-
Notifications
You must be signed in to change notification settings - Fork 684
/
.cirrus.yml
318 lines (299 loc) · 12.4 KB
/
.cirrus.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
env:
CIRRUS_VAULT_URL: https://vault.sonar.build:8200
CIRRUS_VAULT_AUTH_PATH: jwt-cirrusci
CIRRUS_VAULT_ROLE: cirrusci-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}
ARTIFACTORY_URL: VAULT[development/kv/data/repox data.url]
ARTIFACTORY_PRIVATE_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader
ARTIFACTORY_PRIVATE_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
ARTIFACTORY_DEPLOY_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer
ARTIFACTORY_DEPLOY_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token]
#Possible values for ARTIFACTORY_DEPLOY_REPO: sonarsource-private-qa, sonarsource-public-qa
ARTIFACTORY_DEPLOY_REPO: sonarsource-public-qa
ARTIFACTORY_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
GITHUB_TOKEN: VAULT[development/github/token/licenses-ro token]
GRADLE_ENTERPRISE_USERNAME: VAULT[development/team/sonarqube/kv/data/gradle-enterprise data.username]
GRADLE_ENTERPRISE_PASSWORD: VAULT[development/team/sonarqube/kv/data/gradle-enterprise data.password]
GRADLE_ENTERPRISE_URL: VAULT[development/team/sonarqube/kv/data/gradle-enterprise data.url]
GRADLE_ENTERPRISE_KEY: VAULT[development/team/sonarqube/kv/data/gradle-enterprise data.access-key]
# Use bash (instead of sh on linux or cmd.exe on windows)
CIRRUS_SHELL: bash
# Allows to run builds for the 50 last commits in a branch:
CIRRUS_CLONE_DEPTH: 50
container_definition: &CONTAINER_DEFINITION
cluster_name: ${CIRRUS_CLUSTER_NAME}
region: eu-central-1
namespace: default
nodeSelectorTerms:
- matchExpressions:
- key: node.kubernetes.io/instance-type
operator: In
values:
- m6a.8xlarge # 3.6 GHz 3rd generation AMD EPYC processors (AMD EPYC 7R13), 18 vCPU, 64 GiB Memory
container_with_docker_definition: &CONTAINER_WITH_DOCKER_DEFINITION
<<: *CONTAINER_DEFINITION
dockerfile: .cirrus/Dockerfile.jdk17AndLatest
builder_role: cirrus-builder
builder_image: docker-builder-v*
builder_instance_type: t3.small
win_vm_definition: &WINDOWS_VM_DEFINITION
experimental: true # see https://github.com/cirruslabs/cirrus-ci-docs/issues/1051
platform: windows
region: eu-central-1
type: c5.4xlarge # 3.6 GHz (3.9GHz single core) Intel Xeon Scalable Processor, 16 vCPU, 32 GiB Memory
only_sonarsource_qa: &ONLY_SONARSOURCE_QA
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_PR != "" || $CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "dogfood-on-.*")
common_build_definition: &COMMON_BUILD_DEFINITION
eks_container:
<<: *CONTAINER_DEFINITION
image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j22-latest
cpu: 4
memory: 4G
env:
SIGN_KEY: VAULT[development/kv/data/sign data.key]
PGP_PASSPHRASE: VAULT[development/kv/data/sign data.passphrase]
# analysis on next
SONAR_TOKEN: VAULT[development/kv/data/next data.token]
SONAR_HOST_URL: https://next.sonarqube.com/sonarqube
#allow deployment of pull request artifacts to repox
DEPLOY_PULL_REQUEST: true
maven_cache:
folder: ${CIRRUS_WORKING_DIR}/.m2/repository
orchestrator_cache_preparation_definition: &ORCHESTRATOR_CACHE_PREPARATION_DEFINITION
set_orchestrator_home_script: |
export TODAY=$(date '+%Y-%m-%d')
echo "TODAY=${TODAY}" >> $CIRRUS_ENV
echo "ORCHESTRATOR_HOME=${CIRRUS_WORKING_DIR}/orchestrator/${TODAY}" >> $CIRRUS_ENV
mkdir_orchestrator_home_script: |
echo "Create dir ${ORCHESTRATOR_HOME} if needed"
mkdir -p ${ORCHESTRATOR_HOME}
orchestrator_cache_elements_definition: &ORCHESTRATOR_CACHE_ELEMENTS_DEFINITION
folder: ${ORCHESTRATOR_HOME}
fingerprint_script: echo ${TODAY}
reupload_on_changes: "true"
# Only compile without "test and sonar:sonar". Note: Do not rename "build", it is used by "Check Releasability"
build_task:
<<: *COMMON_BUILD_DEFINITION
