├── .codefresh └── codefresh.yaml ├── .gitignore ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── docs └── plugin.md ├── dynamic-catalog.md ├── plugins ├── Annotate-GitLab-Merge │ ├── README.md │ ├── example.yaml │ └── plugin.yaml ├── Blue-green-deploy │ ├── README.md │ ├── example.yaml │ ├── logo.jpg │ └── plugin.yaml ├── Send-SMS │ ├── README.md │ ├── example.yaml │ └── plugin.yaml ├── anchore │ ├── NOTES.txt │ ├── README.md │ ├── example.yml │ └── plugin.yml ├── azure-builder │ ├── README.md │ ├── example.yaml │ └── plugin.yaml ├── canary-deployment │ ├── README.md │ ├── example.yaml │ └── plugin.yaml ├── categories.yaml ├── cfstep-twistlock │ └── README.md ├── clair │ ├── README.md │ └── plugin.yaml ├── codefresh-cli │ ├── NOTES.md │ ├── README.md │ ├── example.yaml │ └── plugin.yaml ├── dcos-app-deploy │ ├── NOTES.md │ ├── README.md │ └── plugin.yaml ├── docker-service │ ├── README.md │ └── plugin.yaml ├── ecs-deploy │ ├── README.md │ └── plugin.yaml ├── gitclonerssh │ ├── README.md │ └── plugin.yaml ├── github-pr │ ├── README.MD │ └── plugin.yaml ├── github-release │ ├── README.md │ ├── github-release │ │ ├── README.md │ │ └── plugin.yaml │ └── plugin.yaml ├── gitsubmodules │ ├── README.md │ └── plugin.yaml ├── gitter-notifier │ ├── NOTES.md │ ├── README.md │ └── plugin.yaml ├── gke │ ├── README.md │ ├── example.yaml │ ├── plugin.yaml │ └── plugin_old.yaml ├── google-kms │ ├── Dockerfile │ ├── README.md │ ├── example.yaml │ ├── google-kms.sh │ └── plugin.yaml ├── helm-legacy │ ├── .swp │ ├── NOTES.md │ ├── README.md │ ├── example.yaml │ ├── plugin.yaml │ └── plugin_old.yaml ├── helm │ ├── README.md │ ├── example.yaml │ ├── plugin.yaml │ └── plugin_old.yaml ├── import-docker-images │ ├── README.md │ ├── example.yaml │ ├── plugin.yaml │ └── plugin_old.yaml ├── jira │ ├── NOTES.md │ ├── README.md │ └── plugin.yaml ├── kompose │ ├── README.md │ ├── example.yaml │ ├── example │ │ ├── codefresh.yaml │ │ └── docker-compose.yaml │ ├── plugin.yaml │ └── plugin_old.yaml ├── makisu │ ├── README.md │ ├── example.yaml │ └── plugin.yml ├── paclair │ ├── README.md │ ├── example.yaml │ └── plugin.yaml ├── release-to-NPM │ ├── NOTES.md │ ├── README.md │ ├── example.yaml │ └── plugin.yaml ├── run-jenkins-job │ ├── README.md │ ├── example.yaml │ ├── plugin.yaml │ └── plugin_old.yaml ├── sendgrid │ ├── README.md │ ├── example.yaml │ ├── plugin.yaml │ └── plugin_old.yaml ├── slack-notifier │ ├── NOTES.md │ ├── README.md │ └── plugin.yaml ├── slack │ ├── NOTES.md │ ├── README.md │ └── plugin.yaml ├── telegram-notifier │ ├── NOTES.md │ ├── README.md │ └── plugin.yaml ├── testplugin │ ├── README.MD │ └── plugin.yaml ├── testplugin1 │ ├── README.MD │ └── plugin.yaml ├── twilio │ ├── README.md │ └── plugin.yaml ├── twistlock-scan │ ├── Dockerfile │ ├── LICENSE.md │ ├── README.md │ ├── codefresh.yml │ ├── example.yaml │ ├── plugin.yaml │ └── scripts │ │ └── twistlock.py ├── vault │ ├── README.md │ ├── example.yaml │ ├── logo.jpg │ └── plugin.yaml └── versioner │ ├── Dockerfile │ ├── LICENSE.md │ ├── README.md │ ├── codefresh.yml │ └── plugin.yaml ├── submit.json ├── tools ├── Dockerfile ├── index.js ├── package-lock.json ├── package.json ├── t.yaml └── template.md └── version /.codefresh/codefresh.yaml: -------------------------------------------------------------------------------- 1 | version: '1.0' 2 | steps: -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .idea/ 2 | node_modules -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing Guidelines 2 | 3 | The Codefresh Plugins project accepts contributions via GitHub pull requests. This document outlines the process to help get your contribution accepted. 4 | 5 | ### How to Contribute a Plugin 6 | 7 | 1. Develop and test your plugin 8 | 2. Create a github repository for your plugin containing the following: 9 | - all the source files needed to create the plugin 10 | - a Dockerfile that describes how to package your plugin in a Docker image 11 | - a plugin.yaml file (see further for the schema) 12 | - an example.yaml file that shows how to use your plugin in a Codefresh pipeline 13 | 3. Ensure your Plugin follows the [technical](#technical-requirements) and [documentation](#documentation-requirements) guidelines, described below 14 | 4. Fork this repository (codefresh-io/plugins) 15 | 4. Update [plugin submission file](submit.json) with your plugin properties 16 | 5. Submit a pull request 17 | 18 | ***NOTE***: In order to make testing and merging of PRs easier, please submit changes to multiple plugins in separate PRs. 19 | 20 | #### Technical requirements 21 | 22 | * The Plugin with all its dependencies should be packaged into a single Docker container 23 | * The Plugin code must be available as public GitHub repository 24 | * It should be possible to build the Plugin using single `Dockerfile` (use *multi-stage* build if needed) 25 | * The Plugin Docker Image should not have any major security vulnerabilities 26 | * It should be possible to run the Plugin with simple `docker run` command, providing all required environment variables and volumes 27 | 28 | #### Documentation requirements 29 | 30 | * Must include an in-depth `README.md`, including: 31 | * Short description of the Plugin 32 | * Customization: explaining all required variables and their defaults 33 | 34 | ### Merge approval and release process 35 | 36 | A Codefresh Plugins maintainer will review the Plugin submission, and start a validation job in the CI to verify the technical requirements of the Plugin. A maintainer may add "LGTM" (Looks Good To Me) or an equivalent comment to indicate that a PR is acceptable. Any change requires at least one LGTM. No pull requests can be merged until at least one maintainer signs off with an LGTM. 37 | 38 | Once the Plugin has been merged, the release job will automatically run in the CI to package and release the Plugin in the [`gs://codefresh-plugins` Google Storage bucket](https://console.cloud.google.com/storage/browser/codefresh-plugins/). 39 | 40 | ### Support Channels 41 | 42 | Whether you are a user or contributor, official support channels include: 43 | 44 | - GitHub issues: https://github.com/codefresh-io/plugins/issues 45 | - Slack: *TBD* 46 | 47 | Before opening a new issue or submitting a new pull request, it's helpful to search the project - it's likely that another user has already reported the issue you're facing, or it's a known issue that we're already aware of. 48 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Codefresh plugins 2 | 3 | This is a deprecated repository 4 | 5 | Please see our new plugins repository: https://github.com/codefresh-io/steps 6 | 7 | To created a new step navigate here: https://codefresh.io/docs/docs/codefresh-yaml/steps/#creating-your-own-step 8 | 9 | https://codefresh.io/steps/ 10 | -------------------------------------------------------------------------------- /docs/plugin.md: -------------------------------------------------------------------------------- 1 | # Plugins 2 | 3 | Plugins are created as files laid out in a particular directory tree, 4 | then they can be packaged into versioned archives to be deployed. 5 | 6 | This document explains the plugin format, and provides basic guidance for 7 | building plugins. 8 | 9 | ## Plugin File Structure 10 | 11 | A plugin is organized as a collection of files inside of a directory. The 12 | directory name is the name of the plugin (without versioning information). Thus, 13 | a plugin describing "Kubernetes Deployment" would be stored in the `kube-deploy/` directory. 14 | 15 | Inside of this directory, Codefresh will expect a structure that matches this: 16 | 17 | ``` 18 | kube-deploy/ 19 | plugin.yaml # A YAML file containing information about the plugin 20 | LICENSE # OPTIONAL: A plain text file containing the license for the plugin 21 | README.md # OPTIONAL: A human-readable README file 22 | NOTES.md # OPTIONAL: A plain text file containing short usage notes 23 | ``` 24 | 25 | 26 | ## The plugin.yaml File 27 | 28 | The `plugin.yaml` file is required for a plugin. It contains the following fields: 29 | 30 | ```yaml 31 | image: The fully qualified name of the plugin Docker image (required) 32 | tag: The plugin image tag (optional, default "latest") 33 | version: SevVer 2 version for the plugin (required) 34 | description: A single-sentence description of this plugin (optional) 35 | keywords: 36 | - A list of keywords about this plugin (optional) 37 | home: The URL of this plugin's home page (optional) 38 | sources: 39 | - A list of URLs to source code for this plugin (optional) 40 | maintainers: # (optional) 41 | - name: The maintainer's name (required for each maintainer) 42 | email: The maintainer's email (optional for each maintainer) 43 | icon: A URL to an SVG or PNG image to be used as an icon (optional) 44 | envs: 45 | - name: The variable name (required) 46 | type: required | optional | runtime (default to "optional") 47 | alias: alternative name, used inside the plugin container (optional) 48 | description: A short description for the variable (optional) 49 | volumes: 50 | - name: The volume name 51 | required: true | false (default "false") 52 | description: A short description for attached volume 53 | context: 54 | - kind: Codefresh context kind to inject automatically to the plugin 55 | ``` 56 | 57 | 58 | ### Plugins and Versioning 59 | 60 | Every plugin must have a version number. A version must follow the 61 | [SemVer 2](http://semver.org/) standard. Codefresh Plugins uses version numbers as release markers. Plugins in repositories are identified by name plus version. 62 | 63 | For example, an `kube-deploy` plugin whose version field is set to `version: 64 | 1.2.3` will be named: 65 | 66 | ``` 67 | kube-deploy-1.2.3.tgz 68 | ``` 69 | 70 | More complex SemVer 2 names are also supported, such as 71 | `version: 1.2.3-alpha.1+ef365`. But non-SemVer names are explicitly 72 | disallowed by the system. 73 | 74 | ### Predefined Variables 75 | 76 | The following environment variables are pre-defined, are available to every plugin, and 77 | cannot be overridden. 78 | 79 | - `CF_BUILD_TIMESTAMP`: Codefresh pipeline start execution timestamp 80 | - `CF_SHORT_REVISION`: short Git commit SHA 81 | - `CF_REVISION`: full Git commit SHA 82 | - `CF_REPO_NAME`: Git repository name 83 | - `CF_BRANCH_TAG_NORMALIZED`: default image tag for Codefresh CI pipeline 84 | - `CF_BRANCH`: Git branch name 85 | - `CF_BUILD_URL`: URL to Codefresh pipeline log 86 | - `CF_COMMIT_AUTHOR`: Git commit author 87 | - `CF_VOLUME_PATH`: Codefresh shared context volume (default to `/codefresh/volume`) 88 | - `CF_COMMIT_URL`: Git commit URL 89 | - `CF_BRANCH_VERSION_NORMALIZED`: 90 | - `CF_COMMIT_MESSAGE`: Git commit message 91 | - `CF_BUILD_ID`: Codefresh pipeline ID 92 | - `CF_REPO_OWNER`: Codefresh pipeline owner 93 | - `CF_BUILD_TRIGGER`: Codefresh pipeline trigger 94 | 95 | ### Predefined Volumes and Files 96 | 97 | - `/codefresh/volume` - same volume mounted to all steps running in Codefresh pipeline 98 | - `/codefresh/volume/env_vars_to_export` - a placeholder file to be filled with **exported** environment variables; any exported variable can be used in subsequent pipeline steps -------------------------------------------------------------------------------- /dynamic-catalog.md: -------------------------------------------------------------------------------- 1 | # **Catalog** 2 | Created at ** Mon Feb 11 2019 10:10:28 GMT+0000 (Coordinated Universal Time)** 3 | 4 | 5 | | Plugin Name | Image | Description | source | Tags | 6 | | ------------- |:-------------:| :----: |:-----:|:----:| 7 | | Annotate-GitLab-Merge | codefresh/gitlab-mr-annotate:latest | The plugin allows for easy applying labels to GitLab merge requests | | | 8 | | Blue-green-deploy | codefresh/k8s-blue-green:master | Perform blue/green deployments on a Kubernetes cluster | | | 9 | | Send-SMS | codefresh/twilioplugin:latest | Send SMS notifications via Twillio | | | 10 | | azure-builder | codefresh/cf-azure-builder | Docker build in Azure ACR | | **`docker`** **`azure`** | 11 | | canary-deployment | codefresh/k8s-canary:master | Perform canary deployments on a Kubernetes cluster. | | | 12 | | clair | codefresh/klar:master | Scan an image with Clair | https://github.com/optiopay/klar | **`clair`** **`security`** | 13 | | codefresh-cli | codefresh/cli:latest | Operate on Codefresh resources | | | 14 | | dcos-app-deploy | codefresh/cf-deploy-dcos | Deploy an application on dcos cluster | https://github.com/codefresh-io/cf-deploy-dcos | **`dcos`** **`deploy`** **`deployment`** | 15 | | docker-service | codefresh/docker-service | Codefresh docker-service plugin | https://github.com/codefresh-io/docker-service | **`docker`** **`docker-machine`** **`docker-compose`** | 16 | | ecs-deploy | codefresh/ecs | Release a Helm chart (update or install) | https://github.com/codefresh-io/cf-deploy-ecs.git | **`ecs`** **`deploy`** **`containers`** | 17 | | gitclonerssh | codefresh/cfstep-gitclonerssh | clone git repositories via SSH. | https://github.com/codefresh-io/cfstep-gitclonerssh | **`git`** **`clone`** **`ssh`** | 18 | | github-pr | codefresh/github-pr-plugin | Operates on GitHub pull requests | https://github.com/codefresh-io/github-pr-plugin | **`docker`** **`github`** **`pull-request`** | 19 | | github-release | docker.io/codefresh/cfstep-github-release | Plugin to make github releases | https://github.com/codefresh-contrib/cfstep-github-release | **`github`** **`release`** | 20 | | gitsubmodules | codefresh/cfstep-gitsubmodules | Update git submodules | https://github.com/codefresh-io/cfstep-gitsubmodules | **`git`** **`submodules`** | 21 | | gke | codefresh/plugin-gke:latest | Codefresh gke plugin | | | 22 | | google-kms | codefresh/google-kms:latest | Facilitates work with Google Key Management Service for such operations as encrypting and decrypting | | | 23 | | helm | codefresh/cfstep-helm:2.9.0 | Release a Helm chart (update or install) | | | 24 | | helm-legacy | codefresh/plugin-helm:2.7.2 | Release a Helm chart (update or install). There is a new Helm plugin with added capabilities, we are keeping this plugin as is for backward-compatibility. The new plugin is at /incubator/helm (https://github.com/codefresh-io/plugins/tree/master/incubator/helm) | | | 25 | | import-docker-images | codefresh/import-images:master | Import metadata for existing Docker images into Codefresh | | | 26 | | jira | otomato/jira-cli | Update a Jira ticket | https://github.com/codefreshdemo/jira-cli-docker | **`jira`** | 27 | | kompose | codefresh/plugin-kompose:v1.5.0 | Release a Docker Compose to Kubernetes | | | 28 | | paclair | codefresh/cfstep-paclair | Scan docker images with Clair - https://github.com/coreos/clair | | **`docker`** **`clair`** **`security`** | 29 | | release-to-NPM | codefresh/release-to-npm:latest | Publishes a nodejs package to NPM registry | | | 30 | | run-jenkins-job | codefresh/run-jenkins-jobs:master | Run jenkins job from codefresh pipeline | | | 31 | | sendgrid | codefresh/sendgridplugin:latest | Send e-mail via Sendgrid | | | 32 | | slack | codefresh/slack-message-sender | Send message to slack channel | https://github.com/codefresh-io/slack-message-sender | **`slack`** | 33 | | slack-notifier | codefresh/slacknotifier | Send message to slack channel | https://github.com/codefresh-io/slack-notifier | **`slack`** | 34 | | testplugin | codefresh/github-pr-plugin | Creates GitHub pull request | https://github.com/codefresh-io/github-pr-plugin | **`testplugin`** | 35 | | testplugin1 | codefresh/github-pr-plugin | test plugin1! | https://github.com/codefresh-io/github-pr-plugin | **`testplugin1`** | 36 | | twilio | codefresh/twilioplugin | Send SMS message via Twilio | https://github.com/codefresh-io/twillio-plugin | **`sms`** **`twilio`** | 37 | | vault | codefresh/cf-vault-plugin:latest | The plugin exports KV pairs from Hashicorp Vault to Codefresh pipeline ENV variables | | | 38 | 39 | -------------------------------------------------------------------------------- /plugins/Annotate-GitLab-Merge/README.md: -------------------------------------------------------------------------------- 1 | # Annotate GitLab Merge requests 2 | 3 | The plugin allows for easy applying labels to GitLab merge requests from a Codefresh pipeline 4 | 5 | ## Basic usage 6 | 7 | ``` 8 | AnnotateMR: 9 | image: codefresh/gitlab-mr-annotate 10 | environment: 11 | - GIT_CONTEXT=my_gitlab_context_name 12 | - LABELS=my_label1,my_label2,my_label_n 13 | ``` 14 | ## Environment variables 15 | 16 | | Name | Description | Default value | 17 | |------------------|-----------------------------------------------------------------------------------------------|----------------------------------| 18 | | GIT_CONTEXT | The name of the git provider context you can see on the integrations page. | none | 19 | | LABELS | The comma separated list of labels you would like to apply to the merge request | none | 20 | | PROJECT_ID | The ID of the GitLab project. Optional (the default value is formed from Codefresh variables) | $CF_REPO_OWNER%2F$CF_REPO_NAME | 21 | | MERGE_REQUEST_ID | The ID of the merge request. Optional (the default value is formed from Codefresh variables) | $CF_PULL_REQUEST_ID | 22 | -------------------------------------------------------------------------------- /plugins/Annotate-GitLab-Merge/example.yaml: -------------------------------------------------------------------------------- 1 | AnnotateMR: 2 | image: codefresh/gitlab-mr-annotate 3 | environment: 4 | - GIT_CONTEXT=my_gitlab_context_name 5 | - LABELS=my_label1,my_label2,my_label_n 6 | -------------------------------------------------------------------------------- /plugins/Annotate-GitLab-Merge/plugin.yaml: -------------------------------------------------------------------------------- 1 | title: Annotate GitLab Merge Requests 2 | image: codefresh/gitlab-mr-annotate:latest 3 | description: The plugin allows for easy applying labels to GitLab merge requests 4 | category: 5 | - Featured 6 | source: 'https://github.com/codefresh-contrib/cf-gitlab-mr-annotate' 7 | logo: 'https://raw.githubusercontent.com/codefresh-io/plugins/new-pipeline/plugins/vault/logo.jpg' 8 | maintainers: 9 | - name: Alex Kogan 10 | envs: 11 | - name: GIT_CONTEXT 12 | description: The name of the git provider context you can see on the integrations page. 13 | - name: LABELS 14 | description: The comma separated list of labels you would like to apply to the merge request 15 | - name: PROJECT_ID 16 | description: 'The ID of the GitLab project. Optional (the default value is formed from Codefresh variables)' 17 | - name: MERGE_REQUEST_ID 18 | description: 'The ID of the merge request. Optional (the default value is formed from Codefresh variables)' 19 | -------------------------------------------------------------------------------- /plugins/Blue-green-deploy/README.md: -------------------------------------------------------------------------------- 1 | # Kubernetes blue green deployments 2 | 3 | This repository holds a bash script that allows you to perform blue/green deployments on a Kubernetes cluster. 4 | See also the respective [blog post](https://codefresh.io/kubernetes-tutorial/fully-automated-blue-green-deployments-kubernetes-codefresh/) 5 | 6 | ## Description 7 | 8 | The script expects you to have an existing deployment and service on your K8s cluster. It does the following: 9 | 10 | 1. Finds the current deployment (by looking at the selector of the service) 11 | 1. Copies the old deployment to a new one changing the Docker image to the new version 12 | 1. Applies the new deployment on the cluster. At this point both deployments co-exist 13 | 1. Waits for a configurable amount of seconds 14 | 1. Checks the health of the new pods. If there are restarts, it considers the new deployment unhealthy. In that case it removes it and the cluster is unaffected by the deployment 15 | 1. If the health is ok it switches the service to point to the new deployment 16 | 1. It removes the old deployment 17 | 18 | Of course during the wait period when both deployments are active, you are free to run your own additional 19 | checks or integration tests to see if the new deployment is ok. 20 | 21 | ## Prerequisites 22 | 23 | As a convention the script expects 24 | 25 | 1. The name of your deployment to be $APP_NAME-$VERSION 26 | 1. Your deployment should have a label that shows it version 27 | 1. Your service should point to the deployment by using *both* a version and label 28 | 29 | Notice that the new color deployment created by the script will follow the same conventions. This 30 | way each subsequent pipeline you run will work in the same manner. 31 | 32 | You can see examples of the tags with the sample application: 33 | 34 | * [service](example/service.yml) 35 | * [deployment](example/deployment.yml) 36 | 37 | 38 | ## How to use the script on its own 39 | 40 | The script needs one environment variable called `KUBE_CONTEXT` that selects the K8s cluster that will be used (if you have more than one) 41 | 42 | The rest of the parameters are provided as command line arguments 43 | 44 | | Parameter | Argument Number | Description | 45 | | ----------| --------------- | --------------- | 46 | | Service | 1 | Name of the existing service | 47 | | Deployment | 2 | Name of the existing deployment | 48 | | New version | 3 | Tag of the new docker image | 49 | | Health command | 4 | Currently unused | 50 | | Health seconds | 5 | Time where both deployments will co-exist | 51 | | Namespace | 6 | Kubernetes namespace that will be used | 52 | 53 | Here is an example: 54 | 55 | ``` 56 | ./k8s-blue-green.sh myService myApp 73df943 true 30 my-namespace 57 | ``` 58 | 59 | 60 | 61 | ## How to do Blue/Green deployments in Codefresh 62 | 63 | The script also comes with a Dockerfile that allows you to use it as a Docker image in any Docker based workflow such as Codefresh. 64 | 65 | For the `KUBE_CONTEXT` environment variable just use the name of your cluster as found in the Codefresh Kubernetes dashboard. For the rest of the arguments you need to define them as parameters in your [codefresh.yml](example/codefresh.yml) file. 66 | 67 | ``` 68 | blueGreenDeploy: 69 | title: "Deploying new version ${{CF_SHORT_REVISION}}" 70 | image: codefresh/k8s-blue-green:master 71 | environment: 72 | - SERVICE_NAME=my-demo-app 73 | - DEPLOYMENT_NAME=my-demo-app 74 | - NEW_VERSION=${{CF_SHORT_REVISION}} 75 | - HEALTH_SECONDS=60 76 | - NAMESPACE=colors 77 | - KUBE_CONTEXT=myDemoAKSCluster 78 | ``` 79 | 80 | The `CF_SHORT_REVISION` variable is offered by Codefresh and contains the git hash of the version that was just pushed. See all variables in the [official documentation](https://codefresh.io/docs/docs/codefresh-yaml/variables/) 81 | 82 | ## Dockerhub 83 | The blue/green step is now deployed in dockerhub as well 84 | 85 | https://hub.docker.com/r/codefresh/k8s-blue-green/ 86 | 87 | 88 | ## Future work 89 | 90 | Further improvements 91 | 92 | * Make the script create an initial deployment/service if nothing is deployed in the kubernetes cluster 93 | * Add more complex and configurable healthchecks 94 | 95 | 96 | 97 | -------------------------------------------------------------------------------- /plugins/Blue-green-deploy/example.yaml: -------------------------------------------------------------------------------- 1 | blueGreenDeploy: 2 | title: Deploying new version ${{CF_SHORT_REVISION}} 3 | image: codefresh/k8s-blue-green:master 4 | environment: 5 | - SERVICE_NAME=my-demo-app 6 | - DEPLOYMENT_NAME=my-demo-app 7 | - NEW_VERSION=${{CF_SHORT_REVISION}} 8 | - HEALTH_SECONDS=60 9 | - NAMESPACE=colors 10 | - KUBE_CONTEXT=myDemoAKSCluster 11 | -------------------------------------------------------------------------------- /plugins/Blue-green-deploy/logo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codefresh-io/plugins/1b7236d9270736e84b6aa5991008311cf9a0b3a9/plugins/Blue-green-deploy/logo.jpg -------------------------------------------------------------------------------- /plugins/Blue-green-deploy/plugin.yaml: -------------------------------------------------------------------------------- 1 | title: 'Blue-Green Deploy' 2 | image: codefresh/k8s-blue-green:master 3 | description: 'Perform blue/green deployments on a Kubernetes cluster' 4 | category: 5 | - Featured 6 | source: 'https://github.com/codefresh-io/k8s-blue-green-deployment' 7 | logo: 'https://raw.githubusercontent.com/codefresh-io/plugins/new-pipeline/plugins/vault/logo.jpg' 8 | maintainers: 9 | - name: Kostis Kapelonis 10 | envs: 11 | - name: KUBE_CONTEXT 12 | description: 'The name of your cluster (as found in the Codefresh Kubernetes dashboard).' 