2019-08-10 21:29:25 +00:00
// This file contains the logic for building our CI for Drone. The idea here is
// that we create a pipeline for all of the major tasks we need to perform
// (e.g. builds, E2E testing, conformance testing, releases). Each pipeline
// after the default builds on a previous pipeline.
2019-08-09 03:45:13 +00:00
local build_container = " a u t o n o m y / b u i l d - c o n t a i n e r : l a t e s t " ;
2019-08-10 21:29:25 +00:00
local volumes = {
dockersock : {
pipeline : {
name : " d o c k e r s o c k " ,
temp : { } ,
} ,
step : {
name : $ . dockersock . pipeline . name ,
path : " / v a r / r u n " ,
} ,
2019-08-09 03:45:13 +00:00
} ,
2019-08-10 21:29:25 +00:00
dev : {
pipeline : {
name : " d e v " ,
host : {
path : " / d e v "
} ,
} ,
step : {
name : $ . dev . pipeline . name ,
path : " / d e v " ,
} ,
2019-08-09 03:45:13 +00:00
} ,
2019-08-10 21:29:25 +00:00
tmp : {
pipeline : {
name : " t m p " ,
temp : { } ,
} ,
step : {
name : $ . tmp . pipeline . name ,
path : " / t m p " ,
} ,
2019-08-09 03:45:13 +00:00
} ,
2019-08-10 21:29:25 +00:00
ForStep ( ) : [
self . dockersock . step ,
self . dev . step ,
self . tmp . step ,
] ,
ForPipeline ( ) : [
self . dockersock . pipeline ,
self . dev . pipeline ,
self . tmp . pipeline ,
] ,
} ;
2019-08-09 03:45:13 +00:00
2019-08-10 21:29:25 +00:00
// This step provides our cloning logic. It is a workaround for a limitation in
// the way promotions work in drone. Promotions are assumed to be against
// the master branch, causing improper clones when promoting a pull request.
2019-08-09 03:45:13 +00:00
local clone = {
name : " c l o n e " ,
image : build_container ,
commands : [
2019-08-10 21:29:25 +00:00
" g i t c o n f i g - - g l o b a l u s e r . e m a i l t a l o s @ t a l o s . d e v " ,
" g i t c o n f i g - - g l o b a l u s e r . n a m e t a l o s " ,
2019-08-10 05:37:37 +00:00
" g i t i n i t " ,
2019-08-10 06:02:15 +00:00
" g i t r e m o t e a d d o r i g i n $ { D R O N E _ R E M O T E _ U R L } " ,
" g i t f e t c h o r i g i n + r e f s / h e a d s / $ { D R O N E _ C O M M I T _ B R A N C H } : " ,
" g i t c h e c k o u t $ { D R O N E _ C O M M I T _ B R A N C H } " ,
" g i t f e t c h o r i g i n $ { D R O N E _ C O M M I T _ R E F } : " ,
" g i t m e r g e $ { D R O N E _ C O M M I T _ S H A } " ,
2019-08-09 03:45:13 +00:00
" g i t f e t c h - - t a g s " ,
] ,
when : {
event : {
exclude : [ " " ] ,
} ,
} ,
} ;
2019-08-10 21:29:25 +00:00
// This provides the docker service.
2019-08-09 03:45:13 +00:00
local docker = {
name : " d o c k e r " ,
2019-08-10 21:29:25 +00:00
image : " d o c k e r : 1 9 . 0 3 - d i n d " ,
2019-08-09 03:45:13 +00:00
entrypoint : [ " d o c k e r d " ] ,
privileged : true ,
command : [
" - - d n s = 8 . 8 . 8 . 8 " ,
" - - d n s = 8 . 8 . 4 . 4 " ,
" - - m t u = 1 4 4 0 " ,
" - - l o g - l e v e l = e r r o r " ,
] ,
2019-08-10 21:29:25 +00:00
volumes : volumes . ForStep ( ) ,
2019-08-09 03:45:13 +00:00
} ;
2019-08-10 21:29:25 +00:00
// This step is used only when `drone exec` is executed.
