-
Notifications
You must be signed in to change notification settings - Fork 203
/
config.yml
120 lines (103 loc) · 4.6 KB
/
config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
version: 2 # use CircleCI 2.0
orbs:
snyk: snyk/snyk@1.7.0
jobs: # basic units of work in a run
build: # runs not using Workflows must have a `build` job as entry point
docker: # run the steps with Docker
# CircleCI Go images available at: https://hub.docker.com/r/circleci/golang/
- image: circleci/golang:1.12
# CircleCI PostgreSQL images available at: https://hub.docker.com/r/circleci/postgres/
- image: circleci/postgres:9.6-alpine
environment: # environment variables for primary container
POSTGRES_USER: circleci-demo-go
POSTGRES_DB: circle_test
parallelism: 2
environment: # environment variables for the build itself
TEST_RESULTS: /tmp/test-results # path to where test results will be saved
steps: # steps that comprise the `build` job
- checkout # check out source code to working directory
- run: mkdir -p $TEST_RESULTS # create the test results directory
- restore_cache: # restores saved cache if no changes are detected since last run
keys:
- go-mod-v4-{{ checksum "go.sum" }}
# Wait for Postgres to be ready before proceeding
- run:
name: Waiting for Postgres to be ready
command: dockerize -wait tcp://localhost:5432 -timeout 1m
- run:
name: Run unit tests
environment: # environment variables for the database url and path to migration files
CONTACTS_DB_URL: "postgres://circleci-demo-go@localhost:5432/circle_test?sslmode=disable"
CONTACTS_DB_MIGRATIONS: /home/circleci/project/db/migrations
# store the results of our tests in the $TEST_RESULTS directory
command: |
PACKAGE_NAMES=$(go list ./... | circleci tests split --split-by=timings --timings-type=classname)
gotestsum --junitfile ${TEST_RESULTS}/gotestsum-report.xml -- $PACKAGE_NAMES
- run: make # pull and build dependencies for the project
- save_cache:
key: go-mod-v4-{{ checksum "go.sum" }}
paths:
- "/go/pkg/mod"
- run:
name: Start service
environment:
CONTACTS_DB_URL: "postgres://circleci-demo-go@localhost:5432/circle_test?sslmode=disable"
CONTACTS_DB_MIGRATIONS: /home/circleci/project/db/migrations
command: ./workdir/contacts
background: true # keep service running and proceed to next step
- run:
name: Validate service is working
command: |
sleep 5
curl --retry 10 --retry-delay 1 -X POST --header "Content-Type: application/json" -d '{"email":"test@example.com","name":"Test User"}' http://localhost:8080/contacts
- store_artifacts: # upload test summary for display in Artifacts
path: /tmp/test-results
destination: raw-test-output
- store_test_results: # upload test results for display in Test Summary
path: /tmp/test-results
vulnerability-scan:
executor: go
steps:
- checkout
- run:
name: Setup Scanning
command: |
git config --global url."https://$GITHUB_USER:$GITHUB_TOKEN@github.com/circleci/".insteadOf "https://github.com/circleci/"
- when:
condition:
or:
- equal: [ master, << pipeline.git.branch >> ]
steps:
- run:
name: Launching Snyk Orb Scanning
command: echo "Running snyk/scan on master; uploading the results"
- run:
name: Cleanup RemoteRepoURL
command: echo 'export REMOTE_REPO_URL="${CIRCLE_REPOSITORY_URL%".git"}"' >> "$BASH_ENV"
- snyk/scan:
organization: "circleci-public"
fail-on-issues: true
severity-threshold: high
monitor-on-build: true
additional-arguments: "--all-projects --remote-repo-url=${REMOTE_REPO_URL} -d"
- unless:
condition:
or:
- equal: [ master, << pipeline.git.branch >> ]
steps:
- run:
name: Launching Snyk Orb Scanning
command: echo "Running snyk/scan on branch; not uploading the results"
- snyk/scan:
organization: "circleci-public"
fail-on-issues: true
severity-threshold: high
monitor-on-build: false
additional-arguments: "--all-projects -d"
workflows:
version: 2
build-workflow:
jobs:
- build
- vulnerability-scan:
context: org-global-employees