Azure
/
ARO-RP
зеркало из https://github.com/Azure/ARO-RP.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Cloudfit/guardianwork (#1451) 

# Which issue this PR addresses:
Fixes https://msazure.visualstudio.com/AzureRedHatOpenShift/_workitems/edit/9756109

# What this PR does / why we need it:
This PR accomplishes the following items:

Moved Onebranch pipelines (yml) from internal ADO instance to GitHub
Includes a .gdn directory created by Guardian. This directory includes the .gdnsuppress, which allowed us to suppress the ARM1005 finding until a fix is complete

# Test plan for issue:
https://msazure.visualstudio.com/AzureRedHatOpenShift/_build/results?buildId=41592363&view=results
https://msazure.visualstudio.com/AzureRedHatOpenShift/_build/results?buildId=41593870&view=results

Both builds now successfully run and are able to publish artifacts that can be consumed by Ev2

# Is there any documentation that needs to be updated for this PR?
N/A
This commit is contained in:
mikeandescavage 2021-04-21 11:56:41 -07:00 коммит произвёл GitHub
Родитель c60dc9cb32
Коммит 0fef305e3b
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
10 изменённых файлов: 922 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

33
.config/CredScanSuppressions.json Normal file
Просмотреть файл

@ -0,0 +1,33 @@
{
"tool": "Credential Scanner",
"suppressions": [
{
"file": "proxy_test.go",
"_justification": "sample login for testing"
},
{
"file": "pullsecret_test.go",
"_justification": "sample login for testing"
},
{
"file": "viper.go",
"_justification": "example login from comments"
},
{
"file": "README.md",
"_justification": "example login from comments"
},
{
"file": "api.go",
"_justification": "example secret in comment"
},
{
"file": "machine_webhook.go",
"_justification": "false positive"
},
{
"file": "doc.go",
"_justification": "examples in comments"
}
]
}

7
.gdn/.gdnsettings Normal file
Просмотреть файл

@ -0,0 +1,7 @@
{
"files": { },
"folders": { },
"overwriteLogs": true,
"telemetryFlushTimeout": 10,
"variables": { }
}

