From 0fef305e3b25138ffe9f41302ac5323accfe8576 Mon Sep 17 00:00:00 2001 From: mikeandescavage <58749836+mikeandescavage@users.noreply.github.com> Date: Wed, 21 Apr 2021 11:56:41 -0700 Subject: [PATCH] Cloudfit/guardianwork (#1451) # Which issue this PR addresses: Fixes https://msazure.visualstudio.com/AzureRedHatOpenShift/_workitems/edit/9756109 # What this PR does / why we need it: This PR accomplishes the following items: Moved Onebranch pipelines (yml) from internal ADO instance to GitHub Includes a .gdn directory created by Guardian. This directory includes the .gdnsuppress, which allowed us to suppress the ARM1005 finding until a fix is complete # Test plan for issue: https://msazure.visualstudio.com/AzureRedHatOpenShift/_build/results?buildId=41592363&view=results https://msazure.visualstudio.com/AzureRedHatOpenShift/_build/results?buildId=41593870&view=results Both builds now successfully run and are able to publish artifacts that can be consumed by Ev2 # Is there any documentation that needs to be updated for this PR? N/A --- .config/CredScanSuppressions.json | 33 ++ .gdn/.gdnsettings | 7 + .gdn/.gdnsuppress | 415 ++++++++++++++++++ .gdn/.gitignore | 10 + .../onebranch/pipeline.buildrp.official.yml | 125 ++++++ .../pipeline.buildrp.pullrequest.yml | 125 ++++++ .../pipeline.image.mirror.official.yml | 81 ++++ .../pipeline.image.mirror.pullrequest.yml | 81 ++++ .../onebranch/scripts/deploymentpipeline.sh | 32 ++ .../onebranch/scripts/mirrorpipeline.sh | 13 + 10 files changed, 922 insertions(+) create mode 100644 .config/CredScanSuppressions.json create mode 100644 .gdn/.gdnsettings create mode 100644 .gdn/.gdnsuppress create mode 100644 .gdn/.gitignore create mode 100644 .pipelines/onebranch/pipeline.buildrp.official.yml create mode 100644 .pipelines/onebranch/pipeline.buildrp.pullrequest.yml create mode 100644 .pipelines/onebranch/pipeline.image.mirror.official.yml create mode 100644 .pipelines/onebranch/pipeline.image.mirror.pullrequest.yml create mode 100644 .pipelines/onebranch/scripts/deploymentpipeline.sh create mode 100644 .pipelines/onebranch/scripts/mirrorpipeline.sh diff --git a/.config/CredScanSuppressions.json b/.config/CredScanSuppressions.json new file mode 100644 index 000000000..0bcc58d1c --- /dev/null +++ b/.config/CredScanSuppressions.json @@ -0,0 +1,33 @@ +{ + "tool": "Credential Scanner", + "suppressions": [ + { + "file": "proxy_test.go", + "_justification": "sample login for testing" + }, + { + "file": "pullsecret_test.go", + "_justification": "sample login for testing" + }, + { + "file": "viper.go", + "_justification": "example login from comments" + }, + { + "file": "README.md", + "_justification": "example login from comments" + }, + { + "file": "api.go", + "_justification": "example secret in comment" + }, + { + "file": "machine_webhook.go", + "_justification": "false positive" + }, + { + "file": "doc.go", + "_justification": "examples in comments" + } + ] +} diff --git a/.gdn/.gdnsettings b/.gdn/.gdnsettings new file mode 100644 index 000000000..156408362 --- /dev/null +++ b/.gdn/.gdnsettings @@ -0,0 +1,7 @@ +{ + "files": { }, + "folders": { }, + "overwriteLogs": true, + "telemetryFlushTimeout": 10, + "variables": { } +} \ No newline at end of file diff --git a/.gdn/.gdnsuppress b/.gdn/.gdnsuppress new file mode 100644 index 000000000..af4018ac4 --- /dev/null +++ b/.gdn/.gdnsuppress @@ -0,0 +1,415 @@ +{ + "version": "1.0.0", + "suppressionSets": { + "default": { + "name": "default", + "createdDate": "2021-04-19 17:58:41Z", + "lastUpdatedDate": "2021-04-19 17:58:41Z" + } + }, + "results": { + "f02a038e5366a1cd9fa0387dab25be4965a56ada4fafb0c467bb3c9b7e7e442f": { + "signature": "f02a038e5366a1cd9fa0387dab25be4965a56ada4fafb0c467bb3c9b7e7e442f", + "target": "deploy/cluster-predeploy.json", + "memberOf": [ + "default" + ], + "tool": "ARMory", + "ruleId": "ARM1005", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "986ee7027f0344a26e6b23ffc6882d572558701e70517ac8c8ea879c2a29a868": { + "signature": "986ee7027f0344a26e6b23ffc6882d572558701e70517ac8c8ea879c2a29a868", + "target": "pkg/portal/assets/index.js", + "memberOf": [ + "default" + ], + "tool": "ESLint", + "ruleId": "@microsoft/sdl/no-html-method", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "b857fede421e892627bd6da61ce8af1268f05a08cea9e85144c18dd5173d3e35": { + "signature": "b857fede421e892627bd6da61ce8af1268f05a08cea9e85144c18dd5173d3e35", + "target": "pkg/portal/assets/index.js", + "memberOf": [ + "default" + ], + "tool": "ESLint", + "ruleId": "@microsoft/sdl/no-html-method", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "017e16e16457f4a678f671f22265319a30b21b8a1cc0c92afdf53f60ec2b0cdd": { + "signature": "017e16e16457f4a678f671f22265319a30b21b8a1cc0c92afdf53f60ec2b0cdd", + "target": "vendor/go.etcd.io/bbolt/README.md", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "183125", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "9d0e60cccd9461c6197f73baf0990a8f1b33e3493ce1f92ece8c707da7b89a3c": { + "signature": "9d0e60cccd9461c6197f73baf0990a8f1b33e3493ce1f92ece8c707da7b89a3c", + "target": "vendor/google.golang.org/grpc/README.md", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "79569", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "630dcedab4a607f2cdb6919e4eaa8af987f33a3e1bd0bab80efdf27290b31f9f": { + "signature": "630dcedab4a607f2cdb6919e4eaa8af987f33a3e1bd0bab80efdf27290b31f9f", + "target": "pkg/portal/assets/lib/bootstrap-4.5.2.min.js", + "memberOf": [ + "default" + ], + "tool": "ESLint", + "ruleId": "@microsoft/sdl/no-html-method", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "9e93335f4998702254fec6081c9782ba12cdb90d818a25742717c4895e055cd0": { + "signature": "9e93335f4998702254fec6081c9782ba12cdb90d818a25742717c4895e055cd0", + "target": "pkg/portal/assets/lib/bootstrap-4.5.2.min.js", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "80411", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "fb3dac99dd840709a8197044f336e613515155803bc89dc65a5e42d2f6c65d9e": { + "signature": "fb3dac99dd840709a8197044f336e613515155803bc89dc65a5e42d2f6c65d9e", + "target": "pkg/portal/assets/lib/bootstrap-select-1.13.14.min.js", + "memberOf": [ + "default" + ], + "tool": "ESLint", + "ruleId": "@microsoft/sdl/no-inner-html", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "a87cae7679649d21e179514bbda8cecc135a9bc6d2450c4a431f12e6564b4a26": { + "signature": "a87cae7679649d21e179514bbda8cecc135a9bc6d2450c4a431f12e6564b4a26", + "target": "pkg/portal/assets/lib/bootstrap-select-1.13.14.min.js", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "80411", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "e0ea2773e69dfa94138d7e59a66ef5284f2210e4062ed5d88b658db8fb515fc9": { + "signature": "e0ea2773e69dfa94138d7e59a66ef5284f2210e4062ed5d88b658db8fb515fc9", + "target": "pkg/portal/assets/lib/jquery-3.5.1.min.js", + "memberOf": [ + "default" + ], + "tool": "ESLint", + "ruleId": "@microsoft/sdl/no-inner-html", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "53a6fd40496c6da617ef3de2ee99d40fe7ec9cb74056e96ee6e278c7ac76d8c9": { + "signature": "53a6fd40496c6da617ef3de2ee99d40fe7ec9cb74056e96ee6e278c7ac76d8c9", + "target": "pkg/portal/assets/lib/jquery-3.5.1.min.js", + "memberOf": [ + "default" + ], + "tool": "ESLint", + "ruleId": "@microsoft/sdl/no-html-method", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "4f6f0c9562220288a4d2ef92d458ee4a3d02375491e5281a04a4e1245eb5cd67": { + "signature": "4f6f0c9562220288a4d2ef92d458ee4a3d02375491e5281a04a4e1245eb5cd67", + "target": "pkg/portal/assets/lib/popper-1.12.9.min.js", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "211972", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "0a658656743ed3c5cb8f34b7da4861fdcc579472ba4013f0b20e2ffb0f6278db": { + "signature": "0a658656743ed3c5cb8f34b7da4861fdcc579472ba4013f0b20e2ffb0f6278db", + "target": "vendor/github.com/Djarvur/go-err113/.golangci.yml", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "79459", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "71872f574e2dd41672f3de8d647d1467f973e6786d04df6b01df8c536134b190": { + "signature": "71872f574e2dd41672f3de8d647d1467f973e6786d04df6b01df8c536134b190", + "target": "vendor/github.com/golangci/misspell/README.md", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "79570", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "ac45307b7f52c6a06cd1e2e15f2d88367c6d7ea42beb3bd6e1741f2f1b56d342": { + "signature": "ac45307b7f52c6a06cd1e2e15f2d88367c6d7ea42beb3bd6e1741f2f1b56d342", + "target": "vendor/github.com/gorilla/csrf/README.md", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "80411", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "d8cdc23f09bfb5154317f9d7f84ee0058c7f3607372cf2f93307f6a2aa2b2397": { + "signature": "d8cdc23f09bfb5154317f9d7f84ee0058c7f3607372cf2f93307f6a2aa2b2397", + "target": "vendor/github.com/matoous/godox/.golangci.yml", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "79459", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "c3ad2e7173a56c742c1f55d549ea9aa1169806f46b649fb36fa5c128a4dd5d13": { + "signature": "c3ad2e7173a56c742c1f55d549ea9aa1169806f46b649fb36fa5c128a4dd5d13", + "target": "vendor/github.com/onsi/ginkgo/CHANGELOG.md", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "183125", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "f572c9bc592da3e9285b510fe8929d4bfe0c51ef69ea1e298261870c62d431d0": { + "signature": "f572c9bc592da3e9285b510fe8929d4bfe0c51ef69ea1e298261870c62d431d0", + "target": "vendor/github.com/OpenPeeDeeP/depguard/README.md", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "80409", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "abc528ba2ee6fad85ea075e9eb745a016dcd08c4319cbe3dd02e55bf4760de96": { + "signature": "abc528ba2ee6fad85ea075e9eb745a016dcd08c4319cbe3dd02e55bf4760de96", + "target": "vendor/github.com/OpenPeeDeeP/depguard/README.md", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "79458", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "239ea87a93e65e1a44704dda0927367c5631790451b2d8791520d886dcbefe06": { + "signature": "239ea87a93e65e1a44704dda0927367c5631790451b2d8791520d886dcbefe06", + "target": "vendor/github.com/OpenPeeDeeP/depguard/README.md", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "80411", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "c9c4231a7c7ec4d3e99bd137c4ad56d79b61286280324395d34deb7a93855ac5": { + "signature": "c9c4231a7c7ec4d3e99bd137c4ad56d79b61286280324395d34deb7a93855ac5", + "target": "vendor/github.com/OpenPeeDeeP/depguard/README.md", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "80411", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "fc721b1a51b4e6cc1f0c421114d64415e72d0343f26e4eadb9e3cc8aea3f8dd7": { + "signature": "fc721b1a51b4e6cc1f0c421114d64415e72d0343f26e4eadb9e3cc8aea3f8dd7", + "target": "vendor/github.com/OpenPeeDeeP/depguard/README.md", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "79459", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "435bc256cdfdafdf1998f4ac193889c085d6c33248098e1ececa084f5a848879": { + "signature": "435bc256cdfdafdf1998f4ac193889c085d6c33248098e1ececa084f5a848879", + "target": "vendor/github.com/OpenPeeDeeP/depguard/README.md", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "79459", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "b10fdc18ed5ab1ad827e2818710485811999407cc75325511412d7313a7e04b9": { + "signature": "b10fdc18ed5ab1ad827e2818710485811999407cc75325511412d7313a7e04b9", + "target": "vendor/gopkg.in/AlecAivazis/survey.v1/README.md", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "80241", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "ad62bb8858c3213271808f0ca500a7db9c8d4ef255505a6e49abd719858dd3e0": { + "signature": "ad62bb8858c3213271808f0ca500a7db9c8d4ef255505a6e49abd719858dd3e0", + "target": "vendor/google.golang.org/api/compute/v1/compute-api.json", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "80411", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "8f798268a0ff7469696f2c43b0d3e4ff70bdd2a7f676430651b44628a76648b9": { + "signature": "8f798268a0ff7469696f2c43b0d3e4ff70bdd2a7f676430651b44628a76648b9", + "target": "vendor/google.golang.org/api/compute/v1/compute-api.json", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "209526", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "47ea1c58d8afd46f92d9ba1f84983dcfc6aacb2f1c7506c08ddcfa9f69cbbe61": { + "signature": "47ea1c58d8afd46f92d9ba1f84983dcfc6aacb2f1c7506c08ddcfa9f69cbbe61", + "target": "vendor/google.golang.org/api/compute/v1/compute-api.json", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "79459", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "5a6392b55b81eccf9ca74a09d4c76f6beeb1975b8e232e662f2e1ac7a264fd17": { + "signature": "5a6392b55b81eccf9ca74a09d4c76f6beeb1975b8e232e662f2e1ac7a264fd17", + "target": "vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "80409", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "0a91b109e86130d46f7038d7d81266228e886e6d70d1ce0f4e3217f6f3306e36": { + "signature": "0a91b109e86130d46f7038d7d81266228e886e6d70d1ce0f4e3217f6f3306e36", + "target": "vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "80411", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "2ad4a9019f0448d937ead179db770d5cc42b9a75cd07c93fe091af259d891b9a": { + "signature": "2ad4a9019f0448d937ead179db770d5cc42b9a75cd07c93fe091af259d891b9a", + "target": "vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "80411", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + }, + "6348b36cd4ecfa496869b5fd0fc914e3d254907186edecf953935a63530f78e0": { + "signature": "6348b36cd4ecfa496869b5fd0fc914e3d254907186edecf953935a63530f78e0", + "target": "vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "80409", + "justification": null, + "createdDate": "2021-04-19 17:58:41Z", + "expirationDate": null, + "type": null + } + } +} \ No newline at end of file diff --git a/.gdn/.gitignore b/.gdn/.gitignore new file mode 100644 index 000000000..a147f7d08 --- /dev/null +++ b/.gdn/.gitignore @@ -0,0 +1,10 @@ +## Ignore Guardian internal files +.r/ +rc/ +rs/ +i/ +p/ +c/ + +## Ignore Guardian Local settings +LocalSettings.gdn.json diff --git a/.pipelines/onebranch/pipeline.buildrp.official.yml b/.pipelines/onebranch/pipeline.buildrp.official.yml new file mode 100644 index 000000000..26aebade2 --- /dev/null +++ b/.pipelines/onebranch/pipeline.buildrp.official.yml @@ -0,0 +1,125 @@ +################################################################################# +# OneBranch Pipelines # +# This pipeline was created by EasyStart from a sample located at: # +# https://aka.ms/obpipelines/easystart/samples # +# Documentation: https://aka.ms/obpipelines # +# Yaml Schema: https://aka.ms/obpipelines/yaml/schema # +# Retail Tasks: https://aka.ms/obpipelines/tasks # +# Support: https://aka.ms/onebranchsup # +################################################################################# + +trigger: none +pr: none + +variables: + CDP_DEFINITION_BUILD_COUNT: $[counter('', 0)] # needed for onebranch.pipeline.version task https://aka.ms/obpipelines/versioning + LinuxContainerImage: cdpxlinux.azurecr.io/global/ubuntu-1804-all:5.0 # Docker image which is used to build the project https://aka.ms/obpipelines/containers + DEBIAN_FRONTEND: noninteractive + +resources: + repositories: + - repository: templates + type: git + name: OneBranch.Pipelines/GovernedTemplates + ref: refs/heads/main + - repository: rhado + type: git + name: ARO.Pipelines + +extends: + template: v2/OneBranch.Official.CrossPlat.yml@templates # https://aka.ms/obpipelines/templates + parameters: + globalSdl: # https://aka.ms/obpipelines/sdl + # tsa: + # enabled: true # SDL results of non-official builds aren't uploaded to TSA by default. + # credscan: + # suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppressions.json + policheck: + break: true # always break the build on policheck issues. You can disable it by setting to 'false' + suppression: + suppressionFile: $(Build.SourcesDirectory)\.gdn\.gdnsuppress + suppressionSet: default + + stages: + - stage: Build_Ev2_Artifacts + jobs: + - job: Build_Ev2_Artifacts + pool: + type: linux + + variables: # More settings at https://aka.ms/obpipelines/yaml/jobs + ob_outputDirectory: $(Build.SourcesDirectory)/out # this directory is uploaded to pipeline artifacts, reddog and cloudvault. More info at https://aka.ms/obpipelines/artifacts + + steps: + - checkout: rhado + - task: GoTool@0 + displayName: Use Go 1.16.2 + inputs: + version: 1.16.2 + - task: Go@0 + inputs: + command: custom + customCommand: run + arguments: . --config-path ./config/ + workingDirectory: $(Build.SourcesDirectory)/ARO.Pipelines/ev2/generator/ + displayName: ⚙️ Generate Ev2 Deployment Manifests + - task: Bash@3 + displayName: ⚙️ Copy to ob_outputDirectory + inputs: + targetType: filePath + filePath: .pipelines/onebranch/scripts/deploymentpipeline.sh + +# https://onebranch.visualstudio.com/OneBranch/_wiki/wikis/OneBranch.wiki/4605/Artifacts + + - stage: Build_Docker_Image + jobs: + - job: Build_Docker_Image + pool: + type: docker + os: linux + variables: + ob_git_checkout: true + steps: + - task: onebranch.pipeline.imagebuildinfo@1 + displayName: Build Multi Stage Dockerfile + inputs: + repositoryName: aro-rp + dockerFileRelPath: ./Dockerfile.aro-multistage + dockerFileContextPath: ./ + registry: cdpxlinux.azurecr.io + saveImageToPath: aro-rp.tar + buildkit: 1 + enable_network: true + build_tag: $(Build.BuildNumber) + + + - stage: Build_ARO + jobs: + - job: Build_ARO + pool: + type: linux + + variables: # More settings at https://aka.ms/obpipelines/yaml/jobs + ob_outputDirectory: $(Build.SourcesDirectory)/out # this directory is uploaded to pipeline artifacts, reddog and cloudvault. More info at https://aka.ms/obpipelines/artifacts + + steps: + - task: GoTool@0 + displayName: Use Go 1.14 + inputs: + version: '1.14' + GOPATH: $(Agent.TempDirectory) + - task: Bash@3 + displayName: ⚙️ Make ARO + inputs: + targetType: inline + script: | + mkdir -p $(Agent.TempDirectory)/src/github.com/Azure/ + cp -rd $(Build.SourcesDirectory) $(Agent.TempDirectory)/src/github.com/Azure/ARO-RP + cd $(Agent.TempDirectory)/src/github.com/Azure/ARO-RP + ls + git rev-parse --short HEAD + git status --porcelain + make aro + mkdir -p $(ob_outputDirectory) + cp aro $(ob_outputDirectory)/aro + workingDirectory: $(Build.SourcesDirectory) diff --git a/.pipelines/onebranch/pipeline.buildrp.pullrequest.yml b/.pipelines/onebranch/pipeline.buildrp.pullrequest.yml new file mode 100644 index 000000000..88099dbd6 --- /dev/null +++ b/.pipelines/onebranch/pipeline.buildrp.pullrequest.yml @@ -0,0 +1,125 @@ +################################################################################# +# OneBranch Pipelines # +# This pipeline was created by EasyStart from a sample located at: # +# https://aka.ms/obpipelines/easystart/samples # +# Documentation: https://aka.ms/obpipelines # +# Yaml Schema: https://aka.ms/obpipelines/yaml/schema # +# Retail Tasks: https://aka.ms/obpipelines/tasks # +# Support: https://aka.ms/onebranchsup # +################################################################################# + +trigger: none +pr: none + +variables: + CDP_DEFINITION_BUILD_COUNT: $[counter('', 0)] # needed for onebranch.pipeline.version