blsmith/dc-deployments-automation
1
0
Fork 0
mirror of https://bitbucket.org/atlassian/dc-deployments-automation.git synced 2025-12-14 08:53:07 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merged in snyk-for-ansible-repo (pull request #136)

Browse Source 
Snyk scanning for Ansible repo

Approved-by: Adam Brokes
This commit is contained in:
Steve Smith
2021-04-15 01:02:35 +00:00
parent fd0dae49da 956f78b4ef
commit 74d7c152fb
6 changed files with 371 additions and 341 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
.snyk Normal file
View File

@@ -0,0 +1,13 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.14.1
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
'snyk:lic:pip:ansible:GPL-3.0':
- '*':
reason: 'Not a shipped or linked dependency, only retrieved at run-time.'
expires: 2022-03-01T00:00:00.000Z
'snyk:lic:pip:ansible-base:GPL-3.0':
- '*':
reason: 'Not a shipped or linked dependency, only retrieved at run-time.'
expires: 2022-03-01T00:00:00.000Z
patch: {}

68
Pipfile.lock generated
View File

@@ -1,7 +1,7 @@
{ {
"_meta": { "_meta": {
"hash": { "hash": {
"sha256": "da42952f61acb670cc8542ac3a7cf870522cd2d38a8b5493b8872f0542969e52" "sha256": "4cc5161ca039ac884905a5453c2aee0c4686c0ece78f1edffd4d8ebad812bcce"
}, },
"pipfile-spec": 6, "pipfile-spec": 6,
"requires": { "requires": {
@@ -18,10 +18,10 @@
"default": { "default": {
"ansible": { "ansible": {
"hashes": [ "hashes": [
"sha256:9775229aae31336a624ca5afe5533fea5e49ef4daa96a96791dd9871b2d8b8d1" "sha256:9ff024500116d53c460cb09ea92e3c9404119f100d1d1ff0de69a9dafca561d5"
], ],
"index": "pypi", "index": "pypi",
"version": "==2.10.5" "version": "==2.10.7"
}, },
"ansible-base": { "ansible-base": {
"hashes": [ "hashes": [
@@ -32,19 +32,19 @@
}, },
"boto3": { "boto3": {
"hashes": [ "hashes": [
"sha256:3f26aad4c6b238055d17fd662620284ffb4ced542ed9a2f7f9df65d97a3f1190", "sha256:a482135c30fa07eaf4370314dd0fb49117222a266d0423b2075aed3835ed1f04",
"sha256:47151ed571c316458f4931cd2422995ba0c9f6818c5df7d75f49fc845208e42e" "sha256:d5ef160442925f5944e4cde88589f0f195f6c284f05613114fc6bbc35e342fa7"
], ],
"index": "pypi", "index": "pypi",
"version": "==1.16.56" "version": "==1.17.49"
}, },
"botocore": { "botocore": {
"hashes": [ "hashes": [
"sha256:c756d65ffa989c5c0e92178175e41abf7b18ad19b2fe2e82e192f085e264e03a", "sha256:6a672ba41dd00e5c1c1824ca8143d180d88de8736d78c0b1f96b8d3cb0466561",
"sha256:cf7d108a4d67a0fe670379111927b5d9e0ff1160146c81c326bb9e54c2b8cb19" "sha256:f7f103fa0651c69dd360c7d0ecd874854303de5cc0869e0cbc2818a52baacc69"
], ],
"index": "pypi", "index": "pypi",
"version": "==1.19.57" "version": "==1.20.49"
}, },
"cffi": { "cffi": {
"hashes": [ "hashes": [
@@ -119,7 +119,7 @@
"sha256:b85d0567b8666149a93172712e68920734333c0ce7e89b78b3e987f71e5ed4f9", "sha256:b85d0567b8666149a93172712e68920734333c0ce7e89b78b3e987f71e5ed4f9",
"sha256:cdf6525904cc597730141d61b36f2e4b8ecc257c420fa2f4549bac2c2d0cb72f" "sha256:cdf6525904cc597730141d61b36f2e4b8ecc257c420fa2f4549bac2c2d0cb72f"
], ],
"markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'", "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'",
"version": "==0.10.0" "version": "==0.10.0"
}, },
"markupsafe": { "markupsafe": {
@@ -201,7 +201,7 @@
"sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1", "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1",
"sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b" "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b"
], ],
"markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'", "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'",
"version": "==2.4.7" "version": "==2.4.7"
