mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
33494 Commits
59 Branches
Tree: 9.9.2.7773
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9.9.2.7773'
${ noResults }
sonarqube/.cirrus.yml

.cirrus.yml 23KB
Raw Permalink Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712 
  1. env:

  2.   GRADLE_OPTS: -Dorg.gradle.jvmargs="-XX:+PrintFlagsFinal -XshowSettings:vm -XX:+HeapDumpOnOutOfMemoryError -XX:+UnlockExperimentalVMOptions -Djava.security.egd=file:/dev/./urandom -Dfile.encoding=UTF8 -Duser.language=en -Duser.country=US"

  3.   # to be replaced by other credentials

  4.   ARTIFACTORY_PRIVATE_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader

  5.   ARTIFACTORY_PRIVATE_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]

  6.   ARTIFACTORY_DEPLOY_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer

  7.   ARTIFACTORY_DEPLOY_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token]

  8.   ARTIFACTORY_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]

  9.   ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token]

  10.   # download licenses for testing commercial editions

  11.   GITHUB_TOKEN: VAULT[development/github/token/licenses-ro token]

  12.   # notifications to burgr

  13.   BURGR_URL: VAULT[development/kv/data/burgr data.url]

  14.   BURGR_USERNAME: VAULT[development/kv/data/burgr data.cirrus_username]

  15.   BURGR_PASSWORD: VAULT[development/kv/data/burgr data.cirrus_password]

  16.   # analysis on next.sonarqube.com

  17.   SONARQUBE_NEXT_TOKEN: VAULT[development/kv/data/next data.token]

  18.   # to trigger docs deployment

  19.   ELASTIC_PWD: VAULT[development/team/sonarqube/kv/data/elasticsearch-cloud data.password]

  20.   CIRRUS_LOG_TIMESTAMP: true

  21.   BRANCH_MAIN: 'master'

  22.   BRANCH_PATTERN_MAINTENANCE: 'branch-.*'

  23.   BRANCH_PATTERN_PUBLIC: 'public_.*'

  24.   NIGHTLY_99_CRON: '9-9-lts-nightly'

  25. 

  26. auto_cancellation: $CIRRUS_BRANCH != $BRANCH_MAIN && $CIRRUS_BRANCH !=~ $BRANCH_PATTERN_MAINTENANCE

  27. 

  28. skip_public_branches_template: &SKIP_PUBLIC_BRANCHES_TEMPLATE

  29.   skip: $CIRRUS_BRANCH =~ $BRANCH_PATTERN_PUBLIC

  30. 

  31. build_dependant_task_template: &BUILD_DEPENDANT_TASK_TEMPLATE

  32.   depends_on: build

  33. 

  34. nightly_task_template: &NIGHTLY_TASK_TEMPLATE

  35.   only_if: $CIRRUS_CRON == $NIGHTLY_99_CRON

  36. 

  37. master_or_nightly_or_maintenance_task_template: &MASTER_OR_NIGHTLY_OR_MAINTENANCE_TASK_TEMPLATE

  38.     only_if: $CIRRUS_BRANCH == $BRANCH_NIGHTLY || $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE

  39. 

  40. except_nightly_task_template: &EXCEPT_ON_NIGHTLY_TASK_TEMPLATE

  41.   only_if: $CIRRUS_CRON != $NIGHTLY_99_CRON

  42. 

  43. database_related_task_template: &DATABASE_RELATED_TASK_TEMPLATE

  44.   only_if: >-

  45.     $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY ||

  46.     changesInclude('server/sonar-db-dao/**/*Mapper.xml', 'server/sonar-db-migration/**/DbVersion*.java', 'server/sonar-db-dao/**/*Dao.java', 'server/sonar-db-core/src/main/java/org/sonar/db/*.java')

  47. 

  48. saml_task_template: &SAML_TASK_TEMPLATE

  49.   only_if: >-

  50.     $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY ||

  51.     changesInclude('server/sonar-auth-saml/src/main/java/**/*.java', 'server/sonar-auth-saml/src/main/resources/**/*', 'server/sonar-db-dao/src/main/**/SAML*.java', 'private/it-core/src/test/java/org/sonarqube/tests/saml/*.java', 'server/sonar-webserver-webapi/src/main/java/org/sonar/server/saml/**/*.java')

  52. 

  53. ldap_task_template: &LDAP_TASK_TEMPLATE

  54.   only_if: >-

  55.     $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY ||

  56.     changesInclude('server/sonar-auth-ldap/src/main/java/**/*.java', 'server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/LdapCredentialsAuthentication.java', 'private/it-core/src/test/java/org/sonarqube/tests/ldap/*.java')

  57. 

