-
Notifications
You must be signed in to change notification settings - Fork 2
/
.cirrus.yaml
246 lines (227 loc) · 9.2 KB
/
.cirrus.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
env:
ARTIFACTORY_URL: VAULT[development/kv/data/repox data.url]
ARTIFACTORY_PRIVATE_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader
ARTIFACTORY_PRIVATE_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
ARTIFACTORY_DEPLOY_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer
ARTIFACTORY_DEPLOY_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token]
ARTIFACTORY_DEPLOY_REPO: sonarsource-public-qa
ARTIFACTORY_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
# Use bash (instead of sh on linux or cmd.exe on windows)
CIRRUS_SHELL: bash
# Allows to run builds for the 50 last commits in a branch:
CIRRUS_CLONE_DEPTH: 50
SIGN_KEY: VAULT[development/kv/data/sign data.key]
PGP_PASSPHRASE: VAULT[development/kv/data/sign data.passphrase]
# analysis on next
SONAR_TOKEN: VAULT[development/kv/data/next data.token]
SONAR_HOST_URL: https://next.sonarqube.com/sonarqube
SONARSOURCE_SNK: VAULT[development/team/languages/kv/data/strong_named_key data.SonarSourceSecret_snk]
SONARSOURCE_SNK_PATH: ${CIRRUS_WORKING_DIR}/SonarSource.snk
SLACK_TOKEN: VAULT[development/kv/data/slack data.token]
SLACK_CHANNEL: squad-ide-intellij-family-bots
only_sonarsource_qa: &ONLY_SONARSOURCE_QA
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_PR != "" || $CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "dogfood-on-.*")
container_definition: &CONTAINER_DEFINITION
cluster_name: ${CIRRUS_CLUSTER_NAME}
region: eu-central-1
dockerfile: .cirrus/Dockerfile
builder_role: cirrus-builder
builder_image: docker-builder-v*
builder_instance_type: t3.small
docker_arguments:
CIRRUS_AWS_ACCOUNT: ${CIRRUS_AWS_ACCOUNT}
maven_cache_definition: &MAVEN_CACHE_DEFINITION
folder: ${CIRRUS_WORKING_DIR}/.m2/repository
fingerprint_script:
- cat pom.xml omnisharp-plugin/pom.xml its/pom.xml
ec2_instance_definition: &INSTANCE_DEFINITION
region: eu-central-1
type: c6i.xlarge
image: sonarlint-visualstudio-v*
platform: windows
notify_slack_on_failure: &NOTIFY_SLACK_ON_FAILURE
on_failure:
slack_notification_script: |
source slack-failure-notification
get_jarcontentfiles_definition: &GET_JARCONTENTFILES |
curl -O "https://api.cirrus-ci.com/v1/artifact/build/${CIRRUS_BUILD_ID}/build_dotnet/jarcontentfiles.zip"
unzip jarcontentfiles.zip
qa_script_definition: &QA_SCRIPT |
source cirrus-env QA
source set_maven_build_version ${BUILD_NUMBER}
mvn -B -e -V -f its/pom.xml verify -DskipTests=false -Pdownload-staged-artifact
compute_project_version_script_definition: &COMPUTE_PROJECT_VERSION_SCRIPT_DEFINITION |
source cirrus-env BUILD
# Read the version from the root pom
sonarProjectVersion=$(maven_expression "project.version" | sed 's/-SNAPSHOT//')
echo "Sonar project version is '${sonarProjectVersion}'"
# Set the variable so it can be used by other tasks
echo "SONAR_PROJECT_VERSION=${sonarProjectVersion}" >> $CIRRUS_ENV
dotnet_cache_definition: &DOTNET_CACHE_DEFINITION
folders:
- omnisharp-dotnet/src/Services.UnitTests
- omnisharp-dotnet/src/Services
fingerprint_key: ${CI_BUILD_NUMBER}
build_dotnet_task:
<<: *ONLY_SONARSOURCE_QA
eks_container:
<<: *CONTAINER_DEFINITION
cpu: 4
memory: 2G
env:
ARTIFACTORY_USER: ${ARTIFACTORY_PRIVATE_USERNAME}
ARTIFACTORY_PASSWORD: ${ARTIFACTORY_PRIVATE_PASSWORD}
PATH: ${PATH}:${HOME}/.dotnet/tools
SOLUTION_PATH: omnisharp-dotnet/SonarLint.OmniSharp.DotNet.Services.sln
dotnet_cache: *DOTNET_CACHE_DEFINITION
compute_project_version_script: *COMPUTE_PROJECT_VERSION_SCRIPT_DEFINITION
dotnet_restore_script: |
# Restore the .NET project using Repox as source feed
dotnet restore "${SOLUTION_PATH}" \
--locked-mode \
--configfile omnisharp-dotnet/nuget.config
prepare_sonarqube_analysis_script: |
dotnet sonarscanner begin \
-d:sonar.token=${SONAR_TOKEN} \
-d:sonar.host.url=${SONAR_HOST_URL} \
-d:sonar.projectBaseDir="${CIRRUS_WORKING_DIR}/omnisharp-dotnet/src" \
-d:sonar.scanner.javaExePath=/opt/java/openjdk/bin/java \
-k:"sonarlint-omnisharp-dotnet" \
-v:${SONAR_PROJECT_VERSION} \
-d:sonar.cs.opencover.reportsPaths="${CIRRUS_WORKING_DIR}/**/TestResults/coverage.**.xml"
download_omnisharp_script: |
# Get OmniSharp fork from Repox
mvn generate-resources -B -Denable-repo=qa -DskipIts -Pdownload-omnisharp-for-building