415
.gdn/.gdnsuppress Normal file
Просмотреть файл

@ -0,0 +1,415 @@
{
"version": "1.0.0",
"suppressionSets": {
"default": {
"name": "default",
"createdDate": "2021-04-19 17:58:41Z",
"lastUpdatedDate": "2021-04-19 17:58:41Z"
}
},
"results": {
"f02a038e5366a1cd9fa0387dab25be4965a56ada4fafb0c467bb3c9b7e7e442f": {
"signature": "f02a038e5366a1cd9fa0387dab25be4965a56ada4fafb0c467bb3c9b7e7e442f",
"target": "deploy/cluster-predeploy.json",
"memberOf": [
"default"
],
"tool": "ARMory",
"ruleId": "ARM1005",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"986ee7027f0344a26e6b23ffc6882d572558701e70517ac8c8ea879c2a29a868": {
"signature": "986ee7027f0344a26e6b23ffc6882d572558701e70517ac8c8ea879c2a29a868",
"target": "pkg/portal/assets/index.js",
"memberOf": [
"default"
],
"tool": "ESLint",
"ruleId": "@microsoft/sdl/no-html-method",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"b857fede421e892627bd6da61ce8af1268f05a08cea9e85144c18dd5173d3e35": {
"signature": "b857fede421e892627bd6da61ce8af1268f05a08cea9e85144c18dd5173d3e35",
"target": "pkg/portal/assets/index.js",
"memberOf": [
"default"
],
"tool": "ESLint",
"ruleId": "@microsoft/sdl/no-html-method",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"017e16e16457f4a678f671f22265319a30b21b8a1cc0c92afdf53f60ec2b0cdd": {
"signature": "017e16e16457f4a678f671f22265319a30b21b8a1cc0c92afdf53f60ec2b0cdd",
"target": "vendor/go.etcd.io/bbolt/README.md",
"memberOf": [
"default"
],
"tool": "policheck",
"ruleId": "183125",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"9d0e60cccd9461c6197f73baf0990a8f1b33e3493ce1f92ece8c707da7b89a3c": {
"signature": "9d0e60cccd9461c6197f73baf0990a8f1b33e3493ce1f92ece8c707da7b89a3c",
"target": "vendor/google.golang.org/grpc/README.md",
"memberOf": [
"default"
],
"tool": "policheck",
"ruleId": "79569",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"630dcedab4a607f2cdb6919e4eaa8af987f33a3e1bd0bab80efdf27290b31f9f": {
"signature": "630dcedab4a607f2cdb6919e4eaa8af987f33a3e1bd0bab80efdf27290b31f9f",
"target": "pkg/portal/assets/lib/bootstrap-4.5.2.min.js",
"memberOf": [
"default"
],
"tool": "ESLint",
"ruleId": "@microsoft/sdl/no-html-method",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"9e93335f4998702254fec6081c9782ba12cdb90d818a25742717c4895e055cd0": {
"signature": "9e93335f4998702254fec6081c9782ba12cdb90d818a25742717c4895e055cd0",
"target": "pkg/portal/assets/lib/bootstrap-4.5.2.min.js",
"memberOf": [
"default"
],
"tool": "policheck",
"ruleId": "80411",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"fb3dac99dd840709a8197044f336e613515155803bc89dc65a5e42d2f6c65d9e": {
"signature": "fb3dac99dd840709a8197044f336e613515155803bc89dc65a5e42d2f6c65d9e",
"target": "pkg/portal/assets/lib/bootstrap-select-1.13.14.min.js",
"memberOf": [
"default"
],
"tool": "ESLint",
"ruleId": "@microsoft/sdl/no-inner-html",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"a87cae7679649d21e179514bbda8cecc135a9bc6d2450c4a431f12e6564b4a26": {
"signature": "a87cae7679649d21e179514bbda8cecc135a9bc6d2450c4a431f12e6564b4a26",
"target": "pkg/portal/assets/lib/bootstrap-select-1.13.14.min.js",
"memberOf": [
"default"
],
"tool": "policheck",
"ruleId": "80411",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"e0ea2773e69dfa94138d7e59a66ef5284f2210e4062ed5d88b658db8fb515fc9": {
"signature": "e0ea2773e69dfa94138d7e59a66ef5284f2210e4062ed5d88b658db8fb515fc9",
"target": "pkg/portal/assets/lib/jquery-3.5.1.min.js",
"memberOf": [
"default"
],
"tool": "ESLint",