task https://aka.ms/obpipelines/versioning + LinuxContainerImage: cdpxlinux.azurecr.io/global/ubuntu-1804-all:5.0 # Docker image which is used to build the project https://aka.ms/obpipelines/containers + DEBIAN_FRONTEND: noninteractive + +resources: + repositories: + - repository: templates + type: git + name: OneBranch.Pipelines/GovernedTemplates + ref: refs/heads/main + - repository: rhado + type: git + name: ARO.Pipelines + +extends: + template: v2/OneBranch.NonOfficial.CrossPlat.yml@templates # https://aka.ms/obpipelines/templates + parameters: + globalSdl: # https://aka.ms/obpipelines/sdl + # tsa: + # enabled: true # SDL results of non-official builds aren't uploaded to TSA by default. + # credscan: + # suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppressions.json + policheck: + break: true # always break the build on policheck issues. You can disable it by setting to 'false' + suppression: + suppressionFile: $(Build.SourcesDirectory)\.gdn\.gdnsuppress + suppressionSet: default + + stages: + - stage: Build_Ev2_Artifacts + jobs: + - job: Build_Ev2_Artifacts + pool: + type: linux + + variables: # More settings at https://aka.ms/obpipelines/yaml/jobs + ob_outputDirectory: $(Build.SourcesDirectory)/out # this directory is uploaded to pipeline artifacts, reddog and cloudvault. More info at https://aka.ms/obpipelines/artifacts + + steps: + - checkout: rhado + - task: GoTool@0 + displayName: Use Go 1.16.2 + inputs: + version: 1.16.2 + - task: Go@0 + inputs: + command: custom + customCommand: run + arguments: . --config-path ./config/ + workingDirectory: $(Build.SourcesDirectory)/ARO.Pipelines/ev2/generator/ + displayName: ⚙️ Generate Ev2 Deployment Manifests + - task: Bash@3 + displayName: ⚙️ Copy to ob_outputDirectory + inputs: + targetType: filePath + filePath: .pipelines/onebranch/scripts/deploymentpipeline.sh + +# https://onebranch.visualstudio.com/OneBranch/_wiki/wikis/OneBranch.wiki/4605/Artifacts + + - stage: Build_Docker_Image + jobs: + - job: Build_Docker_Image + pool: + type: docker + os: linux + variables: + ob_git_checkout: true + steps: + - task: onebranch.pipeline.imagebuildinfo@1 + displayName: Build Multi Stage Dockerfile + inputs: + repositoryName: aro-rp + dockerFileRelPath: ./Dockerfile.aro-multistage + dockerFileContextPath: ./ + registry: cdpxlinux.azurecr.io + saveImageToPath: aro-rp.tar + buildkit: 1 + enable_network: true + build_tag: $(Build.BuildNumber) + + + - stage: Build_ARO + jobs: + - job: Build_ARO + pool: + type: linux + + variables: # More settings at https://aka.ms/obpipelines/yaml/jobs + ob_outputDirectory: $(Build.SourcesDirectory)/out # this directory is uploaded to pipeline artifacts, reddog and cloudvault. More info at https://aka.ms/obpipelines/artifacts + + steps: + - task: GoTool@0 + displayName: Use Go 1.14 + inputs: + version: '1.14' + GOPATH: $(Agent.TempDirectory) + - task: Bash@3 + displayName: ⚙️ Make ARO + inputs: + targetType: inline + script: | + mkdir -p $(Agent.TempDirectory)/src/github.com/Azure/ + cp -rd $(Build.SourcesDirectory) $(Agent.TempDirectory)/src/github.com/Azure/ARO-RP + cd $(Agent.TempDirectory)/src/github.com/Azure/ARO-RP + ls + git rev-parse --short HEAD + git status --porcelain + make aro + mkdir -p $(ob_outputDirectory) + cp aro $(ob_outputDirectory)/aro + workingDirectory: $(Build.SourcesDirectory) diff --git a/.pipelines/onebranch/pipeline.image.mirror.official.yml b/.pipelines/onebranch/pipeline.image.mirror.official.yml new file mode 100644 index 000000000..9ca82eef6 --- /dev/null +++ b/.pipelines/onebranch/pipeline.image.mirror.official.yml @@ -0,0 +1,81 @@ +################################################################################# +# OneBranch Pipelines # +# This pipeline was created by EasyStart from a sample located at: # +# https://aka.ms/obpipelines/easystart/samples # +# Documentation: https://aka.ms/obpipelines # +# Yaml Schema: https://aka.ms/obpipelines/yaml/schema # +# Retail Tasks: https://aka.ms/obpipelines/tasks # +# Support: https://aka.ms/onebranchsup # +################################################################################# + +trigger: none +pr: none + +parameters: +- name: vsoDeployerBuildID + type: string + default: latest + +variables: + CDP_DEFINITION_BUILD_COUNT: $[counter('', 0)] # needed for onebranch.pipeline.version task https://aka.ms/obpipelines/versioning + LinuxContainerImage: centos:centos7 # Docker image which is used to build the project https://aka.ms/obpipelines/containers + DEBIAN_FRONTEND: noninteractive + vso-deployer-pipeline-id: 206753 + vso-project-id: 5d69ab04-7ded-49dc-84d5-bbbcac4add8d + +resources: + repositories: + - repository: templates + type: git + name: OneBranch.Pipelines/GovernedTemplates + ref: refs/heads/main + - repository: rhado + type: git + name: ARO.Pipelines + +extends: + template: v2/OneBranch.Official.CrossPlat.yml@templates # https://aka.ms/obpipelines/templates + parameters: + globalSdl: # https://aka.ms/obpipelines/sdl + # tsa: + # enabled: true # SDL results of non-official builds aren't uploaded to TSA by default. + # credscan: + # suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppressions.json + policheck: + break: true # always break the build on policheck issues. You can disable it by setting to 'false' + suppression: + suppressionFile: $(Build.SourcesDirectory)\.gdn\.gdnsuppress + suppressionSet: default + + stages: + - stage: Mirror_Images + variables: + - group: INT RP Service Secrets + jobs: + - job: Mirror_Images + timeoutInMinutes: 360 + pool: + type: linux + + variables: # More settings at https://aka.ms/obpipelines/yaml/jobs + ob_outputDirectory: $(Build.SourcesDirectory)/out # this directory is uploaded to pipeline artifacts, reddog and cloudvault. More info at https://aka.ms/obpipelines/artifacts + + steps: + - checkout: rhado + - task: DownloadPipelineArtifact@2 + displayName: Download Deployer + inputs: + buildType: specific + project: $(vso-project-id) + pipeline: $(vso-deployer-pipeline-id) + ${{ if eq(parameters.vsoDeployerBuildID, 'latest') }}: + buildVersionToDownload: FromBranch + branchName: refs/heads/master + downloadType: specific + downloadPath: $(Build.SourcesDirectory)/deployer + artifact: drop_Build_ARO_Build_ARO + - task: Bash@3 + displayName: ⚙️ Run Ev2 Manifest packaging + inputs: + targetType: filePath + filePath: .pipelines/onebranch/scripts/mirrorpipeline.sh diff --git a/.pipelines/onebranch/pipeline.image.mirror.pullrequest.yml b/.pipelines/onebranch/pipeline.image.mirror.pullrequest.yml new file mode 100644 index 000000000..f3b9c4b8a --- /dev/null +++ b/.pipelines/onebranch/pipeline.image.mirror.pullrequest.yml @@ -0,0 +1,81 @@ +################################################################################# +# OneBranch Pipelines # +# This pipeline was created by EasyStart from a sample located at: # +# https://aka.ms/obpipelines/easystart/samples # +# Documentation: https://aka.ms/obpipelines # +# Yaml Schema: https://aka.ms/obpipelines/yaml/schema # +# Retail Tasks: https://aka.ms/obpipelines/tasks # +# Support: https://aka.ms/onebranchsup # +################################################################################# + +trigger: none +pr: none + +parameters: +- name: vsoDeployerBuildID + type: string + default: latest + +variables: + CDP_DEFINITION_BUILD_COUNT: $[counter('', 0)] # needed for onebranch.pipeline.version task https://aka.ms/obpipelines/versioning + LinuxContainerImage: centos:centos7 # Docker image which is used to build the project https://aka.ms/obpipelines/containers + DEBIAN_FRONTEND: noninteractive + vso-deployer-pipeline-id: 206753 + vso-project-id: 5d69ab04-7ded-49dc-84d5-bbbcac4add8d + +resources: + repositories: + - repository: templates + type: git + name: OneBranch.Pipelines/GovernedTemplates + ref: refs/heads/main + - repository: rhado + type: git + name: ARO.Pipelines + +extends: + template: v2/OneBranch.NonOfficial.CrossPlat.yml@templates # https://aka.ms/obpipelines/templates + parameters: + globalSdl: # https://aka.ms/obpipelines/sdl + # tsa: + # enabled: true # SDL results of non-official builds aren't uploaded to TSA by default. + # credscan: + # suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppressions.json + policheck: + break: true # always break the build on policheck issues. You can disable it by setting to 'false' + suppression: + suppressionFile: $(Build.SourcesDirectory)\.gdn\.gdnsuppress + suppressionSet: default + + stages: + - stage: Mirror_Images + variables: + - group: INT RP Service Secrets + jobs: + - job: Mirror_Images + timeoutInMinutes: 360 + pool: + type: linux + + variables: # More settings at https://aka.ms/obpipelines/yaml/jobs + ob_outputDirectory: $(Build.SourcesDirectory)/out # this directory is uploaded to pipeline artifacts, reddog and cloudvault. More info at https://aka.ms/obpipelines/artifacts + + steps: + - checkout: rhado + - task: DownloadPipelineArtifact@2 + displayName: Download Deployer + inputs: + buildType: specific + project: $(vso-project-id) + pipeline: $(vso-deployer-pipeline-id) + ${{ if eq(parameters.vsoDeployerBuildID, 'latest') }}: + buildVersionToDownload: FromBranch + branchName: refs/heads/master + downloadType: specific + downloadPath: $(Build.SourcesDirectory)/deployer + artifact: drop_Build_ARO_Build_ARO + - task: Bash@3 + displayName: ⚙️ Run Ev2 Manifest packaging + inputs: + targetType: filePath + filePath: .pipelines/onebranch/scripts/mirrorpipeline.sh diff --git a/.pipelines/onebranch/scripts/deploymentpipeline.sh b/.pipelines/onebranch/scripts/deploymentpipeline.sh new file mode 100644 index 000000000..dc521e3cf --- /dev/null +++ b/.pipelines/onebranch/scripts/deploymentpipeline.sh @@ -0,0 +1,32 @@ +set -e + +echo "Creating required directories" + +mkdir -p $OB_OUTPUTDIRECTORY/ServiceGroupRoot/bin/ +mkdir -p $OB_OUTPUTDIRECTORY/ServiceGroupRoot/Parameters/ +mkdir -p $OB_OUTPUTDIRECTORY/Shell/ + +echo "Downloading Crane" + +wget -O $OB_OUTPUTDIRECTORY/Shell/crane.tar.gz https://github.com/google/go-containerregistry/releases/download/v0.4.0/go-containerregistry_Linux_x86_64.tar.gz + +echo "Extracting Crane binaries" + +pushd $OB_OUTPUTDIRECTORY/Shell +tar xzvf crane.tar.gz +rm crane.tar.gz +popd + +echo "Copying required files to ob_outputdirectory: ${OB_OUTPUTDIRECTORY}" + +tar -rvf ./ARO.Pipelines/ev2/generator/deployment.tar -C "$OB_OUTPUTDIRECTORY/Shell" $(cd $OB_OUTPUTDIRECTORY/Shell; echo *) +tar -rvf ./ARO.Pipelines/ev2/generator/deployment.tar -C "./ARO.Pipelines/RP-Config" $(cd ./ARO.Pipelines/RP-Config; echo *) + +echo "Copy tar to ob_outputdirectory dir" +cp -r ./ARO.Pipelines/ev2/Deployment/ServiceGroupRoot/ $OB_OUTPUTDIRECTORY/ +cp ./ARO.Pipelines/ev2/generator/deployment.tar $OB_OUTPUTDIRECTORY/ServiceGroupRoot/bin/ + +echo "Listing the contents of dirs for debugging" +ls $OB_OUTPUTDIRECTORY +ls $OB_OUTPUTDIRECTORY/ServiceGroupRoot/ +ls $OB_OUTPUTDIRECTORY/ServiceGroupRoot/bin/ diff --git a/.pipelines/onebranch/scripts/mirrorpipeline.sh b/.pipelines/onebranch/scripts/mirrorpipeline.sh new file mode 100644 index 000000000..106d5c197 --- /dev/null +++ b/.pipelines/onebranch/scripts/mirrorpipeline.sh @@ -0,0 +1,13 @@ +SERVICE_GROUP_ROOT=$BUILD_SOURCESDIRECTORY/ARO.Pipelines/ev2/Mirroring/ServiceGroupRoot +EV2_BIN=$SERVICE_GROUP_ROOT/bin +ARO_DIR=$BUILD_SOURCESDIRECTORY/deployer + +mkdir $OB_OUTPUTDIRECTORY + +cd $ARO_DIR +tar -cvf $EV2_BIN/aro.tar aro +cd $SERVICE_GROUP_ROOT/bin +tar -rf $EV2_BIN/aro.tar mirror.sh +rm mirror.sh + +cp -r $SERVICE_GROUP_ROOT $OB_OUTPUTDIRECTORY/ServiceGroupRoot/