env: GRADLE_OPTS: -Dorg.gradle.jvmargs="-XX:+PrintFlagsFinal -XshowSettings:vm -XX:+HeapDumpOnOutOfMemoryError -XX:+UnlockExperimentalVMOptions -Djava.security.egd=file:/dev/./urandom -Dfile.encoding=UTF8 -Duser.language=en -Duser.country=US" # to be replaced by other credentials ARTIFACTORY_PRIVATE_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader ARTIFACTORY_PRIVATE_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token] ARTIFACTORY_DEPLOY_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer ARTIFACTORY_DEPLOY_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token] ARTIFACTORY_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token] ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token] # download licenses for testing commercial editions GITHUB_TOKEN: VAULT[development/github/token/licenses-ro token] # notifications to burgr BURGR_URL: VAULT[development/kv/data/burgr data.url] BURGR_USERNAME: VAULT[development/kv/data/burgr data.cirrus_username] BURGR_PASSWORD: VAULT[development/kv/data/burgr data.cirrus_password] # analysis on next.sonarqube.com SONARQUBE_NEXT_TOKEN: VAULT[development/kv/data/next data.token] # to trigger docs deployment ELASTIC_PWD: VAULT[development/team/sonarqube/kv/data/elasticsearch-cloud data.password] CIRRUS_LOG_TIMESTAMP: true BRANCH_MAIN: "master" BRANCH_NIGHTLY: "branch-nightly-build" BRANCH_PATTERN_MAINTENANCE: "branch-.*" BRANCH_PATTERN_PUBLIC: "public_.*" auto_cancellation: $CIRRUS_BRANCH != $BRANCH_MAIN && $CIRRUS_BRANCH !=~ $BRANCH_PATTERN_MAINTENANCE skip_public_branches_template: &SKIP_PUBLIC_BRANCHES_TEMPLATE skip: $CIRRUS_BRANCH =~ $BRANCH_PATTERN_PUBLIC cache_dependencies_dependant_task_template: &CACHE_DEPENDENCIES_DEPENDANT_TASK_TEMPLATE depends_on: cache_dependencies build_dependant_task_template: &BUILD_DEPENDANT_TASK_TEMPLATE depends_on: build master_and_nightly_task_template: &MASTER_AND_NIGHTLY_TASK_TEMPLATE only_if: $CIRRUS_BRANCH == $BRANCH_NIGHTLY || $CIRRUS_BRANCH == $BRANCH_MAIN master_or_nightly_or_maintenance_task_template: &MASTER_OR_NIGHTLY_OR_MAINTENANCE_TASK_TEMPLATE only_if: $CIRRUS_BRANCH == $BRANCH_NIGHTLY || $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE except_nightly_task_template: &EXCEPT_ON_NIGHTLY_TASK_TEMPLATE only_if: $CIRRUS_BRANCH != $BRANCH_NIGHTLY database_related_task_template: &DATABASE_RELATED_TASK_TEMPLATE only_if: >- $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY || changesInclude('server/sonar-db-dao/**/*Mapper.xml', 'server/sonar-db-migration/**/DbVersion*.java', 'server/sonar-db-dao/**/*Dao.java', 'server/sonar-db-core/src/main/java/org/sonar/db/*.java') saml_task_template: &SAML_TASK_TEMPLATE only_if: >- $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY || changesInclude('server/sonar-auth-saml/src/main/java/**/*.java', 'server/sonar-auth-saml/src/main/resources/**/*', 'server/sonar-db-dao/src/main/**/SAML*.java', 'private/it-core/src/test/java/org/sonarqube/tests/saml/*.java', 'server/sonar-webserver-webapi/src/main/java/org/sonar/server/saml/**/*.java') ldap_task_template: &LDAP_TASK_TEMPLATE