  58. github_task_template: &GITHUB_TASK_TEMPLATE

  59.   only_if: >-

  60.     $CIRRUS_BRANCH == $BRANCH_MAIN || $CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE || $CIRRUS_BRANCH == $BRANCH_NIGHTLY ||

  61.     changesInclude('private/core-extension-developer-server/src/main/java/com/sonarsource/branch/pr/github/*.java', 'private/it-branch/it-tests/src/test/java/com/sonarsource/branch/it/suite/pr/github/*.java')

  62. 

  63. docker_build_container_template: &CONTAINER_TEMPLATE

  64.   region: eu-central-1

  65.   cluster_name: ${CIRRUS_CLUSTER_NAME}

  66.   namespace: default

  67.   builder_subnet_id: ${CIRRUS_AWS_SUBNET}

  68.   builder_role: cirrus-builder

  69.   builder_image: docker-builder-v*

  70.   builder_instance_type: t2.small

  71.   dockerfile: private/docker/Dockerfile-build

  72.   docker_arguments:

  73.     CIRRUS_AWS_ACCOUNT: ${CIRRUS_AWS_ACCOUNT}

  74.   cpu: 1

  75.   memory: 2Gb

  76. 

  77. vm_instance_template: &VM_TEMPLATE

  78.   experimental: true # see https://github.com/cirruslabs/cirrus-ci-docs/issues/1051

  79.   image: docker-builder-v*

  80.   type: t2.small

  81.   region: eu-central-1

  82.   subnet_id: ${CIRRUS_AWS_SUBNET}

  83.   disk: 10

  84.   cpu: 4

  85.   memory: 8G

  86. 

  87. oracle_additional_container_template: &ORACLE_ADDITIONAL_CONTAINER_TEMPLATE

  88.   name: oracle

  89.   image: gvenzl/oracle-xe:21-faststart

  90.   port: 1521

  91.   cpu: 2

  92.   memory: 5Gb

  93.   env:

  94.     ORACLE_PASSWORD: sonarqube

  95.     APP_USER: sonarqube

  96.     APP_USER_PASSWORD: sonarqube

  97. 

  98. postgres_additional_container_template: &POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE

  99.   name: postgres

  100.   image: public.ecr.aws/docker/library/postgres:15

  101.   port: 5432

  102.   cpu: 1

  103.   memory: 1Gb

  104.   env:

  105.     POSTGRES_USER: postgres

  106.     POSTGRES_PASSWORD: postgres

  107. 

  108. default_artifact_template: &DEFAULT_ARTIFACTS_TEMPLATE

  109.   on_failure:

  110.     jest_junit_cleanup_script: >

  111.       find . -type f -wholename "**/build/test-results/test-jest/junit.xml" -exec

  112.       xmlstarlet edit --inplace --delete '//testsuite[@errors=0 and @failures=0]' {} \;

  113.     junit_artifacts:

  114.       path: "**/build/test-results/**/*.xml"

  115.       type: "text/xml"

  116.       format: junit

  117.     reports_artifacts:

  118.       path: "**/build/reports/**/*"

  119.     screenshots_artifacts:

  120.       path: "**/build/screenshots/**/*"

  121.   always:

  122.     profile_artifacts:

  123.       path: "**/build/reports/profile/**/*"

  124. 

  125. yarn_cache_template: &YARN_CACHE_TEMPLATE

  126.   yarn_cache:

  127.     folder: "~/.yarn/berry/cache"

  128.     fingerprint_script: |

  129.       cat \

  130.         server/sonar-web/yarn.lock \

  131.         private/core-extension-developer-server/yarn.lock \

  132.         private/core-extension-enterprise-server/yarn.lock \

  133.         private/core-extension-license/yarn.lock \

  134.         private/core-extension-securityreport/yarn.lock

  135. 

  136. gradle_cache_template: &GRADLE_CACHE_TEMPLATE

  137.   gradle_cache:

  138.     folder: "~/.gradle/caches"

  139.     fingerprint_script: find -type f \( -name "*.gradle*" -or -name "gradle*.properties" \) -exec cat {} +

  140. 

  141. jar_cache_template: &JAR_CACHE_TEMPLATE

  142.   jar_cache:

  143.     folder: "**/build/libs/*.jar"

  144.     fingerprint_key: jar-cache_$CIRRUS_BUILD_ID

  145. 

  146. eslint_report_cache_template: &ESLINT_REPORT_CACHE_TEMPLATE

  147.   eslint_report_cache:

  148.     folders:

  149.       - server/sonar-web/eslint-report/

  150.       - private/core-extension-securityreport/eslint-report/

  151.       - private/core-extension-license/eslint-report/

  152.       - private/core-extension-enterprise-server/eslint-report/

  153.       - private/core-extension-developer-server/eslint-report/

  154.     fingerprint_script: echo $CIRRUS_BUILD_ID

  155. 