build_script:
- source cirrus-env BUILD
- regular_mvn_build_deploy_analyze -Dmaven.test.skip=true -Dsonar.skip=true -pl '!java-checks-test-sources/default,!java-checks-test-sources/aws'
cleanup_before_cache_script: cleanup_maven_repository
test_analyze_task:
<<: *COMMON_BUILD_DEFINITION
build_script:
- source cirrus-env BUILD
# ignore duplications in the SE engine plugin, as it will be moved away from sonar-java at some point
- PULL_REQUEST_SHA=$GIT_SHA1 regular_mvn_build_deploy_analyze -P-deploy-sonarsource,-release,-sign -Dmaven.deploy.skip=true -Dsonar.analysisCache.enabled=true -Dsonar.cpd.exclusions=java-symbolic-execution/**
- cd docs/java-custom-rules-example
- mvn clean package -f pom_SQ_10_6_LATEST.xml --batch-mode
- cd "${CIRRUS_WORKING_DIR}"
- ./check-license-compliance.sh
cleanup_before_cache_script: cleanup_maven_repository
ws_scan_task:
<<: *ONLY_SONARSOURCE_QA
eks_container:
<<: *CONTAINER_DEFINITION
image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j17-latest
cpu: 4
memory: 4G
# run only on master and long-term branches
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && ($CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "mend-.*")
env:
WS_APIKEY: VAULT[development/kv/data/mend data.apikey]
maven_cache:
folder: ${CIRRUS_WORKING_DIR}/.m2/repository
whitesource_script:
- source cirrus-env QA
- source set_maven_build_version $BUILD_NUMBER
- mvn clean install --batch-mode -Dmaven.test.skip=true -pl '!java-checks-test-sources,!java-checks-test-sources/default,!java-checks-test-sources/aws,!java-checks-test-sources/spring-3.2'
- source ws_scan.sh
allow_failures: "true"
always:
ws_artifacts:
path: "whitesource/**/*"
qa_os_win_task:
ec2_instance:
image: base-windows-jdk22-v*
<<: *WINDOWS_VM_DEFINITION
maven_cache:
folder: ${CIRRUS_WORKING_DIR}/.m2/repository
build_script:
- source cirrus-env CI
- mvn.cmd clean verify
cleanup_before_cache_script: cleanup_maven_repository
plugin_qa_task:
depends_on:
- build
<<: *ONLY_SONARSOURCE_QA
eks_container:
<<: *CONTAINER_DEFINITION
image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j17-latest
cpu: 14
memory: 6G
<<: *ORCHESTRATOR_CACHE_PREPARATION_DEFINITION
matrix:
- env:
SQ_VERSION: LATEST_RELEASE[10.3]
orchestrator_LATEST_RELEASE_cache:
<<: *ORCHESTRATOR_CACHE_ELEMENTS_DEFINITION
- env:
SQ_VERSION: DEV
orchestrator_DEV_cache:
<<: *ORCHESTRATOR_CACHE_ELEMENTS_DEFINITION
maven_cache:
folder: ${CIRRUS_WORKING_DIR}/.m2/repository
submodules_script:
- git submodule update --init --recursive
qa_script:
- source cirrus-env QA
- source set_maven_build_version $BUILD_NUMBER
- cd its/plugin
- mvn package --batch-mode -Pit-plugin -Dsonar.runtimeVersion=${SQ_VERSION} -Dmaven.test.redirectTestOutputToFile=false -B -e -V -Dparallel=classes -DuseUnlimitedThreads=true
cleanup_before_cache_script: cleanup_maven_repository
sanity_task:
depends_on:
- build
<<: *ONLY_SONARSOURCE_QA
eks_container:
<<: *CONTAINER_DEFINITION
image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j22-latest
cpu: 4
memory: 4G
maven_cache:
folder: ${CIRRUS_WORKING_DIR}/.m2/repository
sanity_script:
- source cirrus-env QA
- source set_maven_build_version $BUILD_NUMBER
- cd java-checks-test-sources
- mvn clean compile --batch-mode
- cd ../
- mvn verify --batch-mode -f sonar-java-plugin/pom.xml -Psanity -Dtest=SanityTest
cleanup_before_cache_script: cleanup_maven_repository
ruling_task:
depends_on:
- build
<<: *ONLY_SONARSOURCE_QA
eks_container:
<<: *CONTAINER_DEFINITION
image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j17-latest
cpu: 14
memory: 6G
maven_cache:
folder: ${CIRRUS_WORKING_DIR}/.m2/repository
<<: *ORCHESTRATOR_CACHE_PREPARATION_DEFINITION
orchestrator_LATEST_RELEASE_cache:
<<: *ORCHESTRATOR_CACHE_ELEMENTS_DEFINITION
submodules_script:
- git submodule update --init --recursive
env:
MAVEN_OPTS: "-Xmx3g"
matrix:
