"Fossies" - the Fresh Open Source Software Archive

Member "cli-1.1280.1/.circleci/config.yml" (20 Feb 2024, 37011 Bytes) of package /linux/misc/snyk-cli-1.1280.1.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Generic YAML source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "config.yml": 1.1280.0_vs_1.1280.1.

    1 version: 2.1
    2 
    3 parameters:
    4   cli_download_base_url:
    5     type: string
    6     default: 'https://static.snyk.io/'
    7   fips_cli_download_base_url:
    8     type: string
    9     default: 'https://static.snyk.io/fips/'
   10   go_download_base_url:
   11     type: string
   12     default: 'https://storage.googleapis.com/golang/'
   13   fips_go_download_base_url:
   14     type: string
   15     default: 'https://aka.ms/golang/release/latest/'
   16   go_version:
   17     type: string
   18     # https://go.dev/doc/devel/release
   19     default: '1.20.6'
   20   aws_version:
   21     type: string
   22     # https://github.com/aws/aws-cli/blob/v2/CHANGELOG.rst
   23     default: '2.4.12'
   24   gh_version:
   25     type: string
   26     # https://github.com/cli/cli/releases
   27     default: '2.7.0'
   28 
   29 orbs:
   30   prodsec: snyk/prodsec-orb@1
   31   snyk: snyk/snyk@2.0.3
   32   aws-cli: circleci/aws-cli@2.0.3
   33   gh: circleci/github-cli@2.1.0
   34 
   35 executors:
   36   alpine:
   37     docker:
   38       - image: alpine:3.17
   39   docker-amd64:
   40     docker:
   41       - image: bastiandoetsch209/cli-build:20240214-145818
   42     working_directory: /mnt/ramdisk/snyk
   43     resource_class: large
   44   docker-arm64:
   45     docker:
   46       - image: bastiandoetsch209/cli-build-arm64:20240214-145818
   47     working_directory: /mnt/ramdisk/snyk
   48     resource_class: arm.large
   49   linux-ubuntu-mantic-amd64:
   50     docker:
   51       - image: ubuntu:mantic
   52     working_directory: /mnt/ramdisk/snyk
   53     resource_class: medium
   54   linux-ubuntu-jammy-amd64:
   55     docker:
   56       - image: ubuntu:jammy
   57     working_directory: /mnt/ramdisk/snyk
   58     resource_class: medium
   59   linux-ubuntu-focal-amd64:
   60     docker:
   61       - image: ubuntu:focal
   62     working_directory: /mnt/ramdisk/snyk
   63     resource_class: medium
   64   linux-ubuntu-latest-amd64:
   65     docker:
   66       - image: ubuntu:latest
   67     working_directory: /mnt/ramdisk/snyk
   68     resource_class: medium
   69   linux-ubuntu-latest-arm64:
   70     docker:
   71       - image: ubuntu:latest
   72     working_directory: /mnt/ramdisk/snyk
   73     resource_class: arm.medium
   74   linux-ubuntu-mantic-arm64:
   75     docker:
   76       - image: ubuntu:mantic
   77     working_directory: /mnt/ramdisk/snyk
   78     resource_class: arm.medium
   79   linux-ubuntu-jammy-arm64:
   80     docker:
   81       - image: ubuntu:jammy
   82     working_directory: /mnt/ramdisk/snyk
   83     resource_class: arm.medium
   84   linux-ubuntu-focal-arm64:
   85     docker:
   86       - image: ubuntu:focal
   87     working_directory: /mnt/ramdisk/snyk
   88     resource_class: arm.medium
   89   macos-arm64:
   90     macos:
   91       # https://circleci.com/docs/2.0/testing-ios/#supported-xcode-versions
   92       xcode: '14.3.1'
   93     resource_class: macos.m1.medium.gen1
   94   win-server2022-amd64:
   95     machine:
   96       image: windows-server-2022-gui:2023.07.1
   97     resource_class: windows.large
   98     shell: powershell
   99   win-server2019-amd64:
  100     machine:
  101       image: windows-server-2019-vs2019:2022.08.1
  102     resource_class: windows.medium
  103     shell: powershell
  104   cbl-mariner:
  105     docker:
  106       - image: mcr.microsoft.com/cbl-mariner/base/python:3.9.14-6-cm2.0.20230805-arm64
  107     resource_class: arm.medium
  108 
  109 commands:
  110   install-go:
  111     parameters:
  112       go_os:
  113         type: string
  114       go_target_os:
  115         type: string
  116       go_arch:
  117         type: string
  118       base_url:
  119         type: string
  120       extraction_path:
  121         type: string
  122       cache_key_file:
  123         type: string
  124         default: go_cache_key.txt
  125     steps:
  126       - run:
  127           name: Create Cache Key
  128           command: |
  129             echo << parameters.extraction_path >>-<< parameters.base_url >>-<< parameters.go_target_os >>-<< parameters.go_arch >>-<< pipeline.parameters.go_version >> > << parameters.cache_key_file >>
  130             cat << parameters.cache_key_file >>
  131       - restore_cache:
  132           name: Restoring go binary cache
  133           keys:
  134             - go-binary-cache-{{ checksum "<< parameters.cache_key_file >>" }}
  135       - run:
  136           name: Download go binary
  137           command: python ./scripts/download_go.py << pipeline.parameters.go_version >> --go_os=<< parameters.go_os >> --go_arch=<< parameters.go_arch >> --base_url=<< parameters.base_url >> --extraction_path=<< parameters.extraction_path >>