"ruleId": "@microsoft/sdl/no-inner-html",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"53a6fd40496c6da617ef3de2ee99d40fe7ec9cb74056e96ee6e278c7ac76d8c9": {
"signature": "53a6fd40496c6da617ef3de2ee99d40fe7ec9cb74056e96ee6e278c7ac76d8c9",
"target": "pkg/portal/assets/lib/jquery-3.5.1.min.js",
"memberOf": [
"default"
],
"tool": "ESLint",
"ruleId": "@microsoft/sdl/no-html-method",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"4f6f0c9562220288a4d2ef92d458ee4a3d02375491e5281a04a4e1245eb5cd67": {
"signature": "4f6f0c9562220288a4d2ef92d458ee4a3d02375491e5281a04a4e1245eb5cd67",
"target": "pkg/portal/assets/lib/popper-1.12.9.min.js",
"memberOf": [
"default"
],
"tool": "policheck",
"ruleId": "211972",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"0a658656743ed3c5cb8f34b7da4861fdcc579472ba4013f0b20e2ffb0f6278db": {
"signature": "0a658656743ed3c5cb8f34b7da4861fdcc579472ba4013f0b20e2ffb0f6278db",
"target": "vendor/github.com/Djarvur/go-err113/.golangci.yml",
"memberOf": [
"default"
],
"tool": "policheck",
"ruleId": "79459",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"71872f574e2dd41672f3de8d647d1467f973e6786d04df6b01df8c536134b190": {
"signature": "71872f574e2dd41672f3de8d647d1467f973e6786d04df6b01df8c536134b190",
"target": "vendor/github.com/golangci/misspell/README.md",
"memberOf": [
"default"
],
"tool": "policheck",
"ruleId": "79570",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"ac45307b7f52c6a06cd1e2e15f2d88367c6d7ea42beb3bd6e1741f2f1b56d342": {
"signature": "ac45307b7f52c6a06cd1e2e15f2d88367c6d7ea42beb3bd6e1741f2f1b56d342",
"target": "vendor/github.com/gorilla/csrf/README.md",
"memberOf": [
"default"
],
"tool": "policheck",
"ruleId": "80411",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"d8cdc23f09bfb5154317f9d7f84ee0058c7f3607372cf2f93307f6a2aa2b2397": {
"signature": "d8cdc23f09bfb5154317f9d7f84ee0058c7f3607372cf2f93307f6a2aa2b2397",
"target": "vendor/github.com/matoous/godox/.golangci.yml",
"memberOf": [
"default"
],
"tool": "policheck",
"ruleId": "79459",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"c3ad2e7173a56c742c1f55d549ea9aa1169806f46b649fb36fa5c128a4dd5d13": {
"signature": "c3ad2e7173a56c742c1f55d549ea9aa1169806f46b649fb36fa5c128a4dd5d13",
"target": "vendor/github.com/onsi/ginkgo/CHANGELOG.md",
"memberOf": [
"default"
],
"tool": "policheck",
"ruleId": "183125",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"f572c9bc592da3e9285b510fe8929d4bfe0c51ef69ea1e298261870c62d431d0": {
"signature": "f572c9bc592da3e9285b510fe8929d4bfe0c51ef69ea1e298261870c62d431d0",
"target": "vendor/github.com/OpenPeeDeeP/depguard/README.md",
"memberOf": [
"default"
],
"tool": "policheck",
"ruleId": "80409",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"abc528ba2ee6fad85ea075e9eb745a016dcd08c4319cbe3dd02e55bf4760de96": {
"signature": "abc528ba2ee6fad85ea075e9eb745a016dcd08c4319cbe3dd02e55bf4760de96",
"target": "vendor/github.com/OpenPeeDeeP/depguard/README.md",
"memberOf": [
"default"
],
"tool": "policheck",
"ruleId": "79458",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"239ea87a93e65e1a44704dda0927367c5631790451b2d8791520d886dcbefe06": {
"signature": "239ea87a93e65e1a44704dda0927367c5631790451b2d8791520d886dcbefe06",
"target": "vendor/github.com/OpenPeeDeeP/depguard/README.md",
"memberOf": [
"default"
],
"tool": "policheck",
"ruleId": "80411",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"c9c4231a7c7ec4d3e99bd137c4ad56d79b61286280324395d34deb7a93855ac5": {
"signature": "c9c4231a7c7ec4d3e99bd137c4ad56d79b61286280324395d34deb7a93855ac5",
"target": "vendor/github.com/OpenPeeDeeP/depguard/README.md",
