def _attribute_specs(cls):
return (
AttributeSpec.optional(
name=cls.BUMP_MAJOR.value,
default=None,
doc=
'Increments the major version of the next development cycle',
type=str,
),
AttributeSpec.optional(
name=cls.BUMP_MINOR.value,
default=None,
doc=
'Increments the minor version of the next development cycle',
type=str,
),
AttributeSpec.optional(
name=cls.BUMP_PATCH.value,
default=None,
doc=
'Increments the patch version of the next development cycle',
type=str,
),
AttributeSpec.optional(
name=cls.NOOP.value,
default=None,
doc='No change to the next development cycle version done',
type=str,
),
)
def _attribute_specs(cls):
return (
AttributeSpec.optional(
name=cls.UPLOAD_IF_CHANGED.value,
default=None,
doc='''
upload the container images. This will :strong:`not` upload the images if they
are already present. This will :strong:`not` cause images already present to be
rescanned.
''',
type=str,
),
AttributeSpec.optional(
name=cls.RESCAN.value,
default=None,
doc='''
trigger a scan of container images. Images will be uploaded unless they are
already present.
''',
type=str,
),
AttributeSpec.optional(
name=cls.FORCE_UPLOAD.value,
default=None,
doc='''
:strong:`always` upload the images. This will cause all images to be rescanned.
''',
type=str,
),
)
def _attribute_specs(cls):
return (
AttributeSpec.optional(
name=cls.TAG_AND_PUSH_TO_BRANCH.value,
doc='publish release tag to branch',
default=None,
),
AttributeSpec.optional(
name=cls.TAG_ONLY.value,
doc='publish release tag to dead-end',
default=None,
),
)
def _attribute_specs(cls):
return (
AttributeSpec.optional(
name=cls.DEFAULT.value,
default=None,
doc='Create release notes and add them to the GitHub release.',
type=str,
),
AttributeSpec.optional(
name=cls.DISABLED.value,
default=None,
doc='Do not create release notes.',
type=str,
),
)
def _attribute_specs(cls):
return (
AttributeSpec.optional(
name=cls.NOT_EMPTY.value,
default=None,
doc=(
'Every given attribute (e.g.: "version") must also be given a '
'non-empty value'
),
type=str,
),
AttributeSpec.optional(
name=cls.FORBID_EXTRA_ATTRIBUTES.value,
default=None,
doc='**only** required attributes are allowed',
type=str,
),
)
def _attribute_specs(cls):
return (
AttributeSpec.optional(
name='include_image_references',
default=(),
doc='''
a list of regular expressions. If configured, only matching image references are
processed. By default, all image references are considered.
''',
),
AttributeSpec.optional(
name='exclude_image_references',
default=(),
doc='''
a list of regular expressions. If configured, matching image references are
exempted from processing. Has precedence over include_image_references.
By default, no image references are excluded.
''',
),
)
def _attribute_specs(cls):
return (
AttributeSpec.optional(
name=cls.RESCAN.value,
default=None,
doc='''
(re-)scan container images if Protecode indicates this might bear new results.
Upload absent images.
''',
type=str,
),
AttributeSpec.optional(
name=cls.FORCE_UPLOAD.value,
default=None,
doc='''
`always` upload and scan all images.
