1 year ago · 5db70deb37
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -1,5 +1,5 @@
 aws_credentials:
  role_arn: arn:aws:iam::166916561812:role/CirrusCI-staging
  role_arn: arn:aws:iam::275878209202:role/CirrusCI-prod
  role_session_name: cirrus
  region: eu-central-1

@@ -33,28 +33,21 @@ env:
 #
 # RE-USABLE CONFIGS
 #
 container_definition: &CONTAINER_DEFINITION
 eks_container: &EKS_CONTAINER
  region: eu-central-1
  cluster_name: CirrusCI-staging
  cluster_name: CirrusCI-prod
  namespace: default

 eks_container: &EKS_CONTAINER
  <<: *CONTAINER_DEFINITION
  image: 166916561812.dkr.ecr.eu-central-1.amazonaws.com/base:j11-m3-latest

 eks_container_builder: &EKS_DOCKER_BUILDER
  <<: *CONTAINER_DEFINITION
  builder_role: cirrus-builder
  builder_image: docker-builder-v*
  builder_instance_type: t2.small
  builder_subnet_id: subnet-0a586a671ae59a796
  image: 275878209202.dkr.ecr.eu-central-1.amazonaws.com/base:j11-m3-latest
  cpu: 1
  memory: 2G

 ec2_instance: &EC2_INSTANCE
 ec2_instance: &EC2_INSTANCE_WINDOWS
  experimental: true # see https://github.com/cirruslabs/cirrus-ci-docs/issues/1051
  region: eu-central-1
  subnet_id: subnet-0a586a671ae59a796
  subnet_id: subnet-063c427f490da35b9
  type: t2.2xlarge
  image: lt-base-windows-jdk11-v*
  platform: windows

 only_sonarsource_qa: &ONLY_SONARSOURCE_QA
  only_if: $CIRRUS_USER_COLLABORATOR == 'true' && ($CIRRUS_PR != "" || $CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "dogfood-on-.*")
@@ -66,8 +59,6 @@ only_sonarsource_qa: &ONLY_SONARSOURCE_QA
 build_task:
  eks_container:
    <<: *EKS_CONTAINER
    cpu: 1
    memory: 2G
  env:
    SONAR_TOKEN: ENCRYPTED[!b6fd814826c51e64ee61b0b6f3ae621551f6413383f7170f73580e2e141ac78c4b134b506f6288c74faa0dd564c05a29!]
    SONAR_HOST_URL: https://next.sonarqube.com/sonarqube
@@ -86,8 +77,7 @@ linux_qa_task:
    - build
  <<: *ONLY_SONARSOURCE_QA
  eks_container:
    <<: *EKS_DOCKER_BUILDER
    dockerfile: it/docker/Dockerfile
    <<: *EKS_CONTAINER
  env:
    matrix:
      - SQ_VERSION: LATEST_RELEASE[7.9]
@@ -108,8 +98,8 @@ linux_qa_java17_task:
    - build
  <<: *ONLY_SONARSOURCE_QA
  eks_container:
    <<: *EKS_DOCKER_BUILDER
    dockerfile: it/docker/Dockerfile_17
    <<: *EKS_CONTAINER
    image: 275878209202.dkr.ecr.eu-central-1.amazonaws.com/base:j17-m3-latest
  env:
    matrix:
      - SQ_VERSION: LATEST_RELEASE[8.9]
@@ -124,43 +114,31 @@ linux_qa_java17_task:
  cleanup_before_cache_script:
    - cleanup_maven_repository

 #create_win_vm_task:
 #  <<: *ONLY_SONARSOURCE_QA
 #  skip: "!changesInclude('it/packer/setup.ps1', 'it/packer/sonar-scanner-cli-qa.json')"
 #  ec2_instance:
 #    <<: *EC2_INSTANCE
 #    image: packer-builder-v*
 #  build_script:
 #    - packer build -force it/packer/sonar-scanner-cli-qa.json

