123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508 |
- # content of service-account-credentials.json, used to access to Google Cloud Platform
- gcp_credentials: ENCRYPTED[534d4b89444f3e4e3ba299769a98010609e71992355c132fd6e448f1d8fcb039184224c8b4cdf7933b0aec16d6a8896d]
-
- env:
- GRADLE_OPTS: -Dorg.gradle.daemon=false -Dorg.gradle.jvmargs="-XX:+PrintFlagsFinal -XshowSettings:vm -XX:+HeapDumpOnOutOfMemoryError -XX:+UnlockExperimentalVMOptions -Djava.security.egd=file:/dev/./urandom -Dfile.encoding=UTF8 -Duser.language=en -Duser.country=US"
- # to be replaced by other credentials
- ARTIFACTORY_PRIVATE_USERNAME: ENCRYPTED[c0baa3376daa1e08d602435081d07653799cf34ab09ca92e575f3dc4176bc6cf2ebf87120e83f3aa6804f072013e8e2b]
- ARTIFACTORY_PRIVATE_PASSWORD: ENCRYPTED[f13d32d218c3da8008114d2c8857b2956047fbdab2163bbf186b8b89f789f0efa7504f499749a59ad5988c14e5360353]
- ARTIFACTORY_DEPLOY_USERNAME: public-qa-deployer
- ARTIFACTORY_DEPLOY_PASSWORD: ENCRYPTED[9362d735843b21b375b6e19d91e0de5216e053e229e39e2ce33a0c866306e6e3f9b08db8a0e126ca5e986fea97e975fd]
- ARTIFACTORY_DEPLOY_USERNAME_PRIVATE: private-qa-deployer
- ARTIFACTORY_DEPLOY_PASSWORD_PRIVATE: ENCRYPTED[61769719e9b775afe103dbee22141eeaa0116b3332eafb993be2a5919ff7bf017cdc519afed07dc6cac8ebbc0846f191]
- ARTIFACTORY_API_KEY: ENCRYPTED[d52910db749f2678f43084b18c849486d68fbc02c2f5489c7ee1085c395de9dc7575313a8b348bb5361a693dd782e07e]
- # download licenses for testing commercial editions
- GITHUB_TOKEN: ENCRYPTED[!f272985ea5b49b3cf9c414b98de6a8e9096be47bfcee52f33311ba3131a2af637c1b956f49585b7757dd84b7c030233a!]
- # use a permanent GitHub access token to perform a clone (by default CirrusCI uses a temporary one)
- CIRRUS_REPO_CLONE_TOKEN: ENCRYPTED[f20fee6519296187a473964e60afb08a1bbdc889a624fad0297b41a21d8697f8d2da4d2d245194ade630dcf46b4b581e]
- # notifications to burgr
- BURGR_URL: ENCRYPTED[06b8fcc9aaa4b495043aa08bc4450b89588902ad9a60cc8525f53d14810aff84558812e4b7eb01131dd64f33916ac941]
- BURGR_USERNAME: ENCRYPTED[cf7bfb936025fb763013bbfef0ab5723c0d9b53f135d79af36f9defa933f4b5fc72842bd83a97ce9b614503c1b77e6da]
- BURGR_PASSWORD: ENCRYPTED[bc554fc6a06c9f14cc9924cefad0a69e962a905b6d1609fc9357d458b45fc52ac74c960ad9c7382a0691433fa9dcd483]
- # analysis on next.sonarqube.com
- SONARQUBE_NEXT_TOKEN: ENCRYPTED[e3d98fa0ecceb015e9803d47f78c3040f5a710d678a631107635d69f650d4e53ecaf2e2334cc1fe0c47037ec915dcda0]
- # to trigger docs deployment
- BUDDY_WORKS_TOKEN: ENCRYPTED[9ba648f3167b6f0c0befbba2f816bfffd53260fef06fb0fe8bba0a19ae4808c8b1567c5dcee2a2ee5299a5969058f495]
-
- auto_cancellation: $CIRRUS_BRANCH != 'master' && $CIRRUS_BRANCH !=~ 'branch.*'
-
- build_task:
- only_if: $CIRRUS_BRANCH !=~ "dogfood/.*" && $CIRRUS_BRANCH != "public_master"
- timeout_in: 90m
- gke_container:
- dockerfile: private/docker/Dockerfile-build
- builder_image_project: ci-cd-215716
- builder_image_name: docker-builder-v1
- cluster_name: cirrus-uscentral1a-cluster
- zone: us-central1-a
- namespace: default
- cpu: 1.7
- memory: 5Gb
- env:
- # No need to clone the full history.
