-
Notifications
You must be signed in to change notification settings - Fork 18
/
.gitlab-ci.yml
128 lines (120 loc) · 3.27 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
include:
# repo: https://cd.splunkdev.com/core-ee/signing/api-integration/-/tree/develop/
- project: core-ee/signing/api-integration
ref: develop
file: /templates/.sign-client.yml
- project: 'ci-cd/templates'
ref: master
file: '/prodsec/.oss-scan.yml'
stages:
- build
- sign
- fossa-scan
- checksum
- checksum-sign
linux-build:
stage: build
parallel:
matrix:
- baseImage: [ alpine, debian ]
variables:
dotnetSdkVersion: 7.0.406
script:
- |
rm .dockerignore
- |
docker build \
--build-arg DOTNETSDK_VERSION=${dotnetSdkVersion} \
--tag dd-trace-dotnet/${baseImage}-builder \
--target releaser \
--file "./tracer/build/_build/docker/${baseImage}.dockerfile" \
.
- |
docker run \
--env NugetPackageDirectory=/project/packages \
--env tracerHome=/shared/bin/monitoring-home/tracer \
--env artifacts=/project/tracer/src/bin/artifacts \
--name release \
dd-trace-dotnet/${baseImage}-builder \
tracer/build.sh Clean BuildTracerHome ZipMonitoringHome
- |
docker cp release:/project/tracer/src/bin/artifacts/linux-x64 dist
artifacts:
paths:
- dist/
# windows-build:
# stage: build
# tags:
# - windows
# script:
# - tracer\build.ps1 Clean BuildTracerHome PackageTracerHome
# artifacts:
# paths:
# - tracer/bin/artifacts/nuget/SignalFx.NET.Tracing.Azure.Site.Extension.*.nupkg
# - tracer/bin/artifacts/*/en-us
sign-deb:
stage: sign
extends: .submit-request
dependencies:
- linux-build
before_script:
- cp -vfp $(ls dist/*.deb) package.deb
after_script:
- mkdir signed
- mv -vf tmp/package.deb "signed/$(basename $(ls dist/*.deb))"
variables:
PROJECT: signalfx-dotnet-tracing
ARTIFACT: package.deb
SIGN_TYPE: DEB
DOWNLOAD_DIR: tmp
REPO_NAME: releng # this env var should be not needed in future
REPO_PATH: signalfx-dotnet-tracing # this env var should be not needed in future
artifacts:
paths:
- signed/
sign-rpm:
stage: sign
extends: .submit-request
dependencies:
- linux-build
before_script:
- cp -vfp $(ls dist/*.rpm) package.rpm
after_script:
- mkdir signed
- mv -vf tmp/package.rpm "signed/$(basename $(ls dist/*.rpm))"
variables:
PROJECT: signalfx-dotnet-tracing
ARTIFACT: package.rpm
SIGN_TYPE: RPM
DOWNLOAD_DIR: tmp
REPO_NAME: releng # this env var should be not needed in future
REPO_PATH: signalfx-dotnet-tracing # this env var should be not needed in future
artifacts:
paths:
- signed/
checksums:
stage: checksum
script:
- cp -vnpr dist/. signed # copy artifacts that are not signed
- pushd signed && shasum -a 256 * > checksums.txt && popd
artifacts:
paths:
- signed/
checksums-sign:
stage: checksum-sign
extends: .submit-request
variables:
PROJECT: signalfx-dotnet-tracing
ARTIFACT: signed/checksums.txt
SIGN_TYPE: GPG
DOWNLOAD_DIR: signed
REPO_NAME: releng # this env var should be not needed in future
REPO_PATH: signalfx-dotnet-tracing # this env var should be not needed in future
artifacts:
paths:
- signed/
oss-scan:
stage: fossa-scan
rules:
- if: '$CI_COMMIT_REF_NAME == "main"'
extends: .oss-scan