  156. jest_report_cache_template: &JEST_REPORT_CACHE_TEMPLATE

  157.   jest_report_cache:

  158.     folders:

  159.       - server/sonar-web/coverage/

  160.       - private/core-extension-securityreport/coverage/

  161.       - private/core-extension-license/coverage/

  162.       - private/core-extension-enterprise-server/coverage/

  163.       - private/core-extension-developer-server/coverage/

  164.     fingerprint_script: echo $CIRRUS_BUILD_ID

  165. 

  166. junit_report_cache_template: &JUNIT_REPORT_CACHE_TEMPLATE

  167.   junit_report_cache:

  168.     folders:

  169.       - "**/reports/jacoco"

  170.       - "**/test-results/test"

  171.     fingerprint_script: echo $CIRRUS_BUILD_ID

  172. 

  173. default_template: &DEFAULT_TEMPLATE

  174.   <<: *SKIP_PUBLIC_BRANCHES_TEMPLATE

  175.   clone_script: |

  176.     git init

  177.     git remote add origin https://x-access-token:${CIRRUS_REPO_CLONE_TOKEN}@github.com/${CIRRUS_REPO_FULL_NAME}.git

  178.     git fetch origin $CIRRUS_CHANGE_IN_REPO $FETCH_DEPTH

  179.     git reset --hard $CIRRUS_CHANGE_IN_REPO

  180.   env:

  181.     FETCH_DEPTH: --depth=1

  182. 

  183. build_task:

  184.   <<: *DEFAULT_TEMPLATE

  185.   <<: *GRADLE_CACHE_TEMPLATE

  186.   <<: *YARN_CACHE_TEMPLATE

  187.   <<: *JAR_CACHE_TEMPLATE

  188.   eks_container:

  189.     <<: *CONTAINER_TEMPLATE

  190.     cpu: 7.5

  191.     memory: 8Gb

  192.   elasticsearch_distribution_cache:

  193.     folder: sonar-application/build/elasticsearch-**.tar.gz

  194.   script:

  195.     - ./private/cirrus/cirrus-build.sh

  196.   <<: *DEFAULT_ARTIFACTS_TEMPLATE

  197. 

  198. publish_task:

  199.   <<: *DEFAULT_TEMPLATE

  200.   <<: *GRADLE_CACHE_TEMPLATE

  201.   <<: *BUILD_DEPENDANT_TASK_TEMPLATE

  202.   eks_container:

  203.     <<: *CONTAINER_TEMPLATE

  204.     cpu: 4

  205.     memory: 4Gb

  206.   env:

  207.     ORG_GRADLE_PROJECT_signingKey: VAULT[development/kv/data/sign data.key]

  208.     ORG_GRADLE_PROJECT_signingPassword: VAULT[development/kv/data/sign data.passphrase]

  209.     ORG_GRADLE_PROJECT_signingKeyId: VAULT[development/kv/data/sign data.key_id]

  210.   script:

  211.     - ./private/cirrus/cirrus-publish.sh

  212. 

  213. yarn_lint_task:

  214.   <<: *DEFAULT_TEMPLATE

  215.   <<: *GRADLE_CACHE_TEMPLATE

  216.   <<: *YARN_CACHE_TEMPLATE

  217.   <<: *ESLINT_REPORT_CACHE_TEMPLATE

  218.   eks_container:

  219.     <<: *CONTAINER_TEMPLATE

  220.     cpu: 3

  221.     memory: 6Gb

  222.   script:

  223.     - ./private/cirrus/cirrus-yarn-lint-report.sh

  224.   <<: *DEFAULT_ARTIFACTS_TEMPLATE

  225. 

  226. yarn_check_task:

  227.   <<: *DEFAULT_TEMPLATE

  228.   <<: *GRADLE_CACHE_TEMPLATE

  229.   <<: *YARN_CACHE_TEMPLATE

  230.   eks_container:

  231.     <<: *CONTAINER_TEMPLATE

  232.     cpu: 3

  233.     memory: 4Gb

  234.   script: |

  235.     ./private/cirrus/cirrus-env.sh YARN

  236.     gradle yarn_check-ci --profile

  237.   <<: *DEFAULT_ARTIFACTS_TEMPLATE

  238. 

  239. yarn_validate_task:

  240.   <<: *DEFAULT_TEMPLATE

  241.   <<: *GRADLE_CACHE_TEMPLATE

  242.   <<: *YARN_CACHE_TEMPLATE

  243.   <<: *JEST_REPORT_CACHE_TEMPLATE

  244.   eks_container:

  245.     <<: *CONTAINER_TEMPLATE

  246.     cpu: 7.5

  247.     memory: 20Gb

  248.   script:

  249.     - ./private/cirrus/cirrus-yarn-validate-ci.sh

  250.   <<: *DEFAULT_ARTIFACTS_TEMPLATE

  251. 

