Merge pull request #455 from cloud-gov/staging

Deploy 02/16/2024

Dockerfile

@@ -1,5 +1,5 @@
 # syntax = docker/dockerfile:1.2
-FROM ubuntu:20.04
+FROM ubuntu:22.04
 
 # Install general dependencies
 RUN apt-get update \
@@ -10,13 +10,10 @@ RUN apt-get update \
   autoconf automake libgdbm-dev libncurses5-dev \
   libsqlite3-dev libtool libyaml-dev pkg-config libgmp-dev \
   libpq-dev libxi6 libjpeg-dev libpng-dev libtiff-dev libgif-dev \
-  libwebp-dev wget \
+  libwebp-dev wget python3 python3-dev python3-pip\
   # Ruby deps
   gawk bison sqlite3
 
-# Uses python3.8 by default
-RUN apt install -y python3 python3-pip
-
 # Deps for container hardening
 RUN ln -sf "/usr/share/zoneinfo/$SYSTEM_TIMEZONE" /etc/localtime
 COPY docker/ua-attach-config.sh .

ci/pipeline-dev.yml

@@ -12,17 +12,19 @@ env-cf: &env-cf
 python-image: &python-image
   platform: linux
   image_resource:
-    type: docker-image
+    type: registry-image
     source:
-      repository: python
-      tag: 3.8
+      aws_access_key_id: ((ecr-aws-key))
+      aws_secret_access_key: ((ecr-aws-secret))
+      repository: pages-python-v3.11
+      aws_region: us-gov-west-1
+      tag: latest
 
 cf-image: &cf-image
   platform: linux
   image_resource:
     type: registry-image
     source:
-      repository: 18fgsa/concourse-task
       aws_access_key_id: ((ecr-aws-key))
       aws_secret_access_key: ((ecr-aws-secret))
       repository: harden-concourse-task
@@ -38,8 +40,6 @@ test: &test
       run:
         dir: src
         path: ci/tasks/test.sh
-    params:
-      CC_TEST_REPORTER_ID: 449ef357d9e81688685bde0dcdd348bc764d717fa6a4c9c01562bd8037ceb665
 
 ############################
 #  JOBS
@@ -64,10 +64,35 @@ jobs:
         resource: pr-((git-branch))
         trigger: true
         passed: [set-pipeline]
+
+      - put: src
+        resource: pr-((git-branch))
+        params:
+          path: src
+          status: pending
+          base_context: concourse
+          context: test-pages-build-container-((deploy-env))
+
       - do: *test
 
+    on_success:
+      put: src
+      resource: pr-((git-branch))
+      params:
+        path: src
+        status: success
+        base_context: concourse
+        context: test-pages-build-container-((deploy-env))
+
     on_failure:
       in_parallel:
+        - put: src
+          resource: pr-((git-branch))
+          params:
+            path: src
+            status: failure
+            base_context: concourse
+            context: test-pages-build-container-((deploy-env))
         - put: slack
           params:
             text: |
@@ -123,15 +148,14 @@ jobs:
           CF_DOCKER_PASSWORD: ((ecr-aws-secret))
 
     on_failure:
-      in_parallel:
-        - put: slack
-          params:
-            text: |
-              :x: FAILED: pages build container deployment on ((deploy-env))
-              <$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|View build details>
-            channel: ((slack-channel))
-            username: ((slack-username))
-            icon_url: ((slack-icon-url))
+      put: slack
+      params:
+        text: |
+          :x: FAILED: pages build container deployment on ((deploy-env))
+          <$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|View build details>
+        channel: ((slack-channel))
+        username: ((slack-username))
+        icon_url: ((slack-icon-url))
 
   - name: nightly-((deploy-env))
     plan:
@@ -168,23 +192,6 @@ jobs:
         username: ((slack-username))
         icon_url: ((slack-icon-url))
 
