sonarqube/.cirrus.yml

env:
  GRADLE_OPTS: -Dorg.gradle.jvmargs="-XX:+PrintFlagsFinal -XshowSettings:vm -XX:+HeapDumpOnOutOfMemoryError -XX:+UnlockExperimentalVMOptions -Djava.security.egd=file:/dev/./urandom -Dfile.encoding=UTF8 -Duser.language=en -Duser.country=US"
  # to be replaced by other credentials
  ARTIFACTORY_PRIVATE_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader
  ARTIFACTORY_PRIVATE_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
  ARTIFACTORY_DEPLOY_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer
  ARTIFACTORY_DEPLOY_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token]
  ARTIFACTORY_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
  ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token]
  # download licenses for testing commercial editions
  GITHUB_TOKEN: VAULT[development/github/token/licenses-ro token]
  # notifications to burgr
  BURGR_URL: VAULT[development/kv/data/burgr data.url]
  BURGR_USERNAME: VAULT[development/kv/data/burgr data.cirrus_username]
  BURGR_PASSWORD: VAULT[development/kv/data/burgr data.cirrus_password]
  # analysis on next.sonarqube.com
  SONARQUBE_NEXT_TOKEN: VAULT[development/kv/data/next data.token]
  # to trigger docs deployment
  ELASTIC_PWD: VAULT[development/team/sonarqube/kv/data/elasticsearch-cloud data.password]
  DATADOG_APIKEY: VAULT[development/team/sonarqube/kv/data/sq-datadog data.apikey]
  CIRRUS_LOG_TIMESTAMP: true
  BRANCH_MAIN: "master"
  BRANCH_NIGHTLY: "branch-nightly-build"
  BRANCH_PATTERN_MAINTENANCE: "branch-.*"
  BRANCH_PATTERN_PUBLIC: "public_.*"

auto_cancellation: $CIRRUS_BRANCH != $BRANCH_MAIN && $CIRRUS_BRANCH !=~ $BRANCH_PATTERN_MAINTENANCE

skip_public_branches_template: &SKIP_PUBLIC_BRANCHES_TEMPLATE
  skip: $CIRRUS_BRANCH =~ $BRANCH_PATTERN_PUBLIC

cache_dependencies_dependant_task_template:
  &CACHE_DEPENDENCIES_DEPENDANT_TASK_TEMPLATE
  depends_on: cache_dependencies

build_dependant_task_template: &BUILD_DEPENDANT_TASK_TEMPLATE
  depends_on: build

master_and_nightly_task_template: &MASTER_AND_NIGHTLY_TASK_TEMPLATE
  only_if: $CIRRUS_BRANCH == $BRANCH_NIGHTLY || $CIRRUS_BRANCH == $BRANCH_MAIN

master_or_nightly_or_maintenance_task_template:
  &MASTER_OR_NIGHTLY_OR_MAINTENANCE_TASK_TEMPLATE
  only_if: $CIRRUS_BRANCH == $BRANCH_NIGHTLY || $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE

except_nightly_task_template: &EXCEPT_ON_NIGHTLY_TASK_TEMPLATE
  only_if: $CIRRUS_BRANCH != $BRANCH_NIGHTLY

database_related_task_template: &DATABASE_RELATED_TASK_TEMPLATE
  only_if: >-
    $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY ||
    changesInclude('server/sonar-db-dao/**/*Mapper.xml', 'server/sonar-db-migration/**/DbVersion*.java', 'server/sonar-db-dao/**/*Dao.java', 'server/sonar-db-core/src/main/java/org/sonar/db/*.java')

saml_task_template: &SAML_TASK_TEMPLATE
  only_if: >-
    $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY ||
    changesInclude('server/sonar-auth-saml/src/main/java/**/*.java', 'server/sonar-auth-saml/src/main/resources/**/*', 'server/sonar-db-dao/src/main/**/SAML*.java', 'private/it-core/src/test/java/org/sonarqube/tests/saml/*.java', 'server/sonar-webserver-webapi/src/main/java/org/sonar/server/saml/**/*.java')

ldap_task_template: &LDAP_TASK_TEMPLATE
  only_if: >-
    $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY ||
    changesInclude('server/sonar-auth-ldap/src/main/java/**/*.java', 'server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/LdapCredentialsAuthentication.java', 'private/it-core/src/test/java/org/sonarqube/tests/ldap/*.java')

