# # ENV VARIABLES # env: ### Shared variables CIRRUS_VAULT_AUTH_PATH: jwt-cirrusci CIRRUS_VAULT_ROLE: cirrusci-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME} CIRRUS_VAULT_URL: https://vault.sonar.build:8200 ARTIFACTORY_URL: VAULT[development/kv/data/repox data.url] ARTIFACTORY_PRIVATE_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader ARTIFACTORY_PRIVATE_PASSWORD: VAULT[development/artifactory/token/SonarSource-sonar-scanner-cli-private-reader access_token] ARTIFACTORY_ACCESS_TOKEN: VAULT[development/artifactory/token/SonarSource-sonar-scanner-cli-private-reader access_token] ARTIFACTORY_DEPLOY_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer ARTIFACTORY_DEPLOY_PASSWORD: VAULT[development/artifactory/token/SonarSource-sonar-scanner-cli-qa-deployer access_token] ARTIFACTORY_DEPLOY_REPO: sonarsource-public-qa ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token] BURGR_URL: VAULT[development/kv/data/burgr data.url] BURGR_USERNAME: VAULT[development/kv/data/burgr data.cirrus_username] BURGR_PASSWORD: VAULT[development/kv/data/burgr data.cirrus_password] ### Project variables DEPLOY_PULL_REQUEST: true ARTIFACTS: org.sonarsource.scanner.cli:sonar-scanner-cli:jar NIGHTLY_CRON: 'nightly-cron' # # RE-USABLE CONFIGS # eks_container: &EKS_CONTAINER region: eu-central-1 cluster_name: ${CIRRUS_CLUSTER_NAME} namespace: default image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j17-m3-latest cpu: 1 memory: 4G ec2_instance: &EC2_INSTANCE_WINDOWS experimental: true # see https://github.com/cirruslabs/cirrus-ci-docs/issues/1051 region: eu-central-1 subnet_id: ${CIRRUS_AWS_SUBNET} type: t2.2xlarge image: base-windows-jdk17-v* platform: windows only_sonarsource_qa: &ONLY_SONARSOURCE_QA only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_PR != "" || $CIRRUS_BRANCH == $CIRRUS_DEFAULT_BRANCH || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BUILD_SOURCE == 'api' ) except_nightly_cron: &EXCEPT_ON_NIGHTLY_CRON only_if: $CIRRUS_CRON != $NIGHTLY_CRON # # TASKS # build_task: <<: *ONLY_SONARSOURCE_QA eks_container: <<: *EKS_CONTAINER env: SONAR_TOKEN: VAULT[development/kv/data/next data.token] SONAR_HOST_URL: VAULT[development/kv/data/next data.url] SIGN_KEY: VAULT[development/kv/data/sign data.key] PGP_PASSPHRASE: VAULT[development/kv/data/sign data.passphrase] maven_cache: folder: ${CIRRUS_WORKING_DIR}/.m2/repository script: - source cirrus-env BUILD - regular_mvn_build_deploy_analyze -Pdist-linux,dist-windows,dist-macosx cleanup_before_cache_script: - cleanup_maven_repository mend_scan_task: depends_on: - build eks_container: <<: *EKS_CONTAINER cpu: 2 memory: 2G # run only on master and long-term branches only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_BRANCH == $CIRRUS_DEFAULT_BRANCH || $CIRRUS_BRANCH =~ "branch-.*") env: WS_APIKEY: VAULT[development/kv/data/mend data.apikey] maven_cache: folder: ${CIRRUS_WORKING_DIR}/.m2/repository whitesource_script: - source cirrus-env QA - source set_maven_build_version $BUILD_NUMBER - mvn clean install -DskipTests --batch-mode - source ws_scan.sh cleanup_before_cache_script: cleanup_maven_repository allow_failures: "true" always: ws_artifacts: path: "whitesource/**/*" linux_qa_java17_task: depends_on: - build <<: *ONLY_SONARSOURCE_QA eks_container: <<: *EKS_CONTAINER env: matrix: - SQ_VERSION: LATEST_RELEASE[9.9] - SQ_VERSION: LATEST_RELEASE - SQ_VERSION: DEV maven_cache: folder: ${CIRRUS_WORKING_DIR}/.m2/repository qa_script: - nodeVersion=18.17.0 - nodeName=node-v${nodeVersion}-linux-x64 - wget https://nodejs.org/download/release/v${nodeVersion}/${nodeName}.tar.gz - tar xzf ${nodeName}.tar.gz -C /tmp - export PATH=$PATH:/tmp/${nodeName}/bin - source cirrus-env QA - source set_maven_build_version $BUILD_NUMBER - cd it - mvn -B -e -Dsonar.runtimeVersion="$SQ_VERSION" -Dmaven.test.redirectTestOutputToFile=false verify cleanup_before_cache_script: - cleanup_maven_repository win_qa_java17_task: depends_on: - build <<: *ONLY_SONARSOURCE_QA ec2_instance: <<: *EC2_INSTANCE_WINDOWS env: CIRRUS_SHELL: bash matrix: - SQ_VERSION: LATEST_RELEASE[9.9] - SQ_VERSION: LATEST_RELEASE - SQ_VERSION: DEV maven_cache: folder: ${CIRRUS_WORKING_DIR}/.m2/repository qa_script: - source cirrus-env QA - source set_maven_build_version $BUILD_NUMBER - cd it - mvn -B -e -Dsonar.runtimeVersion="$SQ_VERSION" -Dmaven.test.redirectTestOutputToFile=false verify cleanup_before_cache_script: - cleanup_maven_repository promote_task: depends_on: - linux_qa_java17 - win_qa_java17 <<: *ONLY_SONARSOURCE_QA <<: *EXCEPT_ON_NIGHTLY_CRON eks_container: <<: *EKS_CONTAINER cpu: 0.5 memory: 500M env: GITHUB_TOKEN: VAULT[development/github/token/SonarSource-sonar-scanner-cli-promotion token] maven_cache: folder: $CIRRUS_WORKING_DIR/.m2/repository script: - cirrus_promote_maven cleanup_before_cache_script: - cleanup_maven_repository