代码拉取完成,页面将自动刷新
---
kind: pipeline
type: kubernetes
name: pr build
trigger:
event:
- pull_request
steps:
- name: short circuit docs changes
image: docker:git
commands:
# If a change is entirely documentation, skip the expensive build & test steps.
# https://discourse.drone.io/t/how-to-exit-a-pipeline-early-without-failing/3951
- ./build.assets/drone/diff-is-all-docs.sh $DRONE_COMMIT_BEFORE..$DRONE_COMMIT_AFTER && exit 78 || exit 0
- name: fetch tags
image: docker:git
commands:
- git fetch --tags
- name: wait for docker
image: docker
commands:
- timeout 15s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- docker version
volumes:
- name: dockersock
path: /var/run
- name: lint
image: docker:git
commands:
- apk add --no-cache make bash libc6-compat
- make -C build.assets golint
volumes:
- name: dockersock
path: /var/run
- name: assume AWS role
image: amazon/aws-cli
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_S3_RO_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_S3_RO_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: AWS_S3_RO_ROLE
volumes:
- name: awsconfig
path: /root/.aws
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
- name: build
image: docker:git
commands:
- apk add --no-cache make bash libc6-compat aws-cli fakeroot
- make -C e production telekube opscenter
- make build-tsh
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
- name: unit test
image: docker:git
commands:
- apk add --no-cache make bash libc6-compat
- make -C e test
- make test
volumes:
- name: dockersock
path: /var/run
- name: build robotest images
image: docker:git
commands:
- apk add --no-cache make bash libc6-compat
- make -C e/assets/robotest images
volumes:
- name: dockersock
path: /var/run
- name: run robotest
image: docker:git
environment:
GCP_ROBOTEST_CREDENTIALS:
from_secret: GCP_ROBOTEST_CREDENTIALS
# These files need to be in a volume that the docker service has access to
# We choose /tmp to accommodate https://github.com/gravitational/robotest/blob/3774f8641439b19c4e0e598db8f87c52ea0e4817/docker/suite/run_suite.sh#L106
SSH_KEY: /tmp/secrets/robotest
SSH_PUB: /tmp/secrets/robotest.pub
GOOGLE_APPLICATION_CREDENTIALS: /tmp/secrets/gcp.json
commands:
- apk add --no-cache make bash
- mkdir -p $(dirname $SSH_KEY)
- ssh-keygen -t ed25519 -N '' -f $SSH_KEY
- echo "$GCP_ROBOTEST_CREDENTIALS" > $GOOGLE_APPLICATION_CREDENTIALS
- make -C e robotest-run
volumes:
- name: dockersock
path: /var/run
- name: dockertmp
path: /tmp
services:
- name: run docker daemon
image: docker:20.10.6-dind
privileged: true
volumes:
- name: dockersock
path: /var/run
- name: dockertmp
path: /tmp
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: dockertmp
temp: {}
---
kind: pipeline
type: kubernetes
name: post-merge build
trigger:
event:
- push
branch:
- master
steps:
- name: short circuit docs changes
image: docker:git
commands:
# If a change is entirely documentation, skip the expensive build & test steps.
# https://discourse.drone.io/t/how-to-exit-a-pipeline-early-without-failing/3951
- ./build.assets/drone/diff-is-all-docs.sh $DRONE_COMMIT_BEFORE..$DRONE_COMMIT_AFTER && exit 78 || exit 0
- name: fetch tags
image: docker:git
commands:
- git fetch --tags
- name: wait for docker
image: docker
commands:
- timeout 15s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- docker version
volumes:
- name: dockersock
path: /var/run
- name: assume AWS role
image: amazon/aws-cli
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_S3_RO_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_S3_RO_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: AWS_S3_RO_ROLE
volumes:
- name: awsconfig
path: /root/.aws
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
- name: build
image: docker:git
commands:
- apk add --no-cache make bash libc6-compat aws-cli fakeroot
- make -C e production telekube opscenter
- make build-tsh
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
- name: build robotest images
image: docker:git
commands:
- apk add --no-cache make bash libc6-compat
- export ROBOTEST_CONFIG=nightly
- make -C e/assets/robotest images
volumes:
- name: dockersock
path: /var/run
- name: run robotest
image: docker:git
environment:
GCP_ROBOTEST_CREDENTIALS:
from_secret: GCP_ROBOTEST_CREDENTIALS
# These files need to be in a volume that the docker service has access to
# We choose /tmp to accommodate https://github.com/gravitational/robotest/blob/3774f8641439b19c4e0e598db8f87c52ea0e4817/docker/suite/run_suite.sh#L106
SSH_KEY: /tmp/secrets/robotest
SSH_PUB: /tmp/secrets/robotest.pub
GOOGLE_APPLICATION_CREDENTIALS: /tmp/secrets/gcp.json
commands:
- apk add --no-cache make bash
- mkdir -p $(dirname $SSH_KEY)
- ssh-keygen -t ed25519 -N '' -f $SSH_KEY
- echo "$GCP_ROBOTEST_CREDENTIALS" > $GOOGLE_APPLICATION_CREDENTIALS
- export ROBOTEST_CONFIG=nightly