  252. junit_task:

  253.   <<: *DEFAULT_TEMPLATE

  254.   <<: *GRADLE_CACHE_TEMPLATE

  255.   <<: *JUNIT_REPORT_CACHE_TEMPLATE

  256.   eks_container:

  257.     <<: *CONTAINER_TEMPLATE

  258.     cpu: 7.5

  259.     memory: 10Gb

  260.   script:

  261.     - ./private/cirrus/cirrus-junit.sh

  262.   <<: *DEFAULT_ARTIFACTS_TEMPLATE

  263. 

  264. sq_analysis_task:

  265.   <<: *SKIP_PUBLIC_BRANCHES_TEMPLATE

  266.   <<: *EXCEPT_ON_NIGHTLY_TASK_TEMPLATE

  267.   <<: *GRADLE_CACHE_TEMPLATE

  268.   <<: *YARN_CACHE_TEMPLATE

  269.   <<: *JEST_REPORT_CACHE_TEMPLATE

  270.   <<: *ESLINT_REPORT_CACHE_TEMPLATE

  271.   <<: *JUNIT_REPORT_CACHE_TEMPLATE

  272.   depends_on:

  273.     - yarn_validate

  274.     - yarn_lint

  275.     - junit

  276.   eks_container:

  277.     <<: *CONTAINER_TEMPLATE

  278.     cpu: 7.5

  279.     memory: 15Gb

  280.   script:

  281.     - ./private/cirrus/cirrus-sq-analysis.sh

  282.   <<: *DEFAULT_ARTIFACTS_TEMPLATE

  283. 

  284. qa_task:

  285.   <<: *DEFAULT_TEMPLATE

  286.   <<: *BUILD_DEPENDANT_TASK_TEMPLATE

  287.   <<: *GRADLE_CACHE_TEMPLATE

  288.   <<: *JAR_CACHE_TEMPLATE

  289.   eks_container:

  290.     <<: *CONTAINER_TEMPLATE

  291.     cpu: 3

  292.     memory: 7Gb

  293.     additional_containers:

  294.       - <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE

  295.   env:

  296.     matrix:

  297.     # QA name should not exceed 13 characters to be properly reported on wallboard by burgr

  298.     # QA name cannot contain "_"

  299.       - QA_CATEGORY: Cat1

  300.       - QA_CATEGORY: Cat2

  301.       - QA_CATEGORY: Cat3

  302.       - QA_CATEGORY: Cat4

  303.       - QA_CATEGORY: Cat5

  304.       - QA_CATEGORY: Cat6

  305.       - QA_CATEGORY: Analysis

  306.       - QA_CATEGORY: Authorization

  307.       - QA_CATEGORY: Auth

  308.       - QA_CATEGORY: Branch1

  309.       - QA_CATEGORY: Branch2

  310.       - QA_CATEGORY: CE1

  311.       - QA_CATEGORY: CE2

  312.       - QA_CATEGORY: ComputeEngine

  313.       - QA_CATEGORY: DE1

  314.       - QA_CATEGORY: DE2

  315.       - QA_CATEGORY: EE1

  316.       - QA_CATEGORY: EE2

  317.       - QA_CATEGORY: Issues1

  318.       - QA_CATEGORY: Issues2

  319.       - QA_CATEGORY: License1

  320.       - QA_CATEGORY: License2

  321.       - QA_CATEGORY: Plugins

  322.       - QA_CATEGORY: Project

  323.       - QA_CATEGORY: QP

  324.       - QA_CATEGORY: Upgrade

  325.   script:

  326.     - ./private/cirrus/cirrus-qa.sh postgres

  327.   <<: *DEFAULT_ARTIFACTS_TEMPLATE

  328. 

  329. task: #bitbucket

  330.   <<: *DEFAULT_TEMPLATE

  331.   <<: *BUILD_DEPENDANT_TASK_TEMPLATE

  332.   <<: *JAR_CACHE_TEMPLATE

  333.   <<: *GRADLE_CACHE_TEMPLATE

  334.   eks_container:

  335.     <<: *CONTAINER_TEMPLATE

  336.     cpu: 3

  337.     memory: 10Gb

  338.     additional_containers:

  339.       - <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE

  340.   maven_cache:

  341.     folder: ~/.m2

  342.   env:

  343.     QA_CATEGORY: BITBUCKET

  344.   matrix:

  345.     - name: qa_bb_5.15.0

  346.       bitbucket_background_script: ./private/cirrus/cirrus-start-bitbucket.sh 5.15.0

  347.     - name: qa_bb_latest

  348.       bitbucket_background_script: ./private/cirrus/cirrus-start-bitbucket.sh LATEST

  349.   wait_for_bitbucket_to_boot_script: secs=3600; endTime=$(( $(date +%s) + secs )); while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:7990/bitbucket/status)" != "200" ]] || [ $(date +%s) -gt $endTime ]; do sleep 5; done

  350.   script:

  351.     - ./private/cirrus/cirrus-qa.sh postgres

  352.   <<: *DEFAULT_ARTIFACTS_TEMPLATE

  353. 

