forked from simp/pupmod-simp-pupmod
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.travis.yml
235 lines (214 loc) · 7.98 KB
/
.travis.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
# The testing matrix considers ruby/puppet versions supported by SIMP and PE:
# ------------------------------------------------------------------------------
# Release Puppet Ruby EOL
# SIMP 6.4 5.5 2.4 TBD
# PE 2018.1 5.5 2.4 2020-11 (LTS)
# PE 2019.2 6.10 2.5 2019-08 (STS)
#
# https://puppet.com/docs/pe/2018.1/component_versions_in_recent_pe_releases.html
# https://puppet.com/misc/puppet-enterprise-lifecycle
# https://puppet.com/docs/pe/2018.1/overview/getting_support_for_pe.html
# ==============================================================================
#
# Travis CI Repo options for this pipeline:
#
# Travis CI Env Var Type Notes
# --------------------- -------- -------------------------------------------
# GITHUB_OAUTH_TOKEN Secure Required for automated GitHub releases
# PUPPETFORGE_API_TOKEN Secure Required for automated Forge releases
# SKIP_GITHUB_PUBLISH Optional Skips publishing GitHub releases if "true"
# SKIP_FORGE_PUBLISH Optional Skips publishing to Puppet Forge if "true"
#
# The secure env vars will be filtered in Travis CI log output, and aren't
# provided to untrusted builds (i.e, triggered by PR from another repository)
#
# ------------------------------------------------------------------------------
#
# Travis CI Trigger options for this pipeline:
#
# To validate if $GITHUB_OAUTH_TOKEN is able to publish a GitHub release,
# trigger a custom Travis CI build for this branch using the CUSTOM CONFIG:
#
# env: VALIDATE_TOKENS=yes
#
# ------------------------------------------------------------------------------
#
# Release Engineering notes:
#
# To automagically publish a release to GitHub and PuppetForge:
#
# - Set GITHUB_OAUTH_TOKEN and PUPPETFORGE_API_TOKEN as secure env variables
# in this repo's Travis CI settings
# - Push a git tag that matches the version in the module's `metadata.json`
# - The tag SHOULD be annotated with release notes, but nothing enforces this
# convention at present
#
# ------------------------------------------------------------------------------
# NOTE: Unlike most SIMP Puppet modules, which use a standardized .travis.yml,
# this pipeline contains steps that are specific to testing simp-pupmod
# ------------------------------------------------------------------------------
---
language: ruby
cache: bundler
version: ~> 1.0
os: linux
bundler_args: --without development system_tests --path .vendor
notifications:
email: false
addons:
apt:
packages:
- rpm
before_install:
- for x in ${HOME}/.rvm/gems/*; do gem uninstall -I -x -i "${x}" -v '>= 1.17' bundler || true; gem uninstall -I -x -i "${x}@global" -v '>= 1.17' bundler || true; done
- gem install -v '~> 1.17' bundler
- rm -f Gemfile.lock
env:
global:
- 'FORGE_USER_AGENT="TravisCI-ForgeReleng-Script/0.3.3 (Purpose/forge-ops-for-${TRAVIS_REPO_SLUG})"'
stages:
- name: 'validate tokens'
if: 'env(VALIDATE_TOKENS) = yes'
- name: check
if: 'NOT env(VALIDATE_TOKENS) = yes'
- name: spec
if: 'NOT env(VALIDATE_TOKENS) = yes'
- name: deploy
if: 'tag IS present AND NOT env(VALIDATE_TOKENS) = yes'
jobs:
include:
- stage: check
name: 'Syntax, style, and validation checks'
rvm: 2.4.9
env: PUPPET_VERSION="~> 5"
script:
- bundle exec rake check:dot_underscore
- bundle exec rake check:test_file
- bundle exec rake pkg:check_version
- bundle exec rake metadata_lint
- bundle exec rake pkg:compare_latest_tag
- bundle exec rake pkg:create_tag_changelog
- bundle exec rake lint
- bundle exec puppet module build
