feat: drop multiregion ci (#5154)
* feat: drop multiregion ci * fix: vulnerabilty scan
This commit is contained in:
Daniel Gak Anagrov
committed by
GitHub
GitHub
parent
d3d0178f7f
commit
d5e2a03b62
@@ -1,16 +0,0 @@
|
||||
# Publishing and Releasing
|
||||
|
||||
## Publishing Images
|
||||
|
||||
Images are published based on the logic in [should_publish.sh](./should_publish.sh), and the regex provided in `PUBLISHABLE_TAGS` and `PUBLISHABLE_BRANCHES` environment variables in the CircleCI [config](./config.yml).
|
||||
|
||||
Currently images are published in the following conditions:
|
||||
|
||||
- any commit to branches named `main`, `hotfix.*`, or `alpha.*`
|
||||
- any branch tagged with [semver](https://semver.org/) `major.minor.patch` (regex: `^[0-9]+\.[0-9]+\.[0-9]+$`)
|
||||
|
||||
## Creating a release
|
||||
|
||||
The easiest way to create a new release is to [Create a New Release](https://github.com/specklesystems/speckle-server/releases/new) on Github, and in the 'Select A Tag' dropdown create a new tag with the appropriate [semver](https://semver.org/) increment.
|
||||
|
||||
Ideally the target branch should be `main`.
|
||||
@@ -1,22 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -eo pipefail
|
||||
|
||||
# enables building the test-deployment container with the same script
|
||||
# defaults to packages for minimal intervention in the ci config
|
||||
FOLDER="${FOLDER:-packages}"
|
||||
|
||||
SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
|
||||
# shellcheck disable=SC1090,SC1091
|
||||
source "${SCRIPT_DIR}/common.sh"
|
||||
|
||||
echo "Building image: ${DOCKER_IMAGE_TAG}:${IMAGE_VERSION_TAG}"
|
||||
|
||||
export DOCKER_BUILDKIT=1
|
||||
|
||||
docker build --build-arg SPECKLE_SERVER_VERSION="${IMAGE_VERSION_TAG}" --tag "${DOCKER_IMAGE_TAG}:${IMAGE_VERSION_TAG}" --file "${FOLDER}/${SPECKLE_SERVER_PACKAGE}/Dockerfile" .
|
||||
|
||||
echo "🐳 Logging into Docker"
|
||||
echo "${DOCKER_REG_PASS}" | docker login -u "${DOCKER_REG_USER}" --password-stdin "${DOCKER_REG_URL}"
|
||||
|
||||
echo "⏫ Pushing image: '${DOCKER_IMAGE_TAG}:${IMAGE_VERSION_TAG}'"
|
||||
docker push "${DOCKER_IMAGE_TAG}:${IMAGE_VERSION_TAG}"
|
||||
@@ -1,38 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
set -eo pipefail
|
||||
|
||||
GIT_ROOT="$(git rev-parse --show-toplevel)"
|
||||
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
||||
|
||||
# shellcheck disable=SC1090,SC1091
|
||||
source "${SCRIPT_DIR}/common.sh"
|
||||
|
||||
FE2_DIR_PATH="${FE2_DIR_PATH:-"packages/frontend-2"}"
|
||||
FE2_DATADOG_SERVICE="${FE2_DATADOG_SERVICE:-"web-app-2"}"
|
||||
DATADOG_SITE="${DATADOG_SITE:-"datadoghq.eu"}"
|
||||
|
||||
if [[ -z "${DATADOG_API_KEY}" ]]; then
|
||||
echo "DATADOG_API_KEY is not set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Build same prod docker image just w/ sourcemaps enabled
|
||||
export DOCKER_BUILDKIT=1
|
||||
docker build --build-arg BUILD_SOURCEMAPS=true --build-arg SPECKLE_SERVER_VERSION="${IMAGE_VERSION_TAG}" --tag "${DOCKER_IMAGE_TAG}:${IMAGE_VERSION_TAG}-sourcemaps" --file "${FE2_DIR_PATH}/Dockerfile" .
