discourse
/
discourse-auth-proxy
mirror of https://github.com/discourse/discourse-auth-proxy.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse-auth-proxy/concourse/plumb.yaml

166 lines
4.4 KiB
YAML
Raw Permalink Blame History

# SECURITY
# This is a public repository. Mind what you write.
# Do not accept modifications from people outside CDCK.
# Seek infra security review if unsure.
---
var_sources:
- name: xacco
type: vault
config:
url: http://127.0.0.1:8200
path_prefix: /aws-xacc-obfuscate
client_token: unused-but-some-value-required
resource_types:
- name: git-branches
type: registry-image
source:
repository: practical-concourse/resource-types/git-branches
aws_access_key_id: ((concourse-ecr-pull-rtype.AWS_ACCESS_KEY_ID))
aws_secret_access_key: ((concourse-ecr-pull-rtype.AWS_SECRET_ACCESS_KEY))
aws_region: ((obfuscate-aws-docker-registry.region))
resources:
- name: branches
type: git-branches
icon: github
source:
uri: git@github.com:discourse/discourse-auth-proxy.git
private_key: ((github-discoursebuild))
webhook_token: unused-but-some-value-required
- name: trunk
type: git
icon: github
source:
uri: git@github.com:discourse/discourse-auth-proxy.git
paths: [dist/concourse/pipeline-trunk.yaml]
private_key: ((github-discoursebuild))
webhook_token: unused-but-some-value-required
- name: plumbing
type: git
icon: github
source:
uri: git@github.com:discourse/discourse-auth-proxy.git
branch: plumbing
private_key: ((github-discoursebuild))
webhook_token: unused-but-some-value-required
- name: alpine
type: registry-image
icon: docker
check_every: 24h
source:
repository: alpine
tag: "3"
username: ((docker-hub.username))
password: ((docker-hub.password))
- name: branch-transformer
type: registry-image
icon: docker
source:
repository: auth-proxy/concourse/branch-transformer
tag: latest
aws_access_key_id: ((xacco:machine/concourse-ecr-push/docker-registry.AWS_ACCESS_KEY_ID))
aws_secret_access_key: ((xacco:machine/concourse-ecr-push/docker-registry.AWS_SECRET_ACCESS_KEY))
aws_session_token: ((xacco:machine/concourse-ecr-push/docker-registry.AWS_SESSION_TOKEN))
aws_region: ((obfuscate-aws-docker-registry.region))
jobs:
- name: set-self-pipeline
plan:
- get: plumbing
trigger: true
- set_pipeline: self
file: plumbing/concourse/plumb.yaml
- name: set-trunk-pipeline
plan:
- in_parallel:
- get: plumbing
trigger: true
passed: [set-self-pipeline]
- get: trunk
trigger: true
- set_pipeline: auth-proxy
file: trunk/dist/concourse/pipeline-trunk.yaml
- name: build-pipeline-helpers
plan:
- in_parallel:
- get: plumbing
trigger: true
passed: [set-self-pipeline]
- get: alpine
params: {format: oci}
- task: build
privileged: true
output_mapping:
image: branch-transformer
config:
platform: linux
image_resource:
type: registry-image
source:
repository: concourse/oci-build-task
username: ((docker-hub.username))
password: ((docker-hub.password))
inputs:
- name: alpine
- name: plumbing
outputs:
- name: image
caches:
- path: cache
params:
CONTEXT: plumbing/concourse/containers/branch-transformer
DOCKERFILE: plumbing/concourse/containers/branch-transformer/Dockerfile
IMAGE_ARG_BASE_IMAGE_ALPINE: alpine/image.tar
OUTPUT_OCI: true
run:
path: build
- put: branch-transformer
inputs:
- branch-transformer
params: {image: branch-transformer/image}
- name: set-branch-pipelines
plan:
- in_parallel:
- get: branches
trigger: true
- get: plumbing
trigger: true
passed:
- build-pipeline-helpers
- get: branch-transformer
passed: [build-pipeline-helpers]
- task: transform
image: branch-transformer
config:
platform: linux
inputs:
- name: branches
outputs:
- name: transformed
run:
path: sh
args:
- -exc
- |
exec /usr/local/bin/transform < branches/branches.json > transformed/branches.json
- load_var: branches
file: transformed/branches.json
- across:
- var: branch
values: ((.:branches))
set_pipeline: plumb-auth-proxy-branch
file: plumbing/concourse/plumb-branch.yaml
instance_vars:
branch: ((.:branch.name))
vars:
image_tag: ((.:branch.tag))
Reference in New Issue View Git Blame Copy Permalink