diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 00000000..ba0f4868 --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,89 @@ +# The circleCI golang:1.9 docker image doesn't have darwing standard library installed +darwin-linux-no-cgo: &darwin-linux-no-cgo + working_directory: /go/src/github.com/palantir/bouncer + docker: + - image: nmiyake/go:go-darwin-linux-no-cgo-1.9-t112 + environment: + CGO_ENABLED: 0 + +# Shared tasks +define-artifact-dir: &define-artifacts-dir + run: echo "export ARTIFACT_STORE=/tmp/artifacts/${CIRCLE_PROJECT_REPONAME}-${TAG_NAME}-tests" >> $BASH_ENV + +mkdir-artifacts-dir: &mkdir-artifacts-dir + run: mkdir -p "${ARTIFACT_STORE}" + +store-test-results: &store-test-results + type: test-results-store + path: /tmp/artifacts + +store-artifacts: &store-artifacts + type: artifacts-store + path: /tmp/artifacts + +version: 2 +jobs: + build: + <<: *darwin-linux-no-cgo + + steps: + - checkout + - *define-artifacts-dir + - *mkdir-artifacts-dir + + - run: go version + - run: ./godelw version + - run: go install $(./godelw packages) + + - run: ./godelw verify --apply=false --junit-output="${ARTIFACT_STORE}/tests.xml" + - run: ./godelw dist + - run: sha256sum dist/*.tgz + + - save_cache: + key: dist-{{ .Environment.CIRCLE_SHA1 }}-v1 + paths: + - dist + + - *store-test-results + + # Only generate a changelog for master builds, use generated changelog as git release tag message + changelog: + machine: true + + steps: + - checkout + - *define-artifacts-dir + - *mkdir-artifacts-dir + - run: git log `git describe --tags --abbrev=0`..HEAD --pretty="### %s%n%b%n" > /tmp/artifacts/changelog.md + - *store-artifacts + + publish: + <<: *darwin-linux-no-cgo + + steps: + - restore_cache: + keys: + - dist-{{ .Environment.CIRCLE_SHA1 }}-v1 + - run: ./godelw publish bintray --url https://api.bintray.com --subject palantir --repository releases --user "$BINTRAY_USER" --password "$BINTRAY_PASSWORD" --publish --downloads-list bouncer + +workflows: + version: 2 + build-publish: + jobs: + - build + - publish: + requires: + - build + filters: + tags: + only: /.*/ + branches: + ignore: /.*/ + - changelog: + requires: + - build + filters: + tags: + ignore: /.*/ + branches: + only: master diff --git a/bouncerw b/bouncerw new file mode 100755 index 00000000..b3c39671 --- /dev/null +++ b/bouncerw @@ -0,0 +1,59 @@ +#!/usr/bin/env bash + +# If your TF env has multiple simultaneous bouncer invocations, you're in a race condition +# for downloading the binary, so that's why we handle a lockfile +lockfile='.bouncer_download_lock' +fd='200' +lock_timeout='30' + +lock() { + echo "Attempting to lock ${lockfile}" + eval "exec ${fd}>${lockfile}" + + flock -w ${lock_timeout} ${fd} + + if [[ "$?" == "0" ]]; then + echo "Lock acquired" + return 0 + else + echo "Timed-out waiting for lock" + return 1 + fi +} + +unlock() { + echo "Releasing lock on ${lockfile}" + flock -u ${fd} + + if [[ "$?" == "0" ]]; then + echo "Lock released" + return 0 + else + echo "Error releasing log" + return 1 + fi +} + +download() { + if [ "${BOUNCER_VERSION}" == "" ]; then + echo "BOUNCER_VERSION is not set. Looking for the latest bouncer release..." + # Terraform Enterprise environment doesn't have jq, replace with this once it does: + # export BOUNCER_VERSION=$(curl -s "https://api.bintray.com/packages/palantir/releases/bouncer" | jq -r '.latest_version') + export BOUNCER_VERSION=$(curl -s "https://api.bintray.com/packages/palantir/releases/bouncer" | egrep -oh '"latest_version":"\S*?"' | cut -d ':' -f 2 | sed 's/"//g') + fi + echo "Installing bouncer version ${BOUNCER_VERSION}" + #wget -q -O ./bouncer "${BASE_URL}/${BOUNCER_VERSION}/bouncer-${BOUNCER_VERSION}-linux-amd64.tgz!bouncer" + wget -q -O bouncer.tgz https://palantir.bintray.com/releases/com/palantir/bouncer/bouncer/${BOUNCER_VERSION}/bouncer-${BOUNCER_VERSION}.tgz + tar -xzf bouncer.tgz + chmod 755 ./bouncer +} + +lock || exit 1 +if [ ! -f ./bouncer ]; then + download || exit 1 +else + echo "Bouncer already installed, using local copy" +fi +unlock || exit 1 + +./bouncer "$@"