|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798 |
- env:
- GRADLE_OPTS: -Dorg.gradle.jvmargs="-XX:+PrintFlagsFinal -XshowSettings:vm -XX:+HeapDumpOnOutOfMemoryError -XX:+UnlockExperimentalVMOptions -Djava.security.egd=file:/dev/./urandom -Dfile.encoding=UTF8 -Duser.language=en -Duser.country=US"
- # to be replaced by other credentials
- ARTIFACTORY_PRIVATE_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader
- ARTIFACTORY_PRIVATE_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
- ARTIFACTORY_DEPLOY_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer
- ARTIFACTORY_DEPLOY_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token]
- ARTIFACTORY_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
- ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token]
- # download licenses for testing commercial editions
- GITHUB_TOKEN: VAULT[development/github/token/licenses-ro token]
- # notifications to burgr
- BURGR_URL: VAULT[development/kv/data/burgr data.url]
- BURGR_USERNAME: VAULT[development/kv/data/burgr data.cirrus_username]
- BURGR_PASSWORD: VAULT[development/kv/data/burgr data.cirrus_password]
- # analysis on next.sonarqube.com
- SONARQUBE_NEXT_TOKEN: VAULT[development/kv/data/next data.token]
- # to trigger docs deployment
- ELASTIC_PWD: VAULT[development/team/sonarqube/kv/data/elasticsearch-cloud data.password]
- CIRRUS_LOG_TIMESTAMP: true
- BRANCH_MAIN: "master"
- BRANCH_NIGHTLY: "branch-nightly-build"
- BRANCH_PATTERN_MAINTENANCE: "branch-.*"
- BRANCH_PATTERN_PUBLIC: "public_.*"
-
- auto_cancellation: $CIRRUS_BRANCH != $BRANCH_MAIN && $CIRRUS_BRANCH !=~ $BRANCH_PATTERN_MAINTENANCE
-
- skip_public_branches_template: &SKIP_PUBLIC_BRANCHES_TEMPLATE
- skip: $CIRRUS_BRANCH =~ $BRANCH_PATTERN_PUBLIC
-
- cache_dependencies_dependant_task_template:
- &CACHE_DEPENDENCIES_DEPENDANT_TASK_TEMPLATE
- depends_on: cache_dependencies
-
- build_dependant_task_template: &BUILD_DEPENDANT_TASK_TEMPLATE
- depends_on: build
-
- master_and_nightly_task_template: &MASTER_AND_NIGHTLY_TASK_TEMPLATE
- only_if: $CIRRUS_BRANCH == $BRANCH_NIGHTLY || $CIRRUS_BRANCH == $BRANCH_MAIN
-
- master_or_nightly_or_maintenance_task_template:
- &MASTER_OR_NIGHTLY_OR_MAINTENANCE_TASK_TEMPLATE
- only_if: $CIRRUS_BRANCH == $BRANCH_NIGHTLY || $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE
-
- except_nightly_task_template: &EXCEPT_ON_NIGHTLY_TASK_TEMPLATE
- only_if: $CIRRUS_BRANCH != $BRANCH_NIGHTLY
-
- database_related_task_template: &DATABASE_RELATED_TASK_TEMPLATE
- only_if: >-
- $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY ||
- changesInclude('server/sonar-db-dao/**/*Mapper.xml', 'server/sonar-db-migration/**/DbVersion*.java', 'server/sonar-db-dao/**/*Dao.java', 'server/sonar-db-core/src/main/java/org/sonar/db/*.java')
-
- saml_task_template: &SAML_TASK_TEMPLATE
- only_if: >-
- $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY ||
- changesInclude('server/sonar-auth-saml/src/main/java/**/*.java', 'server/sonar-auth-saml/src/main/resources/**/*', 'server/sonar-db-dao/src/main/**/SAML*.java', 'private/it-core/src/test/java/org/sonarqube/tests/saml/*.java', 'server/sonar-webserver-webapi/src/main/java/org/sonar/server/saml/**/*.java')
-
- ldap_task_template: &LDAP_TASK_TEMPLATE
- only_if: >-
