From 5618f3803d6e2cdb61c170e957666f01e472863c Mon Sep 17 00:00:00 2001 From: kiblykat Date: Wed, 1 May 2024 02:05:54 +0800 Subject: [PATCH] clean up config.yml --- .circleci/config.yml | 176 +-------------------------- config-copy.yml | 274 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 276 insertions(+), 174 deletions(-) create mode 100644 config-copy.yml diff --git a/.circleci/config.yml b/.circleci/config.yml index daf8379..20af9d3 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,110 +1,33 @@ -# Use the latest 2.1 version of CircleCI pipeline process engine. -# See: https://circleci.com/docs/configuration-reference version: 2.1 -# Orbs - Reusable packages for use. orbs: docker: circleci/docker@2.6.0 - # heroku: circleci/heroku@2.0.0 - # The maven orb contains a set of prepackaged circleci configuration you can use repeatedly in your configurations files. - # Orb commands and jobs help you with common scripting around a language/tool so you dont have to copy and paste it everywhere. - # See the orb documentation here: https://circleci.com/developer/orbs/orb/circleci/maven maven: circleci/maven@1.4.1 snyk: snyk/snyk@2.1.0 -# Jobs - Set of instructions / functions. -# Define a job to be invoked later in a workflow. -# See: https://circleci.com/docs/jobs-steps/#jobs-overview & https://circleci.com/docs/configuration-reference/#jobs jobs: - # build: # Job name. build_and_test: # Job name. - # Specify the execution environment. You can specify an image from Docker Hub or use one of our convenience images from CircleCI's Developer Hub. - # See: https://circleci.com/docs/executor-intro/ & https://circleci.com/docs/configuration-reference/#executor-job docker: # Environment. - # Specify the version you desire here. - # See: https://circleci.com/developer/images/image/cimg/base - image: cimg/openjdk:21.0.2 environment: PGHOST: 127.0.0.1 - image: cimg/postgres:16.2 environment: - # This optional variable can be used to control the auth-method for host connections for all databases, all users, and all addresses. - # If unspecified then scram-sha-256 password authentication is used (in 14+; md5 in older releases). - # On an uninitialized database, this will populate pg_hba.conf via this approximate line: echo "host all all all $POSTGRES_HOST_AUTH_METHOD" >> pg_hba.conf - # See the PostgreSQL documentation on pg_hba.conf for more information about possible values and their meanings. - # It is not recommended to use trust since it allows anyone to connect without a password, even if one is set (like via POSTGRES_PASSWORD). - # For more information see the PostgreSQL documentation on Trust Authentication. - # If you set POSTGRES_HOST_AUTH_METHOD to trust, then POSTGRES_PASSWORD is not required. - # If you set this to an alternative value (such as scram-sha-256), you might need additional POSTGRES_INITDB_ARGS for the database - # to initialize correctly (such as POSTGRES_INITDB_ARGS=--auth-host=scram-sha-256). - # POSTGRES_HOST_AUTH_METHOD: trust - # This optional environment variable is used in conjunction with POSTGRES_PASSWORD to set a user and its password. - # This variable will create the specified user with superuser power and a database with the same name. - # If it is not specified, then the default user of postgres will be used. - # POSTGRES_USER: postgres - # This environment variable is required for you to use the PostgreSQL image. It must not be empty or undefined. - # This environment variable sets the superuser password for PostgreSQL. The default superuser is defined by the POSTGRES_USER environment variable. - # The PostgreSQL image sets up trust authentication locally so you may notice a password is not required when connecting from - # localhost (inside the same container). However, a password will be required if connecting from a different host/container. - # This variable defines the superuser password in the PostgreSQL instance, as set by the initdb script during initial container startup. - # It has no effect on the PGPASSWORD environment variable that may be used by the psql client at runtime, as described - # at https://www.postgresql.org/docs/14/libpq-envars.html. PGPASSWORD, if used, will be specified as a separate environment variable. POSTGRES_PASSWORD: password - # This optional environment variable can be used to define a different name for the default database that is created when the image is first started. - # If it is not specified, then the value of POSTGRES_USER will be used. POSTGRES_DB: the_review_room - # Add steps to the job. - # See: https://circleci.com/docs/jobs-steps/#steps-overview & https://circleci.com/docs/configuration-reference/#steps steps: - checkout # Check out source code to the working directory. - # - restore_cache: # Restore the saved cache after the first run or if `pom.xml` has changed. - # # Read about caching dependencies: https://circleci.com/docs/caching/ - # key: circleci-the-review-room-{{ checksum "pom.xml" }} - run: | echo "Installing dependencies..." mvn dependency:go-offline # Get the project dependencies. Goal that resolves all project dependencies, including plugins and reports and their dependencies. - # - save_cache: # Save the project dependencies. - # paths: - # - ~/.m2 - # key: circleci-the-review-room-{{ checksum "pom.xml" }} - - # Maven Build Lifecycle. - # validate - Validate the project is correct and all necessary information is available. - # compile - Compile the source code of the project. - # test - Test the compiled source code using a suitable unit testing framework. These tests should not require the code be packaged or deployed. - # package - Take the compiled code and package it in its distributable format, such as a JAR. - # verify - Run any checks on results of integration tests to ensure quality criteria are met. - # install - Install the package into the local repository, for use as a dependency in other projects locally. - # deploy - Done in the build environment, copies the final package to the remote repository for sharing with other developers and projects. - # These lifecycle phases (plus the other lifecycle phases not shown here) are executed sequentially to complete the default lifecycle. - # This means that calling the later lifecycle phases will run through all the earlier lifecycle phases sequentially. - run: mvn verify # Build and run the tests. - - store_test_results: # Upload the test metadata from the `target/surefire-reports` directory so that it can show up in the CircleCI dashboard. - # Upload test results for display in Test Summary: https://circleci.com/docs/2.0/collect-test-data/ path: target/surefire-reports - - store_artifacts: # Store the uber jar as an artifact. - # Upload test summary for display in Artifacts: https://circleci.com/docs/2.0/artifacts/ path: target/the-review-room-0.0.1-SNAPSHOT.jar - # See https://circleci.com/docs/2.0/deployment-integrations/ for deploy examples. - - # test: - # docker: # Environment. - # - image: cimg/openjdk:21.0.2 - - # steps: - # - checkout - # - run: | - # echo "Installing dependencies..." - # echo "Running tests..." - # java --version - scan: docker: - # - image: cimg/node:20.12.2 - # - image: cimg/node:current - image: cimg/base:current environment: # The environment allows us to create an environment for the job and allows us to create custom environment variables. @@ -121,112 +44,45 @@ jobs: severity-threshold: high # Only report vulnerabilities of provided level or higher (low/medium/high/critical). If param is not present, the default value is low. publish: # Also known as the build-and-push. - executor: docker/docker # Define the execution environment in which the steps of a job will run. - + executor: docker/docker # Define the execution environment in which the steps of a job will run.S steps: - checkout - setup_remote_docker - docker/check - docker/build: # Build the image. image: nhkhai/the-review-room - # tag: v1.0.1 tag: latest # Consider setting this dynamically based on the tag using env vars or CircleCI parameters. - # tag: ${CIRCLE_TAG:-latest} # Use the tag name if triggered by a tag, otherwise use 'latest'. - docker/push: # Pushes the image to the specified account in the environment variables. image: nhkhai/the-review-room - # tag: v1.0.1 tag: latest # Consider setting this dynamically based on the tag using env vars or CircleCI parameters. - # tag: ${CIRCLE_TAG:-latest} # Use the tag name if triggered by a tag, otherwise use 'latest'. - - # deploy: - # docker: - # - image: cimg/node:20.12.2 - # - # steps: - # - checkout - # - setup_remote_docker - # - heroku/install - # - run: - # name: Heroku Container Push - # command: | - # heroku container:login - # heroku container:push web -a nhkhai-node-app-for-devops - # heroku container:release web -a nhkhai-node-app-for-devops deploy: docker: - # - image: cimg/deploy:2024.03 - # - image: cimg/deploy:2024.03-node - # - image: cimg/base:current-22.04 - image: cimg/base:current - steps: - # - checkout - # - setup_remote_docker - run: name: Render Deploy Hook command: | curl "$RENDER_DEPLOY_HOOK_URL" -# Workflow - Defines what sequence will the jobs run. -# Orchestrate jobs using workflows. -# See: https://circleci.com/docs/workflows/ & https://circleci.com/docs/configuration-reference/#workflows workflows: ci_flow: # Workflow name. This is the name of the workflow, feel free to change it to better match your workflow. - # Inside the workflow, you define the jobs you want to run. jobs: - # - build - # # - build: - # # filters: - # # branches: - # # only: - # # - main - # # ignore: - # # - release - - # - test: - # requires: - # - build - # # filters: - # # branches: - # # only: - # # - main - # # ignore: - # # - release - - build_and_test: filters: branches: ignore: - release - - # The Snyk security scan job. - scan: requires: - # - build - build_and_test - # filters: - # branches: - # only: - # - main - # ignore: - # - release - - publish: - # Ensure that the dependency job(s) are able to run (watch out for branch filtering affecting this), else publish and deploy (depends on publish) will not run at all. requires: - # - test - build_and_test - scan filters: - # tags: - # only: /^v[0-9]+\.[0-9]+\.[0-9]+$/ # Ensure this job runs only for semantically versioned tags. This regex pattern matches semantic versioning tags (e.g., v1.0.0, v2.1.3). branches: - # only: - # - release ignore: - develop - # - release - cicd_flow: jobs: - build_and_test: @@ -234,41 +90,13 @@ workflows: branches: only: - release - - # The Snyk security scan job. - scan: requires: - # - build - build_and_test - # filters: - # branches: - # only: - # - main - # ignore: - # - release - # branches: - # only: - # - release - - publish: - # Ensure that the dependency job(s) are able to run (watch out for branch filtering affecting this), else publish and deploy (depends on publish) will not run at all. requires: - # - test - build_and_test - scan - # filters: - # tags: - # only: /^v[0-9]+\.[0-9]+\.[0-9]+$/ # Ensure this job runs only for semantically versioned tags. This regex pattern matches semantic versioning tags (e.g., v1.0.0, v2.1.3). - # branches: - # only: - # - release - - deploy: requires: - - publish - # filters: - # tags: - # only: /^v[0-9]+\.[0-9]+\.[0-9]+$/ # Ensure this job runs only for semantically versioned tags. This regex pattern matches semantic versioning tags (e.g., v1.0.0, v2.1.3). - # branches: - # only: - # - release + - publish \ No newline at end of file diff --git a/config-copy.yml b/config-copy.yml new file mode 100644 index 0000000..daf8379 --- /dev/null +++ b/config-copy.yml @@ -0,0 +1,274 @@ +# Use the latest 2.1 version of CircleCI pipeline process engine. +# See: https://circleci.com/docs/configuration-reference +version: 2.1 + +# Orbs - Reusable packages for use. +orbs: + docker: circleci/docker@2.6.0 + # heroku: circleci/heroku@2.0.0 + # The maven orb contains a set of prepackaged circleci configuration you can use repeatedly in your configurations files. + # Orb commands and jobs help you with common scripting around a language/tool so you dont have to copy and paste it everywhere. + # See the orb documentation here: https://circleci.com/developer/orbs/orb/circleci/maven + maven: circleci/maven@1.4.1 + snyk: snyk/snyk@2.1.0 + +# Jobs - Set of instructions / functions. +# Define a job to be invoked later in a workflow. +# See: https://circleci.com/docs/jobs-steps/#jobs-overview & https://circleci.com/docs/configuration-reference/#jobs +jobs: + # build: # Job name. + build_and_test: # Job name. + # Specify the execution environment. You can specify an image from Docker Hub or use one of our convenience images from CircleCI's Developer Hub. + # See: https://circleci.com/docs/executor-intro/ & https://circleci.com/docs/configuration-reference/#executor-job + docker: # Environment. + # Specify the version you desire here. + # See: https://circleci.com/developer/images/image/cimg/base + - image: cimg/openjdk:21.0.2 + environment: + PGHOST: 127.0.0.1 + - image: cimg/postgres:16.2 + environment: + # This optional variable can be used to control the auth-method for host connections for all databases, all users, and all addresses. + # If unspecified then scram-sha-256 password authentication is used (in 14+; md5 in older releases). + # On an uninitialized database, this will populate pg_hba.conf via this approximate line: echo "host all all all $POSTGRES_HOST_AUTH_METHOD" >> pg_hba.conf + # See the PostgreSQL documentation on pg_hba.conf for more information about possible values and their meanings. + # It is not recommended to use trust since it allows anyone to connect without a password, even if one is set (like via POSTGRES_PASSWORD). + # For more information see the PostgreSQL documentation on Trust Authentication. + # If you set POSTGRES_HOST_AUTH_METHOD to trust, then POSTGRES_PASSWORD is not required. + # If