mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
Browse Source

BUILD-3755 Don't trigger a public build for the LTS branch

tags/9.9.4.87374
Antoine Vigneau 3 months ago
parent
3c923a113b
commit
33ef0b7345
7 changed files with 9 additions and 944 deletions
Split View Show Diff Stats
  1. 9
    1
      .cirrus.star
  2. 0
    732
      .cirrus.yml
  3. 0
    44
      .travis.yml
  4. 0
    29
      .travis/run_iris.sh
  5. 0
    21
      .travis/setup_environment.sh
  6. 0
    22
      .travis/setup_ramdisk.sh
  7. 0
    95
      travis.sh

+ 9
- 1
.cirrus.star View File

@@ -1,4 +1,12 @@
load("github.com/SonarSource/cirrus-modules@v2", "load_features")
load("cirrus", "env", "fs", "yaml")


def main(ctx):
return load_features(ctx)
if env.get("CIRRUS_REPO_FULL_NAME") == 'SonarSource/sonar-enterprise':
features = yaml.dumps(load_features(ctx, only_if=dict()))
doc = fs.read("private/.cirrus.yml")
return features + doc

# On SonarSource/sonarqube repo, we don't trigger any Cirrus build
return []

+ 0
- 732
.cirrus.yml View File

@@ -1,732 +0,0 @@
env:
GRADLE_OPTS: -Dorg.gradle.jvmargs="-XX:+PrintFlagsFinal -XshowSettings:vm -XX:+HeapDumpOnOutOfMemoryError -XX:+UnlockExperimentalVMOptions -Djava.security.egd=file:/dev/./urandom -Dfile.encoding=UTF8 -Duser.language=en -Duser.country=US"
# to be replaced by other credentials
ARTIFACTORY_URL: VAULT[development/kv/data/repox data.url]
ARTIFACTORY_PRIVATE_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader
ARTIFACTORY_PRIVATE_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
ARTIFACTORY_DEPLOY_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer
ARTIFACTORY_DEPLOY_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token]
ARTIFACTORY_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token]
#NPM config
NPM_CONFIG_registry: https://repox.jfrog.io/artifactory/api/npm/npm
NPM_CONFIG_//repox.jfrog.io/artifactory/api/npm/:_authToken: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
# download licenses for testing commercial editions
GITHUB_TOKEN: VAULT[development/github/token/licenses-ro token]
# notifications to burgr
BURGR_URL: VAULT[development/kv/data/burgr data.url]
BURGR_USERNAME: VAULT[development/kv/data/burgr data.cirrus_username]
BURGR_PASSWORD: VAULT[development/kv/data/burgr data.cirrus_password]
# analysis on next.sonarqube.com
SONARQUBE_NEXT_TOKEN: VAULT[development/kv/data/next data.token]
# to trigger docs deployment
ELASTIC_PWD: VAULT[development/team/sonarqube/kv/data/elasticsearch-cloud data.password]
CIRRUS_LOG_TIMESTAMP: true
BRANCH_MAIN: 'master'
BRANCH_PATTERN_MAINTENANCE: 'branch-.*'
BRANCH_PATTERN_PUBLIC: 'public_.*'
NIGHTLY_99_CRON: '9-9-lts-nightly'

auto_cancellation: $CIRRUS_BRANCH != $BRANCH_MAIN && $CIRRUS_BRANCH !=~ $BRANCH_PATTERN_MAINTENANCE

skip_public_branches_template: &SKIP_PUBLIC_BRANCHES_TEMPLATE
skip: $CIRRUS_BRANCH =~ $BRANCH_PATTERN_PUBLIC

build_dependant_task_template: &BUILD_DEPENDANT_TASK_TEMPLATE
depends_on: build

nightly_task_template: &NIGHTLY_TASK_TEMPLATE
only_if: $CIRRUS_CRON == $NIGHTLY_99_CRON

master_or_nightly_or_maintenance_task_template: &MASTER_OR_NIGHTLY_OR_MAINTENANCE_TASK_TEMPLATE
only_if: $CIRRUS_BRANCH == $BRANCH_NIGHTLY || $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE

except_nightly_task_template: &EXCEPT_ON_NIGHTLY_TASK_TEMPLATE
only_if: $CIRRUS_CRON != $NIGHTLY_99_CRON

database_related_task_template: &DATABASE_RELATED_TASK_TEMPLATE
only_if: >-
$CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY ||
changesInclude('server/sonar-db-dao/**/*Mapper.xml', 'server/sonar-db-migration/**/DbVersion*.java', 'server/sonar-db-dao/**/*Dao.java', 'server/sonar-db-core/src/main/java/org/sonar/db/*.java')

saml_task_template: &SAML_TASK_TEMPLATE
only_if: >-
$CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY ||
changesInclude('server/sonar-auth-saml/src/main/java/**/*.java', 'server/sonar-auth-saml/src/main/resources/**/*', 'server/sonar-db-dao/src/main/**/SAML*.java', 'private/it-core/src/test/java/org/sonarqube/tests/saml/*.java', 'server/sonar-webserver-webapi/src/main/java/org/sonar/server/saml/**/*.java')

ldap_task_template: &LDAP_TASK_TEMPLATE
only_if: >-
$CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY ||
changesInclude('server/sonar-auth-ldap/src/main/java/**/*.java', 'server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/LdapCredentialsAuthentication.java', 'private/it-core/src/test/java/org/sonarqube/tests/ldap/*.java')

