# content of service-account-credentials.json, used to access to Google Cloud Platform
gcp_credentials: ENCRYPTED[ec86f04ec57d8a7f29ad6b84b41262c9d576abc533485754fdfdb24db103adf0d33ba4ba89a57d29d2549790be5abc72]
env:
GRADLE_OPTS: -Dorg.gradle.daemon=false -Dorg.gradle.jvmargs="-XX:+PrintFlagsFinal -XshowSettings:vm -XX:+HeapDumpOnOutOfMemoryError -XX:+UnlockExperimentalVMOptions -Djava.security.egd=file:/dev/./urandom -Dfile.encoding=UTF8 -Duser.language=en -Duser.country=US"
# to be replaced by other credentials
ARTIFACTORY_PRIVATE_USERNAME: ENCRYPTED[c0baa3376daa1e08d602435081d07653799cf34ab09ca92e575f3dc4176bc6cf2ebf87120e83f3aa6804f072013e8e2b]
ARTIFACTORY_PRIVATE_PASSWORD: ENCRYPTED[f13d32d218c3da8008114d2c8857b2956047fbdab2163bbf186b8b89f789f0efa7504f499749a59ad5988c14e5360353]
ARTIFACTORY_DEPLOY_USERNAME: public-qa-deployer
ARTIFACTORY_DEPLOY_PASSWORD: ENCRYPTED[9362d735843b21b375b6e19d91e0de5216e053e229e39e2ce33a0c866306e6e3f9b08db8a0e126ca5e986fea97e975fd]
ARTIFACTORY_DEPLOY_USERNAME_PRIVATE: private-qa-deployer
ARTIFACTORY_DEPLOY_PASSWORD_PRIVATE: ENCRYPTED[61769719e9b775afe103dbee22141eeaa0116b3332eafb993be2a5919ff7bf017cdc519afed07dc6cac8ebbc0846f191]
ARTIFACTORY_API_KEY: ENCRYPTED[d52910db749f2678f43084b18c849486d68fbc02c2f5489c7ee1085c395de9dc7575313a8b348bb5361a693dd782e07e]
# download licenses for testing commercial editions
GITHUB_TOKEN: ENCRYPTED[!f272985ea5b49b3cf9c414b98de6a8e9096be47bfcee52f33311ba3131a2af637c1b956f49585b7757dd84b7c030233a!]
# use a permanent GitHub access token to perform a clone (by default CirrusCI uses a temporary one)
CIRRUS_REPO_CLONE_TOKEN: ENCRYPTED[f20fee6519296187a473964e60afb08a1bbdc889a624fad0297b41a21d8697f8d2da4d2d245194ade630dcf46b4b581e]
# notifications to burgr
BURGR_URL: ENCRYPTED[06b8fcc9aaa4b495043aa08bc4450b89588902ad9a60cc8525f53d14810aff84558812e4b7eb01131dd64f33916ac941]
BURGR_USERNAME: ENCRYPTED[cf7bfb936025fb763013bbfef0ab5723c0d9b53f135d79af36f9defa933f4b5fc72842bd83a97ce9b614503c1b77e6da]
BURGR_PASSWORD: ENCRYPTED[bc554fc6a06c9f14cc9924cefad0a69e962a905b6d1609fc9357d458b45fc52ac74c960ad9c7382a0691433fa9dcd483]
# analysis on next.sonarqube.com
SONARQUBE_NEXT_TOKEN: ENCRYPTED[e3d98fa0ecceb015e9803d47f78c3040f5a710d678a631107635d69f650d4e53ecaf2e2334cc1fe0c47037ec915dcda0]
# to trigger docs deployment
BUDDY_WORKS_TOKEN: ENCRYPTED[9ba648f3167b6f0c0befbba2f816bfffd53260fef06fb0fe8bba0a19ae4808c8b1567c5dcee2a2ee5299a5969058f495]
auto_cancellation: $CIRRUS_BRANCH != 'master' && $CIRRUS_BRANCH !=~ 'branch.*'
task_only_nightly_depending_on_build_template: &TASK_ONLY_NIGHTLY_DEPENDING_ON_BUILD_TEMPLATE
depends_on: build
# Comment the following line and commit with message "DO NOT MERGE" in order to run
# this task on your branch
only_if: $CIRRUS_BRANCH == "branch-nightly-build"
