From 5c518d6a6f1a30bed62836790c1233b3f2e763fd Mon Sep 17 00:00:00 2001 From: Julien Carsique Date: Fri, 14 Oct 2022 10:18:52 +0200 Subject: [PATCH] BUILD-1924 CirrusCI AWS (#133) --- .cirrus.yml | 82 ++++++++++------------------- it/docker/Dockerfile | 21 -------- it/docker/Dockerfile_17 | 21 -------- it/packer/README.md | 23 -------- it/packer/setup.ps1 | 60 --------------------- it/packer/sonar-scanner-cli-qa.json | 29 ---------- 6 files changed, 29 insertions(+), 207 deletions(-) delete mode 100644 it/docker/Dockerfile delete mode 100644 it/docker/Dockerfile_17 delete mode 100644 it/packer/README.md delete mode 100644 it/packer/setup.ps1 delete mode 100644 it/packer/sonar-scanner-cli-qa.json diff --git a/.cirrus.yml b/.cirrus.yml index 109330d..1c2b4cb 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -1,5 +1,7 @@ -# content of service-account-credentials.json, used to access to Google Cloud Platform -gcp_credentials: ENCRYPTED[!e5f7207bd8d02d383733bef47e18296ac32e3b7d22eb480354e8dd8fdc0004be45a8a4e72c797bd66ee94eb3340fa363!] +aws_credentials: + role_arn: arn:aws:iam::275878209202:role/CirrusCI-prod + role_session_name: cirrus + region: eu-central-1 # # ENV VARIABLES @@ -31,11 +33,21 @@ env: # # RE-USABLE CONFIGS # -container_definition: &CONTAINER_DEFINITION - image: us.gcr.io/sonarqube-team/base:j11-m3-latest - cluster_name: cirrus-ci-cluster - zone: us-central1-a +eks_container: &EKS_CONTAINER + region: eu-central-1 + cluster_name: CirrusCI-prod namespace: default + image: 275878209202.dkr.ecr.eu-central-1.amazonaws.com/base:j11-m3-latest + cpu: 1 + memory: 2G + +ec2_instance: &EC2_INSTANCE_WINDOWS + experimental: true # see https://github.com/cirruslabs/cirrus-ci-docs/issues/1051 + region: eu-central-1 + subnet_id: subnet-063c427f490da35b9 + type: t2.2xlarge + image: lt-base-windows-jdk11-v* + platform: windows only_sonarsource_qa: &ONLY_SONARSOURCE_QA only_if: $CIRRUS_USER_COLLABORATOR == 'true' && ($CIRRUS_PR != "" || $CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "dogfood-on-.*") @@ -45,10 +57,8 @@ only_sonarsource_qa: &ONLY_SONARSOURCE_QA # TASKS # build_task: - gke_container: - <<: *CONTAINER_DEFINITION - cpu: 1 - memory: 2G + eks_container: + <<: *EKS_CONTAINER env: SONAR_TOKEN: ENCRYPTED[!b6fd814826c51e64ee61b0b6f3ae621551f6413383f7170f73580e2e141ac78c4b134b506f6288c74faa0dd564c05a29!] SONAR_HOST_URL: https://next.sonarqube.com/sonarqube @@ -66,15 +76,8 @@ linux_qa_task: depends_on: - build <<: *ONLY_SONARSOURCE_QA - gke_container: - dockerfile: it/docker/Dockerfile - builder_image_project: sonarqube-team - builder_image_name: docker-builder-v20200915 - cluster_name: cirrus-ci-cluster - zone: us-central1-a - namespace: default - cpu: 1 - memory: 2G + eks_container: + <<: *EKS_CONTAINER env: matrix: - SQ_VERSION: LATEST_RELEASE[7.9] @@ -94,15 +97,9 @@ linux_qa_java17_task: depends_on: - build <<: *ONLY_SONARSOURCE_QA - gke_container: - dockerfile: it/docker/Dockerfile_17 - builder_image_project: sonarqube-team - builder_image_name: docker-builder-v20200915 - cluster_name: cirrus-ci-cluster - zone: us-central1-a - namespace: default - cpu: 1 - memory: 2G + eks_container: + <<: *EKS_CONTAINER + image: 275878209202.dkr.ecr.eu-central-1.amazonaws.com/base:j17-m3-latest env: matrix: - SQ_VERSION: LATEST_RELEASE[8.9] @@ -117,33 +114,12 @@ linux_qa_java17_task: cleanup_before_cache_script: - cleanup_maven_repository -create_win_vm_task: - <<: *ONLY_SONARSOURCE_QA - skip: "!changesInclude('it/packer/setup.ps1', 'it/packer/sonar-scanner-cli-qa.json')" - gce_instance: - image_project: sonarqube-team - image_family: packer-builder - zone: us-central1-a - type: n1-standard-8 - use_ssd: true - scopes: - - cloud-platform - build_script: - - packer build -force it/packer/sonar-scanner-cli-qa.json - win_qa_task: depends_on: - - create_win_vm - build <<: *ONLY_SONARSOURCE_QA - gce_instance: - image_project: sonarqube-team - # This VM is built using Packer, see "create_win_vm_task" above. - image_name: sonar-scanner-cli-qa - platform: windows - zone: us-central1-a - type: n1-standard-8 - use_ssd: true + ec2_instance: + <<: *EC2_INSTANCE_WINDOWS env: CIRRUS_SHELL: bash matrix: @@ -164,8 +140,8 @@ promote_task: - linux_qa - win_qa <<: *ONLY_SONARSOURCE_QA - gke_container: - <<: *CONTAINER_DEFINITION + eks_container: + <<: *EKS_CONTAINER cpu: 0.5 memory: 500M maven_cache: diff --git a/it/docker/Dockerfile b/it/docker/Dockerfile deleted file mode 100644 index ae52d56..0000000 --- a/it/docker/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -#------------------------------------------------------------------------------ -# Installs NodeJS, which is needed for running the Linux ITs. -# -# Build from the basedir: -# docker build -f it/docker/Dockerfile-qa -t sonar-scanner-cli-qa it/docker -# -# Verify the content of the image by running a shell session in it: -# docker run -it sonar-scanner-cli-qa bash -# -# CirrusCI builds the image when needed. No need to manually upload it to -# Google Cloud Container Registry. See section "gke_container" of .cirrus.yml -#------------------------------------------------------------------------------ - -FROM us.gcr.io/sonarqube-team/base:j11-m3-latest - -USER root - -RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - -RUN apt-get install -y nodejs - -USER sonarsource diff --git a/it/docker/Dockerfile_17 b/it/docker/Dockerfile_17 deleted file mode 100644 index 7f17f1e..0000000 --- a/it/docker/Dockerfile_17 +++ /dev/null @@ -1,21 +0,0 @@ -#------------------------------------------------------------------------------ -# Installs NodeJS, which is needed for running the Linux ITs. -# -# Build from the basedir: -# docker build -f it/docker/Dockerfile-qa -t sonar-scanner-cli-qa it/docker -# -# Verify the content of the image by running a shell session in it: -# docker run -it sonar-scanner-cli-qa bash -# -# CirrusCI builds the image when needed. No need to manually upload it to -# Google Cloud Container Registry. See section "gke_container" of .cirrus.yml -#------------------------------------------------------------------------------ - -FROM us.gcr.io/sonarqube-team/base:j17-m3-latest - -USER root - -RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - -RUN apt-get install -y nodejs - -USER sonarsource diff --git a/it/packer/README.md b/it/packer/README.md deleted file mode 100644 index f7c5da5..0000000 --- a/it/packer/README.md +++ /dev/null @@ -1,23 +0,0 @@ -Custom Windows VM image for sonar-scanner-cli Windows ITs -========================================================= - -This defines a custom Windows image necessary for the ITs. It contains all [build tools helpers](https://github.com/SonarSource/buildTools/blob/docker/bin/), as well as Node JS, which is needed to scan the example projects. - -How to build this VM image --------------------------- - -*This isn't supposed to be built by hand.