only_if: >- $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY || changesInclude('server/sonar-auth-ldap/src/main/java/**/*.java', 'server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/LdapCredentialsAuthentication.java', 'private/it-core/src/test/java/org/sonarqube/tests/ldap/*.java') github_task_template: &GITHUB_TASK_TEMPLATE only_if: >- $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY || changesInclude('private/core-extension-developer-server/src/main/java/com/sonarsource/branch/pr/github/**/*.java', 'private/core-extension-developer-server/src/main/java/com/sonarsource/github/**/*.java', 'private/it-branch/it-tests/src/test/java/com/sonarsource/branch/it/suite/pr/github/**/*.java', 'private/it-branch/it-tests/src/test/java/com/sonarsource/provisioning/github/*.java' ) gitlab_task_template: &GITLAB_TASK_TEMPLATE only_if: >- $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY || changesInclude('private/core-extension-developer-server/src/main/java/com/sonarsource/branch/pr/gitlab/**/*.java', 'private/it-branch/it-tests/src/test/java/com/sonarsource/branch/it/suite/pr/gitlab/**/*.java') azure_task_template: &AZURE_TASK_TEMPLATE only_if: >- $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY || changesInclude('private/core-extension-developer-server/src/main/java/com/sonarsource/branch/pr/azuredevops/**/*.java', 'private/it-branch/it-tests/src/test/java/com/sonarsource/branch/it/suite/pr/azure/**/*.java') bitbucket_server_task_template: &BITBUCKET_SERVER_TASK_TEMPLATE only_if: >- $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY || changesInclude('private/core-extension-developer-server/src/main/java/com/sonarsource/branch/pr/bitbucketserver/**/*.java', 'private/it-branch/it-tests/src/test/java/com/sonarsource/branch/it/suite/pr/bitbucketserver/**/*.java') bitbucket_cloud_task_template: &BITBUCKET_CLOUD_TASK_TEMPLATE only_if: >- $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY || changesInclude('private/core-extension-developer-server/src/main/java/com/sonarsource/branch/pr/bitbucket/**/*.java', 'private/it-branch/it-tests/src/test/java/com/sonarsource/branch/it/suite/pr/bitbucketcloud/**/*.java') docker_build_container_template: &CONTAINER_TEMPLATE region: eu-central-1 cluster_name: ${CIRRUS_CLUSTER_NAME} namespace: default builder_subnet_id: ${CIRRUS_AWS_SUBNET} builder_role: cirrus-builder builder_image: docker-builder-v* builder_instance_type: t2.small dockerfile: private/docker/Dockerfile-build docker_arguments: CIRRUS_AWS_ACCOUNT: ${CIRRUS_AWS_ACCOUNT} cpu: 1 memory: 2Gb vm_instance_template: &VM_TEMPLATE experimental: true # see https://github.com/cirruslabs/cirrus-ci-docs/issues/1051 image: docker-builder-v* type: t2.small region: eu-central-1 subnet_id: ${CIRRUS_AWS_SUBNET} disk: 10 cpu: 4 memory: 8G oracle_additional_container_template: &ORACLE_ADDITIONAL_CONTAINER_TEMPLATE name: oracle image: gvenzl/oracle-xe:21-faststart port: 1521 cpu: 2 memory: 5Gb env: ORACLE_PASSWORD: sonarqube APP_USER: sonarqube APP_USER_PASSWORD: sonarqube postgres_additional_container_template: &POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE name: postgres image: public.ecr.aws/docker/library/postgres:15 port: 5432 cpu: 1 memory: 1Gb env: POSTGRES_USER: postgres POSTGRES_PASSWORD: postgres default_artifact_template: &DEFAULT_ARTIFACTS_TEMPLATE on_failure: jest_junit_cleanup_script: > find . -type f -wholename "**/build/test-results/test-jest/junit.xml" -exec xmlstarlet edit --inplace --delete '//testsuite[@errors=0 and @failures=0]' {} \; junit_artifacts: path: "**/build/test-results/**/*.xml" type: "text/xml" format: junit reports_artifacts: path: "**/build/reports/**/*" screenshots_artifacts: path: "**/build/screenshots/**/*" always: profile_artifacts: path: "**/build/reports/profile/**/*" yarn_cache_template: &YARN_CACHE_TEMPLATE yarn_cache: folder: "~/.yarn/berry/cache" fingerprint_script: | cat \ server/sonar-web/yarn.lock \ private/core-extension-developer-server/yarn.lock \ private/core-extension-enterprise-server/yarn.lock \ private/core-extension-license/yarn.lock \ private/core-extension-securityreport/yarn.lock gradle_cache_template: &GRADLE_CACHE_TEMPLATE gradle_cache: folder: "~/.gradle/caches" fingerprint_script: find -type f \( -name "*.gradle*" -or -name "gradle*.properties" \) | sort | xargs cat jar_cache_template: &JAR_CACHE_TEMPLATE jar_cache: folder: "**/build/libs/*.jar" fingerprint_key: jar-cache_$CIRRUS_BUILD_ID eslint_report_cache_template: &ESLINT_REPORT_CACHE_TEMPLATE eslint_report_cache: folders: - server/sonar-web/eslint-report/ - server/sonar-web/design-system/eslint-report/ - private/core-extension-securityreport/eslint-report/ - private/core-extension-license/eslint-report/ - private/core-extension-enterprise-server/eslint-report/ - private/core-extension-developer-server/eslint-report/ fingerprint_script: echo $CIRRUS_BUILD_ID jest_report_cache_template: &JEST_REPORT_CACHE_TEMPLATE jest_report_cache: folders: - server/sonar-web/coverage/ - server/sonar-web/design-system/coverage/ - private/core-extension-securityreport/coverage/ - private/core-extension-license/coverage/ - private/core-extension-enterprise-server/coverage/ - private/core-extension-developer-server/coverage/ fingerprint_script: echo $CIRRUS_BUILD_ID junit_report_cache_template: &JUNIT_REPORT_CACHE_TEMPLATE junit_report_cache: folders: - "**/reports/jacoco" - "**/test-results/test" fingerprint_script: echo $CIRRUS_BUILD_ID default_template: &DEFAULT_TEMPLATE <<: *SKIP_PUBLIC_BRANCHES_TEMPLATE clone_script: | git init git remote add origin https://x-access-token:${CIRRUS_REPO_CLONE_TOKEN}@github.com/${CIRRUS_REPO_FULL_NAME}.git git fetch origin $CIRRUS_CHANGE_IN_REPO $FETCH_DEPTH git reset --hard $CIRRUS_CHANGE_IN_REPO env: FETCH_DEPTH: --depth=1 cache_dependencies_task: <<: *DEFAULT_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE eks_container: <<: *CONTAINER_TEMPLATE cpu: 2 memory: 4Gb script: - ./private/cirrus/cirrus-cache-dependencies.sh <<: *DEFAULT_ARTIFACTS_TEMPLATE build_task: <<: *DEFAULT_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE <<: *YARN_CACHE_TEMPLATE <<: *JAR_CACHE_TEMPLATE <<: *CACHE_DEPENDENCIES_DEPENDANT_TASK_TEMPLATE eks_container: <<: *CONTAINER_TEMPLATE cpu: 7.5 memory: 8Gb script: - ./private/cirrus/cirrus-build.sh <<: *DEFAULT_ARTIFACTS_TEMPLATE publish_task: <<: *DEFAULT_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE <<: *BUILD_DEPENDANT_TASK_TEMPLATE eks_container: <<: *CONTAINER_TEMPLATE cpu: 4 memory: 4Gb env: ORG_GRADLE_PROJECT_signingKey: VAULT[development/kv/data/sign data.key] ORG_GRADLE_PROJECT_signingPassword: VAULT[development/kv/data/sign data.passphrase] ORG_GRADLE_PROJECT_signingKeyId: VAULT[development/kv/data/sign data.key_id] script: - ./private/cirrus/cirrus-publish.sh yarn_lint_task: <<: *DEFAULT_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE <<: *YARN_CACHE_TEMPLATE <<: *ESLINT_REPORT_CACHE_TEMPLATE <<: *CACHE_DEPENDENCIES_DEPENDANT_TASK_TEMPLATE eks_container: <<: *CONTAINER_TEMPLATE cpu: 3 memory: 6Gb script: - ./private/cirrus/cirrus-yarn-lint-report.sh <<: *DEFAULT_ARTIFACTS_TEMPLATE yarn_check_task: <<: *DEFAULT_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE <<: *YARN_CACHE_TEMPLATE <<: *CACHE_DEPENDENCIES_DEPENDANT_TASK_TEMPLATE eks_container: <<: *CONTAINER_TEMPLATE cpu: 3 memory: 4Gb script: | ./private/cirrus/cirrus-env.sh YARN gradle yarn_check-ci --profile <<: *DEFAULT_ARTIFACTS_TEMPLATE yarn_validate_task: <<: *DEFAULT_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE <<: *YARN_CACHE_TEMPLATE <<: *JEST_REPORT_CACHE_TEMPLATE <<: *CACHE_DEPENDENCIES_DEPENDANT_TASK_TEMPLATE eks_container: <<: *CONTAINER_TEMPLATE cpu: 7.5 memory: 25Gb script: - ./private/cirrus/cirrus-yarn-validate-ci.sh <<: *DEFAULT_ARTIFACTS_TEMPLATE junit_task: <<: *DEFAULT_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE <<: *JUNIT_REPORT_CACHE_TEMPLATE <<: *CACHE_DEPENDENCIES_DEPENDANT_TASK_TEMPLATE eks_container: <<: *CONTAINER_TEMPLATE cpu: 7.5 memory: 10Gb script: - ./private/cirrus/cirrus-junit.sh <<: *DEFAULT_ARTIFACTS_TEMPLATE sq_analysis_task: <<: *SKIP_PUBLIC_BRANCHES_TEMPLATE <<: *EXCEPT_ON_NIGHTLY_TASK_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE <<: *YARN_CACHE_TEMPLATE <<: *JEST_REPORT_CACHE_TEMPLATE <<: *ESLINT_REPORT_CACHE_TEMPLATE <<: *JUNIT_REPORT_CACHE_TEMPLATE depends_on: - yarn_validate - yarn_lint - junit eks_container: <<: *CONTAINER_TEMPLATE cpu: 7.5 memory: 15Gb script: - ./private/cirrus/cirrus-sq-analysis.sh <<: *DEFAULT_ARTIFACTS_TEMPLATE qa_task: <<: *DEFAULT_TEMPLATE <<: *BUILD_DEPENDANT_TASK_TEMPLATE <<: *CACHE_DEPENDENCIES_DEPENDANT_TASK_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE <<: *JAR_CACHE_TEMPLATE eks_container: <<: *CONTAINER_TEMPLATE cpu: 3 memory: 7Gb additional_containers: - <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE name: QA $QA_CATEGORY alias: qa env: matrix: # QA name should not exceed 13 characters to be properly reported on wallboard by burgr # QA name cannot contain "_" - QA_CATEGORY: Cat1 - QA_CATEGORY: Cat2 - QA_CATEGORY: Cat3 - QA_CATEGORY: Cat4 - QA_CATEGORY: Cat5 - QA_CATEGORY: Cat6 - QA_CATEGORY: Analysis - QA_CATEGORY: Authorization - QA_CATEGORY: Auth - QA_CATEGORY: Branch1 - QA_CATEGORY: Branch2 - QA_CATEGORY: CE1 - QA_CATEGORY: CE2 - QA_CATEGORY: ComputeEngine - QA_CATEGORY: DE1 - QA_CATEGORY: DE2 - QA_CATEGORY: EE1 - QA_CATEGORY: EE2 - QA_CATEGORY: Issues1 - QA_CATEGORY: Issues2 - QA_CATEGORY: License1 - QA_CATEGORY: License2 - QA_CATEGORY: Plugins - QA_CATEGORY: Project - QA_CATEGORY: QP - QA_CATEGORY: Upgrade script: - ./private/cirrus/cirrus-qa.sh postgres <<: *DEFAULT_ARTIFACTS_TEMPLATE task: #bitbucket <<: *DEFAULT_TEMPLATE <<: *BUILD_DEPENDANT_TASK_TEMPLATE <<: *JAR_CACHE_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE <<: *BITBUCKET_SERVER_TASK_TEMPLATE eks_container: <<: *CONTAINER_TEMPLATE cpu: 3 memory: 10Gb additional_containers: - <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE maven_cache: folder: ~/.m2 env: QA_CATEGORY: BITBUCKET matrix: - name: qa_bb_5.15.0 bitbucket_background_script: ./private/cirrus/cirrus-start-bitbucket.sh 5.15.0 - name: qa_bb_latest bitbucket_background_script: ./private/cirrus/cirrus-start-bitbucket.sh LATEST wait_for_bitbucket_to_boot_script: secs=3600; endTime=$(( $(date +%s) + secs )); while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:7990/bitbucket/status)" != "200" ]] || [ $(date +%s) -gt $endTime ]; do sleep 5; done script: - ./private/cirrus/cirrus-qa.sh postgres <<: *DEFAULT_ARTIFACTS_TEMPLATE qa_bb_cloud_task: <<: *DEFAULT_TEMPLATE <<: *BUILD_DEPENDANT_TASK_TEMPLATE <<: *JAR_CACHE_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE <<: *BITBUCKET_CLOUD_TASK_TEMPLATE eks_container: <<: *CONTAINER_TEMPLATE cpu: 2.4 memory: 7Gb env: QA_CATEGORY: BITBUCKET_CLOUD BBC_CLIENT_ID: VAULT[development/team/sonarqube/kv/data/bitbucket-cloud data.client_id] BBC_CLIENT_SECRET: VAULT[development/team/sonarqube/kv/data/bitbucket-cloud data.client_secret] BBC_USERNAME: VAULT[development/kv/data/bitbucket/sonarqube-its data.username] BBC_READ_REPOS_APP_PASSWORD: VAULT[development/kv/data/bitbucket/sonarqube-its data.password] script: - ./private/cirrus/cirrus-qa.sh h2 <<: *DEFAULT_ARTIFACTS_TEMPLATE qa_ha_task: <<: *DEFAULT_TEMPLATE <<: *BUILD_DEPENDANT_TASK_TEMPLATE <<: *MASTER_OR_NIGHTLY_OR_MAINTENANCE_TASK_TEMPLATE <<: *JAR_CACHE_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE eks_container: <<: *CONTAINER_TEMPLATE cpu: 2.4 memory: 10Gb additional_containers: - <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE env: QA_CATEGORY: HA script: - ./private/cirrus/cirrus-qa.sh postgres <<: *DEFAULT_ARTIFACTS_TEMPLATE qa_performance_task: <<: *DEFAULT_TEMPLATE <<: *BUILD_DEPENDANT_TASK_TEMPLATE <<: *MASTER_AND_NIGHTLY_TASK_TEMPLATE <<: *JAR_CACHE_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE eks_container: <<: *CONTAINER_TEMPLATE cpu: 2.4 memory: 10Gb additional_containers: - <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE env: QA_CATEGORY: AnalysisPerformance script: - ./private/cirrus/cirrus-qa.sh postgres <<: *DEFAULT_ARTIFACTS_TEMPLATE # GitLab QA is executed in a dedicated task in order to not slow down the pipeline, as a GitLab on-prem server docker image is required. qa_gitlab_task: <<: *DEFAULT_TEMPLATE <<: *BUILD_DEPENDANT_TASK_TEMPLATE <<: *JAR_CACHE_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE <<: *GITLAB_TASK_TEMPLATE depends_on: - build env: QA_CATEGORY: GITLAB matrix: - name: qa_gitlab_latest env: - GITLAB_VERSION: latest - name: qa_gitlab_oldest env: - GITLAB_VERSION: 15.6.2-ce.0 eks_container: <<: *CONTAINER_TEMPLATE cpu: 2.4 memory: 7Gb use_in_memory_disk: true additional_containers: - name: gitlab ports: - 80 - 443 cpu: 2 memory: 8Gb image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/gitlab:${GITLAB_VERSION} env: - GITLAB_POST_RECONFIGURE_SCRIPT: |- { cat >/tmp/setup.rb <<-'EOF' token = User.find_by_username('root').personal_access_tokens.create(scopes: [:api], name: 'token'); token.set_token('token-here-456'); token.expires_at = Date.today+10.day token.save!; token_read = User.find_by_username('root').personal_access_tokens.create(scopes: [:read_user], name: 'token_read'); token_read.set_token('token-read-123'); token_read.expires_at = Date.today+10.day token_read.save!; user = User.find_by_username('root'); user.password = 'eng-YTU1ydh6kyt7tjd'; user.password_confirmation = 'eng-YTU1ydh6kyt7tjd'; user.save!; EOF } && gitlab-rails runner /tmp/setup.rb && \ echo 'from_file "/etc/gitlab/external_gitlab.rb"' >> /etc/gitlab/gitlab.rb && \ gitlab-ctl reconfigure script: - ./private/cirrus/cirrus-qa.sh h2 <<: *DEFAULT_ARTIFACTS_TEMPLATE qa_gitlab_cloud_task: <<: *DEFAULT_TEMPLATE <<: *BUILD_DEPENDANT_TASK_TEMPLATE <<: *JAR_CACHE_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE <<: *GITLAB_TASK_TEMPLATE eks_container: <<: *CONTAINER_TEMPLATE cpu: 2.4 memory: 7Gb use_in_memory_disk: true env: QA_CATEGORY: GITLAB_CLOUD GITLAB_API_TOKEN: VAULT[development/team/sonarqube/kv/data/gitlab-cloud data.api_token] GITLAB_READ_ONLY_TOKEN: VAULT[development/team/sonarqube/kv/data/gitlab-cloud data.api_token_ro] GITLAB_ADMIN_USERNAME: VAULT[development/team/sonarqube/kv/data/gitlab-cloud data.username] GITLAB_ADMIN_PASSWORD: VAULT[development/team/sonarqube/kv/data/gitlab-cloud data.password] script: - ./private/cirrus/cirrus-qa.sh h2 <<: *DEFAULT_ARTIFACTS_TEMPLATE # Azure QA is executed in a dedicated task in order to not slow down the pipeline. qa_azure_task: <<: *DEFAULT_TEMPLATE <<: *BUILD_DEPENDANT_TASK_TEMPLATE <<: *JAR_CACHE_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE <<: *AZURE_TASK_TEMPLATE eks_container: <<: *CONTAINER_TEMPLATE cpu: 2.4 memory: 7Gb env: QA_CATEGORY: AZURE AZURE_USERNAME_LOGIN: VAULT[development/team/sonarqube/kv/data/azure-instance data.username] AZURE_CODE_READ_AND_WRITE_TOKEN: VAULT[development/team/sonarqube/kv/data/azure-instance data.token_code_read_write] AZURE_FULL_ACCESS_TOKEN: VAULT[development/team/sonarqube/kv/data/azure-instance data.token_full_access] script: - ./private/cirrus/cirrus-qa.sh h2 <<: *DEFAULT_ARTIFACTS_TEMPLATE qa_github_task: <<: *DEFAULT_TEMPLATE <<: *BUILD_DEPENDANT_TASK_TEMPLATE <<: *GITHUB_TASK_TEMPLATE <<: *JAR_CACHE_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE eks_container: <<: *CONTAINER_TEMPLATE