13 | -------------------------------------------------------------------------------- /plugins/Send-SMS/README.md: -------------------------------------------------------------------------------- 1 | # Codefresh plugin for send SMS notification 2 | 3 | Codefresh plugin for send SMS notification via Twilio 4 | 5 | [![Codefresh build status]( https://g.codefresh.io/api/badges/pipeline/codefresh-inc/codefresh-io%2Ftwillio-plugin%2Ftwillio-plugin?branch=master&key=eyJhbGciOiJIUzI1NiJ9.NTY3MmQ4ZGViNjcyNGI2ZTM1OWFkZjYy.AN2wExsAsq7FseTbVxxWls8muNx_bBUnQWQVS8IgDTI&type=cf-2)]( https://g.codefresh.io/pipelines/twillio-plugin/builds?repoOwner=codefresh-io&repoName=twillio-plugin&serviceName=codefresh-io%2Ftwillio-plugin&filter=trigger:build~Build;branch:master;pipeline:5c1a73926ecec326b46fca2b~twillio-plugin) 6 | 7 | ## Main env variables 8 | - `TWILIO_SID` - Your account SID from Twilio console 9 | - `TWILIO_TOKEN` - Your API Auth Token from Twilio console 10 | - `TWILIO_PHONE_FROM` - Phone number from which messages will be sent 11 | - `TWILIO_PHONE_TO` - Phone number to which messages will be sent 12 | - `TWILIO_TYPE` - Type of your message [build - send info about your build via Codefresh, default - Send message with statc text] 13 | 14 | For **message** type you must provide `TWILIO_MESSAGE` env 15 | 16 | ## Config for codefresh.yml 17 | ``` 18 | version: '1.0' 19 | ... 20 | steps: 21 | ... 22 | TestSMS: 23 | title: Test SMS 24 | image: codefresh/twilioplugin:latest 25 | ... 26 | ... 27 | ``` 28 | -------------------------------------------------------------------------------- /plugins/Send-SMS/example.yaml: -------------------------------------------------------------------------------- 1 | TestSMS: 2 | title: Test SMS 3 | image: codefresh/twilioplugin:latest 4 | -------------------------------------------------------------------------------- /plugins/Send-SMS/plugin.yaml: -------------------------------------------------------------------------------- 1 | title: Send SMS 2 | image: codefresh/twilioplugin:latest 3 | description: Send SMS notifications via Twillio 4 | category: 5 | - Featured 6 | source: 'https://github.com/codefresh-io/plugins/tree/master/plugins/twilio' 7 | logo: 'https://raw.githubusercontent.com/codefresh-io/plugins/new-pipeline/plugins/vault/logo.jpg' 8 | maintainers: 9 | - name: Pasha Kostohrys 10 | envs: 11 | - name: TWILIO_SID 12 | description: Your account SID from Twilio console 13 | - name: TWILIO_TOKEN 14 | description: Your API Auth Token from Twilio console 15 | - name: TWILIO_PHONE_FROM 16 | description: Phone number from which messages will be sent 17 | - name: TWILIO_PHONE_TO 18 | description: Phone number to which messages will be sent 19 | - name: TWILIO_TYPE 20 | description: 'Type of your message [build - send info about your build via Codefresh, default - Send message with statc text]' 21 | -------------------------------------------------------------------------------- /plugins/anchore/NOTES.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codefresh-io/plugins/1b7236d9270736e84b6aa5991008311cf9a0b3a9/plugins/anchore/NOTES.txt -------------------------------------------------------------------------------- /plugins/anchore/README.md: -------------------------------------------------------------------------------- 1 | # Codefresh Anchore Plugin 2 | 3 | Anchore is a service that analyzes Docker images and generates a detailed manifest of the image, a virtual ‘bill of materials’ that includes official operating system packages, unofficial packages, configuration files, and language modules and artifacts. Anchore policies can they be defined to govern security vulnerabilities, package whitelists and blacklists, configuration file contents, presence of credentials in image, manifest changes, exposed ports or any user defined checks. These policies can be deployed site wide or customized for specific images or categories of applications. 4 | 5 | For more information view the github repo here: https://github.com/anchore/anchore-engine 6 | 7 | ## Prerequisites 8 | 9 | - Codefresh subscription 10 | - Running Anchore Engine service 11 | 12 | ### Reference 13 | 14 | - Example `codefresh.yml`: https://raw.githubusercontent.com/valancej/plugins/master/plugins/anchore/codefresh.yml 15 | - Github repo containing Dockerfile: https://github.com/valancej/node_critical_fail 16 | - Anchore Documentation: https://anchore.freshdesk.com/support/home 17 | - Anchore CLI Image: https://hub.docker.com/r/anchore/engine-cli/ 18 | 19 | ## Example 20 | 21 | In this example, we will scan an image built by Codefresh. Depending on the result of the Anchore policy evaluation, we will choose to push the image to Dockerhub or not. 22 | 23 | ### Setup 24 | 25 | The example setup is described below. 26 | 27 | ### Environment Variables 28 | 29 | These environment variables can be set within Codefresh pipeline configuration. 30 | 31 | Name|Required|Description 32 | ---|---|--- 33 | ANCHORE_CLI_URL|Yes|The address of the Anchore server 34 | ANCHORE_CLI_USER|Yes|Anchore account name 35 | ANCHORE_CLI_PASS|Yes|Anchore account password 36 | ANCHORE_FAIL_ON_POLICY|No|Fail build if policy evaluation fails 37 | ANCHORE_CLI_IMAGE|Yes|Image built and scanned 38 | 39 | ### Codefresh.yml 40 | 41 | ```yaml 42 | version: '1.0' 43 | steps: 44 | MyDockerImage: 45 | title: Building Docker Image 46 | type: build 47 | image_name: ${{QA_IMAGE}} 48 | ScanMyImage: 49 | title: Scanning Docker Image 50 | image: anchore/engine-cli:latest 51 | env: 52 | - ANCHORE_CLI_IMAGE=${{QA_IMAGE}} 53 | - ANCHORE_CLI_USER=user 54 | - ANCHORE_CLI_PASS=password 55 | - ANCHORE_CLI_URL=http://anchore-engine::8228/v1 56 | - ANCHORE_CLI_FAIL_ON_POLICY=true 57 | ``` -------------------------------------------------------------------------------- /plugins/anchore/example.yml: -------------------------------------------------------------------------------- 1 | version: '1.0' 2 | steps: 3 | MyDockerImage: 4 | title: Building Docker Image 5 | type: build 6 | image_name: ${{QA_IMAGE}} 7 | ScanMyImage: 8 | title: Scanning Docker Image 9 | image: anchore/engine-cli:latest 10 | env: 11 | - ANCHORE_CLI_IMAGE=alpine 12 | - ANCHORE_CLI_URL=http://anchore-engine::8228/v1 13 | - ANCHORE_CLI_FAIL_ON_POLICY=true 14 | -------------------------------------------------------------------------------- /plugins/anchore/plugin.yml: -------------------------------------------------------------------------------- 1 | title: Anchore 2 | image: codefresh/anchore:0.1 3 | description: Analyze Docker images and generate a detailed manifest using Anchore 4 | category: 5 | - Security 6 | source: https://github.com/codefresh-io/anchore-plugin 7 | logo: 'https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/36000068577/logo/UneMLlrkjo4WhDrYBeB91ie0QeWCbs8S5g.png' 8 | maintainer: 9 | - name: Jeremy Valance 10 | envs: 11 | - name: ANCHORE_CLI_URL 12 | description: "The address of the Anchore server" 13 | - name: ANCHORE_CLI_USER 14 | description: "Anchore account name" 15 | - name: ANCHORE_CLI_PASS 16 | description: "Anchore account password" 17 | - name: ANCHORE_FAIL_ON_POLICY 18 | description: "Fail build if policy evaluation fails" 19 | - name: ANCHORE_CLI_IMAGE 20 | description: "Name of the image to scan with Anchore" -------------------------------------------------------------------------------- /plugins/azure-builder/README.md: -------------------------------------------------------------------------------- 1 | # Docker build using Azure ACR 2 | 3 | 4 | ## Run locally 5 | `docker run -it codefresh/cf-azure-builder` 6 | ``` 7 | NAME: 8 | cf-azure-builder 9 | 10 | DESCRIPTION: 11 | Build 12 | 13 | ## Mandatory Parameters: 14 | 15 | AUTH - Authentication mode. By default it is Azure user credentials. 16 | (Use 'service-princpal' value in case you want to authenticate using service principal) 17 | USER - Azure user name (not needed if authentication mode is service-principal) 18 | IMAGE - Image name 19 | TAG - Tag name 20 | ACR_NAME - ACR registry name 21 | APP_ID - Azure service principal application id (only needed if authentication mode is service-principal) 22 | PASSWORD - Azure user\service principal password 23 | TENANT - Azure ad tenant id (only needed if authentication mode is service-principal) 24 | DOCKERFILE_PATH - Dockerfile path (default - working_dir/Dockerfile) 25 | 26 | ## Output Variables 27 | 28 | AZURE_IMAGE - Azure image full name in ACR that can be used in later step 29 | 30 | ## Usage Example: 31 | 32 | ## service principal 33 | 34 | version: '1.0' 35 | steps: 36 | cf-az-build: 37 | image: codefresh/cf-azure-builder 38 | environment: 39 | - AUTH=service-principal 40 | - IMAGE= 41 | - TAG= 42 | - ACR_NAME= 43 | - APP_ID= 44 | - PASSWORD= 45 | - TENANT= 46 | - DOCKERFILE_PATH= 47 | 48 | ## user credentials 49 | 50 | image: 'codefresh/cf-azure-builder' 51 | environment: 52 | - IMAGE= 53 | - TAG= 54 | - ACR_NAME= 55 | - USER= 56 | - PASSWORD= 57 | -------------------------------------------------------------------------------- /plugins/azure-builder/example.yaml: -------------------------------------------------------------------------------- 1 | version: 1.0 2 | cf-az-build: 3 | image: codefresh/cf-azure-builder 4 | environment: 5 | - IMAGE= 6 | - TAG= 7 | - ACR_NAME= 8 | - APP_ID= 9 | - PASSWORD= 10 | - TENANT= 11 | - DOCKERFILE_PATH= -------------------------------------------------------------------------------- /plugins/azure-builder/plugin.yaml: -------------------------------------------------------------------------------- 1 | title: azure-builder 2 | image: codefresh/cf-azure-builder 3 | category: 4 | - Build 5 | version: 0.1.0 6 | description: Docker build in Azure ACR 7 | keywords: 8 | - docker 9 | - azure 10 | source: https://github.com/codefresh-io/azure-build-plugin 11 | maintainers: 12 | - name: Amir Gabay 13 | email: amir.gabay@codefresh.io 14 | logo: https://cdn-images-1.medium.com/max/1600/1*c9mvlJQ0o-zQbHM3SL8zkg.png 15 | envs: 16 | - name: AUTH 17 | required: false 18 | description: Only if authentication mode is by service principal 19 | - name: USER 20 | required: true 21 | description: azure user name (not need in service principal authentication mode) 22 | - name: IMAGE 23 | required: true 24 | description: image name 25 | - name: TAG 26 | required: true 27 | description: tag name 28 | - name: ACR_NAME 29 | required: true 30 | description: acr registry name 31 | - name: APP_ID 32 | required: true 33 | description: azure service principal application id (service principal authentication mode only) 34 | - name: PASSWORD 35 | required: true 36 | description: azure service principal password or user password (based on authentication mode) 37 | - name: TENANT 38 | required: true 39 | description: azure ad tenant id (service principal authentication mode only) 40 | - name: DOCKERFILE_PATH 41 | required: true 42 | description: dockerfile path (default - working_dir/Dockerfile) 43 | -------------------------------------------------------------------------------- /plugins/canary-deployment/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codefresh-io/plugins/1b7236d9270736e84b6aa5991008311cf9a0b3a9/plugins/canary-deployment/README.md -------------------------------------------------------------------------------- /plugins/canary-deployment/example.yaml: -------------------------------------------------------------------------------- 1 | canaryDeploy: 2 | title: Deploying new version ${{CF_SHORT_REVISION}} 3 | image: codefresh/k8s-canary:master 4 | -------------------------------------------------------------------------------- /plugins/canary-deployment/plugin.yaml: -------------------------------------------------------------------------------- 1 | title: Canary Deployment 2 | image: codefresh/k8s-canary:master 3 | description: Perform canary deployments on a Kubernetes cluster. 4 | category: 5 | - Featured 6 | source: 'https://github.com/codefresh-io/k8s-canary-deployment' 7 | logo: 'https://raw.githubusercontent.com/codefresh-io/plugins/new-pipeline/plugins/vault/logo.jpg' 8 | maintainers: 9 | - name: Kostis 10 | envs: 11 | - name: WORKING_VOLUME 12 | description: Working Volume 13 | - name: SERVICE_NAME 14 | description: Service Name 15 | - name: DEPLOYMENT_NAME 16 | description: Deployment Name 17 | - name: TRAFFIC_INCREMENT 18 | description: Traffic Increment 19 | - name: NEW_VERSION 20 | description: New Version 21 | - name: SLEEP_SECONDS 22 | description: Sleep Seconds 23 | - name: NAMESPACE 24 | description: Namespace 25 | - name: KUBE_CONTEXT 26 | description: Kubernetes Context 27 | -------------------------------------------------------------------------------- /plugins/categories.yaml: -------------------------------------------------------------------------------- 1 | - id: b889bf54-c64f-4995-802b-cb84afbe6406 2 | title: Security 3 | - id: 4cb41506-321a-4fb8-b7a3-afc6646e769e 4 | title: Messaging 5 | - id: 64ce203f-f696-4be8-85d7-4106e2f66b70 6 | title: Utility 7 | - id: bcad8ff1-ff10-4d64-b00d-a29a13182b21 8 | title: Deployment 9 | - id: 10bb12bb-82b0-4f03-b8a8-b5cd113a9342 10 | title: Code Review 11 | - id: a9e09427-c0fc-4835-908d-f7b1d8e5a913 12 | title: Publishing 13 | - id: 05b92b45-ee99-444f-84d1-7de52feb2a70 14 | title: Command Line 15 | - id: c59f09eb-44b9-41a2-bd7a-c58c0f0ea113 16 | title: Kubernetes 17 | - id: 4859bc39-e6ec-43b7-b72c-8b3cfaa1c931 18 | title: Featured 19 | -------------------------------------------------------------------------------- /plugins/cfstep-twistlock/README.md: -------------------------------------------------------------------------------- 1 | # Codefresh Twistlock Plugin 2 | 3 | Dockerhub repo: https://hub.docker.com/r/codefresh/cfstep-twistlock/tags/ 4 | 5 | The Docker image uses the Twistlock API v2.3: https://twistlock.desk.com/customer/en/portal/articles/2912404-twistlock-api-2-3 6 | 7 | Plugin that allow users to perform Twistlock Security Scans on images. 8 | 9 | This plugin **does not** require access to Docker Daemon. 10 | 11 | 12 | ## Prerequisites: 13 | 14 | - Codefresh Subscription - https://codefresh.io/ 15 | - Twistlock Subscription - https://www.twistlock.com/ 16 | 17 | ## Options 18 | These options are set as Environment Variables at your pipeline (either at Pipeline configuraion, and/or Step definition) 19 | To use an ENVIRONMENT VARIABLE you need to add the variables to your Codefresh Pipeline and also to your codefresh.yaml. 20 | 21 | | ENVIRONMENT VARIABLE | DEFAULT | TYPE | REQUIRED | DESCRIPTION | 22 | |--|--|--|--|--| 23 | | TL_CONSOLE_HOSTNAME | null | string | Yes | hostname/ip | 24 | | TL_CONSOLE_PORT | null | string | Yes | port | 25 | | TL_CONSOLE_USERNAME | null | string | Yes | username | 26 | | TL_CONSOLE_PASSWORD | null | string | Yes | password | 27 | | TL_COMPLIANCE_THRESHOLD | null | string | Yes | [ low, medium, high, critical ] sets the the minimal severity compliance issue that returns a fail exit code | 28 | | TL_VULNERABILITY_THRESHOLD | null | string | Yes | [ low, medium, high, critical ] sets the minimal severity vulnerability that returns a fail exit code | 29 | | TL_REGISTRY | null | string | Yes | Registry URL. (e.g.: docker.io, cfcr.io). This should match the Registry URL set at Twistlock Console | 30 | | TL_IMAGE_NAME | null | string | Yes | The full image name (excluding the registry URL) (e.g.: myrepo/myimage) | 31 | | TL_IMAGE_TAG | null | string | Yes | The tag of the image to scan. | 32 | 33 | > **Threshold description** 34 | > 35 | > - low: the most **restrictive**. When thresholds are set to this level, the scanning process will fail with any issue or vulnearability found. 36 | > - critical: the most **permissive**. When thresholds are set to this level, the scanning process will fail only if a critical issue or vulnearability is found (or a combination of lower level vulnerabilities that summed up result in a risk score higher than 1000). 37 | 38 | 39 | 40 | ## How to use it (examples) 41 | 42 | Summary: in this example, we're going to scan an image built by Codefresh. 43 | 44 | The image's Dockerfile is defined in this sample repo: https://github.com/francisco-codefresh/twistlock_demo 45 | 46 | In order for this to work, the registry to scan must be previously added to Twistlock Console. 47 | 48 | Once the security scan finishes, we annote the image based on the Security Report created by Twistlock. 49 | 50 | In our example pipeline, if the compliance and vulnerability thresholds are not exceeded (which means the scan doesn't fail), then, we push the resulting image to our final, curated, registry. 51 | 52 | ### Preparation step: Set up a pipeline with the following configuration 53 | Now, create a pipeline associated to your repo, in this case, our demo repo is "twistlock_demo" (mentioned above) 54 | 55 | #### Environment Variables (configured at Pipeline Configuration): 56 | 57 | ``` 58 | TL_CONSOLE_HOSTNAME=169.254.169.254 59 | TL_CONSOLE_PORT=8083 60 | TL_CONSOLE_USERNAME=myuser 61 | TL_CONSOLE_PASSWORD=mypassword 62 | TL_COMPLIANCE_THRESHOLD=critical 63 | TL_VULNERABILITY_THRESHOLD=critical 64 | ``` 65 | 66 | For this example, we're being permissive (critical for both thresholds). Of course those values can be set to any of the other options. 67 | 68 | ### Example 1 - Scanning an image from Codefresh Docker registry 69 | This is a great way to take advantage of the built-in registry provided by Codefresh (for free). 70 | Since evey image built in Codefresh is automatically pushed to this registry, you don't need to worry for explicitly pushising the image to scan. 71 | 72 | 73 | #### Configure the Codefresh registry in Twistlock 74 | In your Twistlock dashboard go to `#!/defend/vulnerabilities/registry` . And add a new "registry settings" record. 75 | 76 | These are the settings used for Codefresh Private Registry: 77 | 78 | - Version: Docker Registry v2 79 | - Registry: https://r.cf-cd.com *(notice this is not the common r.cfcr.io domain)* 80 | - Repository name: / (e.g.: francisco-codefresh/myimage) 81 | - Tag: 82 | - Username: 83 | - Password: (you can generate one at https://g.codefresh.io/user/settings) 84 | 85 | #### Set up a pipeline with the following configuration 86 | 87 | **Environment Variables (configured at Pipeline Configuration):** 88 | 89 | ``` 90 | TL_CONSOLE_HOSTNAME=169.254.169.254 91 | TL_CONSOLE_PORT=8083 92 | TL_CONSOLE_USERNAME=my_tl_user 93 | TL_CONSOLE_PASSWORD=my_tl_password 94 | TL_COMPLIANCE_THRESHOLD=critical 95 | TL_VULNERABILITY_THRESHOLD=critical 96 | ``` 97 | 98 | For this example, we're being permissive (`critical` for both thresholds). Of course those values can be set to any of the other options. 99 | 100 | **Pipeline YAML (codefresh.yml)** 101 | 102 | ```yaml 103 | version: '1.0' 104 | steps: 105 | BuildingDockerImage: 106 | title: Building Docker Image 107 | type: build 108 | image_name: franciscocodefresh/twistlockdemo 109 | tag: '${{CF_SHORT_REVISION}}' 110 | dockerfile: Dockerfile 111 | 112 | TLScan: 113 | title: Twistlock Scan 114 | image: codefresh/cfstep-twistlock 115 | environment: 116 | - TL_REGISTRY=https://r.cf-cd.com 117 | - TL_IMAGE_NAME=francisco-codefresh/franciscocodefresh/twistlockdemo 118 | - TL_IMAGE_TAG=${{CF_SHORT_REVISION}} 119 | on_success: 120 | metadata: 121 | set: 122 | - ${{BuildingDockerImage.imageId}}: 123 | - SECURITY_SCAN: true 124 | on_fail: 125 | metadata: 126 | set: 127 | - ${{BuildingDockerImage.imageId}}: 128 | - SECURITY_SCAN: false 129 | # If image scan (previous step) fails, the build will fail, thus the image won't be pushed to the curated registry 130 | # If image scan succeeds, the image will be pushed to the curated registry 131 | PushingDockerRegistry: 132 | title: Pushing to FINAL Docker Registry (curated registry of scanned images) 133 | type: push 134 | candidate: '${{BuildingDockerImage}}' 135 | image_name: franciscocodefresh/twistlockdemo 136 | tags: 137 | - '${{CF_SHORT_REVISION}}' 138 | ``` 139 | 140 | ### Example 2 - Scanning an image from a temporary external registry 141 | In this example, we are going to use Docker Hub as our temporary registry, which can be considered as a "*Registry of unscanned images*" (to be scanned). Once there, we can initiate the scan in Twistlock console. 142 | 143 | #### Configure the registry to scan in Twistlock 144 | 145 | In your Twistlock dashboard go to `#!/defend/vulnerabilities/registry` . And add a new "registry settings" record. 146 | 147 | These are the settings used: 148 | 149 | - Version: Docker Registry v2 150 | - Registry: docker.io 151 | - Repository name: franciscocodefresh/twistlockdemo-temp 152 | - Tag: 153 | - Username: 154 | - Password: 155 | 156 | #### Set up a pipeline with the following configuration 157 | 158 | **Environment Variables (configured at Pipeline Configuration):** 159 | 160 | ``` 161 | TL_CONSOLE_HOSTNAME=169.254.169.254 162 | TL_CONSOLE_PORT=8083 163 | TL_CONSOLE_USERNAME=myuser 164 | TL_CONSOLE_PASSWORD=mypassword 165 | TL_COMPLIANCE_THRESHOLD=critical 166 | TL_VULNERABILITY_THRESHOLD=critical 167 | ``` 168 | 169 | For this example, we're being permissive (`critical` for both thresholds). Of course those values can be set to any of the other options. 170 | 171 | **Pipeline YAML (codefresh.yml)** 172 | 173 | ```yaml 174 | version: '1.0' 175 | steps: 176 | BuildingDockerImage: 177 | title: Building Docker Image 178 | type: build 179 | image_name: franciscocodefresh/twistlockdemo 180 | tag: '${{CF_SHORT_REVISION}}' 181 | dockerfile: Dockerfile 182 | 183 | PushingToTempDockerRegistry: 184 | title: Pushing to Temporal Docker Registry (for unscanned images -> to be scanned) 185 | type: push 186 | candidate: '${{BuildingDockerImage}}' 187 | image_name: franciscocodefresh/twistlockdemo-temp 188 | tags: 189 | - '${{CF_SHORT_REVISION}}' 190 | 191 | TLScan: 192 | title: Twistlock Scan 193 | image: codefresh/cfstep-twistlock 194 | environment: 195 | - TL_REGISTRY=docker.io 196 | - TL_IMAGE_NAME=franciscocodefresh/twistlockdemo-temp 197 | - TL_IMAGE_TAG=${{CF_SHORT_REVISION}} 198 | on_success: 199 | metadata: 200 | set: 201 | - ${{BuildingDockerImage.imageId}}: 202 | - SECURITY_SCAN: true 203 | on_fail: 204 | metadata: 205 | set: 206 | - ${{BuildingDockerImage.imageId}}: 207 | - SECURITY_SCAN: false 208 | 209 | PushingDockerRegistry: 210 | title: Pushing to FINAL Docker Registry (curated registry of scanned images) 211 | type: push 212 | candidate: '${{BuildingDockerImage}}' 213 | image_name: franciscocodefresh/twistlockdemo 214 | tags: 215 | - '${{CF_SHORT_REVISION}}' 216 | ``` 217 | -------------------------------------------------------------------------------- /plugins/clair/README.md: -------------------------------------------------------------------------------- 1 | # Codefresh Clair Plugin 2 | 3 | Clair is an open source Docker Image securitu scanning server. For more information see here: https://github.com/coreos/clair/ 4 | 5 | There's an open source CLI tool for clair, called 'klar' that you can use to integrate secrurity scan into your pipeline. More info on klar: https://github.com/optiopay/klar 6 | 7 | ## Usage 8 | 9 | Set environment variables described below, and run the command with the given image to scan: 10 | 11 | ```yaml 12 | scan: 13 | image: 'codefresh/klar:master' 14 | commands: 15 | - /klar codefresh/helm:2.8.1 16 | ``` 17 | 18 | (in this example we are scanning the helm image tagged 2.8.1 under codefresh organization in Docker Hub) 19 | 20 | ## Environment Variables 21 | 22 | The minimal setup is described below. Please see Klar documentation for additional configuration. 23 | 24 | Name|Required|Description 25 | ---|---|--- 26 | CLAIR_ADDR|Yes|The address of the clair server 27 | DOCKER_USER|No|Docker registry account name 28 | DOCKER_PASSWORD|No|Docker registry account password 29 | 30 | -------------------------------------------------------------------------------- /plugins/clair/plugin.yaml: -------------------------------------------------------------------------------- 1 | image: codefresh/klar:master 2 | version: 1.0.0 3 | description: Scan an image with Clair 4 | keywords: 5 | - clair 6 | - security 7 | home: https://github.com/codefresh-io/pugins/tree/master/incubator/clair 8 | sources: 9 | - https://github.com/optiopay/klar 10 | envs: 11 | - name: CLAIR_ADDR 12 | type: required 13 | description: The address of the clair server 14 | - name: DOCKER_USER 15 | type: required 16 | description: Docker registry account name. 17 | - name: DOCKER_PASSWORD 18 | description: Docker registry account password. 19 | context: 20 | - kind: Clair 21 | -------------------------------------------------------------------------------- /plugins/codefresh-cli/NOTES.md: -------------------------------------------------------------------------------- 1 | ## Notes -------------------------------------------------------------------------------- /plugins/codefresh-cli/README.md: -------------------------------------------------------------------------------- 1 | # Codefresh Cli Plugin 2 | 3 | Use Codefresh Cli plugin to perform operations on your Codefresh resources 4 | 5 | ## Usage 6 | 7 | 8 | ```yaml 9 | --- 10 | version: '1.0' 11 | 12 | steps: 13 | 14 | ... 15 | 16 | annotate_image: 17 | image: codefresh/cli 18 | description: annotates image with metadata 19 | command: annotate image IMAGE_ID -a key1=value1 -a key2=value2 20 | 21 | run_pipeline: 22 | image: codefresh/cli 23 | description: run a pipeline 24 | command: run PIPELINE_ID -b master 25 | ... 