-
Notifications
You must be signed in to change notification settings - Fork 38
/
.one-pipeline.yaml
139 lines (112 loc) · 3.69 KB
/
.one-pipeline.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
version: "1"
setup:
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3.12
script: |
#!/usr/bin/env bash
echo $STAGE
git clone --single-branch --branch $(get_env common-operators-branch) https://$(get_env git-token)@github.ibm.com/websphere/operators.git
./operators/scripts/pipeline/code-setup-stage.sh
detect-secrets:
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3.12
abort_on_failure: false
image_pull_policy: IfNotPresent
skip: true
script: |
#!/usr/bin/env bash
echo $STAGE
echo "Skipping detect-secrets as it's already run as part of code-compliance-checks"
exit 0
test:
dind: true
abort_on_failure: true
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3.12
script: |
#!/usr/bin/env bash
echo $STAGE
./operators/scripts/pipeline/unit-test-stage.sh
static-scan:
dind: true
abort_on_failure: false
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3.12
script: |
#!/usr/bin/env bash
echo $STAGE
./operators/scripts/pipeline/static-scan-stage.sh
compliance-checks:
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3.3
dind: true
abort_on_failure: false
image_pull_policy: IfNotPresent
sources:
- repo: https://github.ibm.com/open-toolchain/compliance-commons.git
sha: 38149a3644798c0b5679e6d8cdf999ce7f6e5142
path: cra
- repo: https://github.ibm.com/open-toolchain/compliance-commons.git
sha: 56cb780f891167b93b95d6f477ad7dce79f3df16
path: doi
- repo: https://github.ibm.com/open-toolchain/compliance-commons.git
sha: 7815b2273f9721d6edbdaf9bddb18e44d070b238
path: detect-secrets
- repo: https://github.ibm.com/open-toolchain/compliance-commons.git
sha: 38149a3644798c0b5679e6d8cdf999ce7f6e5142
path: compliance-checks
- repo: https://github.ibm.com/open-toolchain/compliance-commons.git
sha: 3e927695cfdb4f1bb8b25697ae67a10983de9a8c
path: mend
script: |
#!/usr/bin/env bash
echo $STAGE
./operators/scripts/pipeline/compliance-checks-stage.sh
containerize:
dind: true
abort_on_failure: true
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3.12
script: |
#!/usr/bin/env bash
echo $STAGE
# instruct bash to exit if any command fails
set -e
./operators/scripts/pipeline/containerize-stage.sh
sign-artifact:
abort_on_failure: false
image: icr.io/continuous-delivery/pipeline/image-signing:1.0.0@sha256:e9d8e354668ba3d40be2aaee08298d2aa7f0e1c8a1829cca4094ec93830e3e6a
script: |
#!/usr/bin/env bash
echo $STAGE
./operators/scripts/pipeline/sign-artifact-stage.sh
deploy:
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3.12
script: |
#!/usr/bin/env bash
echo $STAGE
echo "Skipping deploy as it's already run as part of acceptance-test"
exit 0
dynamic-scan:
abort_on_failure: false
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3.12
script: |
#!/usr/bin/env bash
echo $STAGE
./operators/scripts/pipeline/dynamic-scan-stage.sh
acceptance-test:
dind: true
abort_on_failure: true
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3.12
script: |
#!/usr/bin/env bash
echo $STAGE
./operators/scripts/pipeline/acceptance-test-stage.sh
scan-artifact:
abort_on_failure: false
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3.12
script: |
#!/usr/bin/env bash
echo $STAGE
./operators/scripts/pipeline/scan-artifact-stage.sh
release:
abort_on_failure: false
image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3.12
script: |
#!/usr/bin/env bash
echo $STAGE
./operators/scripts/pipeline/release-stage.sh