- stage: spec
rvm: 2.4.9
name: 'Puppet 5.5 (SIMP 6.4, PE 2018.1) - Classes'
env: PUPPET_VERSION="~> 5.5.0"
script:
- 'bundle exec rake spec_prep'
- 'bundle exec rspec spec/classes'
- stage: spec
rvm: 2.4.9
name: 'Puppet 5.5 (SIMP 6.4, PE 2018.1) - Defines'
env: PUPPET_VERSION="~> 5.5.0"
script:
- 'bundle exec rake spec_prep'
- 'bundle exec rspec spec/defines'
- stage: spec
rvm: 2.4.9
name: 'Puppet 5.5 (SIMP 6.4, PE 2018.1) - Unit'
env: PUPPET_VERSION="~> 5.5.0"
script:
- 'bundle exec rake spec_prep'
- 'bundle exec rspec spec/unit'
- stage: spec
name: 'Puppet 5.x (Latest) - Classes'
rvm: 2.4.9
env: PUPPET_VERSION="~> 5.0"
script:
- 'bundle exec rake spec_prep'
- 'bundle exec rspec spec/classes'
- stage: spec
name: 'Puppet 5.x (Latest) - Defines'
rvm: 2.4.9
env: PUPPET_VERSION="~> 5.0"
script:
- 'bundle exec rake spec_prep'
- 'bundle exec rspec spec/defines'
- stage: spec
name: 'Puppet 5.x (Latest) - Unit'
rvm: 2.4.9
env: PUPPET_VERSION="~> 5.0"
script:
- 'bundle exec rake spec_prep'
- 'bundle exec rspec spec/unit'
- stage: spec
name: 'Puppet 6.10 (PE 2019.2) - Classes'
rvm: 2.5.7
env: PUPPET_VERSION="~> 6.10.0"
script:
- 'bundle exec rake spec_prep'
- 'bundle exec rspec spec/classes'
- stage: spec
name: 'Puppet 6.10 (PE 2019.2) - Defines'
rvm: 2.5.7
env: PUPPET_VERSION="~> 6.10.0"
script:
- 'bundle exec rake spec_prep'
- 'bundle exec rspec spec/defines'
- stage: spec
name: 'Puppet 6.x (Latest) - Classes'
rvm: 2.5.7
env: PUPPET_VERSION="~> 6.0"
script:
- 'bundle exec rake spec_prep'
- 'bundle exec rspec spec/classes'
- stage: spec
name: 'Puppet 6.x (Latest) - Defines'
rvm: 2.5.7
env: PUPPET_VERSION="~> 6.0"
script:
- 'bundle exec rake spec_prep'
- 'bundle exec rspec spec/defines'
- stage: spec
name: 'Puppet 6.x (Latest) - Unit'
rvm: 2.5.7
env: PUPPET_VERSION="~> 6.0"
script:
- 'bundle exec rake spec_prep'
- 'bundle exec rspec spec/unit'
- stage: deploy
rvm: 2.4.9
env: PUPPET_VERSION="~> 5.5.0"
script:
- true
before_deploy:
- "export PUPMOD_METADATA_VERSION=`ruby -r json -e \"puts JSON.parse(File.read('metadata.json')).fetch('version')\"`"
- '[[ $TRAVIS_TAG =~ ^simp-${PUPMOD_METADATA_VERSION}$|^${PUPMOD_METADATA_VERSION}$ ]]'
- 'gem install -v "~> 5.5.0" puppet'
- 'git clean -f -x -d'
- 'puppet module build'
- 'find pkg -name ''*.tar.gz'''
deploy:
- provider: script
skip_cleanup: true
script: 'curl -sS --fail -A "$FORGE_USER_AGENT" -H "Authorization: Bearer ${PUPPETFORGE_API_TOKEN}" -X POST -F "file=@$(find $PWD/pkg -name ''*.tar.gz'')" https://forgeapi.puppet.com/v3/releases'
on:
tags: true
condition: '($SKIP_FORGE_PUBLISH != true)'
- provider: releases
token: $GITHUB_OAUTH_TOKEN
on:
tags: true
condition: '($SKIP_GITHUB_PUBLISH != true)'
- stage: 'validate tokens'
language: shell
before_install: skip
install: skip
name: 'validate CI GitHub OAuth token has sufficient scope to release'
script:
- 'echo; echo "===== GITHUB_OAUTH_TOKEN validation";echo " (TRAVIS_SECURE_ENV_VARS=$TRAVIS_SECURE_ENV_VARS)"; echo'
- 'OWNER="$(echo $TRAVIS_REPO_SLUG | cut -d/ -f1)"'
- 'curl -H "Authorization: token ${GITHUB_OAUTH_TOKEN}"
"https://api.github.com/users/$OWNER"
-I | grep ^X-OAuth-Scopes | egrep -w "repo|public_repo"'
- stage: 'validate tokens'
name: 'validate CI Puppet Forge token authenticates with API'
language: shell
before_install: skip
install: skip
script:
- 'echo; echo "===== PUPPETFORGE_API_TOKEN validation"; echo " (TRAVIS_SECURE_ENV_VARS=$TRAVIS_SECURE_ENV_VARS)"; echo'
- 'curl -sS --fail -A "$FORGE_USER_AGENT"
-H "Authorization: Bearer ${PUPPETFORGE_API_TOKEN:-default_content_to_cause_401_response}"
https://forgeapi.puppet.com/v3/users > /dev/null'