26 | 27 | ``` 28 | 29 | ## Environment Variables 30 | 31 | - `CFCONFIG` - Path for cfconfig file path (default: ${HOME}/.cfconfig 32 | -------------------------------------------------------------------------------- /plugins/codefresh-cli/example.yaml: -------------------------------------------------------------------------------- 1 | run_pipeline: 2 | image: codefresh/cli 3 | description: run a pipeline 4 | command: run PIPELINE_ID -b master 5 | 6 | -------------------------------------------------------------------------------- /plugins/codefresh-cli/plugin.yaml: -------------------------------------------------------------------------------- 1 | title: Codefresh CLI 2 | image: codefresh/cli:latest 3 | description: Operate on Codefresh resources 4 | category: 5 | - Featured 6 | source: https://github.com/codefresh-io/codefresh 7 | logo: http://cdn.osxdaily.com/wp-content/uploads/2014/08/terminal-icon-osx.png 8 | envs: 9 | - name: CFCONFIG 10 | description: Path for cfconfig file path 11 | -------------------------------------------------------------------------------- /plugins/dcos-app-deploy/NOTES.md: -------------------------------------------------------------------------------- 1 | ## Notes 2 | -------------------------------------------------------------------------------- /plugins/dcos-app-deploy/README.md: -------------------------------------------------------------------------------- 1 | # cf-deploy-dcos 2 | The repository contains code for `codefresh/cf-deploy-dcos` image building. This image makes an application deployment on DC/OS cluster using application definition json file. 3 | It takes application deployment template (deployment.tmpl) and generates application deployment json file substituting variables in the template with the the environment variables values then applies the application deployment json file to DC/OS cluster using DC/OS CLI command. 4 | 5 | 6 | # Usage 7 | In order to use the `codefresh/cf-deploy-dcos` image we need to do the following: 8 | 9 | 1. Define environment variables in Codefresh pipeline. 10 | 11 | - `DCOS_URL` **required** - DC/OS cluster URL 12 | - `DCOS_CLUSTER_NAME` **required** - DC/OS cluster name 13 | - `DCOS_CLUSTER_ID` **required** - DC/OS cluster ID 14 | - `DCOS_DCOS_ACS_TOKEN` **required** - DC/OS cluster existing user's token (make it encrypted) 15 | - `DCOS_SSL_VERIFY` default is true, if we want to bypass SSL certificate verification - set it to `false` 16 | - `APP_ID` - application name 17 | - `IMAGE_NAME` - application image name 18 | - `IMAGE_TAG` - application image tag 19 | 20 | 2. Create deployment.tmpl and codefresh.yml files in an application repository at the root level. 21 | 22 | ``` 23 | codefresh.yml 24 | --- 25 | version: '1.0' 26 | steps: 27 | BuildingDockerImage: 28 | type: build 29 | image_name: applcation/image 30 | ... 31 | 32 | PushToRegistry: 33 | type: push 34 | candidate: ${{BuildingDockerImage}} 35 | ... 36 | 37 | DeployToDcos: 38 | image: codefresh/cf-deploy-dcos:latest 39 | working_directory: ${{main_clone}} 40 | commands: 41 | - /cf-deploy-dcos deployment.tmpl 42 | environment: 43 | - DCOS_URL=${{DCOS_URL}} 44 | - DCOS_CLUSTER_NAME=${{DCOS_CLUSTER_NAME}} 45 | - DCOS_CLUSTER_ID=${{DCOS_CLUSTER_ID}} 46 | - DCOS_DCOS_ACS_TOKEN=${{DCOS_DCOS_ACS_TOKEN}} 47 | - DCOS_SSL_VERIFY=${{DCOS_SSL_VERIFY}} 48 | - APP_ID=${{APP_ID}} 49 | - IMAGE_NAME=${{IMAGE_NAME}} 50 | - IMAGE_TAG=${{IMAGE_TAG}} 51 | ``` 52 | We define freestyle step (DeployToDcos in the example above) and environment variables the same as in the Codefresh pipeline. 53 | 54 | ``` 55 | deployment.tmpl 56 | 57 | { 58 | "id": "{{APP_ID}}", 59 | "instances": 1, 60 | "cpus": 0.1, 61 | "mem": 64, 62 | "container": { 63 | "type" : "DOCKER", 64 | "docker": { 65 | "image": "{{IMAGE_NAME}}:{{IMAGE_TAG}}", 66 | "forcePullImage": true, 67 | "privileged": false, 68 | "network": "BRIDGE", 69 | "portMappings": [ 70 | { "hostPort": 80, "containerPort": 8081, "protocol": "tcp", "name": "http"} 71 | ] 72 | } 73 | }, 74 | "acceptedResourceRoles": [ 75 | "slave_public" 76 | ] 77 | } 78 | ``` 79 | `APP_ID`, `IMAGE_NAME` and `IMAGE_TAG` variables are just examples. We can parametrise any value in application deployment template depending on our requirements. 80 | But if we set some parameter `{{PARAMETER}}` in application deployment template we should ensure that this parameter is set both in Codefresh pipeline and in codefresh.yml freestyle step as well. 81 | 82 | Notes: we can use already configured DC/OS CLI dcos command to get DC/OS cluster parameters. 83 | Example: 84 | ``` 85 | dcos cluster list --attached --json 86 | 87 | [ 88 | { 89 | "attached": true, 90 | "cluster_id": "9d50f776-****-433c-****-ebb01eaafbbc", 91 | "name": "dcos-master", 92 | "url": "https://dcos-master.cloudapp.azure.com", 93 | "version": "1.10.2" 94 | } 95 | ] 96 | ``` 97 | ``` 98 | dcos config show core.dcos_acs_token 99 | 100 | eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik9UQkVOakZFTWtWQ09VRTRPRVpGTlRNMFJrWXlRa015Tnprd1JrSkVRemRCTWpBM1FqYzVOZyJ9.ey******** 101 | ``` 102 | -------------------------------------------------------------------------------- /plugins/dcos-app-deploy/plugin.yaml: -------------------------------------------------------------------------------- 1 | image: codefresh/cf-deploy-dcos 2 | tag: latest 3 | version: 0.1.0 4 | description: Deploy an application on dcos cluster 5 | keywords: 6 | - dcos 7 | - deploy 8 | - deployment 9 | home: https://github.com/codefresh-io/cf-deploy-dcos 10 | sources: 11 | - https://github.com/codefresh-io/cf-deploy-dcos 12 | maintainers: # (optional) 13 | - name: Eugene Semirski 14 | email: eugene@codefresh.io 15 | icon: https://avatars0.githubusercontent.com/u/29493517?v=4&s=400 16 | envs: 17 | - name: DCOS_URL 18 | type: required 19 | description: DC/OS cluster URL 20 | - name: DCOS_CLUSTER_NAME 21 | type: required 22 | description: DC/OS cluster name 23 | - name: DCOS_CLUSTER_ID 24 | type: required 25 | description: DC/OS cluster ID 26 | - name: DCOS_DCOS_ACS_TOKEN 27 | type: required 28 | description: DC/OS cluster existing user's token 29 | - name: DCOS_SSL_VERIFY 30 | type: not_required 31 | description: default is true, if we want to bypass SSL certificate verification - set it to false 32 | - name: PARAMETER 33 | type: not_required 34 | description: see README.md for details 35 | -------------------------------------------------------------------------------- /plugins/docker-service/README.md: -------------------------------------------------------------------------------- 1 | # Codefresh docker-service plugin 2 | 3 | Use Codefresh docker-service plugin to create docker daemon and then use run on it any of 4 | `docker build|run|...` or `docker-compose` on your repository 5 | 6 | See https://github.com/codefresh-io/docker-service -------------------------------------------------------------------------------- /plugins/docker-service/plugin.yaml: -------------------------------------------------------------------------------- 1 | image: codefresh/docker-service 2 | tag: master 3 | version: 0.1.0 4 | description: Codefresh docker-service plugin 5 | keywords: 6 | - docker 7 | - docker-machine 8 | - docker-compose 9 | home: https://github.com/codefresh-io/docker-service 10 | sources: 11 | - https://github.com/codefresh-io/docker-service 12 | maintainers: # (optional) 13 | - name: Kosta Klevensky 14 | email: kosta@codefresh.io -------------------------------------------------------------------------------- /plugins/ecs-deploy/README.md: -------------------------------------------------------------------------------- 1 | 2 | # cf-ecs-deploy 3 | Deployment to Amazon ECS Service 4 | 5 | ### Prerequiests 6 | - Configured ECS Cluster with at least one running instance. 7 | - Configured ECS Service and task definition with an image being deployed. 8 | See http://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html 9 | 10 | - AWS Credentials (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) with following priviledges: 11 | ```json 12 | { 13 | "Version": "2012-10-17", 14 | "Statement": [ 15 | { 16 | "Sid": "Stmt1479146904000", 17 | "Effect": "Allow", 18 | "Action": [ 19 | "ecs:DescribeServices", 20 | "ecs:DescribeTaskDefinition", 21 | "ecs:DescribeTasks", 22 | "ecs:ListClusters", 23 | "ecs:ListServices", 24 | "ecs:ListTasks", 25 | "ecs:RegisterTaskDefinition", 26 | "ecs:UpdateService" 27 | ], 28 | "Resource": [ 29 | "*" 30 | ] 31 | } 32 | ] 33 | } 34 | ``` 35 | 36 | ### Deployment with Codefresh 37 | - Add encrypted environment variables for aws credentials. 38 | * AWS_ACCESS_KEY_ID 39 | * AWS_SECRET_ACCESS_KEY 40 | - Add "deploy to ecs" step to codefresh.yml which runs codefresh/cf-deploy-ecs image with command cfecs-update 41 | Specify the aws region, ecs cluster and service names. See `cfecs-update -h` for parameter references 42 | 43 | ```yaml 44 | # codefresh.yml example with deploy to ecs step 45 | version: '1.0' 46 | 47 | steps: 48 | build-step: 49 | type: build 50 | image-name: repo/image:tag 51 | 52 | push to registry: 53 | type: push 54 | candidate: ${{build-step}} 55 | tag: ${{CF_BRANCH}} 56 | 57 | deploy to ecs: 58 | image: codefresh/cf-deploy-ecs 59 | commands: 60 | - cfecs-update 61 | environment: 62 | - AWS_ACCESS_KEY_ID=${{AWS_ACCESS_KEY_ID}} 63 | - AWS_SECRET_ACCESS_KEY=${{AWS_SECRET_ACCESS_KEY}} 64 | 65 | when: 66 | - name: "Execute for 'master' branch" 67 | condition: "'${{CF_BRANCH}}' == 'master'" 68 | ``` 69 | 70 | 71 | ### Deployment Flow 72 | - get ECS service by specified aws region, ecs cluster and service names 73 | - create new revision from current task definition of the service. If --image-name and --image-tag are provided, replace the tag of the image 74 | - launch update-service with new task definition revision 75 | - wait for deployment to complete (by default, if running withou --no-wait) 76 | * deployment is considered as completed successfully if runningCount == desiredCount for PRIMARY deployment - see `aws ecs describe-service` 77 | * cfecs-update exits with timeout if after --timeout (default = 900s) runningCount != desiredCount script exits with timeout 78 | * cfecs-update exits with error if --max-failed (default = 2) or more ecs tasks were stopped with error for the task definition being deployed. 79 | ECS retries failed tasks continuously 80 | 81 | ### Usage with docker 82 | 83 | ```bash 84 | docker run --rm -it -e AWS_ACCESS_KEY_ID=**** -e AWS_SECRET_ACCESS_KEY=**** codefresh/cf-ecs-deploy cfecs-update [options] 85 | ``` 86 | 87 | ### cfecs-update -h 88 | ``` 89 | usage: cfecs-update [-h] [-i IMAGE_NAME] [-t IMAGE_TAG] [--wait | --no-wait] 90 | [--timeout TIMEOUT] [--max-failed MAX_FAILED] [--debug] 91 | region_name cluster_name service_name 92 | 93 | Codefresh ECS Deploy 94 | 95 | positional arguments: 96 | region_name AWS Region, ex. us-east-1 97 | cluster_name ECS Cluster Name 98 | service_name ECS Service Name 99 | 100 | optional arguments: 101 | -h, --help show this help message and exit 102 | --wait Wait for deployment to complete (default) 103 | --no-wait No Wait for deployment to complete 104 | --timeout TIMEOUT deployment wait timeout (default 900s) 105 | --max-failed MAX_FAILED 106 | max failed tasks to consider deployment as failed 107 | (default 2) 108 | --debug show debug messages 109 | 110 | -i IMAGE_NAME, --image-name IMAGE_NAME 111 | Image Name in ECS Task Definition to set new tag 112 | -t IMAGE_TAG, --image-tag IMAGE_TAG 113 | Tag for the image 114 | ``` 115 | -------------------------------------------------------------------------------- /plugins/ecs-deploy/plugin.yaml: -------------------------------------------------------------------------------- 1 | image: codefresh/ecs 2 | tag: 2.7.2 3 | version: 1.1.0 4 | description: Release a Helm chart (update or install) 5 | keywords: 6 | - ecs 7 | - deploy 8 | - containers 9 | home: https://github.com/codefresh-io/cf-deploy-ecs.git 10 | sources: 11 | - https://github.com/codefresh-io/cf-deploy-ecs.git 12 | maintainers: # (optional) 13 | - name: Oleg Verhovsky 14 | email: oleg@codefresh.io 15 | icon: https://www.metricly.com/wp-content/uploads/2017/07/ECSIcon.png 16 | envs: 17 | - name: AWS_ACCESS_KEY_ID 18 | type: required 19 | description: Amazon access key ID 20 | - name: AWS_SECRET_ACCESS_KEY 21 | type: required 22 | description: amazon secret key (make sure it's encrypted) 23 | - name: aws-region 24 | type: required 25 | description: Helm release name 26 | - name : region 27 | type : required 28 | description : aws region 29 | - name : cluster_name 30 | type : required 31 | description : ecs cluster name 32 | - name : service_name 33 | type : required 34 | description : ecs service name 35 | context: 36 | - kind: Amazon ECS 37 | -------------------------------------------------------------------------------- /plugins/gitclonerssh/README.md: -------------------------------------------------------------------------------- 1 | # Clone repository via SSH 2 | Plugin to clone git repositories via SSH. 3 | 4 | Dockerhub repo: https://hub.docker.com/r/codefresh/cfstep-gitclonerssh 5 | 6 | ## Options 7 | | ENVIRONMENT VARIABLE | DEFAULT | TYPE | REQUIRED | DESCRIPTION | 8 | |--|--|--|--|--| 9 | | REMOTE_URL | null | string | Yes | Reporitory SSH URL (e.g. `git@github.com:my-user/my-repo.git`) | 10 | | BRANCH | master | string | No | Branch name to checkout (e.g. `master`) | 11 | | SSH_KEY | null | string | Yes | Private SSH key to access the repository. To convert it to single line string, and set a value for this var you can execute: `cat ~/.ssh/my_ssh_key_file | tr '\n' ','`. This assumes that `SPLIT_CHAR` will be set to `,` | 12 | | SPLIT_CHAR | null | string | Yes | Split character you’ve used to replace newline in SSH key (`SSH_KEY`). Recommendation: use `,` (comma character)| 13 | | CLONE_PATH | working directory | string | No | Path where `git clone` is going to be executed. A "`repo-name`" directory will be created there| 14 | 15 | ## Usage Example: 16 | This example clones a private repo using a private SSH key. 17 | This example assumes that `SSH_KEY` var is already saved as an encrypted-pipeline-var. And that `SPLIT_CHAR` has a value of ','. 18 | 19 | ```yaml 20 | version: '1.0' 21 | steps: 22 | clone_repo_via_ssh: 23 | image: codefresh/cfstep-gitclonerssh 24 | environment: 25 | - REMOTE_URL=git@github.com:my-user/my-repo.git 26 | - BRANCH=my-branch 27 | - SSH_KEY=${{SSH_KEY}} 28 | - SPLIT_CHAR=${{SPLIT_CHAR}} 29 | - CLONE_PATH=/codefresh/volume 30 | ``` -------------------------------------------------------------------------------- /plugins/gitclonerssh/plugin.yaml: -------------------------------------------------------------------------------- 1 | image: codefresh/cfstep-gitclonerssh 2 | tag: latest 3 | version: 0.1.0 4 | description: clone git repositories via SSH. 5 | keywords: 6 | - git 7 | - clone 8 | - ssh 9 | home: https://github.com/codefresh-io/cfstep-gitclonerssh 10 | sources: 11 | - https://github.com/codefresh-io/cfstep-gitclonerssh 12 | maintainers: 13 | - name: Francisco Cocozza 14 | email: francisco@codefresh.io 15 | icon: https://git-scm.com/images/logos/downloads/Git-Icon-1788C.png 16 | envs: 17 | - name: REMOTE_URL 18 | type: required 19 | description: Reporitory SSH URL (e.g. `git@github.com:my-user/my-repo.git`) 20 | - name: BRANCH 21 | type: optional 22 | description: Branch name to checkout (e.g. `master`) 23 | - name: SSH_KEY 24 | type: required 25 | description: Private SSH key to access the repository. 26 | - name: SPLIT_CHAR 27 | type: required 28 | description: Split character you’ve used to replace newline in SSH key 29 | - name: CLONE_PATH 30 | type: optional 31 | description: Path where `git clone` is going to be executed. A "`repo-name`" directory will be created there -------------------------------------------------------------------------------- /plugins/github-pr/README.MD: -------------------------------------------------------------------------------- 1 | # GitHub Pull Request Codefresh Plugin 2 | 3 | Operates on pull requests in GitHub. You can create a pull request, update it, open or close. 4 | 5 | ## Environment Variables 6 | 7 | - `GITHUB_TOKEN`: token for access to GitHub 8 | - `GITHUB_REPO_OWNER`: name of repo owner 9 | - `GITHUB_REPO_NAME`: name of repo 10 | - `GITHUB_PR_OPERATION`: operation on pull request (choices: create, update, open, close) `(default: create)` 11 | - `GITHUB_PR_NUMBER`: number of your pull request `(required for: update, open, close)` 12 | - `HEAD`: The name of the branch where your changes are implemented. For cross-repository pull requests in the same network, namespace head with a user like this: username:branch. `(required for: create)` 13 | - `BASE`: The name of the branch you want the changes pulled into. This should be an existing branch on the current repository. You cannot submit a pull request to one repository that requests a merge to a base of another repository. `(required for: create)` 14 | - `TITLE`: The title of the pull request `(required for: create)` 15 | 16 | ## Deployment with Codefresh 17 | - Add encrypted environment variables for: 18 | * GITHUB_TOKEN 19 | 20 | - Add "github-pr" step as described below 21 | 22 | ```yaml 23 | # codefresh.yml example with github for pr creating step 24 | version: '1.0' 25 | 26 | steps: 27 | build-step: 28 | type: build 29 | image-name: repo/image:tag 30 | 31 | push_to_registry: 32 | type: push 33 | candidate: ${{build-step}} 34 | tag: ${{CF_BRANCH}} 35 | 36 | github-pr: 37 | image: codefresh/github-pr-plugin 38 | environment: 39 | - GITHUB_REPO_OWNER=${{CF_REPO_OWNER}} 40 | - GITHUB_REPO_NAME=${{CF_REPO_NAME}} 41 | - BASE=master 42 | - HEAD=${{CF_BRANCH}} 43 | - TITLE=Codefresh PR for ${{CF_BRANCH}} 44 | ``` 45 | 46 | - or: 47 | 48 | ```yaml 49 | 50 | # codefresh.yml example with github pr updating step 51 | version: '1.0' 52 | 53 | steps: 54 | build-step: 55 | type: build 56 | image-name: repo/image:tag 57 | 58 | push_to_registry: 59 | type: push 60 | candidate: ${{build-step}} 61 | tag: ${{CF_BRANCH}} 62 | 63 | github-pr: 64 | image: codefresh/github-pr-plugin 65 | environment: 66 | - GITHUB_PR_OPERATION=update 67 | - GITHUB_PR_NUMBER=2 # your pr number here 68 | - GITHUB_REPO_OWNER=${{CF_REPO_OWNER}} 69 | - GITHUB_REPO_NAME=${{CF_REPO_NAME}} 70 | - TITLE=Updated title for ${{CF_BRANCH}} # optional 71 | - BASE=master # optional 72 | - HEAD=${{CF_BRANCH}} # optional 73 | ``` 74 | 75 | - or: 76 | 77 | ```yaml 78 | 79 | # codefresh.yml example with github pr open/close step 80 | version: '1.0' 81 | 82 | steps: 83 | build-step: 84 | type: build 85 | image-name: repo/image:tag 86 | 87 | push_to_registry: 88 | type: push 89 | candidate: ${{build-step}} 90 | tag: ${{CF_BRANCH}} 91 | 92 | github-pr: 93 | image: codefresh/github-pr-plugin 94 | environment: 95 | - GITHUB_PR_OPERATION=open # same as 'close' 96 | - GITHUB_PR_NUMBER=2 # your pr number here 97 | - GITHUB_REPO_OWNER=${{CF_REPO_OWNER}} 98 | - GITHUB_REPO_NAME=${{CF_REPO_NAME}} 99 | ``` 100 | -------------------------------------------------------------------------------- /plugins/github-pr/plugin.yaml: -------------------------------------------------------------------------------- 1 | image: codefresh/github-pr-plugin 2 | tag: master 3 | version: 0.2.0 4 | description: Operates on GitHub pull requests 5 | keywords: 6 | - docker 7 | - github 8 | - pull-request 9 | home: https://github.com/codefresh-io/github-pr-plugin 10 | sources: 11 | - https://github.com/codefresh-io/github-pr-plugin 12 | maintainers: # (optional) 13 | - name: Nick Sakovich 14 | email: nick.sakovich@codefresh.io 15 | - name: Yaroslav Drachenko 16 | email: yaroslav@codefresh.io 17 | icon: https://assets-cdn.github.com/images/modules/logos_page/GitHub-Mark.png 18 | envs: 19 | - name: GITHUB_TOKEN 20 | type: required 21 | description: Token for access to GitHub 22 | - name: GITHUB_REPO_OWNER 23 | type: required 24 | description: Name of repo owner 25 | - name: GITHUB_REPO_NAME 26 | type: required 27 | description: Name of repo 28 | - name: GITHUB_PR_NUMBER 29 | description: The number of updated pull request. Required for open/close/update operations 30 | - name: GITHUB_PR_OPERATION 31 | description: Operation on pull request. Options - create, update, open, close. Default - create. 32 | - name: HEAD 33 | description: The name of the branch where your changes are implemented. For cross-repository pull requests in the same network, namespace head with a user like this - username:branch. Required for 'create' operation. 34 | - name: BASE 35 | description: The name of the branch you want the changes pulled into. This should be an existing branch on the current repository. You cannot submit a pull request to one repository that requests a merge to a base of another repository. Required for 'create' operation. 36 | - name: TITLE 37 | description: The title of the pull request. Required for 'create' operation. 38 | -------------------------------------------------------------------------------- /plugins/github-release/README.md: -------------------------------------------------------------------------------- 1 | # GitHub release Codefresh Plugin 2 | 3 | A quick plugin to cover specific use case: create releases in GitHub and upload files for them. The plugin also allows to do more complex actions overriding the command manually. 4 | 5 | ## Basic usage 6 | 7 | This example creates a release and uploads files to it: 8 | 9 | ``` 10 | github_prerelease: 11 | image: codefresh/cfstep-github-release 12 | environment: 13 | - GITHUB_TOKEN=${{GITHUB_TOKEN}} 14 | - FILES=bin/app-* 15 | - PRERELEASE=true 16 | ``` 17 | ## Advanced usage 18 | 19 | If one wants to do more actions to manage releases than just to create them, it is possible to override the behaviour with custom commands: 20 | 21 | ``` 22 | github_prerelease: 23 | image: codefresh/cfstep-github-release 24 | commands: 25 | - github-release edit --user $CF_REPO_OWNER --repo $CF_REPO_NAME --tag $CF_BRANCH_TAG_NORMALIZED --name "$CF_BRANCH_TAG_NORMALIZED" 26 | - github-release delete --user $CF_REPO_OWNER --repo $CF_REPO_NAME --tag $CF_BRANCH_TAG_NORMALIZED 27 | - github-release --help 28 | ``` 29 | 30 | More details about the paramaters and examples see [here](https://github.com/aktau/github-release) 31 | 32 | ## Environment Variables 33 | 34 | - `GITHUB_TOKEN`: token for access to GitHub 35 | - `CF_REPO_OWNER`: Codefresh provided variable containing repository owner name 36 | - `CF_REPO_NAME`: Codefresh provided variable containing repository name 37 | - `CF_BRANCH_TAG_NORMALIZED`: Codefresh provided variable containing branch/tag name 38 | - `PRERELEASE`: If true, this variable tells the plugin to create a pre-release 39 | - `FILES`: A glob expression for the list of the files to be uploaded -------------------------------------------------------------------------------- /plugins/github-release/github-release/README.md: -------------------------------------------------------------------------------- 1 | # GitHub release Codefresh Plugin 2 | 3 | A quick plugin to cover specific use case: create releases in GitHub and upload files for them. The plugin also allows to do more complex actions overriding the command manually. 