diff --git a/.circleci/config.yml b/.circleci/config.yml index 0ae64508f9..2d8d631580 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -3,6 +3,178 @@ version: 2.1 # this allows to use CircleCI's dynamic configuration feature setup: true +executors: + base-cimg-executor: + docker: + - image: cimg/base:2021.07 + ubuntu-go-executor: + docker: + - image: cimg/go:1.19 + +# TODO: Sync this with continue-workflows.yml +commands: + asdf_install: + description: "Install tools using ASDF" + parameters: + tools: + type: string + description: + "Newline separated list of tools to install. If empty, will install + everything." + default: "" + cache_name: + type: string + description: "Name of asdf cache" + default: "default" + steps: + - run: + name: Install ASDF + command: | + git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch v0.10.2 + printf '\nsource "${HOME}/.asdf/asdf.sh"\n' >> "${BASH_ENV}" + date +%m > ~/month + date +%d > ~/day + # We need to restore ASDF cache after installing, otherwise we will try to clone it to non-empty dir + - restore_cache: + name: Restore ASDF cache + keys: + - aperture-asdf-cache-v7-{{ checksum "~/month" }}-<< parameters.cache_name >>-{{ checksum ".tool-versions" }}-{{ checksum "go.mod" }} + - aperture-asdf-cache-v7-{{ checksum "~/month" }}-<< parameters.cache_name >>- + - run: + name: Install ASDF tools + environment: + TOOLS: << parameters.tools >> + command: .circleci/scripts/asdf_install.sh + asdf_save_cache: + parameters: + cache_name: + type: string + description: "Name of asdf cache" + default: "default" + steps: + - save_cache: + name: Save ASDF cache + key: aperture-asdf-cache-v7-{{ checksum "~/month" }}-<< parameters.cache_name >>-{{ checksum ".tool-versions" }}-{{ checksum "go.mod" }} + paths: + - ~/.asdf + opsninja_install: + steps: + - add_ssh_keys: + fingerprints: + - "8d:43:0f:09:ed:86:44:23:4f:43:88:29:71:bf:92:e7" # fluxninja/cloud R/O + - run: + name: Install opsninja and its dependencies + command: | + # We need R/O access to cloud repository to be able to fetch opsninja library + # FIXME: make "releases" of opsninja library somehow, even as a separate repository + # to limit exposure. + export CLOUD_RO_KEY_FINGERPRINT="8d:43:0f:09:ed:86:44:23:4f:43:88:29:71:bf:92:e7" + export GIT_SSH_COMMAND="ssh -i ~/.ssh/id_rsa_$(echo "${CLOUD_RO_KEY_FINGERPRINT}" | tr -d ':')" + export SSH_AUTH_SOCK="" + # Bust asdf cache as our opsninja version is always 0.0.0 + pip uninstall -y opsninja + pip install 'git+ssh://git@github.com/fluxninja/cloud@main#egg=opsninja&subdirectory=ops/apps/opsninja/' + asdf reshim + +jobs: + release-components: + executor: base-cimg-executor + steps: + - checkout + - asdf_install: + cache_name: release + tools: |- + python + gcloud + - opsninja_install + - run: + name: Schedule release jobs + working_directory: ops/apps/opsninja + command: fn circleci trigger-release --tag << pipeline.git.tag >> + - asdf_save_cache: + cache_name: release + package-agent: + parameters: + executor: + type: executor + description: executor to use for this job + default: ubuntu-go-executor + workspace-name: + type: string + description: the name of the workspace to which built packages should be added + default: packages + goarch: + type: string + description: the GOARCH to use for the build + default: amd64 + executor: <> + environment: + PACKAGES_DIR: "/tmp/packages" + GOARCH: <> + steps: + - checkout + - run: + name: "Set build vars" + command: | + GIT_BRANCH="$(git branch --show-current)" + GIT_COMMIT_HASH="$(git log -n1 --format=%H)" + GOOS="$(go env GOOS)" + VERSION="$(cut -d/ -f3- \<<<"${RELEASE_TAG}")" + if which dpkg; then + PACKAGER=deb + elif which rpm; then + PACKAGER=rpm + elif which apk; then + PACKAGER=apk + else + echo "Unable to determine proper packager for current OS" + exit 1 + fi + + export GIT_BRANCH GIT_COMMIT_HASH GOOS VERSION PACKAGER + declare -p GIT_BRANCH GIT_COMMIT_HASH GOOS VERSION PACKAGER >> "${BASH_ENV}" + environment: + RELEASE_TAG: <> + - run: + name: "Compile agent and plugins" + command: | + SOURCE="./cmd/aperture-agent" TARGET="./dist/aperture-agent" ./pkg/info/build.sh + for plugin_dir in ./plugins/*/aperture-plugin-*; do + plugin="$(basename "${plugin_dir}")" + echo "Building plugin ${plugin}" + SOURCE="${plugin_dir}" TARGET="./dist/plugins/${plugin}.so" ./pkg/plugins/build.sh + done + environment: + CGO_ENABLED: "1" + PREFIX: "aperture" + LDFLAGS: "-s -w" + - run: + name: Install nFPM + command: | + filename="nfpm_amd64.