"memberOf": [
"default"
],
"tool": "policheck",
"ruleId": "80411",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"fc721b1a51b4e6cc1f0c421114d64415e72d0343f26e4eadb9e3cc8aea3f8dd7": {
"signature": "fc721b1a51b4e6cc1f0c421114d64415e72d0343f26e4eadb9e3cc8aea3f8dd7",
"target": "vendor/github.com/OpenPeeDeeP/depguard/README.md",
"memberOf": [
"default"
],
"tool": "policheck",
"ruleId": "79459",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"435bc256cdfdafdf1998f4ac193889c085d6c33248098e1ececa084f5a848879": {
"signature": "435bc256cdfdafdf1998f4ac193889c085d6c33248098e1ececa084f5a848879",
"target": "vendor/github.com/OpenPeeDeeP/depguard/README.md",
"memberOf": [
"default"
],
"tool": "policheck",
"ruleId": "79459",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"b10fdc18ed5ab1ad827e2818710485811999407cc75325511412d7313a7e04b9": {
"signature": "b10fdc18ed5ab1ad827e2818710485811999407cc75325511412d7313a7e04b9",
"target": "vendor/gopkg.in/AlecAivazis/survey.v1/README.md",
"memberOf": [
"default"
],
"tool": "policheck",
"ruleId": "80241",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"ad62bb8858c3213271808f0ca500a7db9c8d4ef255505a6e49abd719858dd3e0": {
"signature": "ad62bb8858c3213271808f0ca500a7db9c8d4ef255505a6e49abd719858dd3e0",
"target": "vendor/google.golang.org/api/compute/v1/compute-api.json",
"memberOf": [
"default"
],
"tool": "policheck",
"ruleId": "80411",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"8f798268a0ff7469696f2c43b0d3e4ff70bdd2a7f676430651b44628a76648b9": {
"signature": "8f798268a0ff7469696f2c43b0d3e4ff70bdd2a7f676430651b44628a76648b9",
"target": "vendor/google.golang.org/api/compute/v1/compute-api.json",
"memberOf": [
"default"
],
"tool": "policheck",
"ruleId": "209526",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"47ea1c58d8afd46f92d9ba1f84983dcfc6aacb2f1c7506c08ddcfa9f69cbbe61": {
"signature": "47ea1c58d8afd46f92d9ba1f84983dcfc6aacb2f1c7506c08ddcfa9f69cbbe61",
"target": "vendor/google.golang.org/api/compute/v1/compute-api.json",
"memberOf": [
"default"
],
"tool": "policheck",
"ruleId": "79459",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"5a6392b55b81eccf9ca74a09d4c76f6beeb1975b8e232e662f2e1ac7a264fd17": {
"signature": "5a6392b55b81eccf9ca74a09d4c76f6beeb1975b8e232e662f2e1ac7a264fd17",
"target": "vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml",
"memberOf": [
"default"
],
"tool": "policheck",
"ruleId": "80409",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"0a91b109e86130d46f7038d7d81266228e886e6d70d1ce0f4e3217f6f3306e36": {
"signature": "0a91b109e86130d46f7038d7d81266228e886e6d70d1ce0f4e3217f6f3306e36",
"target": "vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml",
"memberOf": [
"default"
],
"tool": "policheck",
"ruleId": "80411",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"2ad4a9019f0448d937ead179db770d5cc42b9a75cd07c93fe091af259d891b9a": {
"signature": "2ad4a9019f0448d937ead179db770d5cc42b9a75cd07c93fe091af259d891b9a",
"target": "vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml",
"memberOf": [
"default"
],
"tool": "policheck",
"ruleId": "80411",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
},
"6348b36cd4ecfa496869b5fd0fc914e3d254907186edecf953935a63530f78e0": {
"signature": "6348b36cd4ecfa496869b5fd0fc914e3d254907186edecf953935a63530f78e0",
"target": "vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml",
"memberOf": [
"default"
],
"tool": "policheck",
"ruleId": "80409",
"justification": null,
"createdDate": "2021-04-19 17:58:41Z",
"expirationDate": null,
"type": null
}
}
}