''',
type=str,
),
)
def _attribute_specs(cls):
return (
AttributeSpec.optional(
name=cls.ONLY_FIRST.value,
default=True,
doc='notify on first error only',
type=str,
),
AttributeSpec.optional(
name=cls.ALWAYS.value,
default=False,
doc='notify on every error',
type=str,
),
AttributeSpec.optional(
name=cls.NEVER.value,
default=False,
doc='notify never in case of errors',
type=str,
),
)
def _attribute_specs(cls):
return (
AttributeSpec.optional(
name=cls.COMMITTERS.value,
default=None,
doc='notify committers of the last commit',
type=str,
),
AttributeSpec.optional(
name=cls.EMAIL_ADDRESSES.value,
default=None,
doc='''
notifiy specific email addresses
Example:
.. code-block:: yaml
recipients:
- email_addresses:
- [email protected]
- [email protected]
''',
type=str,
),
AttributeSpec.optional(
name=cls.COMPONENT_DIFF_OWNERS.value,
default=None,
doc=
'notify the codeowners of a component. CODEOWNERS file must exist',
type=str,
),
AttributeSpec.optional(
name=cls.CODEOWNERS.value,
default=None,
doc=
'notify the codeowners of the repository. CODEOWNERS file must exist',
type=str,
),
)
),
AttributeSpec.optional(
name=cls.CODEOWNERS.value,
default=None,
doc=
'notify the codeowners of the repository. CODEOWNERS file must exist',
type=str,
),
)
NOTIFICATION_CFG_ATTRS = (
AttributeSpec.optional(
name='triggering_policy',
default=NotificationTriggeringPolicy.ONLY_FIRST.value,
doc=
'when to issue the configured notifications. Possible values see below',
type=NotificationTriggeringPolicy,
),
AttributeSpec.optional(
name='email',
default=True,
doc='whether to send email notifications',
type=bool,
),
AttributeSpec.optional(
name='inputs',
default=['on_error_dir'],
doc='configures the inputs that are made available to the notification',
type=typing.List[str],
),
# XXX validate ref schema
ref = self.raw['tgt_ref']
if ':' in ref:
return ref
# cp tag from src_ref
_, tag = self.src_ref().rsplit(':', 1)
return f'{ref}:{tag}'
def rm_paths_file(self):
return self.raw['remove_paths_file']
ATTRIBUTES = (
AttributeSpec.optional(
name='parallel_jobs',
default=12,
doc='amount of parallel scanning threads',
type=int,
),
AttributeSpec.required(
name='cfgs',
doc='ImageAlterCfgs {name: ImageAlterCfg}',
type=typing.Dict[str, ImageAlterCfg],
),
)
class ImageAlterTrait(Trait):
@classmethod
def _attribute_specs(cls):
return ATTRIBUTES
def exclude_image_names(self):
return self.raw['exclude_image_names']
def include_component_names(self):
return self.raw['include_component_names']
def exclude_component_names(self):
return self.raw['exclude_component_names']
class ImageFilterMixin(ModelBase):
def filters(self):
return FilterCfg(raw_dict=self.raw['filters'])
IMAGE_ATTRS = (
AttributeSpec.optional(
name='filters',
default={
'include_image_references': (),
'exclude_image_references': (),
'include_image_names': (),
'exclude_image_names': (),
'include_component_names': (),
'exclude_component_names': (),
},
doc='optional filters to restrict container images to process',
type=FilterCfg,
),
)
class MergePolicy(enum.Enum):
MANUAL = 'manual'
AUTO_MERGE = 'auto_merge'
class UpstreamUpdatePolicy(enum.Enum):
STRICTLY_FOLLOW = 'strictly_follow'
ACCEPT_HOTFIXES = 'accept_hotfixes'
MERGE_POLICY_CONFIG_ATTRIBUTES = (
AttributeSpec.optional(
name='component_names',
default=[],
type=typing.List[str],
doc=
('a sequence of regular expressions. This merge policy will be applied to matching '
'component names. Matches all component names by default')),
AttributeSpec.optional(
name='merge_mode',
default='manual',
type=MergePolicy,
doc='whether or not created PRs should be automatically merged',
),
)
class MergePolicyConfig(ModelBase):
@classmethod
def _attribute_specs(cls):
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from concourse.model.job import JobVariant
from concourse.model.base import Trait, TraitTransformer, AttributeSpec
ATTRIBUTES = (
AttributeSpec.optional(
name='interval',
default='5m',
doc='''
go-style time interval between job executions. Supported suffixes are: `s`, `m`, `h`
''',
),
)
class CronTrait(Trait):
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
@classmethod
def _attribute_specs(cls):
return ATTRIBUTES
def interval(self):
)
from concourse.model.base import (
AttributeSpec,
Trait,
TraitTransformer,
ModelValidationError,
ScriptType,
)
COMPONENT_DESCRIPTOR_DIR_INPUT = ('component_descriptor_dir',
'component_descriptor_dir')
ATTRIBUTES = (
AttributeSpec.optional(
name='step',
default={'name': 'component_descriptor'},
doc='The build step name injected by this trait',
type=dict,
),
AttributeSpec.optional(
name='resolve_dependencies',
default=True,
doc=
'Indicates whether or not unresolved component dependencies should be resolved',
type=bool,
),
AttributeSpec.optional(
name='component_name',
default=None, # actually, it is determined at runtime
doc=
'Manually overwrites the component name (which defaults to github repository path)',
),
)
from concourse.model.base import (
AttributeSpec,
ModelValidationError,
ScriptType,
Trait,
TraitTransformer,
)
from concourse.model.job import (
JobVariant,
)
ATTRIBUTES = (
AttributeSpec.optional(
name='preprocess',
default='finalize',
doc='version processing operation to set effective version',
),
)
class DraftReleaseTrait(Trait):
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
def transformer(self):
return DraftReleaseTraitTransformer()
@classmethod
def _attribute_specs(cls):
return ATTRIBUTES
return False
if qualifier is not None and id.qualifier() != qualifier:
return False
return True
return filter(filter_expr, self.resources_dict.values())
def resource(self, resource_identifier):
return self[resource_identifier]
REPO_ATTRS = (
AttributeSpec.optional(
name='name',
default='source',
doc='''
the logical repository name. affects environment variable names and is used to reference
from traits.