|
||||
container_id=$(docker create "${DOCKER_IMAGE_TAG}:${IMAGE_VERSION_TAG}-sourcemaps")
|
||||
|
||||
# Clean target location and copy sourcemaps into it
|
||||
rm -rf "${GIT_ROOT}/${FE2_DIR_PATH}/.output"
|
||||
docker cp "$container_id":/speckle-server "${GIT_ROOT}/${FE2_DIR_PATH}/.output"
|
||||
docker rm "$container_id"
|
||||
|
||||
# Publish sourcemaps
|
||||
pushd "${GIT_ROOT}/${FE2_DIR_PATH}"
|
||||
DATADOG_SITE="${DATADOG_SITE}" npx --yes @datadog/datadog-ci sourcemaps upload ./.output/public/_nuxt \
|
||||
--service="${FE2_DATADOG_SERVICE}" \
|
||||
--release-version="${IMAGE_VERSION_TAG}" \
|
||||
--minified-path-prefix=/_nuxt
|
||||
popd
|
||||
|
||||
# Clean up
|
||||
rm -rf "${GIT_ROOT}/${FE2_DIR_PATH}/.output"
|
||||
@@ -1,88 +0,0 @@
|
||||
#!/usr/bin/python3
|
||||
import sys
|
||||
from typing import Optional
|
||||
from dataclasses import dataclass
|
||||
|
||||
|
||||
@dataclass
|
||||
class Version:
|
||||
major: int
|
||||
minor: int
|
||||
patch: int
|
||||
pre_release_tag: Optional[str] = None
|
||||
build_number: Optional[int] = None
|
||||
|
||||
@property
|
||||
def pre_release_priority(self) -> int:
|
||||
if self.pre_release_tag == "alpha":
|
||||
return 1
|
||||
if self.pre_release_tag == "beta":
|
||||
return 2
|
||||
return 10
|
||||
|
||||
@staticmethod
|
||||
def parse_version_slug(version_slug: str) -> "Version":
|
||||
members = version_slug.split(".")
|
||||
assert 3 <= len(members) <= 4
|
||||
if len(members) == 3:
|
||||
major, minor, patch = members
|
||||
return Version(int(major), int(minor), int(patch))
|
||||
|
||||
else:
|
||||
major, minor, patch_and_pre, build = members
|
||||
patch, pre = patch_and_pre.split("-")
|
||||
return Version(int(major), int(minor), int(patch), pre, int(build))
|
||||
|
||||
def __gt__(self, other):
|
||||
if not isinstance(other, Version):
|
||||
raise ValueError(f"cannot compare with {other}")
|
||||
|
||||
if self.major > other.major:
|
||||
return True
|
||||
if self.major < other.major:
|
||||
return False
|
||||
|
||||
if self.minor > other.minor:
|
||||
return True
|
||||
if self.minor < other.minor:
|
||||
return False
|
||||
|
||||
if self.patch > other.patch:
|
||||
return True
|
||||
if self.patch < other.patch:
|
||||
return False
|
||||
|
||||
if self.pre_release_tag == other.pre_release_tag:
|
||||
if self.build_number > other.build_number:
|
||||
return True
|
||||
if self.build_number < other.build_number:
|
||||
return False
|
||||
|
||||
if self.pre_release_priority > other.pre_release_priority:
|
||||
return True
|
||||
if self.pre_release_priority < other.pre_release_priority:
|
||||
return False
|
||||
|
||||
return True
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
print("\nStarting version compare\n")
|
||||
args = sys.argv[1:]
|
||||
assert len(args) == 2
|
||||
|
||||
current_version_slug, target_version_slug = args
|
||||
|
||||
print(
|
||||
f"comparing current version {current_version_slug} with target {target_version_slug}"
|
||||
)
|
||||
|
||||
current_version = Version.parse_version_slug(current_version_slug)
|
||||
target_version = Version.parse_version_slug(target_version_slug)
|
||||
|
||||
if target_version > current_version:
|
||||
print("target version is newer\n")
|
||||
exit(0)
|
||||
|
||||
print("current version is newer\n")
|
||||
exit(1)
|
||||
@@ -1,14 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
set -eo pipefail
|
||||
|
||||
# shellcheck disable=SC2034
|
||||
DOCKER_IMAGE_TAG="speckle/speckle-${SPECKLE_SERVER_PACKAGE}"
|
||||
IMAGE_VERSION_TAG="${IMAGE_VERSION_TAG:-${CIRCLE_SHA1}}"
|
||||
# shellcheck disable=SC2068,SC2046
|
||||
LAST_RELEASE="$(git describe --always --tags $(git rev-list --tags) | grep -E '^[0-9]+\.[0-9]+\.[0-9]+$' | head -n 1)" # get the last release tag. FIXME: Fails if a commit is tagged with more than one tag: https://stackoverflow.com/questions/8089002/git-describe-with-two-tags-on-the-same-commit/56039163#56039163
|
||||
# shellcheck disable=SC2034
|
||||
NEXT_RELEASE="$(echo "${LAST_RELEASE}" | awk -F. -v OFS=. '{$NF += 1 ; print}')"
|
||||
# shellcheck disable=SC2034
|
||||
BRANCH_NAME_TRUNCATED="$(echo "${CIRCLE_BRANCH}" | cut -c -28 | sed 's/[^a-zA-Z0-9.-]/-/g')" # Kubernetes has a 63 character limit, so ensuring the branch name will be short enough.