- # Depth of 1 is not enough because it would fail the build in case of consecutive pushes
- # (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!")
- CIRRUS_CLONE_DEPTH: 50
- script:
- - ./private/cirrus/cirrus-build.sh
- on_failure:
- reports_artifacts:
- path: "**/build/reports/**/*"
-
- deploy_docs_task:
- depends_on: build
- only_if: $CIRRUS_BRANCH == 'dogfood-on-next'
- gke_container:
- dockerfile: private/docker/Dockerfile-build
- builder_image_project: ci-cd-215716
- builder_image_name: docker-builder-v1
- cluster_name: cirrus-uscentral1a-cluster
- zone: us-central1-a
- namespace: default
- cpu: 1
- memory: 1Gb
- env:
- # No need to clone the full history.
- # Depth of 1 is not enough because it would fail the build in case of consecutive pushes
- # (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!")
- CIRRUS_CLONE_DEPTH: 50
- script:
- - ./private/cirrus/cirrus-trigger-deploy-docs.sh
-
- validate_task:
- depends_on: build
- only_if: $CIRRUS_BRANCH !=~ "dogfood/.*" && $CIRRUS_BRANCH != "public_master" && $CIRRUS_BRANCH != "branch-nightly-build"
- timeout_in: 90m
- gke_container:
- dockerfile: private/docker/Dockerfile-build
- builder_image_project: ci-cd-215716
- builder_image_name: docker-builder-v1
- cluster_name: cirrus-uscentral1a-cluster
- zone: us-central1-a
- namespace: default
- cpu: 2.4
- memory: 10Gb
- additional_containers:
- - name: postgres
- image: postgres:12.1
- port: 5432
- cpu: 1
- memory: 1Gb
- env:
- POSTGRES_USER: postgres
- POSTGRES_PASSWORD: postgres
- script:
- - ./private/cirrus/cirrus-validate.sh postgres106
- on_failure:
- reports_artifacts:
- path: "**/build/reports/**/*"
- junit_artifacts:
- path: "**/test-results/**/*.xml"
- format: junit
-
- qa_task:
- depends_on: build
- only_if: $CIRRUS_BRANCH !=~ "dogfood/.*" && $CIRRUS_BRANCH != "public_master" && $CIRRUS_BRANCH != "branch-nightly-build"
- gke_container:
- dockerfile: private/docker/Dockerfile-build
- builder_image_project: ci-cd-215716
- builder_image_name: docker-builder-v1
- cluster_name: cirrus-uscentral1a-cluster
- zone: us-central1-a
- namespace: default
- cpu: 2.4
- memory: 10Gb
- additional_containers:
- - name: postgres
- image: postgres:12.1
- port: 5432
- cpu: 1
- memory: 1Gb
- env:
- POSTGRES_USER: postgres
- POSTGRES_PASSWORD: postgres
- env:
- # No need to clone the full history.
- # Depth of 1 is not enough because it would fail the build in case of consecutive pushes
- # (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!")