4 | 5 | ## Basic usage 6 | 7 | This example creates a release and uploads files to it: 8 | 9 | ``` 10 | github_prerelease: 11 | image: codefresh/cfstep-github-release 12 | environment: 13 | - GITHUB_TOKEN=${{GITHUB_TOKEN}} 14 | - FILES=bin/app-* 15 | - PRERELEASE=true 16 | ``` 17 | ## Advanced usage 18 | 19 | If one wants to do more actions to manage releases than just to create them, it is possible to override the behaviour with custom commands: 20 | 21 | ``` 22 | github_prerelease: 23 | image: codefresh/cfstep-github-release 24 | commands: 25 | - github-release edit --user $CF_REPO_OWNER --repo $CF_REPO_NAME --tag $CF_BRANCH_TAG_NORMALIZED --name "$CF_BRANCH_TAG_NORMALIZED" 26 | - github-release delete --user $CF_REPO_OWNER --repo $CF_REPO_NAME --tag $CF_BRANCH_TAG_NORMALIZED 27 | - github-release --help 28 | ``` 29 | 30 | More details about the paramaters and examples see [here](https://github.com/aktau/github-release) 31 | 32 | ## Environment Variables 33 | 34 | - `GITHUB_TOKEN`: token for access to GitHub 35 | - `CF_REPO_OWNER`: Codefresh provided variable containing repository owner name 36 | - `CF_REPO_NAME`: Codefresh provided variable containing repository name 37 | - `CF_BRANCH_TAG_NORMALIZED`: Codefresh provided variable containing branch/tag name 38 | - `PRERELEASE`: If true, this variable tells the plugin to create a pre-release 39 | - `FILES`: A glob expression for the list of the files to be uploaded -------------------------------------------------------------------------------- /plugins/github-release/github-release/plugin.yaml: -------------------------------------------------------------------------------- 1 | image: docker.io/codefresh/cfstep-github-release 2 | tag: master 3 | version: 0.1.0 4 | description: Plugin to make github releases 5 | keywords: 6 | - github 7 | - release 8 | home: https://github.com/codefresh-contrib/cfstep-github-release 9 | sources: 10 | - https://github.com/codefresh-contrib/cfstep-github-release 11 | maintainers: 12 | - name: Alex Cheshko 13 | email: a.cheshko@codefresh.io 14 | icon: A URL to an SVG or PNG image to be used as an icon (optional) 15 | envs: 16 | - name: GITHUB_TOKEN 17 | type: required 18 | description: Codefresh provided variable containing repository owner name 19 | - name: CF_REPO_OWNER 20 | type: required 21 | description: Codefresh provided variable containing repository owner name 22 | - name: CF_REPO_NAME 23 | type: required 24 | description: Codefresh provided variable containing repository name 25 | - name: CF_BRANCH_TAG_NORMALIZED 26 | type: required 27 | description: Codefresh provided variable containing branch/tag name 28 | - name: PRERELEASE 29 | description: If true, this variable tells the plugin to create a pre-release 30 | - name: FILES 31 | description: A glob expression for the list of the files to be uploaded 32 | -------------------------------------------------------------------------------- /plugins/github-release/plugin.yaml: -------------------------------------------------------------------------------- 1 | image: docker.io/codefresh/cfstep-github-release 2 | tag: master 3 | version: 0.1.0 4 | description: Plugin to make github releases 5 | keywords: 6 | - github 7 | - release 8 | home: https://github.com/codefresh-contrib/cfstep-github-release 9 | sources: 10 | - https://github.com/codefresh-contrib/cfstep-github-release 11 | maintainers: 12 | - name: Alex Cheshko 13 | email: a.cheshko@codefresh.io 14 | icon: A URL to an SVG or PNG image to be used as an icon (optional) 15 | envs: 16 | - name: GITHUB_TOKEN 17 | type: required 18 | description: Codefresh provided variable containing repository owner name 19 | - name: CF_REPO_OWNER 20 | type: required 21 | description: Codefresh provided variable containing repository owner name 22 | - name: CF_REPO_NAME 23 | type: required 24 | description: Codefresh provided variable containing repository name 25 | - name: CF_BRANCH_TAG_NORMALIZED 26 | type: required 27 | description: Codefresh provided variable containing branch/tag name 28 | - name: PRERELEASE 29 | description: If true, this variable tells the plugin to create a pre-release 30 | - name: FILES 31 | description: A glob expression for the list of the files to be uploaded 32 | -------------------------------------------------------------------------------- /plugins/gitsubmodules/README.md: -------------------------------------------------------------------------------- 1 | # Update git submodules 2 | Plugin to update git submodules of an already cloned repo. 3 | 4 | Dockerhub repo: https://hub.docker.com/r/codefresh/cfstep-gitsubmodules/tags 5 | 6 | ## Options 7 | | ENVIRONMENT VARIABLE | DEFAULT | TYPE | REQUIRED | DESCRIPTION | 8 | |--|--|--|--|--| 9 | | GITHUB_TOKEN | null | string | Yes | GitHub Personal Token | 10 | | CF_SUBMODULE_SYNC | null | boolean | No | If set to 'true', the step will perform 'git submodule sync' command | 11 | | CF_SUBMODULE_UPDATE_RECURSIVE | null | boolean | No | If set to 'true', the step will perform 'git submodule update --init' command with '--recursive' option | 12 | 13 | ## Usage Example: 14 | 15 | This example updates submodule of a cloned repo. 16 | 17 | The step assumes that the working directory is the cloned repo (which is the default working directory for any free style step) 18 | 19 | ```yaml 20 | version: '1.0' 21 | steps: 22 | updateSubmodules: 23 | image: codefresh/cfstep-gitsubmodules 24 | environment: 25 | - GITHUB_TOKEN= 26 | - CF_SUBMODULE_SYNC= 27 | - CF_SUBMODULE_UPDATE_RECURSIVE= 28 | ``` -------------------------------------------------------------------------------- /plugins/gitsubmodules/plugin.yaml: -------------------------------------------------------------------------------- 1 | image: codefresh/cfstep-gitsubmodules 2 | tag: latest 3 | version: 0.1.0 4 | description: Update git submodules 5 | keywords: 6 | - git 7 | - submodules 8 | home: https://github.com/codefresh-io/cfstep-gitsubmodules 9 | sources: 10 | - https://github.com/codefresh-io/cfstep-gitsubmodules 11 | maintainers: 12 | - name: Francisco Cocozza 13 | email: francisco@codefresh.io 14 | icon: https://git-scm.com/images/logos/downloads/Git-Icon-1788C.png 15 | envs: 16 | - name: GITHUB_TOKEN 17 | type: required 18 | description: GitHub Token required to access the repository 19 | - name: CF_SUBMODULE_SYNC 20 | type: optional 21 | description: if var is set to 'true', the step will perform 'git submodule sync' command 22 | - name: CF_SUBMODULE_UPDATE_RECURSIVE 23 | type: optional 24 | description: if set to 'true', the step will perform 'git submodule update --init' command with '--recursive' option -------------------------------------------------------------------------------- /plugins/gitter-notifier/NOTES.md: -------------------------------------------------------------------------------- 1 | ## Notes 2 | -------------------------------------------------------------------------------- /plugins/gitter-notifier/README.md: -------------------------------------------------------------------------------- 1 | # Gitter notify plugin 2 | 3 | Gitter plugin which gives the opportunity send any messages to activity feed. 4 | 5 | ## Using example 6 | 7 | ```yaml 8 | version: '1.0' 9 | fail_fast: false 10 | ... 11 | steps: 12 | ... 13 | sendMessage: 14 | image: codefresh/gitternotifier 15 | environment: 16 | - GITTER_WEBHOOK=https://webhooks.gitter.im/e/123abc 17 | ``` 18 | 19 | ## Required variables 20 | 21 | - `GITTER_WEBHOOK` - webhook uri from your [gitter](https://gitter.im) room integration 22 | 23 | ## Optional variables 24 | 25 | **if you not provide this variables, plugin send info about build** 26 | 27 | - `GITTER_STATUS` 28 | - **ok** - for info messages 29 | - **error** - for error messages (red icon, red text) 30 | - `GITTER_MESSAGE` - text of custom message which will be send, with [Handlebars.js](https://github.com/wycats/handlebars.js/) 31 | - available vars: 32 | - `{{buildTrigger}}` 33 | - `{{buildInitiator}}` 34 | - `{{buildId}}` 35 | - `{{buildTimestamp}}` 36 | - `{{buildUrl}}` 37 | - `{{repoOwner}}` 38 | - `{{repoName}}` 39 | - `{{branch}}` 40 | - `{{revision}}` 41 | - `{{commitAuthor}}` 42 | - `{{commitUrl}}` 43 | - `{{commitMessage}}` 44 | 45 | - for text markup use **Markdown** 46 | -------------------------------------------------------------------------------- /plugins/gitter-notifier/plugin.yaml: -------------------------------------------------------------------------------- 1 | image: codefresh/gitternotifier 2 | version: latest 3 | description: Send message to gitter room 4 | keywords: 5 | - gitter 6 | home: https://github.com/codefresh-io/gitter-notifier 7 | sources: 8 | - https://github.com/codefresh-io/gitter-notifier 9 | maintainers: # (optional) 10 | - name: Andrii Shaforostov 11 | email: andrii@codefresh.io 12 | icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c3/Font_Awesome_5_brands_gitter.svg/109px-Font_Awesome_5_brands_gitter.svg.png 13 | envs: 14 | - name: GITTER_WEBHOOK 15 | type: required 16 | description: gitter webhook 17 | - name: GITTER_STATUS 18 | description: send info about current build 19 | - name: GITTER_MESSAGE 20 | description: text of message which will be sent in room 21 | -------------------------------------------------------------------------------- /plugins/gke/README.md: -------------------------------------------------------------------------------- 1 | # Codefresh GKE plugin 2 | 3 | Use Codefresh GKE plugin to spin up GKE Kubernetes Cluster and then run any kubectl workload on it 4 | 5 | See https://github.com/codefresh-io/plugin-gke -------------------------------------------------------------------------------- /plugins/gke/example.yaml: -------------------------------------------------------------------------------- 1 | create-cluster: 2 | image: codefresh/plugin-gke 3 | commands: 4 | - gke-create gke-test-cluster-1 --zone=us-central1-a --num-nodes 2 --machine-type n1-standard-2 5 | 6 | deploy-my-service: 7 | image: codefresh/plugin-gke 8 | commands: 9 | - kubectl get pods --all-namespaces -owide 10 | # - deploy.sh 11 | # - kubectl run --image mytestimage 12 | # - check-status.sh 13 | 14 | clean: 15 | image: codefresh/plugin-gke 16 | commands: 17 | - gke-delete gke-test-cluster-1 --zone=us-central1-a 18 | -------------------------------------------------------------------------------- /plugins/gke/plugin.yaml: -------------------------------------------------------------------------------- 1 | title: GKE Plugin 2 | image: codefresh/plugin-gke:latest 3 | description: Codefresh gke plugin 4 | category: 5 | - Featured 6 | source: 'https://github.com/codefresh-io/plugin-gke' 7 | logo: 'https://raw.githubusercontent.com/codefresh-io/plugins/new-pipeline/plugins/vault/logo.jpg' 8 | maintainers: 9 | - name: Kosta Klevensky 10 | envs: 11 | - name: VAULT_ADDR 12 | description: 'Vault server URI. Example: https://vault.testdomain.io:8200 (required)' 13 | - name: GOOGLE_SERVICE_ACCOUNT_KEY (required) 14 | description: Google Service Account Key value 15 | - name: CLOUDSDK_COMPUTE_ZONE 16 | description: one of valid Google Compute zones 17 | - name: CLOUDSDK_COMPUTE_REGION 18 | description: 'one of valid Google Compute regions. If both CLOUDSDK_COMPUTE_ZONE and CLOUDSDK_COMPUTE_REGION are not set, default is us-central1' 19 | - name: GKE_CLUSTER_NAME 20 | description: 'Name of the cluster to create/delete. Can be also set from gke-create command line. It is generated if not set' 21 | -------------------------------------------------------------------------------- /plugins/gke/plugin_old.yaml: -------------------------------------------------------------------------------- 1 | image: codefresh/plugin-gke 2 | tag: latest 3 | version: 0.1.0 4 | description: Codefresh gke plugin 5 | keywords: 6 | - kubernetes 7 | - gke 8 | - gcloud 9 | home: https://github.com/codefresh-io/plugin-gke 10 | sources: 11 | - https://github.com/codefresh-io/plugin-gke 12 | maintainers: 13 | - name: Kosta Klevensky 14 | email: kosta@codefresh.io 15 | icon: https://cloud.google.com/images/products/logos/cloud-symbol.png 16 | envs: 17 | - name: GOOGLE_SERVICE_ACCOUNT_KEY 18 | type: required 19 | description: Google Service Account Key value 20 | - name: CLOUDSDK_COMPUTE_ZONE 21 | type: optional 22 | description: one of valid Google Compute zones 23 | - name: CLOUDSDK_COMPUTE_REGION 24 | type: optional 25 | description: one of valid Google Compute regions. If both CLOUDSDK_COMPUTE_ZONE and CLOUDSDK_COMPUTE_REGION are not set, default is us-central1 26 | - name: GKE_CLUSTER_NAME 27 | type: optional 28 | description: Name of the cluster to create/delete. Can be also set from gke-create command line. It is generated if not set 29 | -------------------------------------------------------------------------------- /plugins/google-kms/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM google/cloud-sdk:alpine 2 | 3 | WORKDIR /kms 4 | 5 | RUN apk -U add jq bash 6 | ENV PATH=${PATH}:/kms 7 | 8 | COPY google-kms.sh ./kms 9 | 10 | 11 | -------------------------------------------------------------------------------- /plugins/google-kms/README.md: -------------------------------------------------------------------------------- 1 | Сodefresh Google KMS plugin 2 | 3 | This plugin facilitates work with Google Key Management Service for such operations like *encrypting* and *decrypting* 4 | 5 | # Usage 6 | 7 | kms [OPERATION] [VALUE_1] [VALUE_n...] 8 | 9 | Set the plugin required environment variables for the pipeline and use the plugin as a freestyle step with a command like: 10 | 11 | ```yaml 12 | GoogleKMS: 13 | image: codefresh/google-kms 14 | commands: 15 | - kms encrypt VALUE_1 VALUE_n 16 | ``` 17 | where VALUE_1 and VALUE_n are the **names** of the environment variables containing the values you need to encrypt or decrypt. 18 | 19 | The operation is mutable and when the step finishes the variables with the same names will contain encrypted values. For decryption the process is similar 20 | 21 | # Required environment variables 22 | 23 | - `KMS_PROJECT` - GCP project name in which your KMS entities are present 24 | - `KMS_LOCATION` - Google KMS location 25 | - `KMS_KEYRING` - Google KMS keyring 26 | - `KMS_KEY` - Google KMS key 27 | - `GCP_SA_KEY` - [Google Service Account Key (JSON)](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) 28 | -------------------------------------------------------------------------------- /plugins/google-kms/example.yaml: -------------------------------------------------------------------------------- 1 | google_kms: 2 | image: codefresh/google-kms 3 | commands: 4 | - kms encrypt VALUE_1 VALUE_n 5 | -------------------------------------------------------------------------------- /plugins/google-kms/google-kms.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | for pluginVar in KMS_PROJECT KMS_LOCATION KMS_KEYRING KMS_KEY 4 | do 5 | if [ -z ${!pluginVar} ]; then echo $pluginVar is not set, stopping...; exit 1; fi 6 | done 7 | 8 | echo $GCP_SA_KEY > google-app-creds.json 9 | export GOOGLE_APPLICATION_CREDENTIALS=$(realpath google-app-creds.json) 10 | operation=$1 11 | 12 | 13 | function encrypt () { 14 | 15 | hashedtext=$(echo $2 | base64 | tr -d '\n') 16 | cf_export $1=$(curl -s -X POST "https://cloudkms.googleapis.com/v1/projects/$KMS_PROJECT/locations/$KMS_LOCATION/keyRings/$KMS_KEYRING/cryptoKeys/$KMS_KEY:encrypt" \ 17 | -d "{\"plaintext\":\"$hashedtext\"}" \ 18 | -H "Authorization:Bearer $(gcloud auth application-default print-access-token)" \ 19 | -H "Content-Type:application/json" | jq '.ciphertext' --raw-output ) 20 | 21 | } 22 | 23 | function decrypt { 24 | 25 | cf_export $1=$(curl -s -X POST "https://cloudkms.googleapis.com/v1/projects/$KMS_PROJECT/locations/$KMS_LOCATION/keyRings/$KMS_KEYRING/cryptoKeys/$KMS_KEY:decrypt" \ 26 | -d "{\"ciphertext\":\"$2\"}" \ 27 | -H "Authorization:Bearer $(gcloud auth application-default print-access-token)" \ 28 | -H "Content-Type:application/json" | jq '.plaintext' --raw-output | base64 -d) 29 | 30 | } 31 | 32 | for secret in "${@: 2}" 33 | do 34 | $operation $secret ${!secret} 35 | done 36 | -------------------------------------------------------------------------------- /plugins/google-kms/plugin.yaml: -------------------------------------------------------------------------------- 1 | title: Use Google KMS 2 | image: codefresh/google-kms:latest 3 | description: Facilitates work with Google Key Management Service for such operations as encrypting and decrypting 4 | category: 5 | - Featured 6 | source: 'https://github.com/codefresh-io/plugins/blob/master/plugins/google-kms' 7 | logo: 'https://raw.githubusercontent.com/codefresh-io/plugins/new-pipeline/plugins/vault/logo.jpg' 8 | maintainers: 9 | - name: Will Malone 10 | envs: 11 | - name: KMS_PROJECT 12 | description: GCP project name in which your KMS entities are present 13 | - name: KMS_LOCATION 14 | description: Google KMS location 15 | - name: KMS_KEYRING 16 | description: Google KMS keyring 17 | - name: KMS_KEY 18 | description: Google KMS key 19 | - name: GCP_SA_KEY 20 | description: Google Service Account Key (JSON) 21 | -------------------------------------------------------------------------------- /plugins/helm-legacy/.swp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codefresh-io/plugins/1b7236d9270736e84b6aa5991008311cf9a0b3a9/plugins/helm-legacy/.swp -------------------------------------------------------------------------------- /plugins/helm-legacy/NOTES.md: -------------------------------------------------------------------------------- 1 | ## Kubernetes Configuration 2 | 3 | Currently, you need to pass a Kubernetes configuration file as a single line string, using `KUBE_CONFIG` environment variable. Please, make sure to use a valid [Kubernetes configuration file](https://kubernetes.io/docs/tasks/access-application-cluster/configure-access-multiple-clusters/) with at least one context and `current-context` set to one you want to use. 4 | 5 | Use following command to generate single line, base 64 encoded string: 6 | 7 | ```sh 8 | $ KUBE_CONFIG=$(cat ~/.kube/my_cluster_config | base64 -e | tr -d '\r\n') 9 | ``` -------------------------------------------------------------------------------- /plugins/helm-legacy/README.md: -------------------------------------------------------------------------------- 1 | > There is a new Helm plugin with added capabilities, we are keeping this plugin as is for backward-compatibility. 2 | The new plugin can be found here: [/incubator/helm](https://github.com/codefresh-io/plugins/tree/master/incubator/helm) 3 | 4 | # Codefresh Helm Plugin 5 | 6 | Use Codefresh [Helm](https://helm.sh) plugin to deploy a Helm chart into specified (by context) Kubernetes cluster. 7 | 8 | ## Usage 9 | 10 | Set required and optional environment variable and add the following step to your Codefresh pipeline: 11 | 12 | ```yaml 13 | --- 14 | version: '1.0' 15 | 16 | steps: 17 | 18 | ... 19 | 20 | release_to_env: 21 | image: codefresh/plugin-helm:2.7.2 22 | 23 | ... 24 | 25 | ``` 26 | 27 | ## Environment Variables 28 | 29 | - **required** `CHART_NAME` - Helm chart name 30 | - **required** `RELEASE_NAME` - Helm release name 31 | - **required** `KUBE_CONTEXT` - Kubernetes context to use (cluster name from Codefresh-Kubernetes integration) 32 | - `NAMESPACE` - target Kubernetes namespace 33 | - `CHART_VERSION` - application chart version to install 34 | - `CHART_REPO_URL` - Helm chart repository URL 35 | - `DRY_RUN` - do a "dry run" installation (do not install anything, useful for Debug) 36 | - `DEBUG` - print verbose install output 37 | - `WAIT` - block step execution till installation completed and all Kubernetes resources are ready 38 | - `TIMEOUT` - wait timeout (5min by default) 39 | -------------------------------------------------------------------------------- /plugins/helm-legacy/example.yaml: -------------------------------------------------------------------------------- 1 | release_to_env: 2 | image: codefresh/plugin-helm:2.7.2 3 | -------------------------------------------------------------------------------- /plugins/helm-legacy/plugin.yaml: -------------------------------------------------------------------------------- 1 | title: Vault Plugin 2 | image: codefresh/plugin-helm:2.7.2 3 | description: 'Release a Helm chart (update or install). There is a new Helm plugin with added capabilities, we are keeping this plugin as is for backward-compatibility. The new plugin is at /incubator/helm (https://github.com/codefresh-io/plugins/tree/master/incubator/helm)' 4 | category: 5 | - Featured 6 | source: 'https://github.com/codefresh-io/cf-plugin-helm' 7 | logo: 'https://raw.githubusercontent.com/codefresh-io/plugins/new-pipeline/plugins/vault/logo.jpg' 8 | maintainers: 9 | - name: Alexei Ledenev 10 | envs: 11 | - name: KUBE_CONTEXT 12 | description: 'Kubernetes context to use (required)' 13 | - name: CHART_NAME 14 | description: 'Helm chart name to release (required)' 15 | - name: RELEASE_NAME 16 | description: 'Helm release name (required)' 17 | - name: NAMESPACE 18 | description: target Kubernetes namespace 19 | - name: CHART_VERSION 20 | description: application chart version to install 21 | - name: CHART_REPO_URL 22 | description: Helm chart repository URL 23 | - name: DRY_RUN 24 | description: 'do a "dry run" installation (do not install anything, useful for Debug)' 25 | - name: DEBUG 26 | description: print verbose install output 27 | - name: WAIT 28 | description: block step execution till installation completed and all Kubernetes resources are ready 29 | - name: TIMEOUT 30 | description: 'wait timeout (5min by default)' 31 | -------------------------------------------------------------------------------- /plugins/helm-legacy/plugin_old.yaml: -------------------------------------------------------------------------------- 1 | image: codefresh/plugin-helm 2 | tag: 2.7.2 3 | version: 1.1.0 4 | description: Release a Helm chart (update or install). There is a new Helm plugin with added capabilities, we are keeping this plugin as is for backward-compatibility. The new plugin is at /incubator/helm (https://github.com/codefresh-io/plugins/tree/master/incubator/helm) 5 | keywords: 6 | - helm 7 | - kubernetes 8 | home: https://github.com/codefresh-io/cf-plugin-helm 9 | sources: 10 | - https://github.com/codefresh-io/cf-plugin-helm 11 | maintainers: # (optional) 12 | - name: Alexei Ledenev 13 | email: alexei@codefresh.io 14 | icon: https://avatars0.githubusercontent.com/u/29493517?v=4&s=400 15 | envs: 16 | - name: KUBE_CONTEXT 17 | type: required 18 | description: Kubernetes context to use 19 | - name: CHART_NAME 20 | type: required 21 | description: Helm chart name to release 22 | - name: RELEASE_NAME 23 | type: required 24 | description: Helm release name 25 | - name: NAMESPACE 26 | description: target Kubernetes namespace 27 | - name: CHART_VERSION 28 | description: application chart version to install 29 | - name: CHART_REPO_URL 30 | description: Helm chart repository URL 31 | - name: DRY_RUN 32 | description: do a "dry run" installation (do not install anything, useful for Debug) 33 | - name: DEBUG 34 | description: print verbose install output 35 | - name: WAIT 36 | description: block step execution till installation completed and all Kubernetes resources are ready 37 | - name: TIMEOUT 38 | description: wait timeout (5min by default) 39 | context: 40 | - kind: kubernetes 41 | -------------------------------------------------------------------------------- /plugins/helm/README.md: -------------------------------------------------------------------------------- 1 | # Codefresh Helm Plugin 2 | The Codefresh Helm plugin facilitates authentication, configuration, and execution of Helm CLI commands in a Codefresh pipeline. For more info, see the documentation here: [https://codefresh.io/docs/docs/new-helm/using-helm-in-codefresh-pipeline/](https://codefresh.io/docs/docs/new-helm/using-helm-in-codefresh-pipeline/) 3 | -------------------------------------------------------------------------------- /plugins/helm/example.yaml: -------------------------------------------------------------------------------- 1 | deploy: 2 | image: codefresh/cfstep-helm:2.9.0 3 | environment: 4 | - CHART_REF=mychart 5 | - RELEASE_NAME=mychart-prod 6 | - KUBE_CONTEXT=kube-prod 7 | -------------------------------------------------------------------------------- /plugins/helm/plugin.yaml: -------------------------------------------------------------------------------- 1 | title: Release a Helm chart 2 | image: codefresh/cfstep-helm:2.9.0 3 | description: 'Release a Helm chart (update or install)' 4 | category: 5 | - Featured 6 | source: 'https://github.com/codefresh-contrib/cfplugin-step' 7 | logo: 'https://avatars0.githubusercontent.com/u/29493517?v=4&s=400' 8 | maintainers: 9 | - name: Itay Shakury 10 | envs: 11 | - name: KUBE_CONTEXT 12 | description: 'Kubernetes context to use (the name of the cluster as configured in Codefresh) (required)' 13 | - name: CHART_NAME 14 | description: 'Helm chart name to release (path to chart folder, or name of packaged chart) (required)' 15 | - name: RELEASE_NAME 16 | description: Helm release name 17 | - name: NAMESPACE 18 | description: target Kubernetes namespace 19 | - name: TILLER_NAMESPACE 20 | description: Kubernetes namespace where tiller is at 21 | - name: CHART_VERSION 22 | description: application chart version to install 23 | - name: CHART_REPO_URL 24 | description: Helm chart repository URL (overriden by injected Helm repository context) 25 | - name: 'CUSTOMFILE_' 26 | description: 'Values file to provide to Helm (as --file). see usage information below.' 27 | - name: 'CUSTOM_' 28 | description: 'Value to provide to Helm (as --set). see usage information below.' 29 | -------------------------------------------------------------------------------- /plugins/helm/plugin_old.yaml: -------------------------------------------------------------------------------- 1 | image: codefresh/cfstep-helm 2 | version: 1.0.0 3 | description: Release a Helm chart (update or install) 4 | keywords: 5 | - helm 6 | - kubernetes 7 | home: https://github.com/codefresh-io/pugins/tree/master/incubator/helm 8 | sources: 9 | - https://github.com/codefresh-contrib/cfplugin-step 10 | maintainers: # (optional) 11 | - name: Itay Shakury 12 | email: itaysk@codefresh.io 13 | icon: https://avatars0.githubusercontent.com/u/29493517?v=4&s=400 14 | envs: 15 | - name: KUBE_CONTEXT 16 | type: required 17 | description: Kubernetes context to use (the name of the cluster as configured in Codefresh) 18 | - name: CHART_NAME 19 | type: required 20 | description: Helm chart name to release (path to chart folder, or name of packaged chart) 21 | - name: RELEASE_NAME 22 | description: Helm release name 23 | - name: NAMESPACE 24 | description: target Kubernetes namespace 25 | - name: TILLER_NAMESPACE 26 | description: Kubernetes namespace where tiller is at 27 | - name: CHART_VERSION 28 | description: application chart version to install 29 | - name: CHART_REPO_URL 30 | description: Helm chart repository URL (overriden by injected Helm repository context) 31 | - name: CUSTOMFILE_ 32 | description: Values file to provide to Helm (as --file). see usage information below. 33 | - name: CUSTOM_ 34 | description: Value to provide to Helm (as --set). see usage information below. 