github_task_template: &GITHUB_TASK_TEMPLATE
only_if: >-
$CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY ||
changesInclude('private/core-extension-developer-server/src/main/java/com/sonarsource/branch/pr/github/*.java', 'private/it-branch/it-tests/src/test/java/com/sonarsource/branch/it/suite/pr/github/*.java')

docker_build_container_template: &CONTAINER_TEMPLATE
region: eu-central-1
cluster_name: ${CIRRUS_CLUSTER_NAME}
namespace: default
builder_subnet_id: ${CIRRUS_AWS_SUBNET}
builder_role: cirrus-builder
builder_image: docker-builder-v*
builder_instance_type: t2.small
dockerfile: private/docker/Dockerfile-build
docker_arguments:
CIRRUS_AWS_ACCOUNT: ${CIRRUS_AWS_ACCOUNT}
cpu: 1
memory: 2Gb

vm_instance_template: &VM_TEMPLATE
experimental: true # see https://github.com/cirruslabs/cirrus-ci-docs/issues/1051
image: docker-builder-v*
type: t2.small
region: eu-central-1
subnet_id: ${CIRRUS_AWS_SUBNET}
disk: 10
cpu: 4
memory: 8G

oracle_additional_container_template: &ORACLE_ADDITIONAL_CONTAINER_TEMPLATE
name: oracle
image: gvenzl/oracle-xe:21-faststart
port: 1521
cpu: 2
memory: 5Gb
env:
ORACLE_PASSWORD: sonarqube
APP_USER: sonarqube
APP_USER_PASSWORD: sonarqube

postgres_additional_container_template: &POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
name: postgres
image: public.ecr.aws/docker/library/postgres:15
port: 5432
cpu: 1
memory: 1Gb
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres

default_artifact_template: &DEFAULT_ARTIFACTS_TEMPLATE
on_failure:
jest_junit_cleanup_script: >
find . -type f -wholename "**/build/test-results/test-jest/junit.xml" -exec
xmlstarlet edit --inplace --delete '//testsuite[@errors=0 and @failures=0]' {} \;
junit_artifacts:
path: "**/build/test-results/**/*.xml"
type: "text/xml"
format: junit
reports_artifacts:
path: "**/build/reports/**/*"
screenshots_artifacts:
path: "**/build/screenshots/**/*"
always:
profile_artifacts:
path: "**/build/reports/profile/**/*"

yarn_cache_template: &YARN_CACHE_TEMPLATE
yarn_cache:
folder: "~/.yarn/berry/cache"
fingerprint_script: |
cat \
server/sonar-web/yarn.lock \
private/core-extension-developer-server/yarn.lock \
private/core-extension-enterprise-server/yarn.lock \
private/core-extension-license/yarn.lock \
private/core-extension-securityreport/yarn.lock

gradle_cache_template: &GRADLE_CACHE_TEMPLATE
gradle_cache:
folder: "~/.gradle/caches"
fingerprint_script: find -type f \( -name "*.gradle*" -or -name "gradle*.properties" \) -exec cat {} +

jar_cache_template: &JAR_CACHE_TEMPLATE
jar_cache:
folder: "**/build/libs/*.jar"
fingerprint_key: jar-cache_$CIRRUS_BUILD_ID

eslint_report_cache_template: &ESLINT_REPORT_CACHE_TEMPLATE
eslint_report_cache:
folders:
- server/sonar-web/eslint-report/
- private/core-extension-securityreport/eslint-report/
- private/core-extension-license/eslint-report/
- private/core-extension-enterprise-server/eslint-report/
- private/core-extension-developer-server/eslint-report/
fingerprint_script: echo $CIRRUS_BUILD_ID

jest_report_cache_template: &JEST_REPORT_CACHE_TEMPLATE
jest_report_cache:
folders:
- server/sonar-web/coverage/
- private/core-extension-securityreport/coverage/
- private/core-extension-license/coverage/
- private/core-extension-enterprise-server/coverage/
- private/core-extension-developer-server/coverage/
fingerprint_script: echo $CIRRUS_BUILD_ID

junit_report_cache_template: &JUNIT_REPORT_CACHE_TEMPLATE
junit_report_cache:
folders:
- "**/reports/jacoco"
- "**/test-results/test"
fingerprint_script: echo $CIRRUS_BUILD_ID

default_template: &DEFAULT_TEMPLATE
<<: *SKIP_PUBLIC_BRANCHES_TEMPLATE
clone_script: |
git init
git remote add origin https://x-access-token:${CIRRUS_REPO_CLONE_TOKEN}@github.com/${CIRRUS_REPO_FULL_NAME}.git
git fetch origin $CIRRUS_CHANGE_IN_REPO $FETCH_DEPTH
git reset --hard $CIRRUS_CHANGE_IN_REPO
env:
FETCH_DEPTH: --depth=1

build_task:
<<: *DEFAULT_TEMPLATE
<<: *GRADLE_CACHE_TEMPLATE
<<: *YARN_CACHE_TEMPLATE
<<: *JAR_CACHE_TEMPLATE
eks_container:
<<: *CONTAINER_TEMPLATE
cpu: 7.5
memory: 8Gb
elasticsearch_distribution_cache:
folder: sonar-application/build/elasticsearch-**.tar.gz
script:
- ./private/cirrus/cirrus-build.sh
<<: *DEFAULT_ARTIFACTS_TEMPLATE