|
||||
# shellcheck disable=SC2034
|
||||
COMMIT_SHA1_TRUNCATED="$(echo "${CIRCLE_SHA1}" | cut -c -7)"
|
||||
+1
-1102
File diff suppressed because it is too large
Load Diff
@@ -1,25 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -eo pipefail
|
||||
|
||||
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
||||
# shellcheck disable=SC1090,SC1091
|
||||
source "${SCRIPT_DIR}/common.sh"
|
||||
|
||||
if [[ "${CIRCLE_TAG}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
|
||||
echo "${CIRCLE_TAG}"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [[ "${CIRCLE_BRANCH}" == "main" ]]; then
|
||||
echo "${NEXT_RELEASE}-alpha.${CIRCLE_BUILD_NUM}"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# if branch name truncated contains an underscore, we should exit
|
||||
if [[ "${BRANCH_NAME_TRUNCATED}" =~ "_" ]]; then
|
||||
echo "Branch name contains an underscore, exiting"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "${NEXT_RELEASE}-branch.${BRANCH_NAME_TRUNCATED}.${CIRCLE_BUILD_NUM}-${COMMIT_SHA1_TRUNCATED}"
|
||||
exit 0
|
||||
@@ -1,32 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# acknowledgements: https://github.com/vitalinfo/circleci-cancel-draft
|
||||
|
||||
set -euf -o pipefail
|
||||
|
||||
if [[ -z "${CIRCLE_PULL_REQUEST}" ]]; then
|
||||
echo "FALSE"
|
||||
fi
|
||||
|
||||
if [[ -z "${GITHUB_TOKEN}" ]]; then
|
||||
echo "GITHUB_TOKEN is not set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
PR_NUMBER="${CIRCLE_PULL_REQUEST//[!0-9]/}"
|
||||
RESPONSE=$(curl --silent \
|
||||
-H "Authorization: token ${GITHUB_TOKEN}" \
|
||||
-H "Accept: application/vnd.github.v3+json" \
|
||||
"https://api.github.com/repos/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}/pulls/${PR_NUMBER}"
|
||||
)
|
||||
|
||||
DRAFT=$(echo "${RESPONSE}" | jq ".draft")
|
||||
DRAFT_LABEL=$(echo "${RESPONSE}" | jq ".labels | map(select(.name | test(\"Draft\"))) | .[]")
|
||||
|
||||
if [[ ${DRAFT} == 'true' || ${DRAFT_LABEL} ]]; then
|
||||
echo "TRUE"
|
||||
else
|
||||
echo "FALSE"
|
||||
fi
|
||||
|
||||
exit 0
|
||||
@@ -1,43 +0,0 @@
|
||||
{
|
||||
"main": {
|
||||
"postgres": {
|
||||
"connectionUri": "postgresql://speckle:speckle@127.0.0.1:5432/speckle2_test"
|
||||
},
|
||||
"blobStorage": {
|
||||
"accessKey": "minioadmin",
|
||||
"secretKey": "minioadmin",
|
||||
"bucket": "speckle-server",
|
||||
"createBucketIfNotExists": true,
|
||||
"endpoint": "http://127.0.0.1:9000",
|
||||
"s3Region": "us-east-1"
|
||||
}
|
||||
},
|
||||
"regions": {
|
||||
"region1": {
|
||||
"postgres": {
|
||||
"connectionUri": "postgresql://speckle:speckle@127.0.0.1:5433/speckle2_test"
|
||||
},
|
||||
"blobStorage": {
|
||||
"accessKey": "minioadmin",
|
||||
"secretKey": "minioadmin",
|
||||
"bucket": "speckle-server",
|
||||
"createBucketIfNotExists": true,
|
||||
"endpoint": "http://127.0.0.1:9020",
|
||||
"s3Region": "us-east-1"
|
||||
}
|
||||
},
|
||||
"region2": {
|
||||
"postgres": {
|
||||
"connectionUri": "postgresql://speckle:speckle@127.0.0.1:5434/speckle2_test"
|
||||
},
|
||||
"blobStorage": {
|
||||
"accessKey": "minioadmin",
|
||||