35 | context: 36 | - kind: kubernetes 37 | -------------------------------------------------------------------------------- /plugins/import-docker-images/README.md: -------------------------------------------------------------------------------- 1 | # Import Docker Images Codefresh Plugin 2 | 3 | Import external Docker images into Codefresh 4 | 5 | ## Environment Variables 6 | 7 | - `IMAGES`: list of comma separated image names (with tags) 8 | - `REGISTRY`: registry DNS name (including port if needed, default to `docker.io`) 9 | - `USERNAME`: Docker registry user name (optional) 10 | - `PASSWORD`: Docker registry password (optional) 11 | - `CF_URL`: Codefresh URL 12 | - `CF_API_TOKEN`: Codefresh API Token -------------------------------------------------------------------------------- /plugins/import-docker-images/example.yaml: -------------------------------------------------------------------------------- 1 | import_images: 2 | title: Importing images 3 | description: import Docker images form external registry 4 | image: codefresh/import-images 5 | -------------------------------------------------------------------------------- /plugins/import-docker-images/plugin.yaml: -------------------------------------------------------------------------------- 1 | title: Import Docker Images 2 | image: codefresh/import-images:master 3 | description: Import metadata for existing Docker images into Codefresh 4 | category: 5 | - Featured 6 | source: 'https://github.com/codefresh-io/cf-import-image' 7 | logo: 'https://raw.githubusercontent.com/codefresh-io/plugins/new-pipeline/plugins/vault/logo.jpg' 8 | maintainers: 9 | - name: Alexei Ledenev 10 | envs: 11 | - name: IMAGES 12 | description: 'list of comma separated image names (with tags)(required)' 13 | - name: REGISTRY 14 | description: registry DNS name (including port if needed, default to `docker.io`) 15 | - name: USERNAME 16 | description: 'Docker registry user name (optional)' 17 | - name: PASSWORD 18 | description: 'Docker registry password (optional)' 19 | - name: CF_URL 20 | description: 'Codefresh URL, for example https://g.codefresh.io (required)' 21 | - name: CF_API_TOKEN 22 | description: 'Codefresh API Token (required)' 23 | -------------------------------------------------------------------------------- /plugins/import-docker-images/plugin_old.yaml: -------------------------------------------------------------------------------- 1 | image: codefresh/import-images 2 | tag: master 3 | version: 0.3.0 4 | description: Import metadata for existing Docker images into Codefresh 5 | keywords: 6 | - docker 7 | home: https://github.com/codefresh-io/cf-import-image 8 | sources: 9 | - https://github.com/codefresh-io/cf-import-image 10 | maintainers: # (optional) 11 | - name: Alexei Ledenev 12 | email: alexei@codefresh.io 13 | icon: https://dab1nmslvvntp.cloudfront.net/wp-content/uploads/2016/11/1479211772build-image-with-dockerfile_feature.jpg 14 | envs: 15 | - name: IMAGES 16 | type: required 17 | description: list of comma separated image names (with tags) 18 | - name: REGISTRY 19 | description: registry DNS name (including port if needed, default to `docker.io`) 20 | - USERNAME`: Docker registry user name (optional) 21 | - name: PASSWORD 22 | description: Docker registry password (optional) 23 | - name: CF_URL 24 | type: required 25 | description: Codefresh URL, for example https://g.codefresh.io 26 | - name: CF_API_TOKEN 27 | type: required 28 | description: Codefresh API Token -------------------------------------------------------------------------------- /plugins/jira/NOTES.md: -------------------------------------------------------------------------------- 1 | ## Notes -------------------------------------------------------------------------------- /plugins/jira/README.md: -------------------------------------------------------------------------------- 1 | # Codefresh Jira Plugin 2 | 3 | Use Codefresh Jira plugin to interact with a Jira instance. 4 | 5 | ## Usage 6 | 7 | 8 | ```yaml 9 | --- 10 | version: '1.0' 11 | 12 | steps: 13 | 14 | ... 15 | 16 | UpdateJira: 17 | title: Update Jira Issue 18 | image: otomato/jira-cli:alpine 19 | commands: 20 | - yes n | jira-cli update ${JIRAID} --comment 'New docker image otomato/bringon:${{CF_SHORT_REVISION}}. Build log is here ${{CF_BUILD_URL}}' --jira-url ${JIRA_URL} -u ${JIRA_USR} -p ${JIRA_PWD} 21 | when: 22 | condition: 23 | all: 24 | JiraIdFound: 'match("${JIRAID}", "[A-Z]+-[0-9]+", true)' 25 | ... 26 | 27 | ``` 28 | 29 | ## Environment Variables 30 | 31 | - **required** `JIRA_URL` - Url to Jira instance 32 | - **required** `JIRA_USR` - Jira user 33 | - **required** `JIRA_PWD` - - Jira password 34 | -------------------------------------------------------------------------------- /plugins/jira/plugin.yaml: -------------------------------------------------------------------------------- 1 | image: otomato/jira-cli 2 | tag: alpine 3 | version: 0.1.0 4 | description: Update a Jira ticket 5 | keywords: 6 | - jira 7 | home: https://github.com/codefreshdemo/jira-cli-docker 8 | sources: 9 | - https://github.com/codefreshdemo/jira-cli-docker 10 | maintainers: # (optional) 11 | - name: Ant Weiss 12 | email: anton@otomato.link 13 | icon: https://github.com/codefreshdemo/jira-cli-docker/blob/master/jira-logo.png 14 | envs: 15 | - name: JIRA_URL 16 | type: required 17 | description: Url to Jira instance 18 | - name: JIRA_USR 19 | type: required 20 | description: Jira user 21 | - name: JIRA_PWD 22 | type: required 23 | description: Jira password 24 | -------------------------------------------------------------------------------- /plugins/kompose/README.md: -------------------------------------------------------------------------------- 1 | [![Codefresh build status]( https://g.codefresh.io/api/badges/build?repoOwner=codefresh-io&repoName=plugins&branch=master&pipelineName=Kompose%20Plugin&accountName=codefresh-inc&type=cf-1)]( https://g.codefresh.io/repositories/codefresh-io/plugins/builds?filter=trigger:build;branch:master;service:5a1c225585e11a0001cb2de1~Kompose%20Plugin) 2 | 3 | # Codefresh Kompose Plugin 4 | 5 | Use Codefresh [Kompose](http://kompose.io) plugin to deploy or convert a Docker Compose file into Kubernetes resources. 6 | 7 | ## Usage 8 | 9 | Set required and optional environment variable and add the following step to your Codefresh pipeline: 10 | 11 | ```yaml 12 | --- 13 | version: '1.0' 14 | 15 | steps: 16 | 17 | ... 18 | 19 | release_to_env: 20 | image: codefresh/plugin-kompose:v1.5.0 21 | 22 | ... 23 | 24 | ``` 25 | 26 | ## Environment Variables 27 | 28 | - **required** `KUBE_CONTEXT` - Kubernetes context to use 29 | - `FILE` - Docker Compose file to deploy (default `docker-compose.yaml` file) 30 | - `NAMESPACE` - target Kubernetes namespace (default `default` namespace) 31 | - `REPLICAS` - specify the number of replicas generated (default `1`) 32 | - `VOLUMES` - volumes to be generated (`persistentVolumeClaim`|`emptyDir`) (default `persistentVolumeClaim`) 33 | - `DRY_RUN` - do a "dry run" (print out) deployment (do not install anything, useful for Debug) 34 | - `DEBUG` - print verbose install output 35 | 36 | 37 | ## Kubernetes Configuration 38 | 39 | Add Kubernetes integration to Codefresh: `> Account Settings > Integration > Kubernetes`. From now on, you can use added Kubernetes cluster in Codefresh pipeline, addressing its context by the name you see in `Clusters` menu. 40 | 41 | ## Building Plugin 42 | 43 | Use `docker build` command to build the plugin. 44 | Two build arguments can be provided to override default `kubectl`, `helm` and `kompose` version: 45 | 46 | - `HELM_VERSION` - default to `latest` 47 | - `KOMPOSE_VERSION` - default to `v1.5.0` -------------------------------------------------------------------------------- /plugins/kompose/example.yaml: -------------------------------------------------------------------------------- 1 | release_to_env: 2 | image: codefresh/plugin-kompose:v1.5.0 3 | -------------------------------------------------------------------------------- /plugins/kompose/example/codefresh.yaml: -------------------------------------------------------------------------------- 1 | version: '1.0' 2 | 3 | steps: 4 | 5 | dry_run: 6 | image: codefresh/plugin-kompose:v1.5.0 7 | environment: 8 | - NAMESPACE=kompose-test 9 | - FILE=stable/kompose/example/docker-compose.yaml 10 | - DEBUG=true 11 | - DRY_RUN=true 12 | 13 | deploy_to_cluster: 14 | image: codefresh/plugin-kompose:v1.5.0 15 | environment: 16 | - NAMESPACE=kompose-test 17 | - FILE=stable/kompose/example/docker-compose.yaml 18 | - DEBUG=true 19 | -------------------------------------------------------------------------------- /plugins/kompose/example/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: "2" 2 | 3 | services: 4 | 5 | redis-master: 6 | image: gcr.io/google_containers/redis:e2e 7 | ports: 8 | - "6379" 9 | 10 | redis-slave: 11 | image: gcr.io/google_samples/gb-redisslave:v1 12 | ports: 13 | - "6379" 14 | environment: 15 | - GET_HOSTS_FROM=dns 16 | 17 | frontend: 18 | image: gcr.io/google-samples/gb-frontend:v4 19 | ports: 20 | - "80:80" 21 | environment: 22 | - GET_HOSTS_FROM=dns 23 | labels: 24 | kompose.service.type: LoadBalancer 25 | -------------------------------------------------------------------------------- /plugins/kompose/plugin.yaml: -------------------------------------------------------------------------------- 1 | title: Codefresh Kompose 2 | image: codefresh/plugin-kompose:v1.5.0 3 | description: Release a Docker Compose to Kubernetes 4 | category: 5 | - Featured 6 | source: 'https://github.com/codefresh-io/cf-kompose-plugin' 7 | logo: 'http://cdn.rancher.com/wp-content/uploads/2016/04/20182217/compose-300x295.png' 8 | maintainers: 9 | - name: Alexei Ledenev 10 | envs: 11 | - name: KUBE_CONTEXT 12 | description: 'Kubernetes context to use (required)' 13 | - name: FILE 14 | description: 'Docker Compose file to deploy (default docker-compose.yaml file)' 15 | - name: NAMESPACE 16 | description: 'target Kubernetes namespace (default "default")' 17 | - name: VOLUMES 18 | description: 'volumes to be generated ("persistentVolumeClaim"|"emptyDir") (default "persistentVolumeClaim")' 19 | - name: REPLICAS 20 | description: 'specify the number of replicas generated (default 1)' 21 | - name: DRY_RUN 22 | description: 'do a "dry run" (print out) deployment (do not install anything, useful for Debug)' 23 | - name: DEBUG 24 | description: 'print verbose install output' 25 | -------------------------------------------------------------------------------- /plugins/kompose/plugin_old.yaml: -------------------------------------------------------------------------------- 1 | image: codefresh/plugin-helm 2 | tag: v1.5.0 3 | version: 1.0.0 4 | description: Release a Docker Compose to Kubernetes 5 | keywords: 6 | - docker-compose 7 | - docker 8 | - kompose 9 | - kubernetes 10 | home: https://github.com/codefresh-io/cf-kompose-plugin 11 | sources: 12 | - https://github.com/codefresh-io/cf-kompose-plugin 13 | maintainers: # (optional) 14 | - name: Alexei Ledenev 15 | email: alexei@codefresh.io 16 | icon: http://cdn.rancher.com/wp-content/uploads/2016/04/20182217/compose-300x295.png 17 | envs: 18 | - name: KUBE_CONTEXT 19 | type: required 20 | description: Kubernetes context to use 21 | - name: FILE 22 | description: Docker Compose file to deploy (default "docker-compose.yaml` file) 23 | - name: NAMESPACE 24 | description: target Kubernetes namespace (default "default") 25 | - name: VOLUMES 26 | description: volumes to be generated ("persistentVolumeClaim"|"emptyDir") (default "persistentVolumeClaim") 27 | - name: REPLICAS 28 | description: specify the number of replicas generated (default 1) 29 | - name: DRY_RUN 30 | description: do a "dry run" (print out) deployment (do not install anything, useful for Debug) 31 | - name: DEBUG 32 | description: print verbose install output 33 | context: 34 | - kind: kubernetes 35 | -------------------------------------------------------------------------------- /plugins/makisu/README.md: -------------------------------------------------------------------------------- 1 | # Makisu plugin 2 | 3 | The plugin makes using [Makisu build tool](https://github.com/uber/makisu) easier in a Codefresh pipeline. 4 | 5 | ### Requirements 6 | 7 | The plugin requires access to the docker daemon enabled, so one have to request it from Codefresh administrators, unless the user uses a Hybrid solution (running builds on his own infrastructure. 8 | 9 | ### Basic usage 10 | 11 | This example covers the most common case - to build and push an image using Makisu distributed cache and flexible layer generation features. 12 | 13 | ``` 14 | makisuBuildStep: 15 | image: codefresh/cfstep-makisu 16 | environment: 17 | - REGISTRY_HOSTNAME=docker.io 18 | - R_USER=my_username 19 | - R_PASSWORD=my_password 20 | - IMAGE_NAME_TAG=image/name:tag 21 | ``` 22 | 23 | By default the makisu context is the main clone directory, but it can be changed with the WORKING_DIRECTORY environment variable. The dockerfile path can also be specified by the DOCKERFILE variable 24 | 25 | ### Advanced usage 26 | 27 | If a user needs more flexibility, it is not a problem to add custom flags to the makisu buildcommand: 28 | 29 | ``` 30 | .... 31 | environment: 32 | - CUSTOM_FLAGS='--compression=speed ...' 33 | ``` 34 | 35 | or to completely override the makisu command: 36 | 37 | ``` 38 | makisuBuildStep: 39 | image: codefresh/cfstep-makisu 40 | environment: 41 | - REGISTRY_HOSTNAME=docker.io 42 | - R_USER=my_username 43 | - R_PASSWORD=my_password 44 | - MAKISU_COMMAND='makisu build -t myimage/name:tag --storage /codefresh/volume/makisu --modifyfs=true --commit=explicit --registry-config=/makisu-internal/registry-conf.yml --push docker.io --compression=speed .' 45 | ``` -------------------------------------------------------------------------------- /plugins/makisu/example.yaml: -------------------------------------------------------------------------------- 1 | makisuBuildStep: 2 | image: codefresh/cfstep-makisu 3 | environment: 4 | - REGISTRY_HOSTNAME=docker.io 5 | - R_USER=my_username 6 | - R_PASSWORD=my_password 7 | - IMAGE_NAME_TAG=image/name:tag 8 | 9 | -------------------------------------------------------------------------------- /plugins/makisu/plugin.yml: -------------------------------------------------------------------------------- 1 | title: Makisu plugin 2 | image: codefresh/cfstep-makisu:latest 3 | description: The plugin makes using Makisu build tool easier in a Codefresh pipeline 4 | category: 5 | - Featured 6 | source: https://github.com/codefresh-contrib/cfstep-makisu 7 | logo: 'https://github.githubassets.com/images/icons/emoji/unicode/1f363.png' 8 | maintainer: 9 | - name: Alexander Cheshko 10 | envs: 11 | - name: IMAGE_NAME_TAG 12 | description: "Name and tag of the image to build (required)" 13 | - name: REGISTRY_HOSTNAME 14 | description: "Docker registry host name. Example: docker.io (required)" 15 | - name: R_USER 16 | description: "User name to authenticate against the registry (required)" 17 | - name: R_PASSWORD 18 | description: "Password to authenticate against the registry (required)" 19 | - name: DOCKERFILE 20 | - name: CUSTOM_FLAGS 21 | description: "Add custom flags to the makisu build command" 22 | - name: MAKISU_COMMAND 23 | description: "This is to override the makisu build command" 24 | - name: WORKING_DIRECTORY 25 | description: "Changes the makisu context directory. Default is the main clone directory" 26 | -------------------------------------------------------------------------------- /plugins/paclair/README.md: -------------------------------------------------------------------------------- 1 | # cfstep-paclair [![Codefresh build status]( https://g.codefresh.io/api/badges/pipeline/codefresh-inc/codefresh-contrib%2Fcfstep-paclair%2Fcfstep-paclair?branch=master&type=cf-1)]( https://g.codefresh.io/repositories/codefresh-contrib/cfstep-paclair/builds?filter=trigger:build;branch:master;service:5bbe7af8a3686e081e4e1b91~cfstep-paclair) 2 | 3 | Custom Docker image to support clair image scanning from Codefresh pipeline 4 | 5 | ### OOTB Step DockerHub 6 | 7 | https://hub.docker.com/r/codefresh/cfstep-paclair/ 8 | 9 | ### OOTB Step Project Repository 10 | 11 | https://github.com/codefresh-contrib/cfstep-paclair 12 | 13 | ### Prerequisites: 14 | 15 | Codefresh Subscription - https://codefresh.io/ 16 | 17 | Running Clair Instance - 18 | Helm Chart is available to install here: https://github.com/coreos/clair/tree/master/contrib/helm 19 | 20 | ### Documentation: 21 | 22 | paclair: https://github.com/yebinama/paclair 23 | 24 | ### Tested Registries 25 | 26 | Codefresh Registry - No special setup required. 27 | 28 | Username is your Codefresh Username and Docker Registry keys can be created here https://g.codefresh.io/user/settings 29 | 30 | ECR - Requires AWS CLI credentials with access to ECR. 31 | `REGISTRY=ecr` will find the proper ECR registry using your credentials and image. 32 | 33 | AWS CLI Credentials required for ECR: 34 | https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html 35 | 36 | | ENVIRONMENT VARIABLE | 37 | | --------------------- | 38 | | AWS_ACCESS_KEY_ID | 39 | | AWS_DEFAULT_REGION | 40 | | AWS_SECRET_ACCESS_KEY | 41 | 42 | Registries with Basic auth and Token based auth should work. 43 | 44 | ### Full List of Options 45 | 46 | To use an ENVIRONMENT VARIABLE you need to add the variables to your Codefresh Pipeline and also to your codefresh.yml. 47 | 48 | Example `codefresh.yml` build is below with required ENVIRONMENT VARIABLES in place. 49 | 50 | | ENVIRONMENT VARIABLE | DEFAULT | TYPE | REQUIRED | DESCRIPTION | 51 | |----------------------------|----------|---------|----------|---------------------------------------------------------------------------------------------------------------------------------| 52 | | API_PREFIX | null | string | No | Prefix for API to Docker Registry | 53 | | CF_ACCOUNT | null | string | No | Codefresh Account Name | 54 | | CLAIR_URL | null | string | Yes | https://clair.domain.com:6060 | 55 | | IMAGE | null | string | Yes | Docker Image Name | 56 | | PROTOCOL | https | string | No | Docker Registry Protocol | 57 | | REGISTRY | r.cfcr.io | string | No | For ECR use `ecr` else use domain name for Docker Registry | 58 | | REGISTRY_PASSWORD | null | string | Yes | Docker Registry Password | 59 | | REGISTRY_USERNAME | null | string | Yes | Docker Registry Username | 60 | | SEVERITY_THRESHOLD | null | string | No | critical, high, medium, low, negligible, unknown | 61 | | TOKEN | null | string | No | Docker Registry Auth Token | 62 | | TOKEN_TYPE | Bearer | string | No | Docker Registry Auth Token Type | 63 | | TOKEN_URL | null | string | No | Docker Registry Auth Token URL | 64 | | TAG | null | string | Yes | Docker Image Tag | 65 | 66 | ### SEVERITY_THRESHOLD 67 | 68 | If variable is set step will check that the threshold is not met or exceeded. 69 | 70 | For example, high would fail your build if you had high or critical vulnerabilties on your Docker image. 71 | 72 | ### codefresh.yml 73 | 74 | Codefresh Build Step to execute Clair scan. 75 | All `${{var}}` variables must be put into Codefresh Build Parameters 76 | codefresh.yml 77 | 78 | ``` console 79 | version: '1.0' 80 | steps: 81 | BuildingDockerImage: 82 | title: Building Docker Image 83 | type: build 84 | image_name: codefresh/demochat # Replace with your Docker image name 85 | working_directory: ./ 86 | dockerfile: Dockerfile 87 | tag: '${{CF_BRANCH_TAG_NORMALIZED}}' 88 | CheckClair: 89 | image: codefresh/cfstep-paclair:3.1.0 90 | environment: 91 | - CF_ACCOUNT=dustinvanbuskirk 92 | - IMAGE=example-voting-app/worker # Replace with your Docker image name 93 | - TAG=${{CF_BRANCH_TAG_NORMALIZED}} 94 | on_success: # Execute only once the step succeeded 95 | metadata: # Declare the metadata attribute 96 | set: # Specify the set operation 97 | - ${{BuildingDockerImage.imageId}}: # Select any number of target images 98 | - SECURITY_SCAN: true 99 | on_fail: # Execute only once the step failed 100 | metadata: # Declare the metadata attribute 101 | set: # Specify the set operation 102 | - ${{BuildingDockerImage.imageId}}: # Select any number of target images 103 | - SECURITY_SCAN: false 104 | ArchiveReport: 105 | image: mesosphere/aws-cli 106 | commands: 107 | - aws s3 cp ./reports/clair-scan-example-voting-app-worker-${{CF_BRANCH_TAG_NORMALIZED}}.html s3://${{S3_BUCKETNAME}}/${{CF_BUILD_ID}}/clair-scan-example-voting-app-worker-${{CF_BRANCH_TAG_NORMALIZED}}.html --acl public-read 108 | on_success: 109 | metadata: 110 | set: 111 | - ${{BuildingDockerImage.imageId}}: 112 | - CLAIR_REPORT: "https://s3.amazonaws.com/${{S3_BUCKETNAME}}/${{CF_BUILD_ID}}/clair-scan-example-voting-app-worker-${{CF_BRANCH_TAG_NORMALIZED}}.html" 113 | ``` 114 | 115 | The HTML report is stored in `./reports/clair-scan-{image name}-{image tag}.html` 116 | Any `/` characters in `{image name}` are replaced with `-` 117 | 118 | Optional Storage Step Variables for AWS S3: 119 | 120 | | ENVIRONMENT VARIABLE | DEFAULT | TYPE | REQUIRED | DESCRIPTION | 121 | |----------------------------|----------|---------|----------|---------------------------------------------------------------------------------------------------------------------------------| 122 | | AWS_ACCESS_KEY_ID | null | string | No | AWS Access Key of S3 Bucket | 123 | | AWS_DEFAULT_REGION | null | string | Yes | AWS Region of S3 Bucket | 124 | | AWS_SECRET_ACCESS_KEY | null | string | Yes | AWS Secret Key of S3 Bucket | 125 | | S3_BUCKETNAME | null | string | Yes | Name of S3 Bucket to Store Reports | 126 | 127 | ### Notes 128 | 129 | Not yet supporting manual Cert validation. Coming soon along with tests. -------------------------------------------------------------------------------- /plugins/paclair/example.yaml: -------------------------------------------------------------------------------- 1 | version: '1.0' 2 | steps: 3 | BuildingDockerImage: 4 | title: Building Docker Image 5 | type: build 6 | image_name: codefresh/demochat # Replace with your Docker image name 7 | working_directory: ./ 8 | dockerfile: Dockerfile 9 | tag: '${{CF_BRANCH_TAG_NORMALIZED}}' 10 | CheckClair: 11 | image: codefresh/cfstep-paclair:3.1.0 12 | environment: 13 | - IMAGE=${{BuildingDockerImage}} 14 | - TAG=${{CF_BRANCH_TAG_NORMALIZED}} 15 | on_success: 16 | metadata: 17 | set: 18 | - ${{BuildingDockerImage.imageId}}: 19 | - SECURITY_SCAN: true 20 | on_fail: 21 | metadata: 22 | set: 23 | - ${{BuildingDockerImage.imageId}}: 24 | - SECURITY_SCAN: false 25 | ArchiveReport: 26 | image: mesosphere/aws-cli 27 | commands: 28 | - aws s3 cp ./reports/${{BuildingDockerImage}}-${{CF_BRANCH_TAG_NORMALIZED}}.html s3://${{S3_BUCKETNAME}}/${{CF_BUILD_ID}}/${{BuildingDockerImage}}-${{CF_BRANCH_TAG_NORMALIZED}}.html 29 | on_success: 30 | metadata: 31 | set: 32 | - ${{BuildingDockerImage.imageId}}: 33 | - CLAIR_REPORT: "https://s3.amazonaws.com/${{S3_BUCKETNAME}}/${{CF_BUILD_ID}}/${{BuildingDockerImage}}-${{CF_BRANCH_TAG_NORMALIZED}}.html" -------------------------------------------------------------------------------- /plugins/paclair/plugin.yaml: -------------------------------------------------------------------------------- 1 | title: paclair 2 | image: codefresh/cfstep-paclair 3 | category: 4 | - Security 5 | version: 0.1.0 6 | description: "Scan docker images with Clair - https://github.com/coreos/clair" 7 | keywords: 8 | - docker 9 | - clair 10 | - security 11 | source: https://github.com/codefresh-contrib/cfstep-paclair 12 | maintainers: 13 | - name: Dustin Van Buskirk 14 | email: dustinb@codefresh.io 15 | logo: https://cloud.githubusercontent.com/assets/343539/21630811/c5081e5c-d202-11e6-92eb-919d5999c77a.png 16 | envs: 17 | - name: API_PREFIX 18 | description: "Prefix for API to Docker Registry" 19 | - name: CLAIR_URL 20 | description: https://clair.domain.com:6060 21 | - name: IMAGE 22 | description: "Docker Image Name" 23 | - name: PROTOCOL 24 | description: "Docker Registry Protocol" 25 | - name: REGISTRY 26 | description: "For ECR use `ecr` else use domain name for Docker Registry" 27 | - name: REGISTRY_PASSWORD 28 | description: Docker Registry Password 29 | - name: REGISTRY_USERNAME 30 | description: Docker Registry Username 31 | - name: SEVERITY_THRESHOLD 32 | description: "critical, high, medium, low, negligible, unknown" 33 | - name: TOKEN 34 | description: "Docker Registry Auth Token" 35 | - name: TOKEN_TYPE 36 | description: "Docker Registry Auth Token Type" 37 | - name: TOKEN_URL 38 | description: "Docker Registry Auth Token URL" 39 | - name: TAG 40 | description: "Docker Image Tag" 41 | -------------------------------------------------------------------------------- /plugins/release-to-NPM/NOTES.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codefresh-io/plugins/1b7236d9270736e84b6aa5991008311cf9a0b3a9/plugins/release-to-NPM/NOTES.md -------------------------------------------------------------------------------- /plugins/release-to-NPM/README.md: -------------------------------------------------------------------------------- 1 | # Codefresh release-to-npm Plugin 2 | 3 | The release-to-npm can be used to publish images to npm. 4 | 5 | ## Usage 6 | 7 | Set required and optional environment variable and add the following step to your Codefresh pipeline: 8 | 9 | ```yaml 10 | --- 11 | version: '1.0' 12 | 13 | steps: 14 | 15 | ... 