- PROFILE: without-sonarqube-project
- PROFILE: only-sonarqube-project
ruling_script:
- source cirrus-env QA
- source set_maven_build_version $BUILD_NUMBER
- cd its/ruling
- mvn package --batch-mode "-Pit-ruling,$PROFILE" -Dsonar.runtimeVersion=LATEST_RELEASE[10.3] -Dmaven.test.redirectTestOutputToFile=false -B -e -V -Dparallel=methods -DuseUnlimitedThreads=true
cleanup_before_cache_script: cleanup_maven_repository
on_failure:
actual_artifacts:
path: "${CIRRUS_WORKING_DIR}/its/ruling/target/actual/**/*"
ruling_win_task:
depends_on:
- build
<<: *ONLY_SONARSOURCE_QA
ec2_instance:
image: base-windows-jdk17-v*
<<: *WINDOWS_VM_DEFINITION
maven_cache:
folder: ${CIRRUS_WORKING_DIR}/.m2/repository
<<: *ORCHESTRATOR_CACHE_PREPARATION_DEFINITION
orchestrator_LATEST_RELEASE_cache:
<<: *ORCHESTRATOR_CACHE_ELEMENTS_DEFINITION
env:
MAVEN_OPTS: "-Xmx3g"
matrix:
- PROFILE: without-sonarqube-project
- PROFILE: only-sonarqube-project
ruling_script:
- source cirrus-env QA
- source set_maven_build_version $BUILD_NUMBER
- init_git_submodules its/sources
- git submodule update --init --recursive
- cd its/ruling
- mvn package --batch-mode "-Pit-ruling,$PROFILE" -Dsonar.runtimeVersion=LATEST_RELEASE[10.3] -Dmaven.test.redirectTestOutputToFile=false -B -e -V -Dparallel=methods -DuseUnlimitedThreads=true
cleanup_before_cache_script: cleanup_maven_repository
autoscan_task:
depends_on:
- build
<<: *ONLY_SONARSOURCE_QA
eks_container:
<<: *CONTAINER_WITH_DOCKER_DEFINITION
# For now, this autoscan_task need to execute two mvn commands:
# * The build of java-checks-test-sources module which requires Java 22.
# * The tests using Orchestrator and SonarQube that, for now, fail to work using Java 22
# This is why we have a local Dockerfile that provide the 2 versions of Java, 17 and 22.
cpu: 14
memory: 6G
maven_cache:
folder: ${CIRRUS_WORKING_DIR}/.m2/repository
<<: *ORCHESTRATOR_CACHE_PREPARATION_DEFINITION
orchestrator_LATEST_RELEASE_cache:
<<: *ORCHESTRATOR_CACHE_ELEMENTS_DEFINITION
autoscan_script:
- source cirrus-env QA
- source set_maven_build_version $BUILD_NUMBER
- cd java-checks-test-sources
- JAVA_HOME="${JAVA_LATEST_HOME}" mvn clean compile test-compile --batch-mode
- cd ../its/autoscan
- mvn clean package --batch-mode --errors --show-version --activate-profiles it-autoscan -Dsonar.runtimeVersion=LATEST_RELEASE[10.3] -Dmaven.test.redirectTestOutputToFile=false -Dparallel=methods -DuseUnlimitedThreads=true
cleanup_before_cache_script: cleanup_maven_repository
on_failure:
actual_artifacts:
path: "${CIRRUS_WORKING_DIR}/its/autoscan/target/actual/**/*"
promote_task:
depends_on:
- build
- test_analyze
- qa_os_win
- sanity
- ruling
- ruling_win
- plugin_qa
- ws_scan
- autoscan
<<: *ONLY_SONARSOURCE_QA
eks_container:
<<: *CONTAINER_DEFINITION
image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j17-latest
cpu: 2
memory: 1G
env:
#promotion cloud function
ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token]
GITHUB_TOKEN: VAULT[development/github/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promotion token]
maven_cache:
folder: ${CIRRUS_WORKING_DIR}/.m2/repository
script: cirrus_promote_maven
cleanup_before_cache_script: cleanup_maven_repository
# This task can be used to debug the cache content
inspect_orchestrator_cache_task:
<<: *ONLY_SONARSOURCE_QA
depends_on: ruling # To improve cache usage we should introduce a task to warm the cache.
trigger_type: manual
eks_container:
<<: *CONTAINER_WITH_DOCKER_DEFINITION
cpu: 1
memory: 1G
<<: *ORCHESTRATOR_CACHE_PREPARATION_DEFINITION
matrix:
- orchestrator_LATEST_RELEASE_cache:
<<: *ORCHESTRATOR_CACHE_ELEMENTS_DEFINITION
- orchestrator_DEV_cache:
<<: *ORCHESTRATOR_CACHE_ELEMENTS_DEFINITION
inspect_cache_script: |
echo "Inspecting cache ${ORCHESTRATOR_HOME}..."
cd "${ORCHESTRATOR_HOME}"
ls -l
find . -ls
echo "Inspecting cache done."