you set this to an alternative value (such as scram-sha-256), you might need additional POSTGRES_INITDB_ARGS for the database + # to initialize correctly (such as POSTGRES_INITDB_ARGS=--auth-host=scram-sha-256). + # POSTGRES_HOST_AUTH_METHOD: trust + # This optional environment variable is used in conjunction with POSTGRES_PASSWORD to set a user and its password. + # This variable will create the specified user with superuser power and a database with the same name. + # If it is not specified, then the default user of postgres will be used. + # POSTGRES_USER: postgres + # This environment variable is required for you to use the PostgreSQL image. It must not be empty or undefined. + # This environment variable sets the superuser password for PostgreSQL. The default superuser is defined by the POSTGRES_USER environment variable. + # The PostgreSQL image sets up trust authentication locally so you may notice a password is not required when connecting from + # localhost (inside the same container). However, a password will be required if connecting from a different host/container. + # This variable defines the superuser password in the PostgreSQL instance, as set by the initdb script during initial container startup. + # It has no effect on the PGPASSWORD environment variable that may be used by the psql client at runtime, as described + # at https://www.postgresql.org/docs/14/libpq-envars.html. PGPASSWORD, if used, will be specified as a separate environment variable. + POSTGRES_PASSWORD: password + # This optional environment variable can be used to define a different name for the default database that is created when the image is first started. + # If it is not specified, then the value of POSTGRES_USER will be used. + POSTGRES_DB: the_review_room + + # Add steps to the job. + # See: https://circleci.com/docs/jobs-steps/#steps-overview & https://circleci.com/docs/configuration-reference/#steps + steps: + - checkout # Check out source code to the working directory. + # - restore_cache: # Restore the saved cache after the first run or if `pom.xml` has changed. + # # Read about caching dependencies: https://circleci.com/docs/caching/ + # key: circleci-the-review-room-{{ checksum "pom.xml" }} + - run: | + echo "Installing dependencies..." + mvn dependency:go-offline # Get the project dependencies. Goal that resolves all project dependencies, including plugins and reports and their dependencies. + # - save_cache: # Save the project dependencies. + # paths: + # - ~/.m2 + # key: circleci-the-review-room-{{ checksum "pom.xml" }} + + # Maven Build Lifecycle. + # validate - Validate the project is correct and all necessary information is available. + # compile - Compile the source code of the project. + # test - Test the compiled source code using a suitable unit testing framework. These tests should not require the code be packaged or deployed. + # package - Take the compiled code and package it in its distributable format, such as a JAR. + # verify - Run any checks on results of integration tests to ensure quality criteria are met. + # install - Install the package into the local repository, for use as a dependency in other projects locally. + # deploy - Done in the build environment, copies the final package to the remote repository for sharing with other developers and projects. + # These lifecycle phases (plus the other lifecycle phases not shown here) are executed sequentially to complete the default lifecycle. + # This means that calling the later lifecycle phases will run through all the earlier lifecycle phases sequentially. + - run: mvn verify # Build and run the tests. + + - store_test_results: # Upload the test metadata from the `target/surefire-reports` directory so that it can show up in the CircleCI dashboard. + # Upload test results for display in Test Summary: https://circleci.com/docs/2.0/collect-test-data/ + path: target/surefire-reports + + - store_artifacts: # Store the uber jar as an artifact. + # Upload test summary for display in Artifacts: https://circleci.com/docs/2.0/artifacts/ + path: target/the-review-room-0.0.1-SNAPSHOT.jar + # See https://circleci.com/docs/2.0/deployment-integrations/ for deploy examples. + + # test: + # docker: # Environment. + # - image: cimg/openjdk:21.0.2 + + # steps: + # - checkout + # - run: | + # echo "Installing dependencies..." + # echo "Running tests..." + # java --version + + scan: + docker: + # - image: cimg/node:20.12.2 + # - image: cimg/node:current + - image: cimg/base:current + + environment: # The environment allows us to create an environment for the job and allows us to create