From 5a43cfb0cbf3eb8d7db085e08abed4f2e66f165a Mon Sep 17 00:00:00 2001 From: Connel McGovern <100574906+mcgovc@users.noreply.github.com> Date: Tue, 14 Mar 2023 16:44:18 +0000 Subject: [PATCH 1/4] INFRA-1955: Remove duplicate 'Snyk Security' stage (#7310) --- .ci/dev/regression/Jenkinsfile | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/.ci/dev/regression/Jenkinsfile b/.ci/dev/regression/Jenkinsfile index 42137c43bc..a301041e42 100644 --- a/.ci/dev/regression/Jenkinsfile +++ b/.ci/dev/regression/Jenkinsfile @@ -113,21 +113,6 @@ pipeline { } } - stage('Snyk Security') { - when { - expression { isReleaseTag || isReleaseCandidate || isReleaseBranch } - } - steps { - script { - // Invoke Snyk for each Gradle sub project we wish to scan - def modulesToScan = ['node', 'capsule', 'bridge', 'bridgecapsule'] - modulesToScan.each { module -> - snykSecurityScan("${env.SNYK_API_KEY}", "--sub-project=$module --configuration-matching='^runtimeClasspath\$' --prune-repeated-subdependencies --debug --target-reference='${env.BRANCH_NAME}' --project-tags=Branch='${env.BRANCH_NAME.replaceAll("[^0-9|a-z|A-Z]+","_")}'") - } - } - } - } - stage('All Tests') { when { expression { params.DO_TEST } From e70505afca2fb6e720a03bc564cb313729d860ec Mon Sep 17 00:00:00 2001 From: Connel McGovern <100574906+mcgovc@users.noreply.github.com> Date: Wed, 15 Mar 2023 09:53:13 +0000 Subject: [PATCH 2/4] INFRA-1955: Shared lib implicit import syntax --- .ci/dev/nightly-regression/JenkinsfileSnykScan | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/dev/nightly-regression/JenkinsfileSnykScan b/.ci/dev/nightly-regression/JenkinsfileSnykScan index 2a2a4788b5..564bb516a9 100644 --- a/.ci/dev/nightly-regression/JenkinsfileSnykScan +++ b/.ci/dev/nightly-regression/JenkinsfileSnykScan @@ -1,4 +1,4 @@ -@Library('corda-shared-build-pipeline-steps') +@Library('corda-shared-build-pipeline-steps') _ cordaSnykScanPipeline ( snykTokenId: 'c4-os-snyk-api-token-secret', From 6e56dffba89a57614b36525eb8dfca4c7991c858 Mon Sep 17 00:00:00 2001 From: Connel McGovern <100574906+mcgovc@users.noreply.github.com> Date: Wed, 15 Mar 2023 14:49:10 +0000 Subject: [PATCH 3/4] INFRA-1955: Shared lib implicit import syntax (#7313) --- .ci/dev/nightly-regression/JenkinsfileSnykScan | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/dev/nightly-regression/JenkinsfileSnykScan b/.ci/dev/nightly-regression/JenkinsfileSnykScan index 2a2a4788b5..564bb516a9 100644 --- a/.ci/dev/nightly-regression/JenkinsfileSnykScan +++ b/.ci/dev/nightly-regression/JenkinsfileSnykScan @@ -1,4 +1,4 @@ -@Library('corda-shared-build-pipeline-steps') +@Library('corda-shared-build-pipeline-steps') _ cordaSnykScanPipeline ( snykTokenId: 'c4-os-snyk-api-token-secret', From 2e9f62f4dadb081b803877fba75c1e4c4ec9d9b5 Mon Sep 17 00:00:00 2001 From: Ronan Browne Date: Sun, 16 Apr 2023 18:19:43 +0100 Subject: [PATCH 4/4] INFRA-2040: remove lingering nexus code (#7330) --- .ci/dev/compatibility/JenkinsfileJDK11Azul | 53 ----------------- .ci/dev/publish-branch/Jenkinsfile.nightly | 67 ---------------------- 2 files changed, 120 deletions(-) diff --git a/.ci/dev/compatibility/JenkinsfileJDK11Azul b/.ci/dev/compatibility/JenkinsfileJDK11Azul index c2216d8a51..b0e63b45d8 100644 --- a/.ci/dev/compatibility/JenkinsfileJDK11Azul +++ b/.ci/dev/compatibility/JenkinsfileJDK11Azul @@ -19,34 +19,6 @@ killAllExistingBuildsForJob(env.JOB_NAME, env.BUILD_NUMBER.toInteger()) */ boolean isReleaseTag = (env.TAG_NAME =~ /^release.*JDK11$/) -/* -** calculate the stage for NexusIQ evaluation -** * build for snapshots -** * stage-release: for release candidates and for health checks -** * release: for GA release -*/ -def nexusDefaultIqStage = "build" -if (isReleaseTag) { - switch (env.TAG_NAME) { - case ~/.*-RC\d+(-.*)?/: nexusDefaultIqStage = "stage-release"; break; - case ~/.*-HC\d+(-.*)?