* We have a special image on our Google Cloud project, called *packer-builder-v1*. This image gets started up by Cirrus CI in the `create_win_vm_task` (see [`../../.cirrus.yml`](../../.cirrus.yml)), and will use [Packer](https://packer.io/) to create our custom VM image. The Packer instructions are contained in the `sonar-scanner-cli-qa.json` file. - -Note that this image is rebuilt by Cirrus CI every time the `sonar-scanner-cli-qa.json` or `setup.ps1` files change (see the `create_win_vm_task`'s `skip` instruction in [`../../.cirrus.yml`](../../.cirrus.yml)). If no changes are detected, the build will be skipped, and the previously existing image will be used. - -How to debug this VM image --------------------------- - -1. Log on to [Google Cloud](http://console.cloud.google.com/) -2. Go to our SonarQube project (`sonarqube-team`) -3. Under *Compute Engine > Images*, you should see *packer-builder-v1*. Start a new VM with this image. - This image is pre-configured for using Packer, as well as pushing new VM images to our SonarQube project. -4. Once started, SSH into this VM (you can do this directly via the browser). -5. `sudo su` to use the root user (which is configured to use the GCE service account). - You can now add packer JSON files, and run the `packer build` command to test your new images. **Make sure you remove any test images from GCE.** - diff --git a/it/packer/setup.ps1 b/it/packer/setup.ps1 deleted file mode 100644 index bfaca02..0000000 --- a/it/packer/setup.ps1 +++ /dev/null @@ -1,60 +0,0 @@ -$ErrorActionPreference = 'Stop' - -function Install-Chocolatey { - # Run the installer. - Set-ExecutionPolicy Bypass -Scope Process -Force; Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) -} - -function Install-NodeJs { - choco install -y nodejs -} - -function Install-Buildtools { - $path = "${env:Temp}\buildTools.zip" - - # Fetch the build tools archive. - [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 - (New-Object System.Net.WebClient).DownloadFile('https://github.com/SonarSource/buildTools/archive/docker.zip', $path) - - # Extract the archive to the C drive. - Add-Type -AssemblyName System.IO.Compression.FileSystem - [System.IO.Compression.ZipFile]::ExtractToDirectory($path, 'C:\') - - # Update global PATH. - $currentPath = (Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).Path - $updatedPath = $currentPath+';C:\buildTools-docker\bin' - Set-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH -Value $updatedPath - - # Remove archive. - del $path -} - -function Install-Maven { - choco install -y openjdk11 --version 11.0.4.11 - choco install -y maven --version 3.6.2 -} - -function Install-Git { - # We use Git to enable Unix Tools. This will allow us to use Bash-style - # commands in .cirrus.yml, like "source". - choco install -y git --version 2.23.0 --package-parameters "/GitAndUnixToolsOnPath" -} - -Write-Host "Install chocolatey" -Install-Chocolatey - -Write-Host "Install Maven" -Install-Maven - -Write-Host "Install NodeJs" -Install-NodeJs - -Write-Host "Install Unix Tools" -Install-Git - -Write-Host "Set up build tools" -Install-Buildtools - -# Disable antivirus analysis on C drive. -Write-Host "Finalize VM configuration" -Set-MpPreference -ScanAvgCPULoadFactor 5 -ExclusionPath "C:\" diff --git a/it/packer/sonar-scanner-cli-qa.json b/it/packer/sonar-scanner-cli-qa.json deleted file mode 100644 index 215ee90..0000000 --- a/it/packer/sonar-scanner-cli-qa.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "builders": [ - { - "type": "googlecompute", - "project_id": "sonarqube-team", - "source_image": "windows-server-1809-dc-core-v20200813", - "image_name": "sonar-scanner-cli-qa", - "disk_size": "50", - "machine_type": "n1-standard-1", - "communicator": "winrm", - "winrm_username": "packer_user", - "winrm_insecure": true, - "winrm_use_ssl": true, - "metadata": { - "windows-startup-script-cmd": "winrm quickconfig -quiet & net user /add packer_user & net localgroup administrators packer_user /add & winrm set winrm/config/service/auth @{Basic=\"true\"}" - }, - "zone": "us-central1-a", - "tags": ["packer"] - } - ], - "provisioners": [ - { - "type": "powershell", - "scripts": [ - "{{template_dir}}/setup.ps1" - ] - } - ] -} -- 2.39.5