-
Notifications
You must be signed in to change notification settings - Fork 85
/
Copy path.cirrus.yml
131 lines (124 loc) · 4.26 KB
/
.cirrus.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
#
# ENV VARIABLES
#
env:
### Shared variables
ARTIFACTORY_URL: VAULT[development/kv/data/repox data.url]
ARTIFACTORY_PRIVATE_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader
ARTIFACTORY_PRIVATE_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
ARTIFACTORY_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
ARTIFACTORY_DEPLOY_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer
ARTIFACTORY_DEPLOY_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token]
ARTIFACTORY_DEPLOY_REPO: sonarsource-public-qa
### Project variables
DEPLOY_PULL_REQUEST: true
#
# RE-USABLE CONFIGS
#
container_definition: &CONTAINER_DEFINITION
image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j21-latest
cluster_name: ${CIRRUS_CLUSTER_NAME}
region: eu-central-1
namespace: default
only_sonarsource_qa: &ONLY_SONARSOURCE_QA
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_PR != "" || $CIRRUS_BRANCH == $CIRRUS_DEFAULT_BRANCH || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BUILD_SOURCE == 'api' )
#
# TASKS
#
build_task:
<<: *ONLY_SONARSOURCE_QA
eks_container:
<<: *CONTAINER_DEFINITION
cpu: 2
memory: 2G
env:
SONAR_TOKEN: VAULT[development/kv/data/next data.token]
SONAR_HOST_URL: https://next.sonarqube.com/sonarqube
SIGN_KEY: VAULT[development/kv/data/sign data.key]
PGP_PASSPHRASE: VAULT[development/kv/data/sign data.passphrase]
# Fetch all commit history so that Sonar has exact blame information for issue auto-assignment
CIRRUS_CLONE_DEPTH: "0"
maven_cache:
folder: ${CIRRUS_WORKING_DIR}/.m2/repository
script:
- source cirrus-env BUILD
- regular_mvn_build_deploy_analyze
cleanup_before_cache_script:
- cleanup_maven_repository
on_failure:
junit_result_artifacts:
path: "**/target/surefire-reports/**.xml"
format: junit
type: text/xml
mend_scan_task:
depends_on:
- build
eks_container:
<<: *CONTAINER_DEFINITION
cpu: 2
memory: 2G
# run only on master and long-term branches
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_BRANCH == $CIRRUS_DEFAULT_BRANCH || $CIRRUS_BRANCH =~ "branch-.*")
env:
WS_APIKEY: VAULT[development/kv/data/mend data.apikey]
maven_cache:
folder: ${CIRRUS_WORKING_DIR}/.m2/repository
whitesource_script:
- source cirrus-env QA
- source set_maven_build_version $BUILD_NUMBER
- mvn clean install -DskipTests --batch-mode
- source ws_scan.sh
cleanup_before_cache_script: cleanup_maven_repository
allow_failures: "true"
always:
ws_artifacts:
path: "whitesource/**/*"
qa_task:
depends_on:
- build
<<: *ONLY_SONARSOURCE_QA
eks_container:
<<: *CONTAINER_DEFINITION
image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j17-latest
cpu: 2
memory: 4G
env:
matrix:
- SQ_VERSION: LATEST_RELEASE
- SQ_VERSION: LATEST_RELEASE[9.9]
JAVA_VERSION:
- LATEST_RELEASE
GITHUB_TOKEN: VAULT[development/github/token/licenses-ro token]
maven_cache:
folder: ${CIRRUS_WORKING_DIR}/.m2/repository
qa_script:
- source cirrus-env QA
- source set_maven_build_version $BUILD_NUMBER
- cd its
- mvn -B -e verify -Prun-its -Dsonar.runtimeVersion=$SQ_VERSION -DjavaVersion=$JAVA_VERSION
cleanup_before_cache_script:
- cleanup_maven_repository
on_failure:
server_logs_artifacts:
path: "**/target/**/logs/**.log"
junit_result_artifacts:
path: "**/target/surefire-reports/**.xml"
format: junit
type: text/xml
promote_task:
depends_on:
- qa
<<: *ONLY_SONARSOURCE_QA
eks_container:
<<: *CONTAINER_DEFINITION
cpu: 0.5
memory: 500M
env:
GITHUB_TOKEN: VAULT[development/github/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promotion token]
ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token]
maven_cache:
folder: $CIRRUS_WORKING_DIR/.m2/repository
script:
- cirrus_promote_maven
cleanup_before_cache_script:
- cleanup_maven_repository