ROX-15327: Remove Circle CI references and simplify tagging

Makefile

@@ -166,12 +166,6 @@ update-shellcheck-skip:
 	$(SILENT)rm -f scripts/style/shellcheck_skip.txt
 	$(SILENT)$(BASE_DIR)/scripts/style/shellcheck.sh update_failing_list
 
-.PHONY: ci-config-validate
-ci-config-validate:
-	@echo "+ $@"
-	$(SILENT)circleci diagnostic > /dev/null 2>&1 || (echo "Must first set CIRCLECI_CLI_TOKEN or run circleci setup"; exit 1)
-	circleci config validate --org-slug gh/stackrox
-
 .PHONY: fast-central-build
 fast-central-build: central-build-nodeps
 
@@ -391,12 +385,12 @@ main-build: build-prep main-build-dockerized
 .PHONY: sensor-build-dockerized
 sensor-build-dockerized: main-builder-image
 	@echo "+ $@"
-	docker run $(DOCKER_USER) --rm -e CI -e CIRCLE_TAG -e GOTAGS -e DEBUG_BUILD $(GOPATH_WD_OVERRIDES) $(LOCAL_VOLUME_ARGS) $(BUILD_IMAGE) make sensor-build
+	docker run $(DOCKER_USER) --rm -e CI -e BUILD_TAG -e GOTAGS -e DEBUG_BUILD $(GOPATH_WD_OVERRIDES) $(LOCAL_VOLUME_ARGS) $(BUILD_IMAGE) make sensor-build
 
 .PHONY: sensor-kubernetes-build-dockerized
 sensor-kubernetes-build-dockerized: main-builder-image
 	@echo "+ $@"
-	docker run $(DOCKER_USER) -e CI -e CIRCLE_TAG -e GOTAGS -e DEBUG_BUILD $(GOPATH_WD_OVERRIDES) $(LOCAL_VOLUME_ARGS) $(BUILD_IMAGE) make sensor-kubernetes-build
+	docker run $(DOCKER_USER) -e CI -e BUILD_TAG -e GOTAGS -e DEBUG_BUILD $(GOPATH_WD_OVERRIDES) $(LOCAL_VOLUME_ARGS) $(BUILD_IMAGE) make sensor-kubernetes-build
 
 .PHONY: sensor-build
 sensor-build:
@@ -410,7 +404,7 @@ sensor-kubernetes-build:
 .PHONY: main-build-dockerized
 main-build-dockerized: main-builder-image
 	@echo "+ $@"
-	docker run $(DOCKER_USER) -i -e RACE -e CI -e CIRCLE_TAG -e GOTAGS -e DEBUG_BUILD --rm $(GOPATH_WD_OVERRIDES) $(LOCAL_VOLUME_ARGS) $(BUILD_IMAGE) make main-build-nodeps
+	docker run $(DOCKER_USER) -i -e RACE -e CI -e BUILD_TAG -e GOTAGS -e DEBUG_BUILD --rm $(GOPATH_WD_OVERRIDES) $(LOCAL_VOLUME_ARGS) $(BUILD_IMAGE) make main-build-nodeps
 
 .PHONY: main-build-nodeps
 main-build-nodeps: central-build-nodeps migrator-build-nodeps
@@ -683,11 +677,7 @@ clean-image:
 
 .PHONY: tag
 tag:
-ifdef COMMIT
-	@git describe $(COMMIT) --tags --abbrev=10 --long --exclude '*-nightly-*'
-else
 	@echo $(TAG)
-endif
 
 .PHONY: shortcommit
 shortcommit:
@@ -766,7 +756,7 @@ ui-publish-packages:
 