 #win_qa_task:
 #  depends_on:
 #    - create_win_vm
 #    - build
 #  <<: *ONLY_SONARSOURCE_QA
 #  ec2_instance:
 #    <<: *EC2_INSTANCE
 #    image: sonar-scanner-cli-qa
 #    platform: windows
 #  env:
 #    CIRRUS_SHELL: bash
 #    matrix:
 #      - SQ_VERSION: LATEST_RELEASE[7.9]
 #      - SQ_VERSION: DEV
 #  maven_cache:
 #    folder: ${CIRRUS_WORKING_DIR}/.m2/repository
 #  qa_script:
 #    - source cirrus-env QA
 #    - source set_maven_build_version $BUILD_NUMBER
 #    - cd it
 #    - mvn -B -e -Dsonar.runtimeVersion="$SQ_VERSION" -Dmaven.test.redirectTestOutputToFile=false verify
 #  cleanup_before_cache_script:
 #    - cleanup_maven_repository
 win_qa_task:
  depends_on:
    - build
  <<: *ONLY_SONARSOURCE_QA
  ec2_instance:
    <<: *EC2_INSTANCE_WINDOWS
  env:
    CIRRUS_SHELL: bash
    matrix:
      - SQ_VERSION: LATEST_RELEASE[7.9]
      - SQ_VERSION: DEV
  maven_cache:
    folder: ${CIRRUS_WORKING_DIR}/.m2/repository
  qa_script:
    - source cirrus-env QA
    - source set_maven_build_version $BUILD_NUMBER
    - cd it
    - mvn -B -e -Dsonar.runtimeVersion="$SQ_VERSION" -Dmaven.test.redirectTestOutputToFile=false verify
  cleanup_before_cache_script:
    - cleanup_maven_repository

 promote_task:
  depends_on:
    - linux_qa
 #    - win_qa
    - win_qa
  <<: *ONLY_SONARSOURCE_QA
  eks_container:
    <<: *EKS_CONTAINER
--- a/it/docker/Dockerfile
+++ b/it/docker/Dockerfile
@@ -1,20 +0,0 @@
 #------------------------------------------------------------------------------
 # Installs NodeJS, which is needed for running the Linux ITs.
 #
 # Build from the basedir:
 #   docker build -f it/docker/Dockerfile -t sonar-scanner-cli-qa it/docker
 #
 # Verify the content of the image by running a shell session in it:
 #   docker run -it sonar-scanner-cli-qa bash
 #
 # CirrusCI builds the image when needed. No need to manually upload it.
 #------------------------------------------------------------------------------

 FROM 166916561812.dkr.ecr.eu-central-1.amazonaws.com/base:j11-m3-latest

 USER root

 RUN curl -sL https://deb.nodesource.com/setup_10.x | bash -
 RUN apt-get install -y nodejs

 USER sonarsource
--- a/it/docker/Dockerfile_17
+++ b/it/docker/Dockerfile_17
@@ -1,20 +0,0 @@
 #------------------------------------------------------------------------------
 # Installs NodeJS, which is needed for running the Linux ITs.
 #
 # Build from the basedir:
 #   docker build -f it/docker/Dockerfile_17 -t sonar-scanner-cli-qa-17 it/docker
 #
 # Verify the content of the image by running a shell session in it:
 #   docker run -it sonar-scanner-cli-qa bash
 #
 # CirrusCI builds the image when needed. No need to manually upload it.
 #------------------------------------------------------------------------------

 FROM 166916561812.dkr.ecr.eu-central-1.amazonaws.com/base:j17-m3-latest

 USER root

 RUN curl -sL https://deb.nodesource.com/setup_10.x | bash -
 RUN apt-get install -y nodejs

 USER sonarsource
--- a/it/packer/README.md
+++ b/it/packer/README.md
@@ -1,23 +0,0 @@
 Custom Windows VM image for sonar-scanner-cli Windows ITs
 =========================================================

 This defines a custom Windows image necessary for the ITs. It contains all [build tools helpers](https://github.com/SonarSource/buildTools/blob/docker/bin/), as well as Node JS, which is needed to scan the example projects.

 How to build this VM image
 --------------------------

 *This isn't supposed to be built by hand.* We have a special image on our Google Cloud project, called *packer-builder-v1*. This image gets started up by Cirrus CI in the `create_win_vm_task` (see [`../../.cirrus.yml`](../../.cirrus.yml)), and will use [Packer](https://packer.io/) to create our custom VM image. The Packer instructions are contained in the `sonar-scanner-cli-qa.json` file.

