Skip to content

Commit

Permalink
[CRT] Enable Orchestrator (hashicorp#1159)
Browse files Browse the repository at this point in the history 
- This PR needs to be merged before I can start testing the orchestrator
- Note: This will not break anything as it is the orchestrator that needs these files
- Turning on builds, slack notifications, signing/notarizing, security scanning of artifacts we create
  • Loading branch information
@curtbushko
curtbushko authored Apr 12, 2022
1 parent 8ef49a1 commit 2bb2bd8
Show file tree
Hide file tree
Showing 2 changed files with 285 additions and 0 deletions.
271 changes: 271 additions & 0 deletions .release/ci.hcl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,271 @@
schema = "1"

project "consul-k8s" {
team = "consul-k8s"
slack {
notification_channel = "CBXF3CGAF" # team-consul-kubernetes
}
github {
organization = "hashicorp"
repository = "consul-k8s"
release_branches = [
# The CRT tool does not support * as a branch name
"main",
"cb/crt-testing"
]
}
}

event "merge" {
// "entrypoint" to use if build is not run automatically
// i.e. send "merge" complete signal to orchestrator to trigger build
}

event "build" {
depends = ["merge"]
action "build" {
organization = "hashicorp"
repository = "consul-k8s"
workflow = "build"
}
}

event "upload-dev" {
depends = ["build"]
action "upload-dev" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "upload-dev"
depends = ["build"]
}

notification {
on = "fail"
}
}

event "security-scan-binaries" {
depends = ["upload-dev"]
action "security-scan-binaries" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "security-scan-binaries"
config = "security-scan.hcl"
}

notification {
on = "fail"
}
}

event "security-scan-containers" {
depends = ["security-scan-binaries"]
action "security-scan-containers" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "security-scan-containers"
config = "security-scan.hcl"
}

notification {
on = "fail"
}
}

event "notarize-darwin-amd64" {
depends = ["security-scan-containers"]
action "notarize-darwin-amd64" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "notarize-darwin-amd64"
}

notification {
on = "fail"
}
}

event "notarize-darwin-arm64" {
depends = ["notarize-darwin-amd64"]
action "notarize-darwin-arm64" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "notarize-darwin-arm64"
}

notification {
on = "fail"
}
}

event "notarize-windows-386" {
depends = ["notarize-darwin-arm64"]
action "notarize-windows-386" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "notarize-windows-386"
}

notification {
on = "fail"
}
}

event "notarize-windows-amd64" {
depends = ["notarize-windows-386"]
action "notarize-windows-amd64" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "notarize-windows-amd64"
}

notification {
on = "fail"
}
}

event "sign" {
depends = ["notarize-windows-amd64"]
action "sign" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "sign"
}

notification {
on = "fail"
}
}

event "sign-linux-rpms" {
depends = ["sign"]
action "sign-linux-rpms" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "sign-linux-rpms"
}

notification {
on = "fail"
}
}

event "verify" {
depends = ["sign-linux-rpms"]
action "verify" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "verify"
}

notification {
on = "always"
}
}

event "promote-dev-docker" {
depends = ["verify"]
action "promote-dev-docker" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "promote-dev-docker"
depends = ["verify"]
}

notification {
on = "fail"
}
}


## These are promotion and post-publish events
## they should be added to the end of the file after the verify event stanza.

event "trigger-staging" {
// This event is dispatched by the bob trigger-promotion command
// and is required - do not delete.
}

event "promote-staging" {
depends = ["trigger-staging"]
action "promote-staging" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "promote-staging"
}

notification {
on = "always"
}
}

event "promote-staging-new-hc-releases" {
depends = ["promote-staging"]
action "promote-staging-new-hc-releases" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "promote-staging-new-hc-releases"
config = "release-metadata.hcl"
}

notification {
on = "fail"
}
}

event "promote-staging-docker" {
depends = ["promote-staging-new-hc-releases"]
action "promote-staging-docker" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "promote-staging-docker"
}

notification {
on = "always"
}
}

event "trigger-production" {
// This event is dispatched by the bob trigger-promotion command
// and is required - do not delete.
}

event "promote-production" {
depends = ["trigger-production"]
action "promote-production" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "promote-production"
}

notification {
on = "always"
}
}

event "promote-production-docker" {
depends = ["promote-production"]
action "promote-production-docker" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "promote-production-docker"
}

notification {
on = "always"
}
}

event "promote-production-packaging" {
depends = ["promote-production-docker"]
action "promote-production-packaging" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "promote-production-packaging"
}

notification {
on = "always"
}
}
14 changes: 14 additions & 0 deletions .release/security-scan.hcl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
container {
dependencies = true
alpine_secdb = true
secrets = true
}

binary {
secrets = true
go_modules = true
osv = true
oss_index = true
nvd = true
}

0 comments on commit 2bb2bd8

Please sign in to comment.