10
.gdn/.gitignore поставляемый Normal file
Просмотреть файл

@ -0,0 +1,10 @@
## Ignore Guardian internal files
.r/
rc/
rs/
i/
p/
c/
## Ignore Guardian Local settings
LocalSettings.gdn.json

125
.pipelines/onebranch/pipeline.buildrp.official.yml Normal file
Просмотреть файл

@ -0,0 +1,125 @@
#################################################################################
# OneBranch Pipelines #
# This pipeline was created by EasyStart from a sample located at: #
# https://aka.ms/obpipelines/easystart/samples #
# Documentation: https://aka.ms/obpipelines #
# Yaml Schema: https://aka.ms/obpipelines/yaml/schema #
# Retail Tasks: https://aka.ms/obpipelines/tasks #
# Support: https://aka.ms/onebranchsup #
#################################################################################
trigger: none
pr: none
variables:
CDP_DEFINITION_BUILD_COUNT: $[counter('', 0)] # needed for onebranch.pipeline.version task https://aka.ms/obpipelines/versioning
LinuxContainerImage: cdpxlinux.azurecr.io/global/ubuntu-1804-all:5.0 # Docker image which is used to build the project https://aka.ms/obpipelines/containers
DEBIAN_FRONTEND: noninteractive
resources:
repositories:
- repository: templates
type: git
name: OneBranch.Pipelines/GovernedTemplates
ref: refs/heads/main
- repository: rhado
type: git
name: ARO.Pipelines
extends:
template: v2/OneBranch.Official.CrossPlat.yml@templates # https://aka.ms/obpipelines/templates
parameters:
globalSdl: # https://aka.ms/obpipelines/sdl
# tsa:
# enabled: true # SDL results of non-official builds aren't uploaded to TSA by default.
# credscan:
# suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppressions.json
policheck:
break: true # always break the build on policheck issues. You can disable it by setting to 'false'
suppression:
suppressionFile: $(Build.SourcesDirectory)\.gdn\.gdnsuppress
suppressionSet: default
stages:
- stage: Build_Ev2_Artifacts
jobs:
- job: Build_Ev2_Artifacts
pool:
type: linux
variables: # More settings at https://aka.ms/obpipelines/yaml/jobs
ob_outputDirectory: $(Build.SourcesDirectory)/out # this directory is uploaded to pipeline artifacts, reddog and cloudvault. More info at https://aka.ms/obpipelines/artifacts
steps:
- checkout: rhado
- task: GoTool@0
displayName: Use Go 1.16.2
inputs:
version: 1.16.2
- task: Go@0
inputs:
command: custom
customCommand: run
arguments: . --config-path ./config/
workingDirectory: $(Build.SourcesDirectory)/ARO.Pipelines/ev2/generator/
displayName: ⚙️ Generate Ev2 Deployment Manifests
- task: Bash@3
displayName: ⚙️ Copy to ob_outputDirectory
inputs:
targetType: filePath
filePath: .pipelines/onebranch/scripts/deploymentpipeline.sh
# https://onebranch.visualstudio.com/OneBranch/_wiki/wikis/OneBranch.wiki/4605/Artifacts
- stage: Build_Docker_Image
jobs:
- job: Build_Docker_Image
pool:
type: docker
os: linux
variables:
ob_git_checkout: true
steps:
- task: onebranch.pipeline.imagebuildinfo@1
displayName: Build Multi Stage Dockerfile
inputs:
repositoryName: aro-rp
dockerFileRelPath: ./Dockerfile.aro-multistage
dockerFileContextPath: ./
registry: cdpxlinux.azurecr.io
saveImageToPath: aro-rp.tar
buildkit: 1
enable_network: true
build_tag: $(Build.BuildNumber)
- stage: Build_ARO
jobs:
- job: Build_ARO
pool:
type: linux
variables: # More settings at https://aka.ms/obpipelines/yaml/jobs
ob_outputDirectory: $(Build.SourcesDirectory)/out # this directory is uploaded to pipeline artifacts, reddog and cloudvault. More info at https://aka.ms/obpipelines/artifacts
steps:
- task: GoTool@0
displayName: Use Go 1.14
inputs:
version: '1.14'
GOPATH: $(Agent.TempDirectory)
- task: Bash@3
displayName: ⚙️ Make ARO
inputs:
targetType: inline
script: |
mkdir -p $(Agent.TempDirectory)/src/github.com/Azure/
cp -rd $(Build.SourcesDirectory) $(Agent.TempDirectory)/src/github.com/Azure/ARO-RP
cd $(Agent.TempDirectory)/src/github.com/Azure/ARO-RP
ls
git rev-parse --short HEAD
git status --porcelain
make aro
mkdir -p $(ob_outputDirectory)
cp aro $(ob_outputDirectory)/aro
workingDirectory: $(Build.SourcesDirectory)

125
.pipelines/onebranch/pipeline.buildrp.pullrequest.yml Normal file
Просмотреть файл