2019-08-09 03:45:13 +00:00
local buildkit = {
name : " b u i l d k i t " ,
image : " m o b y / b u i l d k i t : v 0 . 6 . 0 " ,
privileged : true ,
detach : true ,
commands : [ " b u i l d k i t d - - a d d r t c p : / / 0 . 0 . 0 . 0 : 1 2 3 4 - - a l l o w - i n s e c u r e - e n t i t l e m e n t s e c u r i t y . i n s e c u r e " ] ,
when : {
event : {
include : [ " " ] ,
} ,
} ,
} ;
2019-08-10 21:29:25 +00:00
// Step standardizes the creation of build steps. The name of the step is used
// as the target when building the make command. For example, if name equals
// "test", the resulting step command will be "make test". This is done to
// encourage alignment between this file and the Makefile, and gives us a
// standardized structure that should make things easier to reason about if we
// know that each step is essentially a Makefile target.
local Step ( name , target = " " , depends_on = [ clone ] , environment = { } ) = {
local make = if target = = " " then std.format ( " m a k e % s " , name ) else std.format ( " m a k e % s " , target ) ,
local common_env_vars = {
BUILDKIT_HOST : " $ { B U I L D K I T _ H O S T = t c p : / / b u i l d k i t d . c i . s v c : 1 2 3 4 } " ,
BINDIR : " / u s r / l o c a l / b i n " ,
} ,
2019-08-09 03:45:13 +00:00
2019-08-10 21:29:25 +00:00
name : name ,
2019-08-09 03:45:13 +00:00
image : build_container ,
2019-08-10 21:29:25 +00:00
commands : [ make ] ,
environment : common_env_vars + environment ,
volumes : volumes . ForStep ( ) ,
2019-08-09 03:45:13 +00:00
depends_on : [ x . name for x in depends_on ] ,
} ;
2019-08-10 21:29:25 +00:00
// Pipeline is a way to standardize the creation of pipelines. It supports
// using and existing pipeline as a base.
local Pipeline ( name , steps = [ ] , depends_on = [ ] , with_clone = true , with_buildkit = false , with_docker = true ) = {
local node = { " node-role.kubernetes.io/ci" : " " } ,
2019-08-09 03:45:13 +00:00
kind : " p i p e l i n e " ,
name : name ,
clone : {
disable : true ,
} ,
2019-08-10 21:29:25 +00:00
node : node ,
services : [
if with_docker then docker ,
if with_buildkit then buildkit ,
] ,
steps : [ if with_clone then clone ] + steps ,
volumes : volumes . ForPipeline ( ) ,
depends_on : [ x . name for x in depends_on ] ,
2019-08-09 03:45:13 +00:00
} ;
2019-08-10 21:29:25 +00:00
// Default pipeline.
local machined = Step ( " m a c h i n e d " ) ;
local osd = Step ( " o s d " ) ;
local trustd = Step ( " t r u s t d " ) ;
local proxyd = Step ( " p r o x y d " ) ;
local ntpd = Step ( " n t p d " ) ;
local osctl_linux = Step ( " o s c t l - l i n u x " ) ;
local osctl_darwin = Step ( " o s c t l - d a r w i n " ) ;
local rootfs = Step ( " r o o t f s " , depends_on = [ machined , osd , trustd , proxyd , ntpd ] ) ;
local initramfs = Step ( " i n i t r a m f s " , depends_on = [ rootfs ] ) ;
local installer = Step ( " i n s t a l l e r " , depends_on = [ rootfs ] ) ;
local container = Step ( " c o n t a i n e r " , depends_on = [ rootfs ] ) ;
local lint = Step ( " l i n t " ) ;
2019-08-11 17:29:45 +00:00
local image_test = Step ( " i m a g e - t e s t " , depends_on = [ installer ] ) ;
2019-08-10 21:29:25 +00:00
local unit_tests = Step ( " u n i t - t e s t s " , depends_on = [ rootfs ] ) ;
local unit_tests_race = Step ( " u n i t - t e s t s - r a c e " , depends_on = [ unit_tests ] ) ;
local basic_integration = Step ( " b a s i c - i n t e g r a t i o n " , depends_on = [ container , osctl_linux ] ) ;
2019-08-09 03:45:13 +00:00
local coverage = {
name : " c o v e r a g e " ,
image : " p l u g i n s / c o d e c o v " ,
settings : {
token : { from_secret : " c o d e c o v _ t o k e n " } ,
files : [ " c o v e r a g e . t x t " ] ,
} ,
2019-08-10 21:29:25 +00:00
when : {
2019-08-09 03:45:13 +00:00
event : [ " p u l l _ r e q u e s t " ] ,
} ,
depends_on : [ unit_tests . name ] ,
} ;
local push = {
name : " p u s h " ,
image : " a u t o n o m y / b u i l d - c o n t a i n e r : l a t e s t " ,
pull : " a l w a y s " ,
environment : {