- CIRRUS_CLONE_DEPTH: 50
- matrix:
- QA_CATEGORY: Cat1
- QA_CATEGORY: Cat2
- QA_CATEGORY: Cat3
- QA_CATEGORY: Cat4
- QA_CATEGORY: Cat5
- QA_CATEGORY: Cat6
- QA_CATEGORY: Cat7
- QA_CATEGORY: Authentication
- QA_CATEGORY: Gov
- QA_CATEGORY: License
- QA_CATEGORY: Branch
- QA_CATEGORY: Upgrade
- script:
- - ./private/cirrus/cirrus-qa.sh postgres106
- on_failure:
- reports_artifacts:
- path: "**/build/reports/**/*"
- screenshots_artifacts:
- path: "**/build/screenshots/**/*"
- junit_artifacts:
- path: "**/test-results/**/*.xml"
- format: junit
-
- qa_ha_task:
- depends_on: build
- # Comment the following line and commit with message "DO NOT MERGE" in order to run
- # this task on your branch
- only_if: $CIRRUS_BRANCH == "branch-nightly-build"
- gke_container:
- dockerfile: private/docker/Dockerfile-build
- builder_image_project: ci-cd-215716
- builder_image_name: docker-builder-v1
- cluster_name: cirrus-uscentral1a-cluster
- zone: us-central1-a
- namespace: default
- cpu: 2.4
- memory: 10Gb
- additional_containers:
- - name: postgres
- image: postgres:12.1
- port: 5432
- cpu: 1
- memory: 1Gb
- env:
- POSTGRES_USER: postgres
- POSTGRES_PASSWORD: postgres
- env:
- # No need to clone the full history.
- # Depth of 1 is not enough because it would fail the build in case of consecutive pushes
- # (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!")
- CIRRUS_CLONE_DEPTH: 50
- QA_CATEGORY: HA
- gradle_cache:
- folder: ~/.gradle/caches
- script:
- - ./private/cirrus/cirrus-qa.sh postgres106
- cleanup_before_cache_script:
- - ./private/cirrus/cleanup-gradle-cache.sh
- on_failure:
- reports_artifacts:
- path: "**/build/reports/**/*"
- screenshots_artifacts:
- path: "**/build/screenshots/**/*"
- junit_artifacts:
- path: "**/test-results/**/*.xml"
- format: junit
-
- # SAML QA is executed in a dedicated task in order to not slow down the pipeline, as a Keycloak server docker image is required.
- qa_saml_task:
- depends_on: build
- # Comment the following line and commit with message "DO NOT MERGE" in order to run
- # this task on your branch
- only_if: $CIRRUS_BRANCH == "branch-nightly-build"
- gke_container:
- dockerfile: private/docker/Dockerfile-build
- builder_image_project: ci-cd-215716
- builder_image_name: docker-builder-v1
- cluster_name: cirrus-uscentral1a-cluster
- zone: us-central1-a
- namespace: default
- cpu: 2.4
- memory: 10Gb
- additional_containers:
- - name: keycloak
- image: jboss/keycloak:7.0.0
- port: 8080
- cpu: 1
- memory: 1Gb
- env:
- KEYCLOAK_USER: admin
- KEYCLOAK_PASSWORD: admin
- env:
- # No need to clone the full history.
- # Depth of 1 is not enough because it would fail the build in case of consecutive pushes
- # (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!")
- CIRRUS_CLONE_DEPTH: 50
- QA_CATEGORY: SAML
- gradle_cache:
- folder: ~/.gradle/caches
- script:
- - ./private/cirrus/cirrus-qa.sh h2
- cleanup_before_cache_script:
- - ./private/cirrus/cleanup-gradle-cache.sh
- on_failure:
- reports_artifacts:
- path: "**/build/reports/**/*"
- screenshots_artifacts:
- path: "**/build/screenshots/**/*"
- junit_artifacts:
- path: "**/test-results/**/*.xml"
- format: junit
-
- # LDAP QA is executed in a dedicated task in order to not slow down the pipeline, as a LDAP server and SonarQube server are re-started on each test.
- qa_ldap_task:
- depends_on: build
- # Comment the following line and commit with message "DO NOT MERGE" in order to run
- # this task on your branch
- only_if: $CIRRUS_BRANCH == "branch-nightly-build"
- gke_container:
- dockerfile: private/docker/Dockerfile-build
- builder_image_project: ci-cd-215716
- builder_image_name: docker-builder-v1
- cluster_name: cirrus-uscentral1a-cluster
- zone: us-central1-a
- namespace: default
- cpu: 2.4
- memory: 10Gb
- env:
- # No need to clone the full history.
- # Depth of 1 is not enough because it would fail the build in case of consecutive pushes
- # (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!")