@ -0,0 +1,125 @@
#################################################################################
# OneBranch Pipelines #
# This pipeline was created by EasyStart from a sample located at: #
# https://aka.ms/obpipelines/easystart/samples #
# Documentation: https://aka.ms/obpipelines #
# Yaml Schema: https://aka.ms/obpipelines/yaml/schema #
# Retail Tasks: https://aka.ms/obpipelines/tasks #
# Support: https://aka.ms/onebranchsup #
#################################################################################
trigger: none
pr: none
variables:
CDP_DEFINITION_BUILD_COUNT: $[counter('', 0)] # needed for onebranch.pipeline.version task https://aka.ms/obpipelines/versioning
LinuxContainerImage: cdpxlinux.azurecr.io/global/ubuntu-1804-all:5.0 # Docker image which is used to build the project https://aka.ms/obpipelines/containers
DEBIAN_FRONTEND: noninteractive
resources:
repositories:
- repository: templates
type: git
name: OneBranch.Pipelines/GovernedTemplates
ref: refs/heads/main
- repository: rhado
type: git
name: ARO.Pipelines
extends:
template: v2/OneBranch.NonOfficial.CrossPlat.yml@templates # https://aka.ms/obpipelines/templates
parameters:
globalSdl: # https://aka.ms/obpipelines/sdl
# tsa:
# enabled: true # SDL results of non-official builds aren't uploaded to TSA by default.
# credscan:
# suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppressions.json
policheck:
break: true # always break the build on policheck issues. You can disable it by setting to 'false'
suppression:
suppressionFile: $(Build.SourcesDirectory)\.gdn\.gdnsuppress
suppressionSet: default
stages:
- stage: Build_Ev2_Artifacts
jobs:
- job: Build_Ev2_Artifacts
pool:
type: linux
variables: # More settings at https://aka.ms/obpipelines/yaml/jobs
ob_outputDirectory: $(Build.SourcesDirectory)/out # this directory is uploaded to pipeline artifacts, reddog and cloudvault. More info at https://aka.ms/obpipelines/artifacts
steps:
- checkout: rhado
- task: GoTool@0
displayName: Use Go 1.16.2
inputs:
version: 1.16.2
- task: Go@0
inputs:
command: custom
customCommand: run
arguments: . --config-path ./config/
workingDirectory: $(Build.SourcesDirectory)/ARO.Pipelines/ev2/generator/
displayName: ⚙️ Generate Ev2 Deployment Manifests
- task: Bash@3
displayName: ⚙️ Copy to ob_outputDirectory
inputs:
targetType: filePath
filePath: .pipelines/onebranch/scripts/deploymentpipeline.sh
# https://onebranch.visualstudio.com/OneBranch/_wiki/wikis/OneBranch.wiki/4605/Artifacts
- stage: Build_Docker_Image
jobs:
- job: Build_Docker_Image
pool:
type: docker
os: linux
variables:
ob_git_checkout: true
steps:
- task: onebranch.pipeline.imagebuildinfo@1
displayName: Build Multi Stage Dockerfile
inputs:
repositoryName: aro-rp
dockerFileRelPath: ./Dockerfile.aro-multistage
dockerFileContextPath: ./
registry: cdpxlinux.azurecr.io
saveImageToPath: aro-rp.tar
buildkit: 1
enable_network: true
build_tag: $(Build.BuildNumber)
- stage: Build_ARO
jobs:
- job: Build_ARO
pool:
type: linux
variables: # More settings at https://aka.ms/obpipelines/yaml/jobs
ob_outputDirectory: $(Build.SourcesDirectory)/out # this directory is uploaded to pipeline artifacts, reddog and cloudvault. More info at https://aka.ms/obpipelines/artifacts
steps:
- task: GoTool@0
displayName: Use Go 1.14
inputs:
version: '1.14'
GOPATH: $(Agent.TempDirectory)
- task: Bash@3
displayName: ⚙️ Make ARO
inputs:
targetType: inline
script: |
mkdir -p $(Agent.TempDirectory)/src/github.com/Azure/
cp -rd $(Build.SourcesDirectory) $(Agent.TempDirectory)/src/github.com/Azure/ARO-RP
cd $(Agent.TempDirectory)/src/github.com/Azure/ARO-RP
ls
git rev-parse --short HEAD
git status --porcelain
make aro
mkdir -p $(ob_outputDirectory)
cp aro $(ob_outputDirectory)/aro
workingDirectory: $(Build.SourcesDirectory)

81
.pipelines/onebranch/pipeline.image.mirror.official.yml Normal file
Просмотреть файл