DOCKER_USERNAME : { from_secret : " d o c k e r _ u s e r n a m e " } ,
DOCKER_PASSWORD : { from_secret : " d o c k e r _ p a s s w o r d " } ,
} ,
commands : [ " m a k e g i t m e t a " , " m a k e l o g i n " , " m a k e p u s h " ] ,
2019-08-10 21:29:25 +00:00
volumes : volumes . ForStep ( ) ,
2019-08-09 03:45:13 +00:00
when : {
2019-08-12 18:28:42 +00:00
event : {
include : [ " p u s h " ] ,
exclude : [ " p r o m o t e " ] ,
} ,
2019-08-09 03:45:13 +00:00
} ,
2019-08-10 06:18:15 +00:00
depends_on : [ basic_integration . name ] ,
2019-08-09 03:45:13 +00:00
} ;
2019-08-10 21:29:25 +00:00
local default_steps = [
machined ,
osd ,
trustd ,
proxyd ,
ntpd ,
osctl_linux ,
osctl_darwin ,
2019-08-09 03:45:13 +00:00
rootfs ,
initramfs ,
2019-08-10 21:29:25 +00:00
installer ,
2019-08-11 17:29:45 +00:00
container ,
2019-08-09 03:45:13 +00:00
lint ,
2019-08-11 17:29:45 +00:00
image_test ,
2019-08-09 03:45:13 +00:00
unit_tests ,
2019-08-10 21:29:25 +00:00
// unit_tests_race,
2019-08-09 03:45:13 +00:00
coverage ,
basic_integration ,
push ,
] ;
local default_trigger = {
trigger : {
cron : {
exclude : [ " n i g h t l y " ]
} ,
2019-08-12 18:28:42 +00:00
event : {
exclude : [ " p r o m o t e " ]
2019-08-09 03:45:13 +00:00
} ,
} ,
} ;
2019-08-10 21:29:25 +00:00
local default_pipeline = Pipeline ( " d e f a u l t " , default_steps ) + default_trigger ;
// E2E pipeline.
local creds_env_vars = {
AZURE_SVC_ACCT : { from_secret : " a z u r e _ s v c _ a c c t " } ,
GCE_SVC_ACCT : { from_secret : " g c e _ s v c _ a c c t " } ,
PACKET_AUTH_TOKEN : { from_secret : " p a c k e t _ a u t h _ t o k e n " } ,
2019-08-09 03:45:13 +00:00
} ;
2019-08-11 17:29:45 +00:00
local image_azure = Step ( " i m a g e - a z u r e " , depends_on = [ installer ] ) ;
local image_gce = Step ( " i m a g e - g c e " , depends_on = [ installer ] ) ;
2019-08-10 21:29:25 +00:00
local capi = Step ( " c a p i " , depends_on = [ basic_integration ] , environment = creds_env_vars ) ;
local push_image_azure = Step ( " p u s h - i m a g e - a z u r e " , depends_on = [ image_azure ] , environment = creds_env_vars ) ;
local push_image_gce = Step ( " p u s h - i m a g e - g c e " , depends_on = [ image_gce ] , environment = creds_env_vars ) ;
local e2e_integration_azure = Step ( " e 2 e - i n t e g r a t i o n - a z u r e " , " e 2 e - i n t e g r a t i o n " , depends_on = [ capi , push_image_azure ] , environment = { PLATFORM : " a z u r e " } ) ;
local e2e_integration_gce = Step ( " e 2 e - i n t e g r a t i o n - g c e " , " e 2 e - i n t e g r a t i o n " , depends_on = [ capi , push_image_gce ] , environment = { PLATFORM : " g c e " } ) ;
local e2e_steps = default_steps + [
capi ,
2019-08-11 17:29:45 +00:00
image_azure ,
image_gce ,
2019-08-10 21:29:25 +00:00
push_image_azure ,
push_image_gce ,
e2e_integration_azure ,
e2e_integration_gce ,
] ;
2019-08-09 03:45:13 +00:00
local e2e_trigger = {
trigger : {
target : {
include : [ " e 2 e " ]
} ,
} ,
} ;
2019-08-10 21:29:25 +00:00
local e2e_pipeline = Pipeline ( " e 2 e " , e2e_steps ) + e2e_trigger ;
// Conformance pipeline.
local conformance_azure = Step ( " c o n f o r m a n c e - a z u r e " , " e 2 e - i n t e g r a t i o n " , depends_on = [ capi , push_image_azure ] , environment = { PLATFORM : " a z u r e " , CONFORMANCE : " r u n " } ) ;
local conformance_gce = Step ( " c o n f o r m a n c e - g c e " , " e 2 e - i n t e g r a t i o n " , depends_on = [ capi , push_image_gce ] , environment = { PLATFORM : " g c e " , CONFORMANCE : " r u n " } ) ;
local conformance_steps = default_steps + [
2019-08-11 17:52:20 +00:00
capi ,
2019-08-11 17:29:45 +00:00
image_azure ,
image_gce ,
2019-08-10 21:29:25 +00:00
push_image_azure ,
push_image_gce ,
conformance_azure ,
conformance_gce ,
] ;
2019-08-09 03:45:13 +00:00
local conformance_trigger = {
trigger : {
target : {
include : [ " c o n f o r m a n c e " ]
} ,
} ,
} ;
2019-08-10 21:29:25 +00:00
local conformance_pipeline = Pipeline ( " c o n f o r m a n c e " , conformance_steps ) + conformance_trigger ;
// Nightly pipeline.
