1 year ago · f38bc4dc98
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -1,5 +1,7 @@
 # content of service-account-credentials.json, used to access to Google Cloud Platform
 gcp_credentials: ENCRYPTED[!e5f7207bd8d02d383733bef47e18296ac32e3b7d22eb480354e8dd8fdc0004be45a8a4e72c797bd66ee94eb3340fa363!]
 aws_credentials:
  role_arn: arn:aws:iam::166916561812:role/CirrusCI-staging
  role_session_name: cirrus
  region: eu-central-1

 #
 # ENV VARIABLES
@@ -32,9 +34,9 @@ env:
 # RE-USABLE CONFIGS
 #
 container_definition: &CONTAINER_DEFINITION
  image: us.gcr.io/sonarqube-team/base:j11-m3-latest
  cluster_name: cirrus-ci-cluster
  zone: us-central1-a
  image: 166916561812.dkr.ecr.eu-central-1.amazonaws.com/base:j11-m3-latest
  region: eu-central-1
  cluster_name: CirrusCI-staging
  namespace: default

 only_sonarsource_qa: &ONLY_SONARSOURCE_QA
@@ -45,7 +47,7 @@ only_sonarsource_qa: &ONLY_SONARSOURCE_QA
 # TASKS
 #
 build_task:
  gke_container:
  eks_container:
    <<: *CONTAINER_DEFINITION
    cpu: 1
    memory: 2G
@@ -66,13 +68,8 @@ linux_qa_task:
  depends_on:
    - build
  <<: *ONLY_SONARSOURCE_QA
  gke_container:
    dockerfile: it/docker/Dockerfile
    builder_image_project: sonarqube-team
    builder_image_name: docker-builder-v20200915
    cluster_name: cirrus-ci-cluster
    zone: us-central1-a
    namespace: default
  eks_container:
    <<: *CONTAINER_DEFINITION
    cpu: 1
    memory: 2G
  env:
@@ -94,13 +91,9 @@ linux_qa_java17_task:
  depends_on:
    - build
  <<: *ONLY_SONARSOURCE_QA
  gke_container:
    dockerfile: it/docker/Dockerfile_17
    builder_image_project: sonarqube-team
    builder_image_name: docker-builder-v20200915
    cluster_name: cirrus-ci-cluster
    zone: us-central1-a
    namespace: default
  eks_container:
    <<: *CONTAINER_DEFINITION
    image: 166916561812.dkr.ecr.eu-central-1.amazonaws.com/base:j11-m3-latest
    cpu: 1
    memory: 2G
  env:
@@ -117,33 +110,17 @@ linux_qa_java17_task:
  cleanup_before_cache_script:
    - cleanup_maven_repository

 create_win_vm_task:
  <<: *ONLY_SONARSOURCE_QA
  skip: "!changesInclude('it/packer/setup.ps1', 'it/packer/sonar-scanner-cli-qa.json')"
  gce_instance:
    image_project: sonarqube-team
    image_family: packer-builder
    zone: us-central1-a
    type: n1-standard-8
    use_ssd: true
    scopes:
      - cloud-platform
  build_script:
    - packer build -force it/packer/sonar-scanner-cli-qa.json

 win_qa_task:
  depends_on:
    - create_win_vm
    - build
  <<: *ONLY_SONARSOURCE_QA
  gce_instance:
    image_project: sonarqube-team
    # This VM is built using Packer, see "create_win_vm_task" above.
    image_name: sonar-scanner-cli-qa
  ec2_instance:
    experimental: true # see https://github.com/cirruslabs/cirrus-ci-docs/issues/1051
    image: ami-0a1ee2fb28fe05df3
    region: eu-central-1
    subnet_id: subnet-0a586a671ae59a796
    type: t2.2xlarge
    platform: windows
    zone: us-central1-a
    type: n1-standard-8
    use_ssd: true
  env:
    CIRRUS_SHELL: bash
    matrix:
--- a/it/docker/Dockerfile
+++ b/it/docker/Dockerfile
@@ -1,21 +0,0 @@
 #------------------------------------------------------------------------------
 # Installs NodeJS, which is needed for running the Linux ITs.
 #
 # Build from the basedir:
 #   docker build -f it/docker/Dockerfile-qa -t sonar-scanner-cli-qa it/docker
 #
 # Verify the content of the image by running a shell session in it:
 #   docker run -it sonar-scanner-cli-qa bash
 #
 # CirrusCI builds the image when needed. No need to manually upload it to
 # Google Cloud Container Registry. See section "gke_container" of .cirrus.yml
 #------------------------------------------------------------------------------

 FROM us.gcr.io/sonarqube-team/base:j11-m3-latest

 USER root

 RUN curl -sL https://deb.nodesource.com/setup_10.x | bash -
 RUN apt-get install -y nodejs

 USER sonarsource
--- a/it/docker/Dockerfile_17
+++ b/it/docker/Dockerfile_17
@@ -1,21 +0,0 @@
 #------------------------------------------------------------------------------
 # Installs NodeJS, which is needed for running the Linux ITs.
 #
 # Build from the basedir:
 #   docker build -f it/docker/Dockerfile-qa -t sonar-scanner-cli-qa it/docker
 #
 # Verify the content of the image by running a shell session in it:
 #   docker run -it sonar-scanner-cli-qa bash
 #
 # CirrusCI builds the image when needed. No need to manually upload it to
 # Google Cloud Container Registry. See section "gke_container" of .cirrus.yml
 #------------------------------------------------------------------------------