16 | 17 | deploy_to_npm: 18 | title: Publishing To Npm 19 | image: codefresh/release-to-npm 20 | commands: 21 | - NPM_TOKEN=${{NPM_TOKEN}} npm run release-to-npm 22 | ... 23 | 24 | ``` 25 | 26 | ## Environment Variables 27 | 28 | - **required** `NPM_TOKEN` - token of npm account 29 | 30 | ## How to use 31 | 32 | - Add as a dependency to your project `npm install --save-dev release-to-npm` 33 | 34 | - Login into your project's NPM registry 35 | 36 | ``` 37 | npm login --registry 38 | npm login --registry http://registry.npmjs.org 39 | ``` 40 | 41 | - Copy the token 42 | 43 | see how to extracting the NPM_TOKEN https://docs.npmjs.com/private-modules/ci-server-config#getting-an-authentication-token 44 | 45 | - Set the token as environment variable 46 | 47 | - Add script command 48 | 49 | Create a script command to run the release-to-npm, in your `package.json` 50 | 51 | ```json 52 | { 53 | "scripts": { 54 | "release-to-npm": "release-to-npm" 55 | } 56 | } 57 | ``` 58 | 59 | 60 | 61 | 62 | -------------------------------------------------------------------------------- /plugins/release-to-NPM/example.yaml: -------------------------------------------------------------------------------- 1 | deploy_to_npm: 2 | title: Publishing To Npm 3 | image: codefresh/release-to-npm 4 | commands: 5 | - NPM_TOKEN=${{NPM_TOKEN}} npm run release-to-npm 6 | -------------------------------------------------------------------------------- /plugins/release-to-NPM/plugin.yaml: -------------------------------------------------------------------------------- 1 | title: Publish on NPM 2 | image: codefresh/release-to-npm:latest 3 | description: Publishes a nodejs package to NPM registry 4 | category: 5 | - Featured 6 | source: 'https://github.com/codefresh-io/plugins/blob/master/plugins/release-to-NPM' 7 | logo: 'https://authy.com/wp-content/uploads/npm-logo.png' 8 | maintainers: 9 | - name: Jakob Stuart 10 | envs: 11 | - name: NPM_TOKEN 12 | description: 'token of npm account (required)' 13 | -------------------------------------------------------------------------------- /plugins/run-jenkins-job/README.md: -------------------------------------------------------------------------------- 1 | # Trigger Jenkins Job 2 | 3 | 4 | ## Run locally 5 | `go get codefresh-io/cf-run-jenkins-job` 6 | ``` 7 | NAME: 8 | cf-run-jenkins-job 9 | 10 | DESCRIPTION: 11 | Trigger Jenkins Job 12 | 13 | ## Mandatory Parameters: 14 | 15 | JENKINS_URL - Jenkins Master URL 16 | JENKINS_USER - Jenkins User Name 17 | JENKINS_TOKEN - Jenkins Token 18 | JENKINS_JOB - Jenkins Job Name 19 | 20 | ## Usage Example: 21 | 22 | version: '1.0' 23 | steps: 24 | RunJenkins: 25 | title: Triggering Jenkins Job 26 | image: codefresh/cf-run-jenkins-job 27 | environment: 28 | - JENKINS_URL=http://: 29 | - JENKINS_USER= 30 | - JENKINS_TOKEN= 31 | - JENKINS_JOB= 32 | -------------------------------------------------------------------------------- /plugins/run-jenkins-job/example.yaml: -------------------------------------------------------------------------------- 1 | RunJenkins: 2 | title: Triggering Jenkins Job 3 | image: codefresh/cf-run-jenkins-job 4 | environment: 5 | - JENKINS_URL=http://: 6 | - JENKINS_USER= 7 | - JENKINS_TOKEN= 8 | - JENKINS_JOB= 9 | -------------------------------------------------------------------------------- /plugins/run-jenkins-job/plugin.yaml: -------------------------------------------------------------------------------- 1 | title: Run jenkins job 2 | image: codefresh/run-jenkins-jobs:master 3 | description: Run jenkins job from codefresh pipeline 4 | category: 5 | - Featured 6 | source: 'https://github.com/codefresh-io/cf-run-jenkins-jobs' 7 | logo: 'https://dab1nmslvvntp.cloudfront.net/wp-content/uploads/2016/11/1479211772build-image-with-dockerfile_feature.jpg' 8 | maintainers: 9 | - name: Vadim Waisman 10 | envs: 11 | - name: JENKINS_USERNAME 12 | description: jenkins username (required) 13 | - name: JENKINS_TOKEN 14 | description: jenkins token (required) 15 | - name: JENKINS_URL 16 | description: jenkins machine url (required) 17 | - name: JENKINS_JOB 18 | description: list of jenkins jobs to run separated by spaces (required) 19 | -------------------------------------------------------------------------------- /plugins/run-jenkins-job/plugin_old.yaml: -------------------------------------------------------------------------------- 1 | image: codefresh/run-jenkins-jobs 2 | tag: master 3 | version: 0.1.0 4 | description: Run jenkins job from codefresh pipeline 5 | keywords: 6 | - docker 7 | - jenkins 8 | home: https://github.com/codefresh-io/cf-run-jenkins-jobs 9 | sources: 10 | - https://github.com/codefresh-io/cf-run-jenkins-jobs 11 | maintainers: # (optional) 12 | - name: Vadim Waisman 13 | email: vadim@codefresh.io 14 | - name: Jenny Passi 15 | email: jenny@codefresh.io 16 | icon: https://dab1nmslvvntp.cloudfront.net/wp-content/uploads/2016/11/1479211772build-image-with-dockerfile_feature.jpg 17 | envs: 18 | - name: JENKINS_USERNAME 19 | type: required 20 | description: jenkins username 21 | - name: JENKINS_TOKEN 22 | type: required 23 | description: jenkins token 24 | - name: JENKINS_URL 25 | type: required 26 | description: jenkins machine url 27 | - name: JENKINS_JOB 28 | type: required 29 | description: list of jenkins jobs to run separated by spaces 30 | -------------------------------------------------------------------------------- /plugins/sendgrid/README.md: -------------------------------------------------------------------------------- 1 | # Codefresh plugin for send e-mail letters 2 | 3 | Codefresh plugin for send e-mail notification via SendGrid 4 | 5 | ## Main env variables 6 | - `SENDGRID_APIKEY` - API key from SendGrid 7 | - `SENDGRID_MAIL` - mail where the letter will be sent, you can use _comma_ divider to send on multiple mails (ex. `mail1@example.com, mail2@exmaple.com`) 8 | - `SENDGRID_FROM` - from header of mail 9 | - `SENDGRID_SUBJECT` - subject header of mail 10 | - `SENDGRID_TYPE` - type of mail [build, message, custom] 11 | 12 | ## Mail types 13 | ### build 14 | Info about current build 15 | ### message 16 | Send simple message with text from `SENDGRID_MESSAGE` 17 | ### custom 18 | Send message with custom template via [ejs](https://www.npmjs.com/package/ejs) provided `SENDGRID_TEMPLATE` 19 | 20 | ## Config for codefresh.yml 21 | ``` 22 | version: '1.0' 23 | ... 24 | steps: 25 | ... 26 | TestMail: 27 | title: Test Mail 28 | image: 'codefresh/sendgridplugin:latest' 29 | ... 30 | ... 31 | ``` 32 | -------------------------------------------------------------------------------- /plugins/sendgrid/example.yaml: -------------------------------------------------------------------------------- 1 | TestMail: 2 | title: Test Mail 3 | image: 'codefresh/sendgridplugin:latest' 4 | -------------------------------------------------------------------------------- /plugins/sendgrid/plugin.yaml: -------------------------------------------------------------------------------- 1 | title: Send e-mail via Sendgrid 2 | image: codefresh/sendgridplugin:latest 3 | description: Send e-mail via Sendgrid 4 | category: 5 | - Featured 6 | source: 'https://github.com/codefresh-io/sendgridplugin' 7 | logo: 'https://images.ctfassets.net/bx16dovk9m7p/XNo9W4lwAMsai8KOikAae/35f6df5bf800dd4993c2d98376448f0d/a37a5b5ab495b5531dd406d40baa8a5c.png' 8 | maintainers: 9 | - name: Pavel Kostohrys 10 | envs: 11 | - name: SENDGRID_APIKEY 12 | description: 'API key from SendGrid (required)' 13 | - name: SENDGRID_MAIL 14 | type: required 15 | description: 'mail where the letter will be sent, you can use comma divider to send on multiple mails (ex.: mail1@example.com, mail2@exmaple.com)' 16 | - name: SENDGRID_FROM 17 | description: 'from header of mail (required)' 18 | - name: SENDGRID_SUBJECT 19 | description: 'subject header of mail (required)' 20 | - name: SENDGRID_TYPE 21 | description: 'type of mail [build, message, custom] (required)' 22 | - name: SENDGRID_MESSAGE 23 | description: Text of message for type message 24 | - name: SENDGRID_TEMPLATE 25 | description: Template of message for type message 26 | -------------------------------------------------------------------------------- /plugins/sendgrid/plugin_old.yaml: -------------------------------------------------------------------------------- 1 | image: codefresh/sendgridplugin 2 | version: latest 3 | description: Send e-mail via Sendgrid 4 | keywords: 5 | - mail 6 | - sendgrid 7 | home: https://github.com/codefresh-io/sendgridplugin 8 | sources: 9 | - https://github.com/codefresh-io/sendgridplugin 10 | maintainers: 11 | - name: Pavel Kostohrys 12 | email: pavel@codefresh.io 13 | icon: https://images.ctfassets.net/bx16dovk9m7p/XNo9W4lwAMsai8KOikAae/35f6df5bf800dd4993c2d98376448f0d/a37a5b5ab495b5531dd406d40baa8a5c.png 14 | envs: 15 | - name: SENDGRID_APIKEY 16 | type: required 17 | description: API key from SendGrid 18 | - name: SENDGRID_MAIL 19 | type: required 20 | description: mail where the letter will be sent, you can use comma divider to send on multiple mails (ex.: mail1@example.com, mail2@exmaple.com) 21 | - name: SENDGRID_FROM 22 | type: required 23 | description: from header of mail 24 | - name: SENDGRID_SUBJECT 25 | type: required 26 | description: subject header of mail 27 | - name: SENDGRID_TYPE 28 | type: required 29 | description: type of mail [build, message, custom] 30 | - name: SENDGRID_MESSAGE 31 | description: Text of message for type message 32 | - name: SENDGRID_TEMPLATE 33 | description: Template of message for type message 34 | -------------------------------------------------------------------------------- /plugins/slack-notifier/NOTES.md: -------------------------------------------------------------------------------- 1 | ## Notes -------------------------------------------------------------------------------- /plugins/slack-notifier/README.md: -------------------------------------------------------------------------------- 1 | # Codefresh Slack Plugin 2 | 3 | Use Codefresh Slack plugin to send a message to a channel. 4 | 5 | ## Usage 6 | 7 | Simple mode - just send text or attachment to slack channel 8 | 9 | ```yaml 10 | --- 11 | version: '1.0' 12 | 13 | steps: 14 | 15 | ... 16 | 17 | SendToSlack: 18 | title: Sending message to slack 19 | image: codefresh/slacknotifier 20 | environment: 21 | - SLACK_HOOK_URL=${{SLACK_HOOK_URL}} 22 | - SLACK_TEXT=${{SLACK_TEXT}} 23 | - SLACK_ATTACHMENTS=${{SLACK_ATTACHMENTS}} 24 | ... 25 | 26 | ``` 27 | 28 | Template mode - ability to have one template body and just override fields 29 | 30 | ```yaml 31 | --- 32 | version: '1.0' 33 | 34 | steps: 35 | 36 | ... 37 | 38 | SendToSlack: 39 | title: Sending message to slack 40 | image: codefresh/slacknotifier 41 | environment: 42 | - SLACK_HOOK_URL=${{SLACK_HOOK_URL}} 43 | - SLACK_TEXT=cool 44 | - SLACK_TEMPLATE_FIELDS=${{SLACK_TEMPLATE_FIELDS}} 45 | - SLACK_TEMPLATE_BODY=${{SLACK_TEMPLATE_BODY}} 46 | - MODE=template 47 | ... 48 | 49 | ``` 50 | 51 | Default template mode - send information about build 52 | 53 | ```yaml 54 | --- 55 | version: '1.0' 56 | 57 | steps: 58 | 59 | ... 60 | 61 | SendToSlack: 62 | title: Sending message to slack 63 | image: codefresh/slacknotifier 64 | environment: 65 | - SLACK_HOOK_URL=${{SLACK_HOOK_URL}} 66 | - MODE=default-template 67 | ... 68 | 69 | ``` 70 | 71 | 72 | 73 | ## Environment Variables 74 | 75 | - **required** `SLACK_HOOK_URL` - Url to the channel. Slack official [docs](https://api.slack.com/incoming-webhooks) 76 | - **required** `SLACK_TEXT` - The message that will be sent 77 | - `SLACK_ATTACHMENTS` - print verbose output 78 | - `MODE` - template | simple mode 79 | - `SLACK_TEMPLATE_FIELDS` - fields for override if use template mode 80 | - `SLACK_TEMPLATE_BODY` - message body if use template mode 81 | -------------------------------------------------------------------------------- /plugins/slack-notifier/plugin.yaml: -------------------------------------------------------------------------------- 1 | image: codefresh/slacknotifier 2 | version: latest 3 | description: Send message to slack channel 4 | keywords: 5 | - slack 6 | home: https://github.com/codefresh-io/slack-notifier 7 | sources: 8 | - https://github.com/codefresh-io/slack-notifier 9 | maintainers: # (optional) 10 | - name: Pavel Kostohrys 11 | email: pavel@codefresh.io 12 | icon: https://upload.wikimedia.org/wikipedia/commons/7/76/Slack_Icon.png 13 | envs: 14 | - name: SLACK_HOOK_URL 15 | type: required 16 | description: Url to the channel 17 | - name: SLACK_TEXT 18 | type: required 19 | description: Message to send 20 | - name: SLACK_ATTACHMENTS 21 | description: Attachments to send. Documentation https://api.slack.com/docs/message-attachments 22 | - name: MODE 23 | description: template | simple | default-template, by default - simple. In case with template mode you can have general body in attachment SLACK_TEMPLATE_BODY and different fields SLACK_TEMPLATE_FIELDS 24 | - name: SLACK_TEMPLATE_BODY 25 | type: required 26 | description: Required in template mode, general body, should be not array. Support only one attachment in body. Documentation https://api.slack.com/docs/message-attachments 27 | - name: SLACK_TEMPLATE_FIELDS 28 | type: required 29 | description: Required in template mode, Override fields in SLACK_TEMPLATE_BODY, should be array. Documentation https://api.slack.com/docs/message-attachments 30 | -------------------------------------------------------------------------------- /plugins/slack/NOTES.md: -------------------------------------------------------------------------------- 1 | ## Notes -------------------------------------------------------------------------------- /plugins/slack/README.md: -------------------------------------------------------------------------------- 1 | # Codefresh Slack Plugin 2 | 3 | Use Codefresh Slack plugin to send a message to a channel. 4 | 5 | ## Usage 6 | 7 | 8 | ```yaml 9 | --- 10 | version: '1.0' 11 | 12 | steps: 13 | 14 | ... 15 | 16 | SendToSlack: 17 | title: Sending message to slack 18 | image: codefresh/slack-message-sender 19 | commands: 20 | - slack-message-sender send 21 | environment: 22 | - WEBHOOK_URL=${{SLACK_WEBHOOK_URL}} 23 | - SLACK_MESSAGE=${{CF_COMMIT_MESSAGE}} 24 | ... 25 | 26 | ``` 27 | 28 | ## Environment Variables 29 | 30 | - **required** `WEBHOOK_URL` - Url to the channel. Slack official [docs](https://api.slack.com/incoming-webhooks) 31 | - **required** `SLACK_MESSAGE` - The message that will be sent 32 | - `DEBUG` - print verbose output 33 | -------------------------------------------------------------------------------- /plugins/slack/plugin.yaml: -------------------------------------------------------------------------------- 1 | image: codefresh/slack-message-sender 2 | version: 0.1.0 3 | description: Send message to slack channel 4 | keywords: 5 | - slack 6 | home: https://github.com/codefresh-io/slack-message-sender 7 | sources: 8 | - https://github.com/codefresh-io/slack-message-sender 9 | maintainers: # (optional) 10 | - name: Oleg Sucharevich 11 | email: olegs@codefresh.io 12 | icon: https://upload.wikimedia.org/wikipedia/commons/7/76/Slack_Icon.png 13 | envs: 14 | - name: WEBHOOK_URL 15 | type: required 16 | description: Url to the channel 17 | - name: SLACK_MESSAGE 18 | type: required 19 | description: Message to send 20 | - name: DEBUG 21 | description: print verbose install output -------------------------------------------------------------------------------- /plugins/telegram-notifier/NOTES.md: -------------------------------------------------------------------------------- 1 | ## Notes -------------------------------------------------------------------------------- /plugins/telegram-notifier/README.md: -------------------------------------------------------------------------------- 1 | # Telegram notify plugin 2 | 3 | Telegram plugin which gives the opportunity send any messages to users via bot. 4 | 5 | ## Usage 6 | 7 | ```yaml 8 | version: '1.0' 9 | ... 10 | steps: 11 | ... 12 | sendMessage: 13 | image: codefresh/telegramnotifier 14 | environment: 15 | - TELEGRAM_TOKEN=TOKEN 16 | - TELEGRAM_TO=99999999 17 | - TELEGRAM_MESSAGE=Hello {{{userLink}}}, how are you 18 | - TELEGRAM_IMAGES=https://codefresh.io/docs/assets/brand/codefresh-social.png 19 | ``` 20 | 21 | ## Required variables 22 | 23 | - `TELEGRAM_TOKEN` - token of your bot (cat get from [@BotFather](https://t.me/BotFather)) 24 | - `TELEGRAM_TO` - array of bot`s user id who will receive a message separated by comma (id you can retrieve from [@myidbot](https://t.me/myidbot)) 25 | 26 | ## Optional variables 27 | 28 | - `TELEGRAM_STATUS` - send info about current build, **if pass - all others variables will be ignored** 29 | - `TELEGRAM_MESSAGE` - text of message which will be sent to user, with [Handlebars.js](https://github.com/wycats/handlebars.js/), 30 | - available vars: 31 | - `{{buildTrigger}}` 32 | - `{{buildInitiator}}` 33 | - `{{buildId}}` 34 | - `{{buildTimestamp}}` 35 | - `{{buildUrl}}` 36 | - `{{repoOwner}}` 37 | - `{{repoName}}` 38 | - `{{branch}}` 39 | - `{{revision}}` 40 | - `{{commitAuthor}}` 41 | - `{{commitUrl}}` 42 | - `{{commitMessage}}` 43 | - `{{userID}}` - id of current telegram user 44 | - `{{{userLink}}}` - link to current telegram user 45 | 46 | - for text markup use Markdown 47 | - `TELEGRAM_IMAGES` - array of image links for attaching to message 48 | -------------------------------------------------------------------------------- /plugins/telegram-notifier/plugin.yaml: -------------------------------------------------------------------------------- 1 | image: codefresh/telegramnotifier 2 | version: latest 3 | description: Send message to telegram channel 4 | keywords: 5 | - telegram 6 | home: https://github.com/codefresh-io/telegram-notifier 7 | sources: 8 | - https://github.com/codefresh-io/telegram-notifier 9 | maintainers: # (optional) 10 | - name: Andrii Shaforostov 11 | email: andrii@codefresh.io 12 | icon: https://upload.wikimedia.org/wikipedia/commons/5/5c/Telegram_Messenger.png 13 | envs: 14 | - name: TELEGRAM_TOKEN 15 | type: required 16 | description: token of your bot 17 | - name: TELEGRAM_TO 18 | type: required 19 | description: array of user ids who will receive a message separated by comma 20 | - name: TELEGRAM_STATUS 21 | description: send info about current build 22 | - name: TELEGRAM_MESSAGE 23 | description: text of message which will be sent to user 24 | - name: TELEGRAM_IMAGES 25 | description: array of image links for attaching to message 26 | -------------------------------------------------------------------------------- /plugins/testplugin/README.MD: -------------------------------------------------------------------------------- 1 | # GitHub Pull Request Codefresh Plugin 2 | 3 | Creates a new pull request in GitHub 4 | 5 | ## Environment Variables 6 | 7 | - `GITHUB_TOKEN`: token for access to GitHub 8 | - `GITHUB_REPO_OWNER`: name of repo owner 9 | - `GITHUB_REPO_NAME`: name of repo 10 | - `HEAD`: The name of the branch where your changes are implemented. For cross-repository pull requests in the same network, namespace head with a user like this: username:branch 11 | - `BASE`: The name of the branch you want the changes pulled into. This should be an existing branch on the current repository. You cannot submit a pull request to one repository that requests a merge to a base of another repository. 12 | - `TITLE`: The title of the pull request 13 | 14 | ## Deployment with Codefresh 15 | - Add encrypted environment variables for: 16 | * GITHUB_TOKEN 17 | 18 | - Add "github-pr" step as descibed below 19 | 20 | ```yaml 21 | # codefresh.yml example with github pr step 22 | version: '1.0' 23 | 24 | steps: 25 | build-step: 26 | type: build 27 | image-name: repo/image:tag 28 | 29 | push to registry: 30 | type: push 31 | candidate: ${{build-step}} 32 | tag: ${{CF_BRANCH}} 33 | 34 | github-pr: 35 | image: codefresh/github-pr-plugin 36 | environment: 37 | - GITHUB_REPO_OWNER=${{CF_REPO_OWNER}} 38 | - GITHUB_REPO_NAME=${{CF_REPO_NAME}} 39 | - BASE=master 40 | - HEAD=${{CF_BRANCH}} 41 | - TITLE=Codefresh PR for ${{CF_BRANCH}} 42 | ``` 43 | -------------------------------------------------------------------------------- /plugins/testplugin/plugin.yaml: -------------------------------------------------------------------------------- 1 | image: codefresh/github-pr-plugin 2 | tag: master 3 | version: 0.1.0 4 | description: Creates GitHub pull request 5 | keywords: 6 | - testplugin 7 | 8 | home: https://github.com/codefresh-io/github-pr-plugin 9 | sources: 10 | - https://github.com/codefresh-io/github-pr-plugin 11 | maintainers: # (optional) 12 | - name: Oleg Verhovsky 13 | email: oleg@codefresh.io 14 | icon: https://assets-cdn.github.com/images/modules/logos_page/GitHub-Mark.png 15 | envs: 16 | - name: GITHUB_TOKEN 17 | type: required 18 | description: Token for access to GitHub 19 | - name: GITHUB_REPO_OWNER 20 | type: required 21 | description: Name of repo owner 22 | - name: GITHUB_REPO_NAME 23 | type: required 24 | description: Name of repo 25 | - name: HEAD 26 | type: required 27 | description: The name of the branch where your changes are implemented. For cross-repository pull requests in the same network, namespace head with a user like this - username:branch 28 | - name: BASE 29 | type: required 30 | description: The name of the branch you want the changes pulled into. This should be an existing branch on the current repository. You cannot submit a pull request to one repository that requests a merge to a base of another repository. 31 | - name: TITLE 32 | type: required 33 | description: The title of the pull request 34 | -------------------------------------------------------------------------------- /plugins/testplugin1/README.MD: -------------------------------------------------------------------------------- 1 | # GitHub Pull Request Codefresh Plugin 2 | 3 | Creates a new pull request in GitHub 4 | 5 | ## Environment Variables 6 | 7 | - `GITHUB_TOKEN`: token for access to GitHub 8 | - `GITHUB_REPO_OWNER`: name of repo owner 9 | - `GITHUB_REPO_NAME`: name of repo 10 | - `HEAD`: The name of the branch where your changes are implemented. For cross-repository pull requests in the same network, namespace head with a user like this: username:branch 11 | - `BASE`: The name of the branch you want the changes pulled into. This should be an existing branch on the current repository. You cannot submit a pull request to one repository that requests a merge to a base of another repository. 12 | - `TITLE`: The title of the pull request 13 | 14 | ## Deployment with Codefresh 15 | - Add encrypted environment variables for: 16 | * GITHUB_TOKEN 17 | 18 | - Add "github-pr" step as descibed below 19 | 20 | ```yaml 21 | # codefresh.yml example with github pr step 22 | version: '1.0' 23 | 24 | steps: 25 | build-step: 26 | type: build 27 | image-name: repo/image:tag 28 | 29 | push to registry: 30 | type: push 31 | candidate: ${{build-step}} 32 | tag: ${{CF_BRANCH}} 33 | 34 | github-pr: 35 | image: codefresh/github-pr-plugin 36 | environment: 37 | - GITHUB_REPO_OWNER=${{CF_REPO_OWNER}} 38 | - GITHUB_REPO_NAME=${{CF_REPO_NAME}} 39 | - BASE=master 40 | - HEAD=${{CF_BRANCH}} 41 | - TITLE=Codefresh PR for ${{CF_BRANCH}} 42 | ``` 43 | -------------------------------------------------------------------------------- /plugins/testplugin1/plugin.yaml: -------------------------------------------------------------------------------- 1 | image: codefresh/github-pr-plugin 2 | tag: master 3 | version: 0.1.0 4 | description: test plugin1! 5 | keywords: 6 | - testplugin1 7 | 8 | 9 | home: https://github.com/codefresh-io/github-pr-plugin 10 | sources: 11 | - https://github.com/codefresh-io/github-pr-plugin 12 | maintainers: # (optional) 13 | - name: Oleg Verhovsky 14 | email: oleg@codefresh.io 15 | icon: https://assets-cdn.github.com/images/modules/logos_page/GitHub-Mark.png 16 | envs: 17 | - name: GITHUB_TOKEN 18 | type: required 19 | description: Token for access to GitHub 20 | - name: GITHUB_REPO_OWNER 21 | type: required 22 | description: Name of repo owner 23 | - name: GITHUB_REPO_NAME 24 | type: required 25 | description: Name of repo 26 | - name: HEAD 27 | type: required 28 | description: The name of the branch where your changes are implemented. For cross-repository pull requests in the same network, namespace head with a user like this - username:branch 29 | - name: BASE 30 | type: required 31 | description: The name of the branch you want the changes pulled into. This should be an existing branch on the current repository. You cannot submit a pull request to one repository that requests a merge to a base of another repository. 