restore_snk_script: |
# Restore SNK file from Vault
echo "${SONARSOURCE_SNK}" | base64 -d > "${SONARSOURCE_SNK_PATH}"
build_dotnet_script: |
# Build and run .NET unit tests
dotnet test "${SOLUTION_PATH}" \
-c Release \
-p:SignAssembly=true -p:AssemblyOriginatorKeyFile="${SONARSOURCE_SNK_PATH}" \
-p:CollectCoverage=true -p:CoverletOutput=TestResults/ -p:CoverletOutputFormat=opencover \
--no-restore
sonarqube_analysis_script: |
dotnet sonarscanner end \
-d:sonar.token=${SONAR_TOKEN}
jarcontentfiles_artifacts:
path: ${CIRRUS_WORKING_DIR}/omnisharp-dotnet/JarContentFiles/SonarLint.OmniSharp.DotNet.Services.dll
<<: *NOTIFY_SLACK_ON_FAILURE
build_maven_task:
depends_on:
- build_dotnet
<<: *ONLY_SONARSOURCE_QA
eks_container:
<<: *CONTAINER_DEFINITION
cpu: 4
memory: 1G
get_jarcontentfiles_script: *GET_JARCONTENTFILES
env:
DEPLOY_PULL_REQUEST: true
maven_cache: *MAVEN_CACHE_DEFINITION
build_script: |
source cirrus-env QA
regular_mvn_build_deploy_analyze -Dmaven.test.skip=true -Dsonar.skip=true -DskipIts
cleanup_before_cache_script: cleanup_maven_repository
<<: *NOTIFY_SLACK_ON_FAILURE
qa_linux_task:
depends_on:
- build_maven
<<: *ONLY_SONARSOURCE_QA
eks_container:
<<: *CONTAINER_DEFINITION
maven_cache: *MAVEN_CACHE_DEFINITION
qa_script: *QA_SCRIPT
always:
# Publish test results regardless of status
qa_linux_results_artifacts:
path: '**/surefire-reports/TEST-*.xml'
cleanup_before_cache_script: cleanup_maven_repository
<<: *NOTIFY_SLACK_ON_FAILURE
qa_windows_task:
depends_on:
- build_maven
<<: *ONLY_SONARSOURCE_QA
ec2_instance:
<<: *INSTANCE_DEFINITION
maven_cache: *MAVEN_CACHE_DEFINITION
qa_script: *QA_SCRIPT
always:
# Publish test results regardless of status
qa_windows_results_artifacts:
path: '**/surefire-reports/TEST-*.xml'
cleanup_before_cache_script: cleanup_maven_repository
<<: *NOTIFY_SLACK_ON_FAILURE
validate_windows_task:
depends_on:
- build_dotnet
<<: *ONLY_SONARSOURCE_QA
ec2_instance:
<<: *INSTANCE_DEFINITION
get_jarcontentfiles_script: *GET_JARCONTENTFILES
validate_script:
- source cirrus-env QA
- regular_mvn_build_deploy_analyze -Dsonar.skip=true -DskipIts -Dmaven.deploy.skip=true -P-deploy-sonarsource,-release,-sign
cleanup_before_cache_script: cleanup_maven_repository
<<: *NOTIFY_SLACK_ON_FAILURE
validate_linux_task:
depends_on:
- build_dotnet
<<: *ONLY_SONARSOURCE_QA
maven_cache: *MAVEN_CACHE_DEFINITION
eks_container:
<<: *CONTAINER_DEFINITION
get_jarcontentfiles_script: *GET_JARCONTENTFILES
validate_script:
- source cirrus-env QA
- regular_mvn_build_deploy_analyze -DskipIts -Dmaven.deploy.skip=true -P-deploy-sonarsource,-release,-sign -Dsonar.analysisCache.enabled=true
cleanup_before_cache_script: cleanup_maven_repository
<<: *NOTIFY_SLACK_ON_FAILURE
mend_scan_task:
eks_container:
<<: *CONTAINER_DEFINITION
cpu: 3
memory: 1G
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && ($CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "mend-.*")
depends_on:
- build_dotnet
- build_maven
env:
WS_APIKEY: VAULT[development/kv/data/mend data.apikey]
dotnet_cache: *DOTNET_CACHE_DEFINITION
maven_cache: *MAVEN_CACHE_DEFINITION
compute_project_version_script: *COMPUTE_PROJECT_VERSION_SCRIPT_DEFINITION
mend_scan_dotnet_script: |
source cirrus-env QA
export WS_PRODUCTNAME="SonarLint/OmniSharp"
export WS_PROJECTNAME="${CIRRUS_REPO_FULL_NAME}/dotnet ${SONAR_PROJECT_VERSION}"
export WS_PROJECTVERSION=${SONAR_PROJECT_VERSION}
ws_scan.sh -c ${CIRRUS_WORKING_DIR}/omnisharp-dotnet/build/whitesource/wss-unified-agent.config
mend_scan_maven_script: |
source cirrus-env QA
export WS_PRODUCTNAME="SonarLint/OmniSharp"
export WS_PROJECTNAME="${CIRRUS_REPO_FULL_NAME} ${SONAR_PROJECT_VERSION}"
export WS_PROJECTVERSION=${SONAR_PROJECT_VERSION}
ws_scan.sh
allow_failures: true
always:
ws_artifacts:
path: "whitesource/**/*"
promote_task:
depends_on:
- build_maven
- validate_linux
- validate_windows
- qa_linux
- qa_windows
<<: *ONLY_SONARSOURCE_QA
eks_container:
<<: *CONTAINER_DEFINITION
<<: *MAVEN_CACHE_DEFINITION
env:
ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token]
GITHUB_TOKEN: VAULT[development/github/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promotion token]
promote_script: cirrus_promote_maven
cleanup_before_cache_script: cleanup_maven_repository
<<: *NOTIFY_SLACK_ON_FAILURE