 .PHONY: check-debugger
 check-debugger:
-	/usr/bin/env DEBUG_BUILD="$(DEBUG_BUILD)" CIRCLE_TAG="$(CIRCLE_TAG)" TAG="$(TAG)" ./scripts/check-debugger.sh
+	/usr/bin/env DEBUG_BUILD="$(DEBUG_BUILD)" BUILD_TAG="$(BUILD_TAG)" TAG="$(TAG)" ./scripts/check-debugger.sh
 ifeq ($(DEBUG_BUILD),yes)
 	$(warning Warning: DEBUG_BUILD is enabled. Don not use this for production builds)
 endif

make/env.mk

@@ -37,14 +37,14 @@ endif
 
 TAG := # make sure tag is never injectable as an env var
 RELEASE_GOTAGS := release
+
+# Use a release go -tag when CI is targetting a tag
 ifdef CI
-ifneq ($(CIRCLE_TAG),)
+ifneq ($(BUILD_TAG),)
 GOTAGS := $(RELEASE_GOTAGS)
-TAG := $(CIRCLE_TAG)
 endif
 endif
 
-# Support `make tag` override for non CI testing
-ifneq ($(TAG_OVERRIDE),)
-TAG := $(TAG_OVERRIDE)
+ifneq ($(BUILD_TAG),)
+TAG := $(BUILD_TAG)
 endif

migrator/README.md

@@ -98,7 +98,7 @@ in `migrations` directory, or at the examples listed below.
 
 ## How to test migration on locally deployed cluster
 
-1. Create PR with migration files to build image in CircleCI
+1. Create PR with migration files to build image in CI
 2. Checkout **before** commit with migration files and `make clean image`
 3. `export STORAGE=pvc`
 4. `teardown && ./deploy/k8s/deploy-local.sh`

pkg/tlscheck/tlscheck_test.go

@@ -31,7 +31,7 @@ func TestTLS(t *testing.T) {
 
 func checkTLSWithRetry(server *httptest.Server) (bool, error) {
 	var tls bool
-	// Retry the test a few times, sometimes in CircleCI this takes longer than the timeout
+	// Retry the test a few times, sometimes in CI this takes longer than the timeout
 	err := retry.WithRetry(
 		func() error {
 			var err error

qa-tests-backend/README.md

@@ -81,18 +81,6 @@ To run tests, from within `qa-tests-backend` directory:
 If you have deployed the cluster differently or need to use a custom configuration, set `CLUSTER`, `API_HOSTNAME`,
 `PORT`,`ROX_USERNAME`, `ROX_PASSWORD` and other relevant integration credential environment variables.
 
-## CircleCI
-### Labels
-Tests runs in CircleCI are controlled by CircleCI labels. Here are the labels relevant to QA tests:
-  - `ci-all-qa-tests` : run ALL QA tests, not just BAT
-  - `ci-no-qa-tests` : skip QA tests
-  - `ci-openshift-tests` : Run tests on Openshift. This label can be combined with the previous two labels
-
-### Spock Reports
-Test outputs are integrated with spock-reports plugin.
-All the reports are added under build/spock-reports folder.
-The report is generated with all the tests executed with asserts for the failed and the steps executed.
-
 # Adding Tests
 ## Annotations
 New tests are added with a `@Tag` annotation to indicate which to which

qa-tests-backend/src/main/groovy/util/Env.groovy

@@ -22,7 +22,7 @@ class Env {
 
     static final IN_CI = (System.getenv("CI") == "true")
     static final CI_JOB_NAME = System.getenv("CI_JOB_NAME")
-    static final CI_TAG = System.getenv("CIRCLE_TAG")
+    static final BUILD_TAG = System.getenv("BUILD_TAG")
     static final GATHER_QA_TEST_DEBUG_LOGS = (System.getenv("GATHER_QA_TEST_DEBUG_LOGS") == "true")
     static final QA_TEST_DEBUG_LOGS = System.getenv("QA_TEST_DEBUG_LOGS") ?: ""
 

qa-tests-backend/src/test/groovy/BaseSpecification.groovy

@@ -75,7 +75,7 @@ class BaseSpecification extends Specification {
 
         LOG.info "Performing global setup"
 
