image/.travis.yml at master · kubenow/image · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
---
language: python

python:
  - "2.7"

virtualenv:
  system_site_packages: true

sudo: required

services:
  - docker

env:
  global:
    - TERRAFORM_VERSION=0.11.10
    - PACKER_VERSION=1.1.2
    - PIP=9.0.3
    # Workaround to build on google - See https://github.com/travis-ci/travis-ci/issues/7940
    - BOTO_CONFIG=/dev/null
    - ANSIBLE_LINT_VERSION=3.4.15
    - YAMLLINT_VERSION=1.8.1
  matrix:
    - HOST_CLOUD=gce
    - HOST_CLOUD=aws
    - HOST_CLOUD=openstack

before_install:
  # Decrypt secrets
  - >
    openssl aes-256-cbc
    -K $encrypted_92e1e3eadcc5_key
    -iv $encrypted_92e1e3eadcc5_iv
    -in .keys.enc
    -out keys.tgz
    -d

  # Extract secrets
  - tar xzvf keys.tgz

  # Add the keypair to the agent
  - eval "$(ssh-agent -s)"
  - ssh-add keys/id_rsa

  # CHECK CODE QUALITY
  # Installing code review tools
  - >
      travis_retry curl
      https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip
      > /tmp/terraform.zip
  - unzip /tmp/terraform.zip -d /tmp/
  - sudo pip install -qq --upgrade pip=="${PIP}"
  - sudo pip install -qq yamllint=="${YAMLLINT_VERSION}"
  - sudo apt-get -qq install shellcheck -y

  # Check Terraform
  - /tmp/terraform fmt bin/*.tf
  - git diff --exit-code

  # Check Json
  - echo "$(python -mjson.tool < $HOST_CLOUD.json)" > "$HOST_CLOUD".json
  - git diff --exit-code

  # Check Shell
  - shellcheck $(find . -type f -name "*.sh")
  - docker run -v "$(pwd)":/sh -w /sh jamesmstone/shfmt -i 2 -w bin/*.sh
  - git diff --exit-code

  # Check YAML
  - yamllint -c .yamllint.yml -s .travis.yml .yamllint.yml

install:
  # INSTALL DEPS
  # To upgrade to dpkg >= 1.17.5ubuntu5.8, which fixes https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1730627
  - sudo apt-get install -qq -y dpkg
  # Packer
  - >
      travis_retry curl
      https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_linux_amd64.zip
      > /tmp/packer.zip
  - unzip /tmp/packer.zip -d /tmp/

  # Google Cloud Engine SDK kit
  # Create an environment variable for the correct distribution
  - export CLOUD_SDK_REPO="cloud-sdk-$(lsb_release -c -s)"

  # Add the Cloud SDK distribution URI as a package source
  - >
      echo "deb https://packages.cloud.google.com/apt $CLOUD_SDK_REPO main" |
      sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list

  # Import the Google Cloud Platform public key
  - >
      curl https://packages.cloud.google.com/apt/doc/apt-key.gpg |
      sudo apt-key add -

  # Update the package list and install the Cloud SDK
  - sudo apt-get -qq update
  - sudo apt-get -qq install google-cloud-sdk -y

  # Installing Azure command-line client here as used both in cleaning and cron_job scripts
  - sudo apt-get -qq install apt-transport-https lsb-release software-properties-common -y
  - AZ_REPO=$(lsb_release -cs)
  - echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" | sudo tee /etc/apt/sources.list.d/azure-cli.list
  - >
    sudo apt-key --keyring /etc/apt/trusted.gpg.d/Microsoft.gpg adv \
      --keyserver packages.microsoft.com --recv-keys BC528686B50D79E339D3721CEB3E94ADBE1229CF
  - sudo apt-get update && sudo apt-get install azure-cli

before_script:
  # Check whether this build was triggered by our cron job for security-updates
  # Note: in a yml file there seems to not be possible to have a space
  # before a global variable within an echo string
  - echo "TRAVIS_EVENT_TYPE is:$TRAVIS_EVENT_TYPE"
  - >
    if [ "$TRAVIS_EVENT_TYPE" = 'cron' ]; then
        echo "Travis built triggered via configured cron job"
        source bin/cron_script.sh
    else
        # Get current_version, variable common to all three platforms
        source ./bin/get_current_version.sh
    fi
  - IMAGE_NAME="$IMAGE_NAME""$CURRENT_VERSION" && export IMAGE_NAME
  - echo "Image Name is:$IMAGE_NAME"

