Skip to content

Commit

Permalink
Merge pull request #986 from CircleCI-Public/develop
Browse files Browse the repository at this point in the history
Release
  • Loading branch information
JulesFaucherre authored Aug 7, 2023
2 parents 5523658 + 4afe3de commit 83956f7
Show file tree
Hide file tree
Showing 8 changed files with 77 additions and 35 deletions.
75 changes: 57 additions & 18 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,14 @@ version: 2.1

orbs:
shellcheck: circleci/shellcheck@1.2.0
snyk: snyk/snyk@1.7.0
windows: circleci/windows@5.0.0

executors:
go:
docker:
- image: cimg/go:1.20
resource_class: large
environment:
CGO_ENABLED: 0
mac:
Expand All @@ -25,7 +27,7 @@ commands:
# https://app.circleci.com/jobs/github/CircleCI-Public/circleci-cli/6480
# curl: (92) HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1)
# The issue seems to be on the server-side, so force HTTP 1.1
name: 'cURL: Force HTTP 1.1'
name: "cURL: Force HTTP 1.1"
command: echo '--http1.1' >> ~/.curlrc
build-docker-image:
steps:
Expand All @@ -41,36 +43,31 @@ commands:
command: |
docker build -t circleci/circleci-cli:0.1.$CIRCLE_BUILD_NUM-alpine --file Dockerfile.alpine .
docker run --rm circleci/circleci-cli:0.1.$CIRCLE_BUILD_NUM-alpine update check
deploy-save-cache-workspace-and-artifacts:
deploy-save-workspace-and-artifacts:
steps:
- save_cache:
key: v4-goreleaser-{{ checksum "~/goreleaser_amd64.deb" }}
paths: [~/goreleaser_amd64.deb]
- persist_to_workspace:
root: .
paths:
- 'dist'
- "dist"
- store_artifacts:
path: ./dist
destination: dist
install-goreleaser:
parameters:
GORELEASER_URL:
version:
type: string
default: https://github.com/goreleaser/goreleaser/releases/download/v0.184.0/goreleaser_amd64.deb
default: "1.19.1"
steps:
- restore_cache:
keys: [v5-goreleaser-]
- run:
name: Install GoReleaser
command: |
[ -f ~/goreleaser_amd64.deb ] || curl --silent --location --fail --retry 3 << parameters.GORELEASER_URL >> > ~/goreleaser_amd64.deb
sudo apt-get update -y
sudo apt install ~/goreleaser_amd64.deb
echo 'deb [trusted=yes] https://repo.goreleaser.com/apt/ /' | sudo tee /etc/apt/sources.list.d/goreleaser.list
sudo apt -q update -y
sudo apt -q install -y --no-install-recommends goreleaser=<< parameters.version >>
gomod:
steps:
- restore_cache:
keys: ['v3-gomod-{{ arch }}-']
keys: ["v3-gomod-{{ arch }}-"]
- run:
name: Download go module dependencies
command: go mod download
Expand Down Expand Up @@ -121,7 +118,7 @@ jobs:
- persist_to_workspace:
root: .
paths:
- 'build'
- "build"
cucumber:
docker:
- image: cimg/ruby:2.7
Expand All @@ -130,7 +127,7 @@ jobs:
- attach_workspace:
at: .
- run:
name: 'Install CLI tool from workspace'
name: "Install CLI tool from workspace"
command: sudo cp ~/project/build/linux/amd64/circleci /usr/local/bin/
- run:
command: bundle install
Expand Down Expand Up @@ -209,7 +206,7 @@ jobs:
docker_layer_caching: true
- build-docker-image
- build-alpine-image
- deploy-save-cache-workspace-and-artifacts
- deploy-save-workspace-and-artifacts

deploy:
executor: go
Expand Down Expand Up @@ -246,7 +243,7 @@ jobs:
docker push circleci/circleci-cli:0.1.$CIRCLE_BUILD_NUM-alpine
docker tag circleci/circleci-cli:0.1.$CIRCLE_BUILD_NUM-alpine circleci/circleci-cli:alpine
docker push circleci/circleci-cli:alpine
- deploy-save-cache-workspace-and-artifacts
- deploy-save-workspace-and-artifacts

