Skip to content

Commit

Permalink
(SIMP-7035) Update to new Travis CI pipeline (#30)
Browse files Browse the repository at this point in the history
  • Loading branch information
@op-ct
op-ct committed Apr 17, 2020
1 parent 967674c commit 0d66824
Showing 1 changed file with 100 additions and 45 deletions.
145 changes: 100 additions & 45 deletions .travis.yml
View file
Original file line number Diff line number Diff line change
@@ -1,30 +1,55 @@
# The testing matrix considers ruby/puppet versions supported by SIMP and PE:
# ------------------------------------------------------------------------------
# Release Puppet Ruby EOL
# SIMP 6.4 5.5 2.4 TBD
# PE 2018.1 5.5 2.4 2020-11 (LTS)
# PE 2019.2 6.10 2.5 2019-08 (STS)
#
# https://puppet.com/docs/pe/2018.1/component_versions_in_recent_pe_releases.html
# https://puppet.com/misc/puppet-enterprise-lifecycle
# https://puppet.com/docs/pe/2018.1/overview/getting_support_for_pe.html
# ==============================================================================
#
# Travis CI Repo options for this pipeline:
#
# Travis CI Env Var Type Notes
# --------------------- -------- -------------------------------------------
# GITHUB_OAUTH_TOKEN Secure Required for automated GitHub releases
# PUPPETFORGE_API_TOKEN Secure Required for automated Forge releases
# SKIP_GITHUB_PUBLISH Optional Skips publishing GitHub releases if "true"
# SKIP_FORGE_PUBLISH Optional Skips publishing to Puppet Forge if "true"
#
# The secure env vars will be filtered in Travis CI log output, and aren't
# provided to untrusted builds (i.e, triggered by PR from another repository)
#
# ------------------------------------------------------------------------------
# Release Puppet Ruby EOL
# SIMP 6.2 4.10 2.1.9 TBD
# PE 2016.4 4.10 2.1.9 2018-12-31 (LTS)
# PE 2017.3 5.3 2.4.5 2018-12-31
# SIMP 6.3 5.5 2.4.5 TBD***
# PE 2018.1 5.5 2.4.5 2020-05 (LTS)***
# PE 2019.0 6.0 2.5.1 2019-08-31^^^
#
# *** = Modules created for SIMP 6.3+ are not required to support Puppet < 5.5
# ^^^ = SIMP doesn't support 6 yet; tests are info-only and allowed to fail

# Travis CI Trigger options for this pipeline:
#
# To validate if $GITHUB_OAUTH_TOKEN is able to publish a GitHub release,
# trigger a custom Travis CI build for this branch using the CUSTOM CONFIG:
#
# env: VALIDATE_TOKENS=yes
#
# ------------------------------------------------------------------------------
#
# Release Engineering notes:
#
# To automagically publish a release to GitHub and PuppetForge:
#
# - Set GITHUB_OAUTH_TOKEN and PUPPETFORGE_API_TOKEN as secure env variables
# in this repo's Travis CI settings
# - Push a git tag that matches the version in the module's `metadata.json`
# - The tag SHOULD be annotated with release notes, but nothing enforces this
# convention at present
#
# ------------------------------------------------------------------------------
---

language: ruby
cache: bundler
sudo: false

stages:
- check
- spec
- name: deploy
if: 'tag IS present'
version: ~> 1.0
os: linux

bundler_args: --without development system_tests --path .vendor

Expand All @@ -37,16 +62,29 @@ addons:
- rpm

before_install:
- for x in ${HOME}/.rvm/gems/*; do gem uninstall -I -x -i "${x}" -v '>= 1.17' bundler || true; gem uninstall -I -x -i "${x}@global" -v '>= 1.17' bundler || true; done
- gem install -v '~> 1.17' bundler
- rm -f Gemfile.lock

global:
- STRICT_VARIABLES=yes
env:
global:
- 'FORGE_USER_AGENT="TravisCI-ForgeReleng-Script/0.3.3 (Purpose/forge-ops-for-${TRAVIS_REPO_SLUG})"'