- $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY ||
- changesInclude('server/sonar-auth-ldap/src/main/java/**/*.java', 'server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/LdapCredentialsAuthentication.java', 'private/it-core/src/test/java/org/sonarqube/tests/ldap/*.java')
-
- github_task_template: &GITHUB_TASK_TEMPLATE
- only_if: >-
- $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY ||
- changesInclude('private/core-extension-developer-server/src/main/java/com/sonarsource/branch/pr/github/**/*.java',
- 'private/core-extension-developer-server/src/main/java/com/sonarsource/github/**/*.java',
- 'private/it-branch/it-tests/src/test/java/com/sonarsource/branch/it/suite/pr/github/**/*.java',
- 'private/it-branch/it-tests/src/test/java/com/sonarsource/provisioning/github/*.java'
- )
-
- gitlab_task_template: &GITLAB_TASK_TEMPLATE
- only_if: >-
- $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY ||
- changesInclude('private/core-extension-developer-server/src/main/java/com/sonarsource/branch/pr/gitlab/**/*.java', 'private/it-branch/it-tests/src/test/java/com/sonarsource/branch/it/suite/pr/gitlab/**/*.java')
-
- azure_task_template: &AZURE_TASK_TEMPLATE
- only_if: >-
- $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY ||
- changesInclude('private/core-extension-developer-server/src/main/java/com/sonarsource/branch/pr/azuredevops/**/*.java', 'private/it-branch/it-tests/src/test/java/com/sonarsource/branch/it/suite/pr/azure/**/*.java')
-
- bitbucket_server_task_template: &BITBUCKET_SERVER_TASK_TEMPLATE
- only_if: >-
- $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY ||
- changesInclude('private/core-extension-developer-server/src/main/java/com/sonarsource/branch/pr/bitbucketserver/**/*.java', 'private/it-branch/it-tests/src/test/java/com/sonarsource/branch/it/suite/pr/bitbucketserver/**/*.java')
-
- bitbucket_cloud_task_template: &BITBUCKET_CLOUD_TASK_TEMPLATE
- only_if: >-
- $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY ||
- changesInclude('private/core-extension-developer-server/src/main/java/com/sonarsource/branch/pr/bitbucket/**/*.java', 'private/it-branch/it-tests/src/test/java/com/sonarsource/branch/it/suite/pr/bitbucketcloud/**/*.java')
-
- docker_build_container_template: &CONTAINER_TEMPLATE
- region: eu-central-1
- cluster_name: ${CIRRUS_CLUSTER_NAME}
- namespace: default
- builder_subnet_id: ${CIRRUS_AWS_SUBNET}
- builder_role: cirrus-builder
- builder_image: docker-builder-v*
- builder_instance_type: t2.small
- dockerfile: private/docker/Dockerfile-build
- docker_arguments:
- CIRRUS_AWS_ACCOUNT: ${CIRRUS_AWS_ACCOUNT}
- cpu: 1
- memory: 2Gb
-
- vm_instance_template: &VM_TEMPLATE
- experimental: true # see https://github.com/cirruslabs/cirrus-ci-docs/issues/1051
- image: docker-builder-v*
- type: t2.small
- region: eu-central-1
- subnet_id: ${CIRRUS_AWS_SUBNET}
- disk: 10
- cpu: 4
- memory: 8G
-
- oracle_additional_container_template: &ORACLE_ADDITIONAL_CONTAINER_TEMPLATE
- name: oracle
- image: gvenzl/oracle-xe:21-faststart
- port: 1521
- cpu: 2
- memory: 5Gb
- env:
- ORACLE_PASSWORD: sonarqube
- APP_USER: sonarqube
- APP_USER_PASSWORD: sonarqube
-
- postgres_additional_container_template: &POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