publish_task:
<<: *DEFAULT_TEMPLATE
<<: *GRADLE_CACHE_TEMPLATE
<<: *BUILD_DEPENDANT_TASK_TEMPLATE
eks_container:
<<: *CONTAINER_TEMPLATE
cpu: 4
memory: 4Gb
env:
ORG_GRADLE_PROJECT_signingKey: VAULT[development/kv/data/sign data.key]
ORG_GRADLE_PROJECT_signingPassword: VAULT[development/kv/data/sign data.passphrase]
ORG_GRADLE_PROJECT_signingKeyId: VAULT[development/kv/data/sign data.key_id]
script:
- ./private/cirrus/cirrus-publish.sh

yarn_lint_task:
<<: *DEFAULT_TEMPLATE
<<: *GRADLE_CACHE_TEMPLATE
<<: *YARN_CACHE_TEMPLATE
<<: *ESLINT_REPORT_CACHE_TEMPLATE
eks_container:
<<: *CONTAINER_TEMPLATE
cpu: 3
memory: 6Gb
script:
- ./private/cirrus/cirrus-yarn-lint-report.sh
<<: *DEFAULT_ARTIFACTS_TEMPLATE

yarn_check_task:
<<: *DEFAULT_TEMPLATE
<<: *GRADLE_CACHE_TEMPLATE
<<: *YARN_CACHE_TEMPLATE
eks_container:
<<: *CONTAINER_TEMPLATE
cpu: 3
memory: 4Gb
script: |
./private/cirrus/cirrus-env.sh YARN
gradle yarn_check-ci --profile
<<: *DEFAULT_ARTIFACTS_TEMPLATE

yarn_validate_task:
<<: *DEFAULT_TEMPLATE
<<: *GRADLE_CACHE_TEMPLATE
<<: *YARN_CACHE_TEMPLATE
<<: *JEST_REPORT_CACHE_TEMPLATE
eks_container:
<<: *CONTAINER_TEMPLATE
cpu: 7.5
memory: 20Gb
script:
- ./private/cirrus/cirrus-yarn-validate-ci.sh
<<: *DEFAULT_ARTIFACTS_TEMPLATE

junit_task:
<<: *DEFAULT_TEMPLATE
<<: *GRADLE_CACHE_TEMPLATE
<<: *JUNIT_REPORT_CACHE_TEMPLATE
eks_container:
<<: *CONTAINER_TEMPLATE
cpu: 7.5
memory: 10Gb
script:
- ./private/cirrus/cirrus-junit.sh
<<: *DEFAULT_ARTIFACTS_TEMPLATE

sq_analysis_task:
<<: *SKIP_PUBLIC_BRANCHES_TEMPLATE
<<: *EXCEPT_ON_NIGHTLY_TASK_TEMPLATE
<<: *GRADLE_CACHE_TEMPLATE
<<: *YARN_CACHE_TEMPLATE
<<: *JEST_REPORT_CACHE_TEMPLATE
<<: *ESLINT_REPORT_CACHE_TEMPLATE
<<: *JUNIT_REPORT_CACHE_TEMPLATE
depends_on:
- yarn_validate
- yarn_lint
- junit
eks_container:
<<: *CONTAINER_TEMPLATE
cpu: 7.5
memory: 15Gb
script:
- ./private/cirrus/cirrus-sq-analysis.sh
<<: *DEFAULT_ARTIFACTS_TEMPLATE

qa_task:
<<: *DEFAULT_TEMPLATE
<<: *BUILD_DEPENDANT_TASK_TEMPLATE
<<: *GRADLE_CACHE_TEMPLATE
<<: *JAR_CACHE_TEMPLATE
eks_container:
<<: *CONTAINER_TEMPLATE
cpu: 3
memory: 7Gb
additional_containers:
- <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
env:
matrix:
# QA name should not exceed 13 characters to be properly reported on wallboard by burgr
# QA name cannot contain "_"
- QA_CATEGORY: Cat1
- QA_CATEGORY: Cat2
- QA_CATEGORY: Cat3
- QA_CATEGORY: Cat4
- QA_CATEGORY: Cat5
- QA_CATEGORY: Cat6
- QA_CATEGORY: Analysis
- QA_CATEGORY: Authorization
- QA_CATEGORY: Auth
- QA_CATEGORY: Branch1
- QA_CATEGORY: Branch2
- QA_CATEGORY: CE1
- QA_CATEGORY: CE2
- QA_CATEGORY: ComputeEngine
- QA_CATEGORY: DE1
- QA_CATEGORY: DE2
- QA_CATEGORY: EE1
- QA_CATEGORY: EE2
- QA_CATEGORY: Issues1
- QA_CATEGORY: Issues2
- QA_CATEGORY: License1
- QA_CATEGORY: License2
- QA_CATEGORY: Plugins
- QA_CATEGORY: Project
- QA_CATEGORY: QP
- QA_CATEGORY: Upgrade
script:
- ./private/cirrus/cirrus-qa.sh postgres
<<: *DEFAULT_ARTIFACTS_TEMPLATE

task: #bitbucket
<<: *DEFAULT_TEMPLATE
<<: *BUILD_DEPENDANT_TASK_TEMPLATE
<<: *JAR_CACHE_TEMPLATE
<<: *GRADLE_CACHE_TEMPLATE
eks_container:
<<: *CONTAINER_TEMPLATE
cpu: 3
memory: 10Gb
additional_containers:
- <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
maven_cache:
folder: ~/.m2
env:
QA_CATEGORY: BITBUCKET
matrix:
- name: qa_bb_5.15.0
bitbucket_background_script: ./private/cirrus/cirrus-start-bitbucket.sh 5.15.0
- name: qa_bb_latest
bitbucket_background_script: ./private/cirrus/cirrus-start-bitbucket.sh LATEST
wait_for_bitbucket_to_boot_script: secs=3600; endTime=$(( $(date +%s) + secs )); while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:7990/bitbucket/status)" != "200" ]] || [ $(date +%s) -gt $endTime ]; do sleep 5; done
script:
- ./private/cirrus/cirrus-qa.sh postgres
<<: *DEFAULT_ARTIFACTS_TEMPLATE