stages:
- name: 'validate tokens'
if: 'env(VALIDATE_TOKENS) = yes'
- name: check
if: 'NOT env(VALIDATE_TOKENS) = yes'
- name: spec
if: 'NOT env(VALIDATE_TOKENS) = yes'
- name: deploy
if: 'tag IS present AND NOT env(VALIDATE_TOKENS) = yes'

jobs:
include:
- stage: check
name: 'Syntax, style, and validation checks'
rvm: 2.4.5
rvm: 2.4.9
env: PUPPET_VERSION="~> 5"
script:
- bundle exec rake check:dot_underscore
Expand All @@ -59,53 +97,70 @@ jobs:
- bundle exec puppet module build

- stage: spec
name: 'Puppet 5.3 (PE 2017.3)'
rvm: 2.4.5
env: PUPPET_VERSION="~> 5.3.0"
script:
- bundle exec rake spec

- stage: spec
rvm: 2.4.5
name: 'Puppet 5.5 (SIMP 6.3, PE 2018.1)'
rvm: 2.4.9
name: 'Puppet 5.5 (SIMP 6.4, PE 2018.1)'
env: PUPPET_VERSION="~> 5.5.0"
script:
- bundle exec rake spec

- stage: spec
name: 'Latest Puppet 5.x'
rvm: 2.4.5
name: 'Puppet 5.x (Latest)'
rvm: 2.4.9
env: PUPPET_VERSION="~> 5.0"
script:
- bundle exec rake spec

- stage: spec
name: 'Latest Puppet 6.x'
rvm: 2.5.1
env: PUPPET_VERSION="~> 6.0"
name: 'Puppet 6.10 (PE 2019.2)'
rvm: 2.5.7
env: PUPPET_VERSION="~> 6.10.0"
script:
- bundle exec rake spec

- stage: deploy
rvm: 2.4.5
rvm: 2.4.9
env: PUPPET_VERSION="~> 5.5.0"
script:
- true
before_deploy:
- "export PUPMOD_METADATA_VERSION=`ruby -r json -e \"puts JSON.parse(File.read('metadata.json')).fetch('version')\"`"
- '[[ $TRAVIS_TAG =~ ^simp-${PUPMOD_METADATA_VERSION}$|^${PUPMOD_METADATA_VERSION}$ ]]'

