-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy path.onedev-buildspec.yml
94 lines (94 loc) · 2.48 KB
/
.onedev-buildspec.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
version: 31
imports:
- projectPath: onedev
revision: main
accessTokenSecret: onedev-token
jobs:
- name: Release
steps:
- !CheckoutStep
name: checkout
cloneCredential: !DefaultCredential {}
withLfs: false
withSubmodules: true
condition: ALL_PREVIOUS_STEPS_WERE_SUCCESSFUL
- !UseTemplateStep
name: set up cache
templateName: set up cache
condition: ALL_PREVIOUS_STEPS_WERE_SUCCESSFUL
- !UseTemplateStep
name: set build version
templateName: set build version
condition: ALL_PREVIOUS_STEPS_WERE_SUCCESSFUL
- !CommandStep
name: build & deploy
runInContainer: true
image: '@property:buildEnvironment@'
interpreter: !DefaultInterpreter
commands: |
mvn deploy -Dmaven.deploy.username=@job_token@ -Dmaven.deploy.password=@secrets:maven-deploy-password@
useTTY: false
condition: ALL_PREVIOUS_STEPS_WERE_SUCCESSFUL
- !CreateTagStep
name: create tag
tagName: v@build_version@
accessTokenSecret: onedev-token
condition: ALL_PREVIOUS_STEPS_WERE_SUCCESSFUL
triggers:
- !BranchUpdateTrigger
branches: main
jobDependencies:
- jobName: Scan Vulnerabilities
requireSuccessful: true
retryCondition: never
maxRetries: 3
retryDelay: 30
timeout: 3600
- name: Scan Vulnerabilities
steps:
- !CheckoutStep
name: checkout
cloneCredential: !DefaultCredential {}
withLfs: false
withSubmodules: false
cloneDepth: 1
condition: ALL_PREVIOUS_STEPS_WERE_SUCCESSFUL
- !ScanDepVulnersStep
name: scan
recursive: true
reportName: Dependency Vulnerabilities
failThreshold: HIGH
condition: ALL_PREVIOUS_STEPS_WERE_SUCCESSFUL
triggers:
- !ScheduleTrigger
cronExpression: 0 0 1 * * ?
retryCondition: never
maxRetries: 3
retryDelay: 30
timeout: 3600
- name: Sync with GitHub
steps:
- !CheckoutStep
name: checkout
cloneCredential: !DefaultCredential {}
withLfs: false
withSubmodules: true
condition: ALL_PREVIOUS_STEPS_WERE_SUCCESSFUL
- !CommandStep
name: sync
runInContainer: true
image: alpine/git:1.0.7
interpreter: !DefaultInterpreter
commands: |
git config --global --unset http.extraHeader
git push -f https://robinshine:@secrets:github-token@@@github.com/theonedev/agent HEAD:main
useTTY: false
condition: ALL_PREVIOUS_STEPS_WERE_SUCCESSFUL
triggers:
- !BranchUpdateTrigger
branches: main
projects: onedev/agent
retryCondition: never
maxRetries: 3
retryDelay: 30
timeout: 3600