- CIRRUS_CLONE_DEPTH: 50
- QA_CATEGORY: LDAP
- gradle_cache:
- folder: ~/.gradle/caches
- script:
- - ./private/cirrus/cirrus-qa.sh h2
- cleanup_before_cache_script:
- - ./private/cirrus/cleanup-gradle-cache.sh
- on_failure:
- reports_artifacts:
- path: "**/build/reports/**/*"
- screenshots_artifacts:
- path: "**/build/screenshots/**/*"
- junit_artifacts:
- path: "**/test-results/**/*.xml"
- format: junit
-
- # GH Action for updating plugins QA is only run if the action code is updated.
- qa_gh_action_task:
- skip: "!changesInclude('./private/github/actions/upgrade-plugins/**/*.*')"
- gke_container:
- dockerfile: private/docker/Dockerfile-build
- builder_image_project: ci-cd-215716
- builder_image_name: docker-builder-v1
- cluster_name: cirrus-uscentral1a-cluster
- zone: us-central1-a
- namespace: default
- cpu: 1
- memory: 1Gb
- env:
- # No need to clone the full history.
- # Depth of 1 is not enough because it would fail the build in case of consecutive pushes
- # (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!")
- CIRRUS_CLONE_DEPTH: 10
- gradle_cache:
- folder: ~/.gradle/caches
- script:
- - cd private/github/actions/upgrade-plugins
- - ../../../../gradlew test jacocoTestReport
- cleanup_before_cache_script:
- - ./private/cirrus/cleanup-gradle-cache.sh
- always:
- reports_artifacts:
- path: "private/github/actions/upgrade-plugins/build/reports/**/*"
- junit_artifacts:
- path: "private/github/actions/upgrade-plugins/build/test-results/**/*.xml"
- format: junit
-
- promote_task:
- depends_on:
- - build
- - validate
- - qa
- - qa_saml
- - qa_ldap
- only_if: $CIRRUS_BRANCH !=~ "dogfood/.*" && $CIRRUS_BRANCH != "public_master" && $CIRRUS_BRANCH != "branch-nightly-build"
- gke_container:
- dockerfile: private/docker/Dockerfile-build
- builder_image_project: ci-cd-215716
- builder_image_name: docker-builder-v1
- cluster_name: cirrus-uscentral1a-cluster
- zone: us-central1-a
- namespace: default
- cpu: 1
- memory: 1Gb
- env:
- # No need to clone the full history.
- # Depth of 1 is not enough because it would fail the build in case of consecutive pushes
- # (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!")
- CIRRUS_CLONE_DEPTH: 50
- script:
- - ./private/cirrus/cirrus-promote.sh
-
- sql_mssql2017_task:
- depends_on: build
- # Comment the following line and commit with message "DO NOT MERGE" in order to run
- # this task on your branch
- only_if: $CIRRUS_BRANCH == "branch-nightly-build"
- gke_container:
- dockerfile: private/docker/Dockerfile-build
- builder_image_project: ci-cd-215716
- builder_image_name: docker-builder-v1
- cluster_name: cirrus-uscentral1a-cluster
- zone: us-central1-a
- namespace: default
- cpu: 1
- memory: 5Gb
- additional_containers:
- - name: mssql
- image: mcr.microsoft.com/mssql/server:2017-GA-ubuntu
- port: 1433
- cpu: 2
- memory: 5Gb
- env:
- MSSQL_PID: Developer # this is the default edition
- ACCEPT_EULA: Y
- SA_PASSWORD: sonarqube!1
- script:
- - ./private/cirrus/cirrus-db-unit-test.sh mssql2017
- on_failure:
- reports_artifacts:
- path: "**/build/reports/**/*"
- junit_artifacts:
- path: "**/test-results/**/*.xml"
- format: junit
-
- # this is the oldest compatible version of PostgreSQL
- sql_postgres93_task:
- depends_on: build
- # Comment the following line and commit with message "DO NOT MERGE" in order to run
- # this task on your branch
- only_if: $CIRRUS_BRANCH == "branch-nightly-build"
- gke_container:
- dockerfile: private/docker/Dockerfile-build
- builder_image_project: ci-cd-215716
- builder_image_name: docker-builder-v1
- cluster_name: cirrus-uscentral1a-cluster
- zone: us-central1-a
- namespace: default
