Update orb-tools version (#4)

smaeda-ks · web-flow · commit 21706914d9f0 · 2022-04-04T21:53:54.000+09:00
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -1,125 +1,38 @@
 version: 2.1
-
+setup: true
 orbs:
-  orb-hashicorp-vault-cli: smaeda-ks/orb-hashicorp-vault-cli@<<pipeline.parameters.dev-orb-version>>
-  orb-tools: circleci/orb-tools@10.0
-  bats: circleci/bats@1.0
-
-# Pipeline Parameters
-## These parameters are used internally by orb-tools. Skip to the Jobs section.
-parameters:
-  run-integration-tests:
-    description: An internal flag to prevent integration test from running before a development version has been created.
-    type: boolean
-    default: false
-  dev-orb-version:
-    description: >
-      The development version of the orb to test.
-      This value is automatically adjusted by the "trigger-integration-tests-workflow" job to correspond with the specific version created by the commit and should not be edited.
-      A "dev:alpha" version must exist for the initial pipeline run.
-    type: string
-    default: "dev:alpha"
-
-jobs:
-  integration-test-1:
-    machine: true
-    steps:
-      - checkout
-      - run:
-          name: Start local Vault dev server (Docker)
-          command: |
-            docker run -d --cap-add=IPC_LOCK -p 8200:8200 -e 'VAULT_DEV_ROOT_TOKEN_ID=myroot' vault
-      - orb-hashicorp-vault-cli/install
-      - run: vault --version
-      - run:
-          name: Set up Vault dev server
-          command: |
-            vault auth enable jwt
+  orb-tools: circleci/orb-tools@11.1
+  # shellcheck: circleci/shellcheck@3.1
 
-            vault write auth/jwt/config \
-              bound_issuer="https://oidc.circleci.com/org/${CIRCLECI_ORG_ID}" \
-              oidc_discovery_url="https://oidc.circleci.com/org/${CIRCLECI_ORG_ID}"
+filters: &filters
+  tags:
+    only: /.*/
 
