Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
screwdriver-cd-api
Advanced tools
API for the Screwdriver CD service
Screwdriver is a self-contained, pluggable service to help you build, test, and continuously deliver software using the latest containerization technologies.
Screwdriver began as a hack for simplified interfacing with Jenkins at Yahoo in 2012. As the volume of builds increased, it became clear that Jenkins was not stable or feasible to use at the scale we were running builds. In 2016, we rebuilt Screwdriver from scratch in open source with our best coding practices and CICD goals in mind. Screwdriver is executor and SCM-agnostic, meaning you can choose whichever plugin better suits your need or build your own. It's completely free and open source, and our team is actively maintaining the code.
For more information about Screwdriver, check out our homepage.
This API comes preloaded with 18 (eighteen) resources:
Three (3) option for datastores:
sequelize
)Three (3) options for executor:
k8s
)docker
)nomad
)Three (3) options for SCM:
github
)gitlab
)bitbucket
)To use Screwdriver, you will need the following prerequisites:
$ git clone git@github.com:screwdriver-cd/screwdriver.git ./
$ npm install
$ vim ./config/local.yaml # See below for configuration
$ npm start
info: Server running at http://localhost:8080
$ vim ./local.yaml # See below for configuration
$ docker run --rm -it --volume=`pwd`/local.yaml:/config/local.yaml -p 8080 screwdrivercd/screwdriver:stable
info: Server running at http://localhost:8080
Our in-a-box script brings up an entire Screwdriver instance (ui, api, and log store) locally for you to play with. Follow instructions at https://github.com/screwdriver-cd/in-a-box#screwdriver-in-a-box.
This chart bootstraps the whole Screwdriver ecosystem and also nginx ingress controller.
Screwdriver already defaults most configuration, but you can override defaults using a local.yaml
or environment variables.
To continue set up, follow the instructions for cluster management.
Example overriding local.yaml
:
executor:
plugin: k8s
k8s:
options:
kubernetes:
host: kubernetes.default
token: this-is-a-real-token
launchVersion: stable
scms:
github:
plugin: github
config:
oauthClientId: totally-real-client-id
oauthClientSecret: another-real-client-secret
secret: a-really-real-secret
username: sd-buildbot
email: dev-null@screwdriver.cd
Example overriding with environment variables:
$ export K8S_HOST=127.0.0.1
$ export K8S_TOKEN=this-is-a-real-token
$ export SECRET_OAUTH_CLIENT_ID=totally-real-client-id
$ export SECRET_OAUTH_CLIENT_SECRET=another-real-client-secret
All the possible environment variables are defined here.
npm test
Note: You might run into memory issues running all the unit tests. You can update your ~/.bashrc
file with the line below to ensure there's enough memory for tests to run:
export NODE_OPTIONS=--max_old_space_size=4096
Fork functional-*
repositories to your organization from screwdriver-cd-test
.func_config
Add .func_config
to the root of the Screwdriver API folder with your username, github token, access key, host, and organization for test:
GIT_TOKEN=YOUR-GITHUB-TOKEN
SD_API_TOKEN=YOUR-SD-API-TOKEN
SD_API_HOST=YOUR-SD-API-HOST
SD_API_PROTOCOL=PROTOCOL-FOR-SD-API // e.g.PROTOCOL=http; by default it is https
TEST_ORG=YOUR-TEST-ORGANIZATION
TEST_USERNAME=YOUR-GITHUB-USERNAME
TEST_SCM_HOSTNAME=YOUR-TEST-SCM-HOSTNAME // e.g. TEST_SCM_HOSTNAME=mygithub.com; by default it is github.com
TEST_SCM_CONTEXT=YOUR-TEST-SCM-CONTEXT // e.g.TEST_SCM_CONTEXT=bitbucket; by default it is github
Set the environment variables:
$ export GIT_TOKEN=YOUR-GITHUB-TOKEN
$ export SD_API_TOKEN=YOUR-SD-API-TOKEN
$ export SD_API_HOST=YOUR-SD-API-HOST
$ export SD_API_PROTOCOL=PROTOCOL-FOR-SD-API
$ export TEST_ORG=YOUR-TEST-ORGANIZATION
$ export TEST_USERNAME=YOUR-GITHUB-USERNAME
$ export TEST_SCM_HOSTNAME=YOUR-TEST-SCM-HOSTNAME
$ export TEST_SCM_CONTEXT=YOUR-TEST-SCM-CONTEXT
Then run the cucumber tests:
npm run functional
To start contributing to Screwdriver, have a look at our guidelines, as well as pointers on where to start making changes, in our contributing guide.
Code licensed under the BSD 3-Clause license. See LICENSE file for terms.
FAQs
API server for the Screwdriver.cd service
We found that screwdriver-cd-api demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.