
image: thegeeklab/drone-s3-sync
|
|
settings:
|
|
access_key:
|
|
from_secret: s3_access_key
|
|
bucket: geekdocs
|
|
delete: true
|
|
endpoint: https://sp.rknet.org
|
|
path_style: true
|
|
secret_key:
|
|
from_secret: s3_secret_access_key
|
|
source: docs/public/
|
|
strip_prefix: docs/public/
|
|
target: /${DRONE_REPO_NAME}
|
|
when:
|
|
ref:
|
|
- refs/heads/main
|
|
- refs/tags/**
|
|
|
|
trigger:
|
|
ref:
|
|
- refs/heads/main
|
|
- refs/tags/**
|
|
- refs/pull/**
|
|
|
|
depends_on:
|
|
- build-package
|
|
- build-container-amd64
|
|
- build-container-arm64
|
|
- build-container-arm
|
|
|
|
---
|
|
kind: pipeline
|
|
name: notifications
|
|
|
|
platform:
|
|
os: linux
|
|
arch: amd64
|
|
|
|
steps:
|
|
- name: manifest-dockerhub
|
|
image: plugins/manifest
|
|
settings:
|
|
auto_tag: true
|
|
ignore_missing: true
|
|
password:
|
|
from_secret: docker_password
|
|
spec: docker/manifest.tmpl
|
|
username:
|
|
from_secret: docker_username
|
|
when:
|
|
status:
|
|
- success
|
|
|
|
- name: manifest-quay
|
|
image: plugins/manifest
|
|
settings:
|
|
auto_tag: true
|
|
ignore_missing: true
|
|
password:
|
|
from_secret: quay_password
|
|
spec: docker/manifest-quay.tmpl
|
|
username:
|
|
from_secret: quay_username
|
|
when:
|
|
status:
|
|
- success
|
|
|
|
- name: pushrm-dockerhub
|
|
pull: always
|
|
image: chko/docker-pushrm:1
|
|
environment:
|
|
DOCKER_PASS:
|
|
from_secret: docker_password
|
|
DOCKER_USER:
|
|
from_secret: docker_username
|
|
PUSHRM_FILE: README.md
|
|
PUSHRM_SHORT: Another best practice scanner for Ansible roles and playbooks
|
|
PUSHRM_TARGET: thegeeklab/${DRONE_REPO_NAME}
|
|
when:
|
|
status:
|
|
- success
|
|
|
|
- name: pushrm-quay
|
|
pull: always
|
|
image: chko/docker-pushrm:1
|
|
environment:
|
|
APIKEY__QUAY_IO:
|
|
from_secret: quay_token
|
|
PUSHRM_FILE: README.md
|
|
PUSHRM_TARGET: quay.io/thegeeklab/${DRONE_REPO_NAME}
|
|
when:
|
|
status:
|
|
- success
|
|
|
|
- name: matrix
|
|
image: thegeeklab/drone-matrix
|
|
settings:
|
|
homeserver:
|
|
from_secret: matrix_homeserver
|
|
password:
|
|
from_secret: matrix_password
|
|
roomid:
|
|
from_secret: matrix_roomid
|
|
template: "Status: **{{ build.Status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.Link }}){{#if build.Branch}} ({{ build.Branch }}){{/if}} by {{ commit.Author }}<br/> Message: {{ commit.Message.Title }}"
|
|
username:
|
|
from_secret: matrix_username
|
|
when:
|
|
status:
|
|
- success
|
|
- failure
|
|
|
|
trigger:
|
|
ref:
|
|
- refs/heads/main
|
|
- refs/tags/**
|
|
status:
|
|
- success
|
|
- failure
|
|
|
|
depends_on:
|
|
- docs
|
|
|
|
---
|
|
kind: signature
|
|
hmac: 1248c66961ccf34ce348b02e971d170a7dbcd7d93f278ba0f29b764fd39278fe
|
|
|
|
...
|