- cpu: 1
- memory: 5Gb
- additional_containers:
- - name: postgres
- image: postgres:9.3
- port: 5432
- cpu: 1
- memory: 1Gb
- env:
- POSTGRES_USER: postgres
- POSTGRES_PASSWORD: postgres
- script:
- - ./private/cirrus/cirrus-db-unit-test.sh postgres93
- on_failure:
- reports_artifacts:
- path: "**/build/reports/**/*"
- junit_artifacts:
- path: "**/test-results/**/*.xml"
- format: junit
-
- sql_oracle12_task:
- depends_on: build
- # Comment the following line and commit with message "DO NOT MERGE" in order to run
- # this task on your branch
- only_if: $CIRRUS_BRANCH == "branch-nightly-build"
- gke_container:
- dockerfile: private/docker/Dockerfile-build
- builder_image_project: ci-cd-215716
- builder_image_name: docker-builder-v1
- cluster_name: cirrus-uscentral1a-cluster
- zone: us-central1-a
- namespace: default
- cpu: 1
- memory: 5Gb
- additional_containers:
- - name: oracle
- image: gcr.io/ci-cd-215716/oracle12:0.0.1 # see https://github.com/SonarSource/vms/blob/master/docker/README.md#oracle-12c to build it
- port: 1521
- cpu: 2
- memory: 5Gb
- env:
- ORACLE_PWD: sonarqube
- script:
- - ./private/cirrus/cirrus-db-unit-test.sh oracle12
- on_failure:
- reports_artifacts:
- path: "**/build/reports/**/*"
- junit_artifacts:
- path: "**/test-results/**/*.xml"
- format: junit
-
- upgd_mssql2017_task:
- depends_on: build
- # Comment the following line and commit with message "DO NOT MERGE" in order to run
- # this task on your branch
- only_if: $CIRRUS_BRANCH == "branch-nightly-build"
- gke_container:
- dockerfile: private/docker/Dockerfile-build
- builder_image_project: ci-cd-215716
- builder_image_name: docker-builder-v1
- cluster_name: cirrus-uscentral1a-cluster
- zone: us-central1-a
- namespace: default
- cpu: 1.5
- memory: 6Gb
- additional_containers:
- - name: mssql
- image: mcr.microsoft.com/mssql/server:2017-GA-ubuntu
- port: 1433
- cpu: 2
- memory: 5Gb
- env:
- MSSQL_PID: Developer # this is the default edition
- ACCEPT_EULA: Y
- SA_PASSWORD: sonarqube!1
- env:
- # No need to clone the full history.
- # Depth of 1 is not enough because it would fail the build in case of consecutive pushes
- # (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!")
- CIRRUS_CLONE_DEPTH: 50
- matrix:
- QA_CATEGORY: Upgrade
- script:
- - ./private/cirrus/cirrus-qa.sh mssql2017
- on_failure:
- reports_artifacts:
- path: "**/build/reports/**/*"
- junit_artifacts:
- path: "**/test-results/**/*.xml"
- format: junit
-
-
- upgd_oracle12_task:
- depends_on: build
- # Comment the following line and commit with message "DO NOT MERGE" in order to run
- # this task on your branch
- only_if: $CIRRUS_BRANCH == "branch-nightly-build"
- gke_container:
- dockerfile: private/docker/Dockerfile-build
- builder_image_project: ci-cd-215716
- builder_image_name: docker-builder-v1
- cluster_name: cirrus-uscentral1a-cluster
- zone: us-central1-a
- namespace: default
- cpu: 1.5
- memory: 6Gb
- additional_containers:
- - name: oracle
- image: gcr.io/ci-cd-215716/oracle12:0.0.1 # see https://github.com/SonarSource/vms/blob/master/docker/README.md#oracle-12c to build it
- port: 1521
- cpu: 2
- memory: 5Gb
- env:
- ORACLE_PWD: sonarqube
- env:
- # No need to clone the full history.
- # Depth of 1 is not enough because it would fail the build in case of consecutive pushes
- # (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!")
- CIRRUS_CLONE_DEPTH: 50
- matrix:
- QA_CATEGORY: Upgrade
- script:
- - ./private/cirrus/cirrus-qa.sh oracle12
- on_failure:
- reports_artifacts:
- path: "**/build/reports/**/*"
- junit_artifacts:
- path: "**/test-results/**/*.xml"
- format: junit
|