- name: postgres
- image: public.ecr.aws/docker/library/postgres:15
- port: 5432
- cpu: 1
- memory: 1Gb
- env:
- POSTGRES_USER: postgres
- POSTGRES_PASSWORD: postgres
-
- default_artifact_template: &DEFAULT_ARTIFACTS_TEMPLATE
- on_failure:
- jest_junit_cleanup_script: >
- find . -type f -wholename "**/build/test-results/test-jest/junit.xml" -exec
- xmlstarlet edit --inplace --delete '//testsuite[@errors=0 and @failures=0]' {} \;
- junit_artifacts:
- path: "**/build/test-results/**/*.xml"
- type: "text/xml"
- format: junit
- reports_artifacts:
- path: "**/build/reports/**/*"
- screenshots_artifacts:
- path: "**/build/screenshots/**/*"
- always:
- profile_artifacts:
- path: "**/build/reports/profile/**/*"
-
- yarn_cache_template: &YARN_CACHE_TEMPLATE
- yarn_cache:
- folder: "~/.yarn/berry/cache"
- fingerprint_script: |
- cat \
- server/sonar-web/yarn.lock \
- private/core-extension-developer-server/yarn.lock \
- private/core-extension-enterprise-server/yarn.lock \
- private/core-extension-license/yarn.lock \
- private/core-extension-securityreport/yarn.lock
-
- gradle_cache_template: &GRADLE_CACHE_TEMPLATE
- gradle_cache:
- folder: "~/.gradle/caches"
- fingerprint_script: find -type f \( -name "*.gradle*" -or -name "gradle*.properties" \) | sort | xargs cat
-
- jar_cache_template: &JAR_CACHE_TEMPLATE
- jar_cache:
- folder: "**/build/libs/*.jar"
- fingerprint_key: jar-cache_$CIRRUS_BUILD_ID
-
- eslint_report_cache_template: &ESLINT_REPORT_CACHE_TEMPLATE
- eslint_report_cache:
- folders:
- - server/sonar-web/eslint-report/
- - server/sonar-web/design-system/eslint-report/
- - private/core-extension-securityreport/eslint-report/
- - private/core-extension-license/eslint-report/
- - private/core-extension-enterprise-server/eslint-report/
- - private/core-extension-developer-server/eslint-report/
- fingerprint_script: echo $CIRRUS_BUILD_ID
-
- jest_report_cache_template: &JEST_REPORT_CACHE_TEMPLATE
- jest_report_cache:
- folders:
- - server/sonar-web/coverage/
- - server/sonar-web/design-system/coverage/
- - private/core-extension-securityreport/coverage/
- - private/core-extension-license/coverage/
- - private/core-extension-enterprise-server/coverage/
- - private/core-extension-developer-server/coverage/
- fingerprint_script: echo $CIRRUS_BUILD_ID
-
- junit_report_cache_template: &JUNIT_REPORT_CACHE_TEMPLATE
- junit_report_cache:
- folders:
- - "**/reports/jacoco"
- - "**/test-results/test"
- fingerprint_script: echo $CIRRUS_BUILD_ID
-
- default_template: &DEFAULT_TEMPLATE
- <<: *SKIP_PUBLIC_BRANCHES_TEMPLATE
- clone_script: |
- git init
- git remote add origin https://x-access-token:${CIRRUS_REPO_CLONE_TOKEN}@github.com/${CIRRUS_REPO_FULL_NAME}.git
- git fetch origin $CIRRUS_CHANGE_IN_REPO $FETCH_DEPTH
- git reset --hard $CIRRUS_CHANGE_IN_REPO
- env:
- FETCH_DEPTH: --depth=1
-
- cache_dependencies_task:
- <<: *DEFAULT_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- eks_container:
- <<: *CONTAINER_TEMPLATE
- cpu: 2
- memory: 4Gb
- script:
- - ./private/cirrus/cirrus-cache-dependencies.sh
- <<: *DEFAULT_ARTIFACTS_TEMPLATE
-
- build_task:
- <<: *DEFAULT_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- <<: *YARN_CACHE_TEMPLATE
- <<: *JAR_CACHE_TEMPLATE
- <<: *CACHE_DEPENDENCIES_DEPENDANT_TASK_TEMPLATE