''',
),
AttributeSpec.optional(
name='cfg_name',
default=None,
doc='''
the github_cfg to use for authentication. Defaults to concourse-specific default
''',
),
AttributeSpec.optional(
name='force_push',
default=False,
doc='whether or not force-pushes ought to be done',
type=bool,
By default, no image references are excluded.
''',
),
)
def include_image_references(self):
return self.raw['include_image_references']
def exclude_image_references(self):
return self.raw['exclude_image_references']
ATTRIBUTES = (
AttributeSpec.optional(
name='parallel_jobs',
default=12,
doc='amount of parallel scanning threads',
type=int,
),
AttributeSpec.optional(
name='cve_threshold',
default=7,
doc='CVE threshold to interpret as an error',
type=int,
),
AttributeSpec.optional(
name='filters',
default={
'include_image_references': (),
'exclude_image_references': ()
},
doc='optional filters to restrict container images to process',
Trait,
TraitTransformer,
ScriptType,
)
import concourse.model.traits.component_descriptor
from .images import (
IMAGE_ATTRS,
ImageFilterMixin,
)
ATTRIBUTES = (
*IMAGE_ATTRS,
AttributeSpec.optional(
name='parallel_jobs',
default=4,
doc='how many uploads to process in parallel',
type=int,
),
AttributeSpec.required(name='upload_registry_prefix',
doc='''
all matching container images are uploaded as copies to
the specified container registry. The original image reference names are
mangled.
'''),
)
class ImageUploadTrait(Trait, ImageFilterMixin):
@classmethod
def _attribute_specs(cls):
return ATTRIBUTES
from concourse.model.step import (
PipelineStep,
StepNotificationPolicy,
)
from concourse.model.base import (
AttributeSpec,
Trait,
TraitTransformer,
ModelBase,
ScriptType,
)
POLICIES_ATTRIBS = (
AttributeSpec.optional(
name='require-label',
default='reviewed/ok-to-test',
doc='the label required for PR build to start',
),
AttributeSpec.optional(
name='replacement-label',
default='needs/ok-to-test',
doc='the label set after require-label was removed by PR build',
),
)
class PullRequestPolicies(ModelBase):
@classmethod
def _attribute_specs(cls):
return POLICIES_ATTRIBS
class ReleaseCommitPublishingPolicy(EnumWithDocumentation):
TAG_AND_PUSH_TO_BRANCH = EnumValueWithDocumentation(
value='push_to_branch',
doc='publish release tag to branch',
)
TAG_ONLY = EnumValueWithDocumentation(
value='tag_only',
doc='publish release tag to dead-end',
)
ATTRIBUTES = (AttributeSpec.optional(
name='nextversion',
default=NextVersion.BUMP_MINOR.value,
doc='specifies how the next development version is to be calculated',
type=NextVersion,
),
AttributeSpec.optional(
name='release_callback',
default=None,
doc='''
an optional callback that is called during release commit creation. The callback is passed
the absolute path to the main repository's work tree via environment variable `REPO_DIR`.
Any changes left inside the worktree are added to the resulting release commit.