  354. qa_bb_cloud_task:

  355.   <<: *DEFAULT_TEMPLATE

  356.   <<: *BUILD_DEPENDANT_TASK_TEMPLATE

  357.   <<: *JAR_CACHE_TEMPLATE

  358.   <<: *GRADLE_CACHE_TEMPLATE

  359.   eks_container:

  360.     <<: *CONTAINER_TEMPLATE

  361.     cpu: 2.4

  362.     memory: 5Gb

  363.   env:

  364.     QA_CATEGORY: BITBUCKET_CLOUD

  365.     BBC_CLIENT_ID: VAULT[development/team/sonarqube/kv/data/bitbucket-cloud data.client_id]

  366.     BBC_CLIENT_SECRET: VAULT[development/team/sonarqube/kv/data/bitbucket-cloud data.client_secret]

  367.     BBC_USERNAME: VAULT[development/kv/data/bitbucket/sonarqube-its data.username]

  368.     BBC_READ_REPOS_APP_PASSWORD: VAULT[development/kv/data/bitbucket/sonarqube-its data.password]

  369.   script:

  370.     - ./private/cirrus/cirrus-qa.sh h2

  371.   <<: *DEFAULT_ARTIFACTS_TEMPLATE

  372. 

  373. qa_ha_task:

  374.   <<: *DEFAULT_TEMPLATE

  375.   <<: *BUILD_DEPENDANT_TASK_TEMPLATE

  376.   <<: *MASTER_OR_NIGHTLY_OR_MAINTENANCE_TASK_TEMPLATE

  377.   <<: *JAR_CACHE_TEMPLATE

  378.   <<: *GRADLE_CACHE_TEMPLATE

  379.   eks_container:

  380.     <<: *CONTAINER_TEMPLATE

  381.     cpu: 2.4

  382.     memory: 10Gb

  383.     additional_containers:

  384.       - <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE

  385.   env:

  386.     QA_CATEGORY: HA

  387.   script:

  388.     - ./private/cirrus/cirrus-qa.sh postgres

  389.   <<: *DEFAULT_ARTIFACTS_TEMPLATE

  390. 

  391. # GitLab QA is executed in a dedicated task in order to not slow down the pipeline, as a GitLab on-prem server docker image is required.

  392. qa_gitlab_task:

  393.   <<: *DEFAULT_TEMPLATE

  394.   <<: *JAR_CACHE_TEMPLATE

  395.   <<: *GRADLE_CACHE_TEMPLATE

  396.   depends_on:

  397.     - build

  398.   env:

  399.     QA_CATEGORY: GITLAB

  400.   matrix:

  401.     - name: qa_gitlab_latest

  402.       env:

  403.         - GITLAB_VERSION: latest

  404.     - name: qa_gitlab_oldest

  405.       env:

  406.         - GITLAB_VERSION: 15.6.2-ce.0

  407.   eks_container:

  408.     <<: *CONTAINER_TEMPLATE

  409.     cpu: 2.4

  410.     memory: 5Gb

  411.     use_in_memory_disk: true

  412.     additional_containers:

  413.       - name: gitlab

  414.         ports:

  415.           - 80

  416.           - 443

  417.         cpu: 2

  418.         memory: 8Gb

  419.         image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/gitlab:${GITLAB_VERSION}

  420.         env:

  421.           - GITLAB_POST_RECONFIGURE_SCRIPT: |-

  422.               { cat >/tmp/setup.rb <<-'EOF'

  423.                 token = User.find_by_username('root').personal_access_tokens.create(scopes: [:api], name: 'token');

  424.                 token.set_token('token-here-456');

  425.                 token.expires_at = Date.today+10.day

  426.                 token.save!;

  427.                 token_read = User.find_by_username('root').personal_access_tokens.create(scopes: [:read_user], name: 'token_read');

  428.                 token_read.set_token('token-read-123');

  429.                 token_read.expires_at = Date.today+10.day

  430.                 token_read.save!;

  431.                 user = User.find_by_username('root');

  432.                 user.password = 'eng-YTU1ydh6kyt7tjd';

  433.                 user.password_confirmation = 'eng-YTU1ydh6kyt7tjd';

  434.                 user.save!;

  435.               EOF

  436.               } && gitlab-rails runner /tmp/setup.rb && \

  437.               echo 'from_file "/etc/gitlab/external_gitlab.rb"' >> /etc/gitlab/gitlab.rb && \

  438.               gitlab-ctl reconfigure

  439.   script:

  440.     - ./private/cirrus/cirrus-qa.sh h2

  441.   <<: *DEFAULT_ARTIFACTS_TEMPLATE

  442. 

