aws_credentials: | aws_credentials: | ||||
role_arn: arn:aws:iam::166916561812:role/CirrusCI-staging | |||||
role_arn: arn:aws:iam::275878209202:role/CirrusCI-prod | |||||
role_session_name: cirrus | role_session_name: cirrus | ||||
region: eu-central-1 | region: eu-central-1 | ||||
# | # | ||||
# RE-USABLE CONFIGS | # RE-USABLE CONFIGS | ||||
# | # | ||||
container_definition: &CONTAINER_DEFINITION | |||||
eks_container: &EKS_CONTAINER | |||||
region: eu-central-1 | region: eu-central-1 | ||||
cluster_name: CirrusCI-staging | |||||
cluster_name: CirrusCI-prod | |||||
namespace: default | namespace: default | ||||
eks_container: &EKS_CONTAINER | |||||
<<: *CONTAINER_DEFINITION | |||||
image: 166916561812.dkr.ecr.eu-central-1.amazonaws.com/base:j11-m3-latest | |||||
eks_container_builder: &EKS_DOCKER_BUILDER | |||||
<<: *CONTAINER_DEFINITION | |||||
builder_role: cirrus-builder | |||||
builder_image: docker-builder-v* | |||||
builder_instance_type: t2.small | |||||
builder_subnet_id: subnet-0a586a671ae59a796 | |||||
image: 275878209202.dkr.ecr.eu-central-1.amazonaws.com/base:j11-m3-latest | |||||
cpu: 1 | cpu: 1 | ||||
memory: 2G | memory: 2G | ||||
ec2_instance: &EC2_INSTANCE | |||||
ec2_instance: &EC2_INSTANCE_WINDOWS | |||||
experimental: true # see https://github.com/cirruslabs/cirrus-ci-docs/issues/1051 | |||||
region: eu-central-1 | region: eu-central-1 | ||||
subnet_id: subnet-0a586a671ae59a796 | |||||
subnet_id: subnet-063c427f490da35b9 | |||||
type: t2.2xlarge | type: t2.2xlarge | ||||
image: lt-base-windows-jdk11-v* | |||||
platform: windows | |||||
only_sonarsource_qa: &ONLY_SONARSOURCE_QA | only_sonarsource_qa: &ONLY_SONARSOURCE_QA | ||||
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && ($CIRRUS_PR != "" || $CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "dogfood-on-.*") | only_if: $CIRRUS_USER_COLLABORATOR == 'true' && ($CIRRUS_PR != "" || $CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "dogfood-on-.*") | ||||
build_task: | build_task: | ||||
eks_container: | eks_container: | ||||
<<: *EKS_CONTAINER | <<: *EKS_CONTAINER | ||||
cpu: 1 | |||||
memory: 2G | |||||
env: | env: | ||||
SONAR_TOKEN: ENCRYPTED[!b6fd814826c51e64ee61b0b6f3ae621551f6413383f7170f73580e2e141ac78c4b134b506f6288c74faa0dd564c05a29!] | SONAR_TOKEN: ENCRYPTED[!b6fd814826c51e64ee61b0b6f3ae621551f6413383f7170f73580e2e141ac78c4b134b506f6288c74faa0dd564c05a29!] | ||||
SONAR_HOST_URL: https://next.sonarqube.com/sonarqube | SONAR_HOST_URL: https://next.sonarqube.com/sonarqube | ||||
- build | - build | ||||
<<: *ONLY_SONARSOURCE_QA | <<: *ONLY_SONARSOURCE_QA | ||||
eks_container: | eks_container: | ||||
<<: *EKS_DOCKER_BUILDER | |||||
dockerfile: it/docker/Dockerfile | |||||
<<: *EKS_CONTAINER | |||||
env: | env: | ||||
matrix: | matrix: | ||||
- SQ_VERSION: LATEST_RELEASE[7.9] | - SQ_VERSION: LATEST_RELEASE[7.9] | ||||
- build | - build | ||||
<<: *ONLY_SONARSOURCE_QA | <<: *ONLY_SONARSOURCE_QA | ||||
eks_container: | eks_container: | ||||
<<: *EKS_DOCKER_BUILDER | |||||
dockerfile: it/docker/Dockerfile_17 | |||||
<<: *EKS_CONTAINER | |||||
image: 275878209202.dkr.ecr.eu-central-1.amazonaws.com/base:j17-m3-latest | |||||
env: | env: | ||||
matrix: | matrix: | ||||
- SQ_VERSION: LATEST_RELEASE[8.9] | - SQ_VERSION: LATEST_RELEASE[8.9] | ||||
cleanup_before_cache_script: | cleanup_before_cache_script: | ||||
- cleanup_maven_repository | - cleanup_maven_repository | ||||
#create_win_vm_task: | |||||
# <<: *ONLY_SONARSOURCE_QA | |||||
# skip: "!changesInclude('it/packer/setup.ps1', 'it/packer/sonar-scanner-cli-qa.json')" | |||||
# ec2_instance: | |||||
# <<: *EC2_INSTANCE | |||||
# image: packer-builder-v* | |||||
# build_script: | |||||
# - packer build -force it/packer/sonar-scanner-cli-qa.json | |||||
#win_qa_task: | |||||
