-
Notifications
You must be signed in to change notification settings - Fork 21
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Initial CircleCI and bouncerw config
- Loading branch information
1 parent
15599ca
commit e541c87
Showing
2 changed files
with
148 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,89 @@ | ||
| # The circleCI golang:1.9 docker image doesn't have darwing standard library installed | ||
| darwin-linux-no-cgo: &darwin-linux-no-cgo | ||
| working_directory: /go/src/github.com/palantir/bouncer | ||
| docker: | ||
| - image: nmiyake/go:go-darwin-linux-no-cgo-1.9-t112 | ||
| environment: | ||
| CGO_ENABLED: 0 | ||
|
|
||
| # Shared tasks | ||
| define-artifact-dir: &define-artifacts-dir | ||
| run: echo "export ARTIFACT_STORE=/tmp/artifacts/${CIRCLE_PROJECT_REPONAME}-${TAG_NAME}-tests" >> $BASH_ENV | ||
|
|
||
| mkdir-artifacts-dir: &mkdir-artifacts-dir | ||
| run: mkdir -p "${ARTIFACT_STORE}" | ||
|
|
||
| store-test-results: &store-test-results | ||
| type: test-results-store | ||
| path: /tmp/artifacts | ||
|
|
||
| store-artifacts: &store-artifacts | ||
| type: artifacts-store | ||
| path: /tmp/artifacts | ||
|
|
||
| version: 2 | ||
| jobs: | ||
| build: | ||
| <<: *darwin-linux-no-cgo | ||
|
|
||
| steps: | ||
| - checkout | ||
| - *define-artifacts-dir | ||
| - *mkdir-artifacts-dir | ||
|
|
||
| - run: go version | ||
| - run: ./godelw version | ||
| - run: go install $(./godelw packages) | ||
|
|
||
| - run: ./godelw verify --apply=false --junit-output="${ARTIFACT_STORE}/tests.xml" | ||
| - run: ./godelw dist | ||
| - run: sha256sum dist/*.tgz | ||
|
|
||
| - save_cache: | ||
| key: dist-{{ .Environment.CIRCLE_SHA1 }}-v1 | ||
| paths: | ||
| - dist | ||
|
|
||
| - *store-test-results | ||
|
|
||
| # Only generate a changelog for master builds, use generated changelog as git release tag message | ||
| changelog: | ||
| machine: true | ||
|
|
||
| steps: | ||
| - checkout | ||
| - *define-artifacts-dir | ||
| - *mkdir-artifacts-dir | ||
| - run: git log `git describe --tags --abbrev=0`..HEAD --pretty="### %s%n%b%n" > /tmp/artifacts/changelog.md | ||
| - *store-artifacts | ||
|
|
||
| publish: | ||
| <<: *darwin-linux-no-cgo | ||
|
|
||
| steps: | ||
| - restore_cache: | ||
| keys: | ||
| - dist-{{ .Environment.CIRCLE_SHA1 }}-v1 | ||
| - run: ./godelw publish bintray --url https://api.bintray.com --subject palantir --repository releases --user "$BINTRAY_USER" --password "$BINTRAY_PASSWORD" --publish --downloads-list bouncer | ||
|
|
||
| workflows: | ||
| version: 2 | ||
| build-publish: | ||
| jobs: | ||
| - build | ||
| - publish: | ||
| requires: | ||
| - build | ||
| filters: | ||
| tags: | ||
| only: /.*/ | ||
| branches: | ||
| ignore: /.*/ | ||
| - changelog: | ||
| requires: | ||
| - build | ||
| filters: | ||
| tags: | ||
| ignore: /.*/ | ||
| branches: | ||
| only: master |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| #!/usr/bin/env bash | ||
|
|
||
| # If your TF env has multiple simultaneous bouncer invocations, you're in a race condition | ||
| # for downloading the binary, so that's why we handle a lockfile | ||
| lockfile='.bouncer_download_lock' | ||
| fd='200' | ||
| lock_timeout='30' | ||
|
|
||
| lock() { | ||
| echo "Attempting to lock ${lockfile}" | ||
| eval "exec ${fd}>${lockfile}" | ||
|
|
||
| flock -w ${lock_timeout} ${fd} | ||
|
|
||
| if [[ "$?" == "0" ]]; then | ||
| echo "Lock acquired" | ||
| return 0 | ||
| else | ||
| echo "Timed-out waiting for lock" | ||
| return 1 | ||
| fi | ||
| } | ||
|
|
||
| unlock() { | ||
| echo "Releasing lock on ${lockfile}" | ||
| flock -u ${fd} | ||
|
|
||
| if [[ "$?" == "0" ]]; then | ||
| echo "Lock released" | ||
| return 0 | ||
| else | ||
| echo "Error releasing log" | ||
| return 1 | ||
| fi | ||
| } | ||
|
|
||
| download() { | ||
| if [ "${BOUNCER_VERSION}" == "" ]; then | ||
| echo "BOUNCER_VERSION is not set. Looking for the latest bouncer release..." | ||
| # Terraform Enterprise environment doesn't have jq, replace with this once it does: | ||
| # export BOUNCER_VERSION=$(curl -s "https://api.bintray.com/packages/palantir/releases/bouncer" | jq -r '.latest_version') | ||
| export BOUNCER_VERSION=$(curl -s "https://api.bintray.com/packages/palantir/releases/bouncer" | egrep -oh '"latest_version":"\S*?"' | cut -d ':' -f 2 | sed 's/"//g') | ||
| fi | ||
| echo "Installing bouncer version ${BOUNCER_VERSION}" | ||
| #wget -q -O ./bouncer "${BASE_URL}/${BOUNCER_VERSION}/bouncer-${BOUNCER_VERSION}-linux-amd64.tgz!bouncer" | ||
| wget -q -O bouncer.tgz https://palantir.bintray.com/releases/com/palantir/bouncer/bouncer/${BOUNCER_VERSION}/bouncer-${BOUNCER_VERSION}.tgz | ||
| tar -xzf bouncer.tgz | ||
| chmod 755 ./bouncer | ||
| } | ||
|
|
||
| lock || exit 1 | ||
| if [ ! -f ./bouncer ]; then | ||
| download || exit 1 | ||
| else | ||
| echo "Bouncer already installed, using local copy" | ||
| fi | ||
| unlock || exit 1 | ||
|
|
||
| ./bouncer "$@" |