зеркало из https://github.com/golang/vulndb.git
91 строка
2.2 KiB
YAML
91 строка
2.2 KiB
YAML
steps:
|
|
- id: Lock
|
|
name: golang:1.23.0
|
|
entrypoint: bash
|
|
args:
|
|
- -ec
|
|
- |
|
|
if [[ "$COMMIT_SHA" = '' ]]; then
|
|
echo "no COMMIT_SHA, not locking"
|
|
exit 0
|
|
fi
|
|
go run golang.org/x/website/cmd/locktrigger@latest \
|
|
-project $PROJECT_ID -build $BUILD_ID -repo https://go.googlesource.com/vulndb
|
|
|
|
- id: Unshallow
|
|
name: gcr.io/cloud-builders/git
|
|
entrypoint: bash
|
|
args:
|
|
- -c
|
|
- |
|
|
if ! git fetch --unshallow; then
|
|
echo "git fetch --unshallow failed, no worries mate"
|
|
fi
|
|
|
|
- id: Test
|
|
name: golang:1.23.0
|
|
entrypoint: bash
|
|
args:
|
|
- -ec
|
|
- go test ./...
|
|
|
|
- id: CopyExisting
|
|
name: gcr.io/cloud-builders/gsutil
|
|
entrypoint: bash
|
|
args:
|
|
- -ec
|
|
- gsutil -q -m cp -r gs://go-vulndb /workspace
|
|
|
|
- id: Generate
|
|
name: golang:1.23.0
|
|
entrypoint: bash
|
|
args: ["-ec", "go run ./cmd/gendb -out /workspace/db -zip /workspace/db/vulndb.zip"]
|
|
|
|
- id: PreValidate
|
|
name: golang:1.23.0
|
|
entrypoint: bash
|
|
args:
|
|
- -ec
|
|
- go run ./cmd/checkdeploy -new /workspace/db -existing /workspace/go-vulndb
|
|
|
|
- id: Deploy
|
|
name: gcr.io/cloud-builders/gsutil
|
|
entrypoint: bash
|
|
args: ["./deploy/gcp-deploy.sh"]
|
|
|
|
- id: CopyDeployed
|
|
name: gcr.io/cloud-builders/gsutil
|
|
entrypoint: bash
|
|
args:
|
|
- -ec
|
|
- mkdir /workspace/deployed && gsutil -q -m cp -r gs://go-vulndb /workspace/deployed
|
|
|
|
- id: PostValidate
|
|
name: golang:1.23.0
|
|
entrypoint: bash
|
|
args: ["-ec", "go run ./cmd/checkdb /workspace/deployed/go-vulndb"]
|
|
env:
|
|
- 'GOPROXY=https://proxy.golang.org'
|
|
|
|
- id: PublishCVEs
|
|
name: golang:1.23.0
|
|
entrypoint: bash
|
|
args:
|
|
- -ec
|
|
- |
|
|
# Ensure we have valid credentials before attempting publish.
|
|
go run ./cmd/cve -key $$CVE_API_KEY -user $$CVE_API_USER quota
|
|
# Publish or update any CVE records that have changed.
|
|
go run ./cmd/cve -key $$CVE_API_KEY -user $$CVE_API_USER publish-all
|
|
secretEnv: ['CVE_API_USER', 'CVE_API_KEY']
|
|
|
|
availableSecrets:
|
|
secretManager:
|
|
- versionName: ${_CVE_API_KEY}
|
|
env: 'CVE_API_KEY'
|
|
- versionName: ${_CVE_API_USER}
|
|
env: 'CVE_API_USER'
|
|
|
|
options:
|
|
logging: CLOUD_LOGGING_ONLY
|