# depends_on: | |||||
# - create_win_vm | |||||
# - build | |||||
# <<: *ONLY_SONARSOURCE_QA | |||||
# ec2_instance: | |||||
# <<: *EC2_INSTANCE | |||||
# image: sonar-scanner-cli-qa | |||||
# platform: windows | |||||
# env: | |||||
# CIRRUS_SHELL: bash | |||||
# matrix: | |||||
# - SQ_VERSION: LATEST_RELEASE[7.9] | |||||
# - SQ_VERSION: DEV | |||||
# maven_cache: | |||||
# folder: ${CIRRUS_WORKING_DIR}/.m2/repository | |||||
# qa_script: | |||||
# - source cirrus-env QA | |||||
# - source set_maven_build_version $BUILD_NUMBER | |||||
# - cd it | |||||
# - mvn -B -e -Dsonar.runtimeVersion="$SQ_VERSION" -Dmaven.test.redirectTestOutputToFile=false verify | |||||
# cleanup_before_cache_script: | |||||
# - cleanup_maven_repository | |||||
win_qa_task: | |||||
depends_on: | |||||
- build | |||||
<<: *ONLY_SONARSOURCE_QA | |||||
ec2_instance: | |||||
<<: *EC2_INSTANCE_WINDOWS | |||||
env: | |||||
CIRRUS_SHELL: bash | |||||
matrix: | |||||
- SQ_VERSION: LATEST_RELEASE[7.9] | |||||
- SQ_VERSION: DEV | |||||
maven_cache: | |||||
folder: ${CIRRUS_WORKING_DIR}/.m2/repository | |||||
qa_script: | |||||
- source cirrus-env QA | |||||
- source set_maven_build_version $BUILD_NUMBER | |||||
- cd it | |||||
- mvn -B -e -Dsonar.runtimeVersion="$SQ_VERSION" -Dmaven.test.redirectTestOutputToFile=false verify | |||||
cleanup_before_cache_script: | |||||
- cleanup_maven_repository | |||||
promote_task: | promote_task: | ||||
depends_on: | depends_on: | ||||
- linux_qa | - linux_qa | ||||
# - win_qa | |||||
- win_qa | |||||
<<: *ONLY_SONARSOURCE_QA | <<: *ONLY_SONARSOURCE_QA | ||||
eks_container: | eks_container: | ||||
<<: *EKS_CONTAINER | <<: *EKS_CONTAINER |
#------------------------------------------------------------------------------ | |||||
# Installs NodeJS, which is needed for running the Linux ITs. | |||||
# | |||||
# Build from the basedir: | |||||
# docker build -f it/docker/Dockerfile -t sonar-scanner-cli-qa it/docker | |||||
# | |||||
# Verify the content of the image by running a shell session in it: | |||||
# docker run -it sonar-scanner-cli-qa bash | |||||
# | |||||
# CirrusCI builds the image when needed. No need to manually upload it. | |||||
#------------------------------------------------------------------------------ | |||||
FROM 166916561812.dkr.ecr.eu-central-1.amazonaws.com/base:j11-m3-latest | |||||
USER root | |||||
RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - | |||||
RUN apt-get install -y nodejs | |||||
USER sonarsource |
#------------------------------------------------------------------------------ | |||||
# Installs NodeJS, which is needed for running the Linux ITs. | |||||
# | |||||
# Build from the basedir: | |||||
# docker build -f it/docker/Dockerfile_17 -t sonar-scanner-cli-qa-17 it/docker | |||||
# | |||||
# Verify the content of the image by running a shell session in it: | |||||
# docker run -it sonar-scanner-cli-qa bash | |||||
# | |||||
# CirrusCI builds the image when needed. No need to manually upload it. | |||||
#------------------------------------------------------------------------------ | |||||
FROM 166916561812.dkr.ecr.eu-central-1.amazonaws.com/base:j17-m3-latest | |||||
USER root | |||||
RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - | |||||
RUN apt-get install -y nodejs | |||||
USER sonarsource |
Custom Windows VM image for sonar-scanner-cli Windows ITs | |||||
========================================================= | |||||
This defines a custom Windows image necessary for the ITs. It contains all [build tools helpers](https://github.com/SonarSource/buildTools/blob/docker/bin/), as well as Node JS, which is needed to scan the example projects. | |||||
How to build this VM image | |||||
-------------------------- | |||||
*This isn't supposed to be built by hand.* We have a special image on our Google Cloud project, called *packer-builder-v1*. This image gets started up by Cirrus CI in the `create_win_vm_task` (see [`../../.cirrus.yml`](../../.cirrus.yml)), and will use [Packer](https://packer.io/) to create our custom VM image. The Packer instructions are contained in the `sonar-scanner-cli-qa.json` file. | |||||