  # Common travis ssh directory for all providers
  - mkdir -p ~/.ssh/ && cp keys/id_rsa.pub ~/.ssh/id_rsa.pub

  # Variable needed only for GCE
  - export playbook_dir=./

  # GCE login
  - echo $GCE_KEY > ./bin/account_file.json
  - gcloud auth activate-service-account 12202776487-compute@developer.gserviceaccount.com --key-file=$GCE_ACCOUNT_FILE_PATH
  - gcloud auth login 12202776487-compute@developer.gserviceaccount.com --project phenomenal-1145 -q

script:
  # Necessary in order to extract packer's exit status when piped to tee, above all when failing.
  # Otherwise the exit code will always be true because of tee and the after_success block get executed incorrectly
  - set -o pipefail
  # Finally bulding the image with packer
  - travis_retry /tmp/packer build -force build-"$HOST_CLOUD".json | tee /tmp/pckr_build_log.txt

after_success:
  # Azure and Openstack packer builder do not automatically remove namesake artifacts from previous builds.
  # They allows two image with same names, but different unique IDs, even with packer flag --force
  # Thus after creation of either a new or an updated kubenow image, we will remove previous old ones
  - echo "Running the after_succes block..."
  - >
    if [ "$HOST_CLOUD" = 'azure' ]; then
        bin/clean_az_dupl.sh
    elif [ "$HOST_CLOUD" = 'openstack' ]; then
        bin/clean_os_dupl.sh
    else
        echo "HOST_CLOUD is NOT set to one of the following values:aws, azure, gce, openstack."
    fi

  # The below script for Openstack used to be run as post-processor for the Openstack's builder.
  # In order to avoid running Terraform within Packer, hence getting a cumbersome and tedious log output.
  - >
    if [ "$HOST_CLOUD" = 'openstack' ]; then
        travis_retry bin/os_pp.sh
    elif [ "$HOST_CLOUD" = 'aws' ]; then
        # Script that will copy created AMI from default region into the other used ones
        bin/aws_pp.sh
    fi

notifications:
  email: true
  slack:
    on_success: change # default: always
    on_failure: always # default: always
    secure: >
      UM/gwTYpOG+tT1dBsJei/WVHxt7pf0HH3TAMXsslZJpI4mAP1QsJNtaP81is1xk
      Q0UaVr8qCFrJ1eUfr5Zjkd5ro1wpkX9dz5VSx/HHXoQZLZusGJ80o404XxT6Nuz
      VyFzuAkuB4F8J7F4A/VP2t6F8UBO5e5S7x53rgwCb7IBsDewF40QdjOEtZxJmax
      3u3ZXi4r1azt1nc0nRcTT+ZXYFxdhPpZBKibsNvnqn/VWX270ScUVW22u9X5j89
      DBOHj8Z3P8iPoZ8iJluEawkyyOFVJlIreEvD1NxXWaoVsa9GGeCIKlBRDChTHHn
      hL726DziwtJkQRM4twPoPi7FVJ5rXNSexiCha48dLQGCmS64ld3wyB4Oq+rigFd
      G/ctIvcemPpKo7Yfdojh9+iPaw/3oZEWEpnqzPwQaHSXHjLgbDAvbHP7W103BsN
      Z04Ql6hh/1dC7ZE5gSt03iAjkkDscM8YceLKZqMQWPU6PgpX0tqgOaaXtqwGNWh
      cIJPNDWYX9oxvTx8w3CURfmtdNbicKgXnbTrlhUA7KGZKZ2DC0nL7+LHrspWyjj
      hZL2YD6uHFpHF8BC26mwhwkxHMuDRQ46tPLSmggyi8LHBzkfd2MIMI62JfBrjMO
      r/jaouha76M3Et2KL+QRG9zI8vexbtMO6n9cPpMeLVBlETFVAI25Q=