-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy path.onedev-buildspec.yml
98 lines (98 loc) · 2.65 KB
/
.onedev-buildspec.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
version: 32
imports:
- projectPath: onedev
revision: main
accessTokenSecret: onedev-token
jobs:
- name: Release
steps:
- !CheckoutStep
name: checkout code
cloneCredential: !DefaultCredential {}
withLfs: false
withSubmodules: true
condition: ALL_PREVIOUS_STEPS_WERE_SUCCESSFUL
- !UseTemplateStep
name: set up cache
templateName: set up cache
condition: ALL_PREVIOUS_STEPS_WERE_SUCCESSFUL
- !UseTemplateStep
name: set build version
templateName: set build version
condition: ALL_PREVIOUS_STEPS_WERE_SUCCESSFUL
- !CommandStep
name: build and deploy
runInContainer: true
image: '@property:buildEnvironment@'
interpreter: !DefaultInterpreter
commands: |
set -e
mvn deploy -Dmaven.deploy.username=@job_token@ -Dmaven.deploy.password=@secrets:maven-deploy-password@
useTTY: false
condition: ALL_PREVIOUS_STEPS_WERE_SUCCESSFUL
- !BuildImageStep
name: build docker image
output: !RegistryOutput
tags: 1dev/k8s-helper:@build_version@
platforms: linux/amd64,linux/arm64
condition: ALL_PREVIOUS_STEPS_WERE_SUCCESSFUL
- !CreateTagStep
name: create tag
tagName: v@build_version@
accessTokenSecret: onedev-token
condition: ALL_PREVIOUS_STEPS_WERE_SUCCESSFUL
triggers:
- !BranchUpdateTrigger
branches: main
jobDependencies:
- jobName: Scan Vulnerabilities
requireSuccessful: true
retryCondition: never
maxRetries: 3
retryDelay: 30
timeout: 3600
- name: Scan Vulnerabilities
steps:
- !CheckoutStep
name: checkout
cloneCredential: !DefaultCredential {}
withLfs: false
withSubmodules: false
cloneDepth: 1
condition: ALL_PREVIOUS_STEPS_WERE_SUCCESSFUL
- !OsvVulnerScannerStep
name: scan
recursive: true
failThreshold: HIGH
reportName: Dependency Vulnerabilities
condition: ALL_PREVIOUS_STEPS_WERE_SUCCESSFUL
retryCondition: never
maxRetries: 3
retryDelay: 30
timeout: 3600
- name: Sync with GitHub
steps:
- !CheckoutStep
name: checkout
cloneCredential: !DefaultCredential {}
withLfs: false
withSubmodules: true
condition: ALL_PREVIOUS_STEPS_WERE_SUCCESSFUL
- !CommandStep
name: sync
runInContainer: true
image: alpine/git:1.0.7
interpreter: !DefaultInterpreter
commands: |
git config --global --unset http.extraHeader
git push -f https://robinshine:@secrets:github-token@@@github.com/theonedev/k8s-helper HEAD:main
useTTY: false
condition: ALL_PREVIOUS_STEPS_WERE_SUCCESSFUL
triggers:
- !BranchUpdateTrigger
branches: main
projects: onedev/k8s-helper
retryCondition: never
maxRetries: 3
retryDelay: 30
timeout: 3600