/: nexusDefaultIqStage = "stage-release"; break; - default: nexusDefaultIqStage = "release" - } -} - -/** - * make sure calculated default value of NexusIQ stage is first in the list - * thus making it default for the `choice` parameter - */ -def nexusIqStageChoices = [nexusDefaultIqStage].plus( - [ - 'develop', - 'build', - 'stage-release', - 'release', - 'operate' - ].minus([nexusDefaultIqStage])) - /** * Common Gradle arguments for all Gradle executions */ @@ -84,10 +56,6 @@ pipeline { timestamps() } - parameters { - choice choices: nexusIqStageChoices, description: 'NexusIQ stage for code evaluation', name: 'nexusIqStage' - } - /* * List environment variables in alphabetical order */ @@ -118,27 +86,6 @@ pipeline { } } - stage('Sonatype Check') { - steps { - dir(sameAgentFolder) { - script { - sh "./gradlew --no-daemon properties | grep -E '^(version|group):' >version-properties" - /* every build related to Corda X.Y (GA, RC, HC, patch or snapshot) uses the same NexusIQ application */ - def version = sh(returnStdout: true, script: "grep ^version: version-properties | sed -e 's/^version: \\([0-9]\\+\\(\\.[0-9]\\+\\)\\+\\).*\$/\\1/'").trim() - def groupId = sh(returnStdout: true, script: "grep ^group: version-properties | sed -e 's/^group: //'").trim() - def artifactId = 'corda' - nexusAppId = "${groupId}-${artifactId}-${version}" - } - nexusPolicyEvaluation( - failBuildOnNetworkError: false, - iqApplication: selectedApplication(nexusAppId), // application *has* to exist before a build starts! - iqScanPatterns: [[scanPattern: 'node/capsule/build/libs/corda*.jar']], - iqStage: params.nexusIqStage - ) - } - } - } - stage('All Tests') { parallel { stage('Another agent') { diff --git a/.ci/dev/publish-branch/Jenkinsfile.nightly b/.ci/dev/publish-branch/Jenkinsfile.nightly index 0f38bf9cca..8c1f1ff637 100644 --- a/.ci/dev/publish-branch/Jenkinsfile.nightly +++ b/.ci/dev/publish-branch/Jenkinsfile.nightly @@ -14,37 +14,6 @@ import static com.r3.build.BuildControl.killAllExistingBuildsForJob killAllExistingBuildsForJob(env.JOB_NAME, env.BUILD_NUMBER.toInteger()) -/* -** calculate the stage for NexusIQ evaluation -** * build for snapshots -*/ -def nexusDefaultIqStage = "build" - -/** - * make sure calculated default value of NexusIQ stage is first in the list - * thus making it default for the `choice` parameter - */ -def nexusIqStageChoices = [nexusDefaultIqStage].plus( - [ - 'develop', - 'build', - 'stage-release', - 'release', - 'operate' - ].minus([nexusDefaultIqStage])) - -/** - * define an empty teamsWebHookURL and if it is a Release Branch - * then set it for the Corda 4 Jenkins Connector - */ -boolean isReleaseBranch = (env.BRANCH_NAME =~ /^release\/os\/.*/) -def teamsWebHookURL = "" -if (isReleaseBranch){ - withCredentials([string(credentialsId: 'ms-teams-webhook', variable: 'webhook_url')]) { - teamsWebHookURL = "$webhook_url" - } -} - pipeline { agent { label 'standard' } @@ -54,22 +23,6 @@ pipeline { overrideIndexTriggers(false) timeout(time: 3, unit: 'HOURS') buildDiscarder(logRotator(daysToKeepStr: '14', artifactDaysToKeepStr: '14')) - office365ConnectorWebhooks([[ - name : "Corda 4 Jenkins Connector", - notifyBackToNormal : true, - startNotification : false, - notifyFailure : true, - notifySuccess : true, - notifyNotBuilt : false, - notifyAborted : false, - notifyRepeatedFailure: true, - notifyUnstable : true, - url : "${teamsWebHookURL}" - ]]) - } - - parameters { - choice choices: nexusIqStageChoices, description: 'NexusIQ stage for code evaluation', name: 'nexusIqStage' } triggers { @@ -85,26 +38,6 @@ pipeline { } stages { - stage('Sonatype Check') { - steps { - sh "./gradlew --no-daemon clean jar" - script { - sh "./gradlew --no-daemon properties | grep -E '^(version|group):' >version-properties" - /* every build related to Corda X.Y (GA, RC, HC, patch or snapshot) uses the same NexusIQ application */ - def version = sh (returnStdout: true, script: "grep ^version: version-properties | sed -e 's/^version: \\([0-9]\\+\\(\\.[0-9]\\+\\)\\+\\).*\$/\\1/'").trim() - def groupId = sh (returnStdout: true, script: "grep ^group: version-properties | sed -e 's/^group: //'").trim() - def artifactId = 'corda' - nexusAppId = "${groupId}-${artifactId}-${version}" - } - nexusPolicyEvaluation ( - failBuildOnNetworkError: false, - iqApplication: selectedApplication(nexusAppId), // application *has* to exist before a build starts! - iqScanPatterns: [[scanPattern: 'node/capsule/build/libs/corda*.jar']], - iqStage: params.nexusIqStage - ) - } - } - stage('Publish to Artifactory') { steps { rtServer (