github_task_template: &GITHUB_TASK_TEMPLATE
  only_if: >-
    $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY ||
    changesInclude('private/core-extension-developer-server/src/main/java/com/sonarsource/branch/pr/github/**/*.java',
    'private/core-extension-developer-server/src/main/java/com/sonarsource/github/**/*.java',
    'private/it-branch/it-tests/src/test/java/com/sonarsource/branch/it/suite/pr/github/**/*.java',
    'private/it-branch/it-tests/src/test/java/com/sonarsource/provisioning/github/*.java',
    'private/core-extension-github-provisioning/**/*'
    )

gitlab_task_template: &GITLAB_TASK_TEMPLATE
  only_if: >-
    $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY ||
    changesInclude('private/core-extension-developer-server/src/main/java/com/sonarsource/branch/pr/gitlab/**/*.java', 
    'private/it-branch/it-tests/src/test/java/com/sonarsource/branch/it/suite/pr/gitlab/**/*.java',
    'private/core-extension-gitlab-vulnerability-report/src/main/**/*.java')

azure_task_template: &AZURE_TASK_TEMPLATE
  only_if: >-
    $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY ||
    changesInclude('private/core-extension-developer-server/src/main/java/com/sonarsource/branch/pr/azuredevops/**/*.java', 'private/it-branch/it-tests/src/test/java/com/sonarsource/branch/it/suite/pr/azure/**/*.java')

bitbucket_server_task_template: &BITBUCKET_SERVER_TASK_TEMPLATE
  only_if: >-
    $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY ||
    changesInclude('private/core-extension-developer-server/src/main/java/com/sonarsource/branch/pr/bitbucketserver/**/*.java', 'private/it-branch/it-tests/src/test/java/com/sonarsource/branch/it/suite/pr/bitbucketserver/**/*.java')

bitbucket_cloud_task_template: &BITBUCKET_CLOUD_TASK_TEMPLATE
  only_if: >-
    $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY ||
    changesInclude('private/core-extension-developer-server/src/main/java/com/sonarsource/branch/pr/bitbucket/**/*.java', 'private/it-branch/it-tests/src/test/java/com/sonarsource/branch/it/suite/pr/bitbucketcloud/**/*.java')

docker_build_container_template: &CONTAINER_TEMPLATE
  region: eu-central-1
  cluster_name: ${CIRRUS_CLUSTER_NAME}
  namespace: default
  builder_subnet_id: ${CIRRUS_AWS_SUBNET}
  builder_role: cirrus-builder
  builder_image: docker-builder-v*
  builder_instance_type: t2.small
  dockerfile: private/docker/Dockerfile-build
  docker_arguments:
    CIRRUS_AWS_ACCOUNT: ${CIRRUS_AWS_ACCOUNT}
  cpu: 1
  memory: 2Gb

vm_instance_template: &VM_TEMPLATE
  experimental: true # see https://github.com/cirruslabs/cirrus-ci-docs/issues/1051
  image: docker-builder-v*
  type: t2.small
  region: eu-central-1
  subnet_id: ${CIRRUS_AWS_SUBNET}
  disk: 10
  cpu: 4
  memory: 8G

t2xlarge_node_selector: &T2XLARGE_NODE_SELECTOR
  nodeSelectorTerms:
    - matchExpressions:
        - key: node.kubernetes.io/instance-type
          operator: In
          values: t2.xlarge

oracle_additional_container_template: &ORACLE_ADDITIONAL_CONTAINER_TEMPLATE
  name: oracle
  image: gvenzl/oracle-xe:21-faststart
  port: 1521
  cpu: 2
  memory: 5Gb
  env:
    ORACLE_PASSWORD: sonarqube
    APP_USER: sonarqube
    APP_USER_PASSWORD: sonarqube

postgres_additional_container_template: &POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
  name: postgres
  image: public.ecr.aws/docker/library/postgres:15
  port: 5432
  cpu: 1
  memory: 1Gb
  env:
    POSTGRES_USER: postgres
    POSTGRES_PASSWORD: postgres

default_artifact_template: &DEFAULT_ARTIFACTS_TEMPLATE
  on_failure:
    jest_junit_cleanup_script: >
      find . -type f -wholename "**/build/test-results/test-jest/junit.xml" -exec
      xmlstarlet edit --inplace --delete '//testsuite[@errors=0 and @failures=0]' {} \;
    junit_artifacts:
      path: "**/build/test-results/**/*.xml"
      type: "text/xml"
      format: junit
    reports_artifacts:
      path: "**/build/reports/**/*"
    screenshots_artifacts:
      path: "**/build/screenshots/**/*"
  always:
    profile_artifacts:
      path: "**/build/reports/profile/**/*"