task_only_default_depending_on_build_template: &TASK_ONLY_DEFAUT_DEPENDING_ON_BUILD_TEMPLATE
depends_on: build
only_if: >-
$CIRRUS_BRANCH !=~ "dogfood/.*" &&
$CIRRUS_BRANCH != "public_master" &&
$CIRRUS_BRANCH != "branch-nightly-build" &&
$CIRRUS_CRON == ""
docker_build_container_template: &GKE_CONTAINER_TEMPLATE
dockerfile: private/docker/Dockerfile-build
builder_image_project: sonarqube-team
builder_image_name: docker-builder-v20200915
cluster_name: cirrus-ci-cluster
zone: us-central1-a
namespace: default
cpu: 1
memory: 1Gb
oracle_additional_container_template: &ORACLE_ADDITIONAL_CONTAINER_TEMPLATE
name: oracle
image: us.gcr.io/sonarqube-team/oracle12:0.0.1 # see https://github.com/SonarSource/vms/blob/master/docker/README.md#oracle-12c to build it
port: 1521
cpu: 2
memory: 5Gb
env:
ORACLE_PWD: sonarqube
postgres_additional_container_template: &POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
name: postgres
image: postgres:12.1
port: 5432
cpu: 1
memory: 1Gb
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
reports_junit_on_failure_template: &REPORTS_JUNIT_ON_FAILURE_TEMPLATE
reports_artifacts:
path: "**/build/reports/**/*"
junit_artifacts:
path: "**/test-results/**/*.xml"
format: junit
screenshots_on_failure_template: &REPORTS_JUNIT_SCREENSHOTS_ON_FAILURE_TEMPLATE
<<: *REPORTS_JUNIT_ON_FAILURE_TEMPLATE
screenshots_artifacts:
path: "**/build/screenshots/**/*"
build_task:
only_if: >-
$CIRRUS_BRANCH !=~ "dogfood/.*" &&
$CIRRUS_BRANCH != "public_master" &&
$CIRRUS_CRON == ""
timeout_in: 90m
gke_container:
<<: *GKE_CONTAINER_TEMPLATE
cpu: 4
memory: 7Gb
env:
# No need to clone the full history.
# Depth of 1 is not enough because it would fail the build in case of consecutive pushes
# (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!")
CIRRUS_CLONE_DEPTH: 50
script:
- ./private/cirrus/cirrus-build.sh
on_failure:
reports_artifacts:
path: "**/build/reports/**/*"
deploy_docs_task:
depends_on: build
only_if: $CIRRUS_BRANCH == 'dogfood-on-next'
gke_container:
<<: *GKE_CONTAINER_TEMPLATE
env:
# No need to clone the full history.
# Depth of 1 is not enough because it would fail the build in case of consecutive pushes
# (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!")
CIRRUS_CLONE_DEPTH: 50
script:
- ./private/cirrus/cirrus-trigger-deploy-docs.sh
validate_task:
<<: *TASK_ONLY_DEFAUT_DEPENDING_ON_BUILD_TEMPLATE
timeout_in: 90m
gke_container:
<<: *GKE_CONTAINER_TEMPLATE
cpu: 2
memory: 12Gb
additional_containers:
- <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
script:
- ./private/cirrus/cirrus-validate.sh postgres106
on_failure:
<<: *REPORTS_JUNIT_ON_FAILURE_TEMPLATE
qa_task:
<<: *TASK_ONLY_DEFAUT_DEPENDING_ON_BUILD_TEMPLATE
gke_container:
<<: *GKE_CONTAINER_TEMPLATE
cpu: 3
memory: 7Gb
additional_containers:
- <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
env:
# No need to clone the full history.
# Depth of 1 is not enough because it would fail the build in case of consecutive pushes
# (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!")
CIRRUS_CLONE_DEPTH: 50
matrix:
- QA_CATEGORY: Cat1
- QA_CATEGORY: Cat2
- QA_CATEGORY: Cat3
- QA_CATEGORY: Cat4
- QA_CATEGORY: Cat5
- QA_CATEGORY: Cat6
- QA_CATEGORY: Cat7
- QA_CATEGORY: Authentication
- QA_CATEGORY: Gov
- QA_CATEGORY: Dev
- QA_CATEGORY: License
- QA_CATEGORY: Branch
- QA_CATEGORY: Upgrade
script:
- ./private/cirrus/cirrus-qa.sh postgres106
on_failure:
<<: *REPORTS_JUNIT_ON_FAILURE_TEMPLATE
qa_bitbucket_task:
<<: *TASK_ONLY_NIGHTLY_DEPENDING_ON_BUILD_TEMPLATE
gke_container:
<<: *GKE_CONTAINER_TEMPLATE
cpu: 3
memory: 7Gb
additional_containers:
- <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
maven_cache:
folder: ~/.m2
env:
# No need to clone the full history.
# Depth of 1 is not enough because it would fail the build in case of consecutive pushes
# (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!")
CIRRUS_CLONE_DEPTH: 50
QA_CATEGORY: BITBUCKET
matrix:
- name: qa_bitbucket_5.16.11
bitbucket_background_script: ./private/cirrus/cirrus-start-bitbucket.sh 5.16.11
- name: qa_bitbucket_latest
bitbucket_background_script: ./private/cirrus/cirrus-start-bitbucket.sh LATEST
wait_for_bitbucket_to_boot_script: secs=3600; endTime=$(( $(date +%s) + secs )); while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:7990/bitbucket/status)" != "200" ]] || [ $(date +%s) -gt $endTime ]; do sleep 5; done
script:
- ./private/cirrus/cirrus-qa.sh postgres106
on_failure:
<<: *REPORTS_JUNIT_ON_FAILURE_TEMPLATE
qa_ha_task:
<<: *TASK_ONLY_NIGHTLY_DEPENDING_ON_BUILD_TEMPLATE
gke_container:
<<: *GKE_CONTAINER_TEMPLATE
cpu: 2.4
memory: 10Gb
additional_containers:
- <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
env:
# No need to clone the full history.
# Depth of 1 is not enough because it would fail the build in case of consecutive pushes
# (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!")
CIRRUS_CLONE_DEPTH: 50
QA_CATEGORY: HA
gradle_cache:
folder: ~/.gradle/caches
script:
- ./private/cirrus/cirrus-qa.sh postgres106
cleanup_before_cache_script:
- ./private/cirrus/cleanup-gradle-cache.sh
on_failure:
<<: *REPORTS_JUNIT_SCREENSHOTS_ON_FAILURE_TEMPLATE
# GitLab QA is executed in a dedicated task in order to not slow down the pipeline, as a GitLab on-prem server docker image is required.
qa_gitlab_task:
<<: *TASK_ONLY_NIGHTLY_DEPENDING_ON_BUILD_TEMPLATE
gke_container:
<<: *GKE_CONTAINER_TEMPLATE
cpu: 2.4
memory: 5Gb
additional_containers:
- name: gitlab
image: gitlab/gitlab-ce:latest
port: 8080:80
cpu: 1
memory: 5Gb
env:
# Creating a personnal access token from rails console for test purpuse (can't do through gitlab REST API)
GITLAB_POST_RECONFIGURE_SCRIPT: "gitlab-rails runner \"
token = User.find_by_username('root').personal_access_tokens.create(scopes: [:api], name: 'token');
token.set_token('token-here-456');
token.save!;
token_read = User.find_by_username('root').personal_access_tokens.create(scopes: [:read_api], name: 'token_read');
token_read.set_token('token-read-123');
token_read.save!;
\""
env:
# No need to clone the full history.
# Depth of 1 is not enough because it would fail the build in case of consecutive pushes
# (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!")
CIRRUS_CLONE_DEPTH: 50
QA_CATEGORY: AZURE
gradle_cache:
folder: ~/.gradle/caches
script:
- ./private/cirrus/cirrus-qa.sh h2
cleanup_before_cache_script:
- ./private/cirrus/cleanup-gradle-cache.sh
on_failure:
reports_artifacts:
path: "**/build/reports/**/*"
screenshots_artifacts:
path: "**/build/screenshots/**/*"
junit_artifacts:
path: "**/test-results/**/*.xml"
format: junit
# Azure QA is executed in a dedicated task in order to not slow down the pipeline.
qa_azure_task:
<<: *TASK_ONLY_NIGHTLY_DEPENDING_ON_BUILD_TEMPLATE
gke_container:
<<: *GKE_CONTAINER_TEMPLATE
cpu: 2.4
memory: 5Gb
env:
# No need to clone the full history.
# Depth of 1 is not enough because it would fail the build in case of consecutive pushes
# (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!")
CIRRUS_CLONE_DEPTH: 50
QA_CATEGORY: AZURE
gradle_cache:
folder: ~/.gradle/caches
script:
- ./private/cirrus/cirrus-qa.sh h2
cleanup_before_cache_script:
- ./private/cirrus/cleanup-gradle-cache.sh
on_failure:
reports_artifacts:
path: "**/build/reports/**/*"
screenshots_artifacts:
path: "**/build/screenshots/**/*"
junit_artifacts:
path: "**/test-results/**/*.xml"
format: junit
# SAML QA is executed in a dedicated task in order to not slow down the pipeline, as a Keycloak server docker image is required.
qa_saml_task:
<<: *TASK_ONLY_NIGHTLY_DEPENDING_ON_BUILD_TEMPLATE
gke_container:
<<: *GKE_CONTAINER_TEMPLATE
cpu: 2.4
memory: 10Gb
additional_containers:
- name: keycloak
image: jboss/keycloak:7.0.0
port: 8080
cpu: 1
memory: 1Gb
env:
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin
env:
# No need to clone the full history.
# Depth of 1 is not enough because it would fail the build in case of consecutive pushes
# (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!")
CIRRUS_CLONE_DEPTH: 50
QA_CATEGORY: SAML
gradle_cache:
folder: ~/.gradle/caches
script:
- ./private/cirrus/cirrus-qa.sh h2
cleanup_before_cache_script:
- ./private/cirrus/cleanup-gradle-cache.sh
on_failure:
<<: *REPORTS_JUNIT_SCREENSHOTS_ON_FAILURE_TEMPLATE
# LDAP QA is executed in a dedicated task in order to not slow down the pipeline, as a LDAP server and SonarQube server are re-started on each test.
qa_ldap_task:
<<: *TASK_ONLY_NIGHTLY_DEPENDING_ON_BUILD_TEMPLATE
gke_container:
<<: *GKE_CONTAINER_TEMPLATE
cpu: 2.4
memory: 10Gb
env:
# No need to clone the full history.
# Depth of 1 is not enough because it would fail the build in case of consecutive pushes
# (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!")
CIRRUS_CLONE_DEPTH: 50
QA_CATEGORY: LDAP
gradle_cache:
folder: ~/.gradle/caches
script:
- ./private/cirrus/cirrus-qa.sh h2
cleanup_before_cache_script:
- ./private/cirrus/cleanup-gradle-cache.sh
on_failure:
<<: *REPORTS_JUNIT_SCREENSHOTS_ON_FAILURE_TEMPLATE
promote_task:
<<: *TASK_ONLY_DEFAUT_DEPENDING_ON_BUILD_TEMPLATE
depends_on:
- build
- validate
- qa
- qa_saml
- qa_ldap
gke_container:
<<: *GKE_CONTAINER_TEMPLATE
stateful: true
env:
# No need to clone the full history.
# Depth of 1 is not enough because it would fail the build in case of consecutive pushes
# (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!")
CIRRUS_CLONE_DEPTH: 50
script:
- ./private/cirrus/cirrus-promote.sh
sql_mssql2017_task:
<<: *TASK_ONLY_NIGHTLY_DEPENDING_ON_BUILD_TEMPLATE
gke_container:
<<: *GKE_CONTAINER_TEMPLATE
memory: 5Gb
additional_containers:
- name: mssql
image: mcr.microsoft.com/mssql/server:2017-GA-ubuntu
port: 1433
cpu: 2
memory: 5Gb
env:
MSSQL_PID: Developer # this is the default edition
ACCEPT_EULA: Y
SA_PASSWORD: sonarqube!1
script:
- ./private/cirrus/cirrus-db-unit-test.sh mssql2017
on_failure:
<<: *REPORTS_JUNIT_ON_FAILURE_TEMPLATE
# this is the oldest compatible version of PostgreSQL
sql_postgres93_task:
<<: *TASK_ONLY_NIGHTLY_DEPENDING_ON_BUILD_TEMPLATE
gke_container:
<<: *GKE_CONTAINER_TEMPLATE
memory: 5Gb
additional_containers:
- <<: *POSTGRES_ADDITIONAL_CONTAINER_TEMPLATE
image: postgres:9.3
script:
- ./private/cirrus/cirrus-db-unit-test.sh postgres93
on_failure:
<<: *REPORTS_JUNIT_ON_FAILURE_TEMPLATE
sql_oracle12_task:
<<: *TASK_ONLY_NIGHTLY_DEPENDING_ON_BUILD_TEMPLATE
gke_container:
<<: *GKE_CONTAINER_TEMPLATE
memory: 5Gb
additional_containers:
- <<: *ORACLE_ADDITIONAL_CONTAINER_TEMPLATE
script:
- ./private/cirrus/cirrus-db-unit-test.sh oracle12
on_failure:
<<: *REPORTS_JUNIT_ON_FAILURE_TEMPLATE
upgd_mssql2017_task:
<<: *TASK_ONLY_NIGHTLY_DEPENDING_ON_BUILD_TEMPLATE
gke_container:
<<: *GKE_CONTAINER_TEMPLATE
cpu: 1.5
memory: 6Gb
additional_containers:
- name: mssql
image: mcr.microsoft.com/mssql/server:2017-GA-ubuntu
port: 1433
cpu: 2
memory: 5Gb
env:
MSSQL_PID: Developer # this is the default edition
ACCEPT_EULA: Y
SA_PASSWORD: sonarqube!1
env:
# No need to clone the full history.
# Depth of 1 is not enough because it would fail the build in case of consecutive pushes
# (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!")
CIRRUS_CLONE_DEPTH: 50
matrix:
QA_CATEGORY: Upgrade
script:
- ./private/cirrus/cirrus-qa.sh mssql2017
on_failure:
<<: *REPORTS_JUNIT_ON_FAILURE_TEMPLATE
upgd_oracle12_task:
<<: *TASK_ONLY_NIGHTLY_DEPENDING_ON_BUILD_TEMPLATE
gke_container:
<<: *GKE_CONTAINER_TEMPLATE
cpu: 1.5
memory: 6Gb
additional_containers:
- <<: *ORACLE_ADDITIONAL_CONTAINER_TEMPLATE
env:
# No need to clone the full history.
# Depth of 1 is not enough because it would fail the build in case of consecutive pushes
# (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!")
CIRRUS_CLONE_DEPTH: 50
matrix:
QA_CATEGORY: Upgrade
script:
- ./private/cirrus/cirrus-qa.sh oracle12
on_failure:
<<: *REPORTS_JUNIT_ON_FAILURE_TEMPLATE
# Software Composition Analysis (SCA): check potential vulnerabilities in dependencies.
# Note that license compliance of dependencies is not checked for now.
owasp_check_task:
only_if: >-
$CIRRUS_CRON == "nightly" ||
$CIRRUS_CRON == "weekly-latest" ||
$CIRRUS_CRON == "weekly-lts" ||
changesInclude('private/owasp/*.xml')
timeout_in: 30m
gke_container:
<<: *GKE_CONTAINER_TEMPLATE
cpu: 1.7
memory: 4Gb
environment:
# No need to clone the full history.
# Depth of 1 is not enough because it would fail the build in case of consecutive pushes
# (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!")
CIRRUS_CLONE_DEPTH: 50
SLACK_WEBHOOK_SQ: ENCRYPTED[dec8e4350cbea3b94d63098558bcb3ae9e79b71c2b6286fcfb9eb80c0953b6448b10f7271b07b5e75e52f362c25d7a8f]
script:
- gradle dependencyCheckAggregate
on_failure:
slack_notification_script:
- ./private/cirrus/cirrus-owasp-notification.sh
always:
reports_artifacts:
path: "build/reports/*"