}, },
"python-dateutil": { "python-dateutil": {
@@ -209,7 +209,7 @@
"sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c", "sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c",
"sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a" "sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a"
], ],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2'", "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
"version": "==2.8.1" "version": "==2.8.1"
}, },
"pyyaml": { "pyyaml": {
@@ -249,17 +249,17 @@
}, },
"s3transfer": { "s3transfer": {
"hashes": [ "hashes": [
"sha256:5d48b1fd2232141a9d5fb279709117aaba506cacea7f86f11bc392f06bfa8fc2", "sha256:35627b86af8ff97e7ac27975fe0a98a312814b46c6333d8a6b889627bcd80994",
"sha256:c5dadf598762899d8cfaecf68eba649cd25b0ce93b6c954b156aaa3eed160547" "sha256:efa5bd92a897b6a8d5c1383828dca3d52d0790e0756d49740563a3fb6ed03246"
], ],
"version": "==0.3.6" "version": "==0.3.7"
}, },
"six": { "six": {
"hashes": [ "hashes": [
"sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259", "sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259",
"sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced" "sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced"
], ],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2'", "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
"version": "==1.15.0" "version": "==1.15.0"
}, },
"urllib3": { "urllib3": {
@@ -267,7 +267,7 @@
"sha256:2f4da4594db7e1e110a944bb1b551fdf4e6c136ad42e4234131391e21eb5b0df", "sha256:2f4da4594db7e1e110a944bb1b551fdf4e6c136ad42e4234131391e21eb5b0df",
"sha256:e7b021f7241115872f92f43c6508082facffbd1c048e3c6e2bb9c2a157e28937" "sha256:e7b021f7241115872f92f43c6508082facffbd1c048e3c6e2bb9c2a157e28937"
], ],
"markers": "python_version != '3.4'", "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4'",
"version": "==1.26.4" "version": "==1.26.4"
} }
}, },
@@ -325,19 +325,19 @@
}, },
"boto3": { "boto3": {
"hashes": [ "hashes": [
"sha256:3f26aad4c6b238055d17fd662620284ffb4ced542ed9a2f7f9df65d97a3f1190", "sha256:a482135c30fa07eaf4370314dd0fb49117222a266d0423b2075aed3835ed1f04",
"sha256:47151ed571c316458f4931cd2422995ba0c9f6818c5df7d75f49fc845208e42e" "sha256:d5ef160442925f5944e4cde88589f0f195f6c284f05613114fc6bbc35e342fa7"
], ],
"index": "pypi", "index": "pypi",
"version": "==1.16.56" "version": "==1.17.49"
}, },
"botocore": { "botocore": {
"hashes": [ "hashes": [
"sha256:c756d65ffa989c5c0e92178175e41abf7b18ad19b2fe2e82e192f085e264e03a", "sha256:6a672ba41dd00e5c1c1824ca8143d180d88de8736d78c0b1f96b8d3cb0466561",
"sha256:cf7d108a4d67a0fe670379111927b5d9e0ff1160146c81c326bb9e54c2b8cb19" "sha256:f7f103fa0651c69dd360c7d0ecd874854303de5cc0869e0cbc2818a52baacc69"
], ],
"index": "pypi", "index": "pypi",
"version": "==1.19.57" "version": "==1.20.49"
}, },
"cerberus": { "cerberus": {
"hashes": [ "hashes": [
@@ -551,7 +551,7 @@
"sha256:2ec0faae539743ae6aaa84b49a169670a465f7f5d64e6add98388cc29fd1f2f6", "sha256:2ec0faae539743ae6aaa84b49a169670a465f7f5d64e6add98388cc29fd1f2f6",
"sha256:c9356b657de65c53744046fa8f7358afe0714a1af7d570c00c3835c2d724a7c1" "sha256:c9356b657de65c53744046fa8f7358afe0714a1af7d570c00c3835c2d724a7c1"
], ],
"markers": "python_version < '3.8' and python_version < '3.8'", "markers": "python_version < '3.8'",
"version": "==3.10.1" "version": "==3.10.1"
}, },
"iniconfig": { "iniconfig": {
@@ -581,7 +581,7 @@
"sha256:b85d0567b8666149a93172712e68920734333c0ce7e89b78b3e987f71e5ed4f9", "sha256:b85d0567b8666149a93172712e68920734333c0ce7e89b78b3e987f71e5ed4f9",
"sha256:cdf6525904cc597730141d61b36f2e4b8ecc257c420fa2f4549bac2c2d0cb72f" "sha256:cdf6525904cc597730141d61b36f2e4b8ecc257c420fa2f4549bac2c2d0cb72f"