qa_bb_cloud_task:
<<: *DEFAULT_TEMPLATE
<<: *BUILD_DEPENDANT_TASK_TEMPLATE
<<: *JAR_CACHE_TEMPLATE
<<: *GRADLE_CACHE_TEMPLATE
eks_container:
<<: *CONTAINER_TEMPLATE
cpu: 2.4
memory: 5Gb
env:
QA_CATEGORY: BITBUCKET_CLOUD
BBC_CLIENT_ID: VAULT[development/team/sonarqube/kv/data/bitbucket-cloud data.client_id]
BBC_CLIENT_SECRET: VAULT[development/team/sonarqube/kv/data/bitbucket-cloud data.client_secret]
BBC_USERNAME: VAULT[development/kv/data/bitbucket/sonarqube-its data.username]
BBC_READ_REPOS_APP_PASSWORD: VAULT[development/kv/data/bitbucket/sonarqube-its data.password]
script:
- ./private/cirrus/cirrus-qa.sh h2
<<: *DEFAULT_ARTIFACTS_TEMPLATE

qa_ha_cluster_task:
<<: *DEFAULT_TEMPLATE
<<: *BUILD_DEPENDANT_TASK_TEMPLATE
<<: *MASTER_OR_NIGHTLY_OR_MAINTENANCE_TASK_TEMPLATE
<<: *JAR_CACHE_TEMPLATE
<<: *GRADLE_CACHE_TEMPLATE
eks_container:
<<: *CONTAINER_TEMPLATE
cpu: 2.4
memory: 10Gb
additional_containers:
- <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
env:
QA_CATEGORY: HA_CLUSTER
script:
- ./private/cirrus/cirrus-qa.sh postgres
<<: *DEFAULT_ARTIFACTS_TEMPLATE

qa_ha_elasticsearch_task:
<<: *DEFAULT_TEMPLATE
<<: *BUILD_DEPENDANT_TASK_TEMPLATE
<<: *MASTER_OR_NIGHTLY_OR_MAINTENANCE_TASK_TEMPLATE
<<: *JAR_CACHE_TEMPLATE
<<: *GRADLE_CACHE_TEMPLATE
eks_container:
<<: *CONTAINER_TEMPLATE
cpu: 2.4
memory: 10Gb
additional_containers:
- <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
env:
QA_CATEGORY: HA_ELASTICSEARCH
script:
- ./private/cirrus/cirrus-qa.sh postgres
<<: *DEFAULT_ARTIFACTS_TEMPLATE

# GitLab QA is executed in a dedicated task in order to not slow down the pipeline, as a GitLab on-prem server docker image is required.
qa_gitlab_task:
<<: *DEFAULT_TEMPLATE
<<: *JAR_CACHE_TEMPLATE
<<: *GRADLE_CACHE_TEMPLATE
depends_on:
- build
env:
QA_CATEGORY: GITLAB
matrix:
- name: qa_gitlab_latest
env:
- GITLAB_VERSION: latest
- name: qa_gitlab_oldest
env:
- GITLAB_VERSION: 15.6.2-ce.0
eks_container:
<<: *CONTAINER_TEMPLATE
cpu: 2.4
memory: 5Gb
use_in_memory_disk: true
additional_containers:
- name: gitlab
ports:
- 80
- 443
cpu: 2
memory: 8Gb
image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/gitlab:${GITLAB_VERSION}
env:
- GITLAB_POST_RECONFIGURE_SCRIPT: |-
{ cat >/tmp/setup.rb <<-'EOF'
token = User.find_by_username('root').personal_access_tokens.create(scopes: [:api], name: 'token');
token.set_token('token-here-456');
token.expires_at = Date.today+10.day
token.save!;
token_read = User.find_by_username('root').personal_access_tokens.create(scopes: [:read_user], name: 'token_read');
token_read.set_token('token-read-123');
token_read.expires_at = Date.today+10.day
token_read.save!;
user = User.find_by_username('root');
user.password = 'eng-YTU1ydh6kyt7tjd';
user.password_confirmation = 'eng-YTU1ydh6kyt7tjd';
user.save!;
EOF
} && gitlab-rails runner /tmp/setup.rb && \
echo 'from_file "/etc/gitlab/external_gitlab.rb"' >> /etc/gitlab/gitlab.rb && \
gitlab-ctl reconfigure
script:
- ./private/cirrus/cirrus-qa.sh h2
<<: *DEFAULT_ARTIFACTS_TEMPLATE

qa_gitlab_cloud_task:
<<: *DEFAULT_TEMPLATE
<<: *BUILD_DEPENDANT_TASK_TEMPLATE
<<: *JAR_CACHE_TEMPLATE
<<: *GRADLE_CACHE_TEMPLATE
eks_container:
<<: *CONTAINER_TEMPLATE
cpu: 2.4
memory: 5Gb
use_in_memory_disk: true
env:
QA_CATEGORY: GITLAB_CLOUD
GITLAB_API_TOKEN: VAULT[development/team/sonarqube/kv/data/gitlab-cloud data.api_token]
GITLAB_READ_ONLY_TOKEN: VAULT[development/team/sonarqube/kv/data/gitlab-cloud data.api_token_ro]
GITLAB_ADMIN_USERNAME: VAULT[development/team/sonarqube/kv/data/gitlab-cloud data.username]
GITLAB_ADMIN_PASSWORD: VAULT[development/team/sonarqube/kv/data/gitlab-cloud data.password]
script:
- ./private/cirrus/cirrus-qa.sh h2
<<: *DEFAULT_ARTIFACTS_TEMPLATE