- make -C e robotest-run
volumes:
- name: dockersock
path: /var/run
- name: dockertmp
path: /tmp
services:
- name: run docker daemon
image: docker:20.10.6-dind
privileged: true
volumes:
- name: dockersock
path: /var/run
- name: dockertmp
path: /tmp
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: dockertmp
temp: {}
---
kind: pipeline
type: kubernetes
name: pr docs
trigger:
event:
- pull_request
branch:
- master
steps:
- name: wait for docker
image: docker
commands:
- timeout 15s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- docker version
volumes:
- name: dockersock
path: /var/run
- name: build buildbox
image: docker:git
commands:
- apk add --no-cache make
- make -C docs bbox
volumes:
- name: dockersock
path: /var/run
- name: build
image: docker:git
commands:
- apk add --no-cache make
- make -C docs docs
volumes:
- name: dockersock
path: /var/run
- name: lint
image: docker:git
commands:
- apk add --no-cache make
- make -C docs lint
volumes:
- name: dockersock
path: /var/run
services:
- name: run docker daemon
image: docker:20.10.6-dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
kind: pipeline
type: kubernetes
name: tag
# This pipeline generates placeholder builds that Drone CI promotions can reference.
# See https://docs.drone.io/promote/
#
# This is useful, because it allows re-running release steps without re-pushing
# tags to the repo, in case of faulty infrastructure. We don't ever want to overwrite
# released tags. It'd be good to verify that the tags are signed and not already
# present in this build. -- walt 2021-03
trigger:
event:
- tag
steps:
- name: fetch tags
image: docker:git
commands:
- git fetch --tags
- name: check version
image: docker:git
commands:
- apk add --no-cache make bash
- make get-version
---
kind: pipeline
type: kubernetes
name: publish-dependencies
trigger:
event:
- promote
target:
- release
- publish-dependencies
steps:
- name: fetch tags
image: docker:git
commands:
- git fetch --tags
- name: wait for docker
image: docker
commands:
- timeout 15s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- docker version
volumes:
- name: dockersock
path: /var/run
- name: assume AWS role
image: amazon/aws-cli
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_S3_RO_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_S3_RO_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: AWS_S3_RO_ROLE
volumes:
- name: awsconfig
path: /root/.aws
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
- name: build
image: docker:git
commands:
- apk add --no-cache make bash libc6-compat aws-cli fakeroot
- make -C e production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
- name: assume publish AWS role
image: amazon/aws-cli
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_S3_RW_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_S3_RW_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: AWS_S3_RW_ROLE
volumes:
- name: awsconfig
path: /root/.aws
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
- name: publish dependencies
image: docker:git
environment:
TELE_COPY_TO_USER:
from_secret: QUAY_IO_SCAN_UPLOAD_USER
TELE_COPY_TO_PASS:
from_secret: QUAY_IO_SCAN_UPLOAD_TOKEN
commands:
- apk add --no-cache make bash libc6-compat aws-cli
- make -C e publish
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
services:
- name: run docker daemon
image: docker:20.10.6-dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
---
kind: pipeline
type: kubernetes
name: publish-enterprise
trigger:
event:
- promote
target:
- release
- publish-enterprise
steps:
- name: fetch tags
image: docker:git
commands:
- git fetch --tags
- name: wait for docker
image: docker
commands:
- timeout 15s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- docker version
volumes:
- name: dockersock
path: /var/run
- name: assume AWS role
image: amazon/aws-cli
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_S3_RO_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_S3_RO_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: AWS_S3_RO_ROLE
volumes:
- name: awsconfig
path: /root/.aws
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
- name: publish on linux
image: docker:git
environment:
TELE_KEY:
from_secret: DISTRIBUTION_OPSCENTER_TOKEN
commands:
- apk add --no-cache make bash libc6-compat aws-cli fakeroot
- make -C e production
- e/build/current/tele login --hub get.gravitational.io --token $TELE_KEY
- make -C e telekube opscenter publish-telekube publish-artifacts
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
services:
- name: run docker daemon
image: docker:20.10.6-dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
- name: awsconfig
temp: {}
---
kind: signature
hmac: 65a5d59e47ea7a322188e7e3a6a98a079e06943733643b39ad5083e2bab12b92
...
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手