yarn_cache_template: &YARN_CACHE_TEMPLATE
  yarn_cache:
    folder: "~/.yarn/berry/cache"
    fingerprint_script: |
      cat \
        server/sonar-web/yarn.lock \
        private/core-extension-developer-server/yarn.lock \
        private/core-extension-enterprise-server/yarn.lock \
        private/core-extension-license/yarn.lock \
        private/core-extension-securityreport/yarn.lock

gradle_cache_template: &GRADLE_CACHE_TEMPLATE
  gradle_cache:
    folder: "~/.gradle/caches"
    fingerprint_script: find -type f \( -name "*.gradle*" -or -name "gradle*.properties" \) | sort | xargs cat

jar_cache_template: &JAR_CACHE_TEMPLATE
  jar_cache:
    folder: "**/build/libs/*.jar"
    fingerprint_key: jar-cache_$CIRRUS_BUILD_ID

eslint_report_cache_template: &ESLINT_REPORT_CACHE_TEMPLATE
  eslint_report_cache:
    folders:
      - server/sonar-web/eslint-report/
      - server/sonar-web/design-system/eslint-report/
      - private/core-extension-securityreport/eslint-report/
      - private/core-extension-license/eslint-report/
      - private/core-extension-enterprise-server/eslint-report/
      - private/core-extension-developer-server/eslint-report/
    fingerprint_script: echo $CIRRUS_BUILD_ID

jest_report_cache_template: &JEST_REPORT_CACHE_TEMPLATE
  jest_report_cache:
    folders:
      - server/sonar-web/coverage/
      - server/sonar-web/design-system/coverage/
      - private/core-extension-securityreport/coverage/
      - private/core-extension-license/coverage/
      - private/core-extension-enterprise-server/coverage/
      - private/core-extension-developer-server/coverage/
    fingerprint_script: echo $CIRRUS_BUILD_ID

junit_report_cache_template: &JUNIT_REPORT_CACHE_TEMPLATE
  junit_report_cache:
    folders:
      - "**/reports/jacoco"
      - "**/test-results/test"
    fingerprint_script: echo $CIRRUS_BUILD_ID

default_template: &DEFAULT_TEMPLATE
  <<: *SKIP_PUBLIC_BRANCHES_TEMPLATE
  clone_script: |
    git init
    git remote add origin https://x-access-token:${CIRRUS_REPO_CLONE_TOKEN}@github.com/${CIRRUS_REPO_FULL_NAME}.git
    git fetch origin $CIRRUS_CHANGE_IN_REPO $FETCH_DEPTH
    git reset --hard $CIRRUS_CHANGE_IN_REPO
  env:
    FETCH_DEPTH: --depth=1

cache_dependencies_task:
  <<: *DEFAULT_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  eks_container:
    <<: *CONTAINER_TEMPLATE
    cpu: 2
    memory: 4Gb
  script:
    - ./private/cirrus/cirrus-cache-dependencies.sh
  <<: *DEFAULT_ARTIFACTS_TEMPLATE

build_task:
  <<: *DEFAULT_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  <<: *YARN_CACHE_TEMPLATE
  <<: *JAR_CACHE_TEMPLATE
  <<: *CACHE_DEPENDENCIES_DEPENDANT_TASK_TEMPLATE
  eks_container:
    <<: *CONTAINER_TEMPLATE
    cpu: 7.5
    memory: 8Gb
  script:
    - ./private/cirrus/cirrus-build.sh
  <<: *DEFAULT_ARTIFACTS_TEMPLATE

publish_task:
  <<: *DEFAULT_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  <<: *BUILD_DEPENDANT_TASK_TEMPLATE
  eks_container:
    <<: *CONTAINER_TEMPLATE
    cpu: 4
    memory: 4Gb
  env:
    ORG_GRADLE_PROJECT_signingKey: VAULT[development/kv/data/sign data.key]
    ORG_GRADLE_PROJECT_signingPassword: VAULT[development/kv/data/sign data.passphrase]
    ORG_GRADLE_PROJECT_signingKeyId: VAULT[development/kv/data/sign data.key_id]
  script:
    - ./private/cirrus/cirrus-publish.sh