# Azure QA is executed in a dedicated task in order to not slow down the pipeline.
qa_azure_task:
<<: *DEFAULT_TEMPLATE
<<: *BUILD_DEPENDANT_TASK_TEMPLATE
<<: *JAR_CACHE_TEMPLATE
<<: *GRADLE_CACHE_TEMPLATE
eks_container:
<<: *CONTAINER_TEMPLATE
cpu: 2.4
memory: 5Gb
env:
QA_CATEGORY: AZURE
AZURE_USERNAME_LOGIN: VAULT[development/team/sonarqube/kv/data/azure-instance data.username]
AZURE_CODE_READ_AND_WRITE_TOKEN: VAULT[development/team/sonarqube/kv/data/azure-instance data.token_code_read_write]
AZURE_FULL_ACCESS_TOKEN: VAULT[development/team/sonarqube/kv/data/azure-instance data.token_full_access]
script:
- ./private/cirrus/cirrus-qa.sh h2
<<: *DEFAULT_ARTIFACTS_TEMPLATE

qa_github_task:
<<: *DEFAULT_TEMPLATE
<<: *BUILD_DEPENDANT_TASK_TEMPLATE
<<: *GITHUB_TASK_TEMPLATE
<<: *JAR_CACHE_TEMPLATE
<<: *GRADLE_CACHE_TEMPLATE
eks_container:
<<: *CONTAINER_TEMPLATE
cpu: 2.4
memory: 5Gb
env:
QA_CATEGORY: GITHUB
GITHUB_COM_CODE_SCANNING_ALERTS_TECHNICAL_USER_USERNAME: QA-task
GITHUB_COM_CODE_SCANNING_ALERTS_TECHNICAL_USER_TOKEN: VAULT[development/github/token/SonarSource-sonar-enterprise-code-scanning token]
script:
- ./private/cirrus/cirrus-qa.sh h2
<<: *DEFAULT_ARTIFACTS_TEMPLATE

# SAML QA is executed in a dedicated task in order to not slow down the pipeline, as a Keycloak server docker image is required.
qa_saml_task:
<<: *DEFAULT_TEMPLATE
<<: *BUILD_DEPENDANT_TASK_TEMPLATE
<<: *SAML_TASK_TEMPLATE
<<: *JAR_CACHE_TEMPLATE
<<: *GRADLE_CACHE_TEMPLATE
eks_container:
<<: *CONTAINER_TEMPLATE
cpu: 2.4
memory: 10Gb
additional_containers:
- name: keycloak
image: quay.io/keycloak/keycloak:17.0.1
port: 8080
cpu: 1
memory: 1Gb
command: "/opt/keycloak/bin/kc.sh start-dev --http-relative-path /auth"
env:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
env:
QA_CATEGORY: SAML
script:
- ./private/cirrus/cirrus-qa.sh h2
<<: *DEFAULT_ARTIFACTS_TEMPLATE

# LDAP QA is executed in a dedicated task in order to not slow down the pipeline, as a LDAP server and SonarQube server are re-started on each test.
qa_ldap_task:
<<: *DEFAULT_TEMPLATE
<<: *BUILD_DEPENDANT_TASK_TEMPLATE
<<: *LDAP_TASK_TEMPLATE
<<: *JAR_CACHE_TEMPLATE
<<: *GRADLE_CACHE_TEMPLATE
eks_container:
<<: *CONTAINER_TEMPLATE
cpu: 2.4
memory: 10Gb
env:
QA_CATEGORY: LDAP
script:
- ./private/cirrus/cirrus-qa.sh h2
<<: *DEFAULT_ARTIFACTS_TEMPLATE

promote_task:
<<: *DEFAULT_TEMPLATE
depends_on:
- build
- sq_analysis
- qa
- qa_saml
- qa_ldap
- publish
eks_container:
<<: *CONTAINER_TEMPLATE
memory: 512M
stateful: true
script:
- ./private/cirrus/cirrus-promote.sh

package_docker_task:
<<: *DEFAULT_TEMPLATE
depends_on: promote
only_if: $CIRRUS_BRANCH == $BRANCH_MAIN
ec2_instance:
<<: *VM_TEMPLATE
clone_script: |
git clone --recursive --branch=$CIRRUS_BRANCH https://x-access-token:${CIRRUS_REPO_CLONE_TOKEN}@github.com/${CIRRUS_REPO_FULL_NAME}.git $CIRRUS_WORKING_DIR --depth=1
git fetch origin $CIRRUS_CHANGE_IN_REPO --depth=1
git reset --hard $CIRRUS_CHANGE_IN_REPO
install_tooling_script:
- ./private/cirrus/cirrus-tooling-for-package-docker.sh
package_script:
- ./private/cirrus/cirrus-package-docker.sh

