aboutsummaryrefslogtreecommitdiffstats
path: root/.cirrus.yml
blob: ec091b115381e5f8a084d314417a15d4b5cd81dc (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
#
# ENV VARIABLES
#
env:
  ### Shared variables
  CIRRUS_VAULT_AUTH_PATH: jwt-cirrusci
  CIRRUS_VAULT_ROLE: cirrusci-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}
  CIRRUS_VAULT_URL: https://vault.sonar.build:8200
  ARTIFACTORY_URL: VAULT[development/kv/data/repox data.url]
  ARTIFACTORY_PRIVATE_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader
  ARTIFACTORY_PRIVATE_PASSWORD: VAULT[development/artifactory/token/SonarSource-sonar-scanner-cli-private-reader access_token]
  ARTIFACTORY_ACCESS_TOKEN: VAULT[development/artifactory/token/SonarSource-sonar-scanner-cli-private-reader access_token]
  ARTIFACTORY_DEPLOY_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer
  ARTIFACTORY_DEPLOY_PASSWORD: VAULT[development/artifactory/token/SonarSource-sonar-scanner-cli-qa-deployer access_token]
  ARTIFACTORY_DEPLOY_REPO: sonarsource-public-qa
  ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token]

  ### Project variables
  DEPLOY_PULL_REQUEST: true
  NIGHTLY_CRON: 'nightly-cron'
#
# RE-USABLE CONFIGS
#
eks_container: &EKS_CONTAINER
  region: eu-central-1
  cluster_name: ${CIRRUS_CLUSTER_NAME}
  namespace: default
  image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j17-m3-latest
  cpu: 1
  memory: 4G

ec2_instance: &EC2_INSTANCE_WINDOWS
  experimental: true # see https://github.com/cirruslabs/cirrus-ci-docs/issues/1051
  region: eu-central-1
  subnet_id: ${CIRRUS_AWS_SUBNET}
  type: t2.2xlarge
  image: base-windows-jdk17-v*
  platform: windows

only_sonarsource_qa: &ONLY_SONARSOURCE_QA
  only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_PR != "" || $CIRRUS_BRANCH == $CIRRUS_DEFAULT_BRANCH || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BUILD_SOURCE == 'api' )

except_nightly_cron: &ONLY_SONARSOURCE_QA_EXCEPT_ON_NIGHTLY_CRON
  only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_PR != "" || $CIRRUS_BRANCH == $CIRRUS_DEFAULT_BRANCH || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BUILD_SOURCE == 'api' ) && $CIRRUS_CRON != $NIGHTLY_CRON

#
# TASKS
#
build_task:
  <<: *ONLY_SONARSOURCE_QA
  eks_container:
    <<: *EKS_CONTAINER
  env:
    SONAR_TOKEN: VAULT[development/kv/data/next data.token]
    SONAR_HOST_URL: VAULT[development/kv/data/next data.url]
    SIGN_KEY: VAULT[development/kv/data/sign data.key]
    PGP_PASSPHRASE: VAULT[development/kv/data/sign data.passphrase]
    # Fetch all commit history so that Sonar has exact blame information for issue auto-assignment
    CIRRUS_CLONE_DEPTH: "0"
  maven_cache:
    folder: ${CIRRUS_WORKING_DIR}/.m2/repository
  script:
    - source cirrus-env BUILD
    - regular_mvn_build_deploy_analyze -Pdist-linux-x64,dist-linux-aarch64,dist-windows-x64,dist-macosx-x64,dist-macosx-aarch64
  cleanup_before_cache_script:
    - cleanup_maven_repository

mend_scan_task:
  depends_on:
    - build
  eks_container:
    <<: *EKS_CONTAINER
    cpu: 2
    memory: 2G
  # run only on master and long-term branches
  only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_BRANCH == $CIRRUS_DEFAULT_BRANCH || $CIRRUS_BRANCH =~ "branch-.*")
  env:
    WS_APIKEY: VAULT[development/kv/data/mend data.apikey]
  maven_cache:
    folder: ${CIRRUS_WORKING_DIR}/.m2/repository
  whitesource_script:
    - source cirrus-env QA
    - source set_maven_build_version $BUILD_NUMBER
    - mvn clean install -DskipTests --batch-mode
    - source ws_scan.sh
  cleanup_before_cache_script: cleanup_maven_repository
  allow_failures: "true"
  always:
    ws_artifacts:
      path: "whitesource/**/*"

linux_x64_qa_java17_task:
  depends_on:
    - build
  <<: *ONLY_SONARSOURCE_QA
  eks_container:
    <<: *EKS_CONTAINER
  env:
    matrix:
      - SQ_VERSION: LATEST_RELEASE[9.9]
      - SQ_VERSION: LATEST_RELEASE
      - SQ_VERSION: DEV
  maven_cache:
    folder: ${CIRRUS_WORKING_DIR}/.m2/repository
  qa_script:
    - nodeVersion=18.17.0
    - nodeName=node-v${nodeVersion}-linux-x64
    - wget https://nodejs.org/download/release/v${nodeVersion}/${nodeName}.tar.gz
    - tar xzf ${nodeName}.tar.gz -C /tmp
    - export PATH=$PATH:/tmp/${nodeName}/bin
    - source cirrus-env QA
    - source set_maven_build_version $BUILD_NUMBER
    - cd it
    - mvn -B -e -Dsonar.runtimeVersion="$SQ_VERSION" -Dmaven.test.redirectTestOutputToFile=false verify
  cleanup_before_cache_script:
    - cleanup_maven_repository

win_x64_qa_java17_task:
  depends_on:
    - build
  <<: *ONLY_SONARSOURCE_QA
  ec2_instance:
    <<: *EC2_INSTANCE_WINDOWS
  env:
    CIRRUS_SHELL: bash
    matrix:
      - SQ_VERSION: LATEST_RELEASE[9.9]
      - SQ_VERSION: LATEST_RELEASE
      - SQ_VERSION: DEV
  maven_cache:
    folder: ${CIRRUS_WORKING_DIR}/.m2/repository
  qa_script:
    - source cirrus-env QA
    - source set_maven_build_version $BUILD_NUMBER
    - cd it
    - mvn -B -e -Dsonar.runtimeVersion="$SQ_VERSION" -Dmaven.test.redirectTestOutputToFile=false verify
  cleanup_before_cache_script:
    - cleanup_maven_repository

promote_task:
  depends_on:
    - linux_x64_qa_java17
    - win_x64_qa_java17
  <<: *ONLY_SONARSOURCE_QA_EXCEPT_ON_NIGHTLY_CRON
  eks_container:
    <<: *EKS_CONTAINER
    cpu: 0.5
    memory: 500M
  env:
    GITHUB_TOKEN: VAULT[development/github/token/SonarSource-sonar-scanner-cli-promotion token]
  maven_cache:
    folder: $CIRRUS_WORKING_DIR/.m2/repository
  script:
    - cirrus_promote_maven
  cleanup_before_cache_script:
    - cleanup_maven_repository