@ -0,0 +1,81 @@
#################################################################################
# OneBranch Pipelines #
# This pipeline was created by EasyStart from a sample located at: #
# https://aka.ms/obpipelines/easystart/samples #
# Documentation: https://aka.ms/obpipelines #
# Yaml Schema: https://aka.ms/obpipelines/yaml/schema #
# Retail Tasks: https://aka.ms/obpipelines/tasks #
# Support: https://aka.ms/onebranchsup #
#################################################################################
trigger: none
pr: none
parameters:
- name: vsoDeployerBuildID
type: string
default: latest
variables:
CDP_DEFINITION_BUILD_COUNT: $[counter('', 0)] # needed for onebranch.pipeline.version task https://aka.ms/obpipelines/versioning
LinuxContainerImage: centos:centos7 # Docker image which is used to build the project https://aka.ms/obpipelines/containers
DEBIAN_FRONTEND: noninteractive
vso-deployer-pipeline-id: 206753
vso-project-id: 5d69ab04-7ded-49dc-84d5-bbbcac4add8d
resources:
repositories:
- repository: templates
type: git
name: OneBranch.Pipelines/GovernedTemplates
ref: refs/heads/main
- repository: rhado
type: git
name: ARO.Pipelines
extends:
template: v2/OneBranch.Official.CrossPlat.yml@templates # https://aka.ms/obpipelines/templates
parameters:
globalSdl: # https://aka.ms/obpipelines/sdl
# tsa:
# enabled: true # SDL results of non-official builds aren't uploaded to TSA by default.
# credscan:
# suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppressions.json
policheck:
break: true # always break the build on policheck issues. You can disable it by setting to 'false'
suppression:
suppressionFile: $(Build.SourcesDirectory)\.gdn\.gdnsuppress
suppressionSet: default
stages:
- stage: Mirror_Images
variables:
- group: INT RP Service Secrets
jobs:
- job: Mirror_Images
timeoutInMinutes: 360
pool:
type: linux
variables: # More settings at https://aka.ms/obpipelines/yaml/jobs
ob_outputDirectory: $(Build.SourcesDirectory)/out # this directory is uploaded to pipeline artifacts, reddog and cloudvault. More info at https://aka.ms/obpipelines/artifacts
steps:
- checkout: rhado
- task: DownloadPipelineArtifact@2
displayName: Download Deployer
inputs:
buildType: specific
project: $(vso-project-id)
pipeline: $(vso-deployer-pipeline-id)
${{ if eq(parameters.vsoDeployerBuildID, 'latest') }}:
buildVersionToDownload: FromBranch
branchName: refs/heads/master
downloadType: specific
downloadPath: $(Build.SourcesDirectory)/deployer
artifact: drop_Build_ARO_Build_ARO
- task: Bash@3
displayName: ⚙️ Run Ev2 Manifest packaging
inputs:
targetType: filePath
filePath: .pipelines/onebranch/scripts/mirrorpipeline.sh

81
.pipelines/onebranch/pipeline.image.mirror.pullrequest.yml Normal file
Просмотреть файл

@ -0,0 +1,81 @@
#################################################################################
# OneBranch Pipelines #
# This pipeline was created by EasyStart from a sample located at: #
# https://aka.ms/obpipelines/easystart/samples #
# Documentation: https://aka.ms/obpipelines #
# Yaml Schema: https://aka.ms/obpipelines/yaml/schema #
# Retail Tasks: https://aka.ms/obpipelines/tasks #
# Support: https://aka.ms/onebranchsup #
#################################################################################
trigger: none
pr: none
parameters:
- name: vsoDeployerBuildID
type: string
default: latest
variables:
CDP_DEFINITION_BUILD_COUNT: $[counter('', 0)] # needed for onebranch.pipeline.version task https://aka.ms/obpipelines/versioning
LinuxContainerImage: centos:centos7 # Docker image which is used to build the project https://aka.ms/obpipelines/containers
DEBIAN_FRONTEND: noninteractive
vso-deployer-pipeline-id: 206753
vso-project-id: 5d69ab04-7ded-49dc-84d5-bbbcac4add8d
resources:
repositories:
- repository: templates
type: git
name: OneBranch.Pipelines/GovernedTemplates
ref: refs/heads/main
- repository: rhado
type: git
name: ARO.Pipelines
extends:
template: v2/OneBranch.NonOfficial.CrossPlat.yml@templates # https://aka.ms/obpipelines/templates
parameters:
globalSdl: # https://aka.ms/obpipelines/sdl
# tsa:
# enabled: true # SDL results of non-official builds aren't uploaded to TSA by default.
# credscan:
# suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppressions.json
policheck:
break: true # always break the build on policheck issues. You can disable it by setting to 'false'
suppression:
suppressionFile: $(Build.SourcesDirectory)\.gdn\.gdnsuppress
suppressionSet: default
stages:
- stage: Mirror_Images
variables:
- group: INT RP Service Secrets
jobs:
- job: Mirror_Images
timeoutInMinutes: 360
pool:
type: linux
variables: # More settings at https://aka.ms/obpipelines/yaml/jobs
ob_outputDirectory: $(Build.SourcesDirectory)/out # this directory is uploaded to pipeline artifacts, reddog and cloudvault. More info at https://aka.ms/obpipelines/artifacts
steps:
- checkout: rhado
- task: DownloadPipelineArtifact@2
displayName: Download Deployer
inputs:
buildType: specific
project: $(vso-project-id)
pipeline: $(vso-deployer-pipeline-id)
${{ if eq(parameters.vsoDeployerBuildID, 'latest') }}:
buildVersionToDownload: FromBranch
branchName: refs/heads/master
downloadType: specific
downloadPath: $(Build.SourcesDirectory)/deployer
artifact: drop_Build_ARO_Build_ARO
- task: Bash@3
displayName: ⚙️ Run Ev2 Manifest packaging
inputs:
targetType: filePath
filePath: .pipelines/onebranch/scripts/mirrorpipeline.sh

