|
|
@@ -36,6 +36,14 @@ task_only_nightly_depending_on_build_template: &TASK_ONLY_NIGHTLY_DEPENDING_ON_B |
|
|
|
# this task on your branch |
|
|
|
only_if: $CIRRUS_BRANCH == "branch-nightly-build" |
|
|
|
|
|
|
|
task_only_default_depending_on_build_template: &TASK_ONLY_DEFAUT_DEPENDING_ON_BUILD_TEMPLATE |
|
|
|
depends_on: build |
|
|
|
only_if: >- |
|
|
|
$CIRRUS_BRANCH !=~ "dogfood/.*" && |
|
|
|
$CIRRUS_BRANCH != "public_master" && |
|
|
|
$CIRRUS_BRANCH != "branch-nightly-build" && |
|
|
|
$CIRRUS_CRON == "" |
|
|
|
|
|
|
|
docker_build_container_template: &GKE_CONTAINER_TEMPLATE |
|
|
|
dockerfile: private/docker/Dockerfile-build |
|
|
|
builder_image_project: sonarqube-team |
|
|
@@ -78,7 +86,10 @@ screenshots_on_failure_template: &REPORTS_JUNIT_SCREENSHOTS_ON_FAILURE_TEMPLATE |
|
|
|
path: "**/build/screenshots/**/*" |
|
|
|
|
|
|
|
build_task: |
|
|
|
only_if: $CIRRUS_BRANCH !=~ "dogfood/.*" && $CIRRUS_BRANCH != "public_master" |
|
|
|
only_if: >- |
|
|
|
$CIRRUS_BRANCH !=~ "dogfood/.*" && |
|
|
|
$CIRRUS_BRANCH != "public_master" && |
|
|
|
$CIRRUS_CRON == "" |
|
|
|
timeout_in: 90m |
|
|
|
gke_container: |
|
|
|
<<: *GKE_CONTAINER_TEMPLATE |
|
|
@@ -113,8 +124,7 @@ deploy_docs_task: |
|
|
|
- ./private/cirrus/cirrus-trigger-deploy-docs.sh |
|
|
|
|
|
|
|
validate_task: |
|
|
|
depends_on: build |
|
|
|
only_if: $CIRRUS_BRANCH !=~ "dogfood/.*" && $CIRRUS_BRANCH != "public_master" && $CIRRUS_TAG != "nightly-build" |
|
|
|
<<: *TASK_ONLY_DEFAUT_DEPENDING_ON_BUILD_TEMPLATE |
|
|
|
timeout_in: 90m |
|
|
|
gke_container: |
|
|
|
<<: *GKE_CONTAINER_TEMPLATE |
|
|
@@ -132,8 +142,7 @@ validate_task: |
|
|
|
<<: *REPORTS_JUNIT_ON_FAILURE_TEMPLATE |
|
|
|
|
|
|
|
qa_task: |
|
|
|
depends_on: build |
|
|
|
only_if: $CIRRUS_BRANCH !=~ "dogfood/.*" && $CIRRUS_BRANCH != "public_master" && $CIRRUS_TAG != "nightly-build" |
|
|
|
<<: *TASK_ONLY_DEFAUT_DEPENDING_ON_BUILD_TEMPLATE |
|
|
|
gke_container: |
|
|
|
<<: *GKE_CONTAINER_TEMPLATE |
|
|
|
cpu: 3 |
|
|
@@ -169,11 +178,11 @@ qa_task: |
|
|
|
<<: *REPORTS_JUNIT_SCREENSHOTS_ON_FAILURE_TEMPLATE |
|
|
|
|
|
|
|
promote_task: |
|
|
|
<<: *TASK_ONLY_DEFAUT_DEPENDING_ON_BUILD_TEMPLATE |
|
|
|
depends_on: |
|
|
|
- build |
|
|
|
- validate |
|
|
|
- qa |
|
|
|
only_if: $CIRRUS_BRANCH !=~ "dogfood/.*" && $CIRRUS_BRANCH != "public_master" && $CIRRUS_TAG != "nightly-build" |
|
|
|
gke_container: |
|
|
|
<<: *GKE_CONTAINER_TEMPLATE |
|
|
|
stateful: true |
|
|
@@ -186,10 +195,7 @@ promote_task: |
|
|
|
- ./private/cirrus/cirrus-promote.sh |
|
|
|
|
|
|
|
sql_mssql2017_task: |
|
|
|
depends_on: build |
|
|
|
# Comment the following line and commit with message "DO NOT MERGE" in order to run |
|
|
|
# this task on your branch |
|
|
|
only_if: $CIRRUS_TAG == "nightly-build" |
|
|
|
<<: *TASK_ONLY_NIGHTLY_DEPENDING_ON_BUILD_TEMPLATE |
|
|
|
gke_container: |
|
|
|
<<: *GKE_CONTAINER_TEMPLATE |
|
|
|
memory: 5Gb |
|
|
@@ -215,10 +221,7 @@ sql_mssql2017_task: |
|
|
|
|
|
|
|
# this is the oldest compatible version of PostgreSQL |
|
|
|
sql_postgres93_task: |
|
|
|
depends_on: build |
|
|
|