sql_mssql_task:
<<: *DEFAULT_TEMPLATE
<<: *BUILD_DEPENDANT_TASK_TEMPLATE
<<: *DATABASE_RELATED_TASK_TEMPLATE
<<: *GRADLE_CACHE_TEMPLATE
eks_container:
<<: *CONTAINER_TEMPLATE
memory: 5Gb
additional_containers:
- name: mssql
image: mcr.microsoft.com/mssql/server:2019-GA-ubuntu-16.04
port: 1433
cpu: 2
memory: 5Gb
env:
MSSQL_PID: Developer # this is the default edition
ACCEPT_EULA: Y
SA_PASSWORD: sonarqube!1
script:
- ./private/cirrus/cirrus-db-unit-test.sh mssql
<<: *DEFAULT_ARTIFACTS_TEMPLATE

sql_postgres_task:
<<: *DEFAULT_TEMPLATE
<<: *BUILD_DEPENDANT_TASK_TEMPLATE
<<: *DATABASE_RELATED_TASK_TEMPLATE
<<: *GRADLE_CACHE_TEMPLATE
eks_container:
<<: *CONTAINER_TEMPLATE
memory: 5Gb
additional_containers:
- <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
script:
- ./private/cirrus/cirrus-db-unit-test.sh postgres
<<: *DEFAULT_ARTIFACTS_TEMPLATE

# this is the oldest compatible version of PostgreSQL
sql_postgres11_task:
<<: *DEFAULT_TEMPLATE
<<: *BUILD_DEPENDANT_TASK_TEMPLATE
<<: *DATABASE_RELATED_TASK_TEMPLATE
<<: *GRADLE_CACHE_TEMPLATE
eks_container:
<<: *CONTAINER_TEMPLATE
memory: 5Gb
additional_containers:
- <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
image: public.ecr.aws/docker/library/postgres:11
script:
- ./private/cirrus/cirrus-db-unit-test.sh postgres
<<: *DEFAULT_ARTIFACTS_TEMPLATE

sql_oracle21_task:
<<: *DEFAULT_TEMPLATE
<<: *BUILD_DEPENDANT_TASK_TEMPLATE
<<: *DATABASE_RELATED_TASK_TEMPLATE
<<: *GRADLE_CACHE_TEMPLATE
eks_container:
<<: *CONTAINER_TEMPLATE
memory: 5Gb
additional_containers:
- <<: *ORACLE_ADDITIONAL_CONTAINER_TEMPLATE
script:
- ./private/cirrus/cirrus-db-unit-test.sh oracle21
<<: *DEFAULT_ARTIFACTS_TEMPLATE

upgd_mssql_task:
<<: *DEFAULT_TEMPLATE
<<: *BUILD_DEPENDANT_TASK_TEMPLATE
<<: *DATABASE_RELATED_TASK_TEMPLATE
<<: *JAR_CACHE_TEMPLATE
<<: *GRADLE_CACHE_TEMPLATE
eks_container:
<<: *CONTAINER_TEMPLATE
cpu: 1.5
memory: 6Gb
additional_containers:
- name: mssql
image: mcr.microsoft.com/mssql/server:2022-latest
port: 1433
cpu: 2
memory: 5Gb
env:
MSSQL_PID: Developer # this is the default edition
ACCEPT_EULA: Y
SA_PASSWORD: sonarqube!1
env:
QA_CATEGORY: Upgrade
script:
- ./private/cirrus/cirrus-qa.sh mssql
<<: *DEFAULT_ARTIFACTS_TEMPLATE

upgd_oracle21_task:
<<: *DEFAULT_TEMPLATE
<<: *BUILD_DEPENDANT_TASK_TEMPLATE
<<: *DATABASE_RELATED_TASK_TEMPLATE
<<: *JAR_CACHE_TEMPLATE
<<: *GRADLE_CACHE_TEMPLATE
eks_container:
<<: *CONTAINER_TEMPLATE
cpu: 1.5
memory: 6Gb
additional_containers:
- <<: *ORACLE_ADDITIONAL_CONTAINER_TEMPLATE
env:
QA_CATEGORY: Upgrade
script:
- ./private/cirrus/cirrus-qa.sh oracle21
<<: *DEFAULT_ARTIFACTS_TEMPLATE

mend_scan_task:
<<: *DEFAULT_TEMPLATE
<<: *BUILD_DEPENDANT_TASK_TEMPLATE
only_if: >-
$CIRRUS_BRANCH == $BRANCH_MAIN || ($CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE && $CIRRUS_BRANCH != $BRANCH_NIGHTLY)
<<: *YARN_CACHE_TEMPLATE
<<: *GRADLE_CACHE_TEMPLATE
timeout_in: 30m
eks_container:
<<: *CONTAINER_TEMPLATE
cpu: 2
memory: 4Gb
env:
WS_APIKEY: VAULT[development/kv/data/mend data.apikey]
WS_WSS_URL: VAULT[development/kv/data/mend data.url]
WS_USERKEY: VAULT[development/kv/data/mend data.userKey]
SLACK_WEBHOOK_SQ: VAULT[development/kv/data/slack data.webhook]
mend_script:
- ./private/cirrus/cirrus-mend-scan.sh
allow_failures: "true"
on_failure:
slack_notification_script:
- ./private/cirrus/cirrus-mend-notifications.sh
always:
ws_artifacts:
path: "whitesource/**/*"