-        if (!Env.IN_CI || Env.get("CIRCLE_TAG")) {
+        if (!Env.IN_CI || Env.get("BUILD_TAG")) {
             // Strictly test integration with external services when running in
             // a dev environment or in CI against tagged builds (e.g. nightly builds).
             LOG.info "Will perform strict integration testing (if any is required)"

qa-tests-backend/src/test/groovy/DefaultPoliciesTest.groovy

@@ -260,7 +260,7 @@ class DefaultPoliciesTest extends BaseSpecification {
 
     @Tag("BAT")
     @Retry(count = 0)
-    @IgnoreIf({ Env.CI_TAG == null || !Env.CI_TAG.contains("nightly") })
+    @IgnoreIf({ Env.BUILD_TAG == null || !Env.BUILD_TAG.contains("nightly") })
     def "Notifier for StackRox images with fixable vulns"() {
         when:
         "Verify policies are not violated within the stackrox namespace"
@@ -282,7 +282,7 @@ class DefaultPoliciesTest extends BaseSpecification {
         }
 
         String slackPayload = ":rotating_light: " +
-                "Fixable Vulnerabilities found in StackRox Images (build tag: ${Env.CI_TAG})! " +
+                "Fixable Vulnerabilities found in StackRox Images (build tag: ${Env.BUILD_TAG})! " +
                 ":rotating_light:"
 
         Map<String, Set<String>> deploymentPolicyMap = [:]

scripts/check-debugger.sh

@@ -10,14 +10,14 @@ errecho() {
   echo >&2 -e "$@"
 }
 
-if [[ -n "${CIRCLE_TAG}" && "${DEBUG_BUILD}" == "yes" ]]; then
-  errecho "CIRCLE_TAG environment variable is set. DEBUG_BUILD-s are not supported with tagged, e.g. release or nightly, builds."
+if [[ -n "${BUILD_TAG}" && "${DEBUG_BUILD}" == "yes" ]]; then
+  errecho "BUILD_TAG environment variable is set. DEBUG_BUILD-s are not supported with tagged, e.g. release or nightly, builds."
   errecho "Failing the build. Please make sure DEBUG_BUILD variable is not manually overridden to \"yes\"."
   exit 2
 fi
 
 # This searches for a file in the image without running the container.
-container=$(docker create stackrox/main:${TAG})
+container=$(docker create stackrox/main:"${TAG}")
 docker export "${container}" | tar t | grep 'bin/dlv$' && found_dlv="yes" || found_dlv="no"
 docker rm "${container}" &>/dev/null
 

scripts/ci/bats/lib_handle_gha_tagged_build.bats

@@ -42,5 +42,5 @@ function cleanup() {
     run handle_gha_tagged_build
     assert_success
     assert_output --partial 'This is a tagged build: 3.73.x-nightly-20221221'
-    assert_equal "$(cat $GITHUB_ENV)" "CIRCLE_TAG=3.73.x-nightly-20221221"
+    assert_equal "$(cat $GITHUB_ENV)" "BUILD_TAG=3.73.x-nightly-20221221"
 }

scripts/ci/gcp.sh

@@ -13,8 +13,6 @@ setup_gcp() {
     local service_account
     if [[ -n "${GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX:-}" ]]; then
         service_account="${GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX}"
-    elif [[ -n "${GCLOUD_SERVICE_ACCOUNT_CIRCLECI_ROX:-}" ]]; then
-        service_account="${GCLOUD_SERVICE_ACCOUNT_CIRCLECI_ROX}"
     elif [[ -n "${GCLOUD_SERVICE_ACCOUNT_CI_ROX:-}" ]]; then
         service_account="${GCLOUD_SERVICE_ACCOUNT_CI_ROX}"
     else