# Comment the following line and commit with message "DO NOT MERGE" in order to run |
|
|
|
# this task on your branch |
|
|
|
only_if: $CIRRUS_TAG == "nightly-build" |
|
|
|
<<: *TASK_ONLY_NIGHTLY_DEPENDING_ON_BUILD_TEMPLATE |
|
|
|
gke_container: |
|
|
|
<<: *GKE_CONTAINER_TEMPLATE |
|
|
|
memory: 5Gb |
|
|
@@ -235,10 +238,7 @@ sql_postgres93_task: |
|
|
|
<<: *REPORTS_JUNIT_ON_FAILURE_TEMPLATE |
|
|
|
|
|
|
|
sql_oracle12_task: |
|
|
|
depends_on: build |
|
|
|
# Comment the following line and commit with message "DO NOT MERGE" in order to run |
|
|
|
# this task on your branch |
|
|
|
only_if: $CIRRUS_TAG == "nightly-build" |
|
|
|
<<: *TASK_ONLY_NIGHTLY_DEPENDING_ON_BUILD_TEMPLATE |
|
|
|
gke_container: |
|
|
|
<<: *GKE_CONTAINER_TEMPLATE |
|
|
|
memory: 5Gb |
|
|
@@ -252,10 +252,7 @@ sql_oracle12_task: |
|
|
|
<<: *REPORTS_JUNIT_ON_FAILURE_TEMPLATE |
|
|
|
|
|
|
|
upgd_mssql2017_task: |
|
|
|
depends_on: build |
|
|
|
# Comment the following line and commit with message "DO NOT MERGE" in order to run |
|
|
|
# this task on your branch |
|
|
|
only_if: $CIRRUS_TAG == "nightly-build" |
|
|
|
<<: *TASK_ONLY_NIGHTLY_DEPENDING_ON_BUILD_TEMPLATE |
|
|
|
gke_container: |
|
|
|
<<: *GKE_CONTAINER_TEMPLATE |
|
|
|
cpu: 1.5 |
|
|
@@ -288,10 +285,7 @@ upgd_mssql2017_task: |
|
|
|
|
|
|
|
|
|
|
|
upgd_oracle12_task: |
|
|
|
depends_on: build |
|
|
|
# Comment the following line and commit with message "DO NOT MERGE" in order to run |
|
|
|
# this task on your branch |
|
|
|
only_if: $CIRRUS_TAG == "nightly-build" |
|
|
|
<<: *TASK_ONLY_NIGHTLY_DEPENDING_ON_BUILD_TEMPLATE |
|
|
|
gke_container: |
|
|
|
<<: *GKE_CONTAINER_TEMPLATE |
|
|
|
cpu: 1.5 |
|
|
@@ -313,3 +307,34 @@ upgd_oracle12_task: |
|
|
|
- ./private/cirrus/cleanup-gradle-cache.sh |
|
|
|
on_failure: |
|
|
|
<<: *REPORTS_JUNIT_ON_FAILURE_TEMPLATE |
|
|
|
|
|
|
|
# Software Composition Analysis (SCA): check potential vulnerabilities in dependencies. |
|
|
|
# Note that license compliance of dependencies is not checked for now. |
|
|
|
owasp_check_task: |
|
|
|
only_if: >- |
|
|
|
$CIRRUS_CRON == "nightly" || |
|
|
|
$CIRRUS_CRON == "weekly-lts" |
|
|
|
timeout_in: 30m |
|
|
|
gke_container: |
|
|
|
<<: *GKE_CONTAINER_TEMPLATE |
|
|
|
cpu: 1.7 |
|
|
|
memory: 4Gb |
|
|
|
environment: |
|
|
|
# No need to clone the full history. |
|
|
|
# Depth of 1 is not enough because it would fail the build in case of consecutive pushes |
|
|
|
# (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!") |
|
|
|
CIRRUS_CLONE_DEPTH: 50 |
|
|
|
SLACK_WEBHOOK_SQ: ENCRYPTED[dec8e4350cbea3b94d63098558bcb3ae9e79b71c2b6286fcfb9eb80c0953b6448b10f7271b07b5e75e52f362c25d7a8f] |
|
|
|
nvd_cache: |
|
|
|
# The NVD repository of vulnerabilities is big and should be cached so |
|
|
|
# that consecutive runs download only changes, but not the whole repository. |
|
|
|
folder: ~/.gradle/dependency-check-data |
|
|
|
reupload_on_changes: true |
|
|
|
script: |
|
|
|
- gradle dependencyCheckAggregate |
|
|
|
on_failure: |
|
|
|
slack_notification_script: |
|
|
|
- ./private/cirrus/cirrus-owasp-notification.sh |
|
|
|
always: |
|
|
|
reports_artifacts: |
|
|
|
path: "build/reports/*" |