- eks_container:
- <<: *CONTAINER_TEMPLATE
- cpu: 7.5
- memory: 8Gb
- script:
- - ./private/cirrus/cirrus-build.sh
- <<: *DEFAULT_ARTIFACTS_TEMPLATE
-
- publish_task:
- <<: *DEFAULT_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- <<: *BUILD_DEPENDANT_TASK_TEMPLATE
- eks_container:
- <<: *CONTAINER_TEMPLATE
- cpu: 4
- memory: 4Gb
- env:
- ORG_GRADLE_PROJECT_signingKey: VAULT[development/kv/data/sign data.key]
- ORG_GRADLE_PROJECT_signingPassword: VAULT[development/kv/data/sign data.passphrase]
- ORG_GRADLE_PROJECT_signingKeyId: VAULT[development/kv/data/sign data.key_id]
- script:
- - ./private/cirrus/cirrus-publish.sh
-
- yarn_lint_task:
- <<: *DEFAULT_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- <<: *YARN_CACHE_TEMPLATE
- <<: *ESLINT_REPORT_CACHE_TEMPLATE
- <<: *CACHE_DEPENDENCIES_DEPENDANT_TASK_TEMPLATE
- eks_container:
- <<: *CONTAINER_TEMPLATE
- cpu: 3
- memory: 6Gb
- script:
- - ./private/cirrus/cirrus-yarn-lint-report.sh
- <<: *DEFAULT_ARTIFACTS_TEMPLATE
-
- yarn_check_task:
- <<: *DEFAULT_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- <<: *YARN_CACHE_TEMPLATE
- <<: *CACHE_DEPENDENCIES_DEPENDANT_TASK_TEMPLATE
- eks_container:
- <<: *CONTAINER_TEMPLATE
- cpu: 3
- memory: 4Gb
- script: |
- ./private/cirrus/cirrus-env.sh YARN
- gradle yarn_check-ci --profile
- <<: *DEFAULT_ARTIFACTS_TEMPLATE
-
- yarn_validate_task:
- <<: *DEFAULT_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- <<: *YARN_CACHE_TEMPLATE
- <<: *JEST_REPORT_CACHE_TEMPLATE
- <<: *CACHE_DEPENDENCIES_DEPENDANT_TASK_TEMPLATE
- eks_container:
- <<: *CONTAINER_TEMPLATE
- cpu: 7.5
- memory: 25Gb
- script:
- - ./private/cirrus/cirrus-yarn-validate-ci.sh
- <<: *DEFAULT_ARTIFACTS_TEMPLATE
-
- junit_task:
- <<: *DEFAULT_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- <<: *JUNIT_REPORT_CACHE_TEMPLATE
- <<: *CACHE_DEPENDENCIES_DEPENDANT_TASK_TEMPLATE
- eks_container:
- <<: *CONTAINER_TEMPLATE
- cpu: 7.5
- memory: 10Gb
- script:
- - ./private/cirrus/cirrus-junit.sh
- <<: *DEFAULT_ARTIFACTS_TEMPLATE
-
- sq_analysis_task:
- <<: *SKIP_PUBLIC_BRANCHES_TEMPLATE
- <<: *EXCEPT_ON_NIGHTLY_TASK_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- <<: *YARN_CACHE_TEMPLATE
- <<: *JEST_REPORT_CACHE_TEMPLATE
- <<: *ESLINT_REPORT_CACHE_TEMPLATE
- <<: *JUNIT_REPORT_CACHE_TEMPLATE
- depends_on:
- - yarn_validate
- - yarn_lint
- - junit
- eks_container:
- <<: *CONTAINER_TEMPLATE
- cpu: 7.5
- memory: 15Gb
- script:
- - ./private/cirrus/cirrus-sq-analysis.sh
- <<: *DEFAULT_ARTIFACTS_TEMPLATE
-
- qa_task:
- <<: *DEFAULT_TEMPLATE
- <<: *BUILD_DEPENDANT_TASK_TEMPLATE
- <<: *CACHE_DEPENDENCIES_DEPENDANT_TASK_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- <<: *JAR_CACHE_TEMPLATE
- eks_container:
- <<: *CONTAINER_TEMPLATE
- cpu: 3
- memory: 7Gb
- additional_containers:
- - <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
- name: QA $QA_CATEGORY
- alias: qa
- env:
- matrix:
- # QA name should not exceed 13 characters to be properly reported on wallboard by burgr
- # QA name cannot contain "_"
- - QA_CATEGORY: Cat1
- - QA_CATEGORY: Cat2
- - QA_CATEGORY: Cat3
- - QA_CATEGORY: Cat4
- - QA_CATEGORY: Cat5
- - QA_CATEGORY: Cat6
- - QA_CATEGORY: Analysis
- - QA_CATEGORY: Authorization
- - QA_CATEGORY: Auth