  138       - save_cache:
  139           name: Caching go binary
  140           key: go-binary-cache-{{ checksum "<< parameters.cache_key_file >>" }}
  141           paths:
  142             - << parameters.extraction_path >>/go
  143       - unless:
  144           condition:
  145             equal: ['windows', << parameters.go_os >>]
  146           steps:
  147             - run:
  148                 name: Add go binary to PATH
  149                 command: echo "export PATH=$(realpath << parameters.extraction_path >>/go/bin):\$PATH" >> "$BASH_ENV"
  150       - when:
  151           condition:
  152             equal: ['windows', << parameters.go_os >>]
  153           steps:
  154             - run:
  155                 name: Add go binary to PATH
  156                 command: |
  157                   New-Item -Path $profile -ItemType File -Force
  158                   '$Env:Path = "<< parameters.extraction_path >>\go\bin;" + $Env:Path' >> $profile
  159 
  160   install-deps-windows-full:
  161     steps:
  162       - restore_cache:
  163           name: Restoring Chocolatey cache
  164           keys:
  165             - chocolatey-cache-v3-{{ arch }}-{{ checksum ".circleci/chocolatey.config" }}
  166       - run:
  167           name: Install Windows dependencies
  168           shell: bash.exe
  169           command: |
  170             choco uninstall nodejs -y
  171             choco uninstall nodejs.install -y
  172             choco install .circleci/chocolatey.config --no-progress -y
  173             choco install nodejs --version=$(head .nvmrc) --no-progress -y
  174       - save_cache:
  175           name: Saving Chocolatey cache
  176           key: chocolatey-cache-v3-{{ arch }}-{{ checksum ".circleci/chocolatey.config" }}
  177           paths:
  178             - ~\AppData\Local\Temp\chocolatey
  179       - install-deps-python:
  180           os: win
  181 
  182   install-deps-windows-signing:
  183     steps:
  184       - run:
  185           name: Generate Cache Key
  186           command: |
  187             date +%U%Y >> ~/cache_key.txt
  188             cat ~/cache_key.txt
  189       - restore_cache:
  190           name: Restoring DigitCert cache
  191           keys:
  192             - digicert-cache-v3-{{ arch }}-{{ checksum "~/cache_key.txt" }}
  193       - run:
  194           name: Install DigiCert Keylocker Tools
  195           shell: powershell
  196           command: |
  197             # Navigate to C: drive
  198             Set-Location C:\
  199 
  200             # Check if the file exists in the user's home directory
  201             $filePath = Join-Path $env:USERPROFILE 'smtools-windows-x64.msi'
  202             if (Test-Path $filePath) {
  203                 Write-Host "File exists. Moving to C:"
  204                 Copy-Item $filePath -Destination .\
  205             }
  206             else {
  207                 Write-Host "No existing file found. Downloading..."
  208                 # Download the file using Invoke-WebRequest
  209                 curl.exe -X GET  https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:$env:SM_API_KEY" -o smtools-windows-x64.msi
  210                 # Copy the downloaded file to the user's home directory
  211                 Copy-Item 'smtools-windows-x64.msi' -Destination $env:USERPROFILE
  212             }
  213 
  214             # Execute the MSI installer
  215             msiexec.exe /i smtools-windows-x64.msi /quiet /qn | Wait-Process
  216             & 'C:\Program Files\DigiCert\DigiCert One Signing Manager Tools\smksp_cert_sync.exe'
  217       - save_cache:
  218           name: Saving DigitCert cache
  219           key: digicert-cache-v3-{{ arch }}-{{ checksum "~/cache_key.txt" }}
  220           paths:
  221             - ~\smtools-windows-x64.msi
  222 
  223   install-deps-windows-full-signing:
  224     steps:
  225       - install-deps-windows-signing
  226       - install-deps-windows-full
  227 
  228   install-deps-windows-make:
  229     steps:
  230       - restore_cache:
  231           name: Restoring Chocolatey cache
  232           keys:
  233             - chocolatey-cache-v3-{{ arch }}-{{ checksum ".circleci/chocolatey.config" }}
  234       - run:
  235           name: Install Windows dependencies
  236           shell: bash.exe
  237           command: |
  238             choco install make --no-progress -y
  239       - save_cache:
  240           name: Saving Chocolatey cache
  241           key: chocolatey-cache-v3-{{ arch }}-{{ checksum ".circleci/chocolatey.config" }}
  242           paths:
  243             - ~\AppData\Local\Temp\chocolatey
  244       - install-deps-python:
  245           os: win
  246       - install-deps-windows-signing
  247 
  248   install-deps-noop:
  249     steps:
  250       - run:
  251           name: No dependencies to install
  252           command: echo all done!
