| steps: |
| - id: Lock |
| name: golang:1.21.5 |
| entrypoint: bash |
| args: |
| - -ec |
| - | |
| if [[ "$COMMIT_SHA" = '' ]]; then |
| echo "no COMMIT_SHA, not locking" |
| exit 0 |
| fi |
| go run golang.org/x/website/cmd/locktrigger@latest \ |
| -project $PROJECT_ID -build $BUILD_ID -repo https://go.googlesource.com/vulndb |
| |
| - id: Unshallow |
| name: gcr.io/cloud-builders/git |
| entrypoint: bash |
| args: |
| - -c |
| - | |
| if ! git fetch --unshallow; then |
| echo "git fetch --unshallow failed, no worries mate" |
| fi |
| |
| - id: Test |
| name: golang:1.21.5 |
| entrypoint: bash |
| args: |
| - -ec |
| - go test ./... |
| |
| - id: CopyExisting |
| name: gcr.io/cloud-builders/gsutil |
| entrypoint: bash |
| args: |
| - -ec |
| - gsutil -q -m cp -r gs://go-vulndb /workspace |
| |
| - id: Generate |
| name: golang:1.21.5 |
| entrypoint: bash |
| args: ["-ec", "go run ./cmd/gendb -out /workspace/db -zip /workspace/db/vulndb.zip"] |
| |
| - id: PreValidate |
| name: golang:1.21.5 |
| entrypoint: bash |
| args: |
| - -ec |
| - go run ./cmd/checkdeploy -new /workspace/db -existing /workspace/go-vulndb |
| |
| - id: Deploy |
| name: gcr.io/cloud-builders/gsutil |
| entrypoint: bash |
| args: ["./deploy/gcp-deploy.sh"] |
| |
| - id: CopyDeployed |
| name: gcr.io/cloud-builders/gsutil |
| entrypoint: bash |
| args: |
| - -ec |
| - mkdir /workspace/deployed && gsutil -q -m cp -r gs://go-vulndb /workspace/deployed |
| |
| - id: PostValidate |
| name: golang:1.20.12 |
| entrypoint: bash |
| args: ["-ec", "go run ./cmd/checkdb /workspace/deployed/go-vulndb"] |
| env: |
| - 'GOPROXY=https://proxy.golang.org' |
| |
| - id: PublishCVEs |
| name: golang:1.23.0 |
| entrypoint: bash |
| args: ["-ec", "go run ./cmd/cve -key $$CVE_API_USER -user $$CVE_API_USER publish-all"] |
| secretEnv: ['CVE_API_USER', 'CVE_API_KEY'] |
| |
| availableSecrets: |
| secretManager: |
| - versionName: ${_CVE_API_KEY} |
| env: 'CVE_API_KEY' |
| - versionName: ${_CVE_API_USER} |
| env: 'CVE_API_USER' |