"secretKey": "minioadmin",
|
||||
"bucket": "speckle-server",
|
||||
"createBucketIfNotExists": true,
|
||||
"endpoint": "http://127.0.0.1:9040",
|
||||
"s3Region": "us-east-1"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,33 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
set -eo pipefail
|
||||
|
||||
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
||||
# shellcheck disable=SC1090,SC1091
|
||||
source "${SCRIPT_DIR}/common.sh"
|
||||
|
||||
echo "Starting tagging & publishing of image: ${DOCKER_IMAGE_TAG}:${IMAGE_VERSION_TAG}"
|
||||
|
||||
echo "🐳 Logging into Docker"
|
||||
echo "${DOCKER_REG_PASS}" | docker login -u "${DOCKER_REG_USER}" --password-stdin "${DOCKER_REG_URL}"
|
||||
|
||||
echo "⏬ Pulling image: '${DOCKER_IMAGE_TAG}:${IMAGE_VERSION_TAG}'"
|
||||
docker pull "${DOCKER_IMAGE_TAG}:${IMAGE_VERSION_TAG}"
|
||||
|
||||
if [[ "${IMAGE_VERSION_TAG}" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-alpha\.[0-9]+)?$ ]]; then
|
||||
echo "🏷 Tagging and pushing image as '${DOCKER_IMAGE_TAG}:latest'"
|
||||
docker tag "${DOCKER_IMAGE_TAG}:${IMAGE_VERSION_TAG}" "${DOCKER_IMAGE_TAG}:latest"
|
||||
docker push "${DOCKER_IMAGE_TAG}:latest"
|
||||
|
||||
if [[ "${IMAGE_VERSION_TAG}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
|
||||
echo "🏷 Tagging and pushing image as '${DOCKER_IMAGE_TAG}:2'"
|
||||
docker tag "${DOCKER_IMAGE_TAG}:${IMAGE_VERSION_TAG}" "${DOCKER_IMAGE_TAG}:2"
|
||||
docker push "${DOCKER_IMAGE_TAG}:2"
|
||||
fi
|
||||
else
|
||||
BRANCH_TAG="${BRANCH_NAME_TRUNCATED}"
|
||||
echo "🏷 Tagging and pushing image as '${DOCKER_IMAGE_TAG}:${BRANCH_TAG}'"
|
||||
docker tag "${DOCKER_IMAGE_TAG}:${IMAGE_VERSION_TAG}" "${DOCKER_IMAGE_TAG}:${BRANCH_TAG}"
|
||||
docker push "${DOCKER_IMAGE_TAG}:${BRANCH_TAG}"
|
||||
fi
|
||||
|
||||
echo "✅ Publishing completed."
|
||||
@@ -1,11 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
set -eo pipefail
|
||||
|
||||
GIT_ROOT="$(git rev-parse --show-toplevel)"
|
||||
|
||||
CLOUDFLARE_PAGES_PROJECT_NAME="${CLOUDFLARE_PAGES_PROJECT_NAME:-"viewer"}"
|
||||
VIEWER_SANDBOX_DIR_PATH="${VIEWER_SANDBOX_DIR_PATH:-"packages/viewer-sandbox"}"
|
||||
|
||||
pushd "${GIT_ROOT}/${VIEWER_SANDBOX_DIR_PATH}"
|
||||
yarn wrangler pages deploy "${GIT_ROOT}/${VIEWER_SANDBOX_DIR_PATH}/dist" --project-name="${CLOUDFLARE_PAGES_PROJECT_NAME}"
|
||||
popd
|
||||
@@ -1,47 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -eo pipefail
|
||||
|
||||
GIT_REPO=$( pwd )
|
||||
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
||||
# shellcheck disable=SC1090,SC1091
|
||||
source "${SCRIPT_DIR}/common.sh"
|
||||
|
||||
RELEASE_VERSION="${IMAGE_VERSION_TAG}"
|
||||
HELM_STABLE_BRANCH="${HELM_STABLE_BRANCH:-"main"}"
|
||||
|
||||
echo "Releasing Helm Chart version ${RELEASE_VERSION}"
|
||||
|
||||
git clone git@github.com:specklesystems/helm.git "${HOME}/helm"
|
||||
|
||||
yq e -i ".version = \"${RELEASE_VERSION}\"" "${GIT_REPO}/utils/helm/speckle-server/Chart.yaml"
|
||||
yq e -i ".appVersion = \"${RELEASE_VERSION}\"" "${GIT_REPO}/utils/helm/speckle-server/Chart.yaml"
|
||||