snap:
docker:
Expand Down Expand Up @@ -304,6 +301,46 @@ jobs:
command: choco push circleci-cli.nupkg --source https://chocolatey.org/ --apikey $env:CHOCO_API_KEY
working_directory: chocolatey

vulnerability-scan:
executor: go
steps:
- checkout
- run:
name: Setup Scanning
command: |
git config --global url."https://$GITHUB_USER:$GITHUB_TOKEN@github.com/circleci/".insteadOf "https://github.com/circleci/"
- when:
condition:
or:
- equal: [ main, << pipeline.git.branch >> ]
steps:
- run:
name: Launching Snyk Orb Scanning
command: echo "Running snyk/scan on main; uploading the results"
- run:
name: Cleanup RemoteRepoURL
command: echo 'export REMOTE_REPO_URL="${CIRCLE_REPOSITORY_URL%".git"}"' >> "$BASH_ENV"
- snyk/scan:
organization: "circleci-public"
fail-on-issues: true
severity-threshold: high
monitor-on-build: true
additional-arguments: "--all-projects --remote-repo-url=${REMOTE_REPO_URL} -d"
- unless:
condition:
or:
- equal: [ main, << pipeline.git.branch >> ]
steps:
- run:
name: Launching Snyk Orb Scanning
command: echo "Running snyk/scan on branch; not uploading the results"
- snyk/scan:
organization: "circleci-public"
fail-on-issues: true
severity-threshold: high
monitor-on-build: false
additional-arguments: "--all-projects -d"

workflows:
ci:
jobs:
Expand All @@ -317,6 +354,8 @@ workflows:
- test_windows
- coverage
- lint
- vulnerability-scan:
context: org-global-employees
- deploy-test
- docs:
requires:
Expand Down
4 changes: 2 additions & 2 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
* @CircleCI-Public/developer-experience
*orb*.go @CircleCI-Public/orb-publishers @CircleCI-Public/developer-experience

/api/runner @CircleCI-Public/runner
/cmd/runner @CircleCI-Public/runner
/api/runner @CircleCI-Public/on-prem
/cmd/runner @CircleCI-Public/on-prem
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,4 @@ LABEL maintainer="Developer Experience Team <developer_experience@circleci.com>"

ENV CIRCLECI_CLI_SKIP_UPDATE_CHECK true

COPY ./dist/circleci-cli_linux_amd64/circleci /usr/local/bin
COPY ./dist/circleci-cli_linux_amd64_v1/circleci /usr/local/bin
2 changes: 1 addition & 1 deletion Dockerfile.alpine
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ FROM alpine:3.8

ENV CIRCLECI_CLI_SKIP_UPDATE_CHECK true

COPY ./dist/circleci-cli_linux_amd64/circleci /usr/local/bin
COPY ./dist/circleci-cli_linux_amd64_v1/circleci /usr/local/bin

RUN apk add --no-cache --upgrade git openssh ca-certificates

Expand Down
4 changes: 2 additions & 2 deletions cmd/config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -257,7 +257,7 @@ var _ = Describe("Config", func() {
session.Wait()

Eventually(session.Err.Contents()).Should(BeEmpty())
Eventually(session.Out.Contents()).Should(MatchRegexp("npm run test"))
Eventually(session.Out.Contents()).Should(MatchRegexp("npm test"))
Eventually(session).Should(gexec.Exit(0))
})

Expand All @@ -273,7 +273,7 @@ var _ = Describe("Config", func() {
session.Wait()

Eventually(session.Err.Contents()).Should(BeEmpty())
Eventually(session.Out.Contents()).Should(MatchRegexp("npm run test"))
Eventually(session.Out.Contents()).Should(MatchRegexp("npm test"))
Eventually(session).Should(gexec.Exit(0))
})
})
Expand Down
13 changes: 11 additions & 2 deletions cmd/orb.go
Original file line number Diff line number Diff line change
Expand Up @@ -1218,7 +1218,8 @@ func initOrb(opts orbOptions) error {
defer resp.Body.Close()