32
.pipelines/onebranch/scripts/deploymentpipeline.sh Normal file
Просмотреть файл

@ -0,0 +1,32 @@
set -e
echo "Creating required directories"
mkdir -p $OB_OUTPUTDIRECTORY/ServiceGroupRoot/bin/
mkdir -p $OB_OUTPUTDIRECTORY/ServiceGroupRoot/Parameters/
mkdir -p $OB_OUTPUTDIRECTORY/Shell/
echo "Downloading Crane"
wget -O $OB_OUTPUTDIRECTORY/Shell/crane.tar.gz https://github.com/google/go-containerregistry/releases/download/v0.4.0/go-containerregistry_Linux_x86_64.tar.gz
echo "Extracting Crane binaries"
pushd $OB_OUTPUTDIRECTORY/Shell
tar xzvf crane.tar.gz
rm crane.tar.gz
popd
echo "Copying required files to ob_outputdirectory: ${OB_OUTPUTDIRECTORY}"
tar -rvf ./ARO.Pipelines/ev2/generator/deployment.tar -C "$OB_OUTPUTDIRECTORY/Shell" $(cd $OB_OUTPUTDIRECTORY/Shell; echo *)
tar -rvf ./ARO.Pipelines/ev2/generator/deployment.tar -C "./ARO.Pipelines/RP-Config" $(cd ./ARO.Pipelines/RP-Config; echo *)
echo "Copy tar to ob_outputdirectory dir"
cp -r ./ARO.Pipelines/ev2/Deployment/ServiceGroupRoot/ $OB_OUTPUTDIRECTORY/
cp ./ARO.Pipelines/ev2/generator/deployment.tar $OB_OUTPUTDIRECTORY/ServiceGroupRoot/bin/
echo "Listing the contents of dirs for debugging"
ls $OB_OUTPUTDIRECTORY
ls $OB_OUTPUTDIRECTORY/ServiceGroupRoot/
ls $OB_OUTPUTDIRECTORY/ServiceGroupRoot/bin/

13
.pipelines/onebranch/scripts/mirrorpipeline.sh Normal file
Просмотреть файл

@ -0,0 +1,13 @@
SERVICE_GROUP_ROOT=$BUILD_SOURCESDIRECTORY/ARO.Pipelines/ev2/Mirroring/ServiceGroupRoot
EV2_BIN=$SERVICE_GROUP_ROOT/bin
ARO_DIR=$BUILD_SOURCESDIRECTORY/deployer
mkdir $OB_OUTPUTDIRECTORY
cd $ARO_DIR
tar -cvf $EV2_BIN/aro.tar aro
cd $SERVICE_GROUP_ROOT/bin
tar -rf $EV2_BIN/aro.tar mirror.sh
rm mirror.sh
cp -r $SERVICE_GROUP_ROOT $OB_OUTPUTDIRECTORY/ServiceGroupRoot/