  253 
  254   install-deps-python:
  255     parameters:
  256       os:
  257         type: string
  258         default: linux
  259       modules:
  260         type: string
  261         default: requests PyYAML
  262     steps:
  263       - when:
  264           condition:
  265             matches:
  266               pattern: '^(linux.*|macos.*|alpine.*|docker.*)'
  267               value: << parameters.os >>
  268           steps:
  269             - run:
  270                 name: Installing python modules
  271                 command: python3 -m pip install << parameters.modules >>
  272       - when:
  273           condition:
  274             matches:
  275               pattern: '^(win.*|cbl-mariner.*)'
  276               value: << parameters.os >>
  277           steps:
  278             - run:
  279                 shell: bash.exe
  280                 name: Installing python modules
  281                 command: python -m pip install << parameters.modules >>
  282 
  283   install-deps-macos-full:
  284     parameters:
  285       items:
  286         type: string
  287         default: go gradle python elixir composer gradle@6 maven sbt dotnet
  288     steps:
  289       - run:
  290           name: Installing Rosetta
  291           command: softwareupdate --install-rosetta --agree-to-license
  292       - restore_cache:
  293           key: acceptance-tests-macos-<< parameters.items >>
  294       - run:
  295           name: Installing sdks and tools via homebrew
  296           command: |
  297             brew install << parameters.items >>
  298       - save_cache:
  299           key: acceptance-tests-macos-<< parameters.items >>
  300           paths:
  301             - ~/Library/Caches/Homebrew
  302       - install-deps-python:
  303           os: macos
  304 
  305   install-deps-macos-build:
  306     parameters:
  307       items:
  308         type: string
  309         default: go gradle python elixir composer gradle@6 maven sbt dotnet
  310     steps:
  311       - run:
  312           name: Installing Rosetta
  313           command: softwareupdate --install-rosetta --agree-to-license
  314       - install-deps-python:
  315           os: macos
  316 
  317   install-deps-alpine-full:
  318     steps:
  319       - run:
  320           name: Installing Node.js + other test dependencies
  321           command: |
  322             apk add --update nodejs npm bash maven git go gradle python3 py3-pip elixir composer
  323             pip3 install pipenv requests PyYAML
  324 
  325   failed-release-notification:
  326     steps:
  327       - when:
  328           condition:
  329             equal: [main, << pipeline.git.branch >>]
  330           steps:
  331             - run:
  332                 name: Handling failed release
  333                 command: bash ./release-scripts/handle-failed-release.sh
  334                 when: on_fail
  335 
  336   prepare-workspace:
  337     parameters:
  338       executor:
  339         type: string
  340         default: linux-base-edge-amd64
  341     steps:
  342       - checkout
  343       - attach_workspace:
  344           at: .
  345 
  346 ####################################################################################################
  347 # WORKFLOWS
  348 ####################################################################################################
  349 
  350 workflows:
  351   test_and_release:
  352     jobs:
  353       - prodsec/secrets-scan:
  354           name: secrets-scan
  355           context: snyk-bot-slack
  356           channel: cli-alerts
  357 
  358       - prepare-build:
  359           requires:
  360             - secrets-scan
  361 
  362       - code-analysis:
  363           context: devex_cli
  364           requires:
  365             - prepare-build
  366           filters:
  367             branches:
  368               ignore: main
  369 
  370       - test-node:
  371           context:
  372             - nodejs-install
  373             - team_hammerhead-cli
  374           requires:
  375             - prepare-build
  376           filters:
  377             branches:
  378               ignore: main
  379 
  380       - test-go:
  381           context:
  382             - nodejs-install
  383             - team_hammerhead-cli
  384           requires:
  385             - prepare-build
  386           filters:
  387             branches:
  388               ignore: main
  389 
  390       - test-legacy-tap:
  391           context:
  392             - nodejs-install
  393             - team_hammerhead-cli
  394           requires:
  395             - prepare-build
  396           filters:
  397             branches:
  398               ignore: main
  399 
  400       - build-special-artifacts:
  401           name: build fix & protect
  402           requires:
  403             - prepare-build
  404 
  405       - build-artifact:
  406           name: build linux amd64
  407           go_target_os: linux
  408           go_os: linux
  409           go_arch: amd64
  410           go_download_base_url: << pipeline.parameters.fips_go_download_base_url >>
  411           make_target: build clean-golang build-fips
  412           executor: docker-amd64
  413           requires:
  414             - prepare-build
  415 
  416       - build-artifact:
  417           name: build linux arm64
  418           go_target_os: linux
  419           go_os: linux
  420           go_arch: arm64
  421           go_download_base_url: << pipeline.parameters.fips_go_download_base_url >>
  422           make_target: build clean-golang build-fips
  423           executor: docker-arm64
  424           requires:
  425             - prepare-build
  426 
  427       - build-artifact:
  428           name: build alpine amd64
  429           go_target_os: alpine
  430           go_os: linux
  431           go_arch: amd64
  432           go_download_base_url: << pipeline.parameters.go_download_base_url >>
  433           executor: docker-amd64
  434           c_compiler: /usr/bin/musl-gcc
  435           requires:
  436             - prepare-build
  437 
  438       - build-artifact:
  439           name: build macOS amd64
  440           go_target_os: darwin
  441           go_os: darwin
  442           go_arch: amd64
  443           go_download_base_url: << pipeline.parameters.go_download_base_url >>
  444           executor: macos-arm64
  445           install_deps_extension: macos-build