yq e -i ".docker_image_tag = \"${RELEASE_VERSION}\"" "${GIT_REPO}/utils/helm/speckle-server/values.yaml"
|
||||
|
||||
if [[ -n "${CIRCLE_TAG}" || "${CIRCLE_BRANCH}" == "${HELM_STABLE_BRANCH}" ]]; then
|
||||
# before overwriting the chart with the build version, check if the current chart version
|
||||
# is not newer than the currently build one
|
||||
|
||||
CURRENT_VERSION="$(grep ^version "${HOME}/helm/charts/speckle-server/Chart.yaml" | grep -o '2\..*')"
|
||||
echo "${CURRENT_VERSION}"
|
||||
|
||||
.circleci/check_version.py "${CURRENT_VERSION}" "${RELEASE_VERSION}"
|
||||
if [ $? -eq 1 ]
|
||||
then
|
||||
echo "The current helm chart version '${CURRENT_VERSION}' is newer than the version '${RELEASE_VERSION}' we are attempting to publish. Exiting"
|
||||
exit 1
|
||||
fi
|
||||
rm -rf "${HOME}/helm/charts/speckle-server"
|
||||
cp -r "${GIT_REPO}/utils/helm/speckle-server" "${HOME}/helm/charts/speckle-server"
|
||||
else
|
||||
# overwrite the name of the chart
|
||||
yq e -i ".name = \"speckle-server-branch-${BRANCH_NAME_TRUNCATED}\"" "${GIT_REPO}/utils/helm/speckle-server/Chart.yaml"
|
||||
rm -rf "${HOME}/helm/charts/speckle-server-branch-${BRANCH_NAME_TRUNCATED}"
|
||||
cp -r "${GIT_REPO}/utils/helm/speckle-server" "${HOME}/helm/charts/speckle-server-branch-${BRANCH_NAME_TRUNCATED}"
|
||||
fi
|
||||
|
||||
cd ~/helm
|
||||
|
||||
git add .
|
||||
git -c user.email="devops+circleci@speckle.systems" -c user.name="CI" commit -m "CircleCI commit for version '${RELEASE_VERSION}'"
|
||||
git push
|
||||
@@ -1,35 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -eo pipefail
|
||||
|
||||
if [[ -z "${IMAGE_VERSION_TAG}" ]]; then
|
||||
echo "IMAGE_VERSION_TAG is not set"
|
||||
exit 1
|
||||
fi
|
||||
if [[ -z "${DOCKER_REG_USER}" ]]; then
|
||||
echo "DOCKER_REG_USER is not set"
|
||||
exit 1
|
||||
fi
|
||||
if [[ -z "${DOCKER_REG_PASS}" ]]; then
|
||||
echo "DOCKER_REG_PASS is not set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
GIT_REPO=$( pwd )
|
||||
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
||||
# shellcheck disable=SC1090,SC1091
|
||||
source "${SCRIPT_DIR}/common.sh"
|
||||
|
||||
RELEASE_VERSION="${IMAGE_VERSION_TAG}-chart"
|
||||
HELM_STABLE_BRANCH="${HELM_STABLE_BRANCH:-"main"}"
|
||||
DOCKER_HELM_REG_URL="${DOCKER_HELM_REG_URL:-"registry-1.docker.io"}"
|
||||
DOCKER_HELM_REG_ORG="${DOCKER_HELM_REG_ORG:-"speckle"}"
|
||||
CHART_NAME="${CHART_NAME:-"speckle-server"}"
|
||||
|
||||
echo "Releasing Helm Chart version ${RELEASE_VERSION} for application version ${IMAGE_VERSION_TAG}"
|
||||
|
||||
yq e -i ".docker_image_tag = \"${IMAGE_VERSION_TAG}\"" "${GIT_REPO}/utils/helm/speckle-server/values.yaml"
|
||||
|
||||
echo "${DOCKER_REG_PASS}" | helm registry login "${DOCKER_HELM_REG_URL}" --username "${DOCKER_REG_USER}" --password-stdin
|
||||
helm package "${GIT_REPO}/utils/helm/speckle-server" --version "${RELEASE_VERSION}" --app-version "${IMAGE_VERSION_TAG}" --destination "/tmp"
|
||||
helm push "/tmp/${CHART_NAME}-${RELEASE_VERSION}.tgz" "oci://${DOCKER_HELM_REG_URL}/${DOCKER_HELM_REG_ORG}"
|
||||
Reference in New Issue
Block a user