  443. qa_gitlab_cloud_task:

  444.   <<: *DEFAULT_TEMPLATE

  445.   <<: *BUILD_DEPENDANT_TASK_TEMPLATE

  446.   <<: *JAR_CACHE_TEMPLATE

  447.   <<: *GRADLE_CACHE_TEMPLATE

  448.   eks_container:

  449.     <<: *CONTAINER_TEMPLATE

  450.     cpu: 2.4

  451.     memory: 5Gb

  452.     use_in_memory_disk: true

  453.   env:

  454.     QA_CATEGORY: GITLAB_CLOUD

  455.     GITLAB_API_TOKEN: VAULT[development/team/sonarqube/kv/data/gitlab-cloud data.api_token]

  456.     GITLAB_READ_ONLY_TOKEN: VAULT[development/team/sonarqube/kv/data/gitlab-cloud data.api_token_ro]

  457.     GITLAB_ADMIN_USERNAME: VAULT[development/team/sonarqube/kv/data/gitlab-cloud data.username]

  458.     GITLAB_ADMIN_PASSWORD: VAULT[development/team/sonarqube/kv/data/gitlab-cloud data.password]

  459.   script:

  460.     - ./private/cirrus/cirrus-qa.sh h2

  461.   <<: *DEFAULT_ARTIFACTS_TEMPLATE

  462. 

  463. # Azure QA is executed in a dedicated task in order to not slow down the pipeline.

  464. qa_azure_task:

  465.   <<: *DEFAULT_TEMPLATE

  466.   <<: *BUILD_DEPENDANT_TASK_TEMPLATE

  467.   <<: *JAR_CACHE_TEMPLATE

  468.   <<: *GRADLE_CACHE_TEMPLATE

  469.   eks_container:

  470.     <<: *CONTAINER_TEMPLATE

  471.     cpu: 2.4

  472.     memory: 5Gb

  473.   env:

  474.     QA_CATEGORY: AZURE

  475.     AZURE_USERNAME_LOGIN: VAULT[development/team/sonarqube/kv/data/azure-instance data.username]

  476.     AZURE_CODE_READ_AND_WRITE_TOKEN: VAULT[development/team/sonarqube/kv/data/azure-instance data.token_code_read_write]

  477.     AZURE_FULL_ACCESS_TOKEN: VAULT[development/team/sonarqube/kv/data/azure-instance data.token_full_access]

  478.   script:

  479.     - ./private/cirrus/cirrus-qa.sh h2

  480.   <<: *DEFAULT_ARTIFACTS_TEMPLATE

  481. 

  482. qa_github_task:

  483.   <<: *DEFAULT_TEMPLATE

  484.   <<: *BUILD_DEPENDANT_TASK_TEMPLATE

  485.   <<: *GITHUB_TASK_TEMPLATE

  486.   <<: *JAR_CACHE_TEMPLATE

  487.   <<: *GRADLE_CACHE_TEMPLATE

  488.   eks_container:

  489.     <<: *CONTAINER_TEMPLATE

  490.     cpu: 2.4

  491.     memory: 5Gb

  492.   env:

  493.     QA_CATEGORY: GITHUB

  494.     GITHUB_COM_CODE_SCANNING_ALERTS_TECHNICAL_USER_USERNAME: QA-task

  495.     GITHUB_COM_CODE_SCANNING_ALERTS_TECHNICAL_USER_TOKEN: VAULT[development/github/token/SonarSource-sonar-enterprise-code-scanning token]

  496.   script:

  497.     - ./private/cirrus/cirrus-qa.sh h2

  498.   <<: *DEFAULT_ARTIFACTS_TEMPLATE

  499. 

  500. # SAML QA is executed in a dedicated task in order to not slow down the pipeline, as a Keycloak server docker image is required.

  501. qa_saml_task:

  502.   <<: *DEFAULT_TEMPLATE

  503.   <<: *BUILD_DEPENDANT_TASK_TEMPLATE

  504.   <<: *SAML_TASK_TEMPLATE

  505.   <<: *JAR_CACHE_TEMPLATE

  506.   <<: *GRADLE_CACHE_TEMPLATE

  507.   eks_container:

  508.     <<: *CONTAINER_TEMPLATE

  509.     cpu: 2.4

  510.     memory: 10Gb

  511.     additional_containers:

  512.       - name: keycloak

  513.         image: quay.io/keycloak/keycloak:17.0.1

  514.         port: 8080

  515.         cpu: 1

  516.         memory: 1Gb

  517.         command: "/opt/keycloak/bin/kc.sh start-dev --http-relative-path /auth"

  518.         env:

  519.           KEYCLOAK_ADMIN: admin

  520.           KEYCLOAK_ADMIN_PASSWORD: admin

  521.   env:

  522.     QA_CATEGORY: SAML

  523.   script:

  524.     - ./private/cirrus/cirrus-qa.sh h2

  525.   <<: *DEFAULT_ARTIFACTS_TEMPLATE

  526. 