yarn_lint_task:
  <<: *DEFAULT_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  <<: *YARN_CACHE_TEMPLATE
  <<: *ESLINT_REPORT_CACHE_TEMPLATE
  <<: *CACHE_DEPENDENCIES_DEPENDANT_TASK_TEMPLATE
  eks_container:
    <<: *CONTAINER_TEMPLATE
    cpu: 3
    memory: 6Gb
  script:
    - ./private/cirrus/cirrus-yarn-lint-report.sh
  <<: *DEFAULT_ARTIFACTS_TEMPLATE

yarn_check_task:
  <<: *DEFAULT_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  <<: *YARN_CACHE_TEMPLATE
  <<: *CACHE_DEPENDENCIES_DEPENDANT_TASK_TEMPLATE
  eks_container:
    <<: *CONTAINER_TEMPLATE
    cpu: 3
    memory: 5Gb
  script: |
    ./private/cirrus/cirrus-env.sh YARN
    gradle yarn_check-ci --profile
  <<: *DEFAULT_ARTIFACTS_TEMPLATE

yarn_validate_task:
  <<: *DEFAULT_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  <<: *YARN_CACHE_TEMPLATE
  <<: *JEST_REPORT_CACHE_TEMPLATE
  <<: *CACHE_DEPENDENCIES_DEPENDANT_TASK_TEMPLATE
  eks_container:
    <<: *CONTAINER_TEMPLATE
    cpu: 7.5
    memory: 25Gb
  script:
    - ./private/cirrus/cirrus-yarn-validate-ci.sh
  <<: *DEFAULT_ARTIFACTS_TEMPLATE

junit_task:
  <<: *DEFAULT_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  <<: *JUNIT_REPORT_CACHE_TEMPLATE
  <<: *CACHE_DEPENDENCIES_DEPENDANT_TASK_TEMPLATE
  eks_container:
    <<: *CONTAINER_TEMPLATE
    cpu: 7.5
    memory: 10Gb
  script:
    - ./private/cirrus/cirrus-junit.sh
  <<: *DEFAULT_ARTIFACTS_TEMPLATE

sq_analysis_task:
  <<: *SKIP_PUBLIC_BRANCHES_TEMPLATE
  <<: *EXCEPT_ON_NIGHTLY_TASK_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  <<: *YARN_CACHE_TEMPLATE
  <<: *JEST_REPORT_CACHE_TEMPLATE
  <<: *ESLINT_REPORT_CACHE_TEMPLATE
  <<: *JUNIT_REPORT_CACHE_TEMPLATE
  depends_on:
    - yarn_validate
    - yarn_lint
    - junit
  eks_container:
    <<: *CONTAINER_TEMPLATE
    cpu: 7.5
    memory: 15Gb
  script:
    - ./private/cirrus/cirrus-sq-analysis.sh
  <<: *DEFAULT_ARTIFACTS_TEMPLATE

qa_task:
  <<: *DEFAULT_TEMPLATE
  <<: *BUILD_DEPENDANT_TASK_TEMPLATE
  <<: *CACHE_DEPENDENCIES_DEPENDANT_TASK_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  <<: *JAR_CACHE_TEMPLATE
  eks_container:
    <<: *CONTAINER_TEMPLATE
    cpu: 3
    memory: 7Gb
    additional_containers:
      - <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
  name: QA $QA_CATEGORY
  alias: qa
  env:
    matrix:
      # QA name should not exceed 13 characters to be properly reported on wallboard by burgr
      # QA name cannot contain "_"
      - QA_CATEGORY: Cat1
      - QA_CATEGORY: Cat2
      - QA_CATEGORY: Cat3
      - QA_CATEGORY: Cat4
      - QA_CATEGORY: Cat5
      - QA_CATEGORY: Cat6
      - QA_CATEGORY: Analysis
      - QA_CATEGORY: Authorization
      - QA_CATEGORY: Auth
      - QA_CATEGORY: Branch1
      - QA_CATEGORY: Branch2
      - QA_CATEGORY: CE1
      - QA_CATEGORY: CE2
      - QA_CATEGORY: ComputeEngine
      - QA_CATEGORY: DE1
      - QA_CATEGORY: DE2
      - QA_CATEGORY: EE1
      - QA_CATEGORY: EE2
      - QA_CATEGORY: Issues1
      - QA_CATEGORY: Issues2
      - QA_CATEGORY: License1
      - QA_CATEGORY: License2
      - QA_CATEGORY: Plugins
      - QA_CATEGORY: Project
      - QA_CATEGORY: QP
      - QA_CATEGORY: Upgrade
  script:
    - ./private/cirrus/cirrus-qa.sh postgres
  <<: *DEFAULT_ARTIFACTS_TEMPLATE