// Create the file
out, err := os.Create(filepath.Join(os.TempDir(), "orb-template.zip"))
zipPath := filepath.Join(os.TempDir(), "orb-template.zip")
out, err := os.Create(zipPath)
if err != nil {
return err
}
Expand All @@ -1230,11 +1231,19 @@ func initOrb(opts orbOptions) error {
return err
}

err = unzipToOrbPath(filepath.Join(os.TempDir(), "orb-template.zip"), orbPath)
err = unzipToOrbPath(zipPath, orbPath)
if err != nil {
return err
}

// Remove MIT License file if orb is private
if opts.private {
err = os.Remove(filepath.Join(orbPath, "LICENSE"))
if err != nil && !errors.Is(err, os.ErrNotExist) {
return err
}
}

if fullyAutomated == 1 {
fmt.Println("Opted for manual setup, exiting")
fmt.Printf("The Orb Project Template has been extracted to %s\n", orbPath)
Expand Down
6 changes: 1 addition & 5 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ require (
)

require (
github.com/CircleCI-Public/circleci-config v0.0.0-20230609135034-182164ce950a
github.com/CircleCI-Public/circleci-config v0.0.0-20230629192034-c469d9e9936b
github.com/a8m/envsubst v1.4.2
github.com/charmbracelet/lipgloss v0.5.0
github.com/erikgeiser/promptkit v0.7.0
Expand All @@ -48,7 +48,6 @@ require (
github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 // indirect
github.com/acomagu/bufpipe v1.0.4 // indirect
github.com/agnivade/levenshtein v1.1.1 // indirect
github.com/alessio/shellescape v1.4.1 // indirect
github.com/atotto/clipboard v0.1.4 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
Expand Down Expand Up @@ -118,7 +117,4 @@ require (
gopkg.in/yaml.v2 v2.4.0 // indirect
)

// fix vulnerability: CVE-2020-15114 in etcd v3.3.10+incompatible
replace github.com/coreos/etcd => github.com/coreos/etcd v3.3.24+incompatible

go 1.20
6 changes: 2 additions & 4 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@ github.com/AlecAivazis/survey/v2 v2.1.1 h1:LEMbHE0pLj75faaVEKClEX1TM4AJmmnOh9eim
github.com/AlecAivazis/survey/v2 v2.1.1/go.mod h1:9FJRdMdDm8rnT+zHVbvQT2RTSTLq0Ttd6q3Vl2fahjk=
github.com/CircleCI-Public/circle-policy-agent v0.0.683 h1:EzZaLy9mUGl4dwDNWceBHeDb3X0KAAjV4eFOk3C7lts=
github.com/CircleCI-Public/circle-policy-agent v0.0.683/go.mod h1:72U4Q4OtvAGRGGo/GqlCCO0tARg1cSG9xwxWyz3ktQI=
github.com/CircleCI-Public/circleci-config v0.0.0-20230609135034-182164ce950a h1:RqA4H9p77FsqV++HNNDBq8dJftYuJ+r+KdD9HAX28t4=
github.com/CircleCI-Public/circleci-config v0.0.0-20230609135034-182164ce950a/go.mod h1:XZaQPj2ylXZaz5vW31dRdkUY/Ey8MdpbgrUHbHyzICY=
github.com/CircleCI-Public/circleci-config v0.0.0-20230629192034-c469d9e9936b h1:emg7uU3bRjVMlwSpOATBiybaBPXNWUIiFE/qbQQXZtE=
github.com/CircleCI-Public/circleci-config v0.0.0-20230629192034-c469d9e9936b/go.mod h1:0iW5+XMF4XtikTlfCElaBQjT/OTMjQRHM1DgSWxcWuE=
github.com/Masterminds/semver v1.4.2 h1:WBLTQ37jOCzSLtXNdoo8bNM8876KhNqOKvrlGITgsTc=
github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA=
Expand All @@ -20,8 +20,6 @@ github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ
github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8=
github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo=
github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0=
github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30=
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
github.com/araddon/dateparse v0.0.0-20210429162001-6b43995a97de h1:FxWPpzIjnTlhPwqqXc4/vE0f7GvRjuAsbW+HOIe8KnA=
github.com/araddon/dateparse v0.0.0-20210429162001-6b43995a97de/go.mod h1:DCaWoUhZrYW9p1lxo/cm8EmUOOzAPSEZNGF2DK1dJgw=
Expand Down

0 comments on commit 83956f7

Please sign in to comment.