custom environment variables. + IMAGE_NAME: nhkhai/education-space + + steps: + - checkout + - setup_remote_docker + - docker/check + - run: docker build -t $IMAGE_NAME . # $IMAGE_NAME gets the value from the environment we created above. + - snyk/scan: # This triggers the Snyk scan using the preconfigured SNYK_TOKEN environmental variable. + docker-image-name: $IMAGE_NAME # The image name, if scanning a container image. + fail-on-issues: false # This specifies if builds should be failed or continued based on issues found by Snyk. If false, the failure is hidden and marked as a pass. + severity-threshold: high # Only report vulnerabilities of provided level or higher (low/medium/high/critical). If param is not present, the default value is low. + + publish: # Also known as the build-and-push. + executor: docker/docker # Define the execution environment in which the steps of a job will run. + + steps: + - checkout + - setup_remote_docker + - docker/check + - docker/build: # Build the image. + image: nhkhai/the-review-room + # tag: v1.0.1 + tag: latest # Consider setting this dynamically based on the tag using env vars or CircleCI parameters. + # tag: ${CIRCLE_TAG:-latest} # Use the tag name if triggered by a tag, otherwise use 'latest'. + - docker/push: # Pushes the image to the specified account in the environment variables. + image: nhkhai/the-review-room + # tag: v1.0.1 + tag: latest # Consider setting this dynamically based on the tag using env vars or CircleCI parameters. + # tag: ${CIRCLE_TAG:-latest} # Use the tag name if triggered by a tag, otherwise use 'latest'. + + # deploy: + # docker: + # - image: cimg/node:20.12.2 + # + # steps: + # - checkout + # - setup_remote_docker + # - heroku/install + # - run: + # name: Heroku Container Push + # command: | + # heroku container:login + # heroku container:push web -a nhkhai-node-app-for-devops + # heroku container:release web -a nhkhai-node-app-for-devops + deploy: + docker: + # - image: cimg/deploy:2024.03 + # - image: cimg/deploy:2024.03-node + # - image: cimg/base:current-22.04 + - image: cimg/base:current + + steps: + # - checkout + # - setup_remote_docker + - run: + name: Render Deploy Hook + command: | + curl "$RENDER_DEPLOY_HOOK_URL" + +# Workflow - Defines what sequence will the jobs run. +# Orchestrate jobs using workflows. +# See: https://circleci.com/docs/workflows/ & https://circleci.com/docs/configuration-reference/#workflows +workflows: + ci_flow: # Workflow name. This is the name of the workflow, feel free to change it to better match your workflow. + # Inside the workflow, you define the jobs you want to run. + jobs: + # - build + # # - build: + # # filters: + # # branches: + # # only: + # # - main + # # ignore: + # # - release + + # - test: + # requires: + # - build + # # filters: + # # branches: + # # only: + # # - main + # # ignore: + # # - release + + - build_and_test: + filters: + branches: + ignore: + - release + + # The Snyk security scan job. + - scan: + requires: + # - build + - build_and_test + # filters: + # branches: + # only: + # - main + # ignore: + # - release + + - publish: + # Ensure that the dependency job(s) are able to run (watch out for branch filtering affecting this), else publish and deploy (depends on publish) will not run at all. + requires: + # - test + - build_and_test + - scan + filters: + # tags: + # only: /^v[0-9]+\.[0-9]+\.[0-9]+$/ # Ensure this job runs only for semantically versioned tags. This regex pattern matches semantic versioning tags (e.g., v1.0.0, v2.1.3). + branches: + # only: + # - release + ignore: + - develop + # - release + + cicd_flow: + jobs: + - build_and_test: + filters: + branches: + only: + - release + + # The Snyk security scan job. + - scan: + requires: + # - build + - build_and_test + # filters: + # branches: + # only: + # - main + # ignore: + # - release + # branches: + # only: + # - release + + - publish: + # Ensure that the dependency job(s) are able to run (watch out for branch filtering affecting this), else publish and deploy (depends on publish) will not run at all. + requires: + # - test + - build_and_test + - scan + # filters: + # tags: + # only: /^v[0-9]+\.[0-9]+\.[0-9]+$/ # Ensure this job runs only for semantically versioned tags. This regex pattern matches semantic versioning tags (e.g., v1.0.0, v2.1.3). + # branches: + # only: + # - release + + - deploy: + requires: + - publish + # filters: + # tags: + # only: /^v[0-9]+\.[0-9]+\.[0-9]+$/ # Ensure this job runs only for semantically versioned tags. This regex pattern matches semantic versioning tags (e.g., v1.0.0, v2.1.3). + # branches: + # only: + # - release