task: #bitbucket
  <<: *DEFAULT_TEMPLATE
  <<: *BUILD_DEPENDANT_TASK_TEMPLATE
  <<: *JAR_CACHE_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  <<: *BITBUCKET_SERVER_TASK_TEMPLATE
  eks_container:
    <<: *CONTAINER_TEMPLATE
    cpu: 3
    memory: 10Gb
    additional_containers:
      - <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
  maven_cache:
    folder: ~/.m2
  env:
    QA_CATEGORY: BITBUCKET
  matrix:
    - name: qa_bb_5.15.0
      bitbucket_background_script: ./private/cirrus/cirrus-start-bitbucket.sh 5.15.0
    - name: qa_bb_latest
      bitbucket_background_script: ./private/cirrus/cirrus-start-bitbucket.sh LATEST
  wait_for_bitbucket_to_boot_script: secs=3600; endTime=$(( $(date +%s) + secs )); while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:7990/bitbucket/status)" != "200" ]] || [ $(date +%s) -gt $endTime ]; do sleep 5; done
  script:
    - ./private/cirrus/cirrus-qa.sh postgres
  <<: *DEFAULT_ARTIFACTS_TEMPLATE

qa_bb_cloud_task:
  <<: *DEFAULT_TEMPLATE
  <<: *BUILD_DEPENDANT_TASK_TEMPLATE
  <<: *JAR_CACHE_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  <<: *BITBUCKET_CLOUD_TASK_TEMPLATE
  eks_container:
    <<: *CONTAINER_TEMPLATE
    cpu: 2.4
    memory: 7Gb
  env:
    QA_CATEGORY: BITBUCKET_CLOUD
    BBC_CLIENT_ID: VAULT[development/team/sonarqube/kv/data/bitbucket-cloud data.client_id]
    BBC_CLIENT_SECRET: VAULT[development/team/sonarqube/kv/data/bitbucket-cloud data.client_secret]
    BBC_USERNAME: VAULT[development/kv/data/bitbucket/sonarqube-its data.username]
    BBC_READ_REPOS_APP_PASSWORD: VAULT[development/kv/data/bitbucket/sonarqube-its data.password]
  script:
    - ./private/cirrus/cirrus-qa.sh h2
  <<: *DEFAULT_ARTIFACTS_TEMPLATE

qa_ha_task:
  <<: *DEFAULT_TEMPLATE
  <<: *BUILD_DEPENDANT_TASK_TEMPLATE
  <<: *MASTER_OR_NIGHTLY_OR_MAINTENANCE_TASK_TEMPLATE
  <<: *JAR_CACHE_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  eks_container:
    <<: *CONTAINER_TEMPLATE
    cpu: 2.4
    memory: 10Gb
    additional_containers:
      - <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
    <<: *T2XLARGE_NODE_SELECTOR
  env:
    QA_CATEGORY: HA
  script:
    - ./private/cirrus/cirrus-qa.sh postgres
  <<: *DEFAULT_ARTIFACTS_TEMPLATE

qa_performance_task:
  <<: *DEFAULT_TEMPLATE
  <<: *BUILD_DEPENDANT_TASK_TEMPLATE
  <<: *MASTER_AND_NIGHTLY_TASK_TEMPLATE
  <<: *JAR_CACHE_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  eks_container:
    <<: *CONTAINER_TEMPLATE
    cpu: 2.4
    memory: 10Gb
    additional_containers:
      - <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
  env:
    QA_CATEGORY: AnalysisPerformance
  script:
    - ./private/cirrus/cirrus-qa.sh postgres
  <<: *DEFAULT_ARTIFACTS_TEMPLATE