32 | - name: TITLE 33 | type: required 34 | description: The title of the pull request 35 | -------------------------------------------------------------------------------- /plugins/twilio/README.md: -------------------------------------------------------------------------------- 1 | # Codefresh plugin for send SMS notification 2 | 3 | Codefresh plugin for send SMS notification via Twilio 4 | 5 | [![Codefresh build status]( https://g.codefresh.io/api/badges/pipeline/codefresh-inc/codefresh-io%2Ftwillio-plugin%2Ftwillio-plugin?branch=master&key=eyJhbGciOiJIUzI1NiJ9.NTY3MmQ4ZGViNjcyNGI2ZTM1OWFkZjYy.AN2wExsAsq7FseTbVxxWls8muNx_bBUnQWQVS8IgDTI&type=cf-2)]( https://g.codefresh.io/pipelines/twillio-plugin/builds?repoOwner=codefresh-io&repoName=twillio-plugin&serviceName=codefresh-io%2Ftwillio-plugin&filter=trigger:build~Build;branch:master;pipeline:5c1a73926ecec326b46fca2b~twillio-plugin) 6 | 7 | ## Main env variables 8 | - `TWILIO_SID` - Your account SID from Twilio console 9 | - `TWILIO_TOKEN` - Your API Auth Token from Twilio console 10 | - `TWILIO_PHONE_FROM` - Phone number from which messages will be sent 11 | - `TWILIO_PHONE_TO` - Phone number to which messages will be sent 12 | - `TWILIO_TYPE` - Type of your message [build - send info about your build via Codefresh, default - Send message with statc text] 13 | 14 | For **message** type you must provide `TWILIO_MESSAGE` env 15 | 16 | ## Config for codefresh.yml 17 | ``` 18 | version: '1.0' 19 | ... 20 | steps: 21 | ... 22 | TestSMS: 23 | title: Test SMS 24 | image: codefresh/twilioplugin:latest 25 | ... 26 | ... 27 | ``` 28 | -------------------------------------------------------------------------------- /plugins/twilio/plugin.yaml: -------------------------------------------------------------------------------- 1 | image: codefresh/twilioplugin 2 | version: latest 3 | description: Send SMS message via Twilio 4 | keywords: 5 | - sms 6 | - twilio 7 | home: https://github.com/codefresh-io/twillio-plugin 8 | sources: 9 | - https://github.com/codefresh-io/twillio-plugin 10 | maintainers: 11 | - name: Pavel Kostohrys 12 | email: pavel@codefresh.io 13 | icon: https://cdn.iconscout.com/icon/free/png-256/twilio-1-285957.png 14 | envs: 15 | - name: TWILIO_SID 16 | type: required 17 | description: Your account SID from Twilio console 18 | - name: TWILIO_TOKEN 19 | type: required 20 | description: Your API Auth Token from Twilio console 21 | - name: TWILIO_PHONE_FROM 22 | type: required 23 | description: Phone number from which messages will be sent 24 | - name: TWILIO_PHONE_TO 25 | type: required 26 | description: Phone number to which messages will be sent 27 | - name: TWILIO_TYPE 28 | description: Type of your message [build - send info about your build via Codefresh, default - Send message with statc text] 29 | - name: TWILIO_MESSAGE 30 | description: Required in default mode, text for message 31 | -------------------------------------------------------------------------------- /plugins/twistlock-scan/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:xenial 2 | 3 | ENV LANG C.UTF-8 4 | 5 | RUN { \ 6 | echo '#!/bin/sh'; \ 7 | echo 'set -e'; \ 8 | echo; \ 9 | echo 'dirname "$(dirname "$(readlink -f "$(which javac || which java)")")"'; \ 10 | } > /usr/local/bin/docker-java-home && \ 11 | chmod +x /usr/local/bin/docker-java-home 12 | 13 | RUN apt-get update && apt-get install -y --no-install-recommends \ 14 | bzip2 \ 15 | unzip \ 16 | xz-utils \ 17 | apt-transport-https \ 18 | ca-certificates \ 19 | curl \ 20 | software-properties-common \ 21 | python3-openssl && \ 22 | curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - && \ 23 | add-apt-repository \ 24 | "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ 25 | $(lsb_release -cs) \ 26 | stable" && \ 27 | apt-get update && apt-get install -y --no-install-recommends \ 28 | docker-ce=17.09.0~ce-0~ubuntu && \ 29 | apt-get install -y \ 30 | openjdk-8-jre \ 31 | ; \ 32 | rm -rf /var/lib/apt/lists/*; \ 33 | \ 34 | [ "$JAVA_HOME" = "$(docker-java-home)" ]; \ 35 | \ 36 | update-alternatives --get-selections | awk -v home="$JAVA_HOME" 'index($3, home) == 1 { $2 = "manual"; print | "update-alternatives --set-selections" }'; \ 37 | update-alternatives --query java | grep -q 'Status: manual' && \ 38 | mkdir /packages && \ 39 | curl -o /packages/twistcli https://cdn.twistlock.com/support/twistcli && \ 40 | curl -o /packages/nexus-iq-cli-1.38.0-02.jar https://download.sonatype.com/clm/scanner/nexus-iq-cli-1.38.0-02.jar 41 | 42 | COPY scripts /scripts 43 | 44 | RUN chmod +x -R /packages 45 | RUN chmod +x -R /scripts 46 | 47 | WORKDIR /scripts 48 | 49 | ENTRYPOINT ["/usr/bin/python3"] 50 | CMD [""] 51 | -------------------------------------------------------------------------------- /plugins/twistlock-scan/LICENSE.md: -------------------------------------------------------------------------------- 1 | © 2017 Steelcase Inc. 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 4 | 5 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 6 | 7 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -------------------------------------------------------------------------------- /plugins/twistlock-scan/README.md: -------------------------------------------------------------------------------- 1 | # Security Scanning Tools [![Codefresh build status]( https://g.codefresh.io/api/badges/build?repoOwner=SC-TechDev&repoName=docker-security-scanner&branch=master&pipelineName=docker-security-scanner&accountName=sctechdevservice&type=cf-1)]( https://g.codefresh.io/repositories/SC-TechDev/docker-security-scanner/builds?filter=trigger:build;branch:master;service:59e62c5410e3d100019e7f3d~docker-security-scanner) 2 | 3 | Docker image which invokes security script using TwistCLI (Nexus coming soon) 4 | 5 | ### Prerequisites: 6 | 7 | Codefresh Subscription (Dedicated Infrastructure) - https://codefresh.io/ 8 | 9 | Twistlock Subscription - https://www.twistlock.com/ 10 | 11 | ### Documentation: 12 | 13 | Twistlock CLI: https://twistlock.desk.com/customer/en/portal/articles/2875595-twistcli?b_id=16619 14 | 15 | Nexus IQ CLI: TBD 16 | 17 | ## Script Library 18 | 19 | ### twistlock.py 20 | 21 | Executes TwistCLI to scan Docker image given. 22 | 23 | ### options 24 | 25 | To use an ENVIRONMENT VARIABLE you need to add the variables to your Codefresh Pipeline and also to your codefresh.yaml. 26 | 27 | 28 | Example `codefresh.yml` build is below with required ENVIRONMENT VARIABLES in place. 29 | 30 | 31 | | ENVIRONMENT VARIABLE | SCRIPT ARGUMENT | DEFAULT | TYPE | REQUIRED | DESCRIPTION | 32 | |----------------------------|--------------------------------------|----------|---------|----------|---------------------------------------------------------------------------------------------------------------------------------| 33 | | CF_METADATA | [ -c, --cf_metadata ] | null | boolean | No | In combination with TL_UPLOAD stores Twistlock Report URL in TL_REPORT_URL var for Codefresh metadata annotation | 34 | | TL_CONSOLE_HOSTNAME | [ -C, --tl_console_hostname ] | null | string | Yes | hostname/ip | 35 | | TL_CONSOLE_PORT | [ -P, --tl_console_port ] | null | string | Yes | port | 36 | | TL_CONSOLE_USERNAME | [ -U, --tl_console_username ] | null | string | Yes | username | 37 | | TL_CONSOLE_PASSWORD | [ -X, --tl_console_password ] | null | string | Yes | password | 38 | | TL_ONLY | [ -Z, --tl_only ] | null | boolean | Yes | Twistlock Console Only (Required for now Nexus TBD) | 39 | | TL_TLS_ENABLED | [ -T, --tl_tls_enabled ] | null | boolean | No | enable TLS | 40 | | TL_HASH | [ -H, --tl_hash ] | [ sha1 ] | string | No | [ md5, sha1, sha256 ] hashing algorithm | 41 | | TL_UPLOAD | [ -R, --tl_upload ] | null | boolean | No | ( ignores all options below if set and only returns report url ) uploads report to Twistlock to be used later via Twistlock API | 42 | | TL_DETAILS | [ -D, --tl_details ] | null | boolean | No | prints an itemized list of each vulnerability found by the scanner | 43 | | TL_ONLY_FIXED | [ -O, --tl_only_fixed ] | null | boolean | No | reports just the vulnerabilites that have fixes available | 44 | | TL_COMPLIANCE_THRESHOLD | [ -M, --tl_compliance_threshold ] | null | string | No | [ low, medium, high ] sets the the minimal severity compliance issue that returns a fail exit code | 45 | | TL_VULNERABILITY_THRESHOLD | [ -V, --tl_vulnerability_threshold ] | null | string | No | [ low, medium, high, critical ] sets the minimal severity vulnerability that returns a fail exit code | 46 | 47 | ### codefresh.yml 48 | 49 | Codefresh Build Step to execute Twistlock scan. 50 | All `${{var}}` variables must be put into Codefresh Build Parameters 51 | codefresh.yml 52 | ```console 53 | buildimage: 54 | type: build 55 | title: Build Runtime Image 56 | dockerfile: Dockerfile 57 | image_name: # Image you're building/scanning [repository/image] 58 | tag: latest-cf-build-candidate 59 | 60 | nexus_iq_scan_build_stage: 61 | type: composition 62 | composition: 63 | version: '2' 64 | services: 65 | imagebuild: 66 | image: ${{buildimage}} 67 | command: sh -c "exit 0" 68 | labels: 69 | build.image.id: ${{CF_BUILD_ID}} 70 | composition_candidates: 71 | scan_service: 72 | image: sctechdev/docker-security-scanner 73 | environment: 74 | - TL_CONSOLE_HOSTNAME=${{TL_CONSOLE_HOSTNAME}} 75 | - TL_CONSOLE_PORT=${{TL_CONSOLE_PORT}} 76 | - TL_CONSOLE_USERNAME=${{TL_CONSOLE_USERNAME}} 77 | - TL_CONSOLE_PASSWORD=${{TL_CONSOLE_PASSWORD}} 78 | - TL_ONLY=${{TL_ONLY}} 79 | command: twistlock.py -i "$$(docker inspect $$(docker inspect $$(docker ps -aqf label=build.image.id=${{CF_BUILD_ID}}) -f {{.Config.Image}}) -f {{.Id}} | sed 's/sha256://g')" 80 | depends_on: 81 | - imagebuild 82 | volumes: 83 | - /var/run/docker.sock:/var/run/docker.sock 84 | - /var/lib/docker:/var/lib/docker 85 | # Everything below this line is Optional for CF_METADATA 86 | - '${{CF_VOLUME_NAME}}:/codefresh/volume' 87 | add_flow_volume_to_composition: true 88 | 89 | export: 90 | title: "Exporting variables..." 91 | image: alpine 92 | commands: 93 | - echo "Exporting variables..." 94 | 95 | set_metadata: 96 | title: "Setting metadata on image..." 97 | image: alpine 98 | commands: 99 | - echo "Setting metadata on image..." 100 | on_finish: 101 | metadata: 102 | set: 103 | - '${{build_step.imageId}}': 104 | - TwistlockSecurityReport: ${{TL_REPORT_URL}} 105 | ``` -------------------------------------------------------------------------------- /plugins/twistlock-scan/codefresh.yml: -------------------------------------------------------------------------------- 1 | version: '1.0' 2 | 3 | steps: 4 | 5 | buildimage: 6 | type: build 7 | description: image build step 8 | dockerfile: Dockerfile 9 | image_name: sctechdev/docker-security-scanner 10 | tag: latest-cf-build-candidate 11 | 12 | push_image: 13 | type: push 14 | candidate: ${{buildimage}} 15 | tag: latest 16 | when: 17 | branch: 18 | only: 19 | - master 20 | push_image1: 21 | type: push 22 | candidate: ${{buildimage}} 23 | tag: ${{CF_BRANCH_TAG_NORMALIZED}}-${{CF_SHORT_REVISION}} 24 | 25 | push_image_nexus_latest: 26 | title: Push to Nexus Repo (latest) 27 | type: push 28 | candidate: ${{buildimage}} 29 | tag: latest 30 | registry: sonatype-docker-internal 31 | when: 32 | branch: 33 | only: 34 | - master 35 | 36 | push_image_neuxs_gitbranch_gitsha: 37 | title: Push to Nexus Repo (gitbranch + gitsha) 38 | type: push 39 | candidate: ${{buildimage}} 40 | tag: ${{CF_BRANCH_TAG_NORMALIZED}}-${{CF_SHORT_REVISION}} 41 | registry: sonatype-docker-internal 42 | -------------------------------------------------------------------------------- /plugins/twistlock-scan/example.yaml: -------------------------------------------------------------------------------- 1 | nexus_iq_scan_build_stage: 2 | type: composition 3 | composition: 4 | version: '2' 5 | services: 6 | imagebuild: 7 | image: ${{buildimage}} 8 | command: sh -c "exit 0" 9 | labels: 10 | build.image.id: ${{CF_BUILD_ID}} 11 | composition_candidates: 12 | scan_service: 13 | image: sctechdev/docker-security-scanner 14 | environment: 15 | - TL_CONSOLE_HOSTNAME=${{TL_CONSOLE_HOSTNAME}} 16 | - TL_CONSOLE_PORT=${{TL_CONSOLE_PORT}} 17 | - TL_CONSOLE_USERNAME=${{TL_CONSOLE_USERNAME}} 18 | - TL_CONSOLE_PASSWORD=${{TL_CONSOLE_PASSWORD}} 19 | - TL_ONLY=${{TL_ONLY}} 20 | command: twistlock.py -i "$$(docker inspect $$(docker inspect $$(docker ps -aqf label=build.image.id=${{CF_BUILD_ID}}) -f {{.Config.Image}}) -f {{.Id}} | sed 's/sha256://g')" 21 | depends_on: 22 | - imagebuild 23 | volumes: 24 | - /var/run/docker.sock:/var/run/docker.sock 25 | - /var/lib/docker:/var/lib/docker 26 | # Everything below this line is Optional for CF_METADATA 27 | - '${{CF_VOLUME_NAME}}:/codefresh/volume' 28 | add_flow_volume_to_composition: true 29 | -------------------------------------------------------------------------------- /plugins/twistlock-scan/plugin.yaml: -------------------------------------------------------------------------------- 1 | image: docker.io/sctechdev/docker-security-scanner 2 | tag: master-c81e6d4 3 | version: 2.2 4 | description: Execute Twistlock image scan as build step 5 | keywords: 6 | - Twistlock 2.2 7 | home: https://hub.docker.com/r/sctechdev/docker-security-scanner/ 8 | sources: 9 | - https://github.com/SC-TechDev/docker-security-scanner 10 | maintainers: 11 | - name: Dustin Van Buskirk 12 | email: dev@vanbuskirk.me 13 | - name: Varun Tagore 14 | email: rondevops@gmail.com 15 | icon: A URL to an SVG or PNG image to be used as an icon (optional) 16 | envs: 17 | - name: CF_METADATA 18 | type: required 19 | description: Boolean; combination with TL_UPLOAD stores Twistlock Report URL in TL_REPORT_URL var for Codefresh metadata annotation 20 | - name: TL_CONSOLE_HOSTNAME 21 | type: required 22 | description: Hostname or IP of Twistlock Console 23 | - name: TL_CONSOLE_PORT 24 | type: required 25 | description: Port of Twistlock Console 26 | - name: TL_CONSOLE_USERNAME 27 | type: required 28 | description: Username of Twistlock Console 29 | - name: TL_CONSOLE_PASSWORD 30 | type: required 31 | description: Password of Twistlock Console User 32 | - name: TL_ONLY 33 | type: required 34 | description: Twistlock Console Scan Only (No Nexus) 35 | - name: TL_TLS_ENABLED 36 | type: optional 37 | description: Boolean; Enable TLS connection to Twistlock Console 38 | - name: TL_HASH 39 | type: optional 40 | description: Hashing Algorithm to use 41 | - name: TL_UPLOAD 42 | type: optional 43 | description: Upload report to Twistlock Console and return URL (Overrides all other options only returns URL) 44 | - name: TL_DETAILS 45 | type: optional 46 | description: Prints an itemized list of each vulnerability found by the scanner 47 | - name: TL_ONLY_FIXED 48 | type: optional 49 | description: reports just the vulnerabilites that have fixes available 50 | - name: TL_COMPLIANCE_THRESHOLD 51 | type: optional 52 | description: [ low, medium, high ] sets the the minimal severity compliance issue that returns a fail exit code 53 | - name: TL_VULNERABILITY_THRESHOLD 54 | type: optional 55 | description: [ low, medium, high, critical ] sets the minimal severity vulnerability that returns a fail exit code 56 | volumes: 57 | - name: /var/run/docker.sock:/var/run/docker.sock 58 | required: true 59 | description: Docker socket for DIND 60 | - name: /var/lib/docker:/var/lib/docker 61 | required: true 62 | description: Docker lib access for DIND 63 | - name: '${{CF_VOLUME_NAME}}:/codefresh/volume' 64 | required: false 65 | description: Volume required if setting Docker image metadata using Codefresh -------------------------------------------------------------------------------- /plugins/twistlock-scan/scripts/twistlock.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import subprocess 3 | import time 4 | import os 5 | import getopt 6 | import ssl 7 | import re 8 | 9 | def main(argv): 10 | try: 11 | st_scanner_jar = '/packages/nexus-iq-cli-1.38.0-02.jar' 12 | tl_scanner_exec = '/packages/twistcli' 13 | cf_metadata = os.environ.get('CF_METADATA') 14 | docker_image_id = os.environ.get('DOCKER_IMAGE_ID') 15 | st_application_id = os.environ.get('NEXUS_IQ_APPLICATION_ID') 16 | st_url = os.environ.get('NEXUS_IQ_URL') 17 | st_username = os.environ.get('NEXUS_IQ_USERNAME') 18 | st_password = os.environ.get('NEXUS_IQ_PASSWORD') 19 | st_stage = os.environ.get('NEXUS_IQ_STAGE', 'Build') 20 | tl_console_hostname = os.environ.get('TL_CONSOLE_HOSTNAME') 21 | tl_console_port = os.environ.get('TL_CONSOLE_PORT') 22 | tl_console_username = os.environ.get('TL_CONSOLE_USERNAME') 23 | tl_console_password = os.environ.get('TL_CONSOLE_PASSWORD') 24 | tl_only = os.environ.get('TL_ONLY') 25 | tl_tls_enabled = os.environ.get('TL_TLS_ENABLED') 26 | tl_hash = os.environ.get('TL_HASH', 'sha1') 27 | tl_include_package_files = os.environ.get('TL_INCLUDE_PACKAGE_FILES') 28 | tl_upload = os.environ.get('TL_UPLOAD') 29 | tl_details = os.environ.get('TL_DETAILS') 30 | tl_only_fixed = os.environ.get('TL_ONLY_FIXED') 31 | tl_compliance_threshold = os.environ.get('TL_COMPLIANCE_THRESHOLD') 32 | tl_vulnerability_threshold = os.environ.get('TL_VULNERABILITY_THRESHOLD') 33 | java_home = os.environ.get('JAVA_HOME', '/usr/lib/jvm/java-8-openjdk-amd64') 34 | java_keystore_password = os.environ.get('JAVA_KEYSTORE_PASSWORD', 'changeit') 35 | opts, args = getopt.getopt(argv,"h:c:i:a:j:u:p:s:t:E:C:P:U:X:Z:J:K:T:H:F:R:D:O:M:V:", 36 | ["help", "docker_image_id=", "cf_metadata", "st_application_id=", "st_scanner_jar=", "st_url=", "st_username=", "st_password=", "st_stage=", 37 | "tl_scanner_exec=", "tl_console_hostname", "tl_console_port", "tl_console_username=", "tl_console_password=", "tl_only", 38 | "tl_tls_enabled", "tl_hash", "tl_include_package_files", "tl_upload", "tl_details", "tl_only_fixed", "tl_compliance_threshold", 39 | "tl_vulnerability_threshold", "java_home=", "java_keystore_password" 40 | ] 41 | ) 42 | except getopt.GetoptError: 43 | print('Unrecognized Argument! See arguments list using -h or --help. Ex. twistlock.py --help') 44 | sys.exit(2) 45 | for opt, arg in opts: 46 | if opt == ("h","--help"): 47 | print('twistlock.py --arg value or twistlock.py -a value') 48 | print('-c --cf_metadata - Adds scanner info to Docker image metadata for Codefresh builds') 49 | print('-i --docker_image_id [DOCKER_IMAGE_ID] - Docker Image ID short or long IDs accepted') 50 | print('-a --st_application_id [NEXUS_IQ_APPLICATION_ID] - Applications ID in Nexus IQ') 51 | print('-j --st_scanner_jar - Location of nexus-iq-cli*.jar file') 52 | print('-u --st_username [NEXUS_IQ_USERNAME] - Nexus IQ Username') 53 | print('-p --st_password [NEXUS_IQ_PASSWORD] - Password for Nexus IQ Username') 54 | print('-s --st_url [NEXUS_IQ_URL] - Sonatype URL must be HTTPS with Valid Cert') 55 | print('-t --st_stage [NEXUS_IQ_STAGE] - Sonatype Stage') 56 | print('-E --tl_scanner_exec - Location of twistlock-scanner executable') 57 | print('-C --tl_console_hostname [TL_CONSOLE_HOSTNAME] - Hostname/IP for Twistlock Console') 58 | print('-P --tl_console_port [TL_CONSOLE_PORT] - Twistock Console port') 59 | print('-U --tl_console_username [TL_CONSOLE_USERNAME] - Twistlock Console Username') 60 | print('-X --tl_console_password [TL_CONSOLE_PASSWORD] - Password for Twistlock Console Username') 61 | print('-Z --tl_only [TL_ONLY] - Run a stand-alone Twistlock scan') 62 | print('-T --tl_tls_enabled [TL_TLS_ENABLED] - Enabled TLS/HTTPS for Twistlock scan') 63 | print('-H --tl_hash [TL_HASH] - Specifies the hashing algorithm. Supported values are md5, sha1, and sha256') 64 | print('-F --tl_include_package_files [TL_INCLUDE_PACKAGE_FILES] - List all packages in the image') 65 | print('-R --tl_upload [TL_UPLOAD] - Whether to upload the scan result') 66 | print('-D --tl_details [TL_DETAILS] - Prints an itemized list of each vulnerability found by the scanner') 67 | print('-O --tl_only_fixed [TL_ONLY_FIXED] - Reports just the vulnerabilities that have fixes available') 68 | print('-M --tl_compliance_threshold [TL_COMPLIANCE_THRESHOLD] - Sets the minimum severity compliance issue that returns a fail exit code') 69 | print('-V --tl_vulnerability_threshold [TL_VULNERABILITY_THRESHOLD] - Sets the minimum severity vulnerability that returns a fail exit code') 70 | print('-J --java_home [JAVA_HOME] - Java Home Directory (no trailing /)') 71 | print('-K --java_keystore_password [JAVA_KEYSTORE_PASSWORD] - Java Keystore Password') 72 | sys.exit() 73 | elif opt in ("-c", "--cf_metadata"): 74 | cf_metadata = arg 75 | elif opt in ("-i", "--docker_image_id"): 76 | docker_image_id = arg 77 | elif opt in ("-a", "--st_application_id"): 78 | st_application_id = arg 79 | elif opt in ("-j", "--st_scanner_jar"): 80 | st_scanner_jar = arg 81 | elif opt in ("-s", "--st_url"): 82 | st_url = arg 83 | elif opt in ("-u", "--st_username"): 84 | st_username = arg 85 | elif opt in ("-p", "--st_password"): 86 | st_password = arg 87 | elif opt in ("-t", "--st_stage"): 88 | st_stage = arg 89 | elif opt in ("-E", "--tl_scanner_exec"): 90 | tl_scanner_exec = arg 91 | elif opt in ("-C", "--tl_console_hostname"): 92 | tl_console_hostname = arg 93 | elif opt in ('-P', "--tl_console_port"): 94 | tl_console_port = arg 95 | elif opt in ("-U", "--tl_console_username"): 96 | tl_console_username = arg 97 | elif opt in ('-X', "--tl_console_password"): 98 | tl_console_password = arg 99 | elif opt in ('-Z', "--tl_only"): 100 | tl_only = arg 101 | elif opt in ('-T', "--tl_tls_enabled"): 102 | tl_tls_enabled = arg 103 | elif opt in ('-H', "--tl_hash"): 104 | tl_hash = arg 105 | elif opt in ('-F', "--tl_include_package_files"): 106 | tl_include_package_files = arg 107 | elif opt in ('-R', "--tl_upload"): 108 | tl_upload = arg 109 | elif opt in ('-D', "--tl_details"): 110 | tl_details = arg 111 | elif opt in ('-O', "--tl_only_fixed"): 112 | tl_only_fixed = arg 113 | elif opt in ('-M', "--tl_compliance_threshold"): 114 | tl_compliance_threshold = arg 115 | elif opt in ('-V', "--tl_vulnerability_threshold"): 116 | tl_vulnerability_threshold = arg 117 | elif opt in ('-J', "--java_home"): 118 | java_home = arg 119 | elif opt in ('-K', "--java_keystore_password"): 120 | java_keystore_password = arg 121 | 122 | # Determine if TLS is required 123 | if not (tl_only or tl_tls_enable): 124 | # Download and store Twistlock Console site cert 125 | cert = ssl.get_server_certificate((tl_console_hostname, tl_console_port)) 126 | cert, file=open("twistlock.cer", "w") 127 | 128 | # Run stand-alone Twistlock Scan 129 | if tl_only: 130 | 131 | # Determine Protocol 132 | tl_console_protocol = 'https' if tl_tls_enabled else 'http' 133 | 134 | # Base twistcli commnad to scan images 135 | twistcli_base_command = '/packages/twistcli images scan' 136 | 137 | # Required twistcli options to successfully scan image 138 | twistcli_required_options = ("--address '{}://{}:{}' --user '{}' --password '{}' --hash '{}'" 139 | .format(tl_console_protocol, tl_console_hostname, tl_console_port, tl_console_username, tl_console_password, tl_hash)) 140 | 141 | # Optional twistcli options 142 | options = [] 143 | if tl_include_package_files: 144 | options.append("--include-package-files") 145 | if tl_upload: 146 | options.append("--upload") 147 | if tl_details: 148 | options.append("--details") 149 | if tl_compliance_threshold: 150 | options.append("--compliance-threshold '{}'".format(tl_compliance_threshold)) 151 | if tl_vulnerability_threshold: 152 | options.append("--vulnerability-threshold '{}'".format(tl_vulnerability_threshold)) 153 | twistcli_optional_options = ' '.join(options) 154 | 155 | # Concatenate twistcli executable with command 156 | twistcli_exec = ' '.join([twistcli_base_command, twistcli_required_options, twistcli_optional_options, docker_image_id]) 157 | # Execute command but pipe stdout to variable and parse for Twistlock URL 158 | if cf_metadata: 159 | proc = subprocess.Popen(twistcli_exec, shell=True, stdout=subprocess.PIPE) 160 | stdout = proc.communicate()[0].decode('utf-8').strip('\n') 161 | tl_report_url = ''.join(re.findall('http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+', stdout)) 162 | with open('/codefresh/volume/env_vars_to_export', 'a') as f: 163 | print('Twistlock Report: ' + tl_report_url) 164 | f.write('TL_REPORT_URL=' + tl_report_url) 165 | f.close() 166 | # Execute command and send stdout to console 167 | else: 168 | proc = subprocess.Popen(twistcli_exec, shell=True) 169 | stdout, stderr = proc.communicate() 170 | if proc.returncode != 0: 171 | sys.exit(1) 172 | 173 | else: 174 | 175 | # Import site cert into java keystore 176 | command = ['keytool -importcert -noprompt -file twistlock.cer -alias twistlock -storepass {} -keystore {}/jre/lib/security/cacerts' 177 | .format(java_keystore_password, java_home) 178 | ] 179 | proc = subprocess.Popen(command, shell=True) 180 | stdout, stderr = proc.communicate() 181 | 182 | # Start Docker 183 | command = ['for i in {1..5}; do service docker start && break || sleep 15; done'] 184 | proc = subprocess.Popen(command, shell=True) 185 | stdout, stderr = proc.communicate() 186 | 187 | # Run Twistlock Scan and send file to Sonatype 188 | command = ["java -cp {} com.sonatype.insight.scan.cli.TwistlockPolicyEvaluatorCli -i {} -a '{}:{}' -s '{}' --twistlock-scanner-executable {} --twistlock-console-url https://{}:{} --twistlock-console-username {} --twistlock-console-password '{}' --stage '{}' {}" 189 | .format(st_scanner_jar, st_application_id, st_username, st_password, st_url, tl_scanner_exec, tl_console_hostname, tl_console_port, tl_console_username, tl_console_password, st_stage, docker_image_id) 190 | ] 191 | proc = subprocess.Popen(command, shell=True) 192 | stdout, stderr = proc.communicate() 193 | 194 | if __name__ == "__main__": 195 | main(sys.argv[1:]) -------------------------------------------------------------------------------- /plugins/vault/README.md: -------------------------------------------------------------------------------- 1 | # cf-vault-plugin 2 | 3 | Use Codefresh [Vault](https://www.vaultproject.io) plugin to make key-value pairs stored in a vault available as environment variables for further steps. 