- '[[ $TRAVIS_TAG =~ ^poxvup-${PUPMOD_METADATA_VERSION}$|^${PUPMOD_METADATA_VERSION}$ ]]'
- 'gem install -v "~> 5.5.0" puppet'
- 'git clean -f -x -d'
- 'puppet module build'
- 'find pkg -name ''*.tar.gz'''
deploy:
- provider: releases
api_key:
secure: "O73TBZQslwpNDgoBmFedspUcxoJ3kAWF/PVjQ5PFHfZxbyD3XZEzTxKkPw+OfZ2VajRMLq79bc3Tw3FUXWGwWXGB17a3JKqIxqiXnyQPlfju547ow3p9nz4E7XRaMwiDZR30FrFtchWnM6BQzsDHfc1NBSHcaYP8cCCwTt680DtzHLreXfRUWVn9qus82x+IY3p85YxcbcTfOK3nSUaO0+AuK3V476qybUCYqOw+0KNvvIN0NOX3WPtZYFrV9MvPkuubNYU6t0rpXnjEhCvlxd8XOYaceTSHVFemq80Xc7wRRMroSdFDSF05ITLYAIj8suuUCbxAqiPVRZL6wfRMX4al3rCYOuMCIg7ntBHvHaZTjj8BiKMtTmZoX2L09D2Ss613hS3pTuXSeRCQ5/MF8yMEFTaU3iJ4s4SsWJCzZkIBc7lC9w79a0R4+3b37UuHSOlXDRvgltQfzKk2CVe1Ks8vNsAKj4+AhQKCn70/UY5iS6+GLyulCQ81sS6D0HQAIwywxZYwXM0cillY589+kBkhdlCJ0iQdlDZXN87NIUQUjbQ6sSUYjFquKVaipxMzqSeWZQC4oTK+IAI8vSrqUNJC2ygEPc2CSQBXgKPTVATumcPr4B/KGkGRx25gxku1sepTo1KlQl1bZeWkMzFcKkjpDIEIVy2c8C5LBa4X60Y="
- provider: script
skip_cleanup: true
script: 'curl -sS --fail -A "$FORGE_USER_AGENT" -H "Authorization: Bearer ${PUPPETFORGE_API_TOKEN}" -X POST -F "file=@$(find $PWD/pkg -name ''*.tar.gz'')" https://forgeapi.puppet.com/v3/releases'
on:
tags: true
condition: '($SKIP_FORGE_PUBLISH != true)'
- provider: puppetforge
user: simp
password:
secure: "QA50KX/krSgjSISTXbCF442o2iWUg2/CniIE6MfFNoviklUTPHAAfJ5Z0TKclEs7sG4IgJjYjyZxldYIfNov20/MApUhBIlBppLO3TQn3S31FM1mWSyrIp3q38O/aJj1jK2SU22PAY2LwViylSsM69nd3Zl7VKacPjUv/NfCQNipm/wziK6NhOFtTKuRzjur7kmrssmU+ZRI9F3l6i/xv+oJ61DSR6XVkijE0fekd8aRg+88TkGPdlboK4dEC+IgM3dyGavWelxf6O3tpX4HOivik5RGfIKPvJfKkSTM0jDRuEZpKyEpJdu+IWAnAxX9rPFmP9TITCxYn99gdgQhP3EFRfI9AaG4L1iYEcqt151teM5raGcJ82H1AIH8b4N3IlZEMVO+0YsB/TbwiFgT0OWO47RhM8NEFqfoxLhrFofDK0sMZqwbZZvzqEW5vAtQmGvEEJZjGsOp3xYn8PH4l2nbXT6dL0BrEuCD69+yCAboCBfg9D8UghMVzwHmNAxT7EJAEzr5of0YRpXn4DX2Ei70XUejhYk3Fi61Ze8uQcHifD+eAD+jhtfOr4uqxsb8qHOytNfldShGCSlGjVRb3CAbD1WFAt5gQuksbh4XqjJkzhr8VCp0HJdcRI+I8++wLp4VzPTlNuXHFIuznqfQPPd1eReF+Hb6Gqpkyp1JRys="
- provider: releases
token: $GITHUB_OAUTH_TOKEN
on:
tags: true
condition: '($SKIP_FORGE_PUBLISH != true)'
condition: '($SKIP_GITHUB_PUBLISH != true)'

- stage: 'validate tokens'
language: shell
before_install: skip
install: skip
name: 'validate CI GitHub OAuth token has sufficient scope to release'
script:
- 'echo; echo "===== GITHUB_OAUTH_TOKEN validation";echo " (TRAVIS_SECURE_ENV_VARS=$TRAVIS_SECURE_ENV_VARS)"; echo'
- 'OWNER="$(echo $TRAVIS_REPO_SLUG | cut -d/ -f1)"'
- 'curl -H "Authorization: token ${GITHUB_OAUTH_TOKEN}"
"https://api.github.com/users/$OWNER"
-I | grep ^X-OAuth-Scopes | egrep -w "repo|public_repo"'

- stage: 'validate tokens'
name: 'validate CI Puppet Forge token authenticates with API'
language: shell
before_install: skip
install: skip
script:
- 'echo; echo "===== PUPPETFORGE_API_TOKEN validation"; echo " (TRAVIS_SECURE_ENV_VARS=$TRAVIS_SECURE_ENV_VARS)"; echo'
- 'curl -sS --fail -A "$FORGE_USER_AGENT"
-H "Authorization: Bearer ${PUPPETFORGE_API_TOKEN:-default_content_to_cause_401_response}"
https://forgeapi.puppet.com/v3/users > /dev/null'

0 comments on commit 0d66824

Please sign in to comment.