''',
),
AttributeSpec.optional(
name='release_callback_image_reference',
default=None,
doc='''
ModelBase,
ScriptType,
)
from model.base import ModelValidationError
from product.scanning import ProcessingMode
from .component_descriptor import COMPONENT_DESCRIPTOR_DIR_INPUT
from .images import (
IMAGE_ATTRS,
ImageFilterMixin,
)
PROTECODE_ATTRS = (
AttributeSpec.optional(
name='parallel_jobs',
default=12,
doc='amount of parallel scanning threads',
type=int,
),
AttributeSpec.optional(
name='cve_threshold',
default=7,
doc='CVE threshold to interpret as an error',
type=int,
),
AttributeSpec.optional(
name='processing_mode',
default='upload_if_changed',
doc='Protecode processing mode',
type=ProcessingMode,
),
AttributeSpec.optional(
# limitations under the License.
from concourse.model.job import (
JobVariant,
)
from concourse.model.base import (
AttributeSpec,
Trait,
TraitTransformer,
)
ATTRIBUTES = (
AttributeSpec.optional(
name='suppress_parallel_execution',
default=None,
doc='whether parallel executions of the same job should be prevented',
type=bool,
),
)
class SchedulingTrait(Trait):
@classmethod
def _attribute_specs(cls):
return ATTRIBUTES
# XXX: merge this with cron-trait
def transformer(self):
return SchedulingTraitTransformer()
def suppress_parallel_execution(self):
def attrs(pipeline_step):
return (
AttributeSpec.optional(
name='depends',
default=set(),
doc='step names this step declares a dependency towards',
type=set,
),
AttributeSpec.optional(
name='execute',
default=from_instance(attr_name='name', value_doc='step name'),
doc='''
The executable (with optional additional arguments) to run. The executable path
is calculated relative to `<main_repo>/.ci`.
Has two forms:
- scalar value (str in most cases) --> no shell-escaping is done
- list of scalar values -> used verbatim as ARGV
''',
),
AttributeSpec.optional(
name='notifications_cfg',
default='default',
doc='''
Configures build notification policies (see
:ref:`notifications trait <trait-notifications>`)
''',
type=str,
),
AttributeSpec.optional(
name='image',
default=None,
doc='''
the container image reference to use for the executing container.
If not set, the default image will be used.
''',
),
AttributeSpec.optional(
name='registry',
default=None,
doc='''
The container image registry cfg_name. Required when retrieving container images
from a non-default image registry that requires authentication.
''',
),
AttributeSpec.optional(
name='inputs',
default={},
doc='''
a mapping of inputs produced by other build steps:
{ input_name: output_name }
`input_name` is converted to UPPER_CASE and exposed to the step as an environment
variable containing the relative path to the output.
''',
type=dict,
),
AttributeSpec.optional(
name='output_dir',
default=None,
doc='''
exposes a writable directory to the job. The directory is specified via environment
variable named as the given value + _PATH (converted to UPPER-case and snake_case).
Any files placed into this directory are passed to subsequent steps declaring the output
as input. The unchanged value configured is used as input name.
e.g.: `output_dir: out` results in env var `OUT_PATH`.
''',
),
AttributeSpec.optional(
name='publish_to',
default={},
doc='''
has two forms:
* list of logical repository names to which commits created by this step should be
published.
* a dictionary: <name: options>
The second form currently accepts exactly one argument: `force_push` (bool) and is used
to specify that a force-push should be done.
The step executable must only commit the changes in the repository's worktree without
pushing them.
Example:
.. code-block:: yaml
steps:
foo:
publish_to:
my_repo:
force_push: true
''',
type=list,
),
AttributeSpec.optional(
name='vars',
default={},
doc='''
pairs of {env_var_name: <python expression>}
the specified python expressions are evaluated during pipeline replication.
An instance of the current pipeline_model is accessible through the
`pipeline_descriptor` symbol.
The evaluation result is exposed to this build step via the specified environment
variable.
''',
),
AttributeSpec.optional(
name='privilege_mode',
default=PrivilegeMode.UNPRIVILEGED,
type=PrivilegeMode,
doc='''
privilege mode for step. Use carefully when running potentially untrusted code.
''',
),
AttributeSpec.optional(
name='timeout',
default=None,
doc='''
go-style time interval (e.g.: '1h30m') after which the step will be interrupted and fail.
