From 47607d4daa0a53266bb4a5349a81a24589836aa0 Mon Sep 17 00:00:00 2001
From: Vincent Desloover <vincent.desloover.dev@gmail.com>
Date: Fri, 1 Sep 2023 14:34:22 -0400
Subject: [PATCH] feat: add publish orb for vu

---
 .circleci/config.yml                          | 131 +++++++++++-------
 testdata/catalog-vervet-apis.yaml             |  18 +--
 .../output/2023-06-01~experimental/spec.json  |   2 +-
 .../output/2023-06-01~experimental/spec.yaml  |   2 +-
 .../output/2023-06-02~experimental/spec.json  |   2 +-
 .../output/2023-06-02~experimental/spec.yaml  |   2 +-
 .../output/2023-06-03~experimental/spec.json  |   2 +-
 .../output/2023-06-03~experimental/spec.yaml  |   2 +-
 vervet-underground/Makefile                   |   7 +
 9 files changed, 106 insertions(+), 62 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index c14fca66..597d8db1 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -2,6 +2,8 @@ version: 2.1
 
 orbs:
   go: circleci/go@1.7.1
+  publish: snyk/publish@1
+  snyk: snyk/snyk@1
 
 defaults: &defaults
   resource_class: small
@@ -14,13 +16,25 @@ test_vu_defaults: &test_vu_defaults
   machine:
     image: ubuntu-2004:202201-02
 
-vu_metadata: &vu_metadata
-    resource_class: small
-    working_directory: ~/vervet/vervet-underground
-    docker:
-      - image: cimg/go:1.20-node
-    environment:
-      DOCKER_BUILDKIT: 1
+vu_defaults: &vu_defaults
+  resource_class: small
+  working_directory: ~/vervet/vervet-underground
+  docker:
+    - image: cimg/go:1.20-node
+  environment:
+    DOCKER_BUILDKIT: 1
+
+ignore_main_branch_filter: &ignore_main_branch_filter
+  filters:
+    branches:
+      ignore:
+        - main
+
+only_main_branch_filter: &only_main_branch_filter
+  filters:
+    branches:
+      only:
+        - main
 
 commands:
   gcr_auth:
@@ -31,6 +45,12 @@ commands:
           name: GCR auth
           command: echo $GCLOUD_GCR_BUILDER | docker login -u _json_key --password-stdin https://gcr.io/snyk-main
 
+  setup_build_remote_docker:
+    steps:
+      - setup_remote_docker:
+          version: 20.10.14
+          docker_layer_caching: false
+
 jobs:
   test:
     <<: *defaults
@@ -87,30 +107,31 @@ jobs:
           command: cd vervet-underground && golangci-lint run -v ./...
 
   build-vu:
-    <<: *vu_metadata
+    <<: *vu_defaults
     steps:
       - checkout:
           path: ~/vervet
       - gcr_auth
       - run:
-          name: build go vervet-undergound
-          command: make build
-      - run:
-          name: Build Docker image # so we can test the build process during PR
-          command: docker build -t gcr.io/snyk-main/vervet-underground:${CIRCLE_SHA1} .
+          name: Build Docker Image
+          command: make build-docker
+      - publish/save-image:
+          image_name: vervet-underground
 
-  publish-vu:
-    <<: *vu_metadata
+  scan-vu-container:
+    <<: *vu_defaults
     steps:
-      - checkout:
-          path: ~/vervet
-      - gcr_auth
-      - run:
-          name: Build
-          command: docker build -t gcr.io/snyk-main/vervet-underground:${CIRCLE_SHA1} .
-      - run:
-          name: Push
-          command: docker push gcr.io/snyk-main/vervet-underground:${CIRCLE_SHA1}
+      - setup_build_remote_docker
+      - publish/load-image:
+          image_name: vervet-underground
+      - snyk/scan:
+          organization: platform-extensibility
+          command: container test
+          fail-on-issues: true
+          severity-threshold: high
+          monitor-on-build: false
+          docker-image-name: vervet-underground:${CIRCLE_WORKFLOW_ID}
+          token-variable: MONITOR_SNYK_TOKEN
 
   release:
     <<: *defaults
@@ -128,52 +149,68 @@ jobs:
 
 workflows:
   version: 2
-  test:
+  CI:
     jobs:
       - test:
           name: Test
+          <<: *ignore_main_branch_filter
+
       - test-vu:
           name: Test VU
+          <<: *ignore_main_branch_filter
+          
       - lint:
           name: Lint
+          <<: *ignore_main_branch_filter
+
       - lint-vu:
           name: Lint VU
+          <<: *ignore_main_branch_filter
+
       - build-vu:
-          name: Build app
+          name: Build Docker Image
           context: snyk-docker-build
           requires:
             - Test VU
             - Lint VU
 