+ 0
- 44
.travis.yml View File

@@ -1,44 +0,0 @@
sudo: required
install: true
script: ./travis.sh
dist: jammy
jdk: openjdk17

branches:
except:
- /^dogfood\/.*$/
- public_master

matrix:
fast_finish: true

cache:
directories:
- $HOME/.sonar
- $HOME/jvm
- $HOME/.gradle/caches/
- $HOME/.gradle/wrapper/

before_cache:
- rm -f $HOME/.gradle/caches/modules-2/modules-2.lock
- rm -fr $HOME/.gradle/caches/*/plugin-resolution/
- rm -fr $HOME/.gradle/caches/*/fileHashes/
- rm -fr $HOME/.gradle/caches/*/scripts/

before_install:
- nvm install 16
- nvm use 16

notifications:
email: false
webhooks:
- secure: "jxB1WXSY7zyW7un8mNtFuasV1ucEA5J3FvrlcOHVlaQaMPYV2/YjJNHdH4R0xzkmxy3D5pch2WZo4+sNB+8F3bQOCLQgYWVo0PrF635+6Bnah3tY7LX958WBuu3LPX9tlH+vRssi9gwj2SsqL0JAW+t1AbvHQsEhIfIudEc2VtxA2gHaKeNnvzbpCIs865k8OXkA7a2udlW0yIjri7VO9KJai2hAiKRIBojmrye8fY7Hin/4rA2yBwMMo8JmxIqLXqJOF0EYRyTnFVCxuRFvnDrgSP9pOLt4GQx37k2YPOzwxohziZ1xABMH2Hxx9tq/ynrqACJI0VlktKzCmNoeeSDknnd2erRvBH/n3i54RSP2GXbaB5XUt4l9i9/D4YqPSihrfnSRHk0ct8rcDGRW8nhCVJtsRX0w1Pde05YMshtHJCJXlmx5f6VJWbhBXjIjCbkN2k7guIGoK7cMsOQ5tPOadqYQ4JsXuD4/m2qH1uYvKQE+pplS9zGSBZFTi9Br3QfB5W1rsj4hLubUOd01kQiOIYAnHDfLVicbq3SSIT+H9YZQ80qxcx/ibDnLfhrX02jmswdfzc/hX7OdUh4l8QNS7LyxVe9y/0p5+9iQ0F62AZD6SBXGsZNtufqBruNX7qwT2vJ2tuDOP+zW0gnvNvLMnENw8JH2K2j4lv04pRw="
slack:
secure: PCekbN71ZmuOt82JUFmlhzxlx3wrXucSIpvxxWdZn9lfsPYQAtXCoOESaHjIVIpggsC5HSAic3HiedsWbuDk/XojmPrDCrfjgYG2wiuSuQlAa60WvzTPqXdRmUXyMQgItaAQbRfZP7kN9No/v8TZDfg5kT3i9ewy0bsfExpjAuo=
on_start: always

# This is a temporary change as Travis is currently executing this body even
# when the job run successfully (support ticket #44617).
# The changes should be reverted once we have a proper solution.
after_failure:
- '[[ $TRAVIS_TEST_RESULT = 1 ]] && source ./.travis/setup_environment.sh && notify_burgr "build" "build" "$TRAVIS_JOB_WEB_URL" "$(cat /tmp/build_start_time)" "$(date --utc +%FT%TZ)" "failed" || true'

+ 0
- 29
.travis/run_iris.sh View File

@@ -1,29 +0,0 @@
#!/bin/bash
set +x

VERSION="\[RELEASE\]"
HTTP_CODE=$(\
curl \
--write-out '%{http_code}' \
--location \
--remote-name \
--user "$ARTIFACTORY_PRIVATE_USERNAME:$ARTIFACTORY_API_KEY" \
"$ARTIFACTORY_URL/sonarsource-private-releases/com/sonarsource/iris/iris/$VERSION/iris-$VERSION-jar-with-dependencies.jar"\
)

if [ "$HTTP_CODE" != "200" ]; then
echo "Download $VERSION failed -> $HTTP_CODE"
exit 1
else
echo "Downloaded $VERSION"
fi

java \
-Diris.source.projectKey=org.sonarsource.sonarqube:sonarqube-private \
-Diris.source.url=https://next.sonarqube.com/sonarqube \
-Diris.source.token=$NEXT_TOKEN \
-Diris.destination.projectKey=sonarqube \
-Diris.destination.url=https://next.sonarqube.com/sonarqube \
-Diris.destination.token=$NEXT_TOKEN \
-Diris.maxcountposts=50 \
-jar iris-\[RELEASE\]-jar-with-dependencies.jar

+ 0
- 21
.travis/setup_environment.sh View File

@@ -1,21 +0,0 @@
#!/bin/bash
# Sets up the environment to be able to send notifications to burgr
# use generic environments to remove coupling with Travis ; see setup_promote_environment

export GITHUB_REPO=${TRAVIS_REPO_SLUG}
export BUILD_NUMBER=$TRAVIS_BUILD_NUMBER
export PIPELINE_ID=${BUILD_NUMBER}
if [ "$TRAVIS_PULL_REQUEST" == "false" ]; then
export GIT_SHA1=${TRAVIS_COMMIT} # $CIRRUS_CHANGE_IN_REPO
export GIT_BRANCH=$TRAVIS_BRANCH
export STAGE_TYPE="branch"
export STAGE_ID=${GIT_BRANCH}
else
export GIT_SHA1=${TRAVIS_PULL_REQUEST_SHA}
export GIT_BRANCH=$TRAVIS_PULL_REQUEST_BRANCH
export PULL_REQUEST_BASE_BRANCH=$TRAVIS_BRANCH
export PULL_REQUEST_NUMBER=$TRAVIS_PULL_REQUEST
export STAGE_TYPE="pr_number"
export STAGE_ID=${PULL_REQUEST_NUMBER}
fi
echo "======= SHA1 is ${GIT_SHA1} on branch '${GIT_BRANCH}'. Burgr stage '${STAGE_TYPE} with stage ID '${STAGE_ID} ======="