  446           requires:
  447             - prepare-build
  448 
  449       - build-artifact:
  450           name: build macOS arm64
  451           go_target_os: darwin
  452           go_os: darwin
  453           go_arch: arm64
  454           go_download_base_url: << pipeline.parameters.go_download_base_url >>
  455           executor: macos-arm64
  456           install_deps_extension: macos-build
  457           requires:
  458             - prepare-build
  459 
  460       - build-artifact:
  461           name: build windows amd64
  462           go_target_os: windows
  463           go_os: windows
  464           go_arch: amd64
  465           go_download_base_url: << pipeline.parameters.fips_go_download_base_url >>
  466           make_target: build clean-golang build-fips
  467           install_deps_extension: windows-full-signing
  468           install_path: 'C:\'
  469           executor: win-server2022-amd64
  470           context: snyk-windows-signing
  471           requires:
  472             - prepare-build
  473 
  474       - regression-tests:
  475           name: regression-tests
  476           context: team_hammerhead-cli
  477           filters:
  478             branches:
  479               ignore: main
  480           requires:
  481             - build linux amd64
  482           test_snyk_command: ./binary-releases/snyk-linux
  483 
  484       - acceptance-tests:
  485           name: acceptance-tests linux amd64
  486           context:
  487             - nodejs-install
  488             - team_hammerhead-cli
  489           filters:
  490             branches:
  491               ignore: main
  492           requires:
  493             - build linux amd64
  494           executor: docker-amd64
  495           test_snyk_command: ./binary-releases/snyk-linux
  496 
  497       - acceptance-tests:
  498           name: acceptance-tests linux arm64
  499           context:
  500             - nodejs-install
  501             - team_hammerhead-cli
  502           filters:
  503             branches:
  504               ignore: main
  505           requires:
  506             - build linux arm64
  507           executor: docker-arm64
  508           test_snyk_command: ./binary-releases/snyk-linux-arm64
  509 
  510       - acceptance-tests:
  511           name: acceptance-tests fips linux arm64
  512           executor: docker-arm64
  513           test_snyk_command: ./binary-releases/fips/snyk-linux-arm64
  514           fips: 1
  515           context:
  516             - nodejs-install
  517             - team_hammerhead-cli
  518           filters:
  519             branches:
  520               ignore: main
  521           requires:
  522             - build linux arm64
  523 
  524       - acceptance-tests:
  525           name: acceptance-tests alpine amd64
  526           context:
  527             - nodejs-install
  528             - team_hammerhead-cli
  529           filters:
  530             branches:
  531               ignore: main
  532           requires:
  533             - build alpine amd64
  534           executor: alpine
  535           test_snyk_command: ./binary-releases/snyk-alpine
  536           install_deps_extension: alpine-full
  537           dont_skip_tests: 0
  538 
  539       - acceptance-tests:
  540           name: acceptance-tests macOS amd64
  541           context:
  542             - nodejs-install
  543             - team_hammerhead-cli
  544           filters:
  545             branches:
  546               ignore: main
  547           requires:
  548             - build macOS arm64
  549           executor: macos-arm64
  550           test_snyk_command: ./binary-releases/snyk-macos-arm64
  551           install_deps_extension: macos-full
  552 
  553       - acceptance-tests:
  554           name: acceptance-tests windows amd64
  555           context:
  556             - nodejs-install
  557             - team_hammerhead-cli
  558           filters:
  559             branches:
  560               ignore: main
  561           requires:
  562             - build windows amd64
  563           executor: win-server2022-amd64
  564           test_snyk_command: binary-releases\\snyk-win.exe
  565           install_deps_extension: windows-full
  566           dont_skip_tests: 0
  567           pre_test_cmds: Import-Module $env:ChocolateyInstall\helpers\chocolateyProfile.psm1; RefreshEnv
  568 
  569       - sign:
  570           name: sign windows amd64
  571           context: snyk-windows-signing
  572           requires:
  573             - build windows amd64
  574           go_os: windows
  575           go_arch: amd64
  576           make_target: sign sign-fips
  577           executor: win-server2022-amd64
  578           install_deps_extension: windows-make
  579           filters:
  580             branches:
  581               only:
  582                 - main
  583                 - '/.*e2e.*/'
  584 
  585       - sign:
  586           name: sign macos amd64
  587           context: snyk-macos-signing
  588           requires:
  589             - build macOS amd64
  590           go_os: darwin
  591           go_arch: amd64
  592           executor: macos-arm64
  593           install_deps_extension: noop
  594           filters:
  595             branches:
  596               only:
  597                 - main
  598                 - '/.*e2e.*/'
  599 
  600       - sign:
  601           name: sign macos arm64
  602           context: snyk-macos-signing
  603           requires:
  604             - build macOS arm64
  605           go_os: darwin
  606           go_arch: arm64
  607           executor: macos-arm64
  608           install_deps_extension: noop
  609           filters:
  610             branches:
  611               only:
  612                 - main
  613                 - '/.*e2e.*/'
  614 
  615       - create_deployment_artifacts:
  616           name: create deployment artifacts
  617           context: snyk-cli-pgp-signing
  618           requires:
  619             - sign macos amd64
  620             - sign macos arm64
  621             - sign windows amd64
  622             - build alpine amd64
  623             - build linux amd64
  624             - build linux arm64
  625             - build fix & protect
  626           filters:
  627             branches:
  628               only:
  629                 - main
  630                 - '/.*e2e.*/'
  631 
  632       - should-release:
  633           name: release?