scripts/ci/gke.sh

@@ -33,9 +33,6 @@ assign_env_variables() {
     if is_OPENSHIFT_CI; then
         require_environment "BUILD_ID"
         build_num="${BUILD_ID}"
-    elif is_CIRCLECI; then
-        require_environment "CIRCLE_BUILD_NUM"
-        build_num="${CIRCLE_BUILD_NUM}"
     else
         die "Support is missing for this CI environment"
     fi
@@ -74,15 +71,6 @@ create_cluster() {
         labels="${labels/%-/x}"
         labels="${labels},stackrox-ci-build-id=${BUILD_ID:0:63}"
         labels="${labels/%-/x}"
-    elif is_CIRCLECI; then
-        require_environment "CIRCLE_JOB"
-        require_environment "CIRCLE_WORKFLOW_ID"
-        tags="${tags},stackrox-ci-${CIRCLE_JOB:0:50}"
-        tags="${tags/%-/x}"
-        labels="${labels},stackrox-ci-job=${CIRCLE_JOB:0:63}"
-        labels="${labels/%-/x}"
-        labels="${labels},stackrox-ci-workflow=${CIRCLE_WORKFLOW_ID:0:63}"
-        labels="${labels/%-/x}"
     else
         die "Support is missing for this CI environment"
     fi

scripts/ci/lib.sh

@@ -665,13 +665,11 @@ is_tagged() {
 }
 
 is_nightly_run() {
-    [[ "${CIRCLE_TAG:-}" =~ -nightly- ]] || [[ "${GITHUB_REF:-}" =~ nightly- ]]
+    [[ "${BUILD_TAG:-}" =~ -nightly- ]] || [[ "${GITHUB_REF:-}" =~ nightly- ]]
 }
 
 is_in_PR_context() {
-    if is_CIRCLECI && [[ -n "${CIRCLE_PULL_REQUEST:-}" ]]; then
-        return 0
-    elif is_GITHUB_ACTIONS && [[ -n "${GITHUB_BASE_REF:-}" ]]; then
+    if is_GITHUB_ACTIONS && [[ -n "${GITHUB_BASE_REF:-}" ]]; then
         return 0
     elif is_OPENSHIFT_CI && [[ -n "${PULL_NUMBER:-}" ]]; then
         return 0
@@ -686,10 +684,7 @@ is_in_PR_context() {
 }
 
 get_PR_number() {
-    if is_CIRCLECI && [[ -n "${CIRCLE_PULL_REQUEST:-}" ]]; then
-        echo "${CIRCLE_PULL_REQUEST}"
-        return 0
-    elif is_OPENSHIFT_CI && [[ -n "${PULL_NUMBER:-}" ]]; then
+    if is_OPENSHIFT_CI && [[ -n "${PULL_NUMBER:-}" ]]; then
         echo "${PULL_NUMBER}"
         return 0
     elif is_OPENSHIFT_CI && [[ -n "${CLONEREFS_OPTIONS:-}" ]]; then
@@ -715,9 +710,7 @@ is_openshift_CI_rehearse_PR() {
 }
 
 get_base_ref() {
-    if is_CIRCLECI; then
-        echo "${CIRCLE_BRANCH}"
-    elif is_OPENSHIFT_CI; then
+    if is_OPENSHIFT_CI; then
         if [[ -n "${PULL_BASE_REF:-}" ]]; then
             # presubmit, postsubmit and batch runs
             # (ref: https://github.com/kubernetes/test-infra/blob/master/prow/jobs.md#job-environment-variables)
@@ -739,10 +732,7 @@ get_base_ref() {
 }
 
 get_repo_full_name() {
-    if is_CIRCLECI; then
-        # CIRCLE_REPOSITORY_URL=git@github.com:stackrox/stackrox.git
-        echo "${CIRCLE_REPOSITORY_URL:15:-4}"
-    elif is_GITHUB_ACTIONS; then
+    if is_GITHUB_ACTIONS; then
         [[ -n "${GITHUB_ACTION_REPOSITORY:-}" ]] || die "expect: GITHUB_ACTION_REPOSITORY"
         echo "${GITHUB_ACTION_REPOSITORY}"
     elif is_OPENSHIFT_CI; then
@@ -824,14 +814,7 @@ get_pr_details() {
         exit 1
     }
 