# GitLab QA is executed in a dedicated task in order to not slow down the pipeline, as a GitLab on-prem server docker image is required.
qa_gitlab_task:
  <<: *DEFAULT_TEMPLATE
  <<: *BUILD_DEPENDANT_TASK_TEMPLATE
  <<: *JAR_CACHE_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  <<: *GITLAB_TASK_TEMPLATE
  depends_on:
    - build
  env:
    QA_CATEGORY: GITLAB
  matrix:
    - name: qa_gitlab_latest
      env:
        - GITLAB_VERSION: latest
    - name: qa_gitlab_oldest
      env:
        - GITLAB_VERSION: 15.6.2-ce.0
  eks_container:
    <<: *CONTAINER_TEMPLATE
    cpu: 2.4
    memory: 7Gb
    use_in_memory_disk: true
    additional_containers:
      - name: gitlab
        ports:
          - 80
          - 443
        cpu: 2
        memory: 8Gb
        image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/gitlab:${GITLAB_VERSION}
        env:
          - GITLAB_POST_RECONFIGURE_SCRIPT: |-
              { cat >/tmp/setup.rb <<-'EOF'
                token = User.find_by_username('root').personal_access_tokens.create(scopes: [:api], name: 'token');
                token.set_token('token-here-456');
                token.expires_at = Date.today+10.day
                token.save!;
                token_read = User.find_by_username('root').personal_access_tokens.create(scopes: [:read_user], name: 'token_read');
                token_read.set_token('token-read-123');
                token_read.expires_at = Date.today+10.day
                token_read.save!;
                user = User.find_by_username('root');
                user.password = 'eng-YTU1ydh6kyt7tjd';
                user.password_confirmation = 'eng-YTU1ydh6kyt7tjd';
                user.save!;
              EOF
              } && gitlab-rails runner /tmp/setup.rb && \
              echo 'from_file "/etc/gitlab/external_gitlab.rb"' >> /etc/gitlab/gitlab.rb && \
              gitlab-ctl reconfigure
  script:
    - ./private/cirrus/cirrus-qa.sh h2
  <<: *DEFAULT_ARTIFACTS_TEMPLATE

qa_gitlab_cloud_task:
  <<: *DEFAULT_TEMPLATE
  <<: *BUILD_DEPENDANT_TASK_TEMPLATE
  <<: *JAR_CACHE_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  <<: *GITLAB_TASK_TEMPLATE
  eks_container:
    <<: *CONTAINER_TEMPLATE
    cpu: 2.4
    memory: 7Gb
    use_in_memory_disk: true
  env:
    QA_CATEGORY: GITLAB_CLOUD
    GITLAB_API_TOKEN: VAULT[development/team/sonarqube/kv/data/gitlab-cloud data.api_token]
    GITLAB_READ_ONLY_TOKEN: VAULT[development/team/sonarqube/kv/data/gitlab-cloud data.api_token_ro]
    GITLAB_ADMIN_USERNAME: VAULT[development/team/sonarqube/kv/data/gitlab-cloud data.username]
    GITLAB_ADMIN_PASSWORD: VAULT[development/team/sonarqube/kv/data/gitlab-cloud data.password]
  script:
    - ./private/cirrus/cirrus-qa.sh h2
  <<: *DEFAULT_ARTIFACTS_TEMPLATE

# Azure QA is executed in a dedicated task in order to not slow down the pipeline.
qa_azure_task:
  <<: *DEFAULT_TEMPLATE
  <<: *BUILD_DEPENDANT_TASK_TEMPLATE
  <<: *JAR_CACHE_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  <<: *AZURE_TASK_TEMPLATE
  eks_container:
    <<: *CONTAINER_TEMPLATE
    cpu: 2.4
    memory: 7Gb
  env:
    QA_CATEGORY: AZURE
    AZURE_USERNAME_LOGIN: VAULT[development/team/sonarqube/kv/data/azure-instance data.username]
    AZURE_CODE_READ_AND_WRITE_TOKEN: VAULT[development/team/sonarqube/kv/data/azure-instance data.token_code_read_write]
    AZURE_FULL_ACCESS_TOKEN: VAULT[development/team/sonarqube/kv/data/azure-instance data.token_full_access]
  script:
    - ./private/cirrus/cirrus-qa.sh h2
  <<: *DEFAULT_ARTIFACTS_TEMPLATE

qa_github_task:
  <<: *DEFAULT_TEMPLATE
  <<: *BUILD_DEPENDANT_TASK_TEMPLATE
  <<: *GITHUB_TASK_TEMPLATE
  <<: *JAR_CACHE_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  eks_container:
    <<: *CONTAINER_TEMPLATE
    cpu: 4
    memory: 7Gb
  env:
    QA_CATEGORY: GITHUB
    GITHUB_COM_CODE_SCANNING_ALERTS_TECHNICAL_USER_USERNAME: QA-task
    GITHUB_COM_CODE_SCANNING_ALERTS_TECHNICAL_USER_TOKEN: VAULT[development/github/token/SonarSource-sonar-enterprise-code-scanning token]
  script:
    - ./private/cirrus/cirrus-qa.sh h2
  <<: *DEFAULT_ARTIFACTS_TEMPLATE