  634           type: approval
  635           requires:
  636             - create deployment artifacts
  637           filters:
  638             branches:
  639               only:
  640                 - main
  641                 - '/.*e2e.*/'
  642 
  643       - pre-release:
  644           name: upload version
  645           context: team-hammerhead-common-deploy-tokens
  646           requires:
  647             - release?
  648           filters:
  649             branches:
  650               only:
  651                 - main
  652                 - '/.*e2e.*/'
  653 
  654       - npm-validation:
  655           name: Validate NPM artifacts (<< matrix.executor >>)
  656           context: team_hammerhead-cli
  657           matrix:
  658             parameters:
  659               executor:
  660                 - 'docker-amd64'
  661                 - 'win-server2019-amd64'
  662                 - 'macos-arm64'
  663           requires:
  664             - upload version
  665           filters:
  666             branches:
  667               only:
  668                 - main
  669                 - '/.*e2e.*/'
  670 
  671       - test-release:
  672           name: e2e tests (<< matrix.executor >>)
  673           context: team_hammerhead-cli
  674           matrix:
  675             parameters:
  676               executor:
  677                 - 'docker-amd64'
  678                 - 'docker-arm64'
  679                 - 'win-server2019-amd64'
  680                 - 'win-server2022-amd64'
  681                 - 'macos-arm64'
  682                 - 'linux-ubuntu-latest-amd64'
  683                 - 'linux-ubuntu-mantic-amd64'
  684                 - 'linux-ubuntu-jammy-amd64'
  685                 - 'linux-ubuntu-focal-amd64'
  686                 - 'linux-ubuntu-latest-arm64'
  687                 - 'linux-ubuntu-mantic-arm64'
  688                 - 'linux-ubuntu-jammy-arm64'
  689                 - 'linux-ubuntu-focal-arm64'
  690                 - 'alpine'
  691           requires:
  692             - upload version
  693           filters:
  694             branches:
  695               only:
  696                 - main
  697                 - '/.*e2e.*/'
  698 
  699       - test-release:
  700           name: e2e fips tests (cbl-mariner)
  701           context: team_hammerhead-cli
  702           cli_download_base_url: << pipeline.parameters.fips_cli_download_base_url >>
  703           setup_steps:
  704             - run: tdnf install -y tar ca-certificates
  705           executor: 'cbl-mariner'
  706           requires:
  707             - upload version
  708           filters:
  709             branches:
  710               only:
  711                 - main
  712                 - '/.*e2e.*/'
  713 
  714       - test-release:
  715           name: e2e fips tests (win-server2022-amd64)
  716           context: team_hammerhead-cli
  717           cli_download_base_url: << pipeline.parameters.fips_cli_download_base_url >>
  718           setup_steps:
  719             - run: Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy' -Name 'Enabled' -Value '1'
  720           executor: 'win-server2022-amd64'
  721           requires:
  722             - upload version
  723           filters:
  724             branches:
  725               only:
  726                 - main
  727                 - '/.*e2e.*/'
  728 
  729       - release-s3:
  730           name: upload preview
  731           deployment: preview
  732           context: team-hammerhead-common-deploy-tokens
  733           requires:
  734             - Validate NPM artifacts (docker-amd64)
  735             - Validate NPM artifacts (win-server2019-amd64)
  736             - Validate NPM artifacts (macos-arm64)
  737             - e2e tests (docker-amd64)
  738             - e2e tests (docker-arm64)
  739             - e2e tests (win-server2019-amd64)
  740             - e2e tests (win-server2022-amd64)
  741             - e2e tests (macos-arm64)
  742             - e2e tests (linux-ubuntu-latest-amd64)
  743             - e2e tests (linux-ubuntu-mantic-amd64)
  744             - e2e tests (linux-ubuntu-jammy-amd64)
  745             - e2e tests (linux-ubuntu-focal-amd64)
  746             - e2e tests (linux-ubuntu-latest-arm64)
  747             - e2e tests (linux-ubuntu-mantic-arm64)
  748             - e2e tests (linux-ubuntu-jammy-arm64)
  749             - e2e tests (linux-ubuntu-focal-arm64)
  750             - e2e tests (alpine)
  751             - e2e fips tests (cbl-mariner)
  752             - e2e fips tests (win-server2022-amd64)
  753           filters:
  754             branches:
  755               only: main
  756 
  757       - release-s3:
  758           name: upload latest
  759           deployment: latest
  760           context: team-hammerhead-common-deploy-tokens
  761           requires:
  762             - upload preview
  763           filters:
  764             branches:
  765               only: main
  766 
  767       - release-github:
  768           name: upload github
  769           context: team-hammerhead-common-deploy-tokens
  770           requires:
  771             - upload latest