- - QA_CATEGORY: Branch1
- - QA_CATEGORY: Branch2
- - QA_CATEGORY: CE1
- - QA_CATEGORY: CE2
- - QA_CATEGORY: ComputeEngine
- - QA_CATEGORY: DE1
- - QA_CATEGORY: DE2
- - QA_CATEGORY: EE1
- - QA_CATEGORY: EE2
- - QA_CATEGORY: Issues1
- - QA_CATEGORY: Issues2
- - QA_CATEGORY: License1
- - QA_CATEGORY: License2
- - QA_CATEGORY: Plugins
- - QA_CATEGORY: Project
- - QA_CATEGORY: QP
- - QA_CATEGORY: Upgrade
- script:
- - ./private/cirrus/cirrus-qa.sh postgres
- <<: *DEFAULT_ARTIFACTS_TEMPLATE
-
- task: #bitbucket
- <<: *DEFAULT_TEMPLATE
- <<: *BUILD_DEPENDANT_TASK_TEMPLATE
- <<: *JAR_CACHE_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- <<: *BITBUCKET_SERVER_TASK_TEMPLATE
- eks_container:
- <<: *CONTAINER_TEMPLATE
- cpu: 3
- memory: 10Gb
- additional_containers:
- - <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
- maven_cache:
- folder: ~/.m2
- env:
- QA_CATEGORY: BITBUCKET
- matrix:
- - name: qa_bb_5.15.0
- bitbucket_background_script: ./private/cirrus/cirrus-start-bitbucket.sh 5.15.0
- - name: qa_bb_latest
- bitbucket_background_script: ./private/cirrus/cirrus-start-bitbucket.sh LATEST
- wait_for_bitbucket_to_boot_script: secs=3600; endTime=$(( $(date +%s) + secs )); while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:7990/bitbucket/status)" != "200" ]] || [ $(date +%s) -gt $endTime ]; do sleep 5; done
- script:
- - ./private/cirrus/cirrus-qa.sh postgres
- <<: *DEFAULT_ARTIFACTS_TEMPLATE
-
- qa_bb_cloud_task:
- <<: *DEFAULT_TEMPLATE
- <<: *BUILD_DEPENDANT_TASK_TEMPLATE
- <<: *JAR_CACHE_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- <<: *BITBUCKET_CLOUD_TASK_TEMPLATE
- eks_container:
- <<: *CONTAINER_TEMPLATE
- cpu: 2.4
- memory: 7Gb
- env:
- QA_CATEGORY: BITBUCKET_CLOUD
- BBC_CLIENT_ID: VAULT[development/team/sonarqube/kv/data/bitbucket-cloud data.client_id]
- BBC_CLIENT_SECRET: VAULT[development/team/sonarqube/kv/data/bitbucket-cloud data.client_secret]
- BBC_USERNAME: VAULT[development/kv/data/bitbucket/sonarqube-its data.username]
- BBC_READ_REPOS_APP_PASSWORD: VAULT[development/kv/data/bitbucket/sonarqube-its data.password]
- script:
- - ./private/cirrus/cirrus-qa.sh h2
- <<: *DEFAULT_ARTIFACTS_TEMPLATE
-
- qa_ha_task:
- <<: *DEFAULT_TEMPLATE
- <<: *BUILD_DEPENDANT_TASK_TEMPLATE
- <<: *MASTER_OR_NIGHTLY_OR_MAINTENANCE_TASK_TEMPLATE
- <<: *JAR_CACHE_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- eks_container:
- <<: *CONTAINER_TEMPLATE
- cpu: 2.4
- memory: 10Gb
- additional_containers:
- - <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
- env:
- QA_CATEGORY: HA
- script:
- - ./private/cirrus/cirrus-qa.sh postgres
- <<: *DEFAULT_ARTIFACTS_TEMPLATE
-
- qa_performance_task:
- <<: *DEFAULT_TEMPLATE
- <<: *BUILD_DEPENDANT_TASK_TEMPLATE
- <<: *MASTER_AND_NIGHTLY_TASK_TEMPLATE
- <<: *JAR_CACHE_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- eks_container:
- <<: *CONTAINER_TEMPLATE
- cpu: 2.4
- memory: 10Gb
- additional_containers:
- - <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
- env:
- QA_CATEGORY: AnalysisPerformance
- script:
- - ./private/cirrus/cirrus-qa.sh postgres
- <<: *DEFAULT_ARTIFACTS_TEMPLATE
-
- # GitLab QA is executed in a dedicated task in order to not slow down the pipeline, as a GitLab on-prem server docker image is required.