-  release:
+      - scan-vu-container:
+          name: Scan Container
+          context:
+            - team-extensibility
+          requires:
+            - Build Docker Image
+
+  CD:
     jobs:
       - test:
           name: Test
-          filters:
-            branches:
-              only: 'main'
+          <<: *only_main_branch_filter
+          
       - build-vu:
-          name: Build app
+          name: Build Docker Image
           context: snyk-docker-build
-          filters:
-            branches:
-              only:
-                - main
+          <<: *only_main_branch_filter
+
       - release:
           name: Release
           context: nodejs-app-release
           requires:
             - Test
-          filters:
-            branches:
-              only:
-                - main
-      - publish-vu:
-          name: Build and publish image
-          context: snyk-docker-build
+
+      - publish/publish:
+          name: Publish Docker Image
+          image_name: vervet-underground
+          fedramp: "no"
+          snyk_organization: platform-extensibility
+          snyk_token_variable: MONITOR_SNYK_TOKEN
+          snyk_project_tags: >-
+            component=pkg:github/snyk/vervet-underground@main,
+            component=pkg:github/snyk/vervet@main
+          context:
+            - snyk-docker-build
+            - infra-publish-orb
+            - team-extensibility
+            - snyk-bot-slack
           requires:
-            - Build app
-          filters:
-            branches:
-              only:
-                - main
+            - Build Docker Image
diff --git a/testdata/catalog-vervet-apis.yaml b/testdata/catalog-vervet-apis.yaml
index 0d435e64..816c3e50 100644
--- a/testdata/catalog-vervet-apis.yaml
+++ b/testdata/catalog-vervet-apis.yaml
@@ -192,15 +192,15 @@ metadata:
     api.snyk.io/generated-by: vervet
   labels:
     api.snyk.io/version-date: "2023-06-01"
-    api.snyk.io/version-lifecycle: deprecated
+    api.snyk.io/version-lifecycle: sunset
     api.snyk.io/version-stability: experimental
   tags:
     - 2023-06
     - experimental
-    - deprecated
+    - sunset
 spec:
   type: openapi
-  lifecycle: deprecated
+  lifecycle: sunset
   owner: someone-else
   definition:
     $text: output/2023-06-01~experimental/spec.json
@@ -238,15 +238,15 @@ metadata:
     api.snyk.io/generated-by: vervet
   labels:
     api.snyk.io/version-date: "2023-06-02"
-    api.snyk.io/version-lifecycle: deprecated
+    api.snyk.io/version-lifecycle: sunset
     api.snyk.io/version-stability: experimental
   tags:
     - 2023-06
     - experimental
-    - deprecated
+    - sunset
 spec:
   type: openapi
-  lifecycle: deprecated
+  lifecycle: sunset
   owner: someone-else
   definition:
     $text: output/2023-06-02~experimental/spec.json
@@ -284,15 +284,15 @@ metadata:
     api.snyk.io/generated-by: vervet
   labels:
     api.snyk.io/version-date: "2023-06-03"
-    api.snyk.io/version-lifecycle: deprecated
+    api.snyk.io/version-lifecycle: sunset
     api.snyk.io/version-stability: experimental
   tags:
     - 2023-06
     - experimental
-    - deprecated
+    - sunset
 spec:
   type: openapi
-  lifecycle: deprecated
+  lifecycle: sunset
   owner: someone-else
   definition:
     $text: output/2023-06-03~experimental/spec.json
diff --git a/testdata/output/2023-06-01~experimental/spec.json b/testdata/output/2023-06-01~experimental/spec.json