 FROM us.gcr.io/sonarqube-team/base:j17-m3-latest

 USER root

 RUN curl -sL https://deb.nodesource.com/setup_10.x | bash -
 RUN apt-get install -y nodejs

 USER sonarsource
--- a/it/packer/README.md
+++ b/it/packer/README.md
@@ -1,23 +0,0 @@
 Custom Windows VM image for sonar-scanner-cli Windows ITs
 =========================================================

 This defines a custom Windows image necessary for the ITs. It contains all [build tools helpers](https://github.com/SonarSource/buildTools/blob/docker/bin/), as well as Node JS, which is needed to scan the example projects.

 How to build this VM image
 --------------------------

 *This isn't supposed to be built by hand.* We have a special image on our Google Cloud project, called *packer-builder-v1*. This image gets started up by Cirrus CI in the `create_win_vm_task` (see [`../../.cirrus.yml`](../../.cirrus.yml)), and will use [Packer](https://packer.io/) to create our custom VM image. The Packer instructions are contained in the `sonar-scanner-cli-qa.json` file.

 Note that this image is rebuilt by Cirrus CI every time the `sonar-scanner-cli-qa.json` or `setup.ps1` files change (see the `create_win_vm_task`'s `skip` instruction in [`../../.cirrus.yml`](../../.cirrus.yml)). If no changes are detected, the build will be skipped, and the previously existing image will be used.

 How to debug this VM image
 --------------------------

 1. Log on to [Google Cloud](http://console.cloud.google.com/)
 2. Go to our SonarQube project (`sonarqube-team`)
 3. Under *Compute Engine > Images*, you should see *packer-builder-v1*. Start a new VM with this image.
   This image is pre-configured for using Packer, as well as pushing new VM images to our SonarQube project.
 4. Once started, SSH into this VM (you can do this directly via the browser).
 5. `sudo su` to use the root user (which is configured to use the GCE service account).
   You can now add packer JSON files, and run the `packer build` command to test your new images. **Make sure you remove any test images from GCE.**

--- a/it/packer/setup.ps1
+++ b/it/packer/setup.ps1
@@ -1,60 +0,0 @@
 $ErrorActionPreference = 'Stop'

 function Install-Chocolatey {
  # Run the installer.
  Set-ExecutionPolicy Bypass -Scope Process -Force; Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
 }

 function Install-NodeJs {
  choco install -y nodejs
 }

 function Install-Buildtools {
  $path = "${env:Temp}\buildTools.zip"

  # Fetch the build tools archive.
  [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
  (New-Object System.Net.WebClient).DownloadFile('https://github.com/SonarSource/buildTools/archive/docker.zip', $path)

  # Extract the archive to the C drive.
  Add-Type -AssemblyName System.IO.Compression.FileSystem
  [System.IO.Compression.ZipFile]::ExtractToDirectory($path, 'C:\')

  # Update global PATH.
  $currentPath = (Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).Path
  $updatedPath = $currentPath+';C:\buildTools-docker\bin'
  Set-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH -Value $updatedPath

  # Remove archive.
  del $path
 }

 function Install-Maven {
  choco install -y openjdk11 --version 11.0.4.11
  choco install -y maven --version 3.6.2
 }

 function Install-Git {
  # We use Git to enable Unix Tools. This will allow us to use Bash-style
  # commands in .cirrus.yml, like "source".
  choco install -y git --version 2.23.0 --package-parameters "/GitAndUnixToolsOnPath"
 }

 Write-Host "Install chocolatey"
 Install-Chocolatey

 Write-Host "Install Maven"
 Install-Maven

 Write-Host "Install NodeJs"
 Install-NodeJs

 Write-Host "Install Unix Tools"
 Install-Git

 Write-Host "Set up build tools"
 Install-Buildtools

 # Disable antivirus analysis on C drive.
 Write-Host "Finalize VM configuration"
 Set-MpPreference -ScanAvgCPULoadFactor 5 -ExclusionPath "C:\"
--- a/it/packer/sonar-scanner-cli-qa.json
+++ b/it/packer/sonar-scanner-cli-qa.json
@@ -1,29 +0,0 @@
 {
  "builders": [
    {
      "type": "googlecompute",
      "project_id": "sonarqube-team",
      "source_image": "windows-server-1809-dc-core-v20200813",
      "image_name": "sonar-scanner-cli-qa",
      "disk_size": "50",
      "machine_type": "n1-standard-1",
      "communicator": "winrm",
      "winrm_username": "packer_user",
      "winrm_insecure": true,
      "winrm_use_ssl": true,
      "metadata": {
        "windows-startup-script-cmd": "winrm quickconfig -quiet & net user /add packer_user & net localgroup administrators packer_user /add & winrm set winrm/config/service/auth @{Basic=\"true\"}"
      },
      "zone": "us-central1-a",
      "tags": ["packer"]
    }
  ],
  "provisioners": [
    {
      "type": "powershell",
      "scripts": [
        "{{template_dir}}/setup.ps1"
      ]
    }
  ]
 }