- qa_gitlab_task:
- <<: *DEFAULT_TEMPLATE
- <<: *BUILD_DEPENDANT_TASK_TEMPLATE
- <<: *JAR_CACHE_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- <<: *GITLAB_TASK_TEMPLATE
- depends_on:
- - build
- env:
- QA_CATEGORY: GITLAB
- matrix:
- - name: qa_gitlab_latest
- env:
- - GITLAB_VERSION: latest
- - name: qa_gitlab_oldest
- env:
- - GITLAB_VERSION: 15.6.2-ce.0
- eks_container:
- <<: *CONTAINER_TEMPLATE
- cpu: 2.4
- memory: 7Gb
- use_in_memory_disk: true
- additional_containers:
- - name: gitlab
- ports:
- - 80
- - 443
- cpu: 2
- memory: 8Gb
- image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/gitlab:${GITLAB_VERSION}
- env:
- - GITLAB_POST_RECONFIGURE_SCRIPT: |-
- { cat >/tmp/setup.rb <<-'EOF'
- token = User.find_by_username('root').personal_access_tokens.create(scopes: [:api], name: 'token');
- token.set_token('token-here-456');
- token.expires_at = Date.today+10.day
- token.save!;
- token_read = User.find_by_username('root').personal_access_tokens.create(scopes: [:read_user], name: 'token_read');
- token_read.set_token('token-read-123');
- token_read.expires_at = Date.today+10.day
- token_read.save!;
- user = User.find_by_username('root');
- user.password = 'eng-YTU1ydh6kyt7tjd';
- user.password_confirmation = 'eng-YTU1ydh6kyt7tjd';
- user.save!;
- EOF
- } && gitlab-rails runner /tmp/setup.rb && \
- echo 'from_file "/etc/gitlab/external_gitlab.rb"' >> /etc/gitlab/gitlab.rb && \
- gitlab-ctl reconfigure
- script:
- - ./private/cirrus/cirrus-qa.sh h2
- <<: *DEFAULT_ARTIFACTS_TEMPLATE
-
- qa_gitlab_cloud_task:
- <<: *DEFAULT_TEMPLATE
- <<: *BUILD_DEPENDANT_TASK_TEMPLATE
- <<: *JAR_CACHE_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- <<: *GITLAB_TASK_TEMPLATE
- eks_container:
- <<: *CONTAINER_TEMPLATE
- cpu: 2.4
- memory: 7Gb
- use_in_memory_disk: true
- env:
- QA_CATEGORY: GITLAB_CLOUD
- GITLAB_API_TOKEN: VAULT[development/team/sonarqube/kv/data/gitlab-cloud data.api_token]
- GITLAB_READ_ONLY_TOKEN: VAULT[development/team/sonarqube/kv/data/gitlab-cloud data.api_token_ro]
- GITLAB_ADMIN_USERNAME: VAULT[development/team/sonarqube/kv/data/gitlab-cloud data.username]
- GITLAB_ADMIN_PASSWORD: VAULT[development/team/sonarqube/kv/data/gitlab-cloud data.password]
- script:
- - ./private/cirrus/cirrus-qa.sh h2
- <<: *DEFAULT_ARTIFACTS_TEMPLATE
-
- # Azure QA is executed in a dedicated task in order to not slow down the pipeline.
- qa_azure_task:
- <<: *DEFAULT_TEMPLATE
- <<: *BUILD_DEPENDANT_TASK_TEMPLATE
- <<: *JAR_CACHE_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- <<: *AZURE_TASK_TEMPLATE
- eks_container:
- <<: *CONTAINER_TEMPLATE
- cpu: 2.4
- memory: 7Gb
- env:
- QA_CATEGORY: AZURE
- AZURE_USERNAME_LOGIN: VAULT[development/team/sonarqube/kv/data/azure-instance data.username]
- AZURE_CODE_READ_AND_WRITE_TOKEN: VAULT[development/team/sonarqube/kv/data/azure-instance data.token_code_read_write]
- AZURE_FULL_ACCESS_TOKEN: VAULT[development/team/sonarqube/kv/data/azure-instance data.token_full_access]
- script:
- - ./private/cirrus/cirrus-qa.sh h2
- <<: *DEFAULT_ARTIFACTS_TEMPLATE
-
- qa_github_task:
- <<: *DEFAULT_TEMPLATE
- <<: *BUILD_DEPENDANT_TASK_TEMPLATE
- <<: *GITHUB_TASK_TEMPLATE
- <<: *JAR_CACHE_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- eks_container:
- <<: *CONTAINER_TEMPLATE
- cpu: 4
- memory: 7Gb
- env:
- QA_CATEGORY: GITHUB
- GITHUB_COM_CODE_SCANNING_ALERTS_TECHNICAL_USER_USERNAME: QA-task
- GITHUB_COM_CODE_SCANNING_ALERTS_TECHNICAL_USER_TOKEN: VAULT[development/github/token/SonarSource-sonar-enterprise-code-scanning token]
- script:
- - ./private/cirrus/cirrus-qa.sh h2
- <<: *DEFAULT_ARTIFACTS_TEMPLATE
-
- qa_github_provisioning_task:
- <<: *DEFAULT_TEMPLATE
- <<: *BUILD_DEPENDANT_TASK_TEMPLATE
- <<: *GITHUB_TASK_TEMPLATE
- <<: *JAR_CACHE_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- eks_container:
- <<: *CONTAINER_TEMPLATE
- cpu: 4
- memory: 7Gb
- env:
- QA_CATEGORY: GITHUB_PROVISIONING
- script:
- - ./private/cirrus/cirrus-qa.sh h2
- <<: *DEFAULT_ARTIFACTS_TEMPLATE
-
- # SAML QA is executed in a dedicated task in order to not slow down the pipeline, as a Keycloak server docker image is required.
