-
Notifications
You must be signed in to change notification settings - Fork 2
/
.cirrus.yml
188 lines (164 loc) · 6.08 KB
/
.cirrus.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
env:
CIRRUS_CLONE_DEPTH: "20"
CIRRUS_SHELL: bash
ARTIFACTORY_URL: VAULT[development/kv/data/repox data.url]
ARTIFACTORY_PRIVATE_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader
ARTIFACTORY_PRIVATE_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
ARTIFACTORY_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
# Deploy public artifact to artifactory
ARTIFACTORY_DEPLOY_USERNAME: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer username]
ARTIFACTORY_DEPLOY_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token]
ARTIFACTORY_DEPLOY_REPO: sonarsource-public-qa
GRADLE_USER_HOME: ${CIRRUS_WORKING_DIR}/.gradle
DEVELOCITY_TOKEN: VAULT[development/kv/data/develocity data.token]
DEVELOCITY_ACCESS_KEY: develocity.sonar.build=${DEVELOCITY_TOKEN}
linux_image_template: &LINUX_IMAGE
image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j17-g7-latest
cluster_name: ${CIRRUS_CLUSTER_NAME}
region: eu-central-1
namespace: default
use_in_memory_disk: true
linux_2_cpu_4G_template: &LINUX_2_CPU_4G
eks_container:
<<: *LINUX_IMAGE
cpu: 2
memory: 4G
linux_4_cpu_container_template: &LINUX_4_CPU
<<: *LINUX_IMAGE
image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j17-g7-latest
cpu: 4
linux_4_cpu_6G__template: &LINUX_4_CPU_6G
eks_container:
<<: *LINUX_4_CPU
memory: 6G
linux_4_cpu_8G_template: &LINUX_4_CPU_8G
eks_container:
<<: *LINUX_4_CPU
memory: 8G
eks_container: &CONTAINER_DEFINITION
image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j17-g7-latest
cluster_name: ${CIRRUS_CLUSTER_NAME}
region: eu-central-1
namespace: default
## Build tasks
on_failure_template: &ON_FAILURE
on_failure:
junit_artifacts:
path: '**/test-results/**/*.xml'
format: junit
reports_artifacts:
path: '**/build/reports/**/*'
error_log_artifacts:
path: "hs_err_pid*.log"
heap_dump_artifacts:
path: "*.hprof"
setup_gradle_cache_template: &SETUP_GRADLE_CACHE
gradle_cache:
folder: .gradle/caches
reupload_on_changes: "true"
populate_script: mkdir -p "${GRADLE_USER_HOME}"
cleanup_gradle_cache_script_template: &CLEANUP_GRADLE_CACHE_SCRIPT
cleanup_gradle_script:
- rm -rf "${GRADLE_USER_HOME}/caches/journal-1/"
- find ${GRADLE_USER_HOME}/caches/ -name "*.lock" -type f -delete || true
build_task:
<<: *LINUX_4_CPU_6G
<<: *SETUP_GRADLE_CACHE
env:
SONAR_TOKEN: VAULT[development/kv/data/next data.token]
SONAR_HOST_URL: VAULT[development/kv/data/next data.url]
DEPLOY_PULL_REQUEST: "true"
ORG_GRADLE_PROJECT_signingKey: VAULT[development/kv/data/sign data.key]
ORG_GRADLE_PROJECT_signingPassword: VAULT[development/kv/data/sign data.passphrase]
ORG_GRADLE_PROJECT_signingKeyId: VAULT[development/kv/data/sign data.key_id]
build_script:
- git submodule update --init --depth 1 -- build-logic
- source cirrus-env BUILD
- source .cirrus/use-gradle-wrapper.sh
- regular_gradle_build_deploy_analyze
<<: *ON_FAILURE
<<: *CLEANUP_GRADLE_CACHE_SCRIPT
### QA tasks
only_if_sonarsource_qa_template: &ONLY_IF_SONARSOURCE_QA
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_PR != "" || $CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "dogfood-on-.*")
qa_task_filter_template: &QA_TASK_FILTER
depends_on:
- build
<<: *ONLY_IF_SONARSOURCE_QA
gradle_its_template: &GRADLE_ITS_TEMPLATE
<<: *SETUP_GRADLE_CACHE
run_its_script:
- git submodule update --init --depth 1
- source cirrus-env QA
- ./gradlew "${GRADLE_TASK}"
"-Dsonar.runtimeVersion=${SQ_VERSION}"
"-Dorchestrator.artifactory.accessToken=${ARTIFACTORY_ACCESS_TOKEN}"
"-DbuildNumber=$BUILD_NUMBER"
--info --stacktrace --console plain --no-daemon --build-cache
<<: *CLEANUP_GRADLE_CACHE_SCRIPT
qa_plugin_task:
<<: *QA_TASK_FILTER
env:
ITS_PROJECT: "plugin"
GRADLE_TASK: ":its:plugin:integrationTest"
KEEP_ORCHESTRATOR_RUNNING: "true"
matrix:
- SQ_VERSION: "DEV"
- SQ_VERSION: "LATEST_RELEASE"
<<: *LINUX_4_CPU_8G
<<: *GRADLE_ITS_TEMPLATE
<<: *ON_FAILURE
qa_ruling_task:
<<: *QA_TASK_FILTER
env:
SQ_VERSION: "LATEST_RELEASE"
GRADLE_TASK: ":its:ruling:integrationTest"
ITS_PROJECT: "ruling"
KEEP_ORCHESTRATOR_RUNNING: "true"
<<: *LINUX_4_CPU_8G
<<: *GRADLE_ITS_TEMPLATE
<<: *ON_FAILURE
### Mend tasks
ws_scan_task:
<<: *LINUX_2_CPU_4G
<<: *SETUP_GRADLE_CACHE
depends_on:
- build
# run only on master, long-term branches and mend-related branches
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && ($CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "mend-.*")
env:
WS_APIKEY: VAULT[development/kv/data/mend data.apikey]
GOPATH: ${HOME}/go
go_cache:
folder: ${HOME}/go
maven_cache:
folder: ${CIRRUS_WORKING_DIR}/.m2/repository
whitesource_script:
- git submodule update --init --depth 1 -- build-logic
- source cirrus-env QA
- ./gradlew --no-daemon --console plain clean
- ./gradlew --no-daemon --info --stacktrace --console plain --no-daemon build -x test
- source export_ws_variables_from_gradle
- source ws_scan.sh
allow_failures: "true"
always:
ws_artifacts:
path: "whitesource/**/*"
### Promote tasks
promote_task:
depends_on:
- build
- qa_plugin
- qa_ruling
<<: *ONLY_IF_SONARSOURCE_QA
eks_container:
<<: *CONTAINER_DEFINITION
cpu: 2
memory: 2G
env:
ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token]
GITHUB_TOKEN: VAULT[development/github/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promotion token]
promote_script:
- git submodule update --init --depth 1 -- build-logic
- function gradle(){ ./gradlew "$@"; }; export -f gradle
- cirrus_promote_gradle multi