  772           filters:
  773             branches:
  774               only:
  775                 - main
  776       - release-npm:
  777           name: upload npm
  778           context: team-hammerhead-common-deploy-tokens
  779           requires:
  780             - upload github
  781           filters:
  782             branches:
  783               only:
  784                 - main
  785 
  786       - trigger-building-snyk-images:
  787           name: Trigger building snyk-images
  788           context: team-hammerhead-common-deploy-tokens
  789           requires:
  790             - upload npm
  791           filters:
  792             branches:
  793               only:
  794                 - main
  795 
  796 ####################################################################################################
  797 # JOBS
  798 ####################################################################################################
  799 
  800 jobs:
  801   prepare-build:
  802     executor: docker-amd64
  803     steps:
  804       - checkout
  805       - run:
  806           name: Installing dependencies
  807           command: npm ci
  808       - run:
  809           name: Set version
  810           command: |
  811             make binary-releases/version binary-releases/fips/version 
  812             make ts-cli-binaries/version BINARY_RELEASES_FOLDER_TS_CLI=ts-cli-binaries
  813       - run:
  814           # required for one unit test (ts-binary-wrapper/test/unit/common.spec.ts:15:30)
  815           # consider removing this run
  816           name: Pre-Build
  817           command: make pre-build
  818       - run:
  819           name: Build TypeScript CLI
  820           command: npm run build:prod
  821       - persist_to_workspace:
  822           root: .
  823           paths:
  824             - binary-releases/*
  825             - ts-cli-binaries/*
  826             - binary-releases/fips/*
  827             - node_modules/*
  828             - ts-binary-wrapper/*
  829             - dist/*
  830             - packages/*
  831 
  832   code-analysis:
  833     executor: docker-amd64
  834     steps:
  835       - prepare-workspace
  836       - run:
  837           name: Linting project
  838           command: |
  839             npm run lint
  840             pushd cliv2 
  841             make lint
  842             popd
  843       - snyk/scan:
  844           fail-on-issues: true
  845           severity-threshold: critical
  846           additional-arguments: --all-projects --exclude=test,dist
  847       - snyk/scan:
  848           command: code test
  849           fail-on-issues: true
  850           monitor-on-build: true
  851           severity-threshold: high
  852 
  853   test-node:
  854     executor: docker-amd64
  855     steps:
  856       - prepare-workspace
  857       - run:
  858           name: Running TS unit tests
  859           command: npm run test:unit
  860 
  861   test-go:
  862     executor: docker-amd64
  863     steps:
  864       - prepare-workspace
  865       - run:
  866           name: Running Go unit tests
  867           working_directory: ./cliv2
  868           command: make openboxtest
  869 
  870   test-legacy-tap:
  871     executor: docker-amd64
  872     steps:
  873       - prepare-workspace
  874       - run:
  875           name: Configuring artifact
  876           command: node ./bin/snyk config set "api=${TEST_SNYK_TOKEN}" # many tests require the token to be in the config
  877       - run:
  878           name: Running Tap tests
  879           no_output_timeout: '30m' # the whole set of tests regularly takes 25+ minutes.
  880           command: >
  881             npx tap -j 1 -C --timeout=300 -R junit --reporter-file=tap-junit.xml
  882             --allow-incomplete-coverage
  883             $(circleci tests glob "test/tap/*.test.*" | circleci tests split --split-by=timings)
  884       - store_test_results:
  885           path: tap-junit.xml
  886 
  887   build-special-artifacts:
  888     executor: docker-amd64
  889     steps:
  890       - prepare-workspace
  891       - run:
  892           name: Building snyk-fix.tgz
  893           command: make binary-releases/snyk-fix.tgz
  894       - run:
  895           name: Building snyk-protect.tgz
  896           command: make binary-releases/snyk-protect.tgz
  897       - persist_to_workspace:
  898           root: .
  899           paths:
  900             - binary-releases/snyk-fix.tgz
  901             - binary-releases/snyk-protect.tgz
  902 
  903   build-artifact:
  904     parameters:
  905       go_os:
  906         type: string
  907       go_target_os:
  908         type: string
  909       go_arch:
  910         type: string
  911       c_compiler:
  912         type: string
  913         default: ''
  914       executor:
  915         type: string
  916       go_download_base_url:
  917         type: string
  918       make_target:
  919         type: string
  920         default: 'build'
  921       install_deps_extension:
  922         type: string
  923         default: 'noop'
  924       install_path:
  925         type: string
  926         default: '.'