 Note that this image is rebuilt by Cirrus CI every time the `sonar-scanner-cli-qa.json` or `setup.ps1` files change (see the `create_win_vm_task`'s `skip` instruction in [`../../.cirrus.yml`](../../.cirrus.yml)). If no changes are detected, the build will be skipped, and the previously existing image will be used.

 How to debug this VM image
 --------------------------

 1. Log on to [Google Cloud](http://console.cloud.google.com/)
 2. Go to our SonarQube project (`sonarqube-team`)
 3. Under *Compute Engine > Images*, you should see *packer-builder-v1*. Start a new VM with this image.
   This image is pre-configured for using Packer, as well as pushing new VM images to our SonarQube project.
 4. Once started, SSH into this VM (you can do this directly via the browser).
 5. `sudo su` to use the root user (which is configured to use the GCE service account).
   You can now add packer JSON files, and run the `packer build` command to test your new images. **Make sure you remove any test images from GCE.**

--- a/it/packer/setup.ps1
+++ b/it/packer/setup.ps1
@@ -1,60 +0,0 @@
 $ErrorActionPreference = 'Stop'

 function Install-Chocolatey {
  # Run the installer.
  Set-ExecutionPolicy Bypass -Scope Process -Force; Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
 }

 function Install-NodeJs {
  choco install -y nodejs
 }

 function Install-Buildtools {
  $path = "${env:Temp}\buildTools.zip"

  # Fetch the build tools archive.
  [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
  (New-Object System.Net.WebClient).DownloadFile('https://github.com/SonarSource/buildTools/archive/docker.zip', $path)

  # Extract the archive to the C drive.
  Add-Type -AssemblyName System.IO.Compression.FileSystem
  [System.IO.Compression.ZipFile]::ExtractToDirectory($path, 'C:\')

  # Update global PATH.
  $currentPath = (Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).Path
  $updatedPath = $currentPath+';C:\buildTools-docker\bin'
  Set-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH -Value $updatedPath

  # Remove archive.
  del $path
 }

 function Install-Maven {
  choco install -y openjdk11 --version 11.0.4.11
  choco install -y maven --version 3.6.2
 }

 function Install-Git {
  # We use Git to enable Unix Tools. This will allow us to use Bash-style
  # commands in .cirrus.yml, like "source".
  choco install -y git --version 2.23.0 --package-parameters "/GitAndUnixToolsOnPath"
 }

 Write-Host "Install chocolatey"
 Install-Chocolatey

 Write-Host "Install Maven"
 Install-Maven

 Write-Host "Install NodeJs"
 Install-NodeJs

 Write-Host "Install Unix Tools"
 Install-Git

 Write-Host "Set up build tools"
 Install-Buildtools

 # Disable antivirus analysis on C drive.
 Write-Host "Finalize VM configuration"
 Set-MpPreference -ScanAvgCPULoadFactor 5 -ExclusionPath "C:\"
--- a/it/packer/sonar-scanner-cli-qa.json
+++ b/it/packer/sonar-scanner-cli-qa.json
@@ -1,37 +0,0 @@
 {
  "builders": [
    {
      "type": "amazon-ebs",
      "region": "eu-central-1",
      "source_ami_filter": {
        "filters": {
          "virtualization-type": "hvm",
          "name": "*Windows_Server-2019-English-Core-EKS_Optimized*",
          "root-device-type": "ebs"
        },
        "most_recent": true,
        "owners": "amazon"
      },
      "instance_type": "t2.medium",
      "ami_name": "sonar-scanner-cli-qa",
      "communicator": "winrm",
      "winrm_username": "packer_user",
      "winrm_insecure": true,
      "winrm_use_ssl": true,
      "user_data": "winrm quickconfig -quiet & net user /add packer_user & net localgroup administrators packer_user /add & winrm set winrm/config/service/auth @{Basic=\"true\"}",
      "tags": {
        "Base_AMI": "{{ .SourceAMI }}",
        "Base_AMI_Name": "{{ .SourceAMIName }}",
        "Extra": "{{ .SourceAMITags.TagName }}"
      }
    }
  ],
  "provisioners": [
    {
      "type": "powershell",
      "scripts": [
        "{{template_dir}}/setup.ps1"
      ]
    }
  ]
 }