${PACKAGER}" + file="/tmp/${filename}" + curl --silent --show-error --location https://github.com/goreleaser/nfpm/releases/latest/download/${filename} -o "${file}" + case "${PACKAGER}" in + deb) sudo dpkg -i "${file}";; + rpm) sudo rpm -i "${file}";; + apk) sudo apk add --allow-untrusted "${file}";; + *) echo "Unknown packager ${PACKAGER}"; exit 1;; + esac + which nfpm + - run: + name: Package + command: | + mkdir -p dist/packages/ + nfpm package --packager "${PACKAGER}" --target dist/packages/ + ls -l dist/packages/ + helm-release: + executor: base-cimg-executor + steps: + - checkout + - run: + name: "Package and release Helm Chart" + command: .circleci/scripts/helm_release.sh + orbs: path-filtering: circleci/path-filtering@0.1.1 continuation: circleci/continuation@0.3.1 @@ -44,15 +216,33 @@ workflows: - path-filtering/filter: <<: *path_filtering_job base-revision: main - release: + release-components: when: - matches: { value: << pipeline.git.tag >>, pattern: "^releases/.*$" } + matches: { value: << pipeline.git.tag >>, pattern: "^releases/(?!charts).*$" } jobs: - - continuation/continue: - configuration_path: .circleci/releases.yaml - # both this and workflow's "when" is needed + - release-components: + # both this and workflow's when is needed filters: branches: ignore: /.+/ tags: only: /^releases\/.*$/ + - package-agent: + # both this and workflow's when is needed + filters: + branches: + ignore: /.+/ + tags: + only: /^releases\/aperture-agent\/.*$/ + matrix: + parameters: + executor: [ ubuntu-go-executor ] + goarch: [ amd64 ] + helm-release: + when: + matches: { value: << pipeline.git.tag >>, pattern: "^releases/charts/.*/v.*" } + jobs: + - helm-release: + filters: + tags: + only: /^releases/charts/.*/v.*/ diff --git a/.circleci/releases.yaml b/.circleci/releases.yaml deleted file mode 100644 index 923dec6ce7..0000000000 --- a/.circleci/releases.yaml +++ /dev/null @@ -1,215 +0,0 @@ -version: 2.1 - -executors: - base-cimg-executor: - docker: - - image: cimg/base:2021.07 - ubuntu-go-executor: - docker: - - image: cimg/go:1.19 - -# TODO: Sync this with continue-workflows.yml -commands: - asdf_install: - description: "Install tools using ASDF" - parameters: - tools: - type: string - description: - "Newline separated list of tools to install. If empty, will install - everything." - default: "" - cache_name: - type: string - description: "Name of asdf cache" - default: "default" - steps: - - run: - name: Install ASDF - command: | - git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch v0.10.2 - printf '\nsource "${HOME}/.asdf/asdf.sh"\n' >> "${BASH_ENV}" - date +%m > ~/month - date +%d > ~/day - # We need to restore ASDF cache after installing, otherwise we will try to clone it to non-empty dir - - restore_cache: - name: Restore ASDF cache - keys: - - aperture-asdf-cache-v7-{{ checksum "~/month" }}-<< parameters.cache_name >>-{{ checksum ".tool-versions" }}-{{ checksum "go.mod" }} - - aperture-asdf-cache-v7-{{ checksum "~/month" }}-<< parameters.cache_name >>- - - run: - name: Install ASDF tools - environment: - TOOLS: << parameters.tools >> - command: .circleci/scripts/asdf_install.sh - asdf_save_cache: - parameters: - cache_name: - type: string - description: "Name of asdf cache" - default: "default" - steps: - - save_cache: - name: Save ASDF cache - key: aperture-asdf-cache-v7-{{ checksum "~/month" }}-<< parameters.cache_name >>-{{ checksum ".tool-versions" }}-{{ checksum "go.mod" }} - paths: - - ~/.asdf - opsninja_install: - steps: - - add_ssh_keys: - fingerprints: - - "8d:43:0f:09:ed:86:44:23:4f:43:88:29:71:bf:92:e7" # fluxninja/cloud R/O - - run: - name: Install opsninja and its dependencies - command: | - # We need R/O access to