''',
),
AttributeSpec.optional(
name='retries',
default=None,
doc='''
positive integer specifying the maximum amount of failures until the step is
counted as failed
''',
),
)
default=None,
doc='Create release notes and add them to the GitHub release.',
type=str,
),
AttributeSpec.optional(
name=cls.DISABLED.value,
default=None,
doc='Do not create release notes.',
type=str,
),
)
ATTRIBUTES = (AttributeSpec.optional(
name='nextversion',
default='bump_minor',
doc='specifies how the next development version is to be calculated',
),
AttributeSpec.optional(
name='release_callback',
default=None,
doc='''
an optional callback that is called during release commit creation. The callback is passed
the absolute path to the main repository's work tree via environment variable `REPO_DIR`.
Any changes left inside the worktree are added to the resulting release commit.
''',
),
AttributeSpec.optional(
name='rebase_before_release',
default=False,
doc='''
AttributeSpec,
AttribSpecMixin,
ScriptType,
Trait,
TraitTransformer,
)
from model.base import (
ModelDefaultsMixin,
ModelValidationError,
)
IMG_DESCRIPTOR_ATTRIBS = (
AttributeSpec.optional(
name='registry',
default=None,
type=str,
doc='name of the registry config to use when pushing the image (see cc-utils).',
),
AttributeSpec.required(
name='image',
type=str,
doc='image reference to publish the created container image to.',
),
AttributeSpec.optional(
name='inputs',
default={
'repos': None, # None -> default to main repository
'steps': {},
},
doc='configures the inputs that are made available to image build',
type=dict, # todo: define types
class Notify(enum.Enum):
EMAIL_RECIPIENTS = 'email_recipients'
NOBODY = 'nobody'
COMPONENT_OWNERS = 'component_owners'
CHECKMARX_ATTRIBUTES = (
AttributeSpec.required(
name='team_id',
doc='checkmarx team id',
type=int,
),
AttributeSpec.optional(
name='severity_threshold',
default=30,
doc='threshold above which to notify recipients',
type=int,
),
AttributeSpec.required(
name='cfg_name',
doc='config name for checkmarx',
type=str,
),
)
class CheckmarxCfg(ModelBase):
@classmethod
def _attribute_specs(cls):
return CHECKMARX_ATTRIBUTES
class MergeMethod(enum.Enum):
MERGE = 'merge'
REBASE = 'rebase'
SQUASH = 'squash'
class UpstreamUpdatePolicy(enum.Enum):
STRICTLY_FOLLOW = 'strictly_follow'
ACCEPT_HOTFIXES = 'accept_hotfixes'
MERGE_POLICY_CONFIG_ATTRIBUTES = (
AttributeSpec.optional(
name='component_names',
default=[],
type=typing.List[str],
doc=
('a sequence of regular expressions. This merge policy will be applied to matching '
'component names. Matches all component names by default')),
AttributeSpec.optional(
name='merge_mode',
default='manual',
type=MergePolicy,
doc='whether or not created PRs should be automatically merged',
),
AttributeSpec.optional(
name='merge_method',
default='merge',
type=MergeMethod,
doc=(
'The method to use when merging PRs automatically. For more details, check '
from concourse.model.job import (
JobVariant,
)
import concourse.model.traits.component_descriptor
class MergePolicy(enum.Enum):
MANUAL = 'manual'
AUTO_MERGE = 'auto_merge'
ATTRIBUTES = (
AttributeSpec.optional(
name='set_dependency_version_script',
default='.ci/set_dependency_version',
doc='configures the path to set_dependency_version script',
),
AttributeSpec.optional(
name='upstream_component_name',
default=None, # defaults to main repository
doc='configures the upstream component',
),
AttributeSpec.optional(
name='merge_policy',
default=MergePolicy.MANUAL,
doc='whether or not created PRs should be automatically merged',
),
AttributeSpec.optional(
name='after_merge_callback',
default=None,
JobVariant, )
from concourse.model.step import (
PipelineStep,
StepNotificationPolicy,
)
from concourse.model.base import (
AttributeSpec,
Trait,
TraitTransformer,
ScriptType,
)
ATTRIBUTES = (
AttributeSpec.optional(
name='preprocess',
default='inject-commit-hash',
doc=
'sets the semver version operation to calculate the effective version during the build',
),
AttributeSpec.optional(
name='versionfile',
default='VERSION',
doc='relative path to the version file',
),
AttributeSpec.optional(
name='inject_effective_version',
default=False,
doc='''
whether or not the effective version is to be written into the source tree's VERSION file
''',
type=bool,
),