- qa_saml_task:
- <<: *DEFAULT_TEMPLATE
- <<: *BUILD_DEPENDANT_TASK_TEMPLATE
- <<: *SAML_TASK_TEMPLATE
- <<: *JAR_CACHE_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- eks_container:
- <<: *CONTAINER_TEMPLATE
- cpu: 2.4
- memory: 10Gb
- additional_containers:
- - name: keycloak
- image: quay.io/keycloak/keycloak:21.1.1
- port: 8080
- cpu: 1
- memory: 1Gb
- command: "/opt/keycloak/bin/kc.sh start-dev --http-relative-path /auth"
- env:
- KEYCLOAK_ADMIN: admin
- KEYCLOAK_ADMIN_PASSWORD: admin
- env:
- QA_CATEGORY: SAML
- script:
- - ./private/cirrus/cirrus-qa.sh h2
- <<: *DEFAULT_ARTIFACTS_TEMPLATE
-
- # LDAP QA is executed in a dedicated task in order to not slow down the pipeline, as a LDAP server and SonarQube server are re-started on each test.
- qa_ldap_task:
- <<: *DEFAULT_TEMPLATE
- <<: *BUILD_DEPENDANT_TASK_TEMPLATE
- <<: *LDAP_TASK_TEMPLATE
- <<: *JAR_CACHE_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- eks_container:
- <<: *CONTAINER_TEMPLATE
- cpu: 2.4
- memory: 10Gb
- env:
- QA_CATEGORY: LDAP
- script:
- - ./private/cirrus/cirrus-qa.sh h2
- <<: *DEFAULT_ARTIFACTS_TEMPLATE
-
- promote_task:
- <<: *DEFAULT_TEMPLATE
- <<: *EXCEPT_ON_NIGHTLY_TASK_TEMPLATE
- depends_on:
- - build
- - sq_analysis
- - qa
- - qa_saml
- - qa_ldap
- - publish
- eks_container:
- <<: *CONTAINER_TEMPLATE
- memory: 512M
- stateful: true
- script:
- - ./private/cirrus/cirrus-promote.sh
-
- package_docker_task:
- <<: *DEFAULT_TEMPLATE
- depends_on: promote
- only_if: $CIRRUS_BRANCH == $BRANCH_MAIN
- ec2_instance:
- <<: *VM_TEMPLATE
- clone_script: |
- git clone --recursive --branch=$CIRRUS_BRANCH https://x-access-token:${CIRRUS_REPO_CLONE_TOKEN}@github.com/${CIRRUS_REPO_FULL_NAME}.git $CIRRUS_WORKING_DIR --depth=1
- git fetch origin $CIRRUS_CHANGE_IN_REPO --depth=1
- git reset --hard $CIRRUS_CHANGE_IN_REPO
- install_tooling_script:
- - ./private/cirrus/cirrus-tooling-for-package-docker.sh
- package_script:
- - ./private/cirrus/cirrus-package-docker.sh
-
- sql_mssql_task:
- <<: *DEFAULT_TEMPLATE
- <<: *BUILD_DEPENDANT_TASK_TEMPLATE
- <<: *DATABASE_RELATED_TASK_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- eks_container:
- <<: *CONTAINER_TEMPLATE
- memory: 5Gb
- additional_containers:
- - name: mssql
- image: mcr.microsoft.com/mssql/server:2019-GA-ubuntu-16.04
- port: 1433
- cpu: 2
- memory: 5Gb
- env:
- MSSQL_PID: Developer # this is the default edition
- ACCEPT_EULA: Y
- SA_PASSWORD: sonarqube!1
- script:
- - ./private/cirrus/cirrus-db-unit-test.sh mssql
- <<: *DEFAULT_ARTIFACTS_TEMPLATE
-
- sql_postgres_task:
- <<: *DEFAULT_TEMPLATE
- <<: *BUILD_DEPENDANT_TASK_TEMPLATE
- <<: *DATABASE_RELATED_TASK_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- eks_container:
- <<: *CONTAINER_TEMPLATE
- memory: 5Gb
- additional_containers:
- - <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