qa_github_provisioning_task:
  <<: *DEFAULT_TEMPLATE
  <<: *BUILD_DEPENDANT_TASK_TEMPLATE
  <<: *GITHUB_TASK_TEMPLATE
  <<: *JAR_CACHE_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  eks_container:
    <<: *CONTAINER_TEMPLATE
    cpu: 4
    memory: 7Gb
  env:
    QA_CATEGORY: GITHUB_PROVISIONING
  script:
    - ./private/cirrus/cirrus-qa.sh h2
  <<: *DEFAULT_ARTIFACTS_TEMPLATE

# SAML QA is executed in a dedicated task in order to not slow down the pipeline, as a Keycloak server docker image is required.
qa_saml_task:
  <<: *DEFAULT_TEMPLATE
  <<: *BUILD_DEPENDANT_TASK_TEMPLATE
  <<: *SAML_TASK_TEMPLATE
  <<: *JAR_CACHE_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  eks_container:
    <<: *CONTAINER_TEMPLATE
    cpu: 2.4
    memory: 10Gb
    additional_containers:
      - name: keycloak
        image: quay.io/keycloak/keycloak:22.0.1
        port: 8080
        cpu: 1
        memory: 1Gb
        command: "/opt/keycloak/bin/kc.sh start-dev --http-relative-path /auth"
        env:
          KEYCLOAK_ADMIN: admin
          KEYCLOAK_ADMIN_PASSWORD: admin
  env:
    QA_CATEGORY: SAML
  script:
    - ./private/cirrus/cirrus-qa.sh h2
  <<: *DEFAULT_ARTIFACTS_TEMPLATE

# LDAP QA is executed in a dedicated task in order to not slow down the pipeline, as a LDAP server and SonarQube server are re-started on each test.
qa_ldap_task:
  <<: *DEFAULT_TEMPLATE
  <<: *BUILD_DEPENDANT_TASK_TEMPLATE
  <<: *LDAP_TASK_TEMPLATE
  <<: *JAR_CACHE_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  eks_container:
    <<: *CONTAINER_TEMPLATE
    cpu: 2.4
    memory: 10Gb
  env:
    QA_CATEGORY: LDAP
  script:
    - ./private/cirrus/cirrus-qa.sh h2
  <<: *DEFAULT_ARTIFACTS_TEMPLATE

promote_task:
  <<: *DEFAULT_TEMPLATE
  <<: *EXCEPT_ON_NIGHTLY_TASK_TEMPLATE
  depends_on:
    - build
    - sq_analysis
    - qa
    - qa_saml
    - qa_ldap
    - publish
  eks_container:
    <<: *CONTAINER_TEMPLATE
    memory: 512M
  stateful: true
  script:
    - ./private/cirrus/cirrus-promote.sh

package_docker_task:
  <<: *DEFAULT_TEMPLATE
  depends_on: promote
  only_if: $CIRRUS_BRANCH == $BRANCH_MAIN
  ec2_instance:
    <<: *VM_TEMPLATE
  clone_script: |
    git clone --recursive --branch=$CIRRUS_BRANCH https://x-access-token:${CIRRUS_REPO_CLONE_TOKEN}@github.com/${CIRRUS_REPO_FULL_NAME}.git $CIRRUS_WORKING_DIR --depth=1
    git fetch origin $CIRRUS_CHANGE_IN_REPO --depth=1
    git reset --hard $CIRRUS_CHANGE_IN_REPO
  install_tooling_script:
    - ./private/cirrus/cirrus-tooling-for-package-docker.sh
  package_script:
    - ./private/cirrus/cirrus-package-docker.sh

sql_mssql_task:
  <<: *DEFAULT_TEMPLATE
  <<: *BUILD_DEPENDANT_TASK_TEMPLATE
  <<: *DATABASE_RELATED_TASK_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  eks_container:
    <<: *CONTAINER_TEMPLATE
    memory: 5Gb
    additional_containers:
      - name: mssql
        image: mcr.microsoft.com/mssql/server:2019-GA-ubuntu-16.04
        port: 1433
        cpu: 2
        memory: 5Gb
        env:
          MSSQL_PID: Developer # this is the default edition
          ACCEPT_EULA: Y
          SA_PASSWORD: sonarqube!1
  script:
    - ./private/cirrus/cirrus-db-unit-test.sh mssql
  <<: *DEFAULT_ARTIFACTS_TEMPLATE

sql_postgres_task:
  <<: *DEFAULT_TEMPLATE
  <<: *BUILD_DEPENDANT_TASK_TEMPLATE
  <<: *DATABASE_RELATED_TASK_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  eks_container:
    <<: *CONTAINER_TEMPLATE
    memory: 5Gb
    additional_containers:
      - <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
  script:
    - ./private/cirrus/cirrus-db-unit-test.sh postgres
  <<: *DEFAULT_ARTIFACTS_TEMPLATE