  927     executor: << parameters.executor >>
  928     steps:
  929       - prepare-workspace
  930       - install-deps-<< parameters.install_deps_extension >>
  931       - install-go:
  932           go_os: << parameters.go_os >>
  933           go_target_os: << parameters.go_target_os >>
  934           go_arch: << parameters.go_arch >>
  935           base_url: << parameters.go_download_base_url >>
  936           extraction_path: << parameters.install_path >>
  937       - restore_cache:
  938           key: go-build-{{ arch }}-{{ checksum "cliv2/go.sum" }}
  939       - run:
  940           name: Build << parameters.go_target_os >>/<< parameters.go_arch >>
  941           environment:
  942             CC: << parameters.c_compiler >>
  943             CGO_ENABLED: 1
  944           command: make << parameters.make_target >> GOOS=<< parameters.go_target_os >> GOARCH=<< parameters.go_arch >>
  945       - save_cache:
  946           key: go-build-{{ arch }}-{{ checksum "cliv2/go.sum" }}
  947           paths: [/home/circleci/go/pkg/mod]
  948       - store_artifacts:
  949           path: binary-releases
  950       - persist_to_workspace:
  951           root: .
  952           paths:
  953             - binary-releases/snyk-*
  954             - binary-releases/fips/snyk-*
  955 
  956   acceptance-tests:
  957     parameters:
  958       test_snyk_command:
  959         type: string
  960       executor:
  961         type: string
  962       fips:
  963         type: integer
  964         default: 0
  965       dont_skip_tests:
  966         type: integer
  967         default: 1
  968       install_deps_extension:
  969         type: string
  970         default: 'noop'
  971       pre_test_cmds:
  972         type: string
  973         default: 'echo Running tests'
  974     executor: << parameters.executor >>
  975     steps:
  976       - prepare-workspace
  977       - install-deps-<< parameters.install_deps_extension >>
  978       - run:
  979           command: npm install
  980       - run:
  981           name: Running acceptance tests
  982           command: |
  983             << parameters.pre_test_cmds >>
  984             npm run test:acceptance -- --selectProjects coreCli
  985           environment:
  986             TEST_SNYK_FIPS: << parameters.fips >>
  987             TEST_SNYK_COMMAND: << parameters.test_snyk_command >>
  988             TEST_SNYK_DONT_SKIP_ANYTHING: << parameters.dont_skip_tests >>
  989 
  990   regression-tests:
  991     parameters:
  992       test_snyk_command:
  993         type: string
  994         default: /mnt/ramdisk/snyk/binary-files/snyk-linux
  995     executor: docker-amd64
  996     working_directory: /mnt/ramdisk/snyk
  997     steps:
  998       - prepare-workspace
  999       - run:
 1000           name: Install ShellSpec Deps
 1001           command: |
 1002             ./test/smoke/install-shellspec.sh --yes
 1003             sudo ln -s ~/.local/lib/shellspec/shellspec /usr/local/bin/shellspec
 1004       - run:
 1005           name: Installing test fixture dependencies
 1006           working_directory: ./test/fixtures/basic-npm
 1007           command: npm i
 1008       - run:
 1009           name: Installing Snyk CLI
 1010           command: |
 1011             sudo ln -s $(realpath << parameters.test_snyk_command >>) /usr/local/bin/snyk
 1012             snyk --version
 1013       - run:
 1014           name: Running ShellSpec tests
 1015           working_directory: ./test/smoke
 1016           command: |
 1017             echo "Checkout the README in test/smoke folder for more details about this step"
 1018             shellspec -f d -e REGRESSION_TEST=1 -e PIP_BREAK_SYSTEM_PACKAGES=1
 1019 
 1020   sign:
 1021     parameters:
 1022       go_os:
 1023         type: string
 1024       go_arch:
 1025         type: string
 1026       executor:
 1027         type: string
 1028       install_deps_extension:
 1029         type: string
 1030       make_target:
 1031         type: string
 1032         default: 'sign'
 1033     executor: << parameters.executor >>
 1034     steps:
 1035       - prepare-workspace
 1036       - install-deps-<< parameters.install_deps_extension >>
 1037       - run:
 1038           name: Signing << parameters.go_os >> artifact
 1039           command: make << parameters.make_target >> GOOS=<< parameters.go_os >> GOARCH=<< parameters.go_arch >>
 1040       - store_artifacts:
 1041           path: ./binary-releases
 1042       - persist_to_workspace:
 1043           root: .
 1044           paths:
 1045             - binary-releases/snyk-*
 1046             - binary-releases/fips/snyk-*
 1047 
 1048   create_deployment_artifacts:
 1049     executor: docker-amd64
 1050     steps:
 1051       - prepare-workspace
 1052       - run:
 1053           name: Creating all shasums
 1054           command: find binary-releases -name "snyk-*" -exec make {}.sha256 \;
 1055       - run:
 1056           name: Making TS-Binary-Wrapper (snyk.tgz)
 1057           command: make binary-releases/snyk.tgz
 1058       - run:
 1059           name: Signing all shasums
 1060           command: make binary-releases/sha256sums.txt.asc
 1061       - run:
 1062           name: Making release.json
 1063           command: make binary-releases/release.json
 1064       - run:
 1065           name: Making release notes
 1066           command: make binary-releases/RELEASE_NOTES.md
 1067       - run:
 1068           name: Validating artifacts
 1069           command: ./release-scripts/validate-checksums.sh
 1070       - run:
 1071           name: Generate Protocol Version File
 1072           command: |
 1073             make ls-protocol-metadata
 1074             cp binary-releases/ls-protocol-version-* binary-releases/fips/
 1075       - store_artifacts:
 1076           path: ./binary-releases
 1077       - persist_to_workspace:
 1078           root: .