- script:
- - ./private/cirrus/cirrus-db-unit-test.sh postgres
- <<: *DEFAULT_ARTIFACTS_TEMPLATE
-
- # this is the oldest compatible version of PostgreSQL
- sql_postgres11_task:
- <<: *DEFAULT_TEMPLATE
- <<: *BUILD_DEPENDANT_TASK_TEMPLATE
- <<: *DATABASE_RELATED_TASK_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- eks_container:
- <<: *CONTAINER_TEMPLATE
- memory: 5Gb
- additional_containers:
- - <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
- image: public.ecr.aws/docker/library/postgres:11
- script:
- - ./private/cirrus/cirrus-db-unit-test.sh postgres
- <<: *DEFAULT_ARTIFACTS_TEMPLATE
-
- sql_oracle21_task:
- <<: *DEFAULT_TEMPLATE
- <<: *BUILD_DEPENDANT_TASK_TEMPLATE
- <<: *DATABASE_RELATED_TASK_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- eks_container:
- <<: *CONTAINER_TEMPLATE
- memory: 5Gb
- additional_containers:
- - <<: *ORACLE_ADDITIONAL_CONTAINER_TEMPLATE
- script:
- - ./private/cirrus/cirrus-db-unit-test.sh oracle21
- <<: *DEFAULT_ARTIFACTS_TEMPLATE
-
- upgd_mssql_task:
- <<: *DEFAULT_TEMPLATE
- <<: *BUILD_DEPENDANT_TASK_TEMPLATE
- <<: *DATABASE_RELATED_TASK_TEMPLATE
- <<: *JAR_CACHE_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- eks_container:
- <<: *CONTAINER_TEMPLATE
- cpu: 1.5
- memory: 6Gb
- additional_containers:
- - name: mssql
- image: mcr.microsoft.com/mssql/server:2022-latest
- port: 1433
- cpu: 2
- memory: 5Gb
- env:
- MSSQL_PID: Developer # this is the default edition
- ACCEPT_EULA: Y
- SA_PASSWORD: sonarqube!1
- env:
- QA_CATEGORY: Upgrade
- script:
- - ./private/cirrus/cirrus-qa.sh mssql
- <<: *DEFAULT_ARTIFACTS_TEMPLATE
-
- upgd_oracle21_task:
- <<: *DEFAULT_TEMPLATE
- <<: *BUILD_DEPENDANT_TASK_TEMPLATE
- <<: *DATABASE_RELATED_TASK_TEMPLATE
- <<: *JAR_CACHE_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- eks_container:
- <<: *CONTAINER_TEMPLATE
- cpu: 1.5
- memory: 6Gb
- additional_containers:
- - <<: *ORACLE_ADDITIONAL_CONTAINER_TEMPLATE
- env:
- QA_CATEGORY: Upgrade
- script:
- - ./private/cirrus/cirrus-qa.sh oracle21
- <<: *DEFAULT_ARTIFACTS_TEMPLATE
-
- mend_scan_task:
- <<: *DEFAULT_TEMPLATE
- <<: *BUILD_DEPENDANT_TASK_TEMPLATE
- <<: *MASTER_OR_NIGHTLY_OR_MAINTENANCE_TASK_TEMPLATE
- <<: *YARN_CACHE_TEMPLATE
- <<: *GRADLE_CACHE_TEMPLATE
- timeout_in: 30m
- eks_container:
- <<: *CONTAINER_TEMPLATE
- cpu: 2
- memory: 4Gb
- env:
- WS_APIKEY: VAULT[development/kv/data/mend data.apikey]
- WS_WSS_URL: VAULT[development/kv/data/mend data.url]
- WS_USERKEY: VAULT[development/kv/data/mend data.userKey]
- SLACK_WEBHOOK_SQ: VAULT[development/kv/data/slack data.webhook]
- mend_script:
- - ./private/cirrus/cirrus-mend-scan.sh
- allow_failures: "true"
- on_failure:
- slack_notification_script:
- - ./private/cirrus/cirrus-mend-notifications.sh
- always:
- ws_artifacts:
- path: "whitesource/**/*"
|