], ],
"markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'", "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'",
"version": "==0.10.0" "version": "==0.10.0"
}, },
"jsonpatch": { "jsonpatch": {
@@ -801,7 +801,7 @@
"sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1", "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1",
"sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b" "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b"
], ],
"markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'", "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'",
"version": "==2.4.7" "version": "==2.4.7"
}, },
"pyrsistent": { "pyrsistent": {
@@ -832,7 +832,7 @@
"sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c", "sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c",
"sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a" "sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a"
], ],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2'", "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
"version": "==2.8.1" "version": "==2.8.1"
}, },
"python-slugify": { "python-slugify": {
@@ -900,10 +900,10 @@
}, },
"s3transfer": { "s3transfer": {
"hashes": [ "hashes": [
"sha256:5d48b1fd2232141a9d5fb279709117aaba506cacea7f86f11bc392f06bfa8fc2", "sha256:35627b86af8ff97e7ac27975fe0a98a312814b46c6333d8a6b889627bcd80994",
"sha256:c5dadf598762899d8cfaecf68eba649cd25b0ce93b6c954b156aaa3eed160547" "sha256:efa5bd92a897b6a8d5c1383828dca3d52d0790e0756d49740563a3fb6ed03246"
], ],
"version": "==0.3.6" "version": "==0.3.7"
}, },
"selinux": { "selinux": {
"hashes": [ "hashes": [
@@ -926,7 +926,7 @@
"sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259", "sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259",
"sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced" "sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced"
], ],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2'", "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
"version": "==1.15.0" "version": "==1.15.0"
}, },
"subprocess-tee": { "subprocess-tee": {
@@ -971,7 +971,7 @@
"sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b", "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b",
"sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f" "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"
], ],
"markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'", "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'",
"version": "==0.10.2" "version": "==0.10.2"
}, },
"typing-extensions": { "typing-extensions": {
@@ -980,7 +980,7 @@
"sha256:99d4073b617d30288f569d3f13d2bd7548c3a7e4c8de87db09a9d29bb3a4a60c", "sha256:99d4073b617d30288f569d3f13d2bd7548c3a7e4c8de87db09a9d29bb3a4a60c",
"sha256:dafc7639cde7f1b6e1acc0f457842a83e722ccca8eef5270af2d74792619a89f" "sha256:dafc7639cde7f1b6e1acc0f457842a83e722ccca8eef5270af2d74792619a89f"
], ],
"markers": "python_version < '3.8' and python_version < '3.8'", "markers": "python_version < '3.8'",
"version": "==3.7.4.3" "version": "==3.7.4.3"
}, },
"urllib3": { "urllib3": {
@@ -988,7 +988,7 @@
"sha256:2f4da4594db7e1e110a944bb1b551fdf4e6c136ad42e4234131391e21eb5b0df", "sha256:2f4da4594db7e1e110a944bb1b551fdf4e6c136ad42e4234131391e21eb5b0df",
"sha256:e7b021f7241115872f92f43c6508082facffbd1c048e3c6e2bb9c2a157e28937" "sha256:e7b021f7241115872f92f43c6508082facffbd1c048e3c6e2bb9c2a157e28937"
], ],
"markers": "python_version != '3.4'", "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4'",
"version": "==1.26.4" "version": "==1.26.4"
}, },
"websocket-client": { "websocket-client": {