-    if is_CIRCLECI; then
-        [ -n "${CIRCLE_PULL_REQUEST:-}" ] || _not_a_PR
-        [ -n "${CIRCLE_PROJECT_USERNAME}" ] || { echo "CIRCLE_PROJECT_USERNAME not found" ; exit 2; }
-        [ -n "${CIRCLE_PROJECT_REPONAME}" ] || { echo "CIRCLE_PROJECT_REPONAME not found" ; exit 2; }
-        pull_request="${CIRCLE_PULL_REQUEST##*/}"
-        org="${CIRCLE_PROJECT_USERNAME}"
-        repo="${CIRCLE_PROJECT_REPONAME}"
-    elif is_OPENSHIFT_CI; then
+    if is_OPENSHIFT_CI; then
         if [[ -n "${JOB_SPEC:-}" ]]; then
             pull_request=$(jq -r <<<"$JOB_SPEC" '.refs.pulls[0].number')
             org=$(jq -r <<<"$JOB_SPEC" '.refs.org')
@@ -851,7 +834,7 @@ get_pr_details() {
         org="${GITHUB_REPOSITORY_OWNER}"
         repo="${GITHUB_REPOSITORY#*/}"
     else
-        echo "Expect Circle or OpenShift CI"
+        echo "Unsupported CI"
         exit 2
     fi
 
@@ -928,11 +911,7 @@ gate_pr_job() {
 
     if [[ -n "${run_with_changed_path}" || -n "${changed_path_to_ignore}" ]]; then
         local diff_base
-        if is_CIRCLECI; then
-            diff_base="$(git merge-base HEAD origin/master)"
-            echo "Determined diff-base as ${diff_base}"
-            echo "Master SHA: $(git rev-parse origin/master)"
-        elif is_OPENSHIFT_CI; then
+        if is_OPENSHIFT_CI; then
             if [[ -n "${PULL_BASE_SHA:-}" ]]; then
                 diff_base="${PULL_BASE_SHA:-}"
             else
@@ -1003,9 +982,9 @@ openshift_ci_mods() {
         fi
     fi
 
-    # Provide Circle CI vars that are commonly used
-    CIRCLE_TAG="$(git tag --sort=creatordate --contains | tail -1)" || echo "Warning: Cannot get tag"
-    export CIRCLE_TAG
+    # Target a tag if HEAD is tagged.
+    BUILD_TAG="$(git tag --sort=creatordate --contains | tail -1)" || echo "Warning: Cannot get tag"
+    export BUILD_TAG
 
     # For gradle
     export GRADLE_USER_HOME="${HOME}"
@@ -1095,7 +1074,7 @@ handle_nightly_runs() {
     local nightly_tag_prefix
     nightly_tag_prefix="$(git describe --tags --abbrev=0 --exclude '*-nightly-*')-nightly-"
     if ! is_in_PR_context && [[ "${JOB_NAME_SAFE:-}" =~ ^nightly- ]]; then
-        ci_export CIRCLE_TAG "${nightly_tag_prefix}$(date '+%Y%m%d')"
+        ci_export BUILD_TAG "${nightly_tag_prefix}$(date '+%Y%m%d')"
     fi
 }
 
@@ -1471,7 +1450,7 @@ handle_gha_tagged_build() {
     if [[ "${GITHUB_REF:-}" =~ ^refs/tags/ ]]; then
         tag="${GITHUB_REF#refs/tags/*}"
         echo "This is a tagged build: $tag"
-        echo "CIRCLE_TAG=$tag" >> "$GITHUB_ENV"
+        echo "BUILD_TAG=$tag" >> "$GITHUB_ENV"
     else
         echo "This is not a tagged build"
     fi

scripts/ci/store-artifacts.bats

@@ -75,8 +75,6 @@ make_env() {
     fi
     if is_OPENSHIFT_CI; then
         GS_URL="gs://roxci-artifacts/${REPO_NAME}/${PULL_PULL_SHA:-${PULL_BASE_SHA}}/${BUILD_ID}-${JOB_NAME}"
-    elif is_CIRCLECI; then
-        GS_URL="gs://roxci-artifacts/${CIRCLE_PROJECT_REPONAME}/${CIRCLE_WORKFLOW_ID}/${CIRCLE_BUILD_NUM}-${CIRCLE_JOB}"
     fi
     PATH="$BATS_RUN_TMPDIR:$PATH"
     TEST_OUTPUT=1