# this is the oldest compatible version of PostgreSQL
sql_postgres11_task:
  <<: *DEFAULT_TEMPLATE
  <<: *BUILD_DEPENDANT_TASK_TEMPLATE
  <<: *DATABASE_RELATED_TASK_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  eks_container:
    <<: *CONTAINER_TEMPLATE
    memory: 5Gb
    additional_containers:
      - <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
        image: public.ecr.aws/docker/library/postgres:11
  script:
    - ./private/cirrus/cirrus-db-unit-test.sh postgres
  <<: *DEFAULT_ARTIFACTS_TEMPLATE

sql_oracle21_task:
  <<: *DEFAULT_TEMPLATE
  <<: *BUILD_DEPENDANT_TASK_TEMPLATE
  <<: *DATABASE_RELATED_TASK_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  eks_container:
    <<: *CONTAINER_TEMPLATE
    memory: 5Gb
    additional_containers:
      - <<: *ORACLE_ADDITIONAL_CONTAINER_TEMPLATE
  script:
    - ./private/cirrus/cirrus-db-unit-test.sh oracle21
  <<: *DEFAULT_ARTIFACTS_TEMPLATE

upgd_mssql_task:
  <<: *DEFAULT_TEMPLATE
  <<: *BUILD_DEPENDANT_TASK_TEMPLATE
  <<: *DATABASE_RELATED_TASK_TEMPLATE
  <<: *JAR_CACHE_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  eks_container:
    <<: *CONTAINER_TEMPLATE
    cpu: 1.5
    memory: 6Gb
    additional_containers:
      - name: mssql
        image: mcr.microsoft.com/mssql/server:2022-latest
        port: 1433
        cpu: 2
        memory: 5Gb
        env:
          MSSQL_PID: Developer # this is the default edition
          ACCEPT_EULA: Y
          SA_PASSWORD: sonarqube!1
  env:
    QA_CATEGORY: Upgrade
  script:
    - ./private/cirrus/cirrus-qa.sh mssql
  <<: *DEFAULT_ARTIFACTS_TEMPLATE

upgd_oracle21_task:
  <<: *DEFAULT_TEMPLATE
  <<: *BUILD_DEPENDANT_TASK_TEMPLATE
  <<: *DATABASE_RELATED_TASK_TEMPLATE
  <<: *JAR_CACHE_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  eks_container:
    <<: *CONTAINER_TEMPLATE
    cpu: 1.5
    memory: 6Gb
    additional_containers:
      - <<: *ORACLE_ADDITIONAL_CONTAINER_TEMPLATE
  env:
    QA_CATEGORY: Upgrade
  script:
    - ./private/cirrus/cirrus-qa.sh oracle21
  <<: *DEFAULT_ARTIFACTS_TEMPLATE

mend_scan_task:
  <<: *DEFAULT_TEMPLATE
  <<: *BUILD_DEPENDANT_TASK_TEMPLATE
  <<: *MASTER_OR_NIGHTLY_OR_MAINTENANCE_TASK_TEMPLATE
  <<: *YARN_CACHE_TEMPLATE
  <<: *GRADLE_CACHE_TEMPLATE
  timeout_in: 30m
  eks_container:
    <<: *CONTAINER_TEMPLATE
    cpu: 2
    memory: 4Gb
  env:
    WS_APIKEY: VAULT[development/kv/data/mend data.apikey]
    WS_WSS_URL: VAULT[development/kv/data/mend data.url]
    WS_USERKEY: VAULT[development/kv/data/mend data.userKey]
    SLACK_WEBHOOK_SQ: VAULT[development/kv/data/slack data.webhook]
  mend_script:
    - ./private/cirrus/cirrus-mend-scan.sh
  allow_failures: "true"
  on_failure:
    slack_notification_script:
      - ./private/cirrus/cirrus-mend-notifications.sh
  always:
    ws_artifacts:
      path: "whitesource/**/*"