560
bitbucket-pipelines.yml
View File

@@ -34,13 +34,29 @@ pipelines:
- parallel: - parallel:
- step: - step:
name: bitbucket_config/iam_elasticsearch name: aws_common/cw-disabled
services: services:
- docker - docker
script: script:
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/bitbucket_config - cd roles/aws_common
- pipenv run molecule test -s iam_elasticsearch - pipenv run molecule test -s cw-disabled
- step:
name: aws_common/default
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/aws_common
- pipenv run molecule test -s default
- step:
name: aws_common/logs-disabled
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/aws_common
- pipenv run molecule test -s logs-disabled
- step: - step:
name: bitbucket_config/default name: bitbucket_config/default
services: services:
@@ -49,6 +65,262 @@ pipelines:
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/bitbucket_config - cd roles/bitbucket_config
- pipenv run molecule test -s default - pipenv run molecule test -s default
- step:
name: bitbucket_config/iam_elasticsearch
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/bitbucket_config
- pipenv run molecule test -s iam_elasticsearch
- step:
name: confluence_config/aurora
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/confluence_config
- pipenv run molecule test -s aurora
- step:
name: confluence_config/default
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/confluence_config
- pipenv run molecule test -s default
- step:
name: confluence_config/password_char_escaping
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/confluence_config
- pipenv run molecule test -s password_char_escaping
- step:
name: confluence_config/system_jdk
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/confluence_config
- pipenv run molecule test -s system_jdk
- step:
name: diy_backup/default
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/diy_backup
- pipenv run molecule test -s default
- step:
name: jira_config/aurora
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/jira_config
- pipenv run molecule test -s aurora
- step:
name: jira_config/default
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/jira_config
- pipenv run molecule test -s default
- step:
name: jira_config/jira_config_props
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/jira_config
- pipenv run molecule test -s jira_config_props
- step:
name: jira_config/password_char_escaping
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/jira_config
- pipenv run molecule test -s password_char_escaping
- step:
name: linux_common/default
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/linux_common
- pipenv run molecule test -s default
- step:
name: product_common/default
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_common
- pipenv run molecule test -s default
- step:
name: product_common/system_jdk
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_common
- pipenv run molecule test -s system_jdk
- step:
name: product_install/bitbucket_latest
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s bitbucket_latest
- step:
name: product_install/confluence_latest
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s confluence_latest
- step:
name: product_install/crowd_latest
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s crowd_latest
- step:
name: product_install/default
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s default
- step:
name: product_install/jira_all
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s jira_all
- step:
name: product_install/jira_cached_with_downgrade
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s jira_cached_with_downgrade
- step:
name: product_install/jira_cached_with_upgrade
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s jira_cached_with_upgrade
- step:
name: product_install/jira_software_latest
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s jira_software_latest
- step:
name: product_install/jira_tarball
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s jira_tarball
- step:
name: product_install/jira_version_from_file
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s jira_version_from_file
- step:
name: product_install/jira_version_latest
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s jira_version_latest
- step:
name: product_install/jira_version_override
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s jira_version_override
- step:
name: product_install/servicedesk3
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s servicedesk3
- step:
name: product_install/servicedesk4
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s servicedesk4
- step:
name: product_install/servicedesk_latest
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s servicedesk_latest
- step:
name: product_startup/bitbucket
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_startup
- pipenv run molecule test -s bitbucket
- step:
name: product_startup/default
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_startup
- pipenv run molecule test -s default
- step:
name: product_startup/startup_restart_false
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_startup
- pipenv run molecule test -s startup_restart_false
- step:
name: product_startup/synchrony
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_startup
- pipenv run molecule test -s synchrony
- step: - step:
name: restore_backups/default name: restore_backups/default
services: services:
@@ -73,276 +345,14 @@ pipelines:
- ./bin/install-ansible --dev - ./bin/install-ansible --dev
- cd roles/restore_backups - cd roles/restore_backups
- pipenv run molecule test -s restore_jira_clustered - pipenv run molecule test -s restore_jira_clustered
- step:
name: diy_backup/default
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/diy_backup
- pipenv run molecule test -s default
- step:
name: product_startup/synchrony
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_startup
- pipenv run molecule test -s synchrony
- step:
name: product_startup/default
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_startup
- pipenv run molecule test -s default
- step:
name: product_startup/bitbucket
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_startup
- pipenv run molecule test -s bitbucket
- step:
name: product_startup/startup_restart_false
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_startup
- pipenv run molecule test -s startup_restart_false
- step:
name: product_common/default
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_common
- pipenv run molecule test -s default
- step:
name: product_common/system_jdk
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_common
- pipenv run molecule test -s system_jdk
- step:
name: confluence_config/default
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/confluence_config
- pipenv run molecule test -s default
- step:
name: confluence_config/aurora
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/confluence_config
- pipenv run molecule test -s aurora
- step:
name: confluence_config/system_jdk
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/confluence_config
- pipenv run molecule test -s system_jdk
- step:
name: confluence_config/password_char_escaping
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/confluence_config
- pipenv run molecule test -s password_char_escaping
- step:
name: jira_config/default
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/jira_config
- pipenv run molecule test -s default
- step:
name: jira_config/aurora
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/jira_config
- pipenv run molecule test -s aurora
- step:
name: jira_config/jira_config_props
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/jira_config
- pipenv run molecule test -s jira_config_props
- step:
name: jira_config/password_char_escaping
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/jira_config
- pipenv run molecule test -s password_char_escaping
- step:
name: product_install/jira_version_from_file
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s jira_version_from_file
- step:
name: product_install/jira_cached_with_upgrade
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s jira_cached_with_upgrade
- step:
name: product_install/servicedesk4
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s servicedesk4
- step:
name: product_install/servicedesk3
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s servicedesk3
- step:
name: product_install/jira_software_latest
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s jira_software_latest
- step:
name: product_install/default
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s default
- step:
name: product_install/bitbucket_latest
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s bitbucket_latest
- step:
name: product_install/jira_version_override
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s jira_version_override
- step:
name: product_install/crowd_latest
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s crowd_latest
- step:
name: product_install/servicedesk_latest
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s servicedesk_latest
- step:
name: product_install/jira_version_latest
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s jira_version_latest
- step:
name: product_install/confluence_latest
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s confluence_latest
- step:
name: product_install/jira_cached_with_downgrade
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s jira_cached_with_downgrade
- step:
name: product_install/jira_tarball
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s jira_tarball
- step:
name: product_install/jira_all
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/product_install
- pipenv run molecule test -s jira_all
- step:
name: aws_common/logs-disabled
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/aws_common
- pipenv run molecule test -s logs-disabled
- step:
name: aws_common/cw-disabled
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/aws_common
- pipenv run molecule test -s cw-disabled
- step:
name: aws_common/default
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/aws_common
- pipenv run molecule test -s default
- step:
name: linux_common/default
services:
- docker
script:
- ./bin/install-ansible --dev
- cd roles/linux_common
- pipenv run molecule test -s default
- step:
name: Run Snyk security scan
services:
- docker
script:
- ./bin/install-ansible --dev
- apt-get update && apt-get install -y npm
- npm install -g snyk
- snyk auth $SNYK_TOKEN
- pipenv run snyk monitor --severity-threshold=high --project-name=dc-deployments-automation