cpu: 4 memory: 7Gb env: QA_CATEGORY: GITHUB GITHUB_COM_CODE_SCANNING_ALERTS_TECHNICAL_USER_USERNAME: QA-task GITHUB_COM_CODE_SCANNING_ALERTS_TECHNICAL_USER_TOKEN: VAULT[development/github/token/SonarSource-sonar-enterprise-code-scanning token] script: - ./private/cirrus/cirrus-qa.sh h2 <<: *DEFAULT_ARTIFACTS_TEMPLATE qa_github_provisioning_task: <<: *DEFAULT_TEMPLATE <<: *BUILD_DEPENDANT_TASK_TEMPLATE <<: *GITHUB_TASK_TEMPLATE <<: *JAR_CACHE_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE eks_container: <<: *CONTAINER_TEMPLATE cpu: 4 memory: 7Gb env: QA_CATEGORY: GITHUB_PROVISIONING script: - ./private/cirrus/cirrus-qa.sh h2 <<: *DEFAULT_ARTIFACTS_TEMPLATE # SAML QA is executed in a dedicated task in order to not slow down the pipeline, as a Keycloak server docker image is required. qa_saml_task: <<: *DEFAULT_TEMPLATE <<: *BUILD_DEPENDANT_TASK_TEMPLATE <<: *SAML_TASK_TEMPLATE <<: *JAR_CACHE_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE eks_container: <<: *CONTAINER_TEMPLATE cpu: 2.4 memory: 10Gb additional_containers: - name: keycloak image: quay.io/keycloak/keycloak:21.1.1 port: 8080 cpu: 1 memory: 1Gb command: "/opt/keycloak/bin/kc.sh start-dev --http-relative-path /auth" env: KEYCLOAK_ADMIN: admin KEYCLOAK_ADMIN_PASSWORD: admin env: QA_CATEGORY: SAML script: - ./private/cirrus/cirrus-qa.sh h2 <<: *DEFAULT_ARTIFACTS_TEMPLATE # LDAP QA is executed in a dedicated task in order to not slow down the pipeline, as a LDAP server and SonarQube server are re-started on each test. qa_ldap_task: <<: *DEFAULT_TEMPLATE <<: *BUILD_DEPENDANT_TASK_TEMPLATE <<: *LDAP_TASK_TEMPLATE <<: *JAR_CACHE_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE eks_container: <<: *CONTAINER_TEMPLATE cpu: 2.4 memory: 10Gb env: QA_CATEGORY: LDAP script: - ./private/cirrus/cirrus-qa.sh h2 <<: *DEFAULT_ARTIFACTS_TEMPLATE promote_task: <<: *DEFAULT_TEMPLATE <<: *EXCEPT_ON_NIGHTLY_TASK_TEMPLATE depends_on: - build - sq_analysis - qa - qa_saml - qa_ldap - publish eks_container: <<: *CONTAINER_TEMPLATE memory: 512M stateful: true script: - ./private/cirrus/cirrus-promote.sh package_docker_task: <<: *DEFAULT_TEMPLATE depends_on: promote only_if: $CIRRUS_BRANCH == $BRANCH_MAIN ec2_instance: <<: *VM_TEMPLATE clone_script: | git clone --recursive --branch=$CIRRUS_BRANCH https://x-access-token:${CIRRUS_REPO_CLONE_TOKEN}@github.com/${CIRRUS_REPO_FULL_NAME}.git $CIRRUS_WORKING_DIR --depth=1 git fetch origin $CIRRUS_CHANGE_IN_REPO --depth=1 git reset --hard $CIRRUS_CHANGE_IN_REPO install_tooling_script: - ./private/cirrus/cirrus-tooling-for-package-docker.sh package_script: - ./private/cirrus/cirrus-package-docker.sh sql_mssql_task: <<: *DEFAULT_TEMPLATE <<: *BUILD_DEPENDANT_TASK_TEMPLATE <<: *DATABASE_RELATED_TASK_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE eks_container: <<: *CONTAINER_TEMPLATE memory: 5Gb additional_containers: - name: mssql image: mcr.microsoft.com/mssql/server:2019-GA-ubuntu-16.04 port: 1433 cpu: 2 memory: 5Gb env: MSSQL_PID: Developer # this is the default edition ACCEPT_EULA: Y SA_PASSWORD: sonarqube!1 