Note that this image is rebuilt by Cirrus CI every time the `sonar-scanner-cli-qa.json` or `setup.ps1` files change (see the `create_win_vm_task`'s `skip` instruction in [`../../.cirrus.yml`](../../.cirrus.yml)). If no changes are detected, the build will be skipped, and the previously existing image will be used. | |||||
How to debug this VM image | |||||
-------------------------- | |||||
1. Log on to [Google Cloud](http://console.cloud.google.com/) | |||||
2. Go to our SonarQube project (`sonarqube-team`) | |||||
3. Under *Compute Engine > Images*, you should see *packer-builder-v1*. Start a new VM with this image. | |||||
This image is pre-configured for using Packer, as well as pushing new VM images to our SonarQube project. | |||||
4. Once started, SSH into this VM (you can do this directly via the browser). | |||||
5. `sudo su` to use the root user (which is configured to use the GCE service account). | |||||
You can now add packer JSON files, and run the `packer build` command to test your new images. **Make sure you remove any test images from GCE.** | |||||
$ErrorActionPreference = 'Stop' | |||||
function Install-Chocolatey { | |||||
# Run the installer. | |||||
Set-ExecutionPolicy Bypass -Scope Process -Force; Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) | |||||
} | |||||
function Install-NodeJs { | |||||
choco install -y nodejs | |||||
} | |||||
function Install-Buildtools { | |||||
$path = "${env:Temp}\buildTools.zip" | |||||
# Fetch the build tools archive. | |||||
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 | |||||
(New-Object System.Net.WebClient).DownloadFile('https://github.com/SonarSource/buildTools/archive/docker.zip', $path) | |||||
# Extract the archive to the C drive. | |||||
Add-Type -AssemblyName System.IO.Compression.FileSystem | |||||
[System.IO.Compression.ZipFile]::ExtractToDirectory($path, 'C:\') | |||||
# Update global PATH. | |||||
$currentPath = (Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).Path | |||||
$updatedPath = $currentPath+';C:\buildTools-docker\bin' | |||||
Set-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH -Value $updatedPath | |||||
# Remove archive. | |||||
del $path | |||||
} | |||||
function Install-Maven { | |||||
choco install -y openjdk11 --version 11.0.4.11 | |||||
choco install -y maven --version 3.6.2 | |||||
} | |||||
function Install-Git { | |||||
# We use Git to enable Unix Tools. This will allow us to use Bash-style | |||||
# commands in .cirrus.yml, like "source". | |||||
choco install -y git --version 2.23.0 --package-parameters "/GitAndUnixToolsOnPath" | |||||
} | |||||
Write-Host "Install chocolatey" | |||||
Install-Chocolatey | |||||
Write-Host "Install Maven" | |||||
Install-Maven | |||||
Write-Host "Install NodeJs" | |||||
Install-NodeJs | |||||
Write-Host "Install Unix Tools" | |||||
Install-Git | |||||
Write-Host "Set up build tools" | |||||
Install-Buildtools | |||||
# Disable antivirus analysis on C drive. | |||||
Write-Host "Finalize VM configuration" | |||||
Set-MpPreference -ScanAvgCPULoadFactor 5 -ExclusionPath "C:\" |
{ | |||||
"builders": [ | |||||
{ | |||||
"type": "amazon-ebs", | |||||
"region": "eu-central-1", | |||||
"source_ami_filter": { | |||||
"filters": { | |||||
"virtualization-type": "hvm", | |||||
"name": "*Windows_Server-2019-English-Core-EKS_Optimized*", | |||||
"root-device-type": "ebs" | |||||
}, | |||||
"most_recent": true, | |||||
"owners": "amazon" | |||||
}, | |||||
"instance_type": "t2.medium", | |||||
"ami_name": "sonar-scanner-cli-qa", | |||||
"communicator": "winrm", | |||||
"winrm_username": "packer_user", | |||||
"winrm_insecure": true, | |||||
"winrm_use_ssl": true, | |||||
"user_data": "winrm quickconfig -quiet & net user /add packer_user & net localgroup administrators packer_user /add & winrm set winrm/config/service/auth @{Basic=\"true\"}", | |||||
"tags": { | |||||
"Base_AMI": "{{ .SourceAMI }}", | |||||
"Base_AMI_Name": "{{ .SourceAMIName }}", | |||||
"Extra": "{{ .SourceAMITags.TagName }}" | |||||
} | |||||
} | |||||
], | |||||
"provisioners": [ | |||||
{ | |||||
"type": "powershell", | |||||
"scripts": [ | |||||
"{{template_dir}}/setup.ps1" | |||||
] | |||||
} | |||||
] | |||||
} |