local nightly_trigger = {
trigger : {
cron : {
include : [ " n i g h t l y " ]
} ,
} ,
} ;
local nightly_pipeline = Pipeline ( " n i g h t l y " , conformance_steps ) + nightly_trigger ;
// Release pipeline.
2019-08-11 16:54:33 +00:00
local aws_env_vars = {
AWS_ACCESS_KEY_ID : { from_secret : " a w s _ a c c e s s _ k e y _ i d " } ,
AWS_SECRET_ACCESS_KEY : { from_secret : " a w s _ s e c r e t _ a c c e s s _ k e y " } ,
AWS_DEFAULT_REGION : " u s - w e s t - 2 " ,
AWS_PUBLISH_REGIONS : " u s - w e s t - 2 , u s - e a s t - 1 , u s - e a s t - 2 , u s - w e s t - 1 , e u - c e n t r a l - 1 " ,
} ;
local ami_trigger = {
when : {
event : [ " t a g " ] ,
}
} ;
2019-08-11 17:29:45 +00:00
local kernel = Step ( " k e r n e l " ) ;
local iso = Step ( " i s o " , depends_on = [ installer ] ) ;
2019-08-11 16:54:33 +00:00
local image_aws = Step ( " i m a g e - a w s " , depends_on = [ push ] , environment = aws_env_vars ) + ami_trigger ;
2019-08-10 21:29:25 +00:00
// TODO(andrewrynhard): We should run E2E tests on a release.
local release = {
name : " r e l e a s e " ,
image : " p l u g i n s / g i t h u b - r e l e a s e " ,
settings : {
api_key : { from_secret : " g i t h u b _ t o k e n " } ,
draft : true ,
files : [ " b u i l d / * " ] ,
checksum : [ " s h a 2 5 6 " , " s h a 5 1 2 " ] ,
} ,
when : {
event : [ " t a g " ] ,
} ,
2019-08-11 16:54:33 +00:00
depends_on : [ kernel . name , iso . name , image_gce . name , image_azure . name , image_aws . name , push . name ]
2019-08-10 21:29:25 +00:00
} ;
local release_steps = default_steps + [
2019-08-11 17:29:45 +00:00
kernel ,
image_azure ,
image_gce ,
2019-08-11 16:54:33 +00:00
image_aws ,
2019-08-11 17:29:45 +00:00
iso ,
2019-08-11 16:54:33 +00:00
release ,
2019-08-10 21:29:25 +00:00
] ;
2019-08-09 03:45:13 +00:00
local release_trigger = {
trigger : {
2019-08-11 17:52:20 +00:00
event : [
" t a g " ,
] ,
2019-08-09 03:45:13 +00:00
} ,
} ;
2019-08-10 21:29:25 +00:00
local release_pipeline = Pipeline ( " r e l e a s e " , release_steps ) + release_trigger ;
// Notify pipeline.
local notify = {
name : " s l a c k " ,
image : " p l u g i n s / s l a c k " ,
settings :
{
webhook : { from_secret : " s l a c k _ w e b h o o k " } ,
channel : " p r o j - t a l o s - m a i n t " ,
} ,
} ;
local notify_steps = [ notify ] ;
2019-08-09 03:45:13 +00:00
local notify_trigger = {
trigger : {
status : [ " s u c c e s s " , " f a i l u r e " ] ,
} ,
} ;
local notify_depends_on = {
2019-08-10 21:29:25 +00:00
depends_on : [
default_pipeline . name ,
e2e_pipeline . name ,
conformance_pipeline . name ,
nightly_pipeline . name ,
release_pipeline . name ,
] ,
2019-08-09 03:45:13 +00:00
} ;
2019-08-10 21:29:25 +00:00
local notify_pipeline = Pipeline ( " n o t i f y " , notify_steps , [ default_pipeline , e2e_pipeline , conformance_pipeline , nightly_pipeline , release_pipeline ] , false , false , false ) + notify_trigger ;
// Final configuration file definition.
2019-08-09 03:45:13 +00:00
[
default_pipeline ,
e2e_pipeline ,
conformance_pipeline ,
nightly_pipeline ,
release_pipeline ,
notify_pipeline ,
]