-  - name: report-success-((deploy-env))
-    plan:
-      - get: src
-        resource: pr-((git-branch))
-        trigger: true
-        passed: [deploy-((deploy-env))]
-    on_success:
-      in_parallel:
-        - put: slack
-          params:
-            text: |
-              :white_check_mark: SUCCESS: Successfully deployed pages build containers on ((deploy-env))
-              <$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|View build details>
-            channel: ((slack-channel))
-            username: ((slack-username))
-            icon_url: ((slack-icon-url))
-
 ############################
 #  RESOURCES
 
@@ -227,11 +234,28 @@ resources:
 resource_types:
 
   - name: slack-notification
-    type: docker-image
+    type: registry-image
     source:
-      repository: cfcommunity/slack-notification-resource
+      aws_access_key_id: ((ecr_aws_key))
+      aws_secret_access_key: ((ecr_aws_secret))
+      repository: slack-notification-resource
+      aws_region: us-gov-west-1
+      tag: latest
 
   - name: pull-request
-    type: docker-image
+    type: registry-image
+    source:
+      aws_access_key_id: ((ecr_aws_key))
+      aws_secret_access_key: ((ecr_aws_secret))
+      repository: github-pr-resource
+      aws_region: us-gov-west-1
+      tag: latest
+
+  - name: time
+    type: registry-image
     source:
-      repository: teliaoss/github-pr-resource
+      aws_access_key_id: ((ecr_aws_key))
+      aws_secret_access_key: ((ecr_aws_secret))
+      repository: time-resource
+      aws_region: us-gov-west-1
+      tag: latest

ci/pipeline.yml

@@ -12,17 +12,19 @@ env-cf: &env-cf
 python-image: &python-image
   platform: linux
   image_resource:
-    type: docker-image
+    type: registry-image
     source:
-      repository: python
-      tag: 3.8
+      aws_access_key_id: ((ecr-aws-key))
+      aws_secret_access_key: ((ecr-aws-secret))
+      repository: pages-python-v3.11
+      aws_region: us-gov-west-1
+      tag: latest
 
 cf-image: &cf-image
   platform: linux
   image_resource:
     type: registry-image
     source:
-      repository: 18fgsa/concourse-task
       aws_access_key_id: ((ecr-aws-key))
       aws_secret_access_key: ((ecr-aws-secret))
       repository: harden-concourse-task
@@ -38,8 +40,6 @@ test: &test
       run:
         dir: src
         path: ci/tasks/test.sh
-    params:
-      CC_TEST_REPORTER_ID: 449ef357d9e81688685bde0dcdd348bc764d717fa6a4c9c01562bd8037ceb665
 
 ############################
 #  JOBS
@@ -100,29 +100,17 @@ jobs:
         resource: src-((deploy-env))
         trigger: true
         params: {depth: 1}
-      - put: gh-status
-        inputs: [src]
-        params: {state: pending}
       - do: *test
 
-    on_success:
-      put: gh-status
-      inputs: [src]
-      params: {state: success}
-
     on_failure:
-      in_parallel:
-        - put: gh-status
-          inputs: [src]
-          params: {state: failure}
-        - put: slack
-          params:
-            text: |
-              :x: FAILED: pages build container tests on ((deploy-env))
-              <$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|View build details>
-            channel: ((slack-channel))
-            username: ((slack-username))
-            icon_url: ((slack-icon-url))
+      put: slack
+      params:
+        text: |
+          :x: FAILED: pages build container tests on ((deploy-env))
+          <$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|View build details>
+        channel: ((slack-channel))
+        username: ((slack-username))
+        icon_url: ((slack-icon-url))
 
   - name: deploy-((deploy-env))
     plan:
@@ -170,19 +158,25 @@ jobs:
           CF_DOCKER_USERNAME: ((ecr-aws-key))
           CF_DOCKER_PASSWORD: ((ecr-aws-secret))
 