  527. # LDAP QA is executed in a dedicated task in order to not slow down the pipeline, as a LDAP server and SonarQube server are re-started on each test.

  528. qa_ldap_task:

  529.   <<: *DEFAULT_TEMPLATE

  530.   <<: *BUILD_DEPENDANT_TASK_TEMPLATE

  531.   <<: *LDAP_TASK_TEMPLATE

  532.   <<: *JAR_CACHE_TEMPLATE

  533.   <<: *GRADLE_CACHE_TEMPLATE

  534.   eks_container:

  535.     <<: *CONTAINER_TEMPLATE

  536.     cpu: 2.4

  537.     memory: 10Gb

  538.   env:

  539.     QA_CATEGORY: LDAP

  540.   script:

  541.     - ./private/cirrus/cirrus-qa.sh h2

  542.   <<: *DEFAULT_ARTIFACTS_TEMPLATE

  543. 

  544. promote_task:

  545.   <<: *DEFAULT_TEMPLATE

  546.   <<: *EXCEPT_ON_NIGHTLY_TASK_TEMPLATE

  547.   depends_on:

  548.     - build

  549.     - sq_analysis

  550.     - qa

  551.     - qa_saml

  552.     - qa_ldap

  553.     - publish

  554.   eks_container:

  555.     <<: *CONTAINER_TEMPLATE

  556.     memory: 512M

  557.   stateful: true

  558.   script:

  559.     - ./private/cirrus/cirrus-promote.sh

  560. 

  561. package_docker_task:

  562.   <<: *DEFAULT_TEMPLATE

  563.   depends_on: promote

  564.   only_if: $CIRRUS_BRANCH == $BRANCH_MAIN

  565.   ec2_instance:

  566.     <<: *VM_TEMPLATE

  567.   clone_script: |

  568.     git clone --recursive --branch=$CIRRUS_BRANCH https://x-access-token:${CIRRUS_REPO_CLONE_TOKEN}@github.com/${CIRRUS_REPO_FULL_NAME}.git $CIRRUS_WORKING_DIR --depth=1

  569.     git fetch origin $CIRRUS_CHANGE_IN_REPO --depth=1

  570.     git reset --hard $CIRRUS_CHANGE_IN_REPO

  571.   install_tooling_script:

  572.     - ./private/cirrus/cirrus-tooling-for-package-docker.sh

  573.   package_script:

  574.     - ./private/cirrus/cirrus-package-docker.sh

  575. 

  576. sql_mssql_task:

  577.   <<: *DEFAULT_TEMPLATE

  578.   <<: *BUILD_DEPENDANT_TASK_TEMPLATE

  579.   <<: *DATABASE_RELATED_TASK_TEMPLATE

  580.   <<: *GRADLE_CACHE_TEMPLATE

  581.   eks_container:

  582.     <<: *CONTAINER_TEMPLATE

  583.     memory: 5Gb

  584.     additional_containers:

  585.       - name: mssql

  586.         image: mcr.microsoft.com/mssql/server:2019-GA-ubuntu-16.04

  587.         port: 1433

  588.         cpu: 2

  589.         memory: 5Gb

  590.         env:

  591.           MSSQL_PID: Developer # this is the default edition

  592.           ACCEPT_EULA: Y

  593.           SA_PASSWORD: sonarqube!1

  594.   script:

  595.     - ./private/cirrus/cirrus-db-unit-test.sh mssql

  596.   <<: *DEFAULT_ARTIFACTS_TEMPLATE

  597. 

  598. sql_postgres_task:

  599.   <<: *DEFAULT_TEMPLATE

  600.   <<: *BUILD_DEPENDANT_TASK_TEMPLATE

  601.   <<: *DATABASE_RELATED_TASK_TEMPLATE

  602.   <<: *GRADLE_CACHE_TEMPLATE

  603.   eks_container:

  604.     <<: *CONTAINER_TEMPLATE

  605.     memory: 5Gb

  606.     additional_containers:

  607.       - <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE

  608.   script:

  609.     - ./private/cirrus/cirrus-db-unit-test.sh postgres

  610.   <<: *DEFAULT_ARTIFACTS_TEMPLATE

  611. 