cloud repository to be able to fetch opsninja library - # FIXME: make "releases" of opsninja library somehow, even as a separate repository - # to limit exposure. - export CLOUD_RO_KEY_FINGERPRINT="8d:43:0f:09:ed:86:44:23:4f:43:88:29:71:bf:92:e7" - export GIT_SSH_COMMAND="ssh -i ~/.ssh/id_rsa_$(echo "${CLOUD_RO_KEY_FINGERPRINT}" | tr -d ':')" - export SSH_AUTH_SOCK="" - # Bust asdf cache as our opsninja version is always 0.0.0 - pip uninstall -y opsninja - pip install 'git+ssh://git@github.com/fluxninja/cloud@main#egg=opsninja&subdirectory=ops/apps/opsninja/' - asdf reshim - -jobs: - release-components: - executor: base-cimg-executor - steps: - - checkout - - asdf_install: - cache_name: release - tools: |- - python - gcloud - - opsninja_install - - run: - name: Schedule release jobs - working_directory: ops/apps/opsninja - command: fn circleci trigger-release --tag << pipeline.git.tag >> - - asdf_save_cache: - cache_name: release - package-agent: - parameters: - executor: - type: executor - description: executor to use for this job - default: ubuntu-go-executor - workspace-name: - type: string - description: the name of the workspace to which built packages should be added - default: packages - goarch: - type: string - description: the GOARCH to use for the build - default: amd64 - executor: <> - environment: - PACKAGES_DIR: "/tmp/packages" - GOARCH: <> - steps: - - checkout - - run: - name: "Set build vars" - command: | - GIT_BRANCH="$(git branch --show-current)" - GIT_COMMIT_HASH="$(git log -n1 --format=%H)" - GOOS="$(go env GOOS)" - VERSION="$(cut -d/ -f3- \<<<"${RELEASE_TAG}")" - if which dpkg; then - PACKAGER=deb - elif which rpm; then - PACKAGER=rpm - elif which apk; then - PACKAGER=apk - else - echo "Unable to determine proper packager for current OS" - exit 1 - fi - - export GIT_BRANCH GIT_COMMIT_HASH GOOS VERSION PACKAGER - declare -p GIT_BRANCH GIT_COMMIT_HASH GOOS VERSION PACKAGER >> "${BASH_ENV}" - environment: - RELEASE_TAG: <> - - run: - name: "Compile agent and plugins" - command: | - SOURCE="./cmd/aperture-agent" TARGET="./dist/aperture-agent" ./pkg/info/build.sh - for plugin_dir in ./plugins/*/aperture-plugin-*; do - plugin="$(basename "${plugin_dir}")" - echo "Building plugin ${plugin}" - SOURCE="${plugin_dir}" TARGET="./dist/plugins/${plugin}.so" ./pkg/plugins/build.sh - done - environment: - CGO_ENABLED: "1" - PREFIX: "aperture" - LDFLAGS: "-s -w" - - run: - name: Install nFPM - command: | - filename="nfpm_amd64.${PACKAGER}" - file="/tmp/${filename}" - curl --silent --show-error --location https://github.com/goreleaser/nfpm/releases/latest/download/${filename} -o "${file}" - case "${PACKAGER}" in - deb) sudo dpkg -i "${file}";; - rpm) sudo rpm -i "${file}";; - apk) sudo apk add --allow-untrusted "${file}";; - *) echo "Unknown packager ${PACKAGER}"; exit 1;; - esac - which nfpm - - run: - name: Package - command: | - mkdir -p dist/packages/ - nfpm package --packager "${PACKAGER}" --target dist/packages/ - ls -l dist/packages/ - helm-release: - executor: base-cimg-executor - steps: - - checkout - - run: - name: "Package and release Helm Chart" - command: .circleci/scripts/helm_release.sh - - -workflows: - version: 2 - - release-components: - when: - # Ignore agent releases and handle them separately - matches: { value: << pipeline.git.tag >>, pattern: "^releases/(?!aperture-agent).*$" } - jobs: - - release-components: - # both this and workflow's when is needed - filters: - branches: - ignore: /.+/ - tags: - only: /^releases\/.*$/ - release-agent: - when: - matches: { value: << pipeline.git.tag >>, pattern: "^releases/aperture-agent/.*$" } - jobs: - - release-components: &agent-filters - # both this and workflow's when is needed - filters: - branches: - ignore: /.+/ - tags: - only: /^releases\/aperture-agent\/.*$/ - - package-agent: - <<: *agent-filters - matrix: - parameters: - executor: [ ubuntu-go-executor ] - goarch: [ amd64 ] - helm-release: - when: - matches: { value: << pipeline.git.tag >>, pattern: "^releases/charts/*/v*" } - jobs: - - helm-release: - filters: - tags: - only: /^releases/charts/*/v*/