+    on_success:
+      put: slack
+      params:
+        text: |
+          :white_check_mark: SUCCESS: Successfully deployed pages build containers on ((deploy-env))
+          <$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|View build details>
+        channel: ((slack-channel))
+        username: ((slack-username))
+        icon_url: ((slack-icon-url))
+
     on_failure:
-      in_parallel:
-        - put: gh-status
-          inputs: [src]
-          params: {state: failure}
-        - put: slack
-          params:
-            text: |
-              :x: FAILED: pages build container deployment on ((deploy-env))
-              <$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|View build details>
-            channel: ((slack-channel))
-            username: ((slack-username))
-            icon_url: ((slack-icon-url))
+      put: slack
+      params:
+        text: |
+          :x: FAILED: pages build container deployment on ((deploy-env))
+          <$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|View build details>
+        channel: ((slack-channel))
+        username: ((slack-username))
+        icon_url: ((slack-icon-url))
 
   - name: nightly-((deploy-env))
     plan:
@@ -221,27 +215,6 @@ jobs:
         username: ((slack-username))
         icon_url: ((slack-icon-url))
 
-  - name: report-success-((deploy-env))
-    plan:
-      - get: src
-        resource: src-((deploy-env))
-        trigger: true
-        params: {depth: 1}
-        passed: [deploy-((deploy-env))]
-    on_success:
-      in_parallel:
-        - put: gh-status
-          inputs: [src]
-          params: {state: success}
-        - put: slack
-          params:
-            text: |
-              :white_check_mark: SUCCESS: Successfully deployed pages build containers on ((deploy-env))
-              <$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|View build details>
-            channel: ((slack-channel))
-            username: ((slack-username))
-            icon_url: ((slack-icon-url))
-
 ############################
 #  RESOURCES
 
@@ -277,15 +250,6 @@ resources:
     source:
       url: ((slack-webhook-url))
 
-  - name: gh-status
-    type: cogito
-    check_every: 1h
-    source:
-      owner: cloud-gov
-      repo: pages-build-container
-      access_token: ((gh-access-token))
-      context_prefix: concourse
-
   - name: image-repository-((deploy-env))
     type: registry-image
     source:
@@ -300,18 +264,38 @@ resources:
 
 resource_types:
 
-  - name: cogito
-    type: docker-image
-    check_every: 24h
+  - name: git
+    type: registry-image
     source:
-      repository: pix4d/cogito
+      aws_access_key_id: ((ecr_aws_key))
+      aws_secret_access_key: ((ecr_aws_secret))
+      repository: git-resource
+      aws_region: us-gov-west-1
+      tag: latest
 
   - name: slack-notification
-    type: docker-image
+    type: registry-image
     source:
-      repository: cfcommunity/slack-notification-resource
+      aws_access_key_id: ((ecr_aws_key))
+      aws_secret_access_key: ((ecr_aws_secret))
+      repository: slack-notification-resource
+      aws_region: us-gov-west-1
+      tag: latest
 
   - name: pull-request
-    type: docker-image
+    type: registry-image
+    source:
+      aws_access_key_id: ((ecr_aws_key))
+      aws_secret_access_key: ((ecr_aws_secret))
+      repository: github-pr-resource
+      aws_region: us-gov-west-1
+      tag: latest
+
+  - name: time
+    type: registry-image
     source:
-      repository: teliaoss/github-pr-resource
+      aws_access_key_id: ((ecr_aws_key))
+      aws_secret_access_key: ((ecr_aws_secret))
+      repository: time-resource
+      aws_region: us-gov-west-1
+      tag: latest

ci/tasks/test.sh

@@ -9,13 +9,6 @@ pip install -r requirements-dev.txt
 flake8
 bandit -r src
 
-curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
-chmod +x ./cc-test-reporter
-./cc-test-reporter before-build
-
 pytest --cov-report xml:./coverage/coverage.xml --cov-report html:./coverage --cov-report term --cov=src; status=$?
 
-./cc-test-reporter format-coverage -t coverage.py ./coverage/coverage.xml
-./cc-test-reporter upload-coverage || true
-
-exit $status
+exit $status