scripts/ci/store-artifacts.sh

@@ -22,7 +22,7 @@ store_artifacts() {
         exit 1
     fi
 
-    # Circle CI does a poor job with ~ expansion
+    # Some CI do a poor job with ~ expansion
     if [[ "$path" =~ ^~ ]]; then
         path="$HOME$(cut -c2- -<<< "$path")"
     fi
@@ -102,15 +102,6 @@ set_gs_path_vars() {
         WORKFLOW_SUBDIR="${repo}/${workflow_id}"
         JOB_SUBDIR="${BUILD_ID}-${JOB_NAME}"
         GS_JOB_URL="${GS_URL}/${WORKFLOW_SUBDIR}/${JOB_SUBDIR}"
-    elif is_CIRCLECI; then
-        require_environment "CIRCLE_PROJECT_REPONAME"
-        require_environment "CIRCLE_WORKFLOW_ID"
-        require_environment "CIRCLE_BUILD_NUM"
-        require_environment "CIRCLE_JOB"
-
-        WORKFLOW_SUBDIR="${CIRCLE_PROJECT_REPONAME}/${CIRCLE_WORKFLOW_ID}"
-        JOB_SUBDIR="${CIRCLE_BUILD_NUM}-${CIRCLE_JOB}"
-        GS_JOB_URL="${GS_URL}/${WORKFLOW_SUBDIR}/${JOB_SUBDIR}"
     else
         die "Support is missing for this CI environment"
     fi
@@ -146,8 +137,6 @@ make_artifacts_help() {
     if is_OPENSHIFT_CI; then
         require_environment "ARTIFACT_DIR"
         help_file="$ARTIFACT_DIR/howto-locate-other-artifacts.html"
-    elif is_CIRCLECI; then
-        help_file="/tmp/howto-locate-artifacts.html"
     else
         die "This is an unsupported environment"
     fi

scripts/lib.sh

@@ -60,10 +60,6 @@ is_CI() {
     [[ "${CI:-}" == "true" ]]
 }
 
-is_CIRCLECI() {
-    [[ "${CIRCLECI:-}" == "true" ]]
-}
-
 is_OPENSHIFT_CI() {
     [[ "${OPENSHIFT_CI:-}" == "true" ]]
 }

scripts/reference/build-quay-operator-bundles.sh

@@ -13,9 +13,9 @@ for tag in $(git -C "$workdir" tag | egrep '^3\.(6[3-9]|0\.62)\.\d+$' | sort -V)
 	docker push "quay.io/rhacs-eng/stackrox-operator:${version}"
 
 	git -C "$workdir" checkout "$tag"
-	CI=1 CIRCLE_TAG="$tag" IMAGE_REPO="quay.io/rhacs-eng" IMAGE_TAG_BASE="quay.io/rhacs-eng/stackrox-operator" make -C "$workdir/operator" bundle-build
+	CI=1 BUILD_TAG="$tag" IMAGE_REPO="quay.io/rhacs-eng" IMAGE_TAG_BASE="quay.io/rhacs-eng/stackrox-operator" make -C "$workdir/operator" bundle-build
 	docker push "quay.io/rhacs-eng/stackrox-operator-bundle:v${version}"
 
-	CI=1 CIRCLE_TAG="$tag" IMAGE_REPO="quay.io/rhacs-eng" IMAGE_TAG_BASE="quay.io/rhacs-eng/stackrox-operator" make -C "$workdir/operator" index-build
+	CI=1 BUILD_TAG="$tag" IMAGE_REPO="quay.io/rhacs-eng" IMAGE_TAG_BASE="quay.io/rhacs-eng/stackrox-operator" make -C "$workdir/operator" index-build
 	docker push "quay.io/rhacs-eng/stackrox-operator-index:v${version}"
 done