script: - ./private/cirrus/cirrus-db-unit-test.sh mssql <<: *DEFAULT_ARTIFACTS_TEMPLATE sql_postgres_task: <<: *DEFAULT_TEMPLATE <<: *BUILD_DEPENDANT_TASK_TEMPLATE <<: *DATABASE_RELATED_TASK_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE eks_container: <<: *CONTAINER_TEMPLATE memory: 5Gb additional_containers: - <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE script: - ./private/cirrus/cirrus-db-unit-test.sh postgres <<: *DEFAULT_ARTIFACTS_TEMPLATE # this is the oldest compatible version of PostgreSQL sql_postgres11_task: <<: *DEFAULT_TEMPLATE <<: *BUILD_DEPENDANT_TASK_TEMPLATE <<: *DATABASE_RELATED_TASK_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE eks_container: <<: *CONTAINER_TEMPLATE memory: 5Gb additional_containers: - <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE image: public.ecr.aws/docker/library/postgres:11 script: - ./private/cirrus/cirrus-db-unit-test.sh postgres <<: *DEFAULT_ARTIFACTS_TEMPLATE sql_oracle21_task: <<: *DEFAULT_TEMPLATE <<: *BUILD_DEPENDANT_TASK_TEMPLATE <<: *DATABASE_RELATED_TASK_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE eks_container: <<: *CONTAINER_TEMPLATE memory: 5Gb additional_containers: - <<: *ORACLE_ADDITIONAL_CONTAINER_TEMPLATE script: - ./private/cirrus/cirrus-db-unit-test.sh oracle21 <<: *DEFAULT_ARTIFACTS_TEMPLATE upgd_mssql_task: <<: *DEFAULT_TEMPLATE <<: *BUILD_DEPENDANT_TASK_TEMPLATE <<: *DATABASE_RELATED_TASK_TEMPLATE <<: *JAR_CACHE_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE eks_container: <<: *CONTAINER_TEMPLATE cpu: 1.5 memory: 6Gb additional_containers: - name: mssql image: mcr.microsoft.com/mssql/server:2022-latest port: 1433 cpu: 2 memory: 5Gb env: MSSQL_PID: Developer # this is the default edition ACCEPT_EULA: Y SA_PASSWORD: sonarqube!1 env: QA_CATEGORY: Upgrade script: - ./private/cirrus/cirrus-qa.sh mssql <<: *DEFAULT_ARTIFACTS_TEMPLATE upgd_oracle21_task: <<: *DEFAULT_TEMPLATE <<: *BUILD_DEPENDANT_TASK_TEMPLATE <<: *DATABASE_RELATED_TASK_TEMPLATE <<: *JAR_CACHE_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE eks_container: <<: *CONTAINER_TEMPLATE cpu: 1.5 memory: 6Gb additional_containers: - <<: *ORACLE_ADDITIONAL_CONTAINER_TEMPLATE env: QA_CATEGORY: Upgrade script: - ./private/cirrus/cirrus-qa.sh oracle21 <<: *DEFAULT_ARTIFACTS_TEMPLATE mend_scan_task: <<: *DEFAULT_TEMPLATE <<: *BUILD_DEPENDANT_TASK_TEMPLATE only_if: >- $CIRRUS_BRANCH == $BRANCH_MAIN || ($CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE && $CIRRUS_BRANCH != $BRANCH_NIGHTLY) <<: *YARN_CACHE_TEMPLATE <<: *GRADLE_CACHE_TEMPLATE timeout_in: 30m eks_container: <<: *CONTAINER_TEMPLATE cpu: 2 memory: 4Gb env: WS_APIKEY: VAULT[development/kv/data/mend data.apikey] WS_WSS_URL: VAULT[development/kv/data/mend data.url] WS_USERKEY: VAULT[development/kv/data/mend data.userKey] SLACK_WEBHOOK_SQ: VAULT[development/kv/data/slack data.webhook] mend_script: - ./private/cirrus/cirrus-mend-scan.sh allow_failures: "true" on_failure: slack_notification_script: - ./private/cirrus/cirrus-mend-notifications.sh always: ws_artifacts: path: "whitesource/**/*"