  612. # this is the oldest compatible version of PostgreSQL

  613. sql_postgres11_task:

  614.   <<: *DEFAULT_TEMPLATE

  615.   <<: *BUILD_DEPENDANT_TASK_TEMPLATE

  616.   <<: *DATABASE_RELATED_TASK_TEMPLATE

  617.   <<: *GRADLE_CACHE_TEMPLATE

  618.   eks_container:

  619.     <<: *CONTAINER_TEMPLATE

  620.     memory: 5Gb

  621.     additional_containers:

  622.       - <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE

  623.         image: public.ecr.aws/docker/library/postgres:11

  624.   script:

  625.     - ./private/cirrus/cirrus-db-unit-test.sh postgres

  626.   <<: *DEFAULT_ARTIFACTS_TEMPLATE

  627. 

  628. sql_oracle21_task:

  629.   <<: *DEFAULT_TEMPLATE

  630.   <<: *BUILD_DEPENDANT_TASK_TEMPLATE

  631.   <<: *DATABASE_RELATED_TASK_TEMPLATE

  632.   <<: *GRADLE_CACHE_TEMPLATE

  633.   eks_container:

  634.     <<: *CONTAINER_TEMPLATE

  635.     memory: 5Gb

  636.     additional_containers:

  637.       - <<: *ORACLE_ADDITIONAL_CONTAINER_TEMPLATE

  638.   script:

  639.     - ./private/cirrus/cirrus-db-unit-test.sh oracle21

  640.   <<: *DEFAULT_ARTIFACTS_TEMPLATE

  641. 

  642. upgd_mssql_task:

  643.   <<: *DEFAULT_TEMPLATE

  644.   <<: *BUILD_DEPENDANT_TASK_TEMPLATE

  645.   <<: *DATABASE_RELATED_TASK_TEMPLATE

  646.   <<: *JAR_CACHE_TEMPLATE

  647.   <<: *GRADLE_CACHE_TEMPLATE

  648.   eks_container:

  649.     <<: *CONTAINER_TEMPLATE

  650.     cpu: 1.5

  651.     memory: 6Gb

  652.     additional_containers:

  653.       - name: mssql

  654.         image: mcr.microsoft.com/mssql/server:2022-latest

  655.         port: 1433

  656.         cpu: 2

  657.         memory: 5Gb

  658.         env:

  659.           MSSQL_PID: Developer # this is the default edition

  660.           ACCEPT_EULA: Y

  661.           SA_PASSWORD: sonarqube!1

  662.   env:

  663.     QA_CATEGORY: Upgrade

  664.   script:

  665.     - ./private/cirrus/cirrus-qa.sh mssql

  666.   <<: *DEFAULT_ARTIFACTS_TEMPLATE

  667. 

  668. upgd_oracle21_task:

  669.   <<: *DEFAULT_TEMPLATE

  670.   <<: *BUILD_DEPENDANT_TASK_TEMPLATE

  671.   <<: *DATABASE_RELATED_TASK_TEMPLATE

  672.   <<: *JAR_CACHE_TEMPLATE

  673.   <<: *GRADLE_CACHE_TEMPLATE

  674.   eks_container:

  675.     <<: *CONTAINER_TEMPLATE

  676.     cpu: 1.5

  677.     memory: 6Gb

  678.     additional_containers:

  679.       - <<: *ORACLE_ADDITIONAL_CONTAINER_TEMPLATE

  680.   env:

  681.     QA_CATEGORY: Upgrade

  682.   script:

  683.     - ./private/cirrus/cirrus-qa.sh oracle21

  684.   <<: *DEFAULT_ARTIFACTS_TEMPLATE

  685. 

  686. ws_scan_task:

  687.   <<: *DEFAULT_TEMPLATE

  688.   <<: *BUILD_DEPENDANT_TASK_TEMPLATE

  689.   only_if: >-

  690.     $CIRRUS_BRANCH == $BRANCH_MAIN ||

  691.     ($CIRRUS_BRANCH =~ $BRANCH_PATTERN_MAINTENANCE && $CIRRUS_CRON != $NIGHTLY_99_CRON)

  692.   <<: *YARN_CACHE_TEMPLATE

  693.   <<: *GRADLE_CACHE_TEMPLATE

  694.   timeout_in: 30m

  695.   eks_container:

  696.     <<: *CONTAINER_TEMPLATE

  697.     cpu: 2

  698.     memory: 4Gb

  699.   env:

  700.     WS_APIKEY: VAULT[development/kv/data/mend data.apikey]

  701.     WS_WSS_URL: VAULT[development/kv/data/mend data.url]

  702.     WS_USERKEY: VAULT[development/kv/data/mend data.userKey]

  703.     SLACK_WEBHOOK_SQ: VAULT[development/kv/data/slack data.webhook]

  704.   whitesource_script:

  705.     - ./private/cirrus/cirrus-whitesource-scan.sh

  706.   allow_failures: "true"

  707.   on_failure:

  708.     slack_notification_script:

  709.       - ./private/cirrus/cirrus-whitesource-notifications.sh

  710.   always:

  711.     ws_artifacts:

  712.       path: "whitesource/**/*"