Add basic CircleCI config #34
Conversation
|
I'm not seeing CI fire yet; I'm guessing this is because the Webhooks are not set up for this repo? Marked as draft for this reason. |
.circleci/config.yml
Outdated
| jobs: | ||
| verify: | ||
| docker: | ||
| - image: circleci:python/3.9 |
There was a problem hiding this comment.
We're not using Python here yet, but given some of the more complex logic described in #21, I'm guessing we may want to start doing so soon. If not, cimg/base:stable could be a reasonable alternative (currently maps to Ubuntu 20.04 and will track LTS).
There was a problem hiding this comment.
Let's use cimg/* images here, since they are circleci's next gen images [1,2]. We have been using cimg:python in some areas of core (freedomofpress/securedrop#5720) and they have proven to be reliable so far.
eloquence
force-pushed
the
add-basic-ci
branch
2 times, most recently
from
88099f9 to
220b478
Compare
|
FYI, I've tested the CI job locally via the CircleCI CLI. |
|
I've enabled CircleCI on this repo, you can see a failing build here: https://app.circleci.com/pipelines/github/freedomofpress/securedrop-https-everywhere-ruleset/1/workflows/de11bb16-d1f2-4acb-b100-f01b32bd6d84/jobs/1 That's on main, where there is no config yet. A force-push to this branch should wake it up, @eloquence |
Checks that we have a ruleset matching the latest timestamp and, if so, verifies its signature using openssl
eloquence
force-pushed
the
add-basic-ci
branch
from
220b478 to
2e12bd4
Compare
Implementing whatever shellcheck & yamllint complained about, as a rule of thumb.
There was a problem hiding this comment.
Appended a lint-only commit. Test plan checks out, looks great. Thanks, @eloquence!
Checks that we have a ruleset matching the latest timestamp and, if so, verifies its signature using
opensslTowards #21 but does not yet add any content validation.
Test plan
make verifylocallyecho $?) and "Verified OK" outputmake verifydefaults.rulesetsfile for latest timestampmake verifyStatus
Ready for initial review.