 1079           paths:
 1080             - binary-releases/sha256sums.txt.asc
 1081             - binary-releases/release.json
 1082             - binary-releases/snyk-*.sha256
 1083             - binary-releases/fips/sha256sums.txt.asc
 1084             - binary-releases/fips/release.json
 1085             - binary-releases/fips/snyk-*.sha256
 1086             - binary-releases/RELEASE_NOTES.md
 1087             - binary-releases/snyk.tgz
 1088             - binary-releases/ls-protocol-version-*
 1089             - binary-releases/fips/ls-protocol-version-*
 1090 
 1091   pre-release:
 1092     executor: docker-amd64
 1093     steps:
 1094       - prepare-workspace
 1095       - gh/setup:
 1096           token: HAMMERHEAD_GITHUB_PAT
 1097           version: << pipeline.parameters.gh_version >>
 1098       - aws-cli/install:
 1099           version: << pipeline.parameters.aws_version >>
 1100       - run:
 1101           name: Pre-Publishing
 1102           command: make release-pre
 1103       - failed-release-notification
 1104 
 1105   npm-validation:
 1106     parameters:
 1107       executor:
 1108         type: string
 1109     executor: << parameters.executor >>
 1110     steps:
 1111       - prepare-workspace
 1112       - run:
 1113           name: Validating NPM artifacts
 1114           command: bash ./release-scripts/validate-npm-artifacts.sh
 1115       - failed-release-notification
 1116 
 1117   test-release:
 1118     parameters:
 1119       executor:
 1120         type: string
 1121       cli_download_base_url:
 1122         type: string
 1123         default: << pipeline.parameters.cli_download_base_url >>
 1124       setup_steps:
 1125         type: steps
 1126         default: []
 1127     executor: << parameters.executor >>
 1128     steps:
 1129       - steps: << parameters.setup_steps >>
 1130       - prepare-workspace
 1131       - when:
 1132           condition:
 1133             matches:
 1134               pattern: '^macos.*'
 1135               value: << parameters.executor >>
 1136           steps:
 1137             - run: brew install coreutils curl python3
 1138       - when:
 1139           condition:
 1140             matches:
 1141               pattern: '^alpine'
 1142               value: << parameters.executor >>
 1143           steps:
 1144             - run: apk add python3 py3-pip bash
 1145       - when:
 1146           condition:
 1147             matches:
 1148               pattern: '^linux.*'
 1149               value: << parameters.executor >>
 1150           steps:
 1151             - run: echo UTC > /etc/timezone && apt update && apt install -y sudo curl python3 python3-pip python3-requests
 1152 
 1153       - run:
 1154           name: Checking Snyk CLI
 1155           shell: bash
 1156           environment:
 1157             SNYK_DISABLE_ANALYTICS: 1
 1158           command: |
 1159             PIP_BREAK_SYSTEM_PACKAGES=1 pip install --user --upgrade requests || PIP_BREAK_SYSTEM_PACKAGES=1 pip3 install --user --upgrade requests 
 1160             python scripts/install-snyk.py --base_url=<< parameters.cli_download_base_url >>  $(cat binary-releases/version) || python3 scripts/install-snyk.py --base_url=<< parameters.cli_download_base_url >> $(cat binary-releases/version)
 1161             SNYK_TOKEN=${TEST_SNYK_TOKEN} ./snyk whoami --experimental
 1162             SNYK_TOKEN=${TEST_SNYK_TOKEN} ./snyk woof
 1163 
 1164   release-s3:
 1165     parameters:
 1166       deployment:
 1167         type: string
 1168         default: latest
 1169     executor: docker-amd64
 1170     steps:
 1171       - prepare-workspace
 1172       - aws-cli/install:
 1173           version: << pipeline.parameters.aws_version >>
 1174       - run:
 1175           name: Publish to S3 ( << parameters.deployment >> )
 1176           command: ./release-scripts/upload-artifacts.sh << parameters.deployment >>
 1177       - failed-release-notification
 1178 
 1179   release-github:
 1180     executor: docker-amd64
 1181     steps:
 1182       - prepare-workspace
 1183       - gh/setup:
 1184           token: HAMMERHEAD_GITHUB_PAT
 1185           version: << pipeline.parameters.gh_version >>
 1186       - run:
 1187           name: Publish to GitHub
 1188           command: ./release-scripts/upload-artifacts.sh github
 1189       - failed-release-notification
 1190 
 1191   release-npm:
 1192     executor: docker-amd64
 1193     steps:
 1194       - prepare-workspace
 1195       - run:
 1196           name: Publish to npm
 1197           command: ./release-scripts/upload-artifacts.sh npm
 1198       - failed-release-notification
 1199 
 1200   trigger-building-snyk-images:
 1201     executor: docker-amd64
 1202     steps:
 1203       - prepare-workspace
 1204       - run:
 1205           name: Trigger build-and-publish workflow at snyk-images
 1206           command: ./release-scripts/upload-artifacts.sh trigger-snyk-images
 1207       - failed-release-notification