4 | 5 | NOTE: this plugin currently supports token authentication and Key/Value secrets engine only. 6 | 7 | 8 | ## Usage 9 | 10 | Set required and optional environment variables and add the following step to your Codefresh pipeline: 11 | 12 | Example Variables: 13 | 14 | The example below will authenticate to vault server `https://vault.testdomain.io:8200` using token `s.4wtaMJuZ7dv0c4XuRaasLUOG` and export all secrets found in path `secret/codefreshsecret` as ENV variables available for further steps. 15 | 16 | ```text 17 | VAULT_ADDR=https://vault.testdomain.io:8200 18 | VAULT_PATH=secret/codefreshsecret 19 | VAULT_AUTH_TOKEN=s.4wtaMJuZ7dv0c4XuRaasLUOG 20 | ``` 21 | 22 | 23 | ```yaml 24 | --- 25 | version: '1.0' 26 | 27 | steps: 28 | 29 | ... 30 | 31 | Vault_to_Env: 32 | title: Importing vault values 33 | image: 'codefresh/cf-vault-plugin' 34 | environment: 35 | - VAULT_ADDR=${{VAULT_ADDR}} 36 | - VAULT_PATH=${{VAULT_PATH}} 37 | - VAULT_AUTH_TOKEN=${{VAULT_AUTH_TOKEN}} 38 | 39 | ... 40 | 41 | ``` 42 | 43 | ## Environment Variables 44 | 45 | | Variables | Required | Default | Description | 46 | |----------------|----------|---------|-----------------------------------------------------------------------------------------| 47 | | VAULT_ADDR | YES | | Vault server URI | 48 | | VAULT_PATH | YES | | Path to secrets in vault | 49 | | VAULT_AUTH_TOKEN | YES | | Vault authentication token | 50 | | VAULT_CLIENT_CERT_BASE64 | NO | | Base64 encoded client cerificate | 51 | | VAULT_CLIENT_KEY_BASE64 | NO | | Base64 encoded client key 52 | -------------------------------------------------------------------------------- /plugins/vault/example.yaml: -------------------------------------------------------------------------------- 1 | Vault_to_Env: 2 | title: Importing vault values 3 | image: 'codefresh/cf-vault-plugin' 4 | environment: 5 | - VAULT_ADDR=${{VAULT_ADDR}} 6 | - VAULT_PATH=${{VAULT_PATH}} 7 | - VAULT_AUTH_TOKEN=${{VAULT_AUTH_TOKEN}} 8 | 9 | -------------------------------------------------------------------------------- /plugins/vault/logo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codefresh-io/plugins/1b7236d9270736e84b6aa5991008311cf9a0b3a9/plugins/vault/logo.jpg -------------------------------------------------------------------------------- /plugins/vault/plugin.yaml: -------------------------------------------------------------------------------- 1 | title: Vault Plugin 2 | image: codefresh/cf-vault-plugin:latest 3 | description: The plugin exports KV pairs from Hashicorp Vault to Codefresh pipeline ENV variables 4 | category: 5 | - Featured 6 | source: 'https://github.com/codefresh-io/cf-vault-plugin' 7 | logo: 'https://raw.githubusercontent.com/codefresh-io/plugins/new-pipeline/plugins/vault/logo.jpg' 8 | maintainers: 9 | - name: Alexander Aladov 10 | envs: 11 | - name: VAULT_ADDR 12 | description: 'Vault server URI. Example: https://vault.testdomain.io:8200 (required)' 13 | - name: VAULT_PATH 14 | description: 'Path to secrets in vault. Example: secret/codefreshsecret (required)' 15 | - name: VAULT_AUTH_TOKEN 16 | description: 'Vault authentication token (required)' 17 | - name: VAULT_CLIENT_CERT_BASE64 18 | description: 'Base64 encoded client cerificate' 19 | - name: VAULT_CLIENT_KEY_BASE64 20 | description: 'Base64 encoded client key' 21 | -------------------------------------------------------------------------------- /plugins/versioner/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:xenial 2 | 3 | ENV LANG C.UTF-8 4 | 5 | RUN { \ 6 | echo '#!/bin/sh'; \ 7 | echo 'set -e'; \ 8 | echo; \ 9 | echo 'dirname "$(dirname "$(readlink -f "$(which javac || which java)")")"'; \ 10 | } > /usr/local/bin/docker-java-home && \ 11 | chmod +x /usr/local/bin/docker-java-home 12 | 13 | RUN apt-get update && apt-get install -y --no-install-recommends \ 14 | bzip2 \ 15 | unzip \ 16 | xz-utils \ 17 | apt-transport-https \ 18 | ca-certificates \ 19 | curl \ 20 | software-properties-common \ 21 | python3-openssl && \ 22 | curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - && \ 23 | add-apt-repository \ 24 | "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ 25 | $(lsb_release -cs) \ 26 | stable" && \ 27 | apt-get update && apt-get install -y --no-install-recommends \ 28 | docker-ce=17.09.0~ce-0~ubuntu && \ 29 | apt-get install -y \ 30 | openjdk-8-jre \ 31 | ; \ 32 | rm -rf /var/lib/apt/lists/*; \ 33 | \ 34 | [ "$JAVA_HOME" = "$(docker-java-home)" ]; \ 35 | \ 36 | update-alternatives --get-selections | awk -v home="$JAVA_HOME" 'index($3, home) == 1 { $2 = "manual"; print | "update-alternatives --set-selections" }'; \ 37 | update-alternatives --query java | grep -q 'Status: manual' && \ 38 | mkdir /packages && \ 39 | curl -o /packages/twistcli https://cdn.twistlock.com/support/twistcli && \ 40 | curl -o /packages/nexus-iq-cli-1.38.0-02.jar https://download.sonatype.com/clm/scanner/nexus-iq-cli-1.38.0-02.jar 41 | 42 | COPY scripts /scripts 43 | 44 | RUN chmod +x -R /packages 45 | RUN chmod +x -R /scripts 46 | 47 | WORKDIR /scripts 48 | 49 | ENTRYPOINT ["/usr/bin/python3"] 50 | CMD [""] 51 | -------------------------------------------------------------------------------- /plugins/versioner/LICENSE.md: -------------------------------------------------------------------------------- 1 | © 2017 Steelcase Inc. 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 4 | 5 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 6 | 7 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -------------------------------------------------------------------------------- /plugins/versioner/README.md: -------------------------------------------------------------------------------- 1 | # Security Scanning Tools [![Codefresh build status]( https://g.codefresh.io/api/badges/build?repoOwner=SC-TechDev&repoName=docker-security-scanner&branch=master&pipelineName=docker-security-scanner&accountName=sctechdevservice&type=cf-1)]( https://g.codefresh.io/repositories/SC-TechDev/docker-security-scanner/builds?filter=trigger:build;branch:master;service:59e62c5410e3d100019e7f3d~docker-security-scanner) 2 | 3 | Docker image which invokes security script using TwistCLI (Nexus coming soon) 4 | 5 | ### Prerequisites: 6 | 7 | Codefresh Subscription (Dedicated Infrastructure) - https://codefresh.io/ 8 | 9 | Twistlock Subscription - https://www.twistlock.com/ 10 | 11 | ### Documentation: 12 | 13 | Twistlock CLI: https://twistlock.desk.com/customer/en/portal/articles/2875595-twistcli?b_id=16619 14 | 15 | Nexus IQ CLI: TBD 16 | 17 | ## Script Library 18 | 19 | ### twistlock.py 20 | 21 | Executes TwistCLI to scan Docker image given. 22 | 23 | ### options 24 | 25 | To use an ENVIRONMENT VARIABLE you need to add the variables to your Codefresh Pipeline and also to your codefresh.yaml. 26 | 27 | 28 | Example `codefresh.yml` build is below with required ENVIRONMENT VARIABLES in place. 29 | 30 | 31 | | ENVIRONMENT VARIABLE | SCRIPT ARGUMENT | DEFAULT | TYPE | REQUIRED | DESCRIPTION | 32 | |----------------------------|--------------------------------------|----------|---------|----------|---------------------------------------------------------------------------------------------------------------------------------| 33 | | CF_METADATA | [ -c, --cf_metadata ] | null | boolean | No | In combination with TL_UPLOAD stores Twistlock Report URL in TL_REPORT_URL var for Codefresh metadata annotation | 34 | | TL_CONSOLE_HOSTNAME | [ -C, --tl_console_hostname ] | null | string | Yes | hostname/ip | 35 | | TL_CONSOLE_PORT | [ -P, --tl_console_port ] | null | string | Yes | port | 36 | | TL_CONSOLE_USERNAME | [ -U, --tl_console_username ] | null | string | Yes | username | 37 | | TL_CONSOLE_PASSWORD | [ -X, --tl_console_password ] | null | string | Yes | password | 38 | | TL_ONLY | [ -Z, --tl_only ] | null | boolean | Yes | Twistlock Console Only (Required for now Nexus TBD) | 39 | | TL_TLS_ENABLED | [ -T, --tl_tls_enabled ] | null | boolean | No | enable TLS | 40 | | TL_HASH | [ -H, --tl_hash ] | [ sha1 ] | string | No | [ md5, sha1, sha256 ] hashing algorithm | 41 | | TL_UPLOAD | [ -R, --tl_upload ] | null | boolean | No | ( ignores all options below if set and only returns report url ) uploads report to Twistlock to be used later via Twistlock API | 42 | | TL_DETAILS | [ -D, --tl_details ] | null | boolean | No | prints an itemized list of each vulnerability found by the scanner | 43 | | TL_ONLY_FIXED | [ -O, --tl_only_fixed ] | null | boolean | No | reports just the vulnerabilites that have fixes available | 44 | | TL_COMPLIANCE_THRESHOLD | [ -M, --tl_compliance_threshold ] | null | string | No | [ low, medium, high ] sets the the minimal severity compliance issue that returns a fail exit code | 45 | | TL_VULNERABILITY_THRESHOLD | [ -V, --tl_vulnerability_threshold ] | null | string | No | [ low, medium, high, critical ] sets the minimal severity vulnerability that returns a fail exit code | 46 | 47 | ### codefresh.yml 48 | 49 | Codefresh Build Step to execute Twistlock scan. 50 | All `${{var}}` variables must be put into Codefresh Build Parameters 51 | codefresh.yml 52 | ```console 53 | buildimage: 54 | type: build 55 | title: Build Runtime Image 56 | dockerfile: Dockerfile 57 | image_name: # Image you're building/scanning [repository/image] 58 | tag: latest-cf-build-candidate 59 | 60 | nexus_iq_scan_build_stage: 61 | type: composition 62 | composition: 63 | version: '2' 64 | services: 65 | imagebuild: 66 | image: ${{buildimage}} 67 | command: sh -c "exit 0" 68 | labels: 69 | build.image.id: ${{CF_BUILD_ID}} 70 | composition_candidates: 71 | scan_service: 72 | image: sctechdev/docker-security-scanner 73 | environment: 74 | - TL_CONSOLE_HOSTNAME=${{TL_CONSOLE_HOSTNAME}} 75 | - TL_CONSOLE_PORT=${{TL_CONSOLE_PORT}} 76 | - TL_CONSOLE_USERNAME=${{TL_CONSOLE_USERNAME}} 77 | - TL_CONSOLE_PASSWORD=${{TL_CONSOLE_PASSWORD}} 78 | - TL_ONLY=${{TL_ONLY}} 79 | command: twistlock.py -i "$$(docker inspect $$(docker inspect $$(docker ps -aqf label=build.image.id=${{CF_BUILD_ID}}) -f {{.Config.Image}}) -f {{.Id}} | sed 's/sha256://g')" 80 | depends_on: 81 | - imagebuild 82 | volumes: 83 | - /var/run/docker.sock:/var/run/docker.sock 84 | - /var/lib/docker:/var/lib/docker 85 | # Everything below this line is Optional for CF_METADATA 86 | - '${{CF_VOLUME_NAME}}:/codefresh/volume' 87 | add_flow_volume_to_composition: true 88 | 89 | export: 90 | title: "Exporting variables..." 91 | image: alpine 92 | commands: 93 | - echo "Exporting variables..." 94 | 95 | set_metadata: 96 | title: "Setting metadata on image..." 97 | image: alpine 98 | commands: 99 | - echo "Setting metadata on image..." 100 | on_finish: 101 | metadata: 102 | set: 103 | - '${{build_step.imageId}}': 104 | - TwistlockSecurityReport: ${{TL_REPORT_URL}} 105 | ``` -------------------------------------------------------------------------------- /plugins/versioner/codefresh.yml: -------------------------------------------------------------------------------- 1 | version: '1.0' 2 | 3 | steps: 4 | 5 | buildimage: 6 | type: build 7 | description: image build step 8 | dockerfile: Dockerfile 9 | image_name: sctechdev/docker-security-scanner 10 | tag: latest-cf-build-candidate 11 | 12 | push_image: 13 | type: push 14 | candidate: ${{buildimage}} 15 | tag: latest 16 | when: 17 | branch: 18 | only: 19 | - master 20 | push_image1: 21 | type: push 22 | candidate: ${{buildimage}} 23 | tag: ${{CF_BRANCH_TAG_NORMALIZED}}-${{CF_SHORT_REVISION}} 24 | 25 | push_image_nexus_latest: 26 | title: Push to Nexus Repo (latest) 27 | type: push 28 | candidate: ${{buildimage}} 29 | tag: latest 30 | registry: sonatype-docker-internal 31 | when: 32 | branch: 33 | only: 34 | - master 35 | 36 | push_image_neuxs_gitbranch_gitsha: 37 | title: Push to Nexus Repo (gitbranch + gitsha) 38 | type: push 39 | candidate: ${{buildimage}} 40 | tag: ${{CF_BRANCH_TAG_NORMALIZED}}-${{CF_SHORT_REVISION}} 41 | registry: sonatype-docker-internal 42 | -------------------------------------------------------------------------------- /plugins/versioner/plugin.yaml: -------------------------------------------------------------------------------- 1 | title: Versioner 2 | image: docker.io/codefresh/versioner:latest 3 | description: semver versions builder 4 | category: 5 | - Featured 6 | source: https://github.com/codefresh-io/cf-plugin-versioner.git 7 | maintainer: 8 | - name: Oleg Verhovsky 9 | logo:'https://upload.wikimedia.org/wikipedia/en/0/05/Hello_kitty_character_portrait.png' 10 | envs: 11 | - name: CURRENT_VERSION_SOURCE 12 | description : 'action (required)' 13 | - name: MAJOR 14 | - name: MINOR 15 | description: 'Boolean; combination with TL_UPLOAD stores Twistlock Report URL in TL_REPORT_URL var for Codefresh metadata annotation' 16 | - name: PATCH 17 | description: 'Boolean; combination with TL_UPLOAD stores Twistlock Report URL in TL_REPORT_URL var for Codefresh metadata annotation' 18 | - name: BUILD_NUM 19 | description: 'Boolean; combination with TL_UPLOAD stores Twistlock Report URL in TL_REPORT_URL var for Codefresh metadata annotation' 20 | 21 | -------------------------------------------------------------------------------- /submit.json: -------------------------------------------------------------------------------- 1 | [{ "name" : "example", "url": "https://github.com/otomato-gh/cf-plugin-example" }, 2 | { "name" : "github-release", "url": "https://github.com/codefresh-contrib/cfstep-github-release" }, 3 | { "name" : "github-pr", "url" : "https://github.com/codefresh-contrib/github-pr-plugin" }, 4 | { "name" : "anchore", "url": "https://github.com/codefresh-contrib/anchore-plugin" }, 5 | { "name" : "ecs-deploy", "url": "https://github.com/codefresh-contrib/ecs-deploy" }, 6 | { "name" : "import-image", "url": "https://github.com/codefresh-contrib/cf-import-image" }, 7 | { "name" : "kompose", "url": "https://github.com/codefresh-contrib/cf-kompose-plugin" }, 8 | { "name" : "aqua-scan", "url": "https://github.com/codefresh-contrib/cfstep-aqua" }, 9 | { "name" : "makisu", "url": "https://github.com/codefresh-contrib/cfstep-makisu" }, 10 | { "name" : "paclair", "url": "https://github.com/codefresh-contrib/cfstep-paclair" }, 11 | { "name" : "docker-service", "url": "https://github.com/codefresh-contrib/docker-service" }, 12 | { "name" : "gitter-notifier", "url": "https://github.com/codefresh-contrib/gitter-notifier" }, 13 | { "name" : "google-kms", "url": "https://github.com/codefresh-contrib/google-kms" }, 14 | { "name" : "jira-cli", "url": "https://github.com/codefresh-contrib/jira-cli-docker" }, 15 | { "name" : "gke-plugin", "url": "https://github.com/codefresh-contrib/plugin-gke" }, 16 | { "name" : "slack-notifier", "url": "https://github.com/codefresh-contrib/slack-notifier" }, 17 | { "name" : "cf-gitlab-mr-annotate", "url": "https://github.com/codefresh-contrib/cf-gitlab-mr-annotate" }, 18 | { "name" : "cf-vault-plugin", "url": "https://github.com/codefresh-contrib/cf-vault-plugin" }, 19 | { "name" : "k8s-blue-green-deployment", "url": "https://github.com/codefresh-contrib/k8s-blue-green-deployment" }, 20 | { "name" : "telegram-notifier", "url": "https://github.com/codefresh-contrib/telegram-notifier" }, 21 | { "name" : "send-sms", "url": "https://github.com/codefresh-contrib/send-sms" }, 22 | { "name" : "azure-build-plugin", "url": "https://github.com/codefresh-contrib/azure-build-plugin" }, 23 | { "name" : "cf-deploy-dcos", "url": "https://github.com/codefresh-contrib/cf-deploy-dcos" }, 24 | { "name" : "cf-run-jenkins-jobs", "url": "https://github.com/codefresh-contrib/cf-run-jenkins-jobs" }, 25 | { "name" : "cfstep-gitclonerssh", "url": "https://github.com/codefresh-contrib/cfstep-gitclonerssh" }, 26 | { "name" : "cfstep-gitsubmodules", "url": "https://github.com/codefresh-contrib/cfstep-gitsubmodules" }, 27 | { "name" : "sendgridplugin", "url": "https://github.com/codefresh-contrib/sendgridplugin" }] 28 | -------------------------------------------------------------------------------- /tools/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM node:alpine 2 | WORKDIR /src 3 | COPY ./package.json /src 4 | RUN npm install 5 | COPY . /src 6 | 7 | CMD ["node", "/src/index.js"] -------------------------------------------------------------------------------- /tools/index.js: -------------------------------------------------------------------------------- 1 | 2 | 3 | //list folders 4 | //build catalog 5 | 6 | const { lstatSync, readdirSync } = require('fs') 7 | const { basename, join } = require('path') 8 | const kefir = require('kefir'); 9 | const _ = require('lodash'); 10 | const YAML = require('yamljs'); 11 | const Mustache = require('mustache'); 12 | const fs = require('fs'); 13 | const debug = require('debug'); 14 | 15 | const pluginsDir = process.env.PLUGINS || "../plugins" 16 | debug(`plugins path is ${pluginsDir}`); 17 | const isDirectory = source => lstatSync(source).isDirectory() 18 | const getDirectories = source => 19 | readdirSync(source) 20 | .map(name => join(source, name)).filter(isDirectory); 21 | const getContent = source => 22 | readdirSync(source) 23 | .map(name => join(source, name)) 24 | 25 | const validatePlugin = (p)=>{return p;} 26 | const catalog = "dynamic-catalog.md"; 27 | let plugins = kefir.sequentially(0, getDirectories(pluginsDir)).map(validatePlugin) 28 | 29 | 30 | const createMD = (template , data)=>{ 31 | Mustache.parse(template); // optional, speeds up future uses 32 | data.date = new Date(); 33 | var rendered = Mustache.render(template, data); 34 | return rendered; 35 | } 36 | 37 | let pluginData = plugins.flatMap((plugin)=>{ 38 | let yaml = _.chain(getContent(plugin)).map((f)=>{ 39 | 40 | return f; 41 | }).thru((f)=>{ 42 | return f; 43 | }).filter((file)=> 44 | (basename(file) === "plugin.yaml")) 45 | .first().value(); 46 | let pluginMeta; 47 | try{ 48 | pluginMeta = YAML.load(yaml) 49 | }catch(e){ 50 | return kefir.constantError(e) 51 | } 52 | return (_.isUndefined(yaml)) ? kefir.never() : kefir.constant(pluginMeta) 53 | 54 | }).ignoreErrors().scan((plugins , p)=>{ 55 | plugins.push(p); 56 | return plugins; 57 | }, []).spy().last() 58 | 59 | let template = kefir.fromNodeCallback(_.partial(fs.readFile, "template.md")) 60 | .map((f)=>new Buffer(f).toString()).spy(); 61 | 62 | 63 | kefir.concat([template, pluginData]).scan((prev, next)=>{ 64 | prev.push(next); 65 | return prev; 66 | }, []).last().spy('->').map((data)=>{ 67 | let t = _.first(data); 68 | let plugins = _.last(data); 69 | // plugins = {"plugins": [{image:"1"}, {"image":"2"}]} 70 | return createMD(t, {plugins}); 71 | }).flatMap((data)=>{ 72 | return kefir.fromNodeCallback( 73 | _.partial(fs.writeFile, catalog, data) 74 | ) 75 | }).log(); 76 | 77 | -------------------------------------------------------------------------------- /tools/package-lock.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "catalog-creator", 3 | "version": "1.0.0", 4 | "lockfileVersion": 1, 5 | "dependencies": { 6 | "argparse": { 7 | "version": "1.0.10", 8 | "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", 9 | "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==" 10 | }, 11 | "balanced-match": { 12 | "version": "1.0.0", 13 | "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz", 14 | "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c=" 15 | }, 16 | "brace-expansion": { 17 | "version": "1.1.11", 18 | "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", 19 | "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==" 20 | }, 21 | "concat-map": { 22 | "version": "0.0.1", 23 | "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", 24 | "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=" 25 | }, 26 | "debug": { 27 | "version": "4.1.0", 28 | "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.0.tgz", 29 | "integrity": "sha512-heNPJUJIqC+xB6ayLAMHaIrmN9HKa7aQO8MGqKpvCA+uJYVcvR6l5kgdrhRuwPFHU7P5/A1w0BjByPHwpfTDKg==" 30 | }, 31 | "fs.realpath": { 32 | "version": "1.0.0", 33 | "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", 34 | "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=" 35 | }, 36 | "glob": { 37 | "version": "7.1.3", 38 | "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.3.tgz", 39 | "integrity": "sha512-vcfuiIxogLV4DlGBHIUOwI0IbrJ8HWPc4MU7HzviGeNho/UJDfi6B5p3sHeWIQ0KGIU0Jpxi5ZHxemQfLkkAwQ==" 40 | }, 41 | "inflight": { 42 | "version": "1.0.6", 43 | "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", 44 | "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=" 45 | }, 46 | "inherits": { 47 | "version": "2.0.3", 48 | "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz", 49 | "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=" 50 | }, 51 | "kefir": { 52 | "version": "3.8.5", 53 | "resolved": "https://registry.npmjs.org/kefir/-/kefir-3.8.5.tgz", 54 | "integrity": "sha512-u4UxHyIvdOOM62Y/yAtYPeYEg/yUfwl5/QF3ksrTRxEdhpa7LAFChntZxVqbcf0gCGblZzL/JnV/gZYWOps3Qw==" 55 | }, 56 | "lodash": { 57 | "version": "4.17.11", 58 | "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz", 59 | "integrity": "sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg==" 60 | }, 61 | "minimatch": { 62 | "version": "3.0.4", 63 | "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz", 64 | "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==" 65 | }, 66 | "ms": { 67 | "version": "2.1.1", 68 | "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz", 69 | "integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg==" 70 | }, 71 | "mustache": { 72 | "version": "3.0.1", 73 | "resolved": "https://registry.npmjs.org/mustache/-/mustache-3.0.1.tgz", 74 | "integrity": "sha512-jFI/4UVRsRYdUbuDTKT7KzfOp7FiD5WzYmmwNwXyUVypC0xjoTL78Fqc0jHUPIvvGD+6DQSPHIt1NE7D1ArsqA==" 75 | }, 76 | "once": { 77 | "version": "1.4.0", 78 | "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", 79 | "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=" 80 | }, 81 | "path-is-absolute": { 82 | "version": "1.0.1", 83 | "resolved": "http://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", 84 | "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=" 85 | }, 86 | "sprintf-js": { 87 | "version": "1.0.3", 88 | "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", 89 | "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=" 90 | }, 91 | "symbol-observable": { 92 | "version": "1.0.4", 93 | "resolved": "https://registry.npmjs.org/symbol-observable/-/symbol-observable-1.0.4.tgz", 94 | "integrity": "sha1-Kb9hXUqnEhvdiYsi1LP5vE4qoD0=" 95 | }, 96 | "wrappy": { 97 | "version": "1.0.2", 98 | "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", 99 | "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=" 100 | }, 101 | "yamljs": { 102 | "version": "0.3.0", 103 | "resolved": "https://registry.npmjs.org/yamljs/-/yamljs-0.3.0.tgz", 104 | "integrity": "sha512-C/FsVVhht4iPQYXOInoxUM/1ELSf9EsgKH34FofQOp6hwCPrW4vG4w5++TED3xRUo8gD7l0P1J1dLlDYzODsTQ==" 105 | } 106 | } 107 | } 108 | -------------------------------------------------------------------------------- /tools/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "catalog-creator", 3 | "version": "1.0.0", 4 | "description": "", 5 | "main": "index.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1" 8 | }, 9 | "author": "", 10 | "license": "ISC", 11 | "dependencies": { 12 | "debug": "^4.1.0", 13 | "kefir": "^3.8.5", 14 | "lodash": "^4.17.11", 15 | "mustache": "^3.0.1", 16 | "yamljs": "^0.3.0" 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /tools/t.yaml: -------------------------------------------------------------------------------- 1 | version: ‘1.0’ 2 | 3 | steps: 4 | 5 | BuildingDockerImage: 6 | title: Building Docker Image 7 | type: build 8 | image_name: EXAMPLEUSER/EXAMPLEREPO 9 | working_directory: ./ 10 | dockerfile: Dockerfile 11 | tag: ‘${{CF_BRANCH_TAG_NORMALIZED}}’ 12 | metadata: 13 | set: 14 | - commit_url: ‘${{CF_COMMIT_URL}}’ 15 | - note: ‘example note’ -------------------------------------------------------------------------------- /tools/template.md: -------------------------------------------------------------------------------- 1 | # **Catalog** 2 | ** {{date}}** 3 | 4 | # ?? 5 | | Plugin Name | Description | source | Tags | 6 | | ------------- |:-------------:| -----:|----:| 7 | {{#plugins}} 8 | | {{image}} | {{description}} | {{#sources}}{{.}}{{/sources}} | {{#keywords}} **`{{.}}`** {{/keywords}}| 9 | {{/plugins}} 10 | 11 | -------------------------------------------------------------------------------- /version: -------------------------------------------------------------------------------- 1 | 1.0.0 2 | --------------------------------------------------------------------------------