-            vault kv put secret/circleci/orb test=foo
-
-            vault policy write circleci-orb-dev -\<<EOF
-            path "secret/data/circleci/orb" {
-              capabilities = ["read"]
-            }
-            EOF
-
-            vault write auth/jwt/role/circleci-orb-dev -\<<EOF
-            {
-              "role_type": "jwt",
-              "user_claim": "sub",
-              "bound_claims": {
-                "aud": "${CIRCLECI_ORG_ID}"
-              },
-              "policies": ["circleci-orb-dev"],
-              "ttl": "1h"
-            }
-            EOF
-            exit 0
-          environment:
-            VAULT_TOKEN: myroot
-            VAULT_ADDR: "http://localhost:8200"
-      - orb-hashicorp-vault-cli/auth-oidc:
-          vault-address: "http://localhost:8200"
-          vault-role: "circleci-orb-dev"
-      - run: vault kv get -field=test secret/circleci/orb
 workflows:
-  # Prior to producing a development orb (which requires credentials) basic validation, linting, and even unit testing can be performed.
-  # This workflow will run on every commit
-  test-pack:
-    unless: << pipeline.parameters.run-integration-tests >>
+  lint-pack:
     jobs:
-      - orb-tools/lint # Lint Yaml files
-      - orb-tools/pack # Pack orb source
-      # optional: Run BATS tests against your scripts
-      # - bats/run:
-      #     path: ./src/tests
-      # Publish development version(s) of the orb.
-      - orb-tools/publish-dev:
+      - orb-tools/lint:
+          filters: *filters
+      - orb-tools/pack:
+          filters: *filters
+      - orb-tools/review:
+          filters: *filters
+          exclude: RC006,RC009
+      # - shellcheck/check:
+      #     exclude: SC2148,SC2038,SC2086,SC2002,SC2016
+      #     filters: *filters
+      - orb-tools/publish:
           orb-name: smaeda-ks/orb-hashicorp-vault-cli
-          context: orb-publishing # A restricted context containing your private publishing credentials. Will only execute if approved by an authorized user.
-          requires:
-            - orb-tools/lint
-            - orb-tools/pack
-            # - bats/run
-      # Trigger an integration workflow to test the
-      # dev:${CIRCLE_SHA1:0:7} version of your orb
-      - orb-tools/trigger-integration-tests-workflow:
-          name: trigger-integration-dev
-          context: orb-publishing
+          vcs-type: << pipeline.project.type >>
           requires:
-            - orb-tools/publish-dev
-
-  # This `integration-test_deploy` workflow will only run
-  # when the run-integration-tests pipeline parameter is set to true.
-  # It is meant to be triggered by the "trigger-integration-tests-workflow"
-  # job, and run tests on <your orb>@dev:${CIRCLE_SHA1:0:7}.
-  integration-test_deploy:
-    when: << pipeline.parameters.run-integration-tests >>
-    jobs:
-      # Run any integration tests defined within the `jobs` key.
-      - integration-test-1:
+            [orb-tools/lint, orb-tools/review, orb-tools/pack]
+          # Use a context to hold your publishing token.
           context: orb-publishing
-      # Publish a semver version of the orb. relies on
-      # the commit subject containing the text "[semver:patch|minor|major|skip]"
-      # as that will determine whether a patch, minor or major
-      # version will be published or if publishing should
-      # be skipped.
-      # e.g. [semver:patch] will cause a patch version to be published.
-      - orb-tools/dev-promote-prod-from-commit-subject:
-          orb-name: smaeda-ks/orb-hashicorp-vault-cli
-          context: orb-publishing
-          add-pr-comment: false
-          fail-if-semver-not-indicated: true
-          publish-version-tag: false
-          requires:
-            - integration-test-1
-          filters:
-            branches:
-              only:
-                - master
-                - main
+          filters: *filters
+      # Triggers the next workflow in the Orb Development Kit.
+      - orb-tools/continue:
+          config-path: .circleci/test-deploy.yml
+          pipeline-number: << pipeline.number >>
+          vcs-type: << pipeline.project.type >>
+          requires: [orb-tools/publish]
+          filters: *filters
diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml
@@ -0,0 +1,79 @@
+version: 2.1
+orbs:
+  orb-hashicorp-vault-cli: smaeda-ks/orb-hashicorp-vault-cli@dev:<<pipeline.git.revision>>
+  orb-tools: circleci/orb-tools@11.1
+
+filters: &filters
+  tags:
+    only: /.*/
+
+jobs:
+  integration-test:
+    machine: true
+    steps:
+      - checkout
+      - run:
+          name: Start local Vault dev server (Docker)
+          command: |
+            docker run -d --cap-add=IPC_LOCK -p 8200:8200 -e 'VAULT_DEV_ROOT_TOKEN_ID=myroot' vault
+      - orb-hashicorp-vault-cli/install
+      - run: vault --version
+      - run:
+          name: Set up Vault dev server
+          command: |
+            vault auth enable jwt
+
+            vault write auth/jwt/config \
+              bound_issuer="https://oidc.circleci.com/org/${CIRCLECI_ORG_ID}" \
+              oidc_discovery_url="https://oidc.circleci.com/org/${CIRCLECI_ORG_ID}"
+
+            vault kv put secret/circleci/orb test=foo
+
+            vault policy write circleci-orb-dev -\<<EOF
+            path "secret/data/circleci/orb" {
+              capabilities = ["read"]
+            }
+            EOF
+
+            vault write auth/jwt/role/circleci-orb-dev -\<<EOF
+            {
+              "role_type": "jwt",
+              "user_claim": "sub",
+              "bound_claims": {
+                "aud": "${CIRCLECI_ORG_ID}"
+              },
+              "policies": ["circleci-orb-dev"],
+              "ttl": "1h"
+            }
+            EOF
+            exit 0
+          environment:
+            VAULT_TOKEN: myroot
+            VAULT_ADDR: "http://localhost:8200"
+      - orb-hashicorp-vault-cli/auth-oidc:
+          vault-address: "http://localhost:8200"
+          vault-role: "circleci-orb-dev"
+      - run: vault kv get -field=test secret/circleci/orb
+workflows:
+  test-deploy:
+    jobs:
+      # Make sure to include "filters: *filters" in every test job you want to run as part of your deployment.
+      - integration-test:
+          filters: *filters
+          context: orb-publishing
+      - orb-tools/pack:
+          filters: *filters
+      - orb-tools/publish:
+          orb-name: smaeda-ks/orb-hashicorp-vault-cli
+          vcs-type: <<pipeline.project.type>>
+          pub-type: production
+          enable-pr-comment: false
+          requires:
+            - orb-tools/pack
+            - integration-test
+          context: orb-publishing
+          filters:
+            branches:
+              ignore: /.*/
+            tags:
+              only: /^v[0-9]+\.[0-9]+\.[0-9]+$/