+ 0
- 22
.travis/setup_ramdisk.sh View File

@@ -1,22 +0,0 @@
#!/bin/bash
set -euo pipefail

RED='\033[0;31m'
NC='\033[0m' # No Color
printf "${RED}SETUP RAMDISK${NC}\n"
printf "${RED}disk size before build${NC}\n"
df -h
du -sh $HOME
du -sh $TRAVIS_BUILD_DIR

printf "${RED}move original TRAVIS_BUILD_DIR${NC}\n"
sudo mv $TRAVIS_BUILD_DIR $TRAVIS_BUILD_DIR.ori
printf "${RED}create ramdisk mount point${NC}\n"
sudo mkdir -p $TRAVIS_BUILD_DIR
printf "${RED}create ramdisk${NC}\n"
sudo mount -t tmpfs -o size=8192m tmps $TRAVIS_BUILD_DIR
printf "${RED}copy TRAVIS_BUILD_DIR to ramdisk${NC}\n"
time sudo cp -R $TRAVIS_BUILD_DIR.ori/. $TRAVIS_BUILD_DIR
printf "${RED}give permissions to travis on its TRAVIS_BUILD_DIR in ramdisk${NC}\n"
sudo chown -R travis:travis $TRAVIS_BUILD_DIR


+ 0
- 95
travis.sh View File

@@ -1,95 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail

./.travis/setup_ramdisk.sh

#
# Configure Maven settings and install some script utilities
#
configureTravis() {
mkdir -p ~/.local
curl -sSL https://github.com/SonarSource/travis-utils/tarball/v62 | tar zx --strip-components 1 -C ~/.local
# shellcheck disable=SC1090
source ~/.local/bin/install
}
configureTravis

#
# Travis fails on timeout when build does not print logs
# during 10 minutes. This aims to bypass this
# behavior when building the slow sonar-server sub-project.
#
keep_alive() {
while true; do
echo -en "\a"
sleep 60
done
}
keep_alive &

# When a pull request is open on the branch, then the job related
# to the branch does not need to be executed and should be canceled.
# It does not book slaves for nothing.
# @TravisCI please provide the feature natively, like at AppVeyor or CircleCI ;-)
cancel_branch_build_with_pr || if [[ $? -eq 1 ]]; then exit 0; fi

# Used by Next
INITIAL_VERSION=$(grep version gradle.properties | awk -F= '{print $2}')
export INITIAL_VERSION

source ./.travis/setup_environment.sh

# Analyse SonarQube on NEXT
export SONAR_HOST_URL=https://next.sonarqube.com/sonarqube

# Fetch all commit history so that SonarQube has exact blame information
# for issue auto-assignment
# This command can fail with "fatal: --unshallow on a complete repository does not make sense"
# if there are not enough commits in the Git repository (even if Travis executed git clone --depth 50).
# For this reason errors are ignored with "|| true"
git fetch --unshallow || true

BUILD_START_DATETIME=$(date --utc +%FT%TZ)
echo "$BUILD_START_DATETIME" > /tmp/build_start_time
./gradlew build --console plain

# exclude external pull requests
if [[ -n "${NEXT_TOKEN-}" ]]; then
sonar_params=(-Dsonar.projectKey=sonarqube
-Dsonar.host.url="$SONAR_HOST_URL"
-Dsonar.login="$NEXT_TOKEN"
-Dsonar.analysis.buildNumber="$BUILD_NUMBER"
-Dsonar.analysis.pipeline="$BUILD_NUMBER"
-Dsonar.analysis.sha1="$GIT_SHA1"
-Dsonar.analysis.repository="$TRAVIS_REPO_SLUG")

if [ "$TRAVIS_PULL_REQUEST" != "false" ]; then
echo '======= Analyze pull request'
./gradlew jacocoTestReport :server:sonar-web:yarn_validate-ci sonarqube --info --console plain \
"${sonar_params[@]}" \
-Dsonar.analysis.prNumber="$PULL_REQUEST_NUMBER" \
-Dsonar.pullrequest.branch="$GIT_BRANCH" \
-Dsonar.pullrequest.base="$PULL_REQUEST_BASE_BRANCH" \
-Dsonar.pullrequest.key="$PULL_REQUEST_NUMBER" \
-Dsonar.pullrequest.provider=github \
-Dsonar.pullrequest.github.repository="$TRAVIS_REPO_SLUG"
elif [ "${TRAVIS_BRANCH}" == "master" ]; then
echo '======= Analyze master'
./gradlew jacocoTestReport :server:sonar-web:yarn_validate-ci sonarqube --info --console plain \
"${sonar_params[@]}" \
-Dsonar.projectVersion="$INITIAL_VERSION"
else
echo '======= Analyze branch'
./gradlew jacocoTestReport :server:sonar-web:yarn_validate-ci sonarqube --info --console plain \
"${sonar_params[@]}" \
-Dsonar.branch.name="$GIT_BRANCH" \
-Dsonar.projectVersion="$INITIAL_VERSION"
fi

# Wait for 5mins, hopefully the report will be processed.
sleep 5m
./.travis/run_iris.sh

BUILD_END_DATETIME=$(date --utc +%FT%TZ)
notify_burgr "build" "build" "$TRAVIS_JOB_WEB_URL" "$BUILD_START_DATETIME" "$BUILD_END_DATETIME" || true
fi

Write Preview
Loading…
Cancel
Save