generated from codacy/codacy-public-template
-
Notifications
You must be signed in to change notification settings - Fork 1
/
config.yml
135 lines (130 loc) · 4.34 KB
/
config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
version: 2.1
orbs:
codacy: codacy/[email protected]
codacy_plugins_test: codacy/[email protected]
references:
install_trivy_and_download_dbs: &install_trivy_and_download_dbs
persist_to_workspace: true
# https://aquasecurity.github.io/trivy/v0.55/getting-started/installation/#install-script
cmd: |
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b . v0.57.0
mkdir cache
./trivy --cache-dir ./cache image --download-db-only
build_and_publish_docker: &build_and_publish_docker
persist_to_workspace: true
cmd: |
docker build -t $CIRCLE_PROJECT_REPONAME:latest --build-arg TRIVY_VERSION=0.57.0 .
docker save --output docker-image.tar $CIRCLE_PROJECT_REPONAME:latest
workflows:
compile_test_deploy:
jobs:
- codacy/checkout_and_version
- codacy/shell:
name: generate_and_test
cmd: |
go generate ./...
go test ./...
requires:
- codacy/checkout_and_version
- codacy/shell:
<<: *install_trivy_and_download_dbs
name: install_trivy_and_download_dbs
requires:
- generate_and_test
- codacy/shell:
<<: *build_and_publish_docker
name: publish_docker_local
requires:
- install_trivy_and_download_dbs
- codacy_plugins_test/run:
name: plugins_test
run_multiple_tests: true
requires:
- publish_docker_local
- codacy/publish_docker:
context: CodacyDocker
requires:
- plugins_test
filters:
branches:
only:
- master
- codacy/tag_version:
name: tag_version
context: CodacyAWS
requires:
- codacy/publish_docker
update_vulnerability_dbs:
triggers:
- schedule:
# this is running at 3am everyday to avoid doing it at midnight (same time as nightly)
cron: "0 3 * * *"
filters:
branches:
only:
- master
jobs:
- codacy/checkout_and_version
- codacy/shell:
name: generate_and_test
cmd: |
go generate ./...
go test ./...
requires:
- codacy/checkout_and_version
- codacy/shell:
<<: *install_trivy_and_download_dbs
name: install_trivy_and_download_dbs
requires:
- generate_and_test
- codacy/shell:
<<: *build_and_publish_docker
name: publish_docker_local
requires:
- install_trivy_and_download_dbs
- codacy_plugins_test/run:
name: plugins_test
run_multiple_tests: true
requires:
- publish_docker_local
- codacy/publish_docker:
name: publish_dockerhub
context: CodacyDocker
cmd: |
docker load --input docker-image.tar
echo "$DOCKER_PASS" | docker login -u "$DOCKER_USER" --password-stdin
docker tag "$CIRCLE_PROJECT_REPONAME:latest" "codacy/$CIRCLE_PROJECT_REPONAME:$(cat .previous_version)"
docker tag "$CIRCLE_PROJECT_REPONAME:latest" "codacy/$CIRCLE_PROJECT_REPONAME:latest"
docker push --all-tags "codacy/$CIRCLE_PROJECT_REPONAME"
requires:
- plugins_test
- codacy/mirror_to_ecr:
context: CodacyAWS
name: mirror_to_ecr_integration
aws_profile: integration
source_name: codacy/codacy-trivy
mirror_name: codacy/codacy-trivy
source_tag: $(cat .previous_version)
force: true
requires:
- publish_dockerhub
- codacy/mirror_to_ecr:
context: CodacyAWS
name: mirror_to_ecr_staging
aws_profile: staging
source_name: codacy/codacy-trivy
mirror_name: codacy/codacy-trivy
source_tag: $(cat .previous_version)
force: true
requires:
- publish_dockerhub
- codacy/mirror_to_ecr:
context: CodacyAWS
name: mirror_to_ecr_production
aws_profile: production
source_name: codacy/codacy-trivy
mirror_name: codacy/codacy-trivy
source_tag: $(cat .previous_version)
force: true
requires:
- publish_dockerhub