index d203ba55..5e4b5adf 100644
--- a/testdata/output/2023-06-01~experimental/spec.json
+++ b/testdata/output/2023-06-01~experimental/spec.json
@@ -1134,6 +1134,6 @@
       "name": "Users"
     }
   ],
-  "x-snyk-api-lifecycle": "deprecated",
+  "x-snyk-api-lifecycle": "sunset",
   "x-snyk-api-version": "2023-06-01~experimental"
 }
\ No newline at end of file
diff --git a/testdata/output/2023-06-01~experimental/spec.yaml b/testdata/output/2023-06-01~experimental/spec.yaml
index fdc4dd0b..9b6f0cb6 100644
--- a/testdata/output/2023-06-01~experimental/spec.yaml
+++ b/testdata/output/2023-06-01~experimental/spec.yaml
@@ -781,5 +781,5 @@ tags:
   name: Something
 - description: Users
   name: Users
-x-snyk-api-lifecycle: deprecated
+x-snyk-api-lifecycle: sunset
 x-snyk-api-version: 2023-06-01~experimental
diff --git a/testdata/output/2023-06-02~experimental/spec.json b/testdata/output/2023-06-02~experimental/spec.json
index 025e879a..f1e26d9e 100644
--- a/testdata/output/2023-06-02~experimental/spec.json
+++ b/testdata/output/2023-06-02~experimental/spec.json
@@ -1133,6 +1133,6 @@
       "name": "Users"
     }
   ],
-  "x-snyk-api-lifecycle": "deprecated",
+  "x-snyk-api-lifecycle": "sunset",
   "x-snyk-api-version": "2023-06-02~experimental"
 }
\ No newline at end of file
diff --git a/testdata/output/2023-06-02~experimental/spec.yaml b/testdata/output/2023-06-02~experimental/spec.yaml
index 9c547019..06f6d144 100644
--- a/testdata/output/2023-06-02~experimental/spec.yaml
+++ b/testdata/output/2023-06-02~experimental/spec.yaml
@@ -780,5 +780,5 @@ tags:
   name: Something
 - description: Users
   name: Users
-x-snyk-api-lifecycle: deprecated
+x-snyk-api-lifecycle: sunset
 x-snyk-api-version: 2023-06-02~experimental
diff --git a/testdata/output/2023-06-03~experimental/spec.json b/testdata/output/2023-06-03~experimental/spec.json
index f9dfba55..2556b587 100644
--- a/testdata/output/2023-06-03~experimental/spec.json
+++ b/testdata/output/2023-06-03~experimental/spec.json
@@ -1083,6 +1083,6 @@
       "name": "Something"
     }
   ],
-  "x-snyk-api-lifecycle": "deprecated",
+  "x-snyk-api-lifecycle": "sunset",
   "x-snyk-api-version": "2023-06-03~experimental"
 }
\ No newline at end of file
diff --git a/testdata/output/2023-06-03~experimental/spec.yaml b/testdata/output/2023-06-03~experimental/spec.yaml
index 7f57fc0a..5b049eb8 100644
--- a/testdata/output/2023-06-03~experimental/spec.yaml
+++ b/testdata/output/2023-06-03~experimental/spec.yaml
@@ -746,5 +746,5 @@ tags:
   name: Projects
 - description: Something
   name: Something
-x-snyk-api-lifecycle: deprecated
+x-snyk-api-lifecycle: sunset
 x-snyk-api-version: 2023-06-03~experimental
diff --git a/vervet-underground/Makefile b/vervet-underground/Makefile
index 8b1a9f9e..100f413b 100644
--- a/vervet-underground/Makefile
+++ b/vervet-underground/Makefile
@@ -1,3 +1,4 @@
+APP:=vervet-underground
 GO_BIN=$(shell pwd)/.bin/go
 
 SHELL:=env PATH=$(GO_BIN):$(PATH) $(SHELL)
@@ -20,6 +21,12 @@ lint:
 lint-docker:
 	docker run --rm -v $(shell pwd):/vervet-underground -w /vervet-underground golangci/golangci-lint:${GOCI_LINT_V} golangci-lint run --fix -v ./...
 
+.PHONY: build-docker
+build-docker:
+	docker build \
+		-t ${APP}:${CIRCLE_WORKFLOW_ID} \
+		-t gcr.io/snyk-main/${APP}:${CIRCLE_SHA1} .
+
 .PHONY: tidy
 tidy:
 	go mod tidy -v