-
Notifications
You must be signed in to change notification settings - Fork 64
/
Copy pathbuild.yaml
90 lines (79 loc) · 2.22 KB
/
build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
steps:
- id: Lock
name: golang:1.23.0
entrypoint: bash
args:
- -ec
- |
if [[ "$COMMIT_SHA" = '' ]]; then
echo "no COMMIT_SHA, not locking"
exit 0
fi
go run golang.org/x/website/cmd/locktrigger@latest \
-project $PROJECT_ID -build $BUILD_ID -repo https://go.googlesource.com/vulndb
- id: Unshallow
name: gcr.io/cloud-builders/git
entrypoint: bash
args:
- -c
- |
if ! git fetch --unshallow; then
echo "git fetch --unshallow failed, no worries mate"
fi
- id: Test
name: golang:1.23.0
entrypoint: bash
args:
- -ec
- go test ./...
- id: CopyExisting
name: gcr.io/cloud-builders/gsutil
entrypoint: bash
args:
- -ec
- gsutil -q -m cp -r gs://go-vulndb /workspace
- id: Generate
name: golang:1.23.0
entrypoint: bash
args: ["-ec", "go run ./cmd/gendb -out /workspace/db -zip /workspace/db/vulndb.zip"]
- id: PreValidate
name: golang:1.23.0
entrypoint: bash
args:
- -ec
- go run ./cmd/checkdeploy -new /workspace/db -existing /workspace/go-vulndb
- id: Deploy
name: gcr.io/cloud-builders/gsutil
entrypoint: bash
args: ["./deploy/gcp-deploy.sh"]
- id: CopyDeployed
name: gcr.io/cloud-builders/gsutil
entrypoint: bash
args:
- -ec
- mkdir /workspace/deployed && gsutil -q -m cp -r gs://go-vulndb /workspace/deployed
- id: PostValidate
name: golang:1.23.0
entrypoint: bash
args: ["-ec", "go run ./cmd/checkdb /workspace/deployed/go-vulndb"]
env:
- 'GOPROXY=https://proxy.golang.org'
- id: PublishCVEs
name: golang:1.23.0
entrypoint: bash
args:
- -ec
- |
# Ensure we have valid credentials before attempting publish.
go run ./cmd/cve -key $$CVE_API_KEY -user $$CVE_API_USER quota
# Publish or update any CVE records that have changed.
go run ./cmd/cve -key $$CVE_API_KEY -user $$CVE_API_USER publish-all
secretEnv: ['CVE_API_USER', 'CVE_API_KEY']
availableSecrets:
secretManager:
- versionName: ${_CVE_API_KEY}
env: 'CVE_API_KEY'
- versionName: ${_CVE_API_USER}
env: 'CVE_API_USER'
options:
logging: CLOUD_LOGGING_ONLY