aliases: # Workflow filters - &filter-only-release branches: ignore: /.*/ tags: only: /^v[0-9]+(\.[0-9]+){2}(-.+|[^-.]*)$/ - &filter-not-release-or-master tags: ignore: /^v[0-9]+(\.[0-9]+){2}(-.+|[^-.]*)$/ branches: ignore: master - &filter-only-master branches: only: master version: 2 jobs: mysql-integration-test: docker: - image: circleci/golang:1.12.9 - image: circleci/mysql:5.6-ram environment: MYSQL_ROOT_PASSWORD: rootpass MYSQL_DATABASE: grafana_tests MYSQL_USER: grafana MYSQL_PASSWORD: password working_directory: /go/src/github.com/grafana/grafana steps: - checkout - run: sudo apt update - run: sudo apt install -y default-mysql-client - run: dockerize -wait tcp://127.0.0.1:3306 -timeout 120s - run: cat devenv/docker/blocks/mysql_tests/setup.sql | mysql -h 127.0.0.1 -P 3306 -u root -prootpass - run: name: mysql integration tests command: './scripts/circle-test-mysql.sh' postgres-integration-test: docker: - image: circleci/golang:1.12.9 - image: circleci/postgres:9.3-ram environment: POSTGRES_USER: grafanatest POSTGRES_PASSWORD: grafanatest POSTGRES_DB: grafanatest working_directory: /go/src/github.com/grafana/grafana steps: - checkout - run: sudo apt update - run: sudo apt install -y postgresql-client - run: dockerize -wait tcp://127.0.0.1:5432 -timeout 120s - run: 'PGPASSWORD=grafanatest psql -p 5432 -h 127.0.0.1 -U grafanatest -d grafanatest -f devenv/docker/blocks/postgres_tests/setup.sql' - run: name: postgres integration tests command: './scripts/circle-test-postgres.sh' cache-server-test: docker: - image: circleci/golang:1.12.9 - image: circleci/redis:4-alpine - image: memcached working_directory: /go/src/github.com/grafana/grafana steps: - checkout - run: dockerize -wait tcp://127.0.0.1:11211 -timeout 120s - run: dockerize -wait tcp://127.0.0.1:6379 -timeout 120s - run: name: cache server tests command: './scripts/circle-test-cache-servers.sh' end-to-end-test: docker: - image: circleci/node:10-browsers - image: grafana/grafana-dev:master-$CIRCLE_SHA1 steps: - run: dockerize -wait tcp://127.0.0.1:3000 -timeout 120s - checkout - restore_cache: key: dependency-cache-{{ checksum "yarn.lock" }} - run: name: yarn install command: 'yarn install --pure-lockfile --no-progress' no_output_timeout: 5m - save_cache: key: dependency-cache-{{ checksum "yarn.lock" }} paths: - node_modules - run: name: run end-to-end tests command: 'env BASE_URL=http://127.0.0.1:3000 yarn e2e-tests' no_output_timeout: 5m - store_artifacts: path: public/e2e-test/screenShots/theTruth destination: expected-screenshots - store_artifacts: path: public/e2e-test/screenShots/theOutput destination: output-screenshots end-to-end-test-release: docker: - image: circleci/node:10-browsers - image: grafana/grafana-dev:$CIRCLE_TAG steps: - run: dockerize -wait tcp://127.0.0.1:3000 -timeout 120s - checkout - restore_cache: key: dependency-cache-{{ checksum "yarn.lock" }} - run: name: yarn install command: 'yarn install --pure-lockfile --no-progress' no_output_timeout: 5m - save_cache: key: dependency-cache-{{ checksum "yarn.lock" }} paths: - node_modules - run: name: run end-to-end tests command: 'env BASE_URL=http://127.0.0.1:3000 yarn e2e-tests' no_output_timeout: 5m - store_artifacts: path: public/e2e-test/screenShots/theTruth destination: expected-screenshots - store_artifacts: path: public/e2e-test/screenShots/theOutput destination: output-screenshots codespell: docker: - image: circleci/python steps: - checkout - run: name: install codespell command: 'sudo pip install codespell' - run: # Important: all words have to be in lowercase, and separated by "\n". name: exclude known exceptions command: 'echo -e "unknwon\nreferer\nerrorstring" > words_to_ignore.txt' - run: name: check documentation spelling errors command: 'codespell -I ./words_to_ignore.txt docs/' lint-go: docker: - image: circleci/golang:1.12.9 environment: # we need CGO because of go-sqlite3 CGO_ENABLED: 1 working_directory: /go/src/github.com/grafana/grafana steps: - checkout - run: name: Lint Go command: 'make lint-go' shellcheck: machine: true working_directory: ~/go/src/github.com/grafana/grafana steps: - checkout - run: name: ShellCheck command: 'make shellcheck' test-frontend: docker: - image: circleci/node:10 steps: - checkout - restore_cache: key: dependency-cache-{{ checksum "yarn.lock" }} - run: name: yarn install command: 'yarn install --frozen-lockfile --no-progress' no_output_timeout: 15m - save_cache: key: dependency-cache-{{ checksum "yarn.lock" }} paths: - node_modules - run: name: frontend tests command: './scripts/circle-test-frontend.sh' test-backend: docker: - image: circleci/golang:1.12.9 working_directory: /go/src/github.com/grafana/grafana steps: - checkout - run: name: build backend and run go tests command: './scripts/circle-test-backend.sh' build-all: docker: - image: grafana/build-container:1.2.8 working_directory: /go/src/github.com/grafana/grafana steps: - checkout - run: name: prepare build tools command: '/tmp/bootstrap.sh' - restore_cache: key: phantomjs-binaries-{{ checksum "scripts/build/download-phantomjs.sh" }} - run: name: download phantomjs binaries command: './scripts/build/download-phantomjs.sh' - save_cache: key: phantomjs-binaries-{{ checksum "scripts/build/download-phantomjs.sh" }} paths: - /tmp/phantomjs - run: name: build and package grafana command: './scripts/build/build-all.sh' - run: name: Prepare GPG private key command: './scripts/build/prepare_signing_key.sh' - run: name: sign packages command: './scripts/build/sign_packages.sh dist/*.rpm' - run: name: verify signed packages command: './scripts/build/verify_signed_packages.sh dist/*.rpm' - run: name: sha-sum packages command: 'go run build.go sha-dist' - run: name: Test and build Grafana.com release publisher command: 'cd scripts/build/release_publisher && go test . && go build -o release_publisher .' - persist_to_workspace: root: . paths: - dist/* - scripts/*.sh - scripts/build/release_publisher/release_publisher - scripts/build/publish.sh build: docker: - image: grafana/build-container:1.2.8 working_directory: /go/src/github.com/grafana/grafana steps: - checkout - run: name: prepare build tools command: '/tmp/bootstrap.sh' - run: name: build and package grafana command: './scripts/build/build.sh' - run: name: Prepare GPG private key command: './scripts/build/prepare_signing_key.sh' - run: name: sign packages command: './scripts/build/sign_packages.sh dist/*.rpm' - run: name: sha-sum packages command: 'go run build.go sha-dist' - run: name: Test Grafana.com release publisher command: 'cd scripts/build/release_publisher && go test .' - persist_to_workspace: root: . paths: - dist/* build-fast-backend: docker: - image: grafana/build-container:1.2.8 working_directory: /go/src/github.com/grafana/grafana steps: - checkout - run: name: prepare build tools command: '/tmp/bootstrap.sh' - run: name: build grafana backend command: './scripts/build/build.sh --fast --backend-only' - persist_to_workspace: root: . paths: - bin/* build-fast-frontend: docker: - image: grafana/build-container:1.2.8 working_directory: /go/src/github.com/grafana/grafana steps: - checkout - run: name: prepare build tools command: '/tmp/bootstrap.sh' - restore_cache: key: frontend-dependency-cache-{{ checksum "yarn.lock" }} - run: name: build grafana frontend command: './scripts/build/build.sh --fast --frontend-only' - save_cache: key: frontend-dependency-cache-{{ checksum "yarn.lock" }} paths: - node_modules - persist_to_workspace: root: . paths: - public/build/* - tools/phantomjs/* build-fast-package: docker: - image: grafana/build-container:1.2.8 working_directory: /go/src/github.com/grafana/grafana steps: - checkout - attach_workspace: at: . - restore_cache: key: frontend-dependency-cache-{{ checksum "yarn.lock" }} - run: name: prepare build tools command: '/tmp/bootstrap.sh' - run: name: package grafana command: './scripts/build/build.sh --fast --package-only' - run: name: sha-sum packages command: 'go run build.go sha-dist' - run: name: Test Grafana.com release publisher command: 'cd scripts/build/release_publisher && go test .' - persist_to_workspace: root: /go/src/github.com/grafana/grafana paths: - dist/* build-fast-save: docker: - image: grafana/build-container:1.2.8 working_directory: /go/src/github.com/grafana/grafana steps: - checkout - attach_workspace: at: . - restore_cache: key: dependency-cache-{{ checksum "yarn.lock" }} - run: name: debug cache command: 'ls -al /go/src/github.com/grafana/grafana/node_modules' - run: name: prepare build tools command: '/tmp/bootstrap.sh' - run: name: build grafana backend command: './scripts/build/build.sh --fast --backend-only' - run: name: build grafana frontend command: './scripts/build/build.sh --fast --frontend-only' - save_cache: key: dependency-cache-{{ checksum "yarn.lock" }} paths: - /go/src/github.com/grafana/grafana/node_modules - run: name: package grafana command: './scripts/build/build.sh --fast --package-only' - run: name: Prepare GPG private key command: './scripts/build/prepare_signing_key.sh' - run: name: sign packages command: './scripts/build/sign_packages.sh dist/*.rpm' - run: name: sha-sum packages command: 'go run build.go sha-dist' - run: name: Test Grafana.com release publisher command: 'cd scripts/build/release_publisher && go test .' - persist_to_workspace: root: . paths: - dist/* grafana-docker-master: machine: image: circleci/classic:201808-01 steps: - checkout - attach_workspace: at: . - run: docker info - run: docker run --privileged linuxkit/binfmt:v0.6 - run: cp dist/grafana-latest.linux-*.tar.gz packaging/docker - run: cd packaging/docker && ./build-deploy.sh "master-${CIRCLE_SHA1}" - run: rm packaging/docker/grafana-latest.linux-*.tar.gz - run: cp enterprise-dist/grafana-enterprise-*.linux-amd64.tar.gz packaging/docker/grafana-latest.linux-x64.tar.gz - run: cd packaging/docker && ./build-enterprise.sh "master" grafana-docker-pr: machine: image: circleci/classic:201808-01 steps: - checkout - attach_workspace: at: . - run: docker info - run: docker run --privileged linuxkit/binfmt:v0.6 - run: cp dist/grafana-latest.linux-*.tar.gz packaging/docker - run: cd packaging/docker && ./build.sh --fast "${CIRCLE_SHA1}" grafana-docker-release: machine: image: circleci/classic:201808-01 steps: - checkout - attach_workspace: at: . - run: docker info - run: docker run --privileged linuxkit/binfmt:v0.6 - run: cp dist/grafana-latest.linux-*.tar.gz packaging/docker - run: cd packaging/docker && ./build-deploy.sh "${CIRCLE_TAG}" - run: rm packaging/docker/grafana-latest.linux-*.tar.gz - run: cp enterprise-dist/grafana-enterprise-*.linux-amd64.tar.gz packaging/docker/grafana-latest.linux-x64.tar.gz - run: cd packaging/docker && ./build-enterprise.sh "${CIRCLE_TAG}" build-enterprise: docker: - image: grafana/build-container:1.2.8 working_directory: /go/src/github.com/grafana/grafana steps: - checkout - run: name: prepare build tools command: '/tmp/bootstrap.sh' - run: name: checkout enterprise command: './scripts/build/prepare-enterprise.sh' - run: name: test enterprise command: 'go test ./pkg/extensions/...' - run: name: build and package enterprise command: './scripts/build/build.sh -enterprise' - run: name: Prepare GPG private key command: './scripts/build/prepare_signing_key.sh' - run: name: sign packages command: './scripts/build/sign_packages.sh dist/*.rpm' - run: name: sha-sum packages command: 'go run build.go sha-dist' - run: name: move enterprise packages into their own folder command: 'mv dist enterprise-dist' - persist_to_workspace: root: . paths: - enterprise-dist/* build-all-enterprise: docker: - image: grafana/build-container:1.2.8 working_directory: /go/src/github.com/grafana/grafana steps: - checkout - run: name: prepare build tools command: '/tmp/bootstrap.sh' - run: name: checkout enterprise command: './scripts/build/prepare-enterprise.sh' - restore_cache: key: phantomjs-binaries-{{ checksum "scripts/build/download-phantomjs.sh" }} - run: name: download phantomjs binaries command: './scripts/build/download-phantomjs.sh' - save_cache: key: phantomjs-binaries-{{ checksum "scripts/build/download-phantomjs.sh" }} paths: - /tmp/phantomjs - run: name: test enterprise command: 'go test ./pkg/extensions/...' - run: name: build and package grafana command: './scripts/build/build-all.sh -enterprise' - run: name: Prepare GPG private key command: './scripts/build/prepare_signing_key.sh' - run: name: sign packages command: './scripts/build/sign_packages.sh dist/*.rpm' - run: name: verify signed packages command: './scripts/build/verify_signed_packages.sh dist/*.rpm' - run: name: sha-sum packages command: 'go run build.go sha-dist' - run: name: move enterprise packages into their own folder command: 'mv dist enterprise-dist' - persist_to_workspace: root: . paths: - enterprise-dist/* deploy-enterprise-master: docker: - image: grafana/grafana-ci-deploy:1.2.2 steps: - attach_workspace: at: . - run: name: gcp credentials command: 'echo ${GCP_GRAFANA_UPLOAD_KEY} > /tmp/gcpkey.json' - run: name: sign in to gcp command: '/opt/google-cloud-sdk/bin/gcloud auth activate-service-account --key-file=/tmp/gcpkey.json' - run: name: deploy to gcp command: '/opt/google-cloud-sdk/bin/gsutil cp ./enterprise-dist/* gs://$GCP_BUCKET_NAME/enterprise/master' - run: name: Deploy to grafana.com command: | cd enterprise-dist ../scripts/build/release_publisher/release_publisher -apikey ${GRAFANA_COM_API_KEY} -enterprise -version "v$(cat grafana.version)" --nightly deploy-enterprise-release: docker: - image: grafana/grafana-ci-deploy:1.2.2 steps: - checkout - attach_workspace: at: . - run: name: gcp credentials command: 'echo ${GCP_GRAFANA_UPLOAD_KEY} > /tmp/gcpkey.json' - run: name: sign in to gcp command: '/opt/google-cloud-sdk/bin/gcloud auth activate-service-account --key-file=/tmp/gcpkey.json' - run: name: deploy to gcp command: '/opt/google-cloud-sdk/bin/gsutil cp ./enterprise-dist/* gs://$GCP_BUCKET_NAME/enterprise/release' - run: name: Deploy to Grafana.com command: './scripts/build/publish.sh --enterprise' - run: name: Prepare GPG private key command: './scripts/build/prepare_signing_key.sh' - run: name: Load GPG private key command: './scripts/build/update_repo/load-signing-key.sh' - run: name: Update Debian repository command: './scripts/build/update_repo/update-deb.sh "enterprise" "$GPG_KEY_PASSWORD" "$CIRCLE_TAG" "enterprise-dist"' - run: name: Publish Debian repository command: './scripts/build/update_repo/publish-deb.sh "enterprise"' - run: name: Update RPM repository command: './scripts/build/update_repo/update-rpm.sh "enterprise" "$GPG_KEY_PASSWORD" "$CIRCLE_TAG" "enterprise-dist"' - run: name: Publish RPM repository command: './scripts/build/update_repo/publish-rpm.sh "enterprise" "$CIRCLE_TAG"' deploy-master: docker: - image: grafana/grafana-ci-deploy:1.2.2 steps: - attach_workspace: at: . - run: name: Trigger Windows build command: './scripts/trigger_windows_build.sh ${APPVEYOR_TOKEN} ${CIRCLE_SHA1} master' - run: name: gcp credentials command: 'echo ${GCP_GRAFANA_UPLOAD_KEY} > /tmp/gcpkey.json' - run: name: sign in to gcp command: '/opt/google-cloud-sdk/bin/gcloud auth activate-service-account --key-file=/tmp/gcpkey.json' - run: name: deploy to gcp command: '/opt/google-cloud-sdk/bin/gsutil cp ./dist/* gs://$GCP_BUCKET_NAME/oss/master' - run: name: Publish to Grafana.com command: | rm dist/*latest* || true cd dist && ../scripts/build/release_publisher/release_publisher -apikey ${GRAFANA_COM_API_KEY} -version "v$(cat grafana.version)" --nightly deploy-release: docker: - image: grafana/grafana-ci-deploy:1.2.2 steps: - checkout - attach_workspace: at: . - run: name: gcp credentials command: 'echo ${GCP_GRAFANA_UPLOAD_KEY} > /tmp/gcpkey.json' - run: name: sign in to gcp command: '/opt/google-cloud-sdk/bin/gcloud auth activate-service-account --key-file=/tmp/gcpkey.json' - run: name: deploy to gcp command: '/opt/google-cloud-sdk/bin/gsutil cp ./dist/* gs://$GCP_BUCKET_NAME/oss/release' - run: name: Deploy to Grafana.com command: './scripts/build/publish.sh' - run: name: Prepare GPG private key command: './scripts/build/prepare_signing_key.sh' - run: name: Load GPG private key command: './scripts/build/update_repo/load-signing-key.sh' - run: name: Update Debian repository command: './scripts/build/update_repo/update-deb.sh "oss" "$GPG_KEY_PASSWORD" "$CIRCLE_TAG" "dist"' - run: name: Publish Debian repository command: './scripts/build/update_repo/publish-deb.sh "oss"' - run: name: Update RPM repository command: './scripts/build/update_repo/update-rpm.sh "oss" "$GPG_KEY_PASSWORD" "$CIRCLE_TAG" "dist"' - run: name: Publish RPM repository command: './scripts/build/update_repo/publish-rpm.sh "oss" "$CIRCLE_TAG"' build-oss-msi: docker: - image: grafana/wix-toolset-ci:v3 steps: - checkout - attach_workspace: at: . - run: name: Build OSS MSI command: './scripts/build/ci-msi-build/ci-msi-build-oss.sh' - persist_to_workspace: root: . paths: - dist/grafana-*.msi - dist/grafana-*.msi.sha256 store-build-artifacts: docker: - image: circleci/node:10 steps: - attach_workspace: at: . - store_artifacts: path: ./dist trigger-docs-update: docker: - image: circleci/python:3.6.8 steps: - checkout - run: name: Trigger Docs update command: | if git diff --name-only HEAD^ | grep -q "^docs"; then echo "Build URL:" curl -s -u "$DOCS_CIRCLE_TOKEN:" \ -d build_parameters[CIRCLE_JOB]=pull-submodule-changes \ https://circleci.com/api/v1.1/project/github/grafana/docs.grafana.com/tree/master \ | jq .build_url else echo "-- no changes to docs files --" fi build-grafana-packages: docker: - image: circleci/node:10 steps: - checkout - run: name: Boostrap lerna command: 'npx lerna bootstrap' - run: name: Build packages command: yarn packages:build release-next-packages: docker: - image: circleci/node:10 steps: - checkout - run: name: Boostrap lerna command: 'npx lerna bootstrap' - run: name: npm - Prepare auth token command: 'echo //registry.npmjs.org/:_authToken=$NPM_TOKEN >> ~/.npmrc' - run: name: Release next packages command: './scripts/circle-release-next-packages.sh' release-packages: docker: - image: circleci/node:10 steps: - checkout - run: name: Boostrap lerna command: 'npx lerna bootstrap' - run: name: npm - Prepare auth token command: 'echo //registry.npmjs.org/:_authToken=$NPM_TOKEN >> ~/.npmrc' - run: name: Release packages command: ./scripts/build/release-packages.sh "${CIRCLE_TAG}" scan-docker-master: docker: - image: circleci/buildpack-deps:stretch steps: - setup_remote_docker - restore_cache: key: vulnerability-db - run: name: Install trivy command: | VERSION=$( curl --silent "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | \ grep '"tag_name":' | \ sed -E 's/.*"v([^"]+)".*/\1/' ) wget https://github.com/aquasecurity/trivy/releases/download/v${VERSION}/trivy_${VERSION}_Linux-64bit.tar.gz tar zxvf trivy_${VERSION}_Linux-64bit.tar.gz sudo mv trivy /usr/local/bin - run: name: Scan the latest grafana master image with trivy command: trivy --exit-code 1 --quiet --auto-refresh --clear-cache grafana/grafana:master - save_cache: key: vulnerability-db paths: - $HOME/.cache/trivy workflows: version: 2 build-master: jobs: - build-all: filters: *filter-only-master - build-all-enterprise: filters: *filter-only-master - codespell: filters: *filter-only-master - lint-go: filters: *filter-only-master - shellcheck: filters: *filter-only-master - test-frontend: filters: *filter-only-master - test-backend: filters: *filter-only-master - mysql-integration-test: filters: *filter-only-master - postgres-integration-test: filters: *filter-only-master - deploy-master: requires: - build-all - test-backend - test-frontend - codespell - lint-go - shellcheck - mysql-integration-test - postgres-integration-test - build-oss-msi filters: *filter-only-master - grafana-docker-master: requires: - build-all - build-all-enterprise - test-backend - test-frontend - codespell - lint-go - shellcheck - mysql-integration-test - postgres-integration-test filters: *filter-only-master - deploy-enterprise-master: requires: - build-all - test-backend - test-frontend - codespell - lint-go - shellcheck - mysql-integration-test - postgres-integration-test - build-all-enterprise filters: *filter-only-master - build-oss-msi: requires: - build-all - test-backend - test-frontend - codespell - lint-go - shellcheck - mysql-integration-test - postgres-integration-test filters: *filter-only-master - end-to-end-test: requires: - grafana-docker-master filters: *filter-only-master - trigger-docs-update: requires: - end-to-end-test filters: *filter-only-master - release-next-packages: requires: - build-all - test-frontend filters: *filter-only-master release: jobs: - build-all: filters: *filter-only-release - build-all-enterprise: filters: *filter-only-release - codespell: filters: *filter-only-release - lint-go: filters: *filter-only-release - shellcheck: filters: *filter-only-release - test-frontend: filters: *filter-only-release - test-backend: filters: *filter-only-release - mysql-integration-test: filters: *filter-only-release - postgres-integration-test: filters: *filter-only-release - deploy-release: requires: - build-all - test-backend - test-frontend - codespell - lint-go - shellcheck - mysql-integration-test - postgres-integration-test - build-oss-msi filters: *filter-only-release - deploy-enterprise-release: requires: - build-all - build-all-enterprise - test-backend - test-frontend - codespell - lint-go - shellcheck - mysql-integration-test - postgres-integration-test filters: *filter-only-release - grafana-docker-release: requires: - build-all - build-all-enterprise - test-backend - test-frontend - codespell - lint-go - shellcheck - mysql-integration-test - postgres-integration-test filters: *filter-only-release - release-packages: requires: - build-all - test-backend - test-frontend - codespell - lint-go - shellcheck - mysql-integration-test - postgres-integration-test - build-oss-msi filters: *filter-only-release - build-oss-msi: requires: - build-all - test-backend - test-frontend - codespell - lint-go - shellcheck - mysql-integration-test - postgres-integration-test filters: *filter-only-release - end-to-end-test-release: requires: - grafana-docker-release filters: *filter-only-release build-branches-and-prs: jobs: - build-fast-backend: filters: *filter-not-release-or-master - build-fast-frontend: filters: *filter-not-release-or-master - build-grafana-packages: filters: *filter-not-release-or-master - build-fast-package: filters: *filter-not-release-or-master requires: - build-fast-backend - build-fast-frontend - codespell: filters: *filter-not-release-or-master - lint-go: filters: *filter-not-release-or-master - lint-go: filters: *filter-not-release-or-master - shellcheck: filters: *filter-not-release-or-master - test-frontend: filters: *filter-not-release-or-master - test-backend: filters: *filter-not-release-or-master - mysql-integration-test: filters: *filter-not-release-or-master - postgres-integration-test: filters: *filter-not-release-or-master - cache-server-test: filters: *filter-not-release-or-master - grafana-docker-pr: requires: - build-fast-package - test-backend - test-frontend - codespell - lint-go - shellcheck - mysql-integration-test - postgres-integration-test - cache-server-test filters: *filter-not-release-or-master - store-build-artifacts: requires: - build-fast-package - test-backend - test-frontend - codespell - lint-go - shellcheck - mysql-integration-test - postgres-integration-test - cache-server-test filters: *filter-not-release-or-master nightly: triggers: - schedule: cron: "0 0 * * *" filters: *filter-only-master jobs: - scan-docker-master