18
pipeline_generator/pipeline.py
View File

@@ -1,4 +1,4 @@
from jinja2 import Template import jinja2 as j2
from pathlib import Path from pathlib import Path
import os import os
@@ -8,20 +8,22 @@ ROLES_DIR = 'roles/'
def find_all_scenarios(): def find_all_scenarios():
scenario_dirs = [] scenario_dirs = []
for root, dirs, files in os.walk(Path(os.path.join(os.path.dirname(__file__), "..", ROLES_DIR))): for root, dirs, files in os.walk('..'):
[scenario_dirs.append(Path(root)) for f in files if f.endswith("molecule.yml")] [scenario_dirs.append(Path(root)) for f in files if f.endswith("molecule.yml")]
return scenario_dirs return sorted(scenario_dirs)
def load_template(): def load_template():
path = Path(os.path.join(os.path.dirname(__file__), PIPELINE_TEMPLATE_J2_FILE)) jenv = j2.Environment(
return Template(path.read_text()) loader=j2.FileSystemLoader('.'),
lstrip_blocks=True,
trim_blocks=True)
return jenv.get_template(PIPELINE_TEMPLATE_J2_FILE)
def main(): def main():
template = load_template()
scenario_paths = find_all_scenarios() scenario_paths = find_all_scenarios()
template = load_template()
generated_output = template.render(scenario_paths=scenario_paths) generated_output = template.render(scenario_paths=scenario_paths)
print(generated_output) print(generated_output)

13
pipeline_generator/templates/bitbucket-pipelines.yml.j2
View File

@@ -33,7 +33,7 @@ pipelines:
fi fi
- parallel: - parallel:
{% for spath in scenario_paths -%} {% for spath in scenario_paths %}
- step: - step:
name: {{ spath.parts[2] }}/{{ spath.parts[4] }} name: {{ spath.parts[2] }}/{{ spath.parts[4] }}
services: services:
@@ -43,3 +43,14 @@ pipelines:
- cd roles/{{ spath.parts[2] }} - cd roles/{{ spath.parts[2] }}
- pipenv run molecule test -s {{ spath.parts[4] }} - pipenv run molecule test -s {{ spath.parts[4] }}
{% endfor %} {% endfor %}
- step:
name: Run Snyk security scan
services:
- docker
script:
- ./bin/install-ansible --dev
- apt-get update && apt-get install -y npm
- npm install -g snyk
- snyk auth $SNYK_TOKEN
- pipenv run snyk monitor --severity-threshold